|
osdir.com mailing list archive |
|
Subject: Re: Re: [Jessie-discuss] 0.9.6 - msg#00285List: java.vm.kaffe.generalsorry for the long delay. Casey Marshall wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Dalibor" == Dalibor Topic <robilad@xxxxxxxxx> writes: Dalibor> Would it make sense to merge this into kaffe as well? That's be a pretty good idea, even though it isn't complete yet. As-is it provides basic support for X.509 certificates, which is missing in Kaffe right now. I've checked out the sources from CVS, but I can't get them to build without javax.crypto, which is not in kaffe yet (unknown legality of distributing strong crypto from US, etc., we'll let GNU Classpath project figure it out, and follow in their step ;). Dalibor> I also seem to remember that you had done some work on Dalibor> implementing a policy file parser? What's the status of that Dalibor> work? I have an initial implementation, but can't get it to work with Kaffe yet. So it is pretty complete, but untested. My version is here: <http://metastatic.org/source/PolicyFile.java> Merged in, works partially. Check out the source from CVS HEAD, that should give you a starting point for changes. Since our java.security is not (fully) merged with Classpath, some problems may be due to that. Please post to the mailing list when you need things merged in from GNU Classpath (or ask Jim for a CVS account ;). Run programs with kaffe -Dpolicy.provider=gnu.java.security.PolicyFile to try your PolicyFile code out. cheers, dalibor topic Thread at a glance:
Previous Message by Date: click to view message previewCVS kaffe (dalibor): Fixed a few more gcc 3.3.2 -W warningsPatchSet 4364 Date: 2004/01/23 17:17:24 Author: dalibor Branch: HEAD Tag: (none) Log: Fixed a few more gcc 3.3.2 -W warnings 2004-01-23 Dalibor Topic <robilad@xxxxxxxxx> * kaffe/kaffevm/jit3/labels.c: (linkLabels) Removed unused code. Fixed gcc 3.3.2 warning. * kaffe/kaffevm/jit3/machine.c (codeblock_size): Made unsigned to fix gcc warning. Changed scope to static since it's not used outside of machine.c. (checkCaughtExceptions): Changed type of i to unsigned int to fix compiler warning. Changed type of parameter pc to unit32 to match declaration of pc to fix compiler warnings. Members: ChangeLog:1.1949->1.1950 kaffe/kaffevm/jit3/labels.c:1.12->1.13 kaffe/kaffevm/jit3/machine.c:1.46->1.47 Index: kaffe/ChangeLog diff -u kaffe/ChangeLog:1.1949 kaffe/ChangeLog:1.1950 --- kaffe/ChangeLog:1.1949 Thu Jan 22 22:35:14 2004 +++ kaffe/ChangeLog Fri Jan 23 17:17:24 2004 @@ -1,3 +1,18 @@ +2004-01-23 Dalibor Topic <robilad@xxxxxxxxx> + + * kaffe/kaffevm/jit3/labels.c: + (linkLabels) Removed unused code. Fixed gcc 3.3.2 + warning. + + * kaffe/kaffevm/jit3/machine.c + (codeblock_size): Made unsigned to fix gcc warning. + Changed scope to static since it's not used outside + of machine.c. + (checkCaughtExceptions): Changed type of i to + unsigned int to fix compiler warning. Changed type + of parameter pc to unit32 to match declaration of + pc to fix compiler warnings. + 2004-01-22 Christophe Dubach <christophe.dubach@xxxxxxx> * kaffe/kaffevm/jni.c Index: kaffe/kaffe/kaffevm/jit3/labels.c diff -u kaffe/kaffe/kaffevm/jit3/labels.c:1.12 kaffe/kaffe/kaffevm/jit3/labels.c:1.13 --- kaffe/kaffe/kaffevm/jit3/labels.c:1.12 Sun Sep 21 18:18:19 2003 +++ kaffe/kaffe/kaffevm/jit3/labels.c Fri Jan 23 17:17:27 2004 @@ -4,6 +4,9 @@ * Copyright (c) 1996, 1997 * Transvirtual Technologies, Inc. All rights reserved. * + * Copyright (c) 2004 + * Kaffe.org contributors. See ChangeLog for details. All rights reserved. + * * See the file "license.terms" for information on usage and redistribution * of this file. */ @@ -161,7 +164,7 @@ dest = 0; break; default: - goto unhandled; + return; } /* @@ -178,7 +181,7 @@ dest -= codebase; break; default: - goto unhandled; + return; } /* Get the insertion point. */ @@ -209,28 +212,7 @@ /* Machine specific labels go in this magic macro */ EXTRA_LABELS(place, dest, l); - unhandled: -#if 0 - default: -#if defined(KAFFE_VMDEBUG) - kprintf("Label type 0x%x not supported (%p).\n", l->type & Ltypemask, l); -#endif - ABORT(); -#endif } -#if 0 - /* - * If we were saving relocation information we must save all - * labels which are 'Labsolute', that is they hold an absolute - * address for something. Note that this doesn't catch - * everything, specifically it doesn't catch string objects - * or references to classes. - */ - if ((l->type & Labsolute) != 0) { - l->snext = savedLabel; - savedLabel = l; - } -#endif } } Index: kaffe/kaffe/kaffevm/jit3/machine.c diff -u kaffe/kaffe/kaffevm/jit3/machine.c:1.46 kaffe/kaffe/kaffevm/jit3/machine.c:1.47 --- kaffe/kaffe/kaffevm/jit3/machine.c:1.46 Thu Jan 15 02:29:33 2004 +++ kaffe/kaffe/kaffevm/jit3/machine.c Fri Jan 23 17:17:27 2004 @@ -94,7 +94,7 @@ /* Codeblock redzone - allows for safe overrun when generating instructions */ #define CODEBLOCKREDZONE 256 -int codeblock_size; +static uint codeblock_size; static int code_generated; static int bytecode_processed; static int codeperbytecode; @@ -113,7 +113,7 @@ * @param meth The method that may contain an exception handler. * @param pc The location within the method to look for a handler. */ -static void checkCaughtExceptions(Method* meth, int pc); +static void checkCaughtExceptions(Method* meth, uint32 pc); static void initFakeCalls(void); static void makeFakeCalls(void); @@ -820,9 +820,9 @@ */ static void -checkCaughtExceptions(Method* meth, int pc) +checkCaughtExceptions(Method* meth, uint32 pc) { - int i; + unsigned int i; willcatch.ANY = false; willcatch.BADARRAYINDEX = false; Next Message by Date: click to view message previewCVS kaffe (dalibor): Added support for reading policy filesPatchSet 4365 Date: 2004/01/23 17:34:17 Author: dalibor Branch: HEAD Tag: (none) Log: Added support for reading policy files 2004-01-23 Dalibor Topic <robilad@xxxxxxxxx> * libraries/javalib/java/security/PermissionCollection.java, libraries/javalib/java/security/Permissions.java, libraries/javalib/java/security/ProtectionDomain.java, libraries/javalib/java/security/cert/X509Certificate.java: Replaced by implementations from GNU Classpath. * libraries/javalib/profiles/default/core.files, libraries/javalib/profiles/allatonce/all.files: Updated. * libraries/javalib/javax/security/auth/x500/X500Principal.java: New file from GNU Classpath. * libraries/javalib/Makefile.am, libraries/javalib/Makefile.in: Regenerated. 2004-01-23 Casey Marshall <rsdio@xxxxxxxxxxxxxx> * libraries/javalib/gnu/java/security/PolicyFile.java: New file. Members: ChangeLog:1.1950->1.1951 libraries/javalib/Makefile.am:1.164->1.165 libraries/javalib/Makefile.in:1.220->1.221 libraries/javalib/gnu/java/security/PolicyFile.java:INITIAL->1.1 libraries/javalib/java/security/PermissionCollection.java:1.3->1.4 libraries/javalib/java/security/Permissions.java:1.1->1.2 libraries/javalib/java/security/ProtectionDomain.java:1.1->1.2 libraries/javalib/java/security/cert/X509Certificate.java:1.1->1.2 libraries/javalib/javax/security/auth/x500/X500Principal.java:INITIAL->1.1 libraries/javalib/profiles/allatonce/all.files:1.36->1.37 libraries/javalib/profiles/default/core.files:1.24->1.25 Index: kaffe/ChangeLog diff -u kaffe/ChangeLog:1.1950 kaffe/ChangeLog:1.1951 --- kaffe/ChangeLog:1.1950 Fri Jan 23 17:17:24 2004 +++ kaffe/ChangeLog Fri Jan 23 17:34:17 2004 @@ -1,5 +1,29 @@ 2004-01-23 Dalibor Topic <robilad@xxxxxxxxx> + * libraries/javalib/java/security/PermissionCollection.java, + libraries/javalib/java/security/Permissions.java, + libraries/javalib/java/security/ProtectionDomain.java, + libraries/javalib/java/security/cert/X509Certificate.java: + Replaced by implementations from GNU Classpath. + + * libraries/javalib/profiles/default/core.files, + libraries/javalib/profiles/allatonce/all.files: + Updated. + + * libraries/javalib/javax/security/auth/x500/X500Principal.java: + New file from GNU Classpath. + + * libraries/javalib/Makefile.am, + libraries/javalib/Makefile.in: + Regenerated. + +2004-01-23 Casey Marshall <rsdio@xxxxxxxxxxxxxx> + + * libraries/javalib/gnu/java/security/PolicyFile.java: + New file. + +2004-01-23 Dalibor Topic <robilad@xxxxxxxxx> + * kaffe/kaffevm/jit3/labels.c: (linkLabels) Removed unused code. Fixed gcc 3.3.2 warning. Index: kaffe/libraries/javalib/Makefile.am diff -u kaffe/libraries/javalib/Makefile.am:1.164 kaffe/libraries/javalib/Makefile.am:1.165 --- kaffe/libraries/javalib/Makefile.am:1.164 Thu Jan 22 14:39:31 2004 +++ kaffe/libraries/javalib/Makefile.am Fri Jan 23 17:34:18 2004 @@ -140,6 +140,7 @@ $(javax_net_ssl_SRCS) \ $(javax_rmi_SRCS) \ $(javax_rmi_CORBA_SRCS) \ + $(javax_security_auth_x500_SRCS) \ $(javax_security_cert_SRCS) \ $(javax_sound_midi_SRCS) \ $(javax_sound_midi_spi_SRCS) \ @@ -486,7 +487,8 @@ gnu/java/rmi/server/UnicastServerRef.java gnu_java_security_SRCS = \ gnu/java/security/Engine.java \ - gnu/java/security/OID.java + gnu/java/security/OID.java \ + gnu/java/security/PolicyFile.java gnu_java_security_der_SRCS = \ gnu/java/security/der/BitString.java \ gnu/java/security/der/DEREncodingException.java \ @@ -1882,6 +1884,8 @@ javax/rmi/CORBA/UtilDelegate.java \ javax/rmi/CORBA/Util.java \ javax/rmi/CORBA/ValueHandler.java +javax_security_auth_x500_SRCS = \ + javax/security/auth/x500/X500Principal.java javax_security_cert_SRCS = \ javax/security/cert/CertificateEncodingException.java \ javax/security/cert/CertificateException.java \ Index: kaffe/libraries/javalib/Makefile.in diff -u kaffe/libraries/javalib/Makefile.in:1.220 kaffe/libraries/javalib/Makefile.in:1.221 --- kaffe/libraries/javalib/Makefile.in:1.220 Thu Jan 22 14:39:32 2004 +++ kaffe/libraries/javalib/Makefile.in Fri Jan 23 17:34:19 2004 @@ -446,6 +446,7 @@ $(javax_net_ssl_SRCS) \ $(javax_rmi_SRCS) \ $(javax_rmi_CORBA_SRCS) \ + $(javax_security_auth_x500_SRCS) \ $(javax_security_cert_SRCS) \ $(javax_sound_midi_SRCS) \ $(javax_sound_midi_spi_SRCS) \ @@ -817,7 +818,8 @@ gnu_java_security_SRCS = \ gnu/java/security/Engine.java \ - gnu/java/security/OID.java + gnu/java/security/OID.java \ + gnu/java/security/PolicyFile.java gnu_java_security_der_SRCS = \ gnu/java/security/der/BitString.java \ @@ -2282,6 +2284,9 @@ javax/rmi/CORBA/UtilDelegate.java \ javax/rmi/CORBA/Util.java \ javax/rmi/CORBA/ValueHandler.java + +javax_security_auth_x500_SRCS = \ + javax/security/auth/x500/X500Principal.java javax_security_cert_SRCS = \ javax/security/cert/CertificateEncodingException.java \ =================================================================== Checking out kaffe/libraries/javalib/gnu/java/security/PolicyFile.java RCS: /home/cvs/kaffe/kaffe/libraries/javalib/gnu/java/security/PolicyFile.java,v VERS: 1.1 *************** --- /dev/null Sun Aug 4 19:57:58 2002 +++ kaffe/libraries/javalib/gnu/java/security/PolicyFile.java Fri Jan 23 17:37:15 2004 @@ -0,0 +1,674 @@ +/* PolicyFile.java -- policy file reader. + Copyright (C) 2003 Casey Marshall <rsdio@xxxxxxxxxxxxxx> + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security; + +import java.io.File; +import java.io.FileReader; +import java.io.InputStreamReader; +import java.io.IOException; +import java.io.Reader; +import java.io.StreamTokenizer; + +import java.lang.reflect.Constructor; +import java.net.URL; +import java.net.MalformedURLException; + +import java.security.AccessController; +import java.security.CodeSource; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Permission; +import java.security.Permissions; +import java.security.PermissionCollection; +import java.security.Policy; +import java.security.Principal; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.security.Security; +import java.security.UnresolvedPermission; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; + +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.StringTokenizer; + +/** + * An implementation of a {@link java.security.Policy} object whose + * permissions are specified by a <em>policy file</em>. + * + * <p>The approximate syntax of policy files is:</p> + * + * <pre> + * policyFile ::= keystoreOrGrantEntries ; + * + * keystoreOrGrantEntries ::= keystoreOrGrantEntry | + * keystoreOrGrantEntries keystoreOrGrantEntry | + * EMPTY ; + * + * keystoreOrGrantEntry ::= keystoreEntry | grantEntry ; + * + * keystoreEntry ::= "keystore" keystoreUrl ';' | + * "keystore" keystoreUrl ',' keystoreAlgorithm ';' ; + * + * keystoreUrl ::= URL ; + * keystoreAlgorithm ::= STRING ; + * + * grantEntry ::= "grant" domainParameters '{' permissions '}' ';' + * + * domainParameters ::= domainParameter | + * domainParameter ',' domainParameters ; + * + * domainParameter ::= "signedBy" signerNames | + * "codeBase" codeBaseUrl | + * "principal" principalClassName principalName | + * "principal" principalName ; + * + * signerNames ::= quotedString ; + * codeBaseUrl ::= URL ; + * principalClassName ::= STRING ; + * principalName ::= quotedString ; + * + * quotedString ::= quoteChar STRING quoteChar ; + * quoteChar ::= '"' | '\''; + * + * permissions ::= permission | permissions permission ; + * + * permission ::= "permission" permissionClassName permissionTarget permissionAction | + * "permission" permissionClassName permissionTarget | + * "permission" permissionClassName; + * </pre> + * + * <p>Comments are either form of Java comments. Keystore entries only + * affect subsequent grant entries, so if a grant entry preceeds a + * keystore entry, that grant entry is not affected by that keystore + * entry. Certian instances of <code>${property-name}</code> will be + * replaced with <code>System.getProperty("property-name")</code> in + * quoted strings.</p> + * + * <p>This class will load the following files when created or + * refreshed, in order:</p> + * + * <ol> + * <li>The file <code>${java.home}/lib/security/java.policy</code>.</li> + * <li>All URLs specified by security properties + * <code>"policy.file.<i>n</i>"</code>, for increasing <i>n</i> + * starting from 1. The sequence stops at the first undefined + * property, so you must set <code>"policy.file.1"</code> if you also + * set <code>"policy.file.2"</code>, and so on.</li> + * <li>The URL specified by the property + * <code>"java.security.policy"</code>.</li> + * </ol> + * + * @author Casey Marshall (rsdio@xxxxxxxxxxxxxx) + * @see java.security.Policy + */ +public final class PolicyFile extends Policy +{ + + // Constants and fields. + // ------------------------------------------------------------------------- + + private static final boolean DEBUG = true; + private static void debug(String msg) + { + if (DEBUG) + { + System.err.print(">> PolicyFile: "); + System.err.println(msg); + } + } + + private static void debug(Throwable t) + { + if (DEBUG) + { + System.err.println(">> PolicyFile"); + t.printStackTrace(System.err); + } + } + + private static final String DEFAULT_POLICY = System.getProperty("java.home") + + System.getProperty("file.separator") + "lib" + + System.getProperty("file.separator") + "security" + + System.getProperty("file.separator") + "java.policy"; + + private final Map cs2pc; + + // Constructors. + // ------------------------------------------------------------------------- + + public PolicyFile() + { + cs2pc = new HashMap(); + refresh(); + } + + // Instance methods. + // ------------------------------------------------------------------------- + + public PermissionCollection getPermissions(CodeSource codeSource) + { + Permissions perms = new Permissions(); + for (Iterator it = cs2pc.entrySet().iterator(); it.hasNext(); ) + { + Map.Entry e = (Map.Entry) it.next(); + CodeSource cs = (CodeSource) e.getKey(); + if (cs.implies(codeSource)) + { + debug(cs+" -> "+codeSource); + PermissionCollection pc = (PermissionCollection) e.getValue(); + for (Enumeration ee = pc.elements(); ee.hasMoreElements(); ) + { + perms.add((Permission) ee.nextElement()); + } + } + else + debug(cs+" !-> "+codeSource); + } + perms.setReadOnly(); + return perms; + } + + public void refresh() + { + cs2pc.clear(); + List policyFiles = new LinkedList(); + try + { + policyFiles.add(new File(DEFAULT_POLICY).toURL()); + policyFiles.addAll((List) AccessController.doPrivileged( + new PrivilegedExceptionAction() + { + public Object run() throws Exception + { + LinkedList l = new LinkedList(); + for (int i = 1; ; i++) + { + String s = Security.getProperty("policy.file."+i); + debug("policy.file."+i+"="+s); + if (s == null) + break; + l.add(new URL(s)); + } + String s = System.getProperty("java.security.policy"); + debug("java.security.policy="+s); + if (s != null) + l.add(new URL(s)); + return l; + } + })); + } + catch (PrivilegedActionException pae) + { + debug(pae); + } + catch (MalformedURLException mue) + { + debug(mue); + } + for (Iterator it = policyFiles.iterator(); it.hasNext(); ) + { + try + { + URL url = (URL) it.next(); + parse(url); + } + catch (IOException ioe) + { + debug(ioe); + } + } + } + + public String toString() + { + return super.toString() + " [ " + cs2pc.toString() + " ]"; + } + + // Own methods. + // ------------------------------------------------------------------------- + + private static final int STATE_BEGIN = 0; + private static final int STATE_GRANT = 1; + private static final int STATE_PERMS = 2; + + /** + * Parse a policy file, incorporating the permission definitions + * described therein. + * + * @param url The URL of the policy file to read. + * @throws IOException if an I/O error occurs, or if the policy file + * cannot be parsed. + */ + private void parse(final URL url) throws IOException + { + final StreamTokenizer in = new StreamTokenizer(new InputStreamReader(url.openStream())); + in.resetSyntax(); + in.slashSlashComments(true); + in.slashStarComments(true); + in.wordChars('A', 'Z'); + in.wordChars('a', 'z'); + in.wordChars('0', '9'); + in.wordChars('.', '.'); + in.wordChars('_', '_'); + in.wordChars('$', '$'); + in.whitespaceChars(' ', ' '); + in.whitespaceChars('\t', '\t'); + in.whitespaceChars('\f', '\f'); + in.whitespaceChars('\n', '\n'); + in.whitespaceChars('\r', '\r'); + in.quoteChar('\''); + in.quoteChar('"'); + + int tok; + int state = STATE_BEGIN; + List keystores = new LinkedList(); + URL currentBase = null; + List currentCerts = new LinkedList(); + Permissions currentPerms = new Permissions(); + while ((tok = in.nextToken()) != StreamTokenizer.TT_EOF) + { + switch (tok) + { + case '{': + if (state != STATE_GRANT) + error(url, in, "spurious '{'"); + state = STATE_PERMS; + tok = in.nextToken(); + break; + case '}': + if (state != STATE_PERMS) + error(url, in, "spurious '}'"); + state = STATE_BEGIN; + currentPerms.setReadOnly(); + Certificate[] c = null; + if (!currentCerts.isEmpty()) + c = (Certificate[]) currentCerts.toArray(new Certificate[currentCerts.size()]); + cs2pc.put(new CodeSource(currentBase, c), currentPerms); + currentCerts.clear(); + currentPerms = new Permissions(); + currentBase = null; + tok = in.nextToken(); + if (tok != ';') + in.pushBack(); + continue; + } + if (tok != StreamTokenizer.TT_WORD) + { + error(url, in, "expecting word token"); + } + + // keystore "<keystore-path>" [',' "<keystore-type>"] ';' + if (in.sval.equalsIgnoreCase("keystore")) + { + String alg = KeyStore.getDefaultType(); + tok = in.nextToken(); + if (tok != '"' && tok != '\'') + error(url, in, "expecting key store URL"); + String store = in.sval; + tok = in.nextToken(); + if (tok == ',') + { + tok = in.nextToken(); + if (tok != '"' && tok != '\'') + error(url, in, "expecting key store type"); + alg = in.sval; + tok = in.nextToken(); + } + if (tok != ';') + error(url, in, "expecting semicolon"); + try + { + KeyStore keystore = KeyStore.getInstance(alg); + keystore.load(new URL(url, store).openStream(), null); + keystores.add(keystore); + } + catch (Exception x) + { + error(url, in, x.toString()); + } + } + else if (in.sval.equalsIgnoreCase("grant")) + { + if (state != STATE_BEGIN) + error(url, in, "extraneous grant keyword"); + state = STATE_GRANT; + } + else if (in.sval.equalsIgnoreCase("signedBy")) + { + if (state != STATE_GRANT && state != STATE_PERMS) + error(url, in, "spurious 'signedBy'"); + if (keystores.isEmpty()) + error(url, in, "'signedBy' with no keystores"); + tok = in.nextToken(); + if (tok != '"' && tok != '\'') + error(url, in, "expecting signedBy name"); + StringTokenizer st = new StringTokenizer(in.sval, ","); + while (st.hasMoreTokens()) + { + String alias = st.nextToken(); + for (Iterator it = keystores.iterator(); it.hasNext(); ) + { + KeyStore keystore = (KeyStore) it.next(); + try + { + if (keystore.isCertificateEntry(alias)) + currentCerts.add(keystore.getCertificate(alias)); + } + catch (KeyStoreException kse) + { + error(url, in, kse.toString()); + } + } + } + tok = in.nextToken(); + if (tok != ',') + { + if (state != STATE_GRANT) + error(url, in, "spurious ','"); + in.pushBack(); + } + } + else if (in.sval.equalsIgnoreCase("codeBase")) + { + if (state != STATE_GRANT) + error(url, in, "spurious 'codeBase'"); + tok = in.nextToken(); + if (tok != '"' && tok != '\'') + error(url, in, "expecting code base URL"); + String base = expand(in.sval); + if (File.separatorChar != '/') + base = base.replace(File.separatorChar, '/'); + try + { + currentBase = new URL(base); + } + catch (MalformedURLException mue) + { + error(url, in, mue.toString()); + } + tok = in.nextToken(); + if (tok != ',') + in.pushBack(); + } + else if (in.sval.equalsIgnoreCase("principal")) + { + if (state != STATE_GRANT) + error(url, in, "spurious 'principal'"); + tok = in.nextToken(); + if (tok == StreamTokenizer.TT_WORD) + { + tok = in.nextToken(); + if (tok != '"' && tok != '\'') + error(url, in, "expecting principal name"); + String name = in.sval; + Principal p = null; + try + { + Class pclass = Class.forName(in.sval); + Constructor c = + pclass.getConstructor(new Class[] { String.class }); + p = (Principal) c.newInstance(new Object[] { name }); + } + catch (Exception x) + { + error(url, in, x.toString()); + } + for (Iterator it = keystores.iterator(); it.hasNext(); ) + { + KeyStore ks = (KeyStore) it.next(); + try + { + for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) + { + String alias = (String) e.nextElement(); + if (ks.isCertificateEntry(alias)) + { + Certificate cert = ks.getCertificate(alias); + if (!(cert instanceof X509Certificate)) + continue; + if (p.equals(((X509Certificate) cert).getSubjectDN()) || + p.equals(((X509Certificate) cert).getSubjectX500Principal())) + currentCerts.add(cert); + } + } + } + catch (KeyStoreException kse) + { + error(url, in, kse.toString()); + } + } + } + else if (tok == '"' || tok == '\'') + { + String alias = in.sval; + for (Iterator it = keystores.iterator(); it.hasNext(); ) + { + KeyStore ks = (KeyStore) it.next(); + try + { + if (ks.isCertificateEntry(alias)) + currentCerts.add(ks.getCertificate(alias)); + } + catch (KeyStoreException kse) + { + error(url, in, kse.toString()); + } + } + } + else + error(url, in, "expecting principal"); + tok = in.nextToken(); + if (tok != ',') + in.pushBack(); + } + else if (in.sval.equalsIgnoreCase("permission")) + { + if (state != STATE_PERMS) + error(url, in, "spurious 'permission'"); + tok = in.nextToken(); + if (tok != StreamTokenizer.TT_WORD) + error(url, in, "expecting permission class name"); + String className = in.sval; + Class clazz = null; + try + { + clazz = Class.forName(className); + } + catch (ClassNotFoundException cnfe) + { + } + tok = in.nextToken(); + if (tok == ';') + { + if (clazz == null) + { + currentPerms.add(new UnresolvedPermission(className, + null, null, (Certificate[]) currentCerts.toArray(new Certificate[0]))); + continue; + } + try + { + currentPerms.add((Permission) clazz.newInstance()); + } + catch (Exception x) + { + error(url, in, x.toString()); + } + continue; + } + if (tok != '"' && tok != '\'') + error(url, in, "expecting permission target"); + String target = expand(in.sval); + tok = in.nextToken(); + if (tok == ';') + { + if (clazz == null) + { + currentPerms.add(new UnresolvedPermission(className, + target, null, (Certificate[]) currentCerts.toArray(new Certificate[0]))); + continue; + } + try + { + Constructor c = + clazz.getConstructor(new Class[] { String.class }); + currentPerms.add((Permission) c.newInstance( + new Object[] { target })); + } + catch (Exception x) + { + error(url, in, x.toString()); + } + continue; + } + if (tok != ',') + error(url, in, "expecting ','"); + tok = in.nextToken(); + if (tok == StreamTokenizer.TT_WORD) + { + if (!in.sval.equalsIgnoreCase("signedBy")) + error(url, in, "expecting 'signedBy'"); + try + { + Constructor c = + clazz.getConstructor(new Class[] { String.class }); + currentPerms.add((Permission) c.newInstance( + new Object[] { target })); + } + catch (Exception x) + { + error(url, in, x.toString()); + } + in.pushBack(); + continue; + } + if (tok != '"' && tok != '\'') + error(url, in, "expecting permission action"); + String action = in.sval; + if (clazz == null) + { + currentPerms.add(new UnresolvedPermission(className, + target, action, (Certificate[]) currentCerts.toArray(new Certificate[0]))); + continue; + } + else + { + try + { + Constructor c = clazz.getConstructor( + new Class[] { String.class, String.class }); + currentPerms.add((Permission) c.newInstance( + new Object[] { target, action })); + } + catch (Exception x) + { + error(url, in, x.toString()); + } + } + tok = in.nextToken(); + if (tok != ';' && tok != ',') + error(url, in, "expecting ';' or ','"); + } + } + } + + /** + * Expand all instances of <code>"${property-name}"</code> into + * <code>System.getProperty("property-name")</code>. + */ + private static String expand(final String s) + { + final StringBuffer result = new StringBuffer(); + final StringBuffer prop = new StringBuffer(); + int state = 0; + for (int i = 0; i < s.length(); i++) + { + switch (state) + { + case 0: + if (s.charAt(i) == '$') + state = 1; + else + result.append(s.charAt(i)); + break; + case 1: + if (s.charAt(i) == '{') + state = 2; + else + { + state = 0; + result.append('$').append(s.charAt(i)); + } + break; + case 2: + if (s.charAt(i) == '}') + { + String p = prop.toString(); + if (p.equals("/")) + p = "file.separator"; + p = System.getProperty(p); + if (p == null) + p = ""; + result.append(p); + prop.setLength(0); + state = 0; + } + else + prop.append(s.charAt(i)); + break; + } + } + if (state != 0) + result.append('$').append('{').append(prop); + return result.toString(); + } + + /** + * I miss macros. + */ + private static void error(URL base, StreamTokenizer in, String msg) + throws IOException + { + throw new IOException(base+":"+in.lineno()+": "+msg); + } +} Index: kaffe/libraries/javalib/java/security/PermissionCollection.java diff -u kaffe/libraries/javalib/java/security/PermissionCollection.java:1.3 kaffe/libraries/javalib/java/security/PermissionCollection.java:1.4 --- kaffe/libraries/javalib/java/security/PermissionCollection.java:1.3 Sun May 18 16:44:56 2003 +++ kaffe/libraries/javalib/java/security/PermissionCollection.java Fri Jan 23 17:34:20 2004 @@ -1,45 +1,167 @@ +/* PermissionCollection.java -- A collection of permission objects + Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc. -/* - * Java core library component. - * - * Copyright (c) 1999 - * Archie L. Cobbs. All rights reserved. - * Copyright (c) 1999 - * Transvirtual Technologies, Inc. All rights reserved. - * - * See the file "license.terms" for information on usage and redistribution - * of this file. - * - * Author: Archie L. Cobbs <archie@xxxxxxxxxxx> - */ +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ package java.security; +import java.io.Serializable; import java.util.Enumeration; -public abstract class PermissionCollection { - private boolean readOnly; - - public PermissionCollection() { - } - - public abstract void add(Permission permission); - - public abstract boolean implies(Permission permission); - - public abstract Enumeration elements(); - - public void setReadOnly() { - readOnly = true; - } - - public boolean isReadOnly() { - return readOnly; - } - - public String toString() { - return super.toString(); - } -} - - +/** + * This class models a group of Java permissions. It has convenient + * methods for determining whether or not a given permission is implied + * by any of the permissions in this collection. + * + * <p>Some care must be taken in storing permissions. First, a collection of + * the appropriate type must be created. This is done by calling the + * <code>newPermissionCollection</code> method on an object of the + * permission class you wish to add to the collection. If this method + * returns <code>null</code>, any type of <code>PermissionCollection</code> + * can be used to store permissions of that type. However, if a + * <code>PermissionCollection</code> collection object is returned, that + * type must be used. + * + * <p>A <code>PermissionCollection</code> returned by the + * <code>newPermissionCollection</code> method in a subclass of + * <code>Permission</code> is a homogeneous collection. It only will + * hold permissions of one specified type - instances of the class that + * created it. Not all <code>PermissionCollection</code> subclasses + * have to hold permissions of only one type however. For example, + * the <code>Permissions</code> class holds permissions of many types. + * + * <p>Since the <code>newPermissionCollection</code> in <code>Permission</code> + * itself returns <code>null</code>, by default a permission can be stored + * in any type of collection unless it overrides that method to create its + * own collection type. + * + * @author Aaron M. Renn <arenn@xxxxxxxxxxxxxxx> + * @author Eric Blake <ebb9@xxxxxxxxxxxxx> + * @see Permission + * @see Permissions + * @since 1.1 + * @status updated to 1.4 + */ +public abstract class PermissionCollection implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -6727011328946861783L; + + /** + * Indicates whether or not this collection is read only. + * + * @serial if the collection is read-only + */ + private boolean readOnly; + + /** + * Create a new collection. + */ + public PermissionCollection() + { + } + + /** + * This method adds a new <code>Permission</code> object to the collection. + * + * @param perm the <code>Permission</code> to add + * + * @throws SecurityException if the collection is marked read only + * @throws IllegalArgumentException if perm is of the wrong type + */ + public abstract void add(Permission perm); + + /** + * This method tests whether the specified <code>Permission</code> object is + * implied by this collection of <code>Permission</code> objects. + * + * @param perm the <code>Permission</code> object to test + * @return true if the collection implies perm + */ + public abstract boolean implies(Permission perm); + + /** + * This method returns an <code>Enumeration</code> of all the objects in + * this collection. + * + * @return an <code>Enumeration</code> of this collection's objects + */ + public abstract Enumeration elements(); + + /** + * This method sets this <code>PermissionCollection</code> object to be + * read only. No further permissions can be added to it after calling this + * method. + */ + public void setReadOnly() + { + readOnly = true; *** Patch too long, truncated *** Previous Message by Thread: click to view message previewRe: Re: [Jessie-discuss] 0.9.6-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Dalibor" == Dalibor Topic <robilad@xxxxxxxxx> writes: >> The MD5 sums of these releases are: >> 564512fb3772f63762285b96e3e500e9 jessie-0.9.6.tar.gz >> 89b5d347bd4543201d0770918b3debb8 jessie-0.9.6.zip Also of interest >> is the PKI implementation I am working on, which is in Jessie's CVS >> repository under the module 'pki'. You can get this package by >> using: cvs -z3 -d:ext:anoncvs@xxxxxxxxxxxxxxxxxxx:/cvsroot/jessie >> co pki Dalibor> Is that the PKI module that's going to be part of java crypto Dalibor> one day? That's how I'm writing it, but I can't say where it will eventually end up. Dalibor> Would it make sense to merge this into kaffe as well? That's be a pretty good idea, even though it isn't complete yet. As-is it provides basic support for X.509 certificates, which is missing in Kaffe right now. Dalibor> I also seem to remember that you had done some work on Dalibor> implementing a policy file parser? What's the status of that Dalibor> work? I have an initial implementation, but can't get it to work with Kaffe yet. So it is pretty complete, but untested. My version is here: <http://metastatic.org/source/PolicyFile.java> - -- Casey Marshall || rsdio@xxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/> iD8DBQFAAfYNgAuWMgRGsWsRAglJAJ4yMgX0CXlGrFeO78qSUNQr8IQaDACffEF8 DaUb8GJ4E0XX+94AvCh8SNE= =v4uH -----END PGP SIGNATURE----- Next Message by Thread: click to view message previewRe: Re: [Jessie-discuss] 0.9.6On Fri, 23 Jan 2004 18:34:25 +0100 Dalibor Topic <robilad@xxxxxxxxx> wrote: > I've checked out the sources from CVS, but I can't get them to build > without javax.crypto, which is not in kaffe yet (unknown legality of > distributing strong crypto from US, etc., we'll let GNU Classpath > project figure it out, and follow in their step ;). I think we can do it. All we have to do is send an email to the US government with the address of where we are distributing it from: http://www.bxa.doc.gov/encryption/PubAvailEncSourceCodeNofify.html Then it should be legal, at least in the eyes of the U.S. government. It will make it trickier for others to redistribute the kaffe sources within the US, since they technically would have to register as well. I'm really not too concerned about that, since, in principal, I think the laws are just historical baggage at this point, and I don't want to worry about what quirky laws individual jurisdictions have. Other countries also have weird crypto regulations (thanks, Wassenaar). So, please check in the crypto stuff, and I'll send the email to the government with the file locations. Then I'll sit and wait for the black helicopters... :-) Cheers, - Jim Loading Comments...
|
|
