Clover coverage report - XMLPolicy - 1.1
Coverage timestamp: Tue Dec 2 2003 20:21:22 EST
file stats: LOC: 440   Methods: 13
NCLOC: 280   Classes: 1
30 day Evaluation Version distributed via the Maven Jar Repository. Clover is not free. You have 30 days to evaluate it. Please visit http://www.thecortex.net/clover to obtain a licensed version of Clover
 
 Source file Conditionals Statements Methods TOTAL
PolicyBuilder.java 0% 0% 0% 0%
coverage
 1   
 /*
 2   
  * Copyright (C) The Spice Group. All rights reserved.
 3   
  *
 4   
  * This software is published under the terms of the Spice
 5   
  * Software License version 1.1, a copy of which has been included
 6   
  * with this distribution in the LICENSE.txt file.
 7   
  */
 8   
 package org.codehaus.spice.xmlpolicy.builder;
 9   
 
 10   
 import java.io.InputStream;
 11   
 import java.lang.reflect.Constructor;
 12   
 import java.net.MalformedURLException;
 13   
 import java.net.URL;
 14   
 import java.security.CodeSource;
 15   
 import java.security.KeyStore;
 16   
 import java.security.KeyStoreException;
 17   
 import java.security.Permission;
 18   
 import java.security.Policy;
 19   
 import java.security.UnresolvedPermission;
 20   
 import java.security.cert.Certificate;
 21   
 import java.util.ArrayList;
 22   
 import java.util.HashMap;
 23   
 import java.util.List;
 24   
 import java.util.Map;
 25   
 import java.util.PropertyPermission;
 26   
 import java.util.StringTokenizer;
 27   
 import org.codehaus.spice.xmlpolicy.metadata.GrantMetaData;
 28   
 import org.codehaus.spice.xmlpolicy.metadata.KeyStoreMetaData;
 29   
 import org.codehaus.spice.xmlpolicy.metadata.PermissionMetaData;
 30   
 import org.codehaus.spice.xmlpolicy.metadata.PolicyMetaData;
 31   
 
 32   
 /**
 33   
  * A Utility class that builds a Policy object from a specified
 34   
  * PolicyMetaData.
 35   
  *
 36   
  * @author Peter Donald
 37   
  * @version $Revision: 1.1 $ $Date: 2003/12/02 09:16:06 $
 38   
  */
 39   
 public class PolicyBuilder
 40   
 {
 41   
     /**
 42   
      * Build a policy for a specified meta data.
 43   
      *
 44   
      * @param policy the policy metadata
 45   
      * @return the Policy object
 46   
      * @throws Exception if unable to create Policy object
 47   
      */
 48  0
     public Policy buildPolicy( final PolicyMetaData policy,
 49   
                                final PolicyResolver resolver )
 50   
         throws Exception
 51   
     {
 52  0
         if( null == policy )
 53   
         {
 54  0
             throw new NullPointerException( "policy" );
 55   
         }
 56  0
         if( null == resolver )
 57   
         {
 58  0
             throw new NullPointerException( "resolver" );
 59   
         }
 60   
 
 61  0
         final Map keyStores =
 62   
             createKeyStores( policy.getKeyStores(), resolver );
 63  0
         final Map grants = new HashMap();
 64  0
         processGrants( policy.getGrants(), keyStores, grants, resolver );
 65   
 
 66  0
         final CodeSource codeSource = createDefaultCodeSource();
 67  0
         final Permission[] permissions = getDefaultPermissions();
 68  0
         grants.put( codeSource, permissions );
 69   
 
 70  0
         return resolver.createPolicy( grants );
 71   
     }
 72   
 
 73   
     /**
 74   
      * Porcess all the grants and build up a grant map.
 75   
      *
 76   
      * @param metaDatas the metadata
 77   
      * @param keyStores the configured keystores
 78   
      * @param grants the grant map
 79   
      * @param resolver the resolver to use to resolve locations etc
 80   
      * @throws Exception if unable to create grant map
 81   
      */
 82  0
     private void processGrants( final GrantMetaData[] metaDatas,
 83   
                                 final Map keyStores,
 84   
                                 final Map grants,
 85   
                                 final PolicyResolver resolver )
 86   
         throws Exception
 87   
     {
 88  0
         for( int i = 0; i < metaDatas.length; i++ )
 89   
         {
 90  0
             processGrant( metaDatas[ i ], keyStores, grants, resolver );
 91   
         }
 92   
     }
 93   
 
 94   
     /**
 95   
      * Porcess a grants and add to the grant map.
 96   
      *
 97   
      * @param metaData the metadata
 98   
      * @param keyStores the configured keystores
 99   
      * @param grants the grant map
 100   
      * @param resolver the resolver to use to resolve locations etc
 101   
      * @throws Exception if unable to create grant map
 102   
      */
 103  0
     private void processGrant( final GrantMetaData metaData,
 104   
                                final Map keyStores,
 105   
                                final Map grants,
 106   
                                final PolicyResolver resolver )
 107   
         throws Exception
 108   
     {
 109  0
         final URL url =
 110   
             resolver.resolveLocation( metaData.getCodebase() );
 111   
 
 112  0
         final Certificate[] signers =
 113   
             getSigners( metaData.getSignedBy(),
 114   
                         metaData.getKeyStore(),
 115   
                         keyStores );
 116  0
         final CodeSource codeSource = new CodeSource( url, signers );
 117   
 
 118  0
         final Permission[] permissions =
 119   
             createPermissions( metaData.getPermissions(),
 120   
                                keyStores );
 121  0
         grants.put( codeSource, permissions );
 122   
     }
 123   
 
 124   
     /**
 125   
      * Create all permissions for specified metadata.
 126   
      *
 127   
      * @param metaDatas the metadata
 128   
      * @param keyStores the keystores to use when loading signers
 129   
      * @return the created permissions
 130   
      * @throws Exception if unabel to create permissions
 131   
      */
 132  0
     private Permission[] createPermissions( final PermissionMetaData[] metaDatas,
 133   
                                             final Map keyStores )
 134   
         throws Exception
 135   
     {
 136  0
         final List set = new ArrayList();
 137   
 
 138  0
         for( int i = 0; i < metaDatas.length; i++ )
 139   
         {
 140  0
             final Permission permission =
 141   
                 createPermission( metaDatas[ i ], keyStores );
 142  0
             set.add( permission );
 143   
         }
 144   
 
 145  0
         return (Permission[])set.toArray( new Permission[ set.size() ] );
 146   
     }
 147   
 
 148   
     /**
 149   
      * Create a permission for metadata.
 150   
      *
 151   
      * @param metaData the permission metadata
 152   
      * @param keyStores the keystore to use (if needed)
 153   
      * @return the created permission
 154   
      * @throws Exception if unable to create permission
 155   
      */
 156  0
     private Permission createPermission( final PermissionMetaData metaData,
 157   
                                          final Map keyStores )
 158   
         throws Exception
 159   
     {
 160  0
         final String type = metaData.getClassname();
 161  0
         final String actions = metaData.getAction();
 162  0
         final String signedBy = metaData.getSignedBy();
 163  0
         final String keyStoreName = metaData.getKeyStore();
 164  0
         final String target = metaData.getTarget();
 165   
 
 166  0
         final Certificate[] signers =
 167   
             getSigners( signedBy, keyStoreName, keyStores );
 168  0
         return createPermission( type, target, actions, signers );
 169   
     }
 170   
 
 171   
     /**
 172   
      * Create a mpa of keystores from specified metadata.
 173   
      *
 174   
      * @param metaDatas the metadata
 175   
      * @return the keystore map
 176   
      * @throws Exception if unable to create all keystores
 177   
      */
 178  0
     private Map createKeyStores( final KeyStoreMetaData[] metaDatas,
 179   
                                  final PolicyResolver resolver )
 180   
         throws Exception
 181   
     {
 182  0
         final Map keyStores = new HashMap();
 183   
 
 184  0
         for( int i = 0; i < metaDatas.length; i++ )
 185   
         {
 186  0
             final KeyStoreMetaData metaData = metaDatas[ i ];
 187  0
             final String name = metaData.getName();
 188   
 
 189  0
             try
 190   
             {
 191  0
                 final URL url =
 192   
                     resolver.resolveLocation( metaData.getLocation() );
 193  0
                 final KeyStore keyStore =
 194   
                     createKeyStore( metaData.getType(), url );
 195   
 
 196  0
                 keyStores.put( name, keyStore );
 197   
             }
 198   
             catch( final Exception e )
 199   
             {
 200  0
                 final String message =
 201   
                     "Error creating keystore " + name + ". Due to " + e;
 202  0
                 throw new Exception( message );
 203   
             }
 204   
         }
 205   
 
 206  0
         return keyStores;
 207   
     }
 208   
 
 209   
     /**
 210   
      * Create a permission of specified class and
 211   
      * with specified target, action and signers.
 212   
      *
 213   
      * @param type the classname of Permission object
 214   
      * @param target the target of permission
 215   
      * @param actions the actions allowed on permission (if any)
 216   
      * @param signers the signers (if any)
 217   
      * @return the created Permission object
 218   
      * @throws Exception if unable to create permission
 219   
      */
 220  0
     private final Permission createPermission( final String type,
 221   
                                                final String target,
 222   
                                                final String actions,
 223   
                                                final Certificate[] signers )
 224   
         throws Exception
 225   
     {
 226  0
         if( null != signers )
 227   
         {
 228  0
             return new UnresolvedPermission( type, target, actions, signers );
 229   
         }
 230   
 
 231  0
         try
 232   
         {
 233  0
             final Class clazz = Class.forName( type );
 234   
 
 235  0
             Class paramClasses[] = null;
 236  0
             Object params[] = null;
 237   
 
 238  0
             if( null == actions && null == target )
 239   
             {
 240  0
                 paramClasses = new Class[ 0 ];
 241  0
                 params = new Object[ 0 ];
 242   
             }
 243  0
             else if( null == actions )
 244   
             {
 245  0
                 paramClasses = new Class[ 1 ];
 246  0
                 paramClasses[ 0 ] = String.class;
 247  0
                 params = new Object[ 1 ];
 248  0
                 params[ 0 ] = target;
 249   
             }
 250   
             else
 251   
             {
 252  0
                 paramClasses = new Class[ 2 ];
 253  0
                 paramClasses[ 0 ] = String.class;
 254  0
                 paramClasses[ 1 ] = String.class;
 255  0
                 params = new Object[ 2 ];
 256  0
                 params[ 0 ] = target;
 257  0
                 params[ 1 ] = actions;
 258   
             }
 259   
 
 260  0
             final Constructor constructor = clazz.getConstructor( paramClasses );
 261  0
             return (Permission)constructor.newInstance( params );
 262   
         }
 263   
         catch( final ClassNotFoundException cnfe )
 264   
         {
 265  0
             return new UnresolvedPermission( type, target, actions, signers );
 266   
         }
 267   
     }
 268   
 
 269   
     /**
 270   
      * Create a keystore of specified type and loading from specified url.
 271   
      *
 272   
      * @param type the type of key store
 273   
      * @param url the location of key store data
 274   
      * @return the create and configured keystore
 275   
      * @throws Exception if unable to create or load keystore
 276   
      */
 277  0
     protected KeyStore createKeyStore( final String type,
 278   
                                        final URL url )
 279   
         throws Exception
 280   
     {
 281  0
         final KeyStore keyStore = KeyStore.getInstance( type );
 282  0
         final InputStream ins = url.openStream();
 283  0
         keyStore.load( ins, null );
 284  0
         return keyStore;
 285   
     }
 286   
 
 287   
     /**
 288   
      * Retrieve Certificates for specified signers
 289   
      * as loaded from keyStore.
 290   
      *
 291   
      * @param signedBy the signers
 292   
      * @param keyStoreName the name of keystore
 293   
      * @param keyStores the list of keystores to lookup
 294   
      * @return the certificates
 295   
      * @throws Exception if unable to get signers
 296   
      */
 297  0
     private Certificate[] getSigners( final String signedBy,
 298   
                                       final String keyStoreName,
 299   
                                       final Map keyStores )
 300   
         throws Exception
 301   
     {
 302  0
         if( null == signedBy )
 303   
         {
 304  0
             return null;
 305   
         }
 306   
         else
 307   
         {
 308  0
             final KeyStore keyStore = getKeyStore( keyStoreName, keyStores );
 309  0
             return getCertificates( signedBy, keyStore );
 310   
         }
 311   
     }
 312   
 
 313   
     /**
 314   
      * Retrieve the set of Ceritificates for all signers.
 315   
      *
 316   
      * @param signedBy the comma separated list of signers
 317   
      * @param keyStore the keystore to look for signers certificates in
 318   
      * @return the certificate set
 319   
      * @throws Exception if unabel to create certificates
 320   
      */
 321  0
     private Certificate[] getCertificates( final String signedBy,
 322   
                                            final KeyStore keyStore )
 323   
         throws Exception
 324   
     {
 325  0
         final List certificateSet = new ArrayList();
 326   
 
 327  0
         final StringTokenizer st = new StringTokenizer( signedBy, "," );
 328  0
         while( st.hasMoreTokens() )
 329   
         {
 330  0
             final String alias = st.nextToken().trim();
 331  0
             Certificate certificate = null;
 332   
 
 333  0
             try
 334   
             {
 335  0
                 certificate = keyStore.getCertificate( alias );
 336   
             }
 337   
             catch( final KeyStoreException kse )
 338   
             {
 339  0
                 final String message =
 340   
                     "Unable to get certificate for alias " +
 341   
                     alias + " due to " + kse;
 342  0
                 throw new Exception( message );
 343   
             }
 344   
 
 345  0
             if( null == certificate )
 346   
             {
 347  0
                 final String message =
 348   
                     "Missing certificate for alias " + alias;
 349  0
                 throw new Exception( message );
 350   
             }
 351   
 
 352  0
             if( !certificateSet.contains( certificate ) )
 353   
             {
 354  0
                 certificateSet.add( certificate );
 355   
             }
 356   
         }
 357   
 
 358  0
         return (Certificate[])certificateSet.toArray( new Certificate[ certificateSet.size() ] );
 359   
     }
 360   
 
 361   
     /**
 362   
      * Retrieve keystore with specified name from map.
 363   
      * If missing throw an exception.
 364   
      *
 365   
      * @param keyStoreName the name of key store
 366   
      * @param keyStores the map of stores
 367   
      * @return the keystore
 368   
      * @throws Exception thrown if unable to locate keystore
 369   
      */
 370  0
     private KeyStore getKeyStore( final String keyStoreName, final Map keyStores ) throws Exception
 371   
     {
 372  0
         final KeyStore keyStore = (KeyStore)keyStores.get( keyStoreName );
 373  0
         if( null == keyStore )
 374   
         {
 375  0
             final String message = "Missing keystore named: " + keyStoreName;
 376  0
             throw new Exception( message );
 377   
         }
 378   
         else
 379   
         {
 380  0
             return keyStore;
 381   
         }
 382   
     }
 383   
 
 384   
     /**
 385   
      * A utility method to get a default codesource
 386   
      * that covers all files on fielsystem
 387   
      *
 388   
      * @return the code source
 389   
      */
 390  0
     private CodeSource createDefaultCodeSource()
 391   
     {
 392   
         //Create a URL that covers whole file system.
 393  0
         final URL url;
 394  0
         try
 395   
         {
 396  0
             url = new URL( "file:/-" );
 397   
         }
 398   
         catch( final MalformedURLException mue )
 399   
         {
 400   
             //will never happen
 401  0
             throw new IllegalStateException( mue.getMessage() );
 402   
         }
 403  0
         final CodeSource codeSource = new CodeSource( url, null );
 404  0
         return codeSource;
 405   
     }
 406   
 
 407   
     /**
 408   
      * A utility method to get all the default permissions.
 409   
      */
 410  0
     private Permission[] getDefaultPermissions()
 411   
     {
 412  0
         final ArrayList list = new ArrayList();
 413   
         //these properties straight out ot ${java.home}/lib/security/java.policy
 414  0
         list.add( new PropertyPermission( "os.name", "read" ) );
 415  0
         list.add( new PropertyPermission( "os.arch", "read" ) );
 416  0
         list.add( new PropertyPermission( "os.version", "read" ) );
 417  0
         list.add( new PropertyPermission( "file.separator", "read" ) );
 418  0
         list.add( new PropertyPermission( "path.separator", "read" ) );
 419  0
         list.add( new PropertyPermission( "line.separator", "read" ) );
 420   
 
 421  0
         list.add( new PropertyPermission( "java.version", "read" ) );
 422  0
         list.add( new PropertyPermission( "java.vendor", "read" ) );
 423  0
         list.add( new PropertyPermission( "java.vendor.url", "read" ) );
 424   
 
 425  0
         list.add( new PropertyPermission( "java.class.version", "read" ) );
 426  0
         list.add( new PropertyPermission( "java.vm.version", "read" ) );
 427  0
         list.add( new PropertyPermission( "java.vm.vendor", "read" ) );
 428  0
         list.add( new PropertyPermission( "java.vm.name", "read" ) );
 429   
 
 430  0
         list.add( new PropertyPermission( "java.specification.version", "read" ) );
 431  0
         list.add( new PropertyPermission( "java.specification.vendor", "read" ) );
 432  0
         list.add( new PropertyPermission( "java.specification.name", "read" ) );
 433  0
         list.add( new PropertyPermission( "java.vm.specification.version", "read" ) );
 434  0
         list.add( new PropertyPermission( "java.vm.specification.vendor", "read" ) );
 435  0
         list.add( new PropertyPermission( "java.vm.specification.name", "read" ) );
 436   
 
 437  0
         return (Permission[])list.toArray( new Permission[ list.size() ] );
 438   
     }
 439   
 }
 440