1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.sun.org.apache.xerces.internal.utils; 27 28 import com.sun.org.apache.xerces.internal.impl.Constants; 29 import javax.xml.XMLConstants; 30 31 /** 32 * This class manages security related properties 33 * 34 */ 35 public final class XMLSecurityPropertyManager { 36 37 /** 38 * States of the settings of a property, in the order: default value, value 39 * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system 40 * properties, and jaxp api properties 41 */ 42 public static enum State { 43 //this order reflects the overriding order 44 DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY 45 } 46 47 /** 48 * Limits managed by the security manager 49 */ 50 public static enum Property { 51 ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD, 52 Constants.EXTERNAL_ACCESS_DEFAULT), 53 ACCESS_EXTERNAL_SCHEMA(XMLConstants.ACCESS_EXTERNAL_SCHEMA, 54 Constants.EXTERNAL_ACCESS_DEFAULT); 55 56 final String name; 57 final String defaultValue; 58 59 Property(String name, String value) { 60 this.name = name; 61 this.defaultValue = value; 62 } 63 64 public boolean equalsName(String propertyName) { 65 return (propertyName == null) ? false : name.equals(propertyName); 66 } 67 68 String defaultValue() { 69 return defaultValue; 70 } 71 } 72 73 /** 74 * Values of the properties as defined in enum Properties 75 */ 76 private final String[] values; 77 /** 78 * States of the settings for each property in Properties above 79 */ 80 private State[] states = {State.DEFAULT, State.DEFAULT}; 81 82 /** 83 * Default constructor. Establishes default values 84 */ 85 public XMLSecurityPropertyManager() { 86 values = new String[Property.values().length]; 87 for (Property property : Property.values()) { 88 values[property.ordinal()] = property.defaultValue(); 89 } 90 //read system properties or jaxp.properties 91 readSystemProperties(); 92 } 93 94 95 /** 96 * Set limit by property name and state 97 * @param propertyName property name 98 * @param state the state of the property 99 * @param value the value of the property 100 * @return true if the property is managed by the security property manager; 101 * false if otherwise. 102 */ 103 public boolean setValue(String propertyName, State state, Object value) { 104 int index = getIndex(propertyName); 105 if (index > -1) { 106 setValue(index, state, (String)value); 107 return true; 108 } 109 return false; 110 } 111 112 /** 113 * Set the value for a specific property. 114 * 115 * @param property the property 116 * @param state the state of the property 117 * @param value the value of the property 118 */ 119 public void setValue(Property property, State state, String value) { 120 //only update if it shall override 121 if (state.compareTo(states[property.ordinal()]) >= 0) { 122 values[property.ordinal()] = value; 123 states[property.ordinal()] = state; 124 } 125 } 126 127 /** 128 * Set the value of a property by its index 129 * @param index the index of the property 130 * @param state the state of the property 131 * @param value the value of the property 132 */ 133 public void setValue(int index, State state, String value) { 134 //only update if it shall override 135 if (state.compareTo(states[index]) >= 0) { 136 values[index] = value; 137 states[index] = state; 138 } 139 } 140 141 142 /** 143 * Return the value of the specified property 144 * 145 * @param propertyName the property name 146 * @return the value of the property as a string 147 */ 148 public String getValue(String propertyName) { 149 int index = getIndex(propertyName); 150 if (index > -1) { 151 return getValueByIndex(index); 152 } 153 154 return null; 155 } 156 157 /** 158 * Return the value of the specified property 159 * 160 * @param property the property 161 * @return the value of the property 162 */ 163 public String getValue(Property property) { 164 return values[property.ordinal()]; 165 } 166 167 /** 168 * Return the value of a property by its ordinal 169 * @param index the index of a property 170 * @return value of a property 171 */ 172 public String getValueByIndex(int index) { 173 return values[index]; 174 } 175 176 /** 177 * Get the index by property name 178 * @param propertyName property name 179 * @return the index of the property if found; return -1 if not 180 */ 181 public int getIndex(String propertyName){ 182 for (Property property : Property.values()) { 183 if (property.equalsName(propertyName)) { 184 //internally, ordinal is used as index 185 return property.ordinal(); 186 } 187 } 188 return -1; 189 } 190 191 /** 192 * Read from system properties, or those in jaxp.properties 193 */ 194 private void readSystemProperties() { 195 getSystemProperty(Property.ACCESS_EXTERNAL_DTD, 196 Constants.SP_ACCESS_EXTERNAL_DTD); 197 getSystemProperty(Property.ACCESS_EXTERNAL_SCHEMA, 198 Constants.SP_ACCESS_EXTERNAL_SCHEMA); 199 } 200 201 /** 202 * Read from system properties, or those in jaxp.properties 203 * 204 * @param property the property 205 * @param systemProperty the name of the system property 206 */ 207 private void getSystemProperty(Property property, String systemProperty) { 208 try { 209 String value = SecuritySupport.getSystemProperty(systemProperty); 210 if (value != null) { 211 values[property.ordinal()] = value; 212 states[property.ordinal()] = State.SYSTEMPROPERTY; 213 return; 214 } 215 216 value = SecuritySupport.readJAXPProperty(systemProperty); 217 if (value != null) { 218 values[property.ordinal()] = value; 219 states[property.ordinal()] = State.JAXPDOTPROPERTIES; 220 } 221 } catch (NumberFormatException e) { 222 //invalid setting ignored 223 } 224 } 225 }