Index: vm/vmcore/src/kernel_classes/javasrc/java/lang/Thread.java =================================================================== --- vm/vmcore/src/kernel_classes/javasrc/java/lang/Thread.java (revision 530203) +++ vm/vmcore/src/kernel_classes/javasrc/java/lang/Thread.java (working copy) @@ -28,7 +28,7 @@ import java.util.Map; import org.apache.harmony.lang.RuntimePermissionCollection; -import org.apache.harmony.fortress.security.SecurityUtils; +import org.apache.harmony.security.fortress.SecurityUtils; import org.apache.harmony.vm.VMStack; /** Index: vm/vmcore/src/kernel_classes/javasrc/java/security/AccessController.java =================================================================== --- vm/vmcore/src/kernel_classes/javasrc/java/security/AccessController.java (revision 530203) +++ vm/vmcore/src/kernel_classes/javasrc/java/security/AccessController.java (working copy) @@ -20,7 +20,7 @@ import java.util.ArrayList; import java.util.WeakHashMap; -import org.apache.harmony.fortress.security.SecurityUtils; +import org.apache.harmony.security.fortress.SecurityUtils; /** * @com.intel.drl.spec_ref Index: vm/vmcore/src/kernel_classes/javasrc/java/security/AccessControlContext.java =================================================================== --- vm/vmcore/src/kernel_classes/javasrc/java/security/AccessControlContext.java (revision 530203) +++ vm/vmcore/src/kernel_classes/javasrc/java/security/AccessControlContext.java (working copy) @@ -22,7 +22,7 @@ package java.security; import java.util.ArrayList; -import org.apache.harmony.fortress.security.PolicyUtils; +import org.apache.harmony.security.fortress.PolicyUtils; /** * @com.intel.drl.spec_ref Index: vm/vmcore/src/kernel_classes/javasrc/org/apache/harmony/fortress/security/SecurityUtils.java =================================================================== --- vm/vmcore/src/kernel_classes/javasrc/org/apache/harmony/fortress/security/SecurityUtils.java (revision 530203) +++ vm/vmcore/src/kernel_classes/javasrc/org/apache/harmony/fortress/security/SecurityUtils.java (working copy) @@ -19,22 +19,15 @@ * @version $Revision: 1.1.6.3 $ */ -package org.apache.harmony.fortress.security; +package org.apache.harmony.security.fortress; import java.security.AccessControlContext; import java.util.WeakHashMap; -//FIXME: move this class under umbrella of protected packages - -// see lib/java.security: property 'package.access', -// so only trusted classes like Thread and AccessController will -// have an access to this class. -// This is to remove dependency on VMStack, to reduce number -// of VM2API-dependent classes. - /** * The class is used to perform an exchange of information between * java.lang.Thread and java.security.AccessController.
- * The data to excnahge is inherited contexts for the Thread-s. + * The data to excnahge is inherited contexts for the Thread-s. * */ public final class SecurityUtils { @@ -42,7 +35,7 @@ // A map used to store inherited contexts.
// A thread is used as a key for the map and AccessControlContext // passed to the putContext is used as a value. - private static WeakHashMap map = + private static final WeakHashMap ACC_CACHE = new WeakHashMap(); /** @@ -73,17 +66,17 @@ if (thread == null) { throw new NullPointerException("thread can not be null"); } - synchronized (map) { - if (map.containsKey(thread)) { + synchronized (ACC_CACHE) { + if (ACC_CACHE.containsKey(thread)) { throw new SecurityException("You can not modify this map."); } if (context == null) { // this only allowed once - for the very first thread. - if (map.containsValue(null)) { + if (ACC_CACHE.containsValue(null)) { throw new Error("null context may be stored only once."); } } - map.put(thread, context); + ACC_CACHE.put(thread, context); } } @@ -105,8 +98,8 @@ } */ - synchronized (map) { - return map.get(thread); + synchronized (ACC_CACHE) { + return ACC_CACHE.get(thread); } } -} \ No newline at end of file +} Index: vm/vmcore/src/kernel_classes/javasrc/org/apache/harmony/fortress/security/PolicyUtils.java =================================================================== --- vm/vmcore/src/kernel_classes/javasrc/org/apache/harmony/fortress/security/PolicyUtils.java (revision 530203) +++ vm/vmcore/src/kernel_classes/javasrc/org/apache/harmony/fortress/security/PolicyUtils.java (working copy) @@ -1,571 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** -* @author Alexey V. Varlamov -* @version $Revision: 1.1.6.4 $ -*/ - -package org.apache.harmony.fortress.security; - -import java.io.File; -import java.lang.reflect.Constructor; -import java.net.URL; -import java.security.AccessController; -import java.security.Permission; -import java.security.PermissionCollection; -import java.security.Permissions; -import java.security.PrivilegedAction; -import java.security.PrivilegedExceptionAction; -import java.security.Security; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import java.util.Properties; - -/** - * This class consist of a number of static methods, which provide a common functionality - * for various policy and configuration providers. - * - */ -public class PolicyUtils { - - // No reason to instantiate - private PolicyUtils() {} - - /** - * Auxiliary action for opening InputStream from specified location. - */ - public static class URLLoader implements PrivilegedExceptionAction { - - /** - * URL of target location. - */ - public URL location; - - /** - * Constructor with target URL parameter. - */ - public URLLoader(URL location) { - this.location = location; - } - - /** - * Returns InputStream from the target URL. - */ - public Object run() throws Exception { - return location.openStream(); - } - } - - /** - * Auxiliary action for accessing system properties in a bundle. - */ - public static class SystemKit implements PrivilegedAction { - - /** - * Returns system properties. - */ - public Object run() { - return System.getProperties(); - } - } - - /** - * Auxiliary action for accessing specific system property. - */ - public static class SystemPropertyAccessor implements PrivilegedAction { - - /** - * A key of a required system property. - */ - public String key; - - /** - * Constructor with a property key parameter. - */ - public SystemPropertyAccessor(String key) { - this.key = key; - } - - /** - * Handy one-line replacement of - * "provide key and supply action" code block, - * for reusing existing action instance. - */ - public PrivilegedAction key(String key) { - this.key = key; - return this; - } - - /** - * Returns specified system property. - */ - public Object run() { - return System.getProperty(key); - } - } - - /** - * Auxiliary action for accessing specific security property. - */ - public static class SecurityPropertyAccessor extends SystemPropertyAccessor { - - /** - * Constructor with a property key parameter. - */ - public SecurityPropertyAccessor(String key) { - super(key); - } - - /** - * Returns specified security property. - */ - public Object run() { - return Security.getProperty(key); - } - } - - /** - * Auxiliary action for loading a provider by specific security property. - */ - public static class ProviderLoader extends SystemPropertyAccessor { - - /** - * Acceptable provider superclass. - */ - public Class expectedType; - - /** - * Constructor taking property key and acceptable provider - * superclass parameters. - */ - public ProviderLoader(String key, Class expected) { - super(key); - expectedType = expected; - } - - /** - * Returns provider instance by specified security property. - * The key should map to a fully qualified classname. - * - * @throws SecurityException if no value specified for the key - * in security properties or if an Exception has occured - * during classloading and instantiating. - */ - public Object run() { - String klassName = Security.getProperty(key); - if (klassName == null || klassName.length() == 0) { - throw new SecurityException("Provider implementation should be specified via \"" - + key + "\" security property"); - } - // TODO accurate classloading - try { - Class klass = Class.forName(klassName, true, - Thread.currentThread().getContextClassLoader()); - if (expectedType != null && klass.isAssignableFrom(expectedType)){ - throw new SecurityException("Provided class " - + klassName - + " does not implement " - + expectedType.getName()); - } - return klass.newInstance(); - } - catch (SecurityException se){ - throw se; - } - catch (Exception e) { - // TODO log error ?? - SecurityException se = new SecurityException( - "Unable to instantiate provider : " + klassName); - se.initCause(e); - throw se; - } - } - } - - /** - * Specific exception to signal that property expansion failed - * due to unknown key. - */ - public static class ExpansionFailedException extends Exception { - - /** - * Constructor with user-friendly message parameter. - */ - public ExpansionFailedException(String message) { - super(message); - } - - /** - * Constructor with user-friendly message and causing error. - */ - public ExpansionFailedException(String message, Throwable cause) { - super(message, cause); - } - } - - /** - * Substitutes all entries like ${some.key}, found in specified string, - * for specified values. - * If some key is unknown, throws ExpansionFailedException. - * @param str the string to be expanded - * @param properties available key-value mappings - * @return expanded string - * @throws ExpansionFailedException - */ - public static String expand(String str, Properties properties) - throws ExpansionFailedException { - final String START_MARK = "${"; - final String END_MARK = "}"; - final int START_OFFSET = START_MARK.length(); - final int END_OFFSET = END_MARK.length(); - - StringBuffer result = new StringBuffer(str); - int start = result.indexOf(START_MARK); - while (start >= 0) { - int end = result.indexOf(END_MARK, start); - if (end >= 0) { - String key = result.substring(start + START_OFFSET, end); - String value = properties.getProperty(key); - if (value != null) { - result.replace(start, end + END_OFFSET, value); - start += value.length(); - } else { - throw new ExpansionFailedException("Unknown key: " + key); - } - } - start = result.indexOf(START_MARK, start); - } - return result.toString(); - } - - /** - * Handy shortcut for - * expand(str, properties).replace(File.separatorChar, '/'). - * @see #expand(String, Properties) - */ - public static String expandURL(String str, Properties properties) - throws ExpansionFailedException { - return expand(str, properties).replace(File.separatorChar, '/'); - } - - /** - * Instances of this interface are intended for resolving - * generalized expansion expressions, of the form ${{protocol:data}}. - * Such functionality is applicable to security policy files, for example. - * @see org.apache.harmony.security.PolicyUtils#expandGeneral(String, GeneralExpansionHandler) - */ - public static interface GeneralExpansionHandler { - - /** - * Resolves general expansion expressions of the form ${{protocol:data}}. - * @param protocol denotes type of resolution - * @param data data to be resolved, optional (may be null) - * @return resolved value, must not be null - * @throws PolicyUtils.ExpansionFailedException if expansion is impossible - */ - String resolve(String protocol, String data) - throws ExpansionFailedException; - } - - /** - * Substitutes all entries like ${{protocol:data}}, found in specified string, - * for values resolved by passed handler. - * The data part may be empty, and in this case expression - * may have simplified form, as ${{protocol}}. - * If some entry cannot be resolved, throws ExpansionFailedException; - * @param str the string to be expanded - * @param handler the handler to resolve data denoted by protocol - * @return expanded string - * @throws ExpansionFailedException - */ - public static String expandGeneral(String str, - GeneralExpansionHandler handler) throws ExpansionFailedException { - final String START_MARK = "${{"; - final String END_MARK = "}}"; - final int START_OFFSET = START_MARK.length(); - final int END_OFFSET = END_MARK.length(); - - StringBuffer result = new StringBuffer(str); - int start = result.indexOf(START_MARK); - while (start >= 0) { - int end = result.indexOf(END_MARK, start); - if (end >= 0) { - String key = result.substring(start + START_OFFSET, end); - int separator = key.indexOf(':'); - String protocol = (separator >= 0) ? key - .substring(0, separator) : key; - String data = (separator >= 0) ? key.substring(separator + 1) - : null; - String value = handler.resolve(protocol, data); - result.replace(start, end + END_OFFSET, value); - start += value.length(); - } - start = result.indexOf(START_MARK, start); - } - return result.toString(); - } - - /** - * A key to security properties, deciding whether usage of - * dynamic policy location via system properties is allowed. - * @see #getPolicyURLs(Properties, String, String) - */ - public static final String POLICY_ALLOW_DYNAMIC = "policy.allowSystemProperty"; - - /** - * A key to security properties, deciding whether expansion of - * system properties is allowed - * (in security properties values, policy files, etc). - * @see #expand(String, Properties) - */ - public static final String POLICY_EXPAND = "policy.expandProperties"; - - /** - * Positive value of switching properties. - */ - public static final String TRUE = "true"; - - /** - * Negative value of switching properties. - */ - public static final String FALSE = "false"; - - /** - * Returns false if current security settings disable to perform - * properties expansion, true otherwise. - * @see #expand(String, Properties) - */ - public static boolean canExpandProperties() { - return !FALSE.equalsIgnoreCase((String) AccessController - .doPrivileged(new SecurityPropertyAccessor(POLICY_EXPAND))); - } - - /** - * Obtains a list of locations for a policy or configuration provider. - * The search algorithm is as follows: - *
    - *
  1. Look in security properties for keys of form prefix + n, - * where n is an integer and prefix is a passed parameter. - * Sequence starts with n=1, and keeps incrementing n - * until next key is not found.
    - * For each obtained key, try to construct an URL instance. On success, - * add the URL to the list; otherwise ignore it. - *
  2. - * If security settings do not prohibit (through - * {@link #POLICY_ALLOW_DYNAMIC the "policy.allowSystemProperty" property}) - * to use additional policy location, read the system property under the - * passed key parameter. If property exists, it may designate a file or - * an absolute URL. Thus, first check if there is a file with that name, - * and if so, convert the pathname to URL. Otherwise, try to instantiate - * an URL directly. If succeeded, append the URL to the list - *
  3. - * If the additional location from the step above was specified to the - * system via "==" (i.e. starts with '='), discard all URLs above - * and use this only URL. - *
- * Note: all property values (both security and system) related to URLs are - * subject to {@link #expand(String, Properties) property expansion}, regardless - * of the "policy.expandProperties" security setting. - * - * @param system system properties - * @param systemUrlKey key to additional policy location - * @param securityUrlPrefix prefix to numbered locations in security properties - * @return array of URLs to provider's configuration files, may be empty. - */ - public static URL[] getPolicyURLs(final Properties system, - final String systemUrlKey, final String securityUrlPrefix) { - - final SecurityPropertyAccessor security = new SecurityPropertyAccessor( - null); - final List urls = new ArrayList(); - boolean dynamicOnly = false; - URL dynamicURL = null; - - //first check if policy is set via system properties - if (!FALSE.equalsIgnoreCase((String) AccessController - .doPrivileged(security.key(POLICY_ALLOW_DYNAMIC)))) { - String location = system.getProperty(systemUrlKey); - if (location != null) { - if (location.startsWith("=")) { - //overrides all other urls - dynamicOnly = true; - location = location.substring(1); - } - try { - location = expandURL(location, system); - // location can be a file, but we need an url... - final File f = new File(location); - dynamicURL = (URL) AccessController - .doPrivileged(new PrivilegedExceptionAction() { - - public Object run() throws Exception { - if (f.exists()) { - return f.toURI().toURL(); - } else { - return null; - } - } - }); - if (dynamicURL == null) { - dynamicURL = new URL(location); - } - } - catch (Exception e) { - // TODO: log error - // System.err.println("Error detecting system policy location: "+e); - } - } - } - //next read urls from security.properties - if (!dynamicOnly) { - int i = 1; - while (true) { - String location = (String) AccessController - .doPrivileged(security.key(new StringBuffer( - securityUrlPrefix).append(i++).toString())); - if (location == null) { - break; - } - try { - location = expandURL(location, system); - URL anURL = new URL(location); - if (anURL != null) { - urls.add(anURL); - } - } - catch (Exception e) { - // TODO: log error - // System.err.println("Error detecting security policy location: "+e); - } - } - } - if (dynamicURL != null) { - urls.add(dynamicURL); - } - return (URL[]) urls.toArray(new URL[urls.size()]); - } - - /** - * Converts common-purpose collection of Permissions to PermissionCollection. - * - * @param perms a collection containing arbitrary permissions, may be null - * @return mutable heterogeneous PermissionCollection containg all Permissions - * from the specified collection - */ - public static PermissionCollection toPermissionCollection( - Collection/**/perms) { - Permissions pc = new Permissions(); - if (perms != null) { - for (Iterator iter = perms.iterator(); iter.hasNext();) { - Permission element = (Permission) iter.next(); - pc.add(element); - } - } - return pc; - } - - // Empty set of arguments to default constructor of a Permission. - private static final Class[] NO_ARGS = {}; - - // One-arg set of arguments to default constructor of a Permission. - private static final Class[] ONE_ARGS = { String.class }; - - // Two-args set of arguments to default constructor of a Permission. - private static final Class[] TWO_ARGS = { String.class, String.class }; - - /** - * Tries to find a suitable constructor and instantiate a new Permission - * with specified parameters. - * - * @param targetType class of expected Permission instance - * @param targetName name of expected Permission instance - * @param targetActions actions of expected Permission instance - * @return a new Permission instance - * @throws IllegalArgumentException if no suitable constructor found - * @throws Exception any exception thrown by Constructor.newInstance() - */ - public static Permission instantiatePermission(Class targetType, - String targetName, String targetActions) throws Exception { - - // let's guess the best order for trying constructors - Class[][] argTypes = null; - Object[][] args = null; - if (targetActions != null) { - argTypes = new Class[][] { TWO_ARGS, ONE_ARGS, NO_ARGS }; - args = new Object[][] { { targetName, targetActions }, - { targetName }, {} }; - } else if (targetName != null) { - argTypes = new Class[][] { ONE_ARGS, TWO_ARGS, NO_ARGS }; - args = new Object[][] { { targetName }, - { targetName, targetActions }, {} }; - } else { - argTypes = new Class[][] { NO_ARGS, ONE_ARGS, TWO_ARGS }; - args = new Object[][] { {}, { targetName }, - { targetName, targetActions } }; - } - - // finally try to instantiate actual permission - for (int i = 0; i < argTypes.length; i++) { - try { - Constructor ctor = targetType.getConstructor(argTypes[i]); - return (Permission) ctor.newInstance(args[i]); - } - catch (NoSuchMethodException ignore) {} - } - throw new IllegalArgumentException( - "No suitable constructors found in permission class : " - + targetType - + ". Zero, one or two-argument constructor is expected"); - } - - /** - * Checks whether the objects from what array are all - * presented in where array. - * - * @param what first array, may be null - * @param where second array, may be null - * @return true if the first array is null - * or if each and every object (ignoring null values) - * from the first array has a twin in the second array; false otherwise - */ - public static boolean matchSubset(Object[] what, Object[] where) { - if (what == null) { - return true; - } - - for (int i = 0; i < what.length; i++) { - if (what[i] != null) { - if (where == null) { - return false; - } - boolean found = false; - for (int j = 0; j < where.length; j++) { - if (what[i].equals(where[j])) { - found = true; - break; - } - } - if (!found) { - return false; - } - } - } - return true; - } -} \ No newline at end of file