1 /*
2 * Copyright (C) The Spice Group. All rights reserved.
3 *
4 * This software is published under the terms of the Spice
5 * Software License version 1.1, a copy of which has been included
6 * with this distribution in the LICENSE.txt file.
7 */
8 package org.codehaus.spice.xmlpolicy.verifier;
9
10 import org.codehaus.spice.xmlpolicy.metadata.GrantMetaData;
11 import org.codehaus.spice.xmlpolicy.metadata.KeyStoreMetaData;
12 import org.codehaus.spice.xmlpolicy.metadata.PermissionMetaData;
13 import org.codehaus.spice.xmlpolicy.metadata.PolicyMetaData;
14 import org.codehaus.spice.salt.i18n.Resources;
15 import org.codehaus.spice.salt.i18n.ResourceManager;
16
17 /***
18 * Verify Policy set is valid. Validity is defined as
19 * <ul>
20 * <li>All KeyStore names should be defined starting with
21 * letters or '_' and then continuing with Alpha-Numeric
22 * characters, '-', '.' or '_'.</li>
23 * <li>If signedBy is specified then keystore is specified
24 * for both grants and permissions.</li>
25 * <li>That any keystore names used by grant or permission
26 * reference actual keystores.</li>
27 * <li>If target is null then actions is null.</li>
28 * </ul>
29 *
30 * @author Peter Donald
31 * @version $Revision: 1.1 $ $Date: 2003/12/02 09:16:07 $
32 */
33 public class PolicyVerifier
34 {
35 private final static Resources REZ =
36 ResourceManager.getPackageResources( PolicyVerifier.class );
37
38 public void verifyPolicy( final PolicyMetaData policy )
39 throws Exception
40 {
41 String message = null;
42
43 message = REZ.getString( "valid-names.notice" );
44 info( message );
45 verifyNames( policy );
46
47 message = REZ.getString( "valid-keyStoreReferences.notice" );
48 info( message );
49 verifyKeyStoreReferences( policy );
50
51 message = REZ.getString( "valid-actions.notice" );
52 info( message );
53 verifyActions( policy );
54 }
55
56 /***
57 * Log an informational message.
58 * Sub-classes should overide this.
59 *
60 * @param message the message
61 */
62 protected void info( final String message )
63 {
64 //noop
65 }
66
67 /***
68 * Verify that all the keystores have valid names.
69 *
70 * @throws Exception if validity check fails
71 */
72 private void verifyNames( final PolicyMetaData policy )
73 throws Exception
74 {
75 final KeyStoreMetaData[] keyStores = policy.getKeyStores();
76 for( int i = 0; i < keyStores.length; i++ )
77 {
78 final String name = keyStores[ i ].getName();
79 verifyName( name );
80 }
81 }
82
83 /***
84 * Verify that each reference to a keystore is valid.
85 *
86 * @throws Exception if validity check fails
87 */
88 private void verifyKeyStoreReferences( final PolicyMetaData policy )
89 throws Exception
90 {
91 final GrantMetaData[] grants = policy.getGrants();
92 for( int i = 0; i < grants.length; i++ )
93 {
94 verifyKeyStore( policy, grants[ i ] );
95 }
96 }
97
98 /***
99 * Verify that each reference to a keystore is valid.
100 *
101 * @throws Exception if validity check fails
102 */
103 private void verifyKeyStore( final PolicyMetaData policy,
104 final GrantMetaData grant )
105 throws Exception
106 {
107 verifyKeyStoreReference( policy, grant.getKeyStore() );
108 final PermissionMetaData[] permissions = grant.getPermissions();
109 for( int j = 0; j < permissions.length; j++ )
110 {
111 final PermissionMetaData permission = permissions[ j ];
112 verifyKeyStoreReference( policy, permission.getKeyStore() );
113 }
114 }
115
116 /***
117 * Verify that each reference to a keystore is valid.
118 *
119 * @throws Exception if validity check fails
120 */
121 private void verifyKeyStoreReference( final PolicyMetaData policy,
122 final String keyStoreName )
123 throws Exception
124 {
125 //Ignore keystores that are not specified
126 if( null == keyStoreName )
127 {
128 return;
129 }
130 final KeyStoreMetaData[] keyStores = policy.getKeyStores();
131 for( int i = 0; i < keyStores.length; i++ )
132 {
133 final KeyStoreMetaData keyStore = keyStores[ i ];
134 if( keyStore.getName().equals( keyStoreName ) )
135 {
136 return;
137 }
138 }
139
140 final String message =
141 REZ.format( "bad-keystore-reference.error",
142 keyStoreName );
143 throw new Exception( message );
144 }
145
146 /***
147 * Verify that all the classloaders have valid names.
148 *
149 * @throws Exception if validity check fails
150 */
151 private void verifyName( final String name )
152 throws Exception
153 {
154 final int size = name.length();
155 if( 0 == size )
156 {
157 final String message =
158 REZ.format( "empty-name.error",
159 name );
160 throw new Exception( message );
161 }
162 final char ch = name.charAt( 0 );
163 if( !Character.isLetter( ch ) &&
164 '_' != ch )
165 {
166 final String message =
167 REZ.format( "name-invalid-start.error",
168 name );
169 throw new Exception( message );
170 }
171
172 for( int i = 1; i < size; i++ )
173 {
174 final char c = name.charAt( i );
175 if( !Character.isLetterOrDigit( c ) &&
176 '_' != c &&
177 '-' != c &&
178 '.' != c )
179 {
180 final String message =
181 REZ.format( "name-invalid-char.error",
182 name,
183 String.valueOf( c ) );
184 throw new Exception( message );
185 }
186 }
187 }
188
189 /***
190 * Verify that an action is null if a target is null.
191 *
192 * @throws Exception if validity check fails
193 */
194 private void verifyActions( final PolicyMetaData policy )
195 throws Exception
196 {
197 final GrantMetaData[] grants = policy.getGrants();
198 for( int i = 0; i < grants.length; i++ )
199 {
200 final GrantMetaData grant = grants[ i ];
201 final PermissionMetaData[] permissions = grant.getPermissions();
202 for( int j = 0; j < permissions.length; j++ )
203 {
204 final PermissionMetaData permission = permissions[ j ];
205 final String target = permission.getTarget();
206 final String action = permission.getAction();
207 if( null == target && null != action )
208 {
209 final String message =
210 REZ.format( "permission-missing-action.error",
211 grant.getCodebase(),
212 permission.getClassname() );
213 throw new Exception( message );
214 }
215 }
216 }
217 }
218 }
This page was automatically generated by Maven