|
|||||||||||||||||||
30 day Evaluation Version distributed via the Maven Jar Repository. Clover is not free. You have 30 days to evaluate it. Please visit http://www.thecortex.net/clover to obtain a licensed version of Clover | |||||||||||||||||||
Source file | Conditionals | Statements | Methods | TOTAL | |||||||||||||||
PolicyVerifier.java | 0% | 0% | 0% | 0% |
|
1 |
/*
|
|
2 |
* Copyright (C) The Spice Group. All rights reserved.
|
|
3 |
*
|
|
4 |
* This software is published under the terms of the Spice
|
|
5 |
* Software License version 1.1, a copy of which has been included
|
|
6 |
* with this distribution in the LICENSE.txt file.
|
|
7 |
*/
|
|
8 |
package org.codehaus.spice.xmlpolicy.verifier;
|
|
9 |
|
|
10 |
import org.codehaus.spice.xmlpolicy.metadata.GrantMetaData;
|
|
11 |
import org.codehaus.spice.xmlpolicy.metadata.KeyStoreMetaData;
|
|
12 |
import org.codehaus.spice.xmlpolicy.metadata.PermissionMetaData;
|
|
13 |
import org.codehaus.spice.xmlpolicy.metadata.PolicyMetaData;
|
|
14 |
import org.codehaus.spice.salt.i18n.Resources;
|
|
15 |
import org.codehaus.spice.salt.i18n.ResourceManager;
|
|
16 |
|
|
17 |
/**
|
|
18 |
* Verify Policy set is valid. Validity is defined as
|
|
19 |
* <ul>
|
|
20 |
* <li>All KeyStore names should be defined starting with
|
|
21 |
* letters or '_' and then continuing with Alpha-Numeric
|
|
22 |
* characters, '-', '.' or '_'.</li>
|
|
23 |
* <li>If signedBy is specified then keystore is specified
|
|
24 |
* for both grants and permissions.</li>
|
|
25 |
* <li>That any keystore names used by grant or permission
|
|
26 |
* reference actual keystores.</li>
|
|
27 |
* <li>If target is null then actions is null.</li>
|
|
28 |
* </ul>
|
|
29 |
*
|
|
30 |
* @author Peter Donald
|
|
31 |
* @version $Revision: 1.1 $ $Date: 2003/12/02 09:16:07 $
|
|
32 |
*/
|
|
33 |
public class PolicyVerifier |
|
34 |
{ |
|
35 |
private final static Resources REZ = |
|
36 |
ResourceManager.getPackageResources( PolicyVerifier.class );
|
|
37 |
|
|
38 | 0 |
public void verifyPolicy( final PolicyMetaData policy ) |
39 |
throws Exception
|
|
40 |
{ |
|
41 | 0 |
String message = null;
|
42 |
|
|
43 | 0 |
message = REZ.getString( "valid-names.notice" );
|
44 | 0 |
info( message ); |
45 | 0 |
verifyNames( policy ); |
46 |
|
|
47 | 0 |
message = REZ.getString( "valid-keyStoreReferences.notice" );
|
48 | 0 |
info( message ); |
49 | 0 |
verifyKeyStoreReferences( policy ); |
50 |
|
|
51 | 0 |
message = REZ.getString( "valid-actions.notice" );
|
52 | 0 |
info( message ); |
53 | 0 |
verifyActions( policy ); |
54 |
} |
|
55 |
|
|
56 |
/**
|
|
57 |
* Log an informational message.
|
|
58 |
* Sub-classes should overide this.
|
|
59 |
*
|
|
60 |
* @param message the message
|
|
61 |
*/
|
|
62 | 0 |
protected void info( final String message ) |
63 |
{ |
|
64 |
//noop
|
|
65 |
} |
|
66 |
|
|
67 |
/**
|
|
68 |
* Verify that all the keystores have valid names.
|
|
69 |
*
|
|
70 |
* @throws Exception if validity check fails
|
|
71 |
*/
|
|
72 | 0 |
private void verifyNames( final PolicyMetaData policy ) |
73 |
throws Exception
|
|
74 |
{ |
|
75 | 0 |
final KeyStoreMetaData[] keyStores = policy.getKeyStores(); |
76 | 0 |
for( int i = 0; i < keyStores.length; i++ ) |
77 |
{ |
|
78 | 0 |
final String name = keyStores[ i ].getName(); |
79 | 0 |
verifyName( name ); |
80 |
} |
|
81 |
} |
|
82 |
|
|
83 |
/**
|
|
84 |
* Verify that each reference to a keystore is valid.
|
|
85 |
*
|
|
86 |
* @throws Exception if validity check fails
|
|
87 |
*/
|
|
88 | 0 |
private void verifyKeyStoreReferences( final PolicyMetaData policy ) |
89 |
throws Exception
|
|
90 |
{ |
|
91 | 0 |
final GrantMetaData[] grants = policy.getGrants(); |
92 | 0 |
for( int i = 0; i < grants.length; i++ ) |
93 |
{ |
|
94 | 0 |
verifyKeyStore( policy, grants[ i ] ); |
95 |
} |
|
96 |
} |
|
97 |
|
|
98 |
/**
|
|
99 |
* Verify that each reference to a keystore is valid.
|
|
100 |
*
|
|
101 |
* @throws Exception if validity check fails
|
|
102 |
*/
|
|
103 | 0 |
private void verifyKeyStore( final PolicyMetaData policy, |
104 |
final GrantMetaData grant ) |
|
105 |
throws Exception
|
|
106 |
{ |
|
107 | 0 |
verifyKeyStoreReference( policy, grant.getKeyStore() ); |
108 | 0 |
final PermissionMetaData[] permissions = grant.getPermissions(); |
109 | 0 |
for( int j = 0; j < permissions.length; j++ ) |
110 |
{ |
|
111 | 0 |
final PermissionMetaData permission = permissions[ j ]; |
112 | 0 |
verifyKeyStoreReference( policy, permission.getKeyStore() ); |
113 |
} |
|
114 |
} |
|
115 |
|
|
116 |
/**
|
|
117 |
* Verify that each reference to a keystore is valid.
|
|
118 |
*
|
|
119 |
* @throws Exception if validity check fails
|
|
120 |
*/
|
|
121 | 0 |
private void verifyKeyStoreReference( final PolicyMetaData policy, |
122 |
final String keyStoreName ) |
|
123 |
throws Exception
|
|
124 |
{ |
|
125 |
//Ignore keystores that are not specified
|
|
126 | 0 |
if( null == keyStoreName ) |
127 |
{ |
|
128 | 0 |
return;
|
129 |
} |
|
130 | 0 |
final KeyStoreMetaData[] keyStores = policy.getKeyStores(); |
131 | 0 |
for( int i = 0; i < keyStores.length; i++ ) |
132 |
{ |
|
133 | 0 |
final KeyStoreMetaData keyStore = keyStores[ i ]; |
134 | 0 |
if( keyStore.getName().equals( keyStoreName ) )
|
135 |
{ |
|
136 | 0 |
return;
|
137 |
} |
|
138 |
} |
|
139 |
|
|
140 | 0 |
final String message = |
141 |
REZ.format( "bad-keystore-reference.error",
|
|
142 |
keyStoreName ); |
|
143 | 0 |
throw new Exception( message ); |
144 |
} |
|
145 |
|
|
146 |
/**
|
|
147 |
* Verify that all the classloaders have valid names.
|
|
148 |
*
|
|
149 |
* @throws Exception if validity check fails
|
|
150 |
*/
|
|
151 | 0 |
private void verifyName( final String name ) |
152 |
throws Exception
|
|
153 |
{ |
|
154 | 0 |
final int size = name.length();
|
155 | 0 |
if( 0 == size )
|
156 |
{ |
|
157 | 0 |
final String message = |
158 |
REZ.format( "empty-name.error",
|
|
159 |
name ); |
|
160 | 0 |
throw new Exception( message ); |
161 |
} |
|
162 | 0 |
final char ch = name.charAt( 0 );
|
163 | 0 |
if( !Character.isLetter( ch ) &&
|
164 |
'_' != ch ) |
|
165 |
{ |
|
166 | 0 |
final String message = |
167 |
REZ.format( "name-invalid-start.error",
|
|
168 |
name ); |
|
169 | 0 |
throw new Exception( message ); |
170 |
} |
|
171 |
|
|
172 | 0 |
for( int i = 1; i < size; i++ ) |
173 |
{ |
|
174 | 0 |
final char c = name.charAt( i );
|
175 | 0 |
if( !Character.isLetterOrDigit( c ) &&
|
176 |
'_' != c && |
|
177 |
'-' != c && |
|
178 |
'.' != c ) |
|
179 |
{ |
|
180 | 0 |
final String message = |
181 |
REZ.format( "name-invalid-char.error",
|
|
182 |
name, |
|
183 |
String.valueOf( c ) ); |
|
184 | 0 |
throw new Exception( message ); |
185 |
} |
|
186 |
} |
|
187 |
} |
|
188 |
|
|
189 |
/**
|
|
190 |
* Verify that an action is null if a target is null.
|
|
191 |
*
|
|
192 |
* @throws Exception if validity check fails
|
|
193 |
*/
|
|
194 | 0 |
private void verifyActions( final PolicyMetaData policy ) |
195 |
throws Exception
|
|
196 |
{ |
|
197 | 0 |
final GrantMetaData[] grants = policy.getGrants(); |
198 | 0 |
for( int i = 0; i < grants.length; i++ ) |
199 |
{ |
|
200 | 0 |
final GrantMetaData grant = grants[ i ]; |
201 | 0 |
final PermissionMetaData[] permissions = grant.getPermissions(); |
202 | 0 |
for( int j = 0; j < permissions.length; j++ ) |
203 |
{ |
|
204 | 0 |
final PermissionMetaData permission = permissions[ j ]; |
205 | 0 |
final String target = permission.getTarget(); |
206 | 0 |
final String action = permission.getAction(); |
207 | 0 |
if( null == target && null != action ) |
208 |
{ |
|
209 | 0 |
final String message = |
210 |
REZ.format( "permission-missing-action.error",
|
|
211 |
grant.getCodebase(), |
|
212 |
permission.getClassname() ); |
|
213 | 0 |
throw new Exception( message ); |
214 |
} |
|
215 |
} |
|
216 |
} |
|
217 |
} |
|
218 |
} |
|
219 |
|
|