mirror of git://gcc.gnu.org/git/gcc.git
317 lines
9.4 KiB
Java
317 lines
9.4 KiB
Java
/* CodeSource.java -- Code location and certifcates
|
|
Copyright (C) 1998 Free Software Foundation, Inc.
|
|
|
|
This file is part of GNU Classpath.
|
|
|
|
GNU Classpath is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
any later version.
|
|
|
|
GNU Classpath is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with GNU Classpath; see the file COPYING. If not, write to the
|
|
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
02111-1307 USA.
|
|
|
|
As a special exception, if you link this library with other files to
|
|
produce an executable, this library does not by itself cause the
|
|
resulting executable to be covered by the GNU General Public License.
|
|
This exception does not however invalidate any other reasons why the
|
|
executable file might be covered by the GNU General Public License. */
|
|
|
|
package java.security;
|
|
|
|
import java.io.Serializable;
|
|
import java.net.URL;
|
|
import java.net.SocketPermission;
|
|
|
|
/**
|
|
* This class represents a location from which code is loaded (as
|
|
* represented by a URL) and the list of certificates that are used to
|
|
* check the signatures of signed code loaded from this source.
|
|
*
|
|
* @version 0.0
|
|
*
|
|
* @author Aaron M. Renn (arenn@urbanophile.com)
|
|
*/
|
|
public class CodeSource implements Serializable
|
|
{
|
|
private static final String linesep = System.getProperty("line.separator");
|
|
|
|
/**
|
|
* This is the URL that represents the code base from which code will
|
|
* be loaded.
|
|
*/
|
|
private URL location;
|
|
|
|
/**
|
|
* This is the list of certificates for this code base
|
|
*/
|
|
// What is the serialized form of this?
|
|
private java.security.cert.Certificate[] certs;
|
|
|
|
/**
|
|
* This method initializes a new instance of <code>CodeSource</code> that
|
|
* loads code from the specified URL location and which uses the
|
|
* specified certificates for verifying signatures.
|
|
*
|
|
* @param location The location from which code will be loaded
|
|
* @param certs The list of certificates used for verifying signatures on code from this source
|
|
*/
|
|
public CodeSource(URL location, java.security.cert.Certificate[] certs)
|
|
{
|
|
this.location = location;
|
|
this.certs = certs;
|
|
}
|
|
|
|
/**
|
|
* This method returns the URL specifying the location from which code
|
|
* will be loaded under this <code>CodeSource</code>.
|
|
*
|
|
* @return The code location for this <code>CodeSource</code>.
|
|
*/
|
|
public final URL getLocation()
|
|
{
|
|
return location;
|
|
}
|
|
|
|
/**
|
|
* This method returns the list of digital certificates that can be used
|
|
* to verify the signatures of code loaded under this <code>CodeSource</code>.
|
|
*
|
|
* @return The certifcate list for this <code>CodeSource</code>.
|
|
*/
|
|
public final java.security.cert.Certificate[] getCertificates()
|
|
{
|
|
return certs;
|
|
}
|
|
|
|
/**
|
|
* This method tests to see if a specified <code>CodeSource</code> is
|
|
* implied by this object. Effectively, to meet this test, the specified
|
|
* object must have all the certifcates this object has (but may have
|
|
* more) and must have a location that is a subset of this object's. In order
|
|
* for this object to imply the specified object, the following must be
|
|
* true:
|
|
* <p>
|
|
* <ol>
|
|
* <li>The specified <code>CodeSource</code> must not be <code>null</code>.
|
|
* <li>If the specified <code>CodeSource</code> has a certificate list,
|
|
* all of that object's certificates must be present in the certificate
|
|
* list of this object.
|
|
* <li>If this object does not have a <code>null</code> location, then
|
|
* the following addtional tests must be passed.
|
|
* <ol>
|
|
* <li>The specified <code>CodeSource</code> must not have a <code>null</code> location.
|
|
* <li>The specified <code>CodeSource</code>'s location must be equal to
|
|
* this object's location, or<br>
|
|
* <ul>
|
|
* <li>The specifiec <code>CodeSource</code>'s location protocol, port,
|
|
* and ref (aka, anchor) must equal this objects, and
|
|
* <li>The specified <code>CodeSource</code>'s location host must imply this
|
|
* object's location host, as determined by contructing
|
|
* <code>SocketPermission</code> objects from each with no action list and
|
|
* using that classes's <code>implies</code> method. And,
|
|
* <li>If this object's location file ends with a '/', then the specified
|
|
* object's location file must start with this object's location file.
|
|
* Otherwise, the specified object's location file must start with this
|
|
* object's location file with the '/' character appended to it.
|
|
* </ul>
|
|
* </ol>
|
|
* </ol>
|
|
*
|
|
* @param cs The <code>CodeSource</code> to test against this object
|
|
*
|
|
* @return <code>true</code> if this specified <code>CodeSource</code> is specified by this object, <code>false</code> otherwise.
|
|
*/
|
|
public boolean implies(CodeSource cs)
|
|
{
|
|
if (cs == null)
|
|
return false;
|
|
|
|
// First check the certificate list
|
|
java.security.cert.Certificate[] their_certs = cs.getCertificates();
|
|
java.security.cert.Certificate[] our_certs = getCertificates();
|
|
|
|
if (our_certs != null)
|
|
{
|
|
if (their_certs == null)
|
|
return false;
|
|
|
|
for (int i = 0; i < our_certs.length; i++)
|
|
{
|
|
int j;
|
|
for (j = 0; j < their_certs.length; j++)
|
|
if (our_certs[i].equals(their_certs[j]))
|
|
break;
|
|
|
|
if (j == their_certs.length)
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Next check the location
|
|
URL their_loc = getLocation();
|
|
URL our_loc = getLocation();
|
|
|
|
if (our_loc == null)
|
|
return true;
|
|
else if (their_loc == null)
|
|
return false;
|
|
|
|
if (!our_loc.getProtocol().equals(their_loc.getProtocol()))
|
|
return false;
|
|
|
|
if (our_loc.getPort() != -1)
|
|
if (our_loc.getPort() != their_loc.getPort())
|
|
return false;
|
|
|
|
if (our_loc.getRef() != null)
|
|
if (!our_loc.getRef().equals(their_loc.getRef()))
|
|
return false;
|
|
|
|
// See javadoc comments for what we are doing here.
|
|
if (our_loc.getHost() != null)
|
|
{
|
|
String their_host = their_loc.getHost();
|
|
if (their_host == null)
|
|
return false;
|
|
|
|
SocketPermission our_sockperm =
|
|
new SocketPermission(our_loc.getHost(), "accept");
|
|
SocketPermission their_sockperm =
|
|
new SocketPermission(their_host, "accept");
|
|
|
|
if (!our_sockperm.implies(their_sockperm))
|
|
return false;
|
|
}
|
|
|
|
String our_file = our_loc.getFile();
|
|
if (our_file != null)
|
|
{
|
|
if (!our_file.endsWith("/"))
|
|
our_file = our_file + "/";
|
|
|
|
String their_file = their_loc.getFile();
|
|
if (their_file == null)
|
|
return false;
|
|
|
|
if (!their_file.startsWith(our_file))
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* This method tests the specified <code>Object</code> for equality with
|
|
* this object. This will be true if and only if:
|
|
* <p>
|
|
* <ul>
|
|
* <li>The specified object is not <code>null</code>.
|
|
* <li>The specified object is an instance of <code>CodeSource</code>.
|
|
* <li>The specified object's location is the same as this object's.
|
|
* <li>The specified object's certificate list contains the exact same
|
|
* entries as the object's. Note that the order of the certificate lists
|
|
* is not significant.
|
|
* </ul>
|
|
*
|
|
* @param obj The <code>Object</code> to test against.
|
|
*
|
|
* @return <code>true</code> if the specified object is equal to this one, <code>false</code> otherwise.
|
|
*/
|
|
public boolean equals(Object obj)
|
|
{
|
|
if (obj == null)
|
|
return false;
|
|
|
|
if (!(obj instanceof CodeSource))
|
|
return false;
|
|
|
|
CodeSource cs = (CodeSource) obj;
|
|
|
|
// First check the certificate list
|
|
java.security.cert.Certificate[] their_certs = cs.getCertificates();
|
|
java.security.cert.Certificate[] our_certs = getCertificates();
|
|
|
|
if ((our_certs == null) && (their_certs != null))
|
|
return false;
|
|
else if ((our_certs != null) && (their_certs == null))
|
|
return false;
|
|
|
|
if (our_certs != null)
|
|
{
|
|
if (our_certs.length != their_certs.length)
|
|
return false;
|
|
|
|
for (int i = 0; i < our_certs.length; i++)
|
|
{
|
|
int j;
|
|
for (j = 0; j < their_certs.length; j++)
|
|
if (our_certs[i].equals(their_certs[j]))
|
|
break;
|
|
|
|
if (j == their_certs.length)
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Now the location
|
|
URL their_loc = cs.getLocation();
|
|
URL our_loc = getLocation();
|
|
|
|
if ((our_loc == null) && (their_loc != null))
|
|
return false;
|
|
|
|
if (!our_loc.equals(their_loc))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* This method returns a hash value for this object.
|
|
*
|
|
* @return A hash value for this object.
|
|
*/
|
|
public int hashCode()
|
|
{
|
|
URL location = getLocation();
|
|
if (location == null)
|
|
return System.identityHashCode(this);
|
|
|
|
return location.hashCode();
|
|
}
|
|
|
|
/**
|
|
* This method returns a <code>String</code> that represents this object.
|
|
* This <code>String</code> will contain the object's hash code, location,
|
|
* and certificate list.
|
|
*
|
|
* @return A <code>String</code> for this object
|
|
*/
|
|
public String toString()
|
|
{
|
|
StringBuffer sb = new StringBuffer("");
|
|
|
|
sb.append(super.toString() + " (" + linesep);
|
|
sb.append("Location: " + getLocation() + linesep);
|
|
|
|
java.security.cert.Certificate[] certs = getCertificates();
|
|
if (certs == null)
|
|
sb.append("<none>" + linesep);
|
|
else
|
|
for (int i = 0; i < certs.length; i++)
|
|
sb.append(certs[i] + linesep);
|
|
|
|
sb.append(")" + linesep);
|
|
|
|
return sb.toString();
|
|
}
|
|
}
|