1 /*
2 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.util;
27
28 import java.io.File;
29 import java.io.FilePermission;
30 import java.io.IOException;
31 import java.net.URL;
32 import java.security.CodeSource;
33 import java.security.Permission;
34 import java.security.PermissionCollection;
35 import java.util.Enumeration;
36
37 /**
38 * This {@code PermissionCollection} implementation delegates to another
39 * {@code PermissionCollection}, taking care to lazily add the permission needed
40 * to read from the given {@code CodeSource} at first use, i.e., when either of
41 * {@link #elements}, {@link #implies} or {@link #toString} is called, or when
42 * the collection is serialized.
43 */
44 public final class LazyCodeSourcePermissionCollection
45 extends PermissionCollection
46 {
47 private static final long serialVersionUID = -6727011328946861783L;
48 private final PermissionCollection perms;
49 private final CodeSource cs;
50 private volatile boolean permissionAdded;
51
52 public LazyCodeSourcePermissionCollection(PermissionCollection perms,
53 CodeSource cs) {
54 this.perms = perms;
55 this.cs = cs;
56 }
57
58 private void ensureAdded() {
59 if (!permissionAdded) {
60 synchronized(perms) {
61 if (permissionAdded)
62 return;
63
64 // open connection to determine the permission needed
65 URL location = cs.getLocation();
66 if (location != null) {
67 try {
68 Permission p = location.openConnection().getPermission();
69 if (p != null) {
70 // for directories then need recursive access
71 if (p instanceof FilePermission) {
72 String path = p.getName();
73 if (path.endsWith(File.separator)) {
74 path += "-";
75 p = new FilePermission(path,
76 SecurityConstants.FILE_READ_ACTION);
77 }
78 }
79 perms.add(p);
80 }
81 } catch (IOException ioe) {
82 }
83 }
84 if (isReadOnly()) {
85 perms.setReadOnly();
86 }
87 permissionAdded = true;
88 }
89 }
90 }
91
92 @Override
93 public void add(Permission permission) {
94 if (isReadOnly())
95 throw new SecurityException(
96 "attempt to add a Permission to a readonly PermissionCollection");
97 perms.add(permission);
98 }
99
100 @Override
101 public boolean implies(Permission permission) {
102 ensureAdded();
103 return perms.implies(permission);
104 }
105
106 @Override
107 public Enumeration<Permission> elements() {
108 ensureAdded();
109 return perms.elements();
110 }
111
112 @Override
113 public String toString() {
114 ensureAdded();
115 return perms.toString();
116 }
117
118 /**
119 * On serialization, initialize and replace with the underlying
120 * permissions. This removes the laziness on deserialization.
121 */
122 private Object writeReplace() {
123 ensureAdded();
124 return perms;
125 }
126 }