1 /*
   2  * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package javax.crypto;
  27 
  28 import java.security.*;
  29 import java.security.spec.AlgorithmParameterSpec;
  30 import java.io.Serializable;
  31 import java.util.Enumeration;
  32 import java.util.Vector;
  33 
  34 import javax.crypto.spec.*;
  35 
  36 /**
  37  * The CryptoPermission class extends the
  38  * java.security.Permission class. A
  39  * CryptoPermission object is used to represent
  40  * the ability of an application/applet to use certain
  41  * algorithms with certain key sizes and other
  42  * restrictions in certain environments. <p>
  43  *
  44  * @see java.security.Permission
  45  *
  46  * @author Jan Luehe
  47  * @author Sharon Liu
  48  * @since 1.4
  49  */
  50 class CryptoPermission extends java.security.Permission {
  51 
  52     private static final long serialVersionUID = 8987399626114087514L;
  53 
  54     private String alg;
  55     private int maxKeySize = Integer.MAX_VALUE; // no restriction on maxKeySize
  56     private String exemptionMechanism = null;
  57     private AlgorithmParameterSpec algParamSpec = null;
  58     private boolean checkParam = false; // no restriction on param
  59 
  60     static final String ALG_NAME_WILDCARD = "*";
  61 
  62     /**
  63      * Constructor that takes an algorithm name.
  64      *
  65      * This constructor implies that the given algorithm can be
  66      * used without any restrictions.
  67      *
  68      * @param alg the algorithm name.
  69      */
  70     CryptoPermission(String alg) {
  71         super(null);
  72         this.alg = alg;
  73     }
  74 
  75     /**
  76      * Constructor that takes an algorithm name and a maximum
  77      * key size.
  78      *
  79      * This constructor implies that the given algorithm can be
  80      * used with a key size up to <code>maxKeySize</code>.
  81      *
  82      * @param alg the algorithm name.
  83      *
  84      * @param maxKeySize the maximum allowable key size,
  85      * specified in number of bits.
  86      */
  87     CryptoPermission(String alg, int maxKeySize) {
  88         super(null);
  89         this.alg = alg;
  90         this.maxKeySize = maxKeySize;
  91     }
  92 
  93     /**
  94      * Constructor that takes an algorithm name, a maximum
  95      * key size, and an AlgorithmParameterSpec object.
  96      *
  97      * This constructor implies that the given algorithm can be
  98      * used with a key size up to <code>maxKeySize</code>, and
  99      * algorithm
 100      * parameters up to the limits set in <code>algParamSpec</code>.
 101      *
 102      * @param alg the algorithm name.
 103      *
 104      * @param maxKeySize the maximum allowable key size,
 105      * specified in number of bits.
 106      *
 107      * @param algParamSpec the limits for allowable algorithm
 108      * parameters.
 109      */
 110     CryptoPermission(String alg,
 111                      int maxKeySize,
 112                      AlgorithmParameterSpec algParamSpec) {
 113         super(null);
 114         this.alg = alg;
 115         this.maxKeySize = maxKeySize;
 116         this.checkParam = true;
 117         this.algParamSpec = algParamSpec;
 118     }
 119 
 120     /**
 121      * Constructor that takes an algorithm name and the name of
 122      * an exemption mechanism.
 123      *
 124      * This constructor implies that the given algorithm can be
 125      * used without any key size or algorithm parameter restrictions
 126      * provided that the specified exemption mechanism is enforced.
 127      *
 128      * @param alg the algorithm name.
 129      *
 130      * @param exemptionMechanism the name of the exemption mechanism.
 131      */
 132     CryptoPermission(String alg,
 133                      String exemptionMechanism) {
 134         super(null);
 135         this.alg = alg;
 136         this.exemptionMechanism = exemptionMechanism;
 137     }
 138 
 139     /**
 140      * Constructor that takes an algorithm name, a maximum key
 141      * size, and the name of an exemption mechanism.
 142      *
 143      * This constructor implies that the given algorithm can be
 144      * used with a key size up to <code>maxKeySize</code>
 145      * provided that the
 146      * specified exemption mechanism is enforced.
 147      *
 148      * @param alg the algorithm name.
 149      * @param maxKeySize the maximum allowable key size,
 150      * specified in number of bits.
 151      * @param exemptionMechanism the name of the exemption
 152      * mechanism.
 153      */
 154     CryptoPermission(String alg,
 155                      int maxKeySize,
 156                      String exemptionMechanism) {
 157         super(null);
 158         this.alg = alg;
 159         this.exemptionMechanism = exemptionMechanism;
 160         this.maxKeySize = maxKeySize;
 161     }
 162 
 163     /**
 164      * Constructor that takes an algorithm name, a maximum key
 165      * size, the name of an exemption mechanism, and an
 166      * AlgorithmParameterSpec object.
 167      *
 168      * This constructor implies that the given algorithm can be
 169      * used with a key size up to <code>maxKeySize</code>
 170      * and algorithm
 171      * parameters up to the limits set in <code>algParamSpec</code>
 172      * provided that
 173      * the specified exemption mechanism is enforced.
 174      *
 175      * @param alg the algorithm name.
 176      * @param maxKeySize the maximum allowable key size,
 177      * specified in number of bits.
 178      * @param algParamSpec the limit for allowable algorithm
 179      *  parameter spec.
 180      * @param exemptionMechanism the name of the exemption
 181      * mechanism.
 182      */
 183     CryptoPermission(String alg,
 184                      int maxKeySize,
 185                      AlgorithmParameterSpec algParamSpec,
 186                      String exemptionMechanism) {
 187         super(null);
 188         this.alg = alg;
 189         this.exemptionMechanism = exemptionMechanism;
 190         this.maxKeySize = maxKeySize;
 191         this.checkParam = true;
 192         this.algParamSpec = algParamSpec;
 193     }
 194 
 195     /**
 196      * Checks if the specified permission is "implied" by
 197      * this object.
 198      * <p>
 199      * More specifically, this method returns true if:<p>
 200      * <ul>
 201      * <li> <i>p</i> is an instance of CryptoPermission, and<p>
 202      * <li> <i>p</i>'s algorithm name equals or (in the case of wildcards)
 203      *       is implied by this permission's algorithm name, and<p>
 204      * <li> <i>p</i>'s maximum allowable key size is less or
 205      *       equal to this permission's maximum allowable key size, and<p>
 206      * <li> <i>p</i>'s algorithm parameter spec equals or is
 207      *        implied by this permission's algorithm parameter spec, and<p>
 208      * <li> <i>p</i>'s exemptionMechanism equals or
 209      *        is implied by this permission's
 210      *        exemptionMechanism (a <code>null</code> exemption mechanism
 211      *        implies any other exemption mechanism).
 212      * </ul>
 213      *
 214      * @param p the permission to check against.
 215      *
 216      * @return true if the specified permission is equal to or
 217      * implied by this permission, false otherwise.
 218      */
 219     public boolean implies(Permission p) {
 220         if (!(p instanceof CryptoPermission))
 221             return false;
 222 
 223         CryptoPermission cp = (CryptoPermission)p;
 224 
 225         if ((!alg.equalsIgnoreCase(cp.alg)) &&
 226             (!alg.equalsIgnoreCase(ALG_NAME_WILDCARD))) {
 227             return false;
 228         }
 229 
 230         // alg is the same as cp's alg or
 231         // alg is a wildcard.
 232         if (cp.maxKeySize <= this.maxKeySize) {
 233             // check algParamSpec.
 234             if (!impliesParameterSpec(cp.checkParam, cp.algParamSpec)) {
 235                 return false;
 236             }
 237 
 238             // check exemptionMechanism.
 239             if (impliesExemptionMechanism(cp.exemptionMechanism)) {
 240                 return true;
 241             }
 242         }
 243 
 244         return false;
 245     }
 246 
 247     /**
 248      * Checks two CryptoPermission objects for equality. Checks that
 249      * <code>obj</code> is a CryptoPermission, and has the same
 250      * algorithm name,
 251      * exemption mechanism name, maximum allowable key size and
 252      * algorithm parameter spec
 253      * as this object.
 254      * <P>
 255      * @param obj the object to test for equality with this object.
 256      * @return true if <code>obj</code> is equal to this object.
 257      */
 258     public boolean equals(Object obj) {
 259         if (obj == this)
 260             return true;
 261 
 262         if (!(obj instanceof CryptoPermission))
 263             return false;
 264 
 265         CryptoPermission that = (CryptoPermission) obj;
 266 
 267         if (!(alg.equalsIgnoreCase(that.alg)) ||
 268             (maxKeySize != that.maxKeySize)) {
 269             return false;
 270         }
 271         if (this.checkParam != that.checkParam) {
 272             return false;
 273         }
 274         return (equalObjects(this.exemptionMechanism,
 275                              that.exemptionMechanism) &&
 276                 equalObjects(this.algParamSpec,
 277                              that.algParamSpec));
 278     }
 279 
 280     /**
 281      * Returns the hash code value for this object.
 282      *
 283      * @return a hash code value for this object.
 284      */
 285 
 286     public int hashCode() {
 287         int retval = alg.hashCode();
 288         retval ^= maxKeySize;
 289         if (exemptionMechanism != null) {
 290             retval ^= exemptionMechanism.hashCode();
 291         }
 292         if (checkParam) retval ^= 100;
 293         if (algParamSpec != null) {
 294             retval ^= algParamSpec.hashCode();
 295         }
 296         return retval;
 297     }
 298 
 299     /**
 300      * There is no action defined for a CryptoPermission
 301      * onject.
 302      */
 303     public String getActions()
 304     {
 305         return null;
 306     }
 307 
 308     /**
 309      * Returns a new PermissionCollection object for storing
 310      * CryptoPermission objects.
 311      *
 312      * @return a new PermissionCollection object suitable for storing
 313      * CryptoPermissions.
 314      */
 315 
 316     public PermissionCollection newPermissionCollection() {
 317         return new CryptoPermissionCollection();
 318     }
 319 
 320     /**
 321      * Returns the algorithm name associated with
 322      * this CryptoPermission object.
 323      */
 324     final String getAlgorithm() {
 325         return alg;
 326     }
 327 
 328     /**
 329      * Returns the exemption mechanism name
 330      * associated with this CryptoPermission
 331      * object.
 332      */
 333     final String getExemptionMechanism() {
 334         return exemptionMechanism;
 335     }
 336 
 337     /**
 338      * Returns the maximum allowable key size associated
 339      * with this CryptoPermission object.
 340      */
 341     final int getMaxKeySize() {
 342         return maxKeySize;
 343     }
 344 
 345     /**
 346      * Returns true if there is a limitation on the
 347      * AlgorithmParameterSpec associated with this
 348      * CryptoPermission object and false if otherwise.
 349      */
 350     final boolean getCheckParam() {
 351         return checkParam;
 352     }
 353 
 354     /**
 355      * Returns the AlgorithmParameterSpec
 356      * associated with this CryptoPermission
 357      * object.
 358      */
 359     final AlgorithmParameterSpec getAlgorithmParameterSpec() {
 360         return algParamSpec;
 361     }
 362 
 363     /**
 364      * Returns a string describing this CryptoPermission.  The convention is to
 365      * specify the class name, the algorithm name, the maximum allowable
 366      * key size, and the name of the exemption mechanism, in the following
 367      * format: '("ClassName" "algorithm" "keysize" "exemption_mechanism")'.
 368      *
 369      * @return information about this CryptoPermission.
 370      */
 371     public String toString() {
 372         StringBuilder buf = new StringBuilder(100);
 373         buf.append("(CryptoPermission " + alg + " " + maxKeySize);
 374         if (algParamSpec != null) {
 375             if (algParamSpec instanceof RC2ParameterSpec) {
 376                 buf.append(" , effective " +
 377                     ((RC2ParameterSpec)algParamSpec).getEffectiveKeyBits());
 378             } else if (algParamSpec instanceof RC5ParameterSpec) {
 379                 buf.append(" , rounds " +
 380                     ((RC5ParameterSpec)algParamSpec).getRounds());
 381             }
 382         }
 383         if (exemptionMechanism != null) { // OPTIONAL
 384             buf.append(" " + exemptionMechanism);
 385         }
 386         buf.append(")");
 387         return buf.toString();
 388     }
 389 
 390     private boolean impliesExemptionMechanism(String exemptionMechanism) {
 391         if (this.exemptionMechanism == null) {
 392             return true;
 393         }
 394 
 395         if (exemptionMechanism == null) {
 396             return false;
 397         }
 398 
 399         if (this.exemptionMechanism.equals(exemptionMechanism)) {
 400             return true;
 401         }
 402 
 403         return false;
 404     }
 405 
 406     private boolean impliesParameterSpec(boolean checkParam,
 407                                          AlgorithmParameterSpec algParamSpec) {
 408         if ((this.checkParam) && checkParam) {
 409             if (algParamSpec == null) {
 410                 return true;
 411             } else if (this.algParamSpec == null) {
 412                 return false;
 413             }
 414 
 415             if (this.algParamSpec.getClass() != algParamSpec.getClass()) {
 416                 return false;
 417             }
 418 
 419             if (algParamSpec instanceof RC2ParameterSpec) {
 420                 if (((RC2ParameterSpec)algParamSpec).getEffectiveKeyBits() <=
 421                     ((RC2ParameterSpec)
 422                      (this.algParamSpec)).getEffectiveKeyBits()) {
 423                     return true;
 424                 }
 425             }
 426 
 427             if (algParamSpec instanceof RC5ParameterSpec) {
 428                 if (((RC5ParameterSpec)algParamSpec).getRounds() <=
 429                     ((RC5ParameterSpec)this.algParamSpec).getRounds()) {
 430                     return true;
 431                 }
 432             }
 433 
 434             if (algParamSpec instanceof PBEParameterSpec) {
 435                 if (((PBEParameterSpec)algParamSpec).getIterationCount() <=
 436                     ((PBEParameterSpec)this.algParamSpec).getIterationCount()) {
 437                     return true;
 438                 }
 439             }
 440 
 441             // For classes we don't know, the following
 442             // may be the best try.
 443             if (this.algParamSpec.equals(algParamSpec)) {
 444                 return true;
 445             }
 446             return false;
 447         } else if (this.checkParam) {
 448             return false;
 449         } else {
 450             return true;
 451         }
 452     }
 453 
 454     private boolean equalObjects(Object obj1, Object obj2) {
 455         if (obj1 == null) {
 456             return (obj2 == null ? true : false);
 457         }
 458 
 459         return obj1.equals(obj2);
 460     }
 461 }
 462 
 463 /**
 464  * A CryptoPermissionCollection stores a set of CryptoPermission
 465  * permissions.
 466  *
 467  * @see java.security.Permission
 468  * @see java.security.Permissions
 469  * @see java.security.PermissionCollection
 470  *
 471  * @author Sharon Liu
 472  */
 473 final class CryptoPermissionCollection extends PermissionCollection
 474     implements Serializable
 475 {
 476     private static final long serialVersionUID = -511215555898802763L;
 477 
 478     private Vector<Permission> permissions;
 479 
 480     /**
 481      * Creates an empty CryptoPermissionCollection
 482      * object.
 483      */
 484     CryptoPermissionCollection() {
 485         permissions = new Vector<Permission>(3);
 486     }
 487 
 488     /**
 489      * Adds a permission to the CryptoPermissionCollection.
 490      *
 491      * @param permission the Permission object to add.
 492      *
 493      * @exception SecurityException - if this CryptoPermissionCollection
 494      * object has been marked <i>readOnly</i>.
 495      */
 496     public void add(Permission permission) {
 497         if (isReadOnly())
 498             throw new SecurityException("attempt to add a Permission " +
 499                                         "to a readonly PermissionCollection");
 500 
 501         if (!(permission instanceof CryptoPermission))
 502             return;
 503 
 504         permissions.addElement(permission);
 505     }
 506 
 507     /**
 508      * Check and see if this CryptoPermission object implies
 509      * the given Permission object.
 510      *
 511      * @param permission the Permission object to compare
 512      *
 513      * @return true if the given permission  is implied by this
 514      * CryptoPermissionCollection, false if not.
 515      */
 516     public boolean implies(Permission permission) {
 517         if (!(permission instanceof CryptoPermission))
 518             return false;
 519 
 520         CryptoPermission cp = (CryptoPermission)permission;
 521 
 522         Enumeration<Permission> e = permissions.elements();
 523 
 524         while (e.hasMoreElements()) {
 525             CryptoPermission x = (CryptoPermission) e.nextElement();
 526             if (x.implies(cp)) {
 527                 return true;
 528             }
 529         }
 530         return false;
 531     }
 532 
 533     /**
 534      * Returns an enumeration of all the CryptoPermission objects
 535      * in the container.
 536      *
 537      * @return an enumeration of all the CryptoPermission objects.
 538      */
 539 
 540     public Enumeration<Permission> elements() {
 541         return permissions.elements();
 542     }
 543 }