1 /*
2 * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.util.Map;
29 import java.util.Objects;
30 import java.util.concurrent.ConcurrentHashMap;
31 import java.util.function.Function;
32
33 import sun.security.util.Debug;
34
35 /**
36 * This class extends ClassLoader with additional support for defining
37 * classes with an associated code source and permissions which are
38 * retrieved by the system policy by default.
39 *
40 * @author Li Gong
41 * @author Roland Schemers
42 */
43 public class SecureClassLoader extends ClassLoader {
44 /*
45 * If initialization succeed this is set to true and security checks will
46 * succeed. Otherwise the object is not initialized and the object is
47 * useless.
48 */
49 private final boolean initialized;
50
51 /*
52 * Map that maps the CodeSource to a ProtectionDomain. The key is a
53 * CodeSourceKey class that uses a String instead of a URL to avoid
54 * potential expensive name service lookups. This does mean that URLs that
55 * are equivalent after nameservice lookup will be placed in separate
56 * ProtectionDomains; however during policy enforcement these URLs will be
57 * canonicalized and resolved resulting in a consistent set of granted
58 * permissions.
59 */
60 private final Map<CodeSourceKey, ProtectionDomain> pdcache
61 = new ConcurrentHashMap<>(11);
62
63 static {
64 ClassLoader.registerAsParallelCapable();
65 }
66
67 /**
68 * Creates a new SecureClassLoader using the specified parent
69 * class loader for delegation.
70 *
71 * <p>If there is a security manager, this method first
72 * calls the security manager's {@code checkCreateClassLoader}
73 * method to ensure creation of a class loader is allowed.
74 *
75 * @param parent the parent ClassLoader
76 * @exception SecurityException if a security manager exists and its
77 * {@code checkCreateClassLoader} method doesn't allow
78 * creation of a class loader.
79 * @see SecurityManager#checkCreateClassLoader
80 */
81 protected SecureClassLoader(ClassLoader parent) {
82 super(parent);
83 // this is to make the stack depth consistent with 1.1
84 SecurityManager security = System.getSecurityManager();
85 if (security != null) {
86 security.checkCreateClassLoader();
87 }
88 initialized = true;
89 }
90
91 /**
92 * Creates a new SecureClassLoader using the default parent class
93 * loader for delegation.
94 *
95 * <p>If there is a security manager, this method first
96 * calls the security manager's {@code checkCreateClassLoader}
97 * method to ensure creation of a class loader is allowed.
98 *
99 * @exception SecurityException if a security manager exists and its
100 * {@code checkCreateClassLoader} method doesn't allow
101 * creation of a class loader.
102 * @see SecurityManager#checkCreateClassLoader
103 */
104 protected SecureClassLoader() {
105 super();
106 // this is to make the stack depth consistent with 1.1
107 SecurityManager security = System.getSecurityManager();
108 if (security != null) {
109 security.checkCreateClassLoader();
110 }
111 initialized = true;
112 }
113
114 /**
115 * Creates a new {@code SecureClassLoader} of the specified name and
116 * using the specified parent class loader for delegation.
117 *
118 * @param name class loader name; or {@code null} if not named
119 * @param parent the parent class loader
120 *
121 * @throws IllegalArgumentException if the given name is empty.
122 *
123 * @throws SecurityException if a security manager exists and its
124 * {@link SecurityManager#checkCreateClassLoader()} method
125 * doesn't allow creation of a class loader.
126 *
127 * @since 9
128 */
129 protected SecureClassLoader(String name, ClassLoader parent) {
130 super(name, parent);
131 SecurityManager security = System.getSecurityManager();
132 if (security != null) {
133 security.checkCreateClassLoader();
134 }
135 initialized = true;
136 }
137
138 /**
139 * Converts an array of bytes into an instance of class Class,
140 * with an optional CodeSource. Before the
141 * class can be used it must be resolved.
142 * <p>
143 * If a non-null CodeSource is supplied a ProtectionDomain is
144 * constructed and associated with the class being defined.
145 *
146 * @param name the expected name of the class, or {@code null}
147 * if not known, using '.' and not '/' as the separator
148 * and without a trailing ".class" suffix.
149 * @param b the bytes that make up the class data. The bytes in
150 * positions {@code off} through {@code off+len-1}
151 * should have the format of a valid class file as defined by
152 * <cite>The Java™ Virtual Machine Specification</cite>.
153 * @param off the start offset in {@code b} of the class data
154 * @param len the length of the class data
155 * @param cs the associated CodeSource, or {@code null} if none
156 * @return the {@code Class} object created from the data,
157 * and optional CodeSource.
158 * @exception ClassFormatError if the data did not contain a valid class
159 * @exception IndexOutOfBoundsException if either {@code off} or
160 * {@code len} is negative, or if
161 * {@code off+len} is greater than {@code b.length}.
162 *
163 * @exception SecurityException if an attempt is made to add this class
164 * to a package that contains classes that were signed by
165 * a different set of certificates than this class, or if
166 * the class name begins with "java.".
167 */
168 protected final Class<?> defineClass(String name,
169 byte[] b, int off, int len,
170 CodeSource cs)
171 {
172 return defineClass(name, b, off, len, getProtectionDomain(cs));
173 }
174
175 /**
176 * Converts a {@link java.nio.ByteBuffer ByteBuffer}
177 * into an instance of class {@code Class}, with an optional CodeSource.
178 * Before the class can be used it must be resolved.
179 * <p>
180 * If a non-null CodeSource is supplied a ProtectionDomain is
181 * constructed and associated with the class being defined.
182 *
183 * @param name the expected name of the class, or {@code null}
184 * if not known, using '.' and not '/' as the separator
185 * and without a trailing ".class" suffix.
186 * @param b the bytes that make up the class data. The bytes from positions
187 * {@code b.position()} through {@code b.position() + b.limit() -1}
188 * should have the format of a valid class file as defined by
189 * <cite>The Java™ Virtual Machine Specification</cite>.
190 * @param cs the associated CodeSource, or {@code null} if none
191 * @return the {@code Class} object created from the data,
192 * and optional CodeSource.
193 * @exception ClassFormatError if the data did not contain a valid class
194 * @exception SecurityException if an attempt is made to add this class
195 * to a package that contains classes that were signed by
196 * a different set of certificates than this class, or if
197 * the class name begins with "java.".
198 *
199 * @since 1.5
200 */
201 protected final Class<?> defineClass(String name, java.nio.ByteBuffer b,
202 CodeSource cs)
203 {
204 return defineClass(name, b, getProtectionDomain(cs));
205 }
206
207 /**
208 * Returns the permissions for the given CodeSource object.
209 * <p>
210 * This method is invoked by the defineClass method which takes
211 * a CodeSource as an argument when it is constructing the
212 * ProtectionDomain for the class being defined.
213 *
214 * @param codesource the codesource.
215 *
216 * @return the permissions granted to the codesource.
217 *
218 */
219 protected PermissionCollection getPermissions(CodeSource codesource)
220 {
221 check();
222 return new Permissions(); // ProtectionDomain defers the binding
223 }
224
225 /*
226 * holder class for the static field "debug" to delay its initialization
227 */
228 private static class DebugHolder {
229 private static final Debug debug = Debug.getInstance("scl");
230 }
231
232 /*
233 * Returned cached ProtectionDomain for the specified CodeSource.
234 */
235 private ProtectionDomain getProtectionDomain(CodeSource cs) {
236 if (cs == null) {
237 return null;
238 }
239
240 // Use a CodeSourceKey object key. It should behave in the
241 // same manner as the CodeSource when compared for equality except
242 // that no nameservice lookup is done on the hostname (String comparison
243 // only), and the fragment is not considered.
244 CodeSourceKey key = new CodeSourceKey(cs);
245 return pdcache.computeIfAbsent(key, new Function<>() {
246 @Override
247 public ProtectionDomain apply(CodeSourceKey key /* not used */) {
248 PermissionCollection perms
249 = SecureClassLoader.this.getPermissions(cs);
250 ProtectionDomain pd = new ProtectionDomain(
251 cs, perms, SecureClassLoader.this, null);
252 if (DebugHolder.debug != null) {
253 DebugHolder.debug.println(" getPermissions " + pd);
254 DebugHolder.debug.println("");
255 }
256 return pd;
257 }
258 });
259 }
260
261 /*
262 * Check to make sure the class loader has been initialized.
263 */
264 private void check() {
265 if (!initialized) {
266 throw new SecurityException("ClassLoader object not initialized");
267 }
268 }
269
270 private static class CodeSourceKey {
271 private final CodeSource cs;
272
273 CodeSourceKey(CodeSource cs) {
274 this.cs = cs;
275 }
276
277 @Override
278 public int hashCode() {
279 String locationNoFrag = cs.getLocationNoFragString();
280 return locationNoFrag != null ? locationNoFrag.hashCode() : 0;
281 }
282
283 @Override
284 public boolean equals(Object obj) {
285 if (obj == this) {
286 return true;
287 }
288
289 if (!(obj instanceof CodeSourceKey)) {
290 return false;
291 }
292
293 CodeSourceKey csk = (CodeSourceKey) obj;
294
295 if (!Objects.equals(cs.getLocationNoFragString(),
296 csk.cs.getLocationNoFragString())) {
297 return false;
298 }
299
300 return cs.matchCerts(csk.cs, true);
301 }
302 }
303 }