[FELIX-2294] Patch Framework Security for compatibility - ASF JIRA

Details

Type: Task
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: framework.security-1.2.0
Component/s: Framework Security
Labels:
- felix
- framework
- patch
- security

Description

Current version of Felix Framework Security in trunk is compatible with old 2.0.4 Felix version.
Would it be possible to integrate something like the following patch to framework.security so that it works with current trunk ?
Thanks,

François

Index: src/main/java/org/apache/felix/framework/SecurityProviderImpl.java
===================================================================
— src/main/java/org/apache/felix/framework/SecurityProviderImpl.java (révision 935820)
+++ src/main/java/org/apache/felix/framework/SecurityProviderImpl.java (copie de travail)
@@ -27,7 +27,8 @@
import org.apache.felix.framework.security.util.TrustManager;
import org.apache.felix.framework.security.verifier.BundleDNParser;
import org.apache.felix.framework.util.SecureAction;
-import org.apache.felix.moduleloader.IModule;
+//import org.apache.felix.moduleloader.IModule;
+import org.apache.felix.framework.resolver.Module;
import org.osgi.framework.Bundle;

/**
@@ -59,7 +60,7 @@
*/
public void checkBundle(Bundle bundle) throws Exception

{ - IModule module = ((BundleImpl) bundle).getCurrentModule(); + Module module = ((BundleImpl) bundle).getCurrentModule(); m_parser.checkDNChains(module, module.getContent(), Bundle.SIGNERS_TRUSTED); }

@@ -69,7 +70,7 @@
*/
public Object getSignerMatcher(final Bundle bundle, int signersType)

{ - IModule module = ((BundleImpl) bundle).getCurrentModule(); + Module module = ((BundleImpl) bundle).getCurrentModule(); return m_parser.getDNChains(module, module.getContent(), signersType); }

@@ -84,7 +85,7 @@
{
BundleProtectionDomain pd = (BundleProtectionDomain) bundleProtectionDomain;
BundleImpl bundle = pd.getBundle();

IModule module = pd.getModule();
+ Module module = pd.getModule();

if (bundle.getBundleId() == 0)

{ @@ -131,4 +132,4 @@ return false; }

-}
\ No newline at end of file
+}
Index: src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java
===================================================================
— src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java (révision 935820)
+++ src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java (copie de travail)
@@ -56,11 +56,20 @@
import org.apache.felix.framework.security.util.PropertiesCache;
import org.apache.felix.framework.util.IteratorToEnumeration;
import org.apache.felix.framework.util.manifestparser.R4Library;
+
+/*
import org.apache.felix.moduleloader.ICapability;
import org.apache.felix.moduleloader.IContent;
import org.apache.felix.moduleloader.IModule;
import org.apache.felix.moduleloader.IRequirement;
import org.apache.felix.moduleloader.IWire;
+*/
+import org.apache.felix.framework.capabilityset.Capability;
+import org.apache.felix.framework.capabilityset.Requirement;
+import org.apache.felix.framework.resolver.Content;
+import org.apache.felix.framework.resolver.Module;
+import org.apache.felix.framework.resolver.Wire;
+
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.BundleException;
@@ -654,7 +663,7 @@

{ return result.booleanValue(); }

if (eval(posts, new IModule()
+ if (eval(posts, new Module() { public Bundle getBundle() @@ -662,7 +671,7 @@ return fake; }

public ICapability[] getCapabilities()
+ public List<Capability> getCapabilities() { return null; }
@@ -673,7 +682,7 @@
return null;
}

- public IContent getContent()
+ public Content getContent()
{ return null; }
@@ -683,7 +692,7 @@
return 0;
}

public IRequirement[] getDynamicRequirements()
+ public List<Requirement> getDynamicRequirements() { return null; }
@@ -709,12 +718,12 @@
return null;
}

- public R4Library[] getNativeLibraries()
+ public List<R4Library> getNativeLibraries()
{ return null; }

public IRequirement[] getRequirements()
+ public List<Requirement> getRequirements() { return null; }
@@ -744,7 +753,7 @@
return null;
}

- public IWire[] getWires()
+ public List<Wire> getWires()
{ return null; }
@@ -921,7 +930,7 @@

@return true in case the permission is granted or there are postponed
tuples false if not. Again, see the spec for more explanations.
*/

public boolean hasPermission(IModule module, IContent content,
+ public boolean hasPermission(Module module, Content content,
ProtectionDomain pd, Permission permission, boolean direct, Object admin) { // System.out.println(felixBundle + "-" + permission); @@ -1005,7 +1014,7 @@ return result; }

public boolean impliesLocal(Bundle felixBundle, IContent content,
+ public boolean impliesLocal(Bundle felixBundle, Content content,
Permission permission)
{
return m_localPermissions.implies(content, felixBundle, permission);
@@ -1024,7 +1033,7 @@
// then we make sure their permissions imply the permission and add them
// to the list of posts. Return true in case we pass or have posts
// else falls and clear the posts first.
private boolean eval(List posts, IModule module, Permission permission,
+ private boolean eval(List posts, Module module, Permission permission,
Object admin)
{
List condPermInfos = null;
Index: src/main/java/org/apache/felix/framework/security/permissionadmin/PermissionAdminImpl.java
===================================================================
- - src/main/java/org/apache/felix/framework/security/permissionadmin/PermissionAdminImpl.java (révision 935820)
    +++ src/main/java/org/apache/felix/framework/security/permissionadmin/PermissionAdminImpl.java (copie de travail)
    @@ -30,7 +30,10 @@
    import org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl;
    import org.apache.felix.framework.security.util.Permissions;
    import org.apache.felix.framework.security.util.PropertiesCache;
    -import org.apache.felix.moduleloader.IContent;
    +
    +//import org.apache.felix.moduleloader.IContent;
    +import org.apache.felix.framework.resolver.Content;
    +
    import org.osgi.framework.Bundle;
    import org.osgi.service.permissionadmin.PermissionAdmin;
    import org.osgi.service.permissionadmin.PermissionInfo;
    @@ -124,7 +127,7 @@
    */
    public Boolean hasPermission(String location, Bundle bundle,
    Permission permission, ConditionalPermissionAdminImpl cpai,
ProtectionDomain pd, IContent content)
+ ProtectionDomain pd, Content content) { PermissionInfo[] permissions = null; PermissionInfo[] defaults = null; Index: src/main/java/org/apache/felix/framework/security/verifier/BundleDNParser.java =================================================================== --- src/main/java/org/apache/felix/framework/security/verifier/BundleDNParser.java (révision 935820) +++ src/main/java/org/apache/felix/framework/security/verifier/BundleDNParser.java (copie de travail) @@ -36,8 +36,14 @@ import org.apache.felix.framework.security.util.BundleInputStream; import org.apache.felix.framework.security.util.TrustManager; +/* import org.apache.felix.moduleloader.IContent; import org.apache.felix.moduleloader.IModule; +*/ +import org.apache.felix.framework.resolver.Content; +import org.apache.felix.framework.resolver.Module; + + import org.osgi.framework.Bundle; public final class BundleDNParser @@ -98,7 +104,7 @@ }
}

public void checkDNChains(IModule root, IContent content, int signersType)
+ public void checkDNChains(Module root, Content content, int signersType)
throws Exception { if (signersType == Bundle.SIGNERS_TRUSTED) @@ -165,7 +171,7 @@ }
}

public Map getDNChains(IModule root, IContent bundleRevision,
+ public Map getDNChains(Module root, Content bundleRevision,
int signersType) { if (signersType == Bundle.SIGNERS_TRUSTED) @@ -223,7 +229,7 @@ return (result == null) ? new HashMap() : new HashMap(result); }

private Map _getDNChains(IContent content, boolean check)
+ private Map _getDNChains(Content content, boolean check)
throws IOException
{
X509Certificate[] certificates = null;
Index: src/main/java/org/apache/felix/framework/security/util/BundleInputStream.java
===================================================================
- - src/main/java/org/apache/felix/framework/security/util/BundleInputStream.java (révision 935820)
    +++ src/main/java/org/apache/felix/framework/security/util/BundleInputStream.java (copie de travail)
    @@ -30,7 +30,8 @@
    import java.util.jar.JarOutputStream;

import org.apache.felix.framework.util.IteratorToEnumeration;
-import org.apache.felix.moduleloader.IContent;
+//import org.apache.felix.moduleloader.IContent;
+import org.apache.felix.framework.resolver.Content;

/**

This class makes a given content available as a inputstream with a jar
@@ -38,14 +39,14 @@
*/
public final class BundleInputStream extends InputStream
{

private final IContent m_root;
+ private final Content m_root;
private final Enumeration m_content;
private final OutputStreamBuffer m_outputBuffer = new OutputStreamBuffer();

private ByteArrayInputStream m_buffer = null;
private JarOutputStream m_output = null;

public BundleInputStream(IContent root) throws IOException
+ public BundleInputStream(Content root) throws IOException
{
m_root = root;

Index: src/main/java/org/apache/felix/framework/security/util/LocalPermissions.java
===================================================================
— src/main/java/org/apache/felix/framework/security/util/LocalPermissions.java (révision 935820)
+++ src/main/java/org/apache/felix/framework/security/util/LocalPermissions.java (copie de travail)
@@ -28,7 +28,8 @@
import java.util.Map;
import java.util.WeakHashMap;

-import org.apache.felix.moduleloader.IContent;
+//import org.apache.felix.moduleloader.IContent;
+import org.apache.felix.framework.resolver.Content;
import org.osgi.framework.Bundle;
import org.osgi.service.permissionadmin.PermissionInfo;

@@ -65,7 +66,7 @@

the permission to check
@return true if implied by local permissions.
*/

public boolean implies(IContent content, Bundle bundle,
+ public boolean implies(Content content, Bundle bundle,
Permission permission) { PermissionInfo[] permissions = null; Index: src/main/java/org/apache/felix/framework/security/util/Conditions.java =================================================================== --- src/main/java/org/apache/felix/framework/security/util/Conditions.java (révision 935820) +++ src/main/java/org/apache/felix/framework/security/util/Conditions.java (copie de travail) @@ -30,7 +30,10 @@ import org.apache.felix.framework.security.condpermadmin.ConditionalPermissionInfoImpl; import org.apache.felix.framework.util.SecureAction; -import org.apache.felix.moduleloader.IModule; + +//import org.apache.felix.moduleloader.IModule; +import org.apache.felix.framework.resolver.Module; + import org.osgi.framework.Bundle; import org.osgi.service.condpermadmin.Condition; import org.osgi.service.condpermadmin.ConditionInfo; @@ -47,7 +50,7 @@ private final Map m_cache = new WeakHashMap(); - private final IModule m_module; + private final Module m_module; private final ConditionInfo[] m_conditionInfos; private final Condition[] m_conditions; @@ -58,7 +61,7 @@ this(null, null, action); }

private Conditions(IModule module, ConditionInfo[] conditionInfos,
+ private Conditions(Module module, ConditionInfo[] conditionInfos,
SecureAction action) { m_module = module; @@ -92,7 +95,7 @@ m_action = action; }

public Conditions getConditions(IModule key, ConditionInfo[] conditions)
+ public Conditions getConditions(Module key, ConditionInfo[] conditions)
{
Conditions result = null;
Map index = null;
Index: pom.xml
===================================================================
- - pom.xml (révision 936143)
    +++ pom.xml (copie de travail)
    @@ -40,13 +40,21 @@
    <dependency>
    <groupId>${pom.groupId}</groupId>
    <artifactId>org.apache.felix.framework</artifactId>
<version>2.0.4</version>
+ <version>2.1.0-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <target>jsr14</target>
+ <source>1.5</source>
+ </configuration>
+ </plugin>
+ <plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>1.4.0</version>

Patch Framework Security for compatibility

Details

Description

Attachments

Attachments

Activity

People

Dates