1 /*
   2  * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 
  28 import java.io.*;
  29 import java.lang.reflect.*;
  30 import java.net.MalformedURLException;
  31 import java.net.URL;
  32 import java.net.URI;
  33 import java.util.*;
  34 import java.text.MessageFormat;
  35 import java.security.*;
  36 import java.security.cert.Certificate;
  37 import java.security.cert.X509Certificate;
  38 import javax.security.auth.Subject;
  39 import javax.security.auth.x500.X500Principal;
  40 import java.io.FilePermission;
  41 import java.net.SocketPermission;
  42 import java.net.NetPermission;
  43 import java.util.concurrent.atomic.AtomicReference;
  44 import sun.misc.JavaSecurityProtectionDomainAccess;
  45 import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
  46 import sun.misc.SharedSecrets;
  47 import sun.security.util.PolicyUtil;
  48 import sun.security.util.PropertyExpander;
  49 import sun.security.util.Debug;
  50 import sun.security.util.ResourcesMgr;
  51 import sun.security.util.SecurityConstants;
  52 import sun.net.www.ParseUtil;
  53 
  54 /**
  55  * This class represents a default implementation for
  56  * <code>java.security.Policy</code>.
  57  *
  58  * Note:
  59  * For backward compatibility with JAAS 1.0 it loads
  60  * both java.auth.policy and java.policy. However it
  61  * is recommended that java.auth.policy be not used
  62  * and the java.policy contain all grant entries including
  63  * that contain principal-based entries.
  64  *
  65  *
  66  * <p> This object stores the policy for entire Java runtime,
  67  * and is the amalgamation of multiple static policy
  68  * configurations that resides in files.
  69  * The algorithm for locating the policy file(s) and reading their
  70  * information into this <code>Policy</code> object is:
  71  *
  72  * <ol>
  73  * <li>
  74  *   Loop through the <code>java.security.Security</code> properties,
  75  *   <i>policy.url.1</i>, <i>policy.url.2</i>, ...,
  76  *   <i>policy.url.X</i>" and
  77  *   <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
  78  *   <i>auth.policy.url.X</i>".  These properties are set
  79  *   in the Java security properties file, which is located in the file named
  80  *   &lt;JAVA_HOME&gt;/lib/security/java.security.
  81  *   &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
  82  *   and specifies the directory where the JRE is installed.
  83  *   Each property value specifies a <code>URL</code> pointing to a
  84  *   policy file to be loaded.  Read in and load each policy.
  85  *
  86  *   <i>auth.policy.url</i> is supported only for backward compatibility.
  87  *
  88  * <li>
  89  *   The <code>java.lang.System</code> property <i>java.security.policy</i>
  90  *   may also be set to a <code>URL</code> pointing to another policy file
  91  *   (which is the case when a user uses the -D switch at runtime).
  92  *   If this property is defined, and its use is allowed by the
  93  *   security property file (the Security property,
  94  *   <i>policy.allowSystemProperty</i> is set to <i>true</i>),
  95  *   also load that policy.
  96  *
  97  * <li>
  98  *   The <code>java.lang.System</code> property
  99  *   <i>java.security.auth.policy</i> may also be set to a
 100  *   <code>URL</code> pointing to another policy file
 101  *   (which is the case when a user uses the -D switch at runtime).
 102  *   If this property is defined, and its use is allowed by the
 103  *   security property file (the Security property,
 104  *   <i>policy.allowSystemProperty</i> is set to <i>true</i>),
 105  *   also load that policy.
 106  *
 107  *   <i>java.security.auth.policy</i> is supported only for backward
 108  *   compatibility.
 109  *
 110  *   If the  <i>java.security.policy</i> or
 111  *   <i>java.security.auth.policy</i> property is defined using
 112  *   "==" (rather than "="), then ignore all other specified
 113  *   policies and only load this policy.
 114  * </ol>
 115  *
 116  * Each policy file consists of one or more grant entries, each of
 117  * which consists of a number of permission entries.
 118  *
 119  * <pre>
 120  *   grant signedBy "<b>alias</b>", codeBase "<b>URL</b>",
 121  *         principal <b>principalClass</b> "<b>principalName</b>",
 122  *         principal <b>principalClass</b> "<b>principalName</b>",
 123  *         ... {
 124  *
 125  *     permission <b>Type</b> "<b>name</b> "<b>action</b>",
 126  *         signedBy "<b>alias</b>";
 127  *     permission <b>Type</b> "<b>name</b> "<b>action</b>",
 128  *         signedBy "<b>alias</b>";
 129  *     ....
 130  *   };
 131  * </pre>
 132  *
 133  * All non-bold items above must appear as is (although case
 134  * doesn't matter and some are optional, as noted below).
 135  * principal entries are optional and need not be present.
 136  * Italicized items represent variable values.
 137  *
 138  * <p> A grant entry must begin with the word <code>grant</code>.
 139  * The <code>signedBy</code>,<code>codeBase</code> and <code>principal</code>
 140  * name/value pairs are optional.
 141  * If they are not present, then any signer (including unsigned code)
 142  * will match, and any codeBase will match.
 143  * Note that the <i>principalClass</i>
 144  * may be set to the wildcard value, *, which allows it to match
 145  * any <code>Principal</code> class.  In addition, the <i>principalName</i>
 146  * may also be set to the wildcard value, *, allowing it to match
 147  * any <code>Principal</code> name.  When setting the <i>principalName</i>
 148  * to the *, do not surround the * with quotes.
 149  *
 150  * <p> A permission entry must begin with the word <code>permission</code>.
 151  * The word <code><i>Type</i></code> in the template above is
 152  * a specific permission type, such as <code>java.io.FilePermission</code>
 153  * or <code>java.lang.RuntimePermission</code>.
 154  *
 155  * <p> The "<i>action</i>" is required for
 156  * many permission types, such as <code>java.io.FilePermission</code>
 157  * (where it specifies what type of file access that is permitted).
 158  * It is not required for categories such as
 159  * <code>java.lang.RuntimePermission</code>
 160  * where it is not necessary - you either have the
 161  * permission specified by the <code>"<i>name</i>"</code>
 162  * value following the type name or you don't.
 163  *
 164  * <p> The <code>signedBy</code> name/value pair for a permission entry
 165  * is optional. If present, it indicates a signed permission. That is,
 166  * the permission class itself must be signed by the given alias in
 167  * order for it to be granted. For example,
 168  * suppose you have the following grant entry:
 169  *
 170  * <pre>
 171  *   grant principal foo.com.Principal "Duke" {
 172  *     permission Foo "foobar", signedBy "FooSoft";
 173  *   }
 174  * </pre>
 175  *
 176  * <p> Then this permission of type <i>Foo</i> is granted if the
 177  * <code>Foo.class</code> permission has been signed by the
 178  * "FooSoft" alias, or if XXX <code>Foo.class</code> is a
 179  * system class (i.e., is found on the CLASSPATH).
 180  *
 181  *
 182  * <p> Items that appear in an entry must appear in the specified order
 183  * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and
 184  * "<i>action</i>"). An entry is terminated with a semicolon.
 185  *
 186  * <p> Case is unimportant for the identifiers (<code>permission</code>,
 187  * <code>signedBy</code>, <code>codeBase</code>, etc.) but is
 188  * significant for the <i>Type</i>
 189  * or for any string that is passed in as a value. <p>
 190  *
 191  * <p> An example of two entries in a policy configuration file is
 192  * <pre>
 193  *   // if the code is comes from "foo.com" and is running as "Duke",
 194  *   // grant it read/write to all files in /tmp.
 195  *
 196  *   grant codeBase "foo.com", principal foo.com.Principal "Duke" {
 197  *              permission java.io.FilePermission "/tmp/*", "read,write";
 198  *   };
 199  *
 200  *   // grant any code running as "Duke" permission to read
 201  *   // the "java.vendor" Property.
 202  *
 203  *   grant principal foo.com.Principal "Duke" {
 204  *         permission java.util.PropertyPermission "java.vendor";
 205  *
 206  *
 207  * </pre>
 208  *  This Policy implementation supports special handling of any
 209  *  permission that contains the string, "<b>${{self}}</b>", as part of
 210  *  its target name.  When such a permission is evaluated
 211  *  (such as during a security check), <b>${{self}}</b> is replaced
 212  *  with one or more Principal class/name pairs.  The exact
 213  *  replacement performed depends upon the contents of the
 214  *  grant clause to which the permission belongs.
 215  *<p>
 216  *
 217  *  If the grant clause does not contain any principal information,
 218  *  the permission will be ignored (permissions containing
 219  *  <b>${{self}}</b> in their target names are only valid in the context
 220  *  of a principal-based grant clause).  For example, BarPermission
 221  *  will always be ignored in the following grant clause:
 222  *
 223  *<pre>
 224  *    grant codebase "www.foo.com", signedby "duke" {
 225  *      permission BarPermission "... ${{self}} ...";
 226  *    };
 227  *</pre>
 228  *
 229  *  If the grant clause contains principal information, <b>${{self}}</b>
 230  *  will be replaced with that same principal information.
 231  *  For example, <b>${{self}}</b> in BarPermission will be replaced by
 232  *  <b>javax.security.auth.x500.X500Principal "cn=Duke"</b>
 233  *  in the following grant clause:
 234  *
 235  *  <pre>
 236  *    grant principal javax.security.auth.x500.X500Principal "cn=Duke" {
 237  *      permission BarPermission "... ${{self}} ...";
 238  *    };
 239  *  </pre>
 240  *
 241  *  If there is a comma-separated list of principals in the grant
 242  *  clause, then <b>${{self}}</b> will be replaced by the same
 243  *  comma-separated list or principals.
 244  *  In the case where both the principal class and name are
 245  *  wildcarded in the grant clause, <b>${{self}}</b> is replaced
 246  *  with all the principals associated with the <code>Subject</code>
 247  *  in the current <code>AccessControlContext</code>.
 248  *
 249  *
 250  * <p> For PrivateCredentialPermissions, you can also use "<b>self</b>"
 251  * instead of "<b>${{self}}</b>". However the use of "<b>self</b>" is
 252  * deprecated in favour of "<b>${{self}}</b>".
 253  *
 254  * @see java.security.CodeSource
 255  * @see java.security.Permissions
 256  * @see java.security.ProtectionDomain
 257  */
 258 public class PolicyFile extends java.security.Policy {
 259 
 260     private static final Debug debug = Debug.getInstance("policy");
 261 
 262     private static final String NONE = "NONE";
 263     private static final String P11KEYSTORE = "PKCS11";
 264 
 265     private static final String SELF = "${{self}}";
 266     private static final String X500PRINCIPAL =
 267                         "javax.security.auth.x500.X500Principal";
 268     private static final String POLICY = "java.security.policy";
 269     private static final String SECURITY_MANAGER = "java.security.manager";
 270     private static final String POLICY_URL = "policy.url.";
 271     private static final String AUTH_POLICY = "java.security.auth.policy";
 272     private static final String AUTH_POLICY_URL = "auth.policy.url.";
 273 
 274     private static final int DEFAULT_CACHE_SIZE = 1;
 275 
 276     // contains the policy grant entries, PD cache, and alias mapping
 277     private AtomicReference<PolicyInfo> policyInfo = new AtomicReference<>();
 278     private boolean constructed = false;
 279 
 280     private boolean expandProperties = true;
 281     private boolean ignoreIdentityScope = true;
 282     private boolean allowSystemProperties = true;
 283     private boolean notUtf8 = false;
 284     private URL url;
 285 
 286     // for use with the reflection API
 287 
 288     private static final Class<?>[] PARAMS0 = { };
 289     private static final Class<?>[] PARAMS1 = { String.class };
 290     private static final Class<?>[] PARAMS2 = { String.class, String.class };
 291 
 292     /**
 293      * Initializes the Policy object and reads the default policy
 294      * configuration file(s) into the Policy object.
 295      */
 296     public PolicyFile() {
 297         init((URL)null);
 298     }
 299 
 300     /**
 301      * Initializes the Policy object and reads the default policy
 302      * from the specified URL only.
 303      */
 304     public PolicyFile(URL url) {
 305         this.url = url;
 306         init(url);
 307     }
 308 
 309     /**
 310      * Initializes the Policy object and reads the default policy
 311      * configuration file(s) into the Policy object.
 312      *
 313      * The algorithm for locating the policy file(s) and reading their
 314      * information into the Policy object is:
 315      * <pre>
 316      *   loop through the Security Properties named "policy.url.1",
 317      *  ""policy.url.2", "auth.policy.url.1",  "auth.policy.url.2" etc, until
 318      *   you don't find one. Each of these specify a policy file.
 319      *
 320      *   if none of these could be loaded, use a builtin static policy
 321      *      equivalent to the default lib/security/java.policy file.
 322      *
 323      *   if the system property "java.policy" or "java.auth.policy" is defined
 324      * (which is the
 325      *      case when the user uses the -D switch at runtime), and
 326      *     its use is allowed by the security property file,
 327      *     also load it.
 328      * </pre>
 329      *
 330      * Each policy file consists of one or more grant entries, each of
 331      * which consists of a number of permission entries.
 332      * <pre>
 333      *   grant signedBy "<i>alias</i>", codeBase "<i>URL</i>" {
 334      *     permission <i>Type</i> "<i>name</i>", "<i>action</i>",
 335      *         signedBy "<i>alias</i>";
 336      *     ....
 337      *     permission <i>Type</i> "<i>name</i>", "<i>action</i>",
 338      *         signedBy "<i>alias</i>";
 339      *   };
 340      *
 341      * </pre>
 342      *
 343      * All non-italicized items above must appear as is (although case
 344      * doesn't matter and some are optional, as noted below).
 345      * Italicized items represent variable values.
 346      *
 347      * <p> A grant entry must begin with the word <code>grant</code>.
 348      * The <code>signedBy</code> and <code>codeBase</code> name/value
 349      * pairs are optional.
 350      * If they are not present, then any signer (including unsigned code)
 351      * will match, and any codeBase will match.
 352      *
 353      * <p> A permission entry must begin with the word <code>permission</code>.
 354      * The word <code><i>Type</i></code> in the template above would actually
 355      * be a specific permission type, such as
 356      * <code>java.io.FilePermission</code> or
 357      * <code>java.lang.RuntimePermission</code>.
 358      *
 359      * <p>The "<i>action</i>" is required for
 360      * many permission types, such as <code>java.io.FilePermission</code>
 361      * (where it specifies what type of file access is permitted).
 362      * It is not required for categories such as
 363      * <code>java.lang.RuntimePermission</code>
 364      * where it is not necessary - you either have the
 365      * permission specified by the <code>"<i>name</i>"</code>
 366      * value following the type name or you don't.
 367      *
 368      * <p>The <code>signedBy</code> name/value pair for a permission entry
 369      * is optional. If present, it indicates a signed permission. That is,
 370      * the permission class itself must be signed by the given alias in
 371      * order for it to be granted. For example,
 372      * suppose you have the following grant entry:
 373      *
 374      * <pre>
 375      *   grant {
 376      *     permission Foo "foobar", signedBy "FooSoft";
 377      *   }
 378      * </pre>
 379      *
 380      * <p>Then this permission of type <i>Foo</i> is granted if the
 381      * <code>Foo.class</code> permission has been signed by the
 382      * "FooSoft" alias, or if <code>Foo.class</code> is a
 383      * system class (i.e., is found on the CLASSPATH).
 384      *
 385      * <p>Items that appear in an entry must appear in the specified order
 386      * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and
 387      * "<i>action</i>"). An entry is terminated with a semicolon.
 388      *
 389      * <p>Case is unimportant for the identifiers (<code>permission</code>,
 390      * <code>signedBy</code>, <code>codeBase</code>, etc.) but is
 391      * significant for the <i>Type</i>
 392      * or for any string that is passed in as a value. <p>
 393      *
 394      * <p>An example of two entries in a policy configuration file is
 395      * <pre>
 396      *   //  if the code is signed by "Duke", grant it read/write to all
 397      *   // files in /tmp.
 398      *
 399      *   grant signedBy "Duke" {
 400      *          permission java.io.FilePermission "/tmp/*", "read,write";
 401      *   };
 402      * <p>
 403      *   // grant everyone the following permission
 404      *
 405      *   grant {
 406      *     permission java.util.PropertyPermission "java.vendor";
 407      *   };
 408      *  </pre>
 409      */
 410     private void init(URL url) {
 411         // Properties are set once for each init(); ignore changes between
 412         // between diff invocations of initPolicyFile(policy, url, info).
 413         String numCacheStr =
 414           AccessController.doPrivileged(new PrivilegedAction<String>() {
 415             public String run() {
 416                 expandProperties = "true".equalsIgnoreCase
 417                     (Security.getProperty("policy.expandProperties"));
 418                 ignoreIdentityScope = "true".equalsIgnoreCase
 419                     (Security.getProperty("policy.ignoreIdentityScope"));
 420                 allowSystemProperties = "true".equalsIgnoreCase
 421                     (Security.getProperty("policy.allowSystemProperty"));
 422                 notUtf8 = "false".equalsIgnoreCase
 423                     (System.getProperty("sun.security.policy.utf8"));
 424                 return System.getProperty("sun.security.policy.numcaches");
 425             }});
 426 
 427         int numCaches;
 428         if (numCacheStr != null) {
 429             try {
 430                 numCaches = Integer.parseInt(numCacheStr);
 431             } catch (NumberFormatException e) {
 432                 numCaches = DEFAULT_CACHE_SIZE;
 433             }
 434         } else {
 435             numCaches = DEFAULT_CACHE_SIZE;
 436         }
 437         // System.out.println("number caches=" + numCaches);
 438         PolicyInfo newInfo = new PolicyInfo(numCaches);
 439         initPolicyFile(newInfo, url);
 440         policyInfo.set(newInfo);
 441     }
 442 
 443     private void initPolicyFile(final PolicyInfo newInfo, final URL url) {
 444 
 445         if (url != null) {
 446 
 447             /**
 448              * If the caller specified a URL via Policy.getInstance,
 449              * we only read from that URL
 450              */
 451 
 452             if (debug != null) {
 453                 debug.println("reading "+url);
 454             }
 455             AccessController.doPrivileged(new PrivilegedAction<Void>() {
 456                 public Void run() {
 457                     if (init(url, newInfo) == false) {
 458                         // use static policy if all else fails
 459                         initStaticPolicy(newInfo);
 460                     }
 461                     return null;
 462                 }
 463             });
 464 
 465         } else {
 466 
 467             /**
 468              * Caller did not specify URL via Policy.getInstance.
 469              * Read from URLs listed in the java.security properties file.
 470              *
 471              * We call initPolicyFile with POLICY , POLICY_URL and then
 472              * call it with AUTH_POLICY and AUTH_POLICY_URL
 473              * So first we will process the JAVA standard policy
 474              * and then process the JAVA AUTH Policy.
 475              * This is for backward compatibility as well as to handle
 476              * cases where the user has a single unified policyfile
 477              * with both java policy entries and auth entries
 478              */
 479 
 480             boolean loaded_one = initPolicyFile(POLICY, POLICY_URL, newInfo);
 481             // To maintain strict backward compatibility
 482             // we load the static policy only if POLICY load failed
 483             if (!loaded_one) {
 484                 // use static policy if all else fails
 485                 initStaticPolicy(newInfo);
 486             }
 487 
 488             initPolicyFile(AUTH_POLICY, AUTH_POLICY_URL, newInfo);
 489         }
 490     }
 491 
 492     private boolean initPolicyFile(final String propname, final String urlname,
 493                                 final PolicyInfo newInfo) {
 494         Boolean loadedPolicy =
 495             AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
 496             public Boolean run() {
 497                 boolean loaded_policy = false;
 498 
 499                 if (allowSystemProperties) {
 500                     String extra_policy = System.getProperty(propname);
 501                     if (extra_policy != null) {
 502                         boolean overrideAll = false;
 503                         if (extra_policy.startsWith("=")) {
 504                             overrideAll = true;
 505                             extra_policy = extra_policy.substring(1);
 506                         }
 507                         try {
 508                             extra_policy =
 509                                 PropertyExpander.expand(extra_policy);
 510                             URL policyURL;
 511 
 512                             File policyFile = new File(extra_policy);
 513                             if (policyFile.exists()) {
 514                                 policyURL = ParseUtil.fileToEncodedURL
 515                                     (new File(policyFile.getCanonicalPath()));
 516                             } else {
 517                                 policyURL = new URL(extra_policy);
 518                             }
 519                             if (debug != null)
 520                                 debug.println("reading "+policyURL);
 521                             if (init(policyURL, newInfo))
 522                                 loaded_policy = true;
 523                         } catch (Exception e) {
 524                             // ignore.
 525                             if (debug != null) {
 526                                 debug.println("caught exception: "+e);
 527                             }
 528                         }
 529                         if (overrideAll) {
 530                             if (debug != null) {
 531                                 debug.println("overriding other policies!");
 532                             }
 533                             return Boolean.valueOf(loaded_policy);
 534                         }
 535                     }
 536                 }
 537 
 538                 int n = 1;
 539                 String policy_uri;
 540 
 541                 while ((policy_uri = Security.getProperty(urlname+n)) != null) {
 542                     try {
 543                         URL policy_url = null;
 544                         String expanded_uri = PropertyExpander.expand
 545                                 (policy_uri).replace(File.separatorChar, '/');
 546 
 547                         if (policy_uri.startsWith("file:${java.home}/") ||
 548                             policy_uri.startsWith("file:${user.home}/")) {
 549 
 550                             // this special case accommodates
 551                             // the situation java.home/user.home
 552                             // expand to a single slash, resulting in
 553                             // a file://foo URI
 554                             policy_url = new File
 555                                 (expanded_uri.substring(5)).toURI().toURL();
 556                         } else {
 557                             policy_url = new URI(expanded_uri).toURL();
 558                         }
 559 
 560                         if (debug != null)
 561                             debug.println("reading "+policy_url);
 562                         if (init(policy_url, newInfo))
 563                             loaded_policy = true;
 564                     } catch (Exception e) {
 565                         if (debug != null) {
 566                             debug.println("error reading policy "+e);
 567                             e.printStackTrace();
 568                         }
 569                         // ignore that policy
 570                     }
 571                     n++;
 572                 }
 573                 return Boolean.valueOf(loaded_policy);
 574             }
 575         });
 576 
 577         return loadedPolicy.booleanValue();
 578     }
 579 
 580     /**
 581      * Reads a policy configuration into the Policy object using a
 582      * Reader object.
 583      *
 584      * @param policyFile the policy Reader object.
 585      */
 586     private boolean init(URL policy, PolicyInfo newInfo) {
 587         boolean success = false;
 588         PolicyParser pp = new PolicyParser(expandProperties);
 589         InputStreamReader isr = null;
 590         try {
 591 
 592             // read in policy using UTF-8 by default
 593             //
 594             // check non-standard system property to see if
 595             // the default encoding should be used instead
 596 
 597             if (notUtf8) {
 598                 isr = new InputStreamReader
 599                                 (PolicyUtil.getInputStream(policy));
 600             } else {
 601                 isr = new InputStreamReader
 602                                 (PolicyUtil.getInputStream(policy), "UTF-8");
 603             }
 604 
 605             pp.read(isr);
 606 
 607             KeyStore keyStore = null;
 608             try {
 609                 keyStore = PolicyUtil.getKeyStore
 610                                 (policy,
 611                                 pp.getKeyStoreUrl(),
 612                                 pp.getKeyStoreType(),
 613                                 pp.getKeyStoreProvider(),
 614                                 pp.getStorePassURL(),
 615                                 debug);
 616             } catch (Exception e) {
 617                 // ignore, treat it like we have no keystore
 618                 if (debug != null) {
 619                     e.printStackTrace();
 620                 }
 621             }
 622 
 623             Enumeration<PolicyParser.GrantEntry> enum_ = pp.grantElements();
 624             while (enum_.hasMoreElements()) {
 625                 PolicyParser.GrantEntry ge = enum_.nextElement();
 626                 addGrantEntry(ge, keyStore, newInfo);
 627             }
 628         } catch (PolicyParser.ParsingException pe) {
 629             MessageFormat form = new MessageFormat(ResourcesMgr.getString
 630                 (POLICY + ".error.parsing.policy.message"));
 631             Object[] source = {policy, pe.getLocalizedMessage()};
 632             System.err.println(form.format(source));
 633             if (debug != null)
 634                 pe.printStackTrace();
 635 
 636         } catch (Exception e) {
 637             if (debug != null) {
 638                 debug.println("error parsing "+policy);
 639                 debug.println(e.toString());
 640                 e.printStackTrace();
 641             }
 642         } finally {
 643             if (isr != null) {
 644                 try {
 645                     isr.close();
 646                     success = true;
 647                 } catch (IOException e) {
 648                     // ignore the exception
 649                 }
 650             } else {
 651                 success = true;
 652             }
 653         }
 654 
 655         return success;
 656     }
 657 
 658     private void initStaticPolicy(final PolicyInfo newInfo) {
 659         AccessController.doPrivileged(new PrivilegedAction<Void>() {
 660             public Void run() {
 661                 PolicyEntry pe = new PolicyEntry(new CodeSource(null,
 662                     (Certificate[]) null));
 663                 pe.add(SecurityConstants.LOCAL_LISTEN_PERMISSION);
 664                 pe.add(new PropertyPermission("java.version",
 665                     SecurityConstants.PROPERTY_READ_ACTION));
 666                 pe.add(new PropertyPermission("java.vendor",
 667                     SecurityConstants.PROPERTY_READ_ACTION));
 668                 pe.add(new PropertyPermission("java.vendor.url",
 669                     SecurityConstants.PROPERTY_READ_ACTION));
 670                 pe.add(new PropertyPermission("java.class.version",
 671                     SecurityConstants.PROPERTY_READ_ACTION));
 672                 pe.add(new PropertyPermission("os.name",
 673                     SecurityConstants.PROPERTY_READ_ACTION));
 674                 pe.add(new PropertyPermission("os.version",
 675                     SecurityConstants.PROPERTY_READ_ACTION));
 676                 pe.add(new PropertyPermission("os.arch",
 677                     SecurityConstants.PROPERTY_READ_ACTION));
 678                 pe.add(new PropertyPermission("file.separator",
 679                     SecurityConstants.PROPERTY_READ_ACTION));
 680                 pe.add(new PropertyPermission("path.separator",
 681                     SecurityConstants.PROPERTY_READ_ACTION));
 682                 pe.add(new PropertyPermission("line.separator",
 683                     SecurityConstants.PROPERTY_READ_ACTION));
 684                 pe.add(new PropertyPermission
 685                                 ("java.specification.version",
 686                                     SecurityConstants.PROPERTY_READ_ACTION));
 687                 pe.add(new PropertyPermission
 688                                 ("java.specification.vendor",
 689                                     SecurityConstants.PROPERTY_READ_ACTION));
 690                 pe.add(new PropertyPermission
 691                                 ("java.specification.name",
 692                                     SecurityConstants.PROPERTY_READ_ACTION));
 693                 pe.add(new PropertyPermission
 694                                 ("java.vm.specification.version",
 695                                     SecurityConstants.PROPERTY_READ_ACTION));
 696                 pe.add(new PropertyPermission
 697                                 ("java.vm.specification.vendor",
 698                                     SecurityConstants.PROPERTY_READ_ACTION));
 699                 pe.add(new PropertyPermission
 700                                 ("java.vm.specification.name",
 701                                     SecurityConstants.PROPERTY_READ_ACTION));
 702                 pe.add(new PropertyPermission("java.vm.version",
 703                     SecurityConstants.PROPERTY_READ_ACTION));
 704                 pe.add(new PropertyPermission("java.vm.vendor",
 705                     SecurityConstants.PROPERTY_READ_ACTION));
 706                 pe.add(new PropertyPermission("java.vm.name",
 707                     SecurityConstants.PROPERTY_READ_ACTION));
 708 
 709                 // No need to sync because noone has access to newInfo yet
 710                 newInfo.policyEntries.add(pe);
 711 
 712                 // Add AllPermissions for standard extensions
 713                 String[] extCodebases = PolicyParser.parseExtDirs(
 714                     PolicyParser.EXTDIRS_EXPANSION, 0);
 715                 if (extCodebases != null && extCodebases.length > 0) {
 716                     for (int i = 0; i < extCodebases.length; i++) {
 717                         try {
 718                             pe = new PolicyEntry(canonicalizeCodebase(
 719                                 new CodeSource(new URL(extCodebases[i]),
 720                                     (Certificate[]) null), false ));
 721                             pe.add(SecurityConstants.ALL_PERMISSION);
 722 
 723                             // No need to sync because noone has access to
 724                             // newInfo yet
 725                             newInfo.policyEntries.add(pe);
 726                         } catch (Exception e) {
 727                             // this is probably bad (though not dangerous).
 728                             // What should we do?
 729                         }
 730                     }
 731                 }
 732                 return null;
 733             }
 734         });
 735     }
 736 
 737     /**
 738      * Given a GrantEntry, create a codeSource.
 739      *
 740      * @return null if signedBy alias is not recognized
 741      */
 742     private CodeSource getCodeSource(PolicyParser.GrantEntry ge, KeyStore keyStore,
 743         PolicyInfo newInfo) throws java.net.MalformedURLException
 744     {
 745         Certificate[] certs = null;
 746         if (ge.signedBy != null) {
 747             certs = getCertificates(keyStore, ge.signedBy, newInfo);
 748             if (certs == null) {
 749                 // we don't have a key for this alias,
 750                 // just return
 751                 if (debug != null) {
 752                     debug.println("  -- No certs for alias '" +
 753                                        ge.signedBy + "' - ignoring entry");
 754                 }
 755                 return null;
 756             }
 757         }
 758 
 759         URL location;
 760 
 761         if (ge.codeBase != null)
 762             location = new URL(ge.codeBase);
 763         else
 764             location = null;
 765 
 766         return (canonicalizeCodebase(new CodeSource(location, certs),false));
 767     }
 768 
 769     /**
 770      * Add one policy entry to the list.
 771      */
 772     private void addGrantEntry(PolicyParser.GrantEntry ge,
 773                                KeyStore keyStore, PolicyInfo newInfo) {
 774 
 775         if (debug != null) {
 776             debug.println("Adding policy entry: ");
 777             debug.println("  signedBy " + ge.signedBy);
 778             debug.println("  codeBase " + ge.codeBase);
 779             if (ge.principals != null) {
 780                 for (PolicyParser.PrincipalEntry pppe : ge.principals) {
 781                     debug.println("  " + pppe.toString());
 782                 }
 783             }
 784         }
 785 
 786         try {
 787             CodeSource codesource = getCodeSource(ge, keyStore, newInfo);
 788             // skip if signedBy alias was unknown...
 789             if (codesource == null) return;
 790 
 791             // perform keystore alias principal replacement.
 792             // for example, if alias resolves to X509 certificate,
 793             // replace principal with:  <X500Principal class>  <SubjectDN>
 794             // -- skip if alias is unknown
 795             if (replacePrincipals(ge.principals, keyStore) == false)
 796                 return;
 797             PolicyEntry entry = new PolicyEntry(codesource, ge.principals);
 798             Enumeration<PolicyParser.PermissionEntry> enum_ =
 799                                                 ge.permissionElements();
 800             while (enum_.hasMoreElements()) {
 801                 PolicyParser.PermissionEntry pe = enum_.nextElement();
 802 
 803                 try {
 804                     // perform ${{ ... }} expansions within permission name
 805                     expandPermissionName(pe, keyStore);
 806 
 807                     // XXX special case PrivateCredentialPermission-SELF
 808                     Permission perm;
 809                     if (pe.permission.equals
 810                         ("javax.security.auth.PrivateCredentialPermission") &&
 811                         pe.name.endsWith(" self")) {
 812                         pe.name = pe.name.substring(0, pe.name.indexOf("self"))
 813                                 + SELF;
 814                     }
 815                     // check for self
 816                     if (pe.name != null && pe.name.indexOf(SELF) != -1) {
 817                         // Create a "SelfPermission" , it could be an
 818                         // an unresolved permission which will be resolved
 819                         // when implies is called
 820                         // Add it to entry
 821                         Certificate certs[];
 822                         if (pe.signedBy != null) {
 823                             certs = getCertificates(keyStore,
 824                                                     pe.signedBy,
 825                                                     newInfo);
 826                         } else {
 827                             certs = null;
 828                         }
 829                         perm = new SelfPermission(pe.permission,
 830                                                   pe.name,
 831                                                   pe.action,
 832                                                   certs);
 833                     } else {
 834                         perm = getInstance(pe.permission,
 835                                            pe.name,
 836                                            pe.action);
 837                     }
 838                     entry.add(perm);
 839                     if (debug != null) {
 840                         debug.println("  "+perm);
 841                     }
 842                 } catch (ClassNotFoundException cnfe) {
 843                     Certificate certs[];
 844                     if (pe.signedBy != null) {
 845                         certs = getCertificates(keyStore,
 846                                                 pe.signedBy,
 847                                                 newInfo);
 848                     } else {
 849                         certs = null;
 850                     }
 851 
 852                     // only add if we had no signer or we had a
 853                     // a signer and found the keys for it.
 854                     if (certs != null || pe.signedBy == null) {
 855                         Permission perm = new UnresolvedPermission(
 856                                                   pe.permission,
 857                                                   pe.name,
 858                                                   pe.action,
 859                                                   certs);
 860                         entry.add(perm);
 861                         if (debug != null) {
 862                             debug.println("  "+perm);
 863                         }
 864                     }
 865                 } catch (java.lang.reflect.InvocationTargetException ite) {
 866                     MessageFormat form = new MessageFormat
 867                         (ResourcesMgr.getString
 868                          (POLICY +
 869                           ".error.adding.Permission.perm.message"));
 870                     Object[] source = {pe.permission,
 871                                        ite.getTargetException().toString()};
 872                     System.err.println(form.format(source));
 873                 } catch (Exception e) {
 874                     MessageFormat form = new MessageFormat
 875                         (ResourcesMgr.getString
 876                          (POLICY +
 877                           ".error.adding.Permission.perm.message"));
 878                     Object[] source = {pe.permission,
 879                                        e.toString()};
 880                     System.err.println(form.format(source));
 881                 }
 882             }
 883 
 884             // No need to sync because noone has access to newInfo yet
 885             newInfo.policyEntries.add(entry);
 886         } catch (Exception e) {
 887             MessageFormat form = new MessageFormat(ResourcesMgr.getString
 888                                          (POLICY
 889                                          + ".error.adding.Entry.message"));
 890             Object[] source = {e.toString()};
 891             System.err.println(form.format(source));
 892         }
 893         if (debug != null)
 894             debug.println();
 895     }
 896 
 897     /**
 898      * Returns a new Permission object of the given Type. The Permission is
 899      * created by getting the
 900      * Class object using the <code>Class.forName</code> method, and using
 901      * the reflection API to invoke the (String name, String actions)
 902      * constructor on the
 903      * object.
 904      *
 905      * @param type the type of Permission being created.
 906      * @param name the name of the Permission being created.
 907      * @param actions the actions of the Permission being created.
 908      *
 909      * @exception  ClassNotFoundException  if the particular Permission
 910      *             class could not be found.
 911      *
 912      * @exception  IllegalAccessException  if the class or initializer is
 913      *               not accessible.
 914      *
 915      * @exception  InstantiationException  if getInstance tries to
 916      *               instantiate an abstract class or an interface, or if the
 917      *               instantiation fails for some other reason.
 918      *
 919      * @exception  NoSuchMethodException if the (String, String) constructor
 920      *               is not found.
 921      *
 922      * @exception  InvocationTargetException if the underlying Permission
 923      *               constructor throws an exception.
 924      *
 925      */
 926 
 927     private static final Permission getInstance(String type,
 928                                     String name,
 929                                     String actions)
 930         throws ClassNotFoundException,
 931                InstantiationException,
 932                IllegalAccessException,
 933                NoSuchMethodException,
 934                InvocationTargetException
 935     {
 936         //XXX we might want to keep a hash of created factories...
 937         Class<?> pc = Class.forName(type, false, null);
 938         Permission answer = getKnownInstance(pc, name, actions);
 939         if (answer != null) {
 940             return answer;
 941         }
 942         if (!Permission.class.isAssignableFrom(pc)) {
 943             // not the right subtype
 944             throw new ClassCastException(type + " is not a Permission");
 945         }
 946 
 947         if (name == null && actions == null) {
 948             try {
 949                 Constructor<?> c = pc.getConstructor(PARAMS0);
 950                 return (Permission) c.newInstance(new Object[] {});
 951             } catch (NoSuchMethodException ne) {
 952                 try {
 953                     Constructor<?> c = pc.getConstructor(PARAMS1);
 954                     return (Permission) c.newInstance(
 955                               new Object[] { name});
 956                 } catch (NoSuchMethodException ne1 ) {
 957                     Constructor<?> c = pc.getConstructor(PARAMS2);
 958                     return (Permission) c.newInstance(
 959                         new Object[] { name, actions });
 960                 }
 961             }
 962         } else {
 963             if (name != null && actions == null) {
 964                 try {
 965                     Constructor<?> c = pc.getConstructor(PARAMS1);
 966                     return (Permission) c.newInstance(new Object[] { name});
 967                 } catch (NoSuchMethodException ne) {
 968                     Constructor<?> c = pc.getConstructor(PARAMS2);
 969                     return (Permission) c.newInstance(
 970                           new Object[] { name, actions });
 971                 }
 972             } else {
 973                 Constructor<?> c = pc.getConstructor(PARAMS2);
 974                 return (Permission) c.newInstance(
 975                       new Object[] { name, actions });
 976              }
 977         }
 978     }
 979 
 980     /**
 981      * Creates one of the well-known permissions directly instead of
 982      * via reflection. Keep list short to not penalize non-JDK-defined
 983      * permissions.
 984      */
 985     private static final Permission getKnownInstance(Class<?> claz,
 986         String name, String actions) {
 987         if (claz.equals(FilePermission.class)) {
 988             return new FilePermission(name, actions);
 989         } else if (claz.equals(SocketPermission.class)) {
 990             return new SocketPermission(name, actions);
 991         } else if (claz.equals(RuntimePermission.class)) {
 992             return new RuntimePermission(name, actions);
 993         } else if (claz.equals(PropertyPermission.class)) {
 994             return new PropertyPermission(name, actions);
 995         } else if (claz.equals(NetPermission.class)) {
 996             return new NetPermission(name, actions);
 997         } else if (claz.equals(AllPermission.class)) {
 998             return SecurityConstants.ALL_PERMISSION;
 999         } else {
1000             return null;
1001         }
1002     }
1003 
1004     /**
1005      * Fetch all certs associated with this alias.
1006      */
1007     private Certificate[] getCertificates
1008                 (KeyStore keyStore, String aliases, PolicyInfo newInfo) {
1009 
1010         List<Certificate> vcerts = null;
1011 
1012         StringTokenizer st = new StringTokenizer(aliases, ",");
1013         int n = 0;
1014 
1015         while (st.hasMoreTokens()) {
1016             String alias = st.nextToken().trim();
1017             n++;
1018             Certificate cert = null;
1019             // See if this alias's cert has already been cached
1020             synchronized (newInfo.aliasMapping) {
1021                 cert = (Certificate)newInfo.aliasMapping.get(alias);
1022 
1023                 if (cert == null && keyStore != null) {
1024 
1025                     try {
1026                         cert = keyStore.getCertificate(alias);
1027                     } catch (KeyStoreException kse) {
1028                         // never happens, because keystore has already been loaded
1029                         // when we call this
1030                     }
1031                     if (cert != null) {
1032                         newInfo.aliasMapping.put(alias, cert);
1033                         newInfo.aliasMapping.put(cert, alias);
1034                     }
1035                 }
1036             }
1037 
1038             if (cert != null) {
1039                 if (vcerts == null)
1040                     vcerts = new ArrayList<>();
1041                 vcerts.add(cert);
1042             }
1043         }
1044 
1045         // make sure n == vcerts.size, since we are doing a logical *and*
1046         if (vcerts != null && n == vcerts.size()) {
1047             Certificate[] certs = new Certificate[vcerts.size()];
1048             vcerts.toArray(certs);
1049             return certs;
1050         } else {
1051             return null;
1052         }
1053     }
1054 
1055     /**
1056      * Refreshes the policy object by re-reading all the policy files.
1057      */
1058     @Override public void refresh() {
1059         init(url);
1060     }
1061 
1062     /**
1063      * Evaluates the the global policy for the permissions granted to
1064      * the ProtectionDomain and tests whether the permission is
1065      * granted.
1066      *
1067      * @param domain the ProtectionDomain to test
1068      * @param permission the Permission object to be tested for implication.
1069      *
1070      * @return true if "permission" is a proper subset of a permission
1071      * granted to this ProtectionDomain.
1072      *
1073      * @see java.security.ProtectionDomain
1074      */
1075     @Override
1076     public boolean implies(ProtectionDomain pd, Permission p) {
1077         PolicyInfo pi = policyInfo.get();
1078         ProtectionDomainCache pdMap = pi.getPdMapping();
1079 
1080         PermissionCollection pc = pdMap.get(pd);
1081 
1082         if (pc != null) {
1083             return pc.implies(p);
1084         }
1085 
1086         pc = getPermissions(pd);
1087         if (pc == null) {
1088             return false;
1089         }
1090 
1091         // cache mapping of protection domain to its PermissionCollection
1092         pdMap.put(pd, pc);
1093         return pc.implies(p);
1094     }
1095 
1096     /**
1097      * Examines this <code>Policy</code> and returns the permissions granted
1098      * to the specified <code>ProtectionDomain</code>.  This includes
1099      * the permissions currently associated with the domain as well
1100      * as the policy permissions granted to the domain's
1101      * CodeSource, ClassLoader, and Principals.
1102      *
1103      * <p> Note that this <code>Policy</code> implementation has
1104      * special handling for PrivateCredentialPermissions.
1105      * When this method encounters a <code>PrivateCredentialPermission</code>
1106      * which specifies "self" as the <code>Principal</code> class and name,
1107      * it does not add that <code>Permission</code> to the returned
1108      * <code>PermissionCollection</code>.  Instead, it builds
1109      * a new <code>PrivateCredentialPermission</code>
1110      * for each <code>Principal</code> associated with the provided
1111      * <code>Subject</code>.  Each new <code>PrivateCredentialPermission</code>
1112      * contains the same Credential class as specified in the
1113      * originally granted permission, as well as the Class and name
1114      * for the respective <code>Principal</code>.
1115      *
1116      * <p>
1117      *
1118      * @param domain the Permissions granted to this
1119      *          <code>ProtectionDomain</code> are returned.
1120      *
1121      * @return the Permissions granted to the provided
1122      *          <code>ProtectionDomain</code>.
1123      */
1124     @Override
1125     public PermissionCollection getPermissions(ProtectionDomain domain) {
1126         Permissions perms = new Permissions();
1127 
1128         if (domain == null)
1129            return perms;
1130 
1131         // first get policy perms
1132         getPermissions(perms, domain);
1133 
1134         // add static perms
1135         //      - adding static perms after policy perms is necessary
1136         //        to avoid a regression for 4301064
1137         PermissionCollection pc = domain.getPermissions();
1138         if (pc != null) {
1139             synchronized (pc) {
1140                 Enumeration<Permission> e = pc.elements();
1141                 while (e.hasMoreElements()) {
1142                     perms.add(e.nextElement());
1143                 }
1144             }
1145         }
1146 
1147         return perms;
1148     }
1149 
1150     /**
1151      * Examines this Policy and creates a PermissionCollection object with
1152      * the set of permissions for the specified CodeSource.
1153      *
1154      * @param CodeSource the codesource associated with the caller.
1155      * This encapsulates the original location of the code (where the code
1156      * came from) and the public key(s) of its signer.
1157      *
1158      * @return the set of permissions according to the policy.
1159      */
1160     @Override
1161     public PermissionCollection getPermissions(CodeSource codesource) {
1162         return getPermissions(new Permissions(), codesource);
1163     }
1164 
1165     /**
1166      * Examines the global policy and returns the provided Permissions
1167      * object with additional permissions granted to the specified
1168      * ProtectionDomain.
1169      *
1170      * @param perm the Permissions to populate
1171      * @param pd the ProtectionDomain associated with the caller.
1172      *
1173      * @return the set of Permissions according to the policy.
1174      */
1175     private PermissionCollection getPermissions(Permissions perms,
1176                                         ProtectionDomain pd ) {
1177         if (debug != null) {
1178             debug.println("getPermissions:\n\t" + printPD(pd));
1179         }
1180 
1181         final CodeSource cs = pd.getCodeSource();
1182         if (cs == null)
1183             return perms;
1184 
1185         CodeSource canonCodeSource = AccessController.doPrivileged(
1186             new java.security.PrivilegedAction<CodeSource>(){
1187                 public CodeSource run() {
1188                     return canonicalizeCodebase(cs, true);
1189                 }
1190             });
1191         return getPermissions(perms, canonCodeSource, pd.getPrincipals());
1192     }
1193 
1194     /**
1195      * Examines the global policy and returns the provided Permissions
1196      * object with additional permissions granted to the specified
1197      * CodeSource.
1198      *
1199      * @param permissions the permissions to populate
1200      * @param codesource the codesource associated with the caller.
1201      * This encapsulates the original location of the code (where the code
1202      * came from) and the public key(s) of its signer.
1203      *
1204      * @return the set of permissions according to the policy.
1205      */
1206     private PermissionCollection getPermissions(Permissions perms,
1207                                                 final CodeSource cs) {
1208 
1209         if (cs == null)
1210             return perms;
1211 
1212         CodeSource canonCodeSource = AccessController.doPrivileged(
1213             new java.security.PrivilegedAction<CodeSource>(){
1214                 public CodeSource run() {
1215                     return canonicalizeCodebase(cs, true);
1216                 }
1217             });
1218 
1219         return getPermissions(perms, canonCodeSource, null);
1220     }
1221 
1222     private Permissions getPermissions(Permissions perms,
1223                                        final CodeSource cs,
1224                                        Principal[] principals) {
1225         PolicyInfo pi = policyInfo.get();
1226 
1227         for (PolicyEntry entry : pi.policyEntries) {
1228             addPermissions(perms, cs, principals, entry);
1229         }
1230 
1231         // Go through policyEntries gotten from identity db; sync required
1232         // because checkForTrustedIdentity (below) might update list
1233         synchronized (pi.identityPolicyEntries) {
1234             for (PolicyEntry entry : pi.identityPolicyEntries) {
1235                 addPermissions(perms, cs, principals, entry);
1236             }
1237         }
1238 
1239         // now see if any of the keys are trusted ids.
1240         if (!ignoreIdentityScope) {
1241             Certificate certs[] = cs.getCertificates();
1242             if (certs != null) {
1243                 for (int k=0; k < certs.length; k++) {
1244                     Object idMap = pi.aliasMapping.get(certs[k]);
1245                     if (idMap == null &&
1246                         checkForTrustedIdentity(certs[k], pi)) {
1247                         // checkForTrustedIdentity added it
1248                         // to the policy for us. next time
1249                         // around we'll find it. This time
1250                         // around we need to add it.
1251                         perms.add(SecurityConstants.ALL_PERMISSION);
1252                     }
1253                 }
1254             }
1255         }
1256         return perms;
1257     }
1258 
1259     private void addPermissions(Permissions perms,
1260         final CodeSource cs,
1261         Principal[] principals,
1262         final PolicyEntry entry) {
1263 
1264         if (debug != null) {
1265             debug.println("evaluate codesources:\n" +
1266                 "\tPolicy CodeSource: " + entry.getCodeSource() + "\n" +
1267                 "\tActive CodeSource: " + cs);
1268         }
1269 
1270         // check to see if the CodeSource implies
1271         Boolean imp = AccessController.doPrivileged
1272             (new PrivilegedAction<Boolean>() {
1273             public Boolean run() {
1274                 return entry.getCodeSource().implies(cs);
1275             }
1276         });
1277         if (!imp.booleanValue()) {
1278             if (debug != null) {
1279                 debug.println("evaluation (codesource) failed");
1280             }
1281 
1282             // CodeSource does not imply - return and try next policy entry
1283             return;
1284         }
1285 
1286         // check to see if the Principals imply
1287 
1288         List<PolicyParser.PrincipalEntry> entryPs = entry.getPrincipals();
1289         if (debug != null) {
1290             List<PolicyParser.PrincipalEntry> accPs = new ArrayList<>();
1291             if (principals != null) {
1292                 for (int i = 0; i < principals.length; i++) {
1293                     accPs.add(new PolicyParser.PrincipalEntry
1294                                         (principals[i].getClass().getName(),
1295                                         principals[i].getName()));
1296                 }
1297             }
1298             debug.println("evaluate principals:\n" +
1299                 "\tPolicy Principals: " + entryPs + "\n" +
1300                 "\tActive Principals: " + accPs);
1301         }
1302 
1303         if (entryPs == null || entryPs.isEmpty()) {
1304 
1305             // policy entry has no principals -
1306             // add perms regardless of principals in current ACC
1307 
1308             addPerms(perms, principals, entry);
1309             if (debug != null) {
1310                 debug.println("evaluation (codesource/principals) passed");
1311             }
1312             return;
1313 
1314         } else if (principals == null || principals.length == 0) {
1315 
1316             // current thread has no principals but this policy entry
1317             // has principals - perms are not added
1318 
1319             if (debug != null) {
1320                 debug.println("evaluation (principals) failed");
1321             }
1322             return;
1323         }
1324 
1325         // current thread has principals and this policy entry
1326         // has principals.  see if policy entry principals match
1327         // principals in current ACC
1328 
1329         for (PolicyParser.PrincipalEntry pppe : entryPs) {
1330 
1331             // Check for wildcards
1332             if (pppe.isWildcardClass()) {
1333                 // a wildcard class matches all principals in current ACC
1334                 continue;
1335             }
1336 
1337             if (pppe.isWildcardName()) {
1338                 // a wildcard name matches any principal with the same class
1339                 if (wildcardPrincipalNameImplies(pppe.principalClass,
1340                                                  principals)) {
1341                     continue;
1342                 }
1343                 if (debug != null) {
1344                     debug.println("evaluation (principal name wildcard) failed");
1345                 }
1346                 // policy entry principal not in current ACC -
1347                 // immediately return and go to next policy entry
1348                 return;
1349             }
1350 
1351             Set<Principal> pSet = new HashSet<>(Arrays.asList(principals));
1352             Subject subject = new Subject(true, pSet,
1353                                           Collections.EMPTY_SET,
1354                                           Collections.EMPTY_SET);
1355             try {
1356                 ClassLoader cl = Thread.currentThread().getContextClassLoader();
1357                 Class<?> pClass = Class.forName(pppe.principalClass, false, cl);
1358                 if (!Principal.class.isAssignableFrom(pClass)) {
1359                     // not the right subtype
1360                     throw new ClassCastException(pppe.principalClass +
1361                                                  " is not a Principal");
1362                 }
1363 
1364                 Constructor<?> c = pClass.getConstructor(PARAMS1);
1365                 Principal p = (Principal)c.newInstance(new Object[] {
1366                                                        pppe.principalName });
1367 
1368                 if (debug != null) {
1369                     debug.println("found Principal " + p.getClass().getName());
1370                 }
1371 
1372                 // check if the Principal implies the current
1373                 // thread's principals
1374                 if (!p.implies(subject)) {
1375                     if (debug != null) {
1376                         debug.println("evaluation (principal implies) failed");
1377                     }
1378 
1379                     // policy principal does not imply the current Subject -
1380                     // immediately return and go to next policy entry
1381                     return;
1382                 }
1383             } catch (Exception e) {
1384                 // fall back to default principal comparison.
1385                 // see if policy entry principal is in current ACC
1386 
1387                 if (debug != null) {
1388                     e.printStackTrace();
1389                 }
1390 
1391                 if (!pppe.implies(subject)) {
1392                     if (debug != null) {
1393                         debug.println("evaluation (default principal implies) failed");
1394                     }
1395 
1396                     // policy entry principal not in current ACC -
1397                     // immediately return and go to next policy entry
1398                     return;
1399                 }
1400             }
1401 
1402             // either the principal information matched,
1403             // or the Principal.implies succeeded.
1404             // continue loop and test the next policy principal
1405         }
1406 
1407         // all policy entry principals were found in the current ACC -
1408         // grant the policy permissions
1409 
1410         if (debug != null) {
1411             debug.println("evaluation (codesource/principals) passed");
1412         }
1413         addPerms(perms, principals, entry);
1414     }
1415 
1416     /**
1417      * Returns true if the array of principals contains at least one
1418      * principal of the specified class.
1419      */
1420     private static boolean wildcardPrincipalNameImplies(String principalClass,
1421                                                         Principal[] principals)
1422     {
1423         for (Principal p : principals) {
1424             if (principalClass.equals(p.getClass().getName())) {
1425                 return true;
1426             }
1427         }
1428         return false;
1429     }
1430 
1431     private void addPerms(Permissions perms,
1432                         Principal[] accPs,
1433                         PolicyEntry entry) {
1434         for (int i = 0; i < entry.permissions.size(); i++) {
1435             Permission p = entry.permissions.get(i);
1436             if (debug != null) {
1437                 debug.println("  granting " + p);
1438             }
1439 
1440             if (p instanceof SelfPermission) {
1441                 // handle "SELF" permissions
1442                 expandSelf((SelfPermission)p,
1443                         entry.getPrincipals(),
1444                         accPs,
1445                         perms);
1446             } else {
1447                 perms.add(p);
1448             }
1449         }
1450     }
1451 
1452     /**
1453      * <p>
1454      *
1455      * @param sp the SelfPermission that needs to be expanded <p>
1456      *
1457      * @param entryPs list of principals for the Policy entry.
1458      *
1459      * @param pdp Principal array from the current ProtectionDomain.
1460      *
1461      * @param perms the PermissionCollection where the individual
1462      *                  Permissions will be added after expansion.
1463      */
1464 
1465     private void expandSelf(SelfPermission sp,
1466                             List<PolicyParser.PrincipalEntry> entryPs,
1467                             Principal[] pdp,
1468                             Permissions perms) {
1469 
1470         if (entryPs == null || entryPs.isEmpty()) {
1471             // No principals in the grant to substitute
1472             if (debug != null) {
1473                 debug.println("Ignoring permission "
1474                                 + sp.getSelfType()
1475                                 + " with target name ("
1476                                 + sp.getSelfName() + ").  "
1477                                 + "No Principal(s) specified "
1478                                 + "in the grant clause.  "
1479                                 + "SELF-based target names are "
1480                                 + "only valid in the context "
1481                                 + "of a Principal-based grant entry."
1482                              );
1483             }
1484             return;
1485         }
1486         int startIndex = 0;
1487         int v;
1488         StringBuilder sb = new StringBuilder();
1489         while ((v = sp.getSelfName().indexOf(SELF, startIndex)) != -1) {
1490 
1491             // add non-SELF string
1492             sb.append(sp.getSelfName().substring(startIndex, v));
1493 
1494             // expand SELF
1495             Iterator<PolicyParser.PrincipalEntry> pli = entryPs.iterator();
1496             while (pli.hasNext()) {
1497                 PolicyParser.PrincipalEntry pppe = pli.next();
1498                 String[][] principalInfo = getPrincipalInfo(pppe, pdp);
1499                 for (int i = 0; i < principalInfo.length; i++) {
1500                     if (i != 0) {
1501                         sb.append(", ");
1502                     }
1503                     sb.append(principalInfo[i][0]).append(' ').append('"')
1504                             .append(principalInfo[i][1]).append('"');
1505                 }
1506                 if (pli.hasNext()) {
1507                     sb.append(", ");
1508                 }
1509             }
1510             startIndex = v + SELF.length();
1511         }
1512         // add remaining string (might be the entire string)
1513         sb.append(sp.getSelfName().substring(startIndex));
1514 
1515         if (debug != null) {
1516             debug.println("  expanded:\n\t" + sp.getSelfName()
1517                         + "\n  into:\n\t" + sb.toString());
1518         }
1519         try {
1520             // first try to instantiate the permission
1521             perms.add(getInstance(sp.getSelfType(),
1522                                   sb.toString(),
1523                                   sp.getSelfActions()));
1524         } catch (ClassNotFoundException cnfe) {
1525             // ok, the permission is not in the bootclasspath.
1526             // before we add an UnresolvedPermission, check to see
1527             // whether this perm already belongs to the collection.
1528             // if so, use that perm's ClassLoader to create a new
1529             // one.
1530             Class<?> pc = null;
1531             synchronized (perms) {
1532                 Enumeration<Permission> e = perms.elements();
1533                 while (e.hasMoreElements()) {
1534                     Permission pElement = e.nextElement();
1535                     if (pElement.getClass().getName().equals(sp.getSelfType())) {
1536                         pc = pElement.getClass();
1537                         break;
1538                     }
1539                 }
1540             }
1541             if (pc == null) {
1542                 // create an UnresolvedPermission
1543                 perms.add(new UnresolvedPermission(sp.getSelfType(),
1544                                                         sb.toString(),
1545                                                         sp.getSelfActions(),
1546                                                         sp.getCerts()));
1547             } else {
1548                 try {
1549                     // we found an instantiated permission.
1550                     // use its class loader to instantiate a new permission.
1551                     Constructor<?> c;
1552                     // name parameter can not be null
1553                     if (sp.getSelfActions() == null) {
1554                         try {
1555                             c = pc.getConstructor(PARAMS1);
1556                             perms.add((Permission)c.newInstance
1557                                  (new Object[] {sb.toString()}));
1558                         } catch (NoSuchMethodException ne) {
1559                             c = pc.getConstructor(PARAMS2);
1560                             perms.add((Permission)c.newInstance
1561                                  (new Object[] {sb.toString(),
1562                                                 sp.getSelfActions() }));
1563                         }
1564                     } else {
1565                         c = pc.getConstructor(PARAMS2);
1566                         perms.add((Permission)c.newInstance
1567                            (new Object[] {sb.toString(),
1568                                           sp.getSelfActions()}));
1569                     }
1570                 } catch (Exception nme) {
1571                     if (debug != null) {
1572                         debug.println("self entry expansion " +
1573                         " instantiation failed: "
1574                         +  nme.toString());
1575                     }
1576                 }
1577             }
1578         } catch (Exception e) {
1579             if (debug != null) {
1580                 debug.println(e.toString());
1581             }
1582         }
1583     }
1584 
1585     /**
1586      * return the principal class/name pair in the 2D array.
1587      * array[x][y]:     x corresponds to the array length.
1588      *                  if (y == 0), it's the principal class.
1589      *                  if (y == 1), it's the principal name.
1590      */
1591     private String[][] getPrincipalInfo
1592         (PolicyParser.PrincipalEntry pe, Principal[] pdp) {
1593 
1594         // there are 3 possibilities:
1595         // 1) the entry's Principal class and name are not wildcarded
1596         // 2) the entry's Principal name is wildcarded only
1597         // 3) the entry's Principal class and name are wildcarded
1598 
1599         if (!pe.isWildcardClass() && !pe.isWildcardName()) {
1600 
1601             // build an info array for the principal
1602             // from the Policy entry
1603             String[][] info = new String[1][2];
1604             info[0][0] = pe.principalClass;
1605             info[0][1] = pe.principalName;
1606             return info;
1607 
1608         } else if (!pe.isWildcardClass() && pe.isWildcardName()) {
1609 
1610             // build an info array for every principal
1611             // in the current domain which has a principal class
1612             // that is equal to policy entry principal class name
1613             List<Principal> plist = new ArrayList<>();
1614             for (int i = 0; i < pdp.length; i++) {
1615                 if (pe.principalClass.equals(pdp[i].getClass().getName()))
1616                     plist.add(pdp[i]);
1617             }
1618             String[][] info = new String[plist.size()][2];
1619             int i = 0;
1620             for (Principal p : plist) {
1621                 info[i][0] = p.getClass().getName();
1622                 info[i][1] = p.getName();
1623                 i++;
1624             }
1625             return info;
1626 
1627         } else {
1628 
1629             // build an info array for every
1630             // one of the current Domain's principals
1631 
1632             String[][] info = new String[pdp.length][2];
1633 
1634             for (int i = 0; i < pdp.length; i++) {
1635                 info[i][0] = pdp[i].getClass().getName();
1636                 info[i][1] = pdp[i].getName();
1637             }
1638             return info;
1639         }
1640     }
1641 
1642     /*
1643      * Returns the signer certificates from the list of certificates
1644      * associated with the given code source.
1645      *
1646      * The signer certificates are those certificates that were used
1647      * to verifysigned code originating from the codesource location.
1648      *
1649      * This method assumes that in the given code source, each signer
1650      * certificate is followed by its supporting certificate chain
1651      * (which may be empty), and that the signer certificate and its
1652      * supporting certificate chain are ordered bottom-to-top
1653      * (i.e., with the signer certificate first and the (root) certificate
1654      * authority last).
1655      */
1656     protected Certificate[] getSignerCertificates(CodeSource cs) {
1657         Certificate[] certs = null;
1658         if ((certs = cs.getCertificates()) == null)
1659             return null;
1660         for (int i=0; i<certs.length; i++) {
1661             if (!(certs[i] instanceof X509Certificate))
1662                 return cs.getCertificates();
1663         }
1664 
1665         // Do we have to do anything?
1666         int i = 0;
1667         int count = 0;
1668         while (i < certs.length) {
1669             count++;
1670             while (((i+1) < certs.length)
1671                    && ((X509Certificate)certs[i]).getIssuerDN().equals(
1672                            ((X509Certificate)certs[i+1]).getSubjectDN())) {
1673                 i++;
1674             }
1675             i++;
1676         }
1677         if (count == certs.length)
1678             // Done
1679             return certs;
1680 
1681         List<Certificate> userCertList = new ArrayList<>();
1682         i = 0;
1683         while (i < certs.length) {
1684             userCertList.add(certs[i]);
1685             while (((i+1) < certs.length)
1686                    && ((X509Certificate)certs[i]).getIssuerDN().equals(
1687                            ((X509Certificate)certs[i+1]).getSubjectDN())) {
1688                 i++;
1689             }
1690             i++;
1691         }
1692         Certificate[] userCerts = new Certificate[userCertList.size()];
1693         userCertList.toArray(userCerts);
1694         return userCerts;
1695     }
1696 
1697     private CodeSource canonicalizeCodebase(CodeSource cs,
1698                                             boolean extractSignerCerts) {
1699 
1700         String path = null;
1701 
1702         CodeSource canonCs = cs;
1703         URL u = cs.getLocation();
1704         if (u != null) {
1705             if (u.getProtocol().equals("jar")) {
1706                 // unwrap url embedded inside jar url
1707                 String spec = u.getFile();
1708                 int separator = spec.indexOf("!/");
1709                 if (separator != -1) {
1710                     try {
1711                         u = new URL(spec.substring(0, separator));
1712                     } catch (MalformedURLException e) {
1713                         // Fail silently. In this case, url stays what
1714                         // it was above
1715                     }
1716                 }
1717             }
1718             if (u.getProtocol().equals("file")) {
1719                 boolean isLocalFile = false;
1720                 String host = u.getHost();
1721                 isLocalFile = (host == null || host.equals("") ||
1722                     host.equals("~") || host.equalsIgnoreCase("localhost"));
1723 
1724                 if (isLocalFile) {
1725                     path = u.getFile().replace('/', File.separatorChar);
1726                     path = ParseUtil.decode(path);
1727                 }
1728             }
1729         }
1730 
1731         if (path != null) {
1732             try {
1733                 URL csUrl = null;
1734                 path = canonPath(path);
1735                 csUrl = ParseUtil.fileToEncodedURL(new File(path));
1736 
1737                 if (extractSignerCerts) {
1738                     canonCs = new CodeSource(csUrl,
1739                                              getSignerCertificates(cs));
1740                 } else {
1741                     canonCs = new CodeSource(csUrl,
1742                                              cs.getCertificates());
1743                 }
1744             } catch (IOException ioe) {
1745                 // leave codesource as it is, unless we have to extract its
1746                 // signer certificates
1747                 if (extractSignerCerts) {
1748                     canonCs = new CodeSource(cs.getLocation(),
1749                                              getSignerCertificates(cs));
1750                 }
1751             }
1752         } else {
1753             if (extractSignerCerts) {
1754                 canonCs = new CodeSource(cs.getLocation(),
1755                                          getSignerCertificates(cs));
1756             }
1757         }
1758         return canonCs;
1759     }
1760 
1761     // Wrapper to return a canonical path that avoids calling getCanonicalPath()
1762     // with paths that are intended to match all entries in the directory
1763     private static String canonPath(String path) throws IOException {
1764         if (path.endsWith("*")) {
1765             path = path.substring(0, path.length()-1) + "-";
1766             path = new File(path).getCanonicalPath();
1767             return path.substring(0, path.length()-1) + "*";
1768         } else {
1769             return new File(path).getCanonicalPath();
1770         }
1771     }
1772 
1773     private String printPD(ProtectionDomain pd) {
1774         Principal[] principals = pd.getPrincipals();
1775         String pals = "<no principals>";
1776         if (principals != null && principals.length > 0) {
1777             StringBuilder palSB = new StringBuilder("(principals ");
1778             for (int i = 0; i < principals.length; i++) {
1779                 palSB.append(principals[i].getClass().getName())
1780                         .append(" \"").append(principals[i].getName())
1781                         .append('"');
1782                 if (i < principals.length-1)
1783                     palSB.append(", ");
1784                 else
1785                     palSB.append(')');
1786             }
1787             pals = palSB.toString();
1788         }
1789         return "PD CodeSource: "
1790                 + pd.getCodeSource()
1791                 +"\n\t" + "PD ClassLoader: "
1792                 + pd.getClassLoader()
1793                 +"\n\t" + "PD Principals: "
1794                 + pals;
1795     }
1796 
1797     /**
1798      * return true if no replacement was performed,
1799      * or if replacement succeeded.
1800      */
1801     private boolean replacePrincipals(
1802         List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) {
1803 
1804         if (principals == null || principals.isEmpty() || keystore == null)
1805             return true;
1806 
1807         for (PolicyParser.PrincipalEntry pppe : principals) {
1808             if (pppe.isReplaceName()) {
1809 
1810                 // perform replacement
1811                 // (only X509 replacement is possible now)
1812                 String name;
1813                 if ((name = getDN(pppe.principalName, keystore)) == null) {
1814                     return false;
1815                 }
1816 
1817                 if (debug != null) {
1818                     debug.println("  Replacing \"" +
1819                         pppe.principalName +
1820                         "\" with " +
1821                         X500PRINCIPAL + "/\"" +
1822                         name +
1823                         "\"");
1824                 }
1825 
1826                 pppe.principalClass = X500PRINCIPAL;
1827                 pppe.principalName = name;
1828             }
1829         }
1830         // return true if no replacement was performed,
1831         // or if replacement succeeded
1832         return true;
1833     }
1834 
1835     private void expandPermissionName(PolicyParser.PermissionEntry pe,
1836                                         KeyStore keystore) throws Exception {
1837         // short cut the common case
1838         if (pe.name == null || pe.name.indexOf("${{", 0) == -1) {
1839             return;
1840         }
1841 
1842         int startIndex = 0;
1843         int b, e;
1844         StringBuilder sb = new StringBuilder();
1845         while ((b = pe.name.indexOf("${{", startIndex)) != -1) {
1846             e = pe.name.indexOf("}}", b);
1847             if (e < 1) {
1848                 break;
1849             }
1850             sb.append(pe.name.substring(startIndex, b));
1851 
1852             // get the value in ${{...}}
1853             String value = pe.name.substring(b+3, e);
1854 
1855             // parse up to the first ':'
1856             int colonIndex;
1857             String prefix = value;
1858             String suffix;
1859             if ((colonIndex = value.indexOf(':')) != -1) {
1860                 prefix = value.substring(0, colonIndex);
1861             }
1862 
1863             // handle different prefix possibilities
1864             if (prefix.equalsIgnoreCase("self")) {
1865                 // do nothing - handled later
1866                 sb.append(pe.name.substring(b, e+2));
1867                 startIndex = e+2;
1868                 continue;
1869             } else if (prefix.equalsIgnoreCase("alias")) {
1870                 // get the suffix and perform keystore alias replacement
1871                 if (colonIndex == -1) {
1872                     MessageFormat form = new MessageFormat
1873                         (ResourcesMgr.getString
1874                         ("alias.name.not.provided.pe.name."));
1875                     Object[] source = {pe.name};
1876                     throw new Exception(form.format(source));
1877                 }
1878                 suffix = value.substring(colonIndex+1);
1879                 if ((suffix = getDN(suffix, keystore)) == null) {
1880                     MessageFormat form = new MessageFormat
1881                         (ResourcesMgr.getString
1882                         ("unable.to.perform.substitution.on.alias.suffix"));
1883                     Object[] source = {value.substring(colonIndex+1)};
1884                     throw new Exception(form.format(source));
1885                 }
1886 
1887                 sb.append(X500PRINCIPAL).append(" \"").append(suffix).append('"');
1888                 startIndex = e+2;
1889             } else {
1890                 MessageFormat form = new MessageFormat
1891                         (ResourcesMgr.getString
1892                         ("substitution.value.prefix.unsupported"));
1893                 Object[] source = {prefix};
1894                 throw new Exception(form.format(source));
1895             }
1896         }
1897 
1898         // copy the rest of the value
1899         sb.append(pe.name.substring(startIndex));
1900 
1901         // replace the name with expanded value
1902         if (debug != null) {
1903             debug.println("  Permission name expanded from:\n\t" +
1904                         pe.name + "\nto\n\t" + sb.toString());
1905         }
1906         pe.name = sb.toString();
1907     }
1908 
1909     private String getDN(String alias, KeyStore keystore) {
1910         Certificate cert = null;
1911         try {
1912             cert = keystore.getCertificate(alias);
1913         } catch (Exception e) {
1914             if (debug != null) {
1915                 debug.println("  Error retrieving certificate for '" +
1916                                 alias +
1917                                 "': " +
1918                                 e.toString());
1919             }
1920             return null;
1921         }
1922 
1923         if (cert == null || !(cert instanceof X509Certificate)) {
1924             if (debug != null) {
1925                 debug.println("  -- No certificate for '" +
1926                                 alias +
1927                                 "' - ignoring entry");
1928             }
1929             return null;
1930         } else {
1931             X509Certificate x509Cert = (X509Certificate)cert;
1932 
1933             // 4702543:  X500 names with an EmailAddress
1934             // were encoded incorrectly.  create new
1935             // X500Principal name with correct encoding
1936 
1937             X500Principal p = new X500Principal
1938                 (x509Cert.getSubjectX500Principal().toString());
1939             return p.getName();
1940         }
1941     }
1942 
1943     /**
1944      * Checks public key. If it is marked as trusted in
1945      * the identity database, add it to the policy
1946      * with the AllPermission.
1947      */
1948     private boolean checkForTrustedIdentity(final Certificate cert,
1949         PolicyInfo myInfo)
1950     {
1951         return false;
1952     }
1953 
1954     /**
1955      * Each entry in the policy configuration file is represented by a
1956      * PolicyEntry object.  <p>
1957      *
1958      * A PolicyEntry is a (CodeSource,Permission) pair.  The
1959      * CodeSource contains the (URL, PublicKey) that together identify
1960      * where the Java bytecodes come from and who (if anyone) signed
1961      * them.  The URL could refer to localhost.  The URL could also be
1962      * null, meaning that this policy entry is given to all comers, as
1963      * long as they match the signer field.  The signer could be null,
1964      * meaning the code is not signed. <p>
1965      *
1966      * The Permission contains the (Type, Name, Action) triplet. <p>
1967      *
1968      * For now, the Policy object retrieves the public key from the
1969      * X.509 certificate on disk that corresponds to the signedBy
1970      * alias specified in the Policy config file.  For reasons of
1971      * efficiency, the Policy object keeps a hashtable of certs already
1972      * read in.  This could be replaced by a secure internal key
1973      * store.
1974      *
1975      * <p>
1976      * For example, the entry
1977      * <pre>
1978      *          permission java.io.File "/tmp", "read,write",
1979      *          signedBy "Duke";
1980      * </pre>
1981      * is represented internally
1982      * <pre>
1983      *
1984      * FilePermission f = new FilePermission("/tmp", "read,write");
1985      * PublicKey p = publickeys.get("Duke");
1986      * URL u = InetAddress.getLocalHost();
1987      * CodeBase c = new CodeBase( p, u );
1988      * pe = new PolicyEntry(f, c);
1989      * </pre>
1990      *
1991      * @author Marianne Mueller
1992      * @author Roland Schemers
1993      * @see java.security.CodeSource
1994      * @see java.security.Policy
1995      * @see java.security.Permissions
1996      * @see java.security.ProtectionDomain
1997      */
1998     private static class PolicyEntry {
1999 
2000         private final CodeSource codesource;
2001         final List<Permission> permissions;
2002         private final List<PolicyParser.PrincipalEntry> principals;
2003 
2004         /**
2005          * Given a Permission and a CodeSource, create a policy entry.
2006          *
2007          * XXX Decide if/how to add validity fields and "purpose" fields to
2008          * XXX policy entries
2009          *
2010          * @param cs the CodeSource, which encapsulates the URL and the
2011          *        public key
2012          *        attributes from the policy config file. Validity checks
2013          *        are performed on the public key before PolicyEntry is
2014          *        called.
2015          *
2016          */
2017         PolicyEntry(CodeSource cs, List<PolicyParser.PrincipalEntry> principals)
2018         {
2019             this.codesource = cs;
2020             this.permissions = new ArrayList<Permission>();
2021             this.principals = principals; // can be null
2022         }
2023 
2024         PolicyEntry(CodeSource cs)
2025         {
2026             this(cs, null);
2027         }
2028 
2029         List<PolicyParser.PrincipalEntry> getPrincipals() {
2030             return principals; // can be null
2031         }
2032 
2033         /**
2034          * add a Permission object to this entry.
2035          * No need to sync add op because perms are added to entry only
2036          * while entry is being initialized
2037          */
2038         void add(Permission p) {
2039             permissions.add(p);
2040         }
2041 
2042         /**
2043          * Return the CodeSource for this policy entry
2044          */
2045         CodeSource getCodeSource() {
2046             return codesource;
2047         }
2048 
2049         @Override public String toString(){
2050             StringBuilder sb = new StringBuilder();
2051             sb.append(ResourcesMgr.getString("LPARAM"));
2052             sb.append(getCodeSource());
2053             sb.append("\n");
2054             for (int j = 0; j < permissions.size(); j++) {
2055                 Permission p = permissions.get(j);
2056                 sb.append(ResourcesMgr.getString("SPACE"));
2057                 sb.append(ResourcesMgr.getString("SPACE"));
2058                 sb.append(p);
2059                 sb.append(ResourcesMgr.getString("NEWLINE"));
2060             }
2061             sb.append(ResourcesMgr.getString("RPARAM"));
2062             sb.append(ResourcesMgr.getString("NEWLINE"));
2063             return sb.toString();
2064         }
2065     }
2066 
2067     private static class SelfPermission extends Permission {
2068 
2069         private static final long serialVersionUID = -8315562579967246806L;
2070 
2071         /**
2072          * The class name of the Permission class that will be
2073          * created when this self permission is expanded .
2074          *
2075          * @serial
2076          */
2077         private String type;
2078 
2079         /**
2080          * The permission name.
2081          *
2082          * @serial
2083          */
2084         private String name;
2085 
2086         /**
2087          * The actions of the permission.
2088          *
2089          * @serial
2090          */
2091         private String actions;
2092 
2093         /**
2094          * The certs of the permission.
2095          *
2096          * @serial
2097          */
2098         private Certificate certs[];
2099 
2100         /**
2101          * Creates a new SelfPermission containing the permission
2102          * information needed later to expand the self
2103          * @param type the class name of the Permission class that will be
2104          * created when this permission is expanded and if necessary resolved.
2105          * @param name the name of the permission.
2106          * @param actions the actions of the permission.
2107          * @param certs the certificates the permission's class was signed with.
2108          * This is a list of certificate chains, where each chain is composed of
2109          * a signer certificate and optionally its supporting certificate chain.
2110          * Each chain is ordered bottom-to-top (i.e., with the signer
2111          * certificate first and the (root) certificate authority last).
2112          */
2113         public SelfPermission(String type, String name, String actions,
2114                               Certificate certs[])
2115         {
2116             super(type);
2117             if (type == null) {
2118                 throw new NullPointerException
2119                     (ResourcesMgr.getString("type.can.t.be.null"));
2120             }
2121             this.type = type;
2122             this.name = name;
2123             this.actions = actions;
2124             if (certs != null) {
2125                 // Extract the signer certs from the list of certificates.
2126                 for (int i=0; i<certs.length; i++) {
2127                     if (!(certs[i] instanceof X509Certificate)) {
2128                         // there is no concept of signer certs, so we store the
2129                         // entire cert array
2130                         this.certs = certs.clone();
2131                         break;
2132                     }
2133                 }
2134 
2135                 if (this.certs == null) {
2136                     // Go through the list of certs and see if all the certs are
2137                     // signer certs.
2138                     int i = 0;
2139                     int count = 0;
2140                     while (i < certs.length) {
2141                         count++;
2142                         while (((i+1) < certs.length) &&
2143                             ((X509Certificate)certs[i]).getIssuerDN().equals(
2144                             ((X509Certificate)certs[i+1]).getSubjectDN())) {
2145                             i++;
2146                         }
2147                         i++;
2148                     }
2149                     if (count == certs.length) {
2150                         // All the certs are signer certs, so we store the
2151                         // entire array
2152                         this.certs = certs.clone();
2153                     }
2154 
2155                     if (this.certs == null) {
2156                         // extract the signer certs
2157                         List<Certificate> signerCerts = new ArrayList<>();
2158                         i = 0;
2159                         while (i < certs.length) {
2160                             signerCerts.add(certs[i]);
2161                             while (((i+1) < certs.length) &&
2162                                 ((X509Certificate)certs[i]).getIssuerDN().equals(
2163                                 ((X509Certificate)certs[i+1]).getSubjectDN())) {
2164                                 i++;
2165                             }
2166                             i++;
2167                         }
2168                         this.certs = new Certificate[signerCerts.size()];
2169                         signerCerts.toArray(this.certs);
2170                     }
2171                 }
2172             }
2173         }
2174 
2175         /**
2176          * This method always returns false for SelfPermission permissions.
2177          * That is, an SelfPermission never considered to
2178          * imply another permission.
2179          *
2180          * @param p the permission to check against.
2181          *
2182          * @return false.
2183          */
2184         @Override public boolean implies(Permission p) {
2185             return false;
2186         }
2187 
2188         /**
2189          * Checks two SelfPermission objects for equality.
2190          *
2191          * Checks that <i>obj</i> is an SelfPermission, and has
2192          * the same type (class) name, permission name, actions, and
2193          * certificates as this object.
2194          *
2195          * @param obj the object we are testing for equality with this object.
2196          *
2197          * @return true if obj is an SelfPermission, and has the same
2198          * type (class) name, permission name, actions, and
2199          * certificates as this object.
2200          */
2201         @Override public boolean equals(Object obj) {
2202             if (obj == this)
2203                 return true;
2204 
2205             if (! (obj instanceof SelfPermission))
2206                 return false;
2207             SelfPermission that = (SelfPermission) obj;
2208 
2209             if (!(this.type.equals(that.type) &&
2210                 this.name.equals(that.name) &&
2211                 this.actions.equals(that.actions)))
2212                 return false;
2213 
2214             if (this.certs.length != that.certs.length)
2215                 return false;
2216 
2217             int i,j;
2218             boolean match;
2219 
2220             for (i = 0; i < this.certs.length; i++) {
2221                 match = false;
2222                 for (j = 0; j < that.certs.length; j++) {
2223                     if (this.certs[i].equals(that.certs[j])) {
2224                         match = true;
2225                         break;
2226                     }
2227                 }
2228                 if (!match) return false;
2229             }
2230 
2231             for (i = 0; i < that.certs.length; i++) {
2232                 match = false;
2233                 for (j = 0; j < this.certs.length; j++) {
2234                     if (that.certs[i].equals(this.certs[j])) {
2235                         match = true;
2236                         break;
2237                     }
2238                 }
2239                 if (!match) return false;
2240             }
2241             return true;
2242         }
2243 
2244         /**
2245          * Returns the hash code value for this object.
2246          *
2247          * @return a hash code value for this object.
2248          */
2249         @Override public int hashCode() {
2250             int hash = type.hashCode();
2251             if (name != null)
2252                 hash ^= name.hashCode();
2253             if (actions != null)
2254                 hash ^= actions.hashCode();
2255             return hash;
2256         }
2257 
2258         /**
2259          * Returns the canonical string representation of the actions,
2260          * which currently is the empty string "", since there are no actions
2261          * for an SelfPermission. That is, the actions for the
2262          * permission that will be created when this SelfPermission
2263          * is resolved may be non-null, but an SelfPermission
2264          * itself is never considered to have any actions.
2265          *
2266          * @return the empty string "".
2267          */
2268         @Override public String getActions() {
2269             return "";
2270         }
2271 
2272         public String getSelfType() {
2273             return type;
2274         }
2275 
2276         public String getSelfName() {
2277             return name;
2278         }
2279 
2280         public String getSelfActions() {
2281             return actions;
2282         }
2283 
2284         public Certificate[] getCerts() {
2285             return certs;
2286         }
2287 
2288         /**
2289          * Returns a string describing this SelfPermission.  The convention
2290          * is to specify the class name, the permission name, and the actions,
2291          * in the following format: '(unresolved "ClassName" "name" "actions")'.
2292          *
2293          * @return information about this SelfPermission.
2294          */
2295         @Override public String toString() {
2296             return "(SelfPermission " + type + " " + name + " " + actions + ")";
2297         }
2298     }
2299 
2300     /**
2301      * holds policy information that we need to synch on
2302      */
2303     private static class PolicyInfo {
2304         private static final boolean verbose = false;
2305 
2306         // Stores grant entries in the policy
2307         final List<PolicyEntry> policyEntries;
2308 
2309         // Stores grant entries gotten from identity database
2310         // Use separate lists to avoid sync on policyEntries
2311         final List<PolicyEntry> identityPolicyEntries;
2312 
2313         // Maps aliases to certs
2314         final Map<Object, Object> aliasMapping;
2315 
2316         // Maps ProtectionDomain to PermissionCollection
2317         private final ProtectionDomainCache[] pdMapping;
2318         private java.util.Random random;
2319 
2320         PolicyInfo(int numCaches) {
2321             policyEntries = new ArrayList<>();
2322             identityPolicyEntries =
2323                 Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
2324             aliasMapping = Collections.synchronizedMap(new HashMap<>(11));
2325 
2326             pdMapping = new ProtectionDomainCache[numCaches];
2327             JavaSecurityProtectionDomainAccess jspda
2328                 = SharedSecrets.getJavaSecurityProtectionDomainAccess();
2329             for (int i = 0; i < numCaches; i++) {
2330                 pdMapping[i] = jspda.getProtectionDomainCache();
2331             }
2332             if (numCaches > 1) {
2333                 random = new java.util.Random();
2334             }
2335         }
2336         ProtectionDomainCache getPdMapping() {
2337             if (pdMapping.length == 1) {
2338                 return pdMapping[0];
2339             } else {
2340                 int i = java.lang.Math.abs(random.nextInt() % pdMapping.length);
2341                 return pdMapping[i];
2342             }
2343         }
2344     }
2345 }