[RFC][Icedtea-web]: Add code for handling policy files.
Deepak Bhole
dbhole at redhat.com
Tue Jul 19 06:03:38 PDT 2011
* Andrew Su <asu at redhat.com> [2011-07-19 09:01]:
>
>
> ----- Original Message -----
> > From: "Andrew Su" <asu at redhat.com>
> > To: "distro-pkg-dev" <distro-pkg-dev at openjdk.java.net>
> > Sent: Friday, July 8, 2011 12:12:28 PM
> > Subject: Re: [RFC][Icedtea-web]: Add code for handling policy files.
> > ----- Original Message -----
> --snip--
> >
> > Ping.
> >
> > 2011-07-08 Andrew Su <asu at redhat.com>
> >
> > * netx/net/sourceforge/jnlp/util/FileUtils.java:
> > (writeContentToFile): New method. Writes string content to file.
> > (readContentFromFile): New method. Reads a file and returns a String.
> > * netx/net/sourceforge/jnlp/policy/ParseException.java: New class.
> > * netx/net/sourceforge/jnlp/policy/Policy.java: New class. Used to
> > represent a policy from a policy file.
> > * netx/net/sourceforge/jnlp/policy/PolicyFormatter.java: New class.
> > Formats Policy to a string representation of a policy file or parses a
> > File/String to convert into Policy objects.
> > * netx/net/sourceforge/jnlp/policy/PolicyUtils.java: New class.
> > Methods for handling repetitive tasks when working with policy files.
> > * netx/net/sourceforge/jnlp/policy/permission/Permission.java: New
> > class. This represents a general permission.
> > * netx/net/sourceforge/jnlp/policy/permission/AWTPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/AllPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/AudioPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/AuthPermission.java
> > *
> > netx/net/sourceforge/jnlp/policy/permission/DelegationPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/FilePermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/LoggingPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/NetPermission.java
> > *
> > netx/net/sourceforge/jnlp/policy/permission/PrivateCredentialPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/PropertyPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/ReflectPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/RuntimePermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/SQLPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/SSLPermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/SecurityPermission.java
> > *
> > netx/net/sourceforge/jnlp/policy/permission/SerializablePermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/ServicePermission.java
> > * netx/net/sourceforge/jnlp/policy/permission/SocketPermission.java:
> > New classes. These are the default permission.
> > * netx/net/sourceforge/jnlp/policy/principal/Principal.java: New
> > class. This represents a general principal.
> > * netx/net/sourceforge/jnlp/policy/principal/KerberosPrincipal.java
> > * netx/net/sourceforge/jnlp/policy/principal/X500Principal.java:
> > New classes. These are the default principals.
>
> Ping again.
Hi,
This is on my todo list but will take a while since the whole
application is attached as one big patch... please break it down in the
future.
Cheers,
Deepak
> diff --git a/netx/net/sourceforge/jnlp/policy/ParseException.java b/netx/net/sourceforge/jnlp/policy/ParseException.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/ParseException.java
> @@ -0,0 +1,34 @@
> +/* ParseException.java -- Exception for parsing errors.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy;
> +
> +/**
> + * Exception for caught parsing errors.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public class ParseException extends Exception {
> + public ParseException(String msg) {
> + super(msg);
> + }
> +
> + public ParseException(String msg, int lineNumber) {
> + super(msg + "[Line: " + lineNumber + "]");
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/Policy.java b/netx/net/sourceforge/jnlp/policy/Policy.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/Policy.java
> @@ -0,0 +1,228 @@
> +/* Policy.java -- Store information about a policy.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy;
> +
> +import java.net.MalformedURLException;
> +import java.net.URL;
> +import java.util.ArrayList;
> +
> +import net.sourceforge.jnlp.policy.permission.Permission;
> +import net.sourceforge.jnlp.policy.principal.Principal;
> +
> +/**
> + * This class is to store information about a policy.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public class Policy {
> + /* who signed this policy */
> + private String signedBy;
> + /* codebase that this policy affects */
> + private URL codeBase;
> + /* list of permissions for this policy */
> + private final ArrayList<Permission> permissionList;
> + /* list of principals for this policy */
> + private final ArrayList<Principal> principalList;
> +
> + private String displayName;
> +
> + /**
> + * Create an empty policy.
> + *
> + * @throws MalformedURLException
> + */
> + public Policy() throws MalformedURLException {
> + this(null, null);
> + }
> +
> + /**
> + * Create a policy with default signed by and codebase.
> + *
> + * @param signedBy the signer
> + * @param codeBase the codebase
> + * @throws MalformedURLException codebase is not a valid URL.
> + */
> + public Policy(String signedBy, String codeBase)
> + throws MalformedURLException {
> +
> + setCodeBase(codeBase);
> + setSignedBy(signedBy);
> +
> + this.permissionList = new ArrayList<Permission>();
> + this.principalList = new ArrayList<Principal>();
> + }
> +
> + /**
> + * Add a permission to the list of permissions.
> + *
> + * @param permission permission to be added.
> + */
> + public void addPermission(Permission permission) {
> + if (permission == null) {
> + throw new NullPointerException("Permission can not be null.");
> + }
> + this.permissionList.add(permission);
> + }
> +
> + /**
> + * Add a principal to the list for principals.
> + *
> + * @param principal principal to be added.
> + */
> + public void addPrincipal(Principal principal) {
> + if (principal == null) {
> + throw new NullPointerException("Principal can not be null.");
> + }
> + this.principalList.add(principal);
> + }
> +
> + /**
> + * Get the codebase associated with this policy.
> + *
> + * @return a URL representing the codebase, null if no codebase set.
> + */
> + public URL getCodeBase() {
> + return this.codeBase;
> + }
> +
> + /**
> + * Get the display name for this Policy
> + *
> + * @return a String representing the custom display name, null if no display
> + * name set.
> + */
> + public String getDisplayName() {
> + return this.displayName;
> + }
> +
> + /**
> + * Return the current list permissions. (Not a copy)
> + *
> + * @return ArrayList of Permission for this Policy.
> + */
> + public ArrayList<Permission> getPermissions() {
> + return this.permissionList;
> + }
> +
> + /**
> + * Return the current list principals. (Not a copy)
> + *
> + * @return ArrayList of Principals for this Policy.
> + */
> + public ArrayList<Principal> getPrincipals() {
> + return this.principalList;
> + }
> +
> + /**
> + * Get the signer for this policy.
> + *
> + * @return String representing the signer, null if no signer assigned.
> + */
> + public String getSignedBy() {
> + return this.signedBy;
> + }
> +
> + /**
> + * Remove a permission.
> + *
> + * @param permission Permission to remove from this policy.
> + * @return true if removal was successful, false otherwise.
> + */
> + public boolean removePermission(Permission permission) {
> + return this.permissionList.remove(permission);
> + }
> +
> + /**
> + * Removes a principal.
> + *
> + * @param principal Principal to remove from this policy.
> + * @return true if removal was successful, false otherwise.
> + */
> + public boolean removePrincipal(Principal principal) {
> + return this.principalList.remove(principal);
> + }
> +
> + /**
> + * Set the codebase for this policy.
> + *
> + * @param codeBase String containing the codebase.
> + * @throws MalformedURLException codebase is not a valid URL.
> + */
> + public void setCodeBase(String codeBase) throws MalformedURLException {
> + URL url = null;
> + if (codeBase != null) {
> + codeBase = codeBase.trim();
> + url = codeBase.length() == 0 ? null : new URL(codeBase);
> + }
> +
> + this.codeBase = url;
> + }
> +
> + /**
> + * Set the display name of the policy.
> + *
> + * @param displayName a custom display name.
> + */
> + public void setDisplayName(String displayName) {
> + if (displayName != null) {
> + displayName = displayName.trim();
> + }
> +
> + int i = 0;
> + boolean valid = false;
> +
> + while (displayName != null
> + && i < displayName.length()
> + && (valid = PolicyUtils
> + .isValidNameChar(displayName.charAt(i++)))) {
> + ;
> + }
> +
> + if (valid) {
> + this.displayName = displayName;
> + } else {
> + this.displayName = null;
> + }
> + }
> +
> + /**
> + * Set who signed this policy.
> + *
> + * @param signedBy String containing the name of the signer.
> + */
> + public void setSignedBy(String signedBy) {
> + // FIXME: Check if signer is valid (Check keystore?)
> +
> + if (signedBy != null) {
> + signedBy = signedBy.trim();
> + }
> +
> + if (signedBy != null && signedBy.length() == 0) {
> + signedBy = null;
> + }
> +
> + this.signedBy = signedBy;
> + }
> +
> + @Override
> + public String toString() {
> + return getDisplayName() != null ? getDisplayName() : "Policy "
> + + this.permissionList.size() + " " + this.principalList.size();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/PolicyFormatter.java b/netx/net/sourceforge/jnlp/policy/PolicyFormatter.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/PolicyFormatter.java
> @@ -0,0 +1,831 @@
> +/* PolicyFormatter.java -- Format and parse a policy file.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy;
> +
> +import java.io.File;
> +import java.io.IOException;
> +import java.net.MalformedURLException;
> +import java.util.LinkedList;
> +
> +import net.sourceforge.jnlp.policy.permission.Permission;
> +import net.sourceforge.jnlp.policy.principal.Principal;
> +import net.sourceforge.jnlp.util.FileUtils;
> +
> +/**
> + * This class can format and parse a policy file.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public class PolicyFormatter {
> +
> + /* policy used for formatting */
> + private Policy[] policies = null;
> +
> + /* keyword constants. */
> + private static final String strGrant = "grant";
> + private static final String strSignedBy = "signedby";
> + private static final String strCodeBase = "codebase";
> + private static final String strPrincipal = "principal";
> + private static final String strPermission = "permission";
> + private static final String strName = "#NAME:";
> +
> + /**
> + * Create a new PolicyFormatter.
> + */
> + public PolicyFormatter() {
> + this(null);
> + }
> +
> + /**
> + * Create a new PolicyFormatter.
> + *
> + * @param policies array of Policy to format.
> + */
> + public PolicyFormatter(Policy[] policies) {
> + setPolicies(policies);
> + }
> +
> + /**
> + * Check if we detect the "permission" keyword.
> + *
> + * @param input String to check.
> + * @param i Index to begin checking from.
> + * @return true if keyword <code>permission</code> is found, false
> + * otherwise.
> + */
> + private boolean checkIfPermission(String input, int i) {
> + final int index = input.indexOf(PolicyFormatter.strPermission, i);
> + if (!input.startsWith(PolicyFormatter.strPermission, i)) {
> + return false;
> + }
> +
> + final int newIndex = index + PolicyFormatter.strPermission.length();
> + if (newIndex > input.length()) {
> + return false;
> + }
> + // We want permission followed by a space, newline, return carriage, or
> + // tab.
> + return PolicyUtils.isSpace(input.charAt(newIndex));
> + }
> +
> + /**
> + * Check if we detect the "principal" keyword.
> + *
> + * @param input String to check.
> + * @param i Index to begin checking from.
> + * @return true if keyword <code>principal</code> is found, false otherwise.
> + */
> + private boolean checkIfPrincipal(String input, int i) {
> + final int index = input.indexOf(PolicyFormatter.strPrincipal, i);
> + if (!input.startsWith(PolicyFormatter.strPrincipal, i)) {
> + return false;
> + }
> +
> + final int newIndex = index + PolicyFormatter.strPrincipal.length();
> + if (newIndex > input.length()) {
> + return false;
> + }
> +
> + // We want principal followed by a space, newline, return carriage, or
> + // tab.
> + return PolicyUtils.isSpace(input.charAt(newIndex));
> + }
> +
> + /**
> + * Get the codeBase value if it begins at the current index.
> + *
> + * @param input String to check.
> + * @param i Index to begin checking from.
> + * @return true if keyword <code>codebase</code> is found, false otherwise.
> + * @throws ParseException Value for codebase exist but is not properly
> + * quoted.
> + */
> + private String findCodeBase(final String input, final String lcaseInput,
> + int i) throws ParseException {
> +
> + final int newIndex = i + PolicyFormatter.strCodeBase.length();
> + String result = null;
> +
> + if (lcaseInput.startsWith(PolicyFormatter.strCodeBase, i)
> + && newIndex < input.length()
> + && PolicyUtils.isSpace(input.charAt(newIndex))) {
> + result = PolicyUtils.getQuotedText(input, newIndex);
> + }
> +
> + return result;
> + }
> +
> + /**
> + * Given the input converted to lowercase, check if it contains the keyword
> + * "grant" at location i.
> + *
> + * @param input String to check.
> + * @param i Index to begin checking from.
> + * @return true if keyword <code>grant</code> is found, false otherwise.
> + */
> + private boolean findGrant(String input, int i) {
> +
> + if (!input.startsWith(PolicyFormatter.strGrant, i)) {
> + return false;
> + }
> +
> + // We want grant followed by a space, newline, return carriage, or tab.
> + final int newIndex = i + PolicyFormatter.strGrant.length();
> + if (newIndex > input.length()) {
> + return false;
> + }
> + final char c = input.charAt(newIndex);
> + return PolicyUtils.isSpace(c) || c == '{';
> + }
> +
> + /**
> + * Get the signedBy value if it begins at the current index.
> + *
> + * @param input String to check.
> + * @param i Index to begin checking from.
> + * @return true if keyword <code>signedBy</code> is found, false otherwise.
> + * @throws ParseException Value for SignedBy exist but is not properly
> + * quoted.
> + */
> + private String findSignedBy(final String input, final String lcaseInput,
> + int i) throws ParseException {
> +
> + final int newIndex = i + PolicyFormatter.strSignedBy.length();
> + String result = null;
> +
> + if (lcaseInput.startsWith(PolicyFormatter.strSignedBy, i)
> + && newIndex < input.length()
> + && PolicyUtils.isSpace(input.charAt(newIndex))) {
> + result = PolicyUtils.getQuotedText(input, newIndex);
> + }
> +
> + return result;
> + }
> +
> + /**
> + * This method will return a string representation of a properly formatted
> + * policy file.
> + *
> + * @return
> + */
> + public String format() {
> + if (this.policies == null) {
> + throw new NullPointerException("Must have policies.");
> + }
> +
> + final StringBuffer sb = new StringBuffer();
> + boolean havePrev = false;
> +
> + for (final Policy p : this.policies) {
> + if (havePrev) {
> + sb.append("\n\n");
> + }
> +
> + havePrev = false;
> +
> + if (p == null) {
> + continue; // We'll just skip it if it is null.
> + }
> +
> + String name = p.getDisplayName();
> + if (name != null) {
> + sb.append(PolicyUtils.makeComment(PolicyFormatter.strName
> + + name)
> + + "\n");
> + }
> + sb.append("grant");
> + if (p.getSignedBy() != null) {
> + sb.append(" signedBy ");
> + sb.append(PolicyUtils.quote(PolicyUtils.escape(p.getSignedBy())));
> + havePrev = true;
> + }
> +
> + if (p.getCodeBase() != null) {
> + if (havePrev) {
> + sb.append(",");
> + }
> +
> + sb.append(" codeBase ");
> + sb.append(PolicyUtils.quote(p.getCodeBase().toString()));
> + havePrev = true;
> + }
> +
> + // Add the principals.
> + for (final Principal principal : p.getPrincipals()) {
> + if (!principal.isValid()) {
> + continue;
> + }
> +
> + if (havePrev) {
> + sb.append(",\n ");
> + }
> +
> + sb.append(" principal ");
> + name = principal.getDisplayName();
> + if (name != null) {
> + sb.append(PolicyUtils.makeComment(PolicyFormatter.strName
> + + name)
> + + " ");
> + }
> +
> + sb.append(principal.getFullClassName() + " ");
> + sb.append(PolicyUtils.quote(principal.getName()));
> + havePrev = true;
> + }
> +
> + havePrev = false;
> + sb.append(" {\n");
> +
> + // Add permissions here.
> + for (final Permission permission : p.getPermissions()) {
> + if (!permission.isValid()) {
> + continue;
> + }
> +
> + if (havePrev) {
> + sb.append(";\n");
> + }
> + sb.append(" permission ");
> + name = permission.getDisplayName();
> + if (name != null) {
> + sb.append(PolicyUtils.makeComment(PolicyFormatter.strName
> + + name)
> + + " ");
> + }
> + sb.append(permission.getFullClassName());
> + if (permission.getTarget() != null) {
> + sb.append(" "
> + + PolicyUtils.quote(PolicyUtils.escape(permission
> + .getTarget())));
> + }
> + if (permission.getAction() != null) {
> + sb.append(", " + PolicyUtils.quote(permission.getAction()));
> + }
> +
> + if (permission.getSignedBy() != null) {
> + sb.append(", signedBy ");
> + sb.append(PolicyUtils.quote(PolicyUtils.escape(permission
> + .getSignedBy())));
> + }
> +
> + havePrev = true;
> + }
> +
> + sb.append((havePrev ? ";" : "") + "\n};");
> + havePrev = true;
> +
> + }
> +
> + return sb.toString();
> + }
> +
> + /**
> + * Get all the characters that make up a class name.
> + *
> + * @param input String to search in.
> + * @param i index to start searching from.
> + * @return String representing a class name, null if not found.
> + */
> + private String getClassName(String input, int i) {
> + /*
> + * FIXME: A valid class name must be of the form:
> + * ^([a-zA-Z_][\w_]*\.)*([a-zA-Z_][\w_]*)$
> + */
> + i = PolicyUtils.skipSpace(input, i);
> +
> + String fullClassName = null;
> + if (i < input.length()) {
> + final int initial = i;
> + while (i < input.length()
> + && PolicyUtils.isValidClassChar(input.charAt(i))) {
> + i++;
> + }
> + fullClassName = input.substring(initial, i);
> + if (fullClassName.length() == 0) {
> + fullClassName = null;
> + }
> + }
> +
> + return fullClassName;
> + }
> +
> + /**
> + * Get the permission's target.
> + *
> + * @param input String to search in.
> + * @param i offset to start searching from.
> + * @return String representing a permission target, null if not found.
> + * @throws ParseException Value for Target exist but is not properly quoted.
> + */
> + private String getPermissionTarget(String input, int i)
> + throws ParseException {
> + String result = null;
> + if (i < input.length()) {
> + i = PolicyUtils.skipSpace(input, i);
> + result = PolicyUtils.getQuotedText(input, i);
> + }
> +
> + return result;
> + }
> +
> + /**
> + * Get the principal name.
> + *
> + * @param input String to search in.
> + * @param i Index to start searching from.
> + * @return String representing a principal name, null if not found.
> + * @throws ParseException Value for Name exist but is not properly quoted.
> + */
> + private String getPrincipalName(String input, int i) throws ParseException {
> + i = PolicyUtils.skipSpace(input, i);
> +
> + String fullClassName = null;
> + if (i < input.length()) {
> + fullClassName = PolicyUtils.getQuotedText(input, i);
> + }
> + return fullClassName;
> + }
> +
> + /**
> + * Parse a given file for policies.
> + *
> + * @param file File to read from.
> + * @return Array of Policy parsed from contents in file.
> + * @throws IOException Error with reading the file.
> + * @throws ParseException Policy file is not properly formatted.
> + */
> + public Policy[] parse(File file) throws IOException, ParseException {
> + final String content = FileUtils.readContentFromFile(file);
> + return parse(content);
> + }
> +
> + /**
> + * parse a given String for policies.
> + *
> + * @param input
> + * @return
> + * @throws MalformedURLException Codebase specified in file is invalid.
> + */
> + public Policy[] parse(final String input) throws ParseException,
> + MalformedURLException {
> + /* lower case version of input, used for calls to StartsWith. */
> + final String lcaseInput = input.toLowerCase();
> + final LinkedList<Policy> policies = new LinkedList<Policy>();
> +
> + /* Store which part of the string we're working with. */
> + boolean foundGrant = false;
> + boolean inBody = false;
> + boolean signedBy = false;
> + boolean codeBase = false;
> + boolean principalFound = false;
> + boolean permissionFound = false;
> + boolean permissionClassFound = false;
> + boolean permissionTargetFound = false;
> + boolean action = false;
> + boolean reachedEnd = false;
> + boolean commaFound = false;
> +
> + /* If there was a previous entry. */
> + boolean havePrev = false;
> +
> + /* Used for keeping track of comments */
> + boolean fslashFound = false;
> + boolean asteriskFound = false;
> + boolean comment = false;
> +
> + int index = 0;
> + int prevIndex = -1;
> +
> + /* Store the display names. */
> + String policyName = null;
> + String principalName = null;
> + String permissionName = null;
> +
> + /*
> + * Store the different permission field. Needed because we search for
> + * each part in a separate iteration.
> + */
> + String permissionClass = null;
> + String permissionTarget = null;
> + String permissionSignedBy = null;
> + String permissionAction = null;
> +
> + Policy policy = null;
> +
> + // Begin parsing!
> + while (index < input.length()) {
> + if (prevIndex == index) {
> + // This should never happen.. but just in case.
> + throw new InternalError("Infinite Loop.");
> + }
> + prevIndex = index;
> +
> + // Go to next significant character (space is insignificant here)
> + if (!((index = PolicyUtils.skipSpace(input, index)) < input
> + .length())) {
> + break;
> + }
> +
> + final char c = input.charAt(index);
> +
> + // Comments take priority
> + switch (c) {
> + case '*':
> + if (fslashFound && !comment) {
> + comment = true;
> + fslashFound = false;
> + } else {
> + asteriskFound = true;
> + }
> + index++;
> + continue;
> + case '/':
> + if (asteriskFound && comment) {
> + comment = false;
> + asteriskFound = false;
> + } else {
> + fslashFound = true;
> + }
> + index++;
> + continue;
> + default:
> + fslashFound = false;
> + asteriskFound = false;
> + }
> +
> + if (comment) {
> + if (!foundGrant
> + && policyName == null
> + && (policyName = parseNameComment(input, index)) != null) {
> + index += PolicyFormatter.strName.length()
> + + policyName.length();
> + } else if (principalFound
> + && principalName == null
> + && (principalName = parseNameComment(input, index)) != null) {
> + index += PolicyFormatter.strName.length()
> + + principalName.length();
> + } else if (permissionFound
> + && permissionName == null
> + && (permissionName = parseNameComment(input, index)) != null) {
> + index += PolicyFormatter.strName.length()
> + + permissionName.length();
> + } else {
> + index++;
> + }
> + } else {
> + switch (c) {
> + case '\r':
> + case '\n':
> + case '\t':
> + case ' ':
> + index++;
> + continue;
> + case ',':
> + if (commaFound) {
> + throw new ParseException("Unexpected ',' detected.");
> + }
> + index++;
> + commaFound = true;
> + continue;
> + case '{':
> + if (inBody || principalFound) {
> + throw new ParseException("Unexpected '{' detected.");
> + }
> + signedBy = false;
> + codeBase = false;
> + commaFound = false;
> + inBody = true;
> + index++;
> + continue;
> + case '}':
> + if (!inBody) {
> + throw new ParseException("Unexpected '}' detected.");
> + }
> + inBody = false;
> + reachedEnd = true;
> + index++;
> + continue;
> + case ';':
> + if (inBody && !permissionFound || !inBody
> + && !reachedEnd) {
> + throw new ParseException("Unexpected ';' detected.");
> + }
> +
> + if (inBody && permissionFound) {
> + if (!permissionClassFound) {
> + throw new ParseException(
> + "Missing permission class.");
> + }
> +
> + final Permission permission = Permission
> + .newInstanceOf(permissionClass);
> + permission.setTarget(permissionTarget);
> + permission.setAction(permissionAction);
> + permission.setSignedBy(permissionSignedBy);
> + permission.setDisplayName(permissionName);
> +
> + if (!permission.isValid()) {
> + throw new ParseException(
> + "Invalid permission provided. [Class:"
> + + permission.getFullClassName()
> + + ", Target:"
> + + PolicyUtils.quote(permission
> + .getTarget())
> + + ", Action:"
> + + PolicyUtils.quote(permission
> + .getAction())
> + + ", SignedBy:"
> + + PolicyUtils.quote(permission
> + .getSignedBy()) + "]");
> + }
> +
> + policy.addPermission(permission);
> +
> + // Reset all markers.
> + permissionFound = false;
> + permissionClassFound = false;
> + permissionTargetFound = false;
> +
> + permissionClass = null;
> + permissionTarget = null;
> + permissionSignedBy = null;
> + permissionAction = null;
> +
> + permissionName = null;
> +
> + signedBy = false;
> + action = false;
> + }
> +
> + if (reachedEnd) {
> + // Reached the end of a policy (might have more)
> + havePrev = false;
> + reachedEnd = false;
> + foundGrant = false;
> + policies.add(policy);
> + policy = null;
> + }
> + index++;
> + continue;
> + }
> + if (!inBody) {
> + if (!foundGrant) {
> + if (!(foundGrant = findGrant(lcaseInput, index))) {
> + throw new ParseException(
> + "Missing GRANT keyword. (Case insensitive)");
> + }
> + if (policy != null) { // This should never happen.
> + throw new RuntimeException(
> + "Something has gone horribly wrong.");
> + }
> +
> + index += PolicyFormatter.strGrant.length();
> + final int curIndex = index;
> + index = PolicyUtils.skipSpace(input, index);
> + if (curIndex == index) {
> + throw new ParseException(
> + "Missing GRANT keyword. (Case insensitive)");
> + }
> + policy = new Policy(); // Prepare a new policy to use.
> + policy.setDisplayName(policyName);
> + policyName = null;
> + } else { // Check for signedBy, codebase and principal.
> + /*
> + * We are still not in the body, check for signedBy,
> + * codebase, and principal. Also need to check for comma
> + * between each entry.
> + */
> + final String strSignedBy = findSignedBy(input,
> + lcaseInput, index);
> + if (!signedBy
> + && strSignedBy != null
> + && !principalFound
> + && (havePrev && commaFound || !havePrev
> + && !commaFound)) {
> + commaFound = false;
> + signedBy = true;
> + index += PolicyFormatter.strSignedBy.length();
> + index = input.indexOf(strSignedBy, index)
> + + strSignedBy.length();
> + policy.setSignedBy(PolicyUtils.unescape(PolicyUtils
> + .unquote(strSignedBy)));
> + havePrev = true;
> + continue;
> + } else if (signedBy && strSignedBy != null) {
> + throw new ParseException(
> + "Multiple signedBy detected.");
> + }
> +
> + final String strCodeBase = findCodeBase(input,
> + lcaseInput, index);
> + if (!codeBase
> + && strCodeBase != null
> + && !principalFound
> + && (havePrev && commaFound || !havePrev
> + && !commaFound)) {
> + commaFound = false;
> + codeBase = true;
> + index += PolicyFormatter.strCodeBase.length();
> + index = input.indexOf(strCodeBase, index)
> + + strCodeBase.length();
> + policy.setCodeBase(PolicyUtils.unescape(PolicyUtils
> + .unquote(strCodeBase)));
> + havePrev = true;
> + continue;
> + } else if (codeBase && strCodeBase != null) {
> + throw new ParseException(
> + "Multiple codeBase detected.");
> + }
> +
> + /*
> + * If we get here, then we either have a principal or
> + * something illegal, so we will check for principal
> + * first then a catch all to throw error if we find
> + * something we are not expecting.
> + */
> + if (!principalFound
> + && (principalFound = checkIfPrincipal(
> + lcaseInput, index))
> + && (havePrev && commaFound || !havePrev
> + && !commaFound)) {
> + commaFound = false;
> + index += PolicyFormatter.strPrincipal.length();
> +
> + continue;
> + }
> +
> + if (principalFound) {
> + final String principalClass = getClassName(input,
> + index);
> + if (principalClass == null) {
> + throw new ParseException(
> + "Could not find principal class.");
> + }
> + index = input.indexOf(principalClass, index)
> + + principalClass.length();
> +
> + String pName = getPrincipalName(input, index);
> + if (pName == null) {
> + throw new ParseException(
> + "Principal name not found.");
> + }
> + index = input.indexOf(pName, index)
> + + pName.length();
> + pName = PolicyUtils.unescape(PolicyUtils
> + .unquote(pName));
> +
> + final Principal principal = Principal
> + .newInstanceOf(principalClass);
> + principal.setName(pName);
> + policy.addPrincipal(principal);
> + principal.setDisplayName(principalName);
> +
> + havePrev = true;
> + principalFound = false;
> + principalName = null;
> +
> + continue;
> + }
> +
> + // If we reach here then it means we found something
> + // that is invalid. Such as unknown keywords.
> + throw new ParseException(
> + "Invalid character/keyword detected starting at index "
> + + index);
> + }
> + } else {
> + if (!permissionFound
> + && checkIfPermission(lcaseInput, index)) {
> + permissionFound = true;
> + index += PolicyFormatter.strPermission.length();
> + continue;
> + }
> +
> + if (permissionFound && !permissionClassFound) {
> + permissionClass = getClassName(input, index);
> + if (permissionClass == null) {
> + throw new ParseException(
> + "Could not find permission class.");
> + }
> + index = input.indexOf(permissionClass, index)
> + + permissionClass.length();
> + permissionClassFound = true;
> + continue;
> + }
> +
> + if (permissionClassFound && !permissionTargetFound) {
> + if (!commaFound
> + && (permissionTarget = getPermissionTarget(
> + input, index)) != null) {
> + index = input.indexOf(permissionTarget, index)
> + + permissionTarget.length();
> + permissionTarget = PolicyUtils.unescape(PolicyUtils
> + .unquote(permissionTarget));
> + permissionTargetFound = true;
> + } else {
> + throw new ParseException("Could not find target.");
> + }
> + continue;
> + }
> +
> + if (permissionTargetFound && commaFound) {
> + // Check for Action or signedBy whichever comes first.
> + commaFound = false;
> +
> + permissionSignedBy = findSignedBy(input, lcaseInput,
> + index);
> + if (!signedBy && permissionSignedBy != null) {
> + signedBy = true;
> + index = input.indexOf(permissionSignedBy, index)
> + + permissionSignedBy.length();
> + permissionSignedBy = PolicyUtils
> + .unescape(PolicyUtils
> + .unquote(permissionSignedBy));
> + continue;
> + } else if (signedBy && permissionSignedBy != null) {
> + throw new ParseException(
> + "Multiple signedBy detected.");
> + }
> +
> + permissionAction = PolicyUtils.getQuotedText(input,
> + index);
> + if (!signedBy && !action && permissionAction != null) {
> + action = true;
> + index += permissionAction.length();
> + permissionAction = PolicyUtils.unescape(PolicyUtils
> + .unquote(permissionAction));
> + continue;
> + } else if ((signedBy || action)
> + && permissionAction != null) {
> + throw new ParseException(
> + "signedBy found before ACTION or multiple ACTION found.");
> + }
> +
> + throw new ParseException(
> + "Unexpected input from policy file.");
> + }
> +
> + throw new ParseException(
> + "End of permission expected, but found more stuff."
> + + index);
> + }
> + }
> + }
> +
> + if (foundGrant) {
> + throw new ParseException("Missing body.");
> + }
> +
> + return policies.toArray(new Policy[policies.size()]);
> + }
> +
> + /**
> + * Get comment name from input.
> + *
> + * @param input
> + * @param i
> + * @return name or null if not found.
> + */
> + private String parseNameComment(String input, int i) {
> + final StringBuffer buf = new StringBuffer();
> + if (input.startsWith(PolicyFormatter.strName, i)) {
> + i += PolicyFormatter.strName.length();
> + char c;
> + while (PolicyUtils.isValidNameChar(c = input.charAt(i++))) {
> + buf.append(c);
> + }
> + }
> + if (buf.length() > 0) {
> + return buf.toString();
> + } else {
> + return null;
> + }
> + }
> +
> + /**
> + * This sets the policy file to be used when formatting. This does NOT use
> + * copies, but the actual array passed in. Modifying this array's content
> + * while formatting will yield undetermined results.
> + *
> + * @param policies
> + */
> + public void setPolicies(Policy[] policies) {
> + this.policies = policies;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/PolicyUtils.java b/netx/net/sourceforge/jnlp/policy/PolicyUtils.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/PolicyUtils.java
> @@ -0,0 +1,194 @@
> +/* PolicyUtils.java -- Provides some utilities for working with policy file.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy;
> +
> +/**
> + * This class provides some utility functions for working with policy files.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public class PolicyUtils {
> + /**
> + * This escapes all quotation marks.
> + *
> + * @param str string to be escaped.
> + * @return a string with its double quotes escaped.
> + */
> + public static String escape(String str) {
> + return str.replaceAll("\"", "\\\\\"");
> + }
> +
> + /**
> + * This will grab text enclosed in quotation, and it also checks for escaped
> + * quotations. Will return null if no quotations found.
> + *
> + * @param input String to search in.
> + * @param i Index to start searching from.
> + * @return String containing text enclosed with quotations, null otherwise.
> + * @throws ParseException newline found within quotes, or reached end of
> + * file and no closing quotes.
> + */
> + public static String getQuotedText(final String input, int i)
> + throws ParseException {
> + char c = input.charAt(i);
> +
> + /*
> + * We are skipping all the spaces here until we reach the first non
> + * blank character. It would be ideal if we can keep track of how much
> + * spaces we skipped so that we don't have to re-check later. But this
> + * can be overcome by doing an "indexOf" search for the value returned.
> + */
> + while (i < input.length() && isSpace(c = input.charAt(i))) {
> + i++;
> + }
> +
> + String result = null;
> + if (c == '\"') {
> + /*
> + * Count the number of consecutive backslashes. If we have an odd
> + * number of backslashes, followed by double quotes that means it's
> + * an escaped character.
> + */
> + int bs = 0;
> + final int initial = i;
> + while (++i < input.length()
> + && ((c = input.charAt(i)) != '\"' || bs % 2 != 0)) {
> + if (c == '\r' || c == '\n') {
> + throw new ParseException(
> + "End of line reached, could not find closing quotations.");
> + } else if (c == '\\') {
> + bs++;
> + } else {
> + bs = 0;
> + }
> + }
> + if (i++ > input.length()) {
> + throw new ParseException(
> + "End of input reached, could not find closing quotations.");
> + }
> +
> + result = input.substring(initial, i);
> + }
> +
> + return result;
> + }
> +
> + /**
> + * Check if character is a space, tab, newline, or return carriage.
> + *
> + * @param c character to check.
> + * @return true if character is a space, tab, newline, or return carriage,
> + * false otherwise.
> + */
> + public static boolean isSpace(char c) {
> + switch (c) {
> + case ' ':
> + case '\t':
> + case '\r':
> + case '\n':
> + return true;
> + default:
> + return false;
> + }
> + }
> +
> + /**
> + * Check if the character is a valid class name character. [a-zA-Z0-9_\.]
> + *
> + * @param c character to check.
> + * @return true if it is a valid class name character, false otherwise.
> + */
> + public static boolean isValidClassChar(char c) {
> + return isValidNameChar(c) || c == '_' || c == '.';
> + }
> +
> + /**
> + * Check if character is valid for names. [a-zA-Z0-9]
> + *
> + * @param c character to check.
> + * @return true if character is a valid name character, false otherwise.
> + */
> + public static boolean isValidNameChar(char c) {
> +
> + return c >= 'a' && c <= 'z' || c >= 'A' && c <= 'Z' || c >= '0'
> + && c <= '9';
> +
> + }
> +
> + /**
> + * Convert given string to a policy file styled comment.
> + *
> + * @param str string to turn into a comment.
> + * @return a comment string
> + */
> + public static String makeComment(String str) {
> + return "/* " + str + " */";
> + }
> +
> + /**
> + * Surround the given string in quotations.
> + *
> + * @param str string to quote
> + * @return Quoted String
> + */
> + public static String quote(String str) {
> + return "\"" + str + "\"";
> + }
> +
> + /**
> + * Get the next index which is a non-space character.
> + *
> + * @param input String to check.
> + * @param i index to begin checking from.
> + * @return the next non whitespace character's index.
> + */
> + public static int skipSpace(final String input, int i) {
> + while (i < input.length() && isSpace(input.charAt(i))) {
> + i++;
> + }
> + return i;
> + }
> +
> + /**
> + * This converts all the escaped quotation marks back to original unescaped
> + * version.
> + *
> + * @param str String to unescape.
> + * @return a string with its escaped quotation unescaped.
> + */
> + public static String unescape(String str) {
> + return str.replaceAll("\\\\\"", "\"");
> + }
> +
> + /**
> + * Remove quotations from the given string.
> + *
> + * @param str String to unquote.
> + * @return String with first leading and first trailing double quotes
> + * removed.
> + */
> + public static String unquote(String str) {
> + if (str.charAt(0) != '"' || str.charAt(str.length() - 1) != '"') {
> + // FIXME: Maybe we could just return the string as is?
> + throw new IllegalArgumentException("String is not quoted");
> + }
> +
> + return str.substring(1, str.length() - 1);
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/AWTPermission.java b/netx/net/sourceforge/jnlp/policy/permission/AWTPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/AWTPermission.java
> @@ -0,0 +1,45 @@
> +/* AWTPermission.java -- Represents AWTPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the AWTPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class AWTPermission extends Permission {
> +
> + /**
> + * Create a new AWTPermission.
> + */
> + public AWTPermission() {
> + super("java.awt.AWTPermission", new String[] { "accessClipboard",
> + "accessEventQueue", "accessSystemTray", "createRobot",
> + "fullScreenExclusive", "listenToAllAWTEvents",
> + "readDisplayPixels", "replaceKeyboardFocusManager",
> + "setAppletStub", "setWindowAlwaysOnTop",
> + "showWindowWithoutWarningBanner", "toolkitModality",
> + "watchMousePointer" }, null);
> + }
> +
> + @Override
> + public AWTPermission newInstance() {
> + return new AWTPermission();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/AllPermission.java b/netx/net/sourceforge/jnlp/policy/permission/AllPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/AllPermission.java
> @@ -0,0 +1,44 @@
> +/* AllPermission.java -- Represents AllPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the AllPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class AllPermission extends Permission {
> +
> + /**
> + * Create a new AllPermission.
> + */
> + public AllPermission() {
> + super("java.security.AllPermission", null, null);
> + }
> +
> + @Override
> + public AllPermission newInstance() {
> + return new AllPermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + return target == null || target.trim().length() == 0;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/AudioPermission.java b/netx/net/sourceforge/jnlp/policy/permission/AudioPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/AudioPermission.java
> @@ -0,0 +1,40 @@
> +/* AudioPermission.java -- Represents AudioPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the AudioPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class AudioPermission extends Permission {
> +
> + /**
> + * Create a new AudioPermission.
> + */
> + public AudioPermission() {
> + super("javax.sound.sampled.AudioPermission", new String[] { "play",
> + "record" }, null);
> + }
> +
> + @Override
> + public AudioPermission newInstance() {
> + return new AudioPermission();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/AuthPermission.java b/netx/net/sourceforge/jnlp/policy/permission/AuthPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/AuthPermission.java
> @@ -0,0 +1,71 @@
> +/* AuthPermission.java -- Represents AuthPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the AuthPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class AuthPermission extends Permission {
> +
> + /**
> + * Create a new AuthPermission.
> + */
> + public AuthPermission() {
> + super("javax.security.auth.AuthPermission",
> + new String[] { "doAs", "doAsPrivileged", "getSubject",
> + "getSubjectFromDomainCombiner", "setReadOnly",
> + "modifyPrincipals", "modifyPublicCredentials",
> + "modifyPrivateCredentials", "refreshCredential",
> + "destroyCredential", "createLoginContext.{name}",
> + "getLoginConfiguration", "setLoginConfiguration",
> + "createLoginConfiguration.{name}",
> + "refreshLoginConfiguration" }, null);
> + }
> +
> + @Override
> + public AuthPermission newInstance() {
> + return new AuthPermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + boolean isValid = super.validTarget(target);
> +
> + /*
> + * Need to handle special cases: "createLoginContext.{name}"
> + * "createLoginConfiguration.{name}"
> + */
> +
> + if (target != null)
> + target = target.trim();
> +
> + if (!isValid && target != null && target.length() > 0) {
> + if (!target.endsWith(".")) {
> + isValid = target.startsWith("createLoginContext.")
> + || target.equals("createLoginContext")
> + || target.startsWith("createLoginConfiguration.")
> + || target.equals("createLoginConfiguration");
> + }
> + }
> +
> + return isValid;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/DelegationPermission.java b/netx/net/sourceforge/jnlp/policy/permission/DelegationPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/DelegationPermission.java
> @@ -0,0 +1,75 @@
> +/* DelegationPermission.java -- Represents DelegationPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +import net.sourceforge.jnlp.policy.PolicyUtils;
> +
> +/**
> + * This class represents the DelegationPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class DelegationPermission extends Permission {
> +
> + /**
> + * Create a new DelegationPermission.
> + */
> + public DelegationPermission() {
> + super("javax.security.auth.kerberos.DelegationPermission", null, null);
> + }
> +
> + @Override
> + public DelegationPermission newInstance() {
> + return new DelegationPermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + if (target != null) {
> + target = target.trim();
> + }
> + boolean isValid = false;
> + if (target != null && target.length() > 0) {
> + StringBuilder sb = new StringBuilder();
> + for (int index = 0; index < target.length();) {
> + isValid = false;
> + sb.setLength(0);
> + char c = target.charAt(index);
> + for (int i = index; i < target.length()
> + && !PolicyUtils.isSpace(c = target.charAt(i));) {
> + sb.append(c);
> + index = ++i;
> + }
> +
> + try {
> + String s = PolicyUtils.unquote(sb.toString());
> + isValid = s.length() > 0 && s.indexOf('\"') == -1;
> + if (!isValid)
> + break;
> + } catch (IllegalArgumentException e) {
> + break;
> + }
> +
> + if (PolicyUtils.isSpace(c))
> + index++;
> + }
> + }
> + return isValid;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/FilePermission.java b/netx/net/sourceforge/jnlp/policy/permission/FilePermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/FilePermission.java
> @@ -0,0 +1,46 @@
> +/* FilePermission.java -- Represents FilePermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the FilePermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class FilePermission extends Permission {
> +
> + /**
> + * Create a new FilePermission.
> + */
> + public FilePermission() {
> + super("java.io.FilePermission", new String[] { "<<ALL FILES>>" },
> + new String[] { "read", "write", "delete", "execute" });
> + }
> +
> + @Override
> + public FilePermission newInstance() {
> + return new FilePermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + return super.validTarget(target)
> + || (target != null && target.trim().length() > 0);
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/LoggingPermission.java b/netx/net/sourceforge/jnlp/policy/permission/LoggingPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/LoggingPermission.java
> @@ -0,0 +1,40 @@
> +/* LoggingPermission.java -- Represents LoggingPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the LoggingPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public class LoggingPermission extends Permission {
> +
> + /**
> + * Create a new LoggingPermission.
> + */
> + public LoggingPermission() {
> + super("java.util.logging.LoggingPermission",
> + new String[] { "control" }, null);
> + }
> +
> + @Override
> + public LoggingPermission newInstance() {
> + return new LoggingPermission();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/NetPermission.java b/netx/net/sourceforge/jnlp/policy/permission/NetPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/NetPermission.java
> @@ -0,0 +1,43 @@
> +/* NetPermission.java -- Represents NetPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the NetPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class NetPermission extends Permission {
> +
> + /**
> + * Create a new NetPermission.
> + */
> + public NetPermission() {
> + super("java.net.NetPermission", new String[] {
> + "setDefaultAuthenticator", "requestPasswordAuthentication",
> + "specifyStreamHandler", "setProxySelector", "getProxySelector",
> + "setCookieHandler", "getCookieHandler", "setResponseCache",
> + "getResponseCache" }, null);
> + }
> +
> + @Override
> + public NetPermission newInstance() {
> + return new NetPermission();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/Permission.java b/netx/net/sourceforge/jnlp/policy/permission/Permission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/Permission.java
> @@ -0,0 +1,447 @@
> +/* Permission.java -- Represents a general permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +import java.util.HashSet;
> +
> +import net.sourceforge.jnlp.policy.PolicyUtils;
> +
> +/**
> + * This class represents a general Permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public class Permission {
> + /* This is the class which all permissions should extend. */
> + private static final Class c;
> + private static final String canonClassName;
> + static {
> + try {
> + c = Class.forName("java.security.Permission");
> + } catch (final ClassNotFoundException e) {
> + // This should never happen..
> + throw new RuntimeException(
> + "We can't find the permission class. Die here.");
> + }
> + canonClassName = c.getCanonicalName();
> + }
> +
> + /* Default permissions */
> + private static Permission[] DEFAULT_PERMISSIONS = new Permission[] {
> + new AllPermission(), new AudioPermission(), new AuthPermission(),
> + new AWTPermission(), new DelegationPermission(),
> + new FilePermission(), new LoggingPermission(), new NetPermission(),
> + new PrivateCredentialPermission(), new PropertyPermission(),
> + new ReflectPermission(), new RuntimePermission(),
> + new SecurityPermission(), new SerializablePermission(),
> + new ServicePermission(), new SocketPermission(),
> + new SQLPermission(), new SSLPermission(), };
> +
> + /**
> + * Returns an array of default permissions.
> + *
> + * @return a copy of the default permissions.
> + */
> + public static Permission[] getDefaults() {
> + final Permission[] permissions = new Permission[DEFAULT_PERMISSIONS.length];
> + for (int i = 0; i < permissions.length; i++) {
> + permissions[i] = DEFAULT_PERMISSIONS[i].newInstance();
> + }
> +
> + return permissions;
> + }
> +
> + /**
> + * This is used to verify that this is a valid permission class. However if
> + * the class can not be found during the current runtime, it is assumed
> + * valid.
> + *
> + * @param fullClassName class name to validate
> + * @return true if class is valid, false otherwise.
> + */
> + public static boolean isValidClass(String fullClassName) {
> + boolean isValid = false;
> + // Lazy check.
> + for (final Permission p : DEFAULT_PERMISSIONS) {
> + if (p.getFullClassName().equals(fullClassName)) {
> + return true;
> + }
> + }
> +
> + try {
> + // Get the class if it exists. Otherwise an exception will be
> + // thrown.
> + final Class clazz = Class.forName(fullClassName, false, null);
> +
> + for (final Class i : clazz.getClasses()) {
> + final String canon = i.getCanonicalName();
> + if (canon != null && canon.equals(canonClassName)) {
> + isValid = true;
> + break;
> + }
> + }
> +
> + } catch (final ClassNotFoundException e) {
> + isValid = fullClassName
> + .matches("^([a-zA-Z_][\\w_]*\\.)*([a-zA-Z_][\\w_]*)$");
> + }
> +
> + return isValid;
> + }
> +
> + /**
> + * Return a Permission instance which is of the same type as argument.
> + *
> + * @param permission permission to create a new instance of.
> + * @return an instance of the given permission. (Permission with the same
> + * fullClassName.)
> + */
> + public static Permission newInstanceOf(Permission permission) {
> + return permission != null ? newInstanceOf(permission.getFullClassName())
> + : null;
> + }
> +
> + /**
> + * Returns a Permission which is represented by <code>fullClassName</code>.
> + *
> + * @param fullClassName name of class to get.
> + * @return permission with the given fullClassName.
> + */
> + public static Permission newInstanceOf(String fullClassName) {
> + if (fullClassName != null) {
> + fullClassName = fullClassName.trim();
> + }
> +
> + if (fullClassName == null || fullClassName != null
> + && fullClassName.length() == 0) {
> + return null;
> + }
> +
> + for (final Permission p : DEFAULT_PERMISSIONS) {
> + if (p.getFullClassName().equals(fullClassName)) {
> + return p.newInstance();
> + }
> + }
> +
> + return new Permission(fullClassName, null, null);
> + }
> +
> + private final String className;
> + private final String fullClassName;
> + private final String[] targets;
> +
> + private final String[] actions;
> +
> + private String target;
> +
> + private String action; // FIXME: Actions can be more than one.
> +
> + private String signedBy = null;
> +
> + private String displayName = null;
> +
> + /**
> + * Creates a new Permission.
> + *
> + * @param fullClassName full class name
> + * @param targets targets this class have
> + * @param actions actions this class have.
> + */
> + public Permission(String fullClassName, String[] targets, String[] actions) {
> + // Can't call isValidClass since while creating defaults, the default is
> + // not set.
> + if (fullClassName == null
> + || !fullClassName
> + .matches("^([a-zA-Z_][\\w_]*\\.)*([a-zA-Z_][\\w_]*)$")) {
> + throw new IllegalArgumentException(
> + "Class name must not be null and must match: ^([a-zA-Z_][\\w_]*\\.)*([a-zA-Z_][\\w_]*)$");
> + }
> +
> + final String[] className = fullClassName.split("\\.");
> + this.className = className[className.length - 1];
> + this.fullClassName = fullClassName;
> + this.targets = targets;
> + this.actions = actions;
> + }
> +
> + /**
> + * Get the action that has been set for this permission.
> + *
> + * @return a comma separated string of action, null if no action exist.
> + */
> + public String getAction() {
> + if (this.action != null) {
> + StringBuilder sb = new StringBuilder();
> + String[] actions = this.action.split(",");
> + for (String s : actions) {
> + String val = s.trim();
> +
> + if (val.length() > 0 && sb.length() > 0)
> + sb.append(", ");
> + sb.append(val);
> + }
> + return sb.toString();
> + }
> +
> + return this.action;
> + }
> +
> + /**
> + * Get the actions associated with this permission.
> + *
> + * @return array of actions, null if no actions exist
> + */
> + public final String[] getActions() {
> + return this.actions;
> + }
> +
> + /**
> + * Get the class name.
> + *
> + * @return class name
> + */
> + public final String getClassName() {
> + return this.className;
> + }
> +
> + /**
> + * Get the display name for this permission.
> + *
> + * @return String representing the display name, null otherwise.
> + */
> + public final String getDisplayName() {
> + return this.displayName;
> + }
> +
> + /**
> + * Get the full class name.
> + *
> + * @return full class name.
> + */
> + public final String getFullClassName() {
> + return this.fullClassName;
> + }
> +
> + /**
> + * Get the signed by value that was set.
> + *
> + * @return signer for permission.
> + */
> +
> + public final String getSignedBy() {
> + return this.signedBy;
> + }
> +
> + /**
> + * Get the target that has been set for this permission.
> + *
> + * @return target assigned to this permission, null if not set.
> + */
> + public String getTarget() {
> + return this.target;
> + }
> +
> + /**
> + * Get the targets associated with this permission.
> + *
> + * @return array of targets this permisison has, null if not set.
> + */
> + public final String[] getTargets() {
> + return this.targets;
> + }
> +
> + /**
> + * Checks whether this permission is valid. It is considered valid if both
> + * the target and action are valid.
> + *
> + * @return true if it has a valid fullClassName, target and action, false
> + * otherwise.
> + */
> + public boolean isValid() {
> + return validTarget(this.target) && validAction(this.action)
> + && isValidClass(getFullClassName());
> + }
> +
> + /**
> + * Return a new instance of the permission.
> + *
> + * @return a new instance of this permission.
> + */
> + public Permission newInstance() {
> + return newInstanceOf(this);
> + }
> +
> + /**
> + * Set the action for this permission.
> + *
> + * @param action action to assign to this permission.
> + */
> + public void setAction(String action) {
> + if (action != null) {
> + action = action.trim();
> + action.toLowerCase();
> + }
> +
> + if (action != null && action.length() > 0) {
> + HashSet<String> hs = new HashSet<String>();
> + for (String s : action.split("\\s*,\\s*")) {
> + hs.add(s.trim());
> + }
> + action = "";
> + for (String s : hs) {
> + if (s.length() > 0 && action.length() > 0)
> + action += ", ";
> + action += s;
> + }
> +
> + } else {
> + action = null;
> + }
> +
> + this.action = action;
> + }
> +
> + /**
> + * Set the display name for this permission.
> + *
> + * @param displayName display name to use.
> + */
> + public void setDisplayName(String displayName) {
> + if (displayName != null) {
> + displayName = displayName.trim();
> + }
> +
> + int i = 0;
> + boolean valid = false;
> +
> + while (displayName != null
> + && i < displayName.length()
> + && (valid = PolicyUtils
> + .isValidNameChar(displayName.charAt(i++)))) {
> + ;
> + }
> +
> + if (valid) {
> + this.displayName = displayName;
> + } else {
> + this.displayName = null;
> + }
> + }
> +
> + /**
> + * Set the signed by value, value will be trimmed and set to null when
> + * appropriate.
> + *
> + * @param signedBy signer of this permission.
> + */
> + public final void setSignedBy(String signedBy) {
> + if (signedBy != null) {
> + signedBy = signedBy.trim();
> + }
> +
> + if (signedBy != null && signedBy.length() == 0) {
> + signedBy = null;
> + }
> +
> + this.signedBy = signedBy;
> + }
> +
> + /**
> + * Set the target for this Permission.
> + *
> + * @param target target to assign to this permission.
> + */
> + public void setTarget(String target) {
> + if (target != null) {
> + target = target.trim();
> + }
> +
> + if (target != null && target.length() == 0) {
> + target = null;
> + }
> +
> + this.target = target;
> + }
> +
> + @Override
> + public final String toString() {
> + return (getDisplayName() != null ? getDisplayName() : getClassName())
> + + (isValid() ? "" : "*");
> + }
> +
> + /**
> + * Check if given Action is valid.
> + *
> + * @param action Action to be checked.
> + * @return true if action is valid, false otherwise.
> + */
> + public boolean validAction(String action) {
> + boolean isValid = false;
> + boolean isDefault = false;
> + if (action != null) {
> + action = action.trim().toLowerCase();
> + }
> +
> + for (Permission p : DEFAULT_PERMISSIONS) {
> + isDefault = p.getFullClassName().equals(this.getFullClassName());
> + if (isDefault)
> + break;
> + }
> +
> + if (action != null && action.length() > 0 && this.actions != null) {
> + for (String s : action.split("\\s*,\\s*")) {
> + isValid = false;
> + for (String defaultAction : getActions()) {
> + if (defaultAction.equalsIgnoreCase(s.trim())) {
> + isValid = true;
> + break;
> + }
> + }
> + }
> + } else {
> + isValid = (!isDefault && this.actions == null)
> + || this.actions == null
> + && (action == null || action.length() == 0);
> + }
> +
> + return isValid;
> + }
> +
> + /**
> + * Check if a given target is valid.
> + *
> + * @param target Target to be checked.
> + * @return true if target is valid, false otherwise.
> + */
> + public boolean validTarget(String target) {
> + boolean isValid = false;
> + if (target != null) {
> + target = target.trim();
> + }
> +
> + if (target != null && target.length() > 0) {
> + for (int i = 0; this.targets != null && !isValid
> + && i < this.targets.length; i++) {
> + isValid = this.targets[i].equals(target);
> + }
> + }
> +
> + return isValid;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/PrivateCredentialPermission.java b/netx/net/sourceforge/jnlp/policy/permission/PrivateCredentialPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/PrivateCredentialPermission.java
> @@ -0,0 +1,106 @@
> +/* PrivateCredentialPermission.java -- Represents PrivateCredentialPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +import net.sourceforge.jnlp.policy.ParseException;
> +import net.sourceforge.jnlp.policy.PolicyUtils;
> +
> +/**
> + * This class represents the PrivateCredentialPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class PrivateCredentialPermission extends Permission {
> +
> + /**
> + * Create a new PrivateCredentialPermission.
> + */
> + public PrivateCredentialPermission() {
> + super("javax.security.auth.PrivateCredentialPermission", null,
> + new String[] { "read" });
> +
> + }
> +
> + @Override
> + public PrivateCredentialPermission newInstance() {
> + return new PrivateCredentialPermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + if (target != null)
> + target = target.trim();
> +
> + if (target != null && target.length() == 0)
> + target = null;
> +
> + boolean isValid = false;
> + if (target != null) {
> + boolean credential = false;
> + boolean principal = false;
> +
> + String quote = null;
> + for (int index = 0; index < target.length();) {
> + index = PolicyUtils.skipSpace(target, index);
> + isValid = false;
> + char c = target.charAt(index);
> + boolean nonSpaceFound = false;
> + for (int i = index; i < target.length()
> + && !PolicyUtils.isSpace(c = target.charAt(i));) {
> + nonSpaceFound = true;
> + if (credential && principal) {
> + try {
> + quote = PolicyUtils.getQuotedText(target, index);
> + if (quote != null) {
> + index += quote.length();
> + i = index;
> + } else {
> + return false;
> + }
> + } catch (ParseException e) {
> + return false;
> + }
> + } else {
> + index = ++i;
> + }
> + }
> +
> + if (!credential && nonSpaceFound) {
> + credential = true;
> + } else if (!principal && nonSpaceFound) {
> + principal = true;
> + } else if (credential && principal) {
> + if (quote != null && quote.length() > 1
> + && quote.charAt(0) == '\"'
> + && quote.charAt(quote.length() - 1) == '\"') {
> + principal = false;
> + isValid = true;
> + quote = null;
> + } else {
> + break;
> + }
> +
> + }
> + }
> +
> + }
> +
> + return isValid;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/PropertyPermission.java b/netx/net/sourceforge/jnlp/policy/permission/PropertyPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/PropertyPermission.java
> @@ -0,0 +1,55 @@
> +/* PropertyPermission.java -- Represents PropertyPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the PropertyPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class PropertyPermission extends Permission {
> +
> + /**
> + * Create a new PropertyPermission.
> + */
> + public PropertyPermission() {
> + super("java.util.PropertyPermission", null, new String[] { "read",
> + "write" });
> + }
> +
> + @Override
> + public PropertyPermission newInstance() {
> + return new PropertyPermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + if (target != null)
> + target = target.trim();
> +
> + boolean isValid = false;
> + if (target != null && target.length() > 0) {
> + int index = target.indexOf('*');
> + isValid = (index == 0 && target.length() == 1)
> + || (index > 0 && index == target.length() - 1 && target
> + .charAt(index - 1) == '.') || (index == -1);
> + }
> + return isValid;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/ReflectPermission.java b/netx/net/sourceforge/jnlp/policy/permission/ReflectPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/ReflectPermission.java
> @@ -0,0 +1,40 @@
> +/* ReflectPermission.java -- Represents ReflectPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the ReflectPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class ReflectPermission extends Permission {
> +
> + /**
> + * Create a new ReflectPermission.
> + */
> + public ReflectPermission() {
> + super("java.lang.reflect.ReflectPermission",
> + new String[] { "suppressAccessChecks" }, null);
> + }
> +
> + @Override
> + public ReflectPermission newInstance() {
> + return new ReflectPermission();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/RuntimePermission.java b/netx/net/sourceforge/jnlp/policy/permission/RuntimePermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/RuntimePermission.java
> @@ -0,0 +1,85 @@
> +/* RuntimePermission.java -- Represents RuntimePermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the RuntimePermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class RuntimePermission extends Permission {
> +
> + /**
> + * Create a new RuntimePermission.
> + */
> + public RuntimePermission() {
> + super("java.lang.RuntimePermission", new String[] {
> + "createClassLoader", "getClassLoader", "setContextClassLoader",
> + "enableContextClassLoaderOverride", "setSecurityManage",
> + "createSecurityManager", "getenv.{variable name}",
> + "exitVM.{exit status}", "shutdownHooks", "setFactory", "setIO",
> + "modifyThread", "stopThread", "modifyThreadGroup",
> + "getProtectionDomain", "readFileDescriptor",
> + "writeFileDescriptor", "loadLibrary.{library name}",
> + "accessClassInPackage.{package name}",
> + "defineClassInPackage.{package name}", "accessDeclaredMembers",
> + "queuePrintJob", "getStackTrace",
> + "setDefaultUncaughtExceptionHandler", "preferences",
> + "usePolicy", }, null);
> + }
> +
> + @Override
> + public RuntimePermission newInstance() {
> + return new RuntimePermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + boolean isValid = super.validTarget(target);
> + /*
> + * Need to handle special cases: "getenv.{variable name}"
> + * "exitVM.{exit status}" "loadLibrary.{library name}"
> + * "accessClassInPackage.{package name}"
> + * "defineClassInPackage.{package name}"
> + */
> +
> + if (target != null)
> + target = target.trim();
> +
> + if (!isValid && target != null && target.length() > 0) {
> + int index = target.indexOf('*');
> + boolean validAsterisk = (index == 0 && target.length() == 1)
> + || (index > 0 && index == target.length() - 1 && target
> + .charAt(index - 1) == '.') || (index == -1);
> + boolean isSpecial = false;
> + if (!target.endsWith(".")) {
> + isSpecial = target.startsWith("getenv.")
> + || target.startsWith("exitVM.")
> + || target.startsWith("loadLibrary.")
> + || target.startsWith("accessClassInPackage.")
> + || target.startsWith("defineClassInPackage.");
> + }
> +
> + isValid = validAsterisk && isSpecial || index == 0
> + && target.length() == 1;
> + }
> +
> + return isValid;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/SQLPermission.java b/netx/net/sourceforge/jnlp/policy/permission/SQLPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/SQLPermission.java
> @@ -0,0 +1,39 @@
> +/* SQLPermission.java -- Represents SQLPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the SQLPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class SQLPermission extends Permission {
> +
> + /**
> + * Create a new SQLPermission.
> + */
> + public SQLPermission() {
> + super("java.sql.SQLPermission", new String[] { "setLog" }, null);
> + }
> +
> + @Override
> + public SQLPermission newInstance() {
> + return new SQLPermission();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/SSLPermission.java b/netx/net/sourceforge/jnlp/policy/permission/SSLPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/SSLPermission.java
> @@ -0,0 +1,40 @@
> +/* SSLPermission.java -- Represents SSLPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the SSLPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class SSLPermission extends Permission {
> +
> + /**
> + * Create a new SSLPermission.
> + */
> + public SSLPermission() {
> + super("javax.net.ssl.SSLPermission", new String[] {
> + "setHostnameVerifier", "getSSLSessionContext" }, null);
> + }
> +
> + @Override
> + public SSLPermission newInstance() {
> + return new SSLPermission();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/SecurityPermission.java b/netx/net/sourceforge/jnlp/policy/permission/SecurityPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/SecurityPermission.java
> @@ -0,0 +1,81 @@
> +/* SecurityPermission.java -- Represents SecurityPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the SecurityPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class SecurityPermission extends Permission {
> +
> + /**
> + * Create a new SecurityPermission.
> + */
> + public SecurityPermission() {
> + super("java.security.SecurityPermission", new String[] {
> + "createAccessControlContext", "getDomainCombiner", "getPolicy",
> + "setPolicy", "createPolicy.{policy type}", "getProperty.{key}",
> + "setProperty.{key}", "insertProvider.{provider name}",
> + "removeProvider.{provider name}",
> + "clearProviderProperties.{provider name}",
> + "putProviderProperty.{provider name}",
> + "removeProviderProperty.{provider name}", "setSystemScope",
> + "setIdentityPublicKey", "setIdentityInfo",
> + "addIdentityCertificate", "removeIdentityCertificate",
> + "printIdentity", "getSignerPrivateKey", "setSignerKeyPair" },
> + null);
> + }
> +
> + @Override
> + public SecurityPermission newInstance() {
> + return new SecurityPermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + boolean isValid = super.validTarget(target);
> +
> + /*
> + * Need to handle special cases: "getProperty.{key}"
> + * "setProperty.{key}", "insertProvider.{provider name}"
> + * "removeProvider.{provider name}"
> + * "clearProviderProperties.{provider name}"
> + * "putProviderProperty.{provider name}"
> + * "removeProviderProperty.{provider name}"
> + */
> +
> + if (target != null)
> + target = target.trim();
> +
> + if (!isValid && target != null && target.length() > 0) {
> + if (!target.endsWith(".")) {
> + isValid = target.startsWith("getProperty.")
> + || target.startsWith("setProperty.")
> + || target.startsWith("insertProvider.")
> + || target.startsWith("removeProvider.")
> + || target.startsWith("clearProviderProperties.")
> + || target.startsWith("putProviderProperty.")
> + || target.startsWith("removeProviderProperty.");
> + }
> + }
> +
> + return isValid;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/SerializablePermission.java b/netx/net/sourceforge/jnlp/policy/permission/SerializablePermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/SerializablePermission.java
> @@ -0,0 +1,40 @@
> +/* SerializablePermission.java -- Represents SerializablePermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the SerializablePermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class SerializablePermission extends Permission {
> +
> + /**
> + * Create a new SerializablePermission.
> + */
> + public SerializablePermission() {
> + super("java.io.SerializablePermission", new String[] {
> + "enableSubclassImplementation", "enableSubstitution" }, null);
> + }
> +
> + @Override
> + public SerializablePermission newInstance() {
> + return new SerializablePermission();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/ServicePermission.java b/netx/net/sourceforge/jnlp/policy/permission/ServicePermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/ServicePermission.java
> @@ -0,0 +1,51 @@
> +/* ServicePermission.java -- Represents ServicePermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the ServicePermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class ServicePermission extends Permission {
> +
> + /**
> + * Create a new ServicePermission.
> + */
> + public ServicePermission() {
> + super("javax.security.auth.kerberos.ServicePermission", null,
> + new String[] { "initiate", "accept" });
> + }
> +
> + @Override
> + public ServicePermission newInstance() {
> + return new ServicePermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + if (target != null)
> + target = target.trim();
> +
> + if (target != null && target.length() == 0)
> + target = null;
> +
> + return target != null;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/permission/SocketPermission.java b/netx/net/sourceforge/jnlp/policy/permission/SocketPermission.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/permission/SocketPermission.java
> @@ -0,0 +1,87 @@
> +/* SocketPermission.java -- Represents SocketPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.permission;
> +
> +/**
> + * This class represents the SocketPermission permission.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class SocketPermission extends Permission {
> +
> + /**
> + * Create a new SocketPermission.
> + */
> + public SocketPermission() {
> + super("java.net.SocketPermission", null, new String[] { "accept",
> + "connect", "listen", "resolve" });
> + }
> +
> + @Override
> + public SocketPermission newInstance() {
> + return new SocketPermission();
> + }
> +
> + @Override
> + public boolean validTarget(String target) {
> + if (target != null)
> + target = target.trim();
> +
> + boolean isValid = false;
> + if (target != null && target.length() != 0) {
> + String[] split = target.split(":");
> + if (split.length == 1) {
> + isValid = !target.endsWith(":");
> + } else if (split.length == 2) {
> + String host = split[0];
> + String port = split[1];
> +
> + // Verify host.
> + boolean validHost = false;
> + int index = host.lastIndexOf('*');
> + if (index == 0 || index == -1) {
> + validHost = true;
> + }
> +
> + // Verify port.
> + if (validHost) {
> + index = port.indexOf('-');
> + if (index != -1) {
> + if (index == 0) {
> + port = port.substring(1);
> + } else if (index == port.length() - 1) {
> + port = port.substring(0, index);
> + }
> +
> + }
> + if (port.length() > 0) {
> + try {
> + int portVal = Integer.parseInt(port);
> + isValid = portVal > 0 && portVal < Math.pow(2, 16);
> + } catch (NumberFormatException e) {
> + // Just ignore it.
> + }
> + }
> + }
> + }
> + }
> +
> + return isValid;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/principal/KerberosPrincipal.java b/netx/net/sourceforge/jnlp/policy/principal/KerberosPrincipal.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/principal/KerberosPrincipal.java
> @@ -0,0 +1,39 @@
> +/* AllPermission.java -- Represents AllPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.principal;
> +
> +/**
> + * This class represents the KerberosPrincipal principal.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class KerberosPrincipal extends Principal {
> +
> + /**
> + * Create new KerberosPrincipal.
> + */
> + public KerberosPrincipal() {
> + super("javax.security.auth.kerberos.KerberosPrincipal");
> + }
> +
> + @Override
> + public KerberosPrincipal newInstance() {
> + return new KerberosPrincipal();
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/principal/Principal.java b/netx/net/sourceforge/jnlp/policy/principal/Principal.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/principal/Principal.java
> @@ -0,0 +1,298 @@
> +/* Principal.java -- Represents a general Principal.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.principal;
> +
> +import net.sourceforge.jnlp.policy.PolicyUtils;
> +
> +/**
> + * This class represent a general Principal.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public class Principal {
> + /* This is the class which all principal classes should extend. */
> + private static final Class c;
> + private static final String canonClassName;
> + static {
> + try {
> + c = Class.forName("java.security.Principal", false, null);
> + } catch (final ClassNotFoundException e) {
> + // This should never happen..
> + throw new RuntimeException(
> + "We can't find the principal interface class. Die here.");
> + }
> + canonClassName = c.getCanonicalName();
> + }
> +
> + private static Principal[] DEFAULT_PRINCIPALS = new Principal[] {
> + new KerberosPrincipal(), new X500Principal(), };
> +
> + /**
> + * Returns an array of default principals.
> + *
> + * @return a copy of the default principals.
> + */
> + public static Principal[] getDefaults() {
> + final Principal[] principal = new Principal[DEFAULT_PRINCIPALS.length];
> + for (int i = 0; i < principal.length; i++) {
> + principal[i] = DEFAULT_PRINCIPALS[i].newInstance();
> + }
> +
> + return principal;
> + }
> +
> + /**
> + * This is used to verify that this is a valid principal class. However if
> + * the class can not be found during the current runtime, it is assumed
> + * valid.
> + *
> + * @param fullClassName class name to validate
> + * @return true if class is valid, false otherwise.
> + */
> + public static boolean isValidClass(String fullClassName) {
> + boolean isValid = false;
> + // Lazy check.
> + for (final Principal p : DEFAULT_PRINCIPALS) {
> + if (p.getFullClassName().equals(fullClassName)) {
> + return true;
> + }
> + }
> + try {
> + // Get the class if it exists. Otherwise an exception will be
> + // thrown.
> + final Class clazz = Class.forName(fullClassName, false, null);
> +
> + for (final Class i : clazz.getClasses()) {
> + final String canon = i.getCanonicalName();
> + if (canon != null && canon.equals(canonClassName)) {
> + isValid = true;
> + break;
> + }
> + }
> +
> + /*
> + * FIXME: Try to instantiate the class with given parameters to see
> + * if it's valid. This should throw an exception if invalid. That
> + * way we can catch it and remedy the problem.
> + */
> + } catch (final ClassNotFoundException e) {
> + isValid = fullClassName
> + .matches("^([a-zA-Z_][\\w_]*\\.)*([a-zA-Z_][\\w_]*)$");
> + }
> +
> + return isValid;
> + }
> +
> + /**
> + * Return a Principal instance which is of the same type as argument.
> + *
> + * @param principal principal to create a new instance of.
> + * @return an instance of the given principal. (principal with the same
> + * fullClassName.)
> + */
> + public static Principal newInstanceOf(Principal principal) {
> + return principal != null ? newInstanceOf(principal.getFullClassName())
> + : null;
> + }
> +
> + /**
> + * Returns a Principal which is represented by <code>fullClassName</code>.
> + *
> + * @param fullClassName name of class to get.
> + * @return principal with the given fullClassName.
> + */
> + public static Principal newInstanceOf(String fullClassName) {
> + if (fullClassName != null) {
> + fullClassName = fullClassName.trim();
> + }
> +
> + if (fullClassName == null || fullClassName != null
> + && fullClassName.length() == 0) {
> + return null;
> + }
> +
> + for (final Principal p : DEFAULT_PRINCIPALS) {
> + if (p.getFullClassName().equals(fullClassName)) {
> + return p.newInstance();
> + }
> + }
> +
> + return new Principal(fullClassName);
> + }
> +
> + private final String className;
> +
> + private final String fullClassName;
> +
> + private String name;
> +
> + private String displayName = null;
> +
> + /**
> + * Creates a new Principal.
> + *
> + * @param fullClassName full class name
> + */
> + public Principal(String fullClassName) {
> + // Can't call isValidClass since while creating defaults, the default is
> + // not set.
> + if (fullClassName == null
> + || !fullClassName
> + .matches("^([a-zA-Z_][\\w_]*\\.)*([a-zA-Z_][\\w_]*)$")) {
> + throw new IllegalArgumentException(
> + "Class name must not be null and must match: ^([a-zA-Z_][\\w_]*\\.)*([a-zA-Z_][\\w_]*)$");
> + }
> +
> + final String[] className = fullClassName.split("\\.");
> + this.className = className[className.length - 1];
> + this.fullClassName = fullClassName;
> + }
> +
> + @Override
> + public boolean equals(Object o) {
> + if (o instanceof Principal) {
> + return ((Principal) o).getFullClassName()
> + .equals(getFullClassName());
> + }
> +
> + return false;
> + }
> +
> + /**
> + * Get the class name.
> + *
> + * @return class name
> + */
> + public final String getClassName() {
> + return this.className;
> + }
> +
> + /**
> + * Get the display name for this principal.
> + *
> + * @return String representing the display name, null otherwise.
> + */
> + public final String getDisplayName() {
> + return this.displayName;
> + }
> +
> + /**
> + * Get the full class name.
> + *
> + * @return full class name
> + */
> + public final String getFullClassName() {
> + return this.fullClassName;
> + }
> +
> + /**
> + * Get the name set for this principal.
> + *
> + * @return name assigned to this principal.
> + */
> + public String getName() {
> + return this.name;
> + }
> +
> + /**
> + * Checks whether this principal is valid. It is considered valid if the
> + * name is valid.
> + *
> + * @return true if this principal is valid, false otherwise.
> + */
> + public boolean isValid() {
> + return validName(getName());
> + }
> +
> + /**
> + * Return a new instance of the principal.
> + *
> + * @return a new instance of this principal.
> + */
> + public Principal newInstance() {
> + return newInstanceOf(this);
> + }
> +
> + /**
> + * Set the display name for this principal.
> + *
> + * @param displayName display name to use.
> + */
> + public void setDisplayName(String displayName) {
> + if (displayName != null) {
> + displayName = displayName.trim();
> + }
> +
> + int i = 0;
> + boolean valid = false;
> +
> + while (displayName != null
> + && i < displayName.length()
> + && (valid = PolicyUtils
> + .isValidNameChar(displayName.charAt(i++)))) {
> + ;
> + }
> +
> + if (valid) {
> + this.displayName = displayName;
> + } else {
> + this.displayName = null;
> + }
> + }
> +
> + /**
> + * Set the name for principal.
> + *
> + * @param name name to set for this principal
> + */
> + public void setName(String name) {
> + if (name != null) {
> + name = name.trim();
> + }
> +
> + if (name != null && name.length() == 0) {
> + name = null;
> + }
> +
> + this.name = name;
> + }
> +
> + @Override
> + public final String toString() {
> + return (getDisplayName() != null ? getDisplayName() : getClassName())
> + + (isValid() ? "" : "*");
> + }
> +
> + /**
> + * Check if given Name is valid.
> + *
> + * @param name name to be checked.
> + * @return true if name is valid, false otherwise.
> + */
> + public boolean validName(String name) {
> + if (name != null) {
> + name = name.trim();
> + }
> +
> + if (name != null && name.length() == 0) {
> + name = null;
> + }
> + return name != null;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/policy/principal/X500Principal.java b/netx/net/sourceforge/jnlp/policy/principal/X500Principal.java
> new file mode 100644
> --- /dev/null
> +++ b/netx/net/sourceforge/jnlp/policy/principal/X500Principal.java
> @@ -0,0 +1,59 @@
> +/* AllPermission.java -- Represents AllPermission permission.
> +Copyright (C) 2010 Red Hat
> +
> +This program is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2 of the License, or
> +(at your option) any later version.
> +
> +This program is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with this program; if not, write to the Free Software
> +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +package net.sourceforge.jnlp.policy.principal;
> +
> +import sun.security.x509.X500Name;
> +
> +/**
> + * This class represents the X500Principal principal.
> + *
> + * @author Andrew Su (asu at redhat.com, andrew.su at utoronto.ca)
> + *
> + */
> +public final class X500Principal extends Principal {
> +
> + /**
> + * Create new X500Principal.
> + */
> + public X500Principal() {
> + super("javax.security.auth.x500.X500Principal");
> + }
> +
> + @Override
> + public X500Principal newInstance() {
> + return new X500Principal();
> + }
> +
> + @Override
> + public boolean validName(String name) {
> + if (name != null) {
> + name = name.trim();
> + }
> +
> + X500Name x500Name = null;
> + if (name != null && name.length() > 0) {
> + try {
> + // If X500Name throws any exception that means name is invalid.
> + x500Name = new X500Name(name);
> + } catch (Exception e) {
> + // Exception means the name is invalid.
> + }
> + }
> + return x500Name != null;
> + }
> +}
> diff --git a/netx/net/sourceforge/jnlp/util/FileUtils.java b/netx/net/sourceforge/jnlp/util/FileUtils.java
> --- a/netx/net/sourceforge/jnlp/util/FileUtils.java
> +++ b/netx/net/sourceforge/jnlp/util/FileUtils.java
> @@ -18,10 +18,17 @@
>
> import static net.sourceforge.jnlp.runtime.Translator.R;
>
> +import java.io.BufferedReader;
> +import java.io.BufferedWriter;
> import java.io.File;
> +import java.io.FileInputStream;
> import java.io.FileNotFoundException;
> +import java.io.FileReader;
> +import java.io.FileWriter;
> import java.io.IOException;
> +import java.io.InputStreamReader;
> import java.io.RandomAccessFile;
> +import java.io.Writer;
> import java.nio.channels.FileChannel;
> import java.nio.channels.FileLock;
>
> @@ -334,4 +341,42 @@
> }
> return lock;
> }
> +
> + /**
> + * Write string content to file. (File will be overwritten)
> + *
> + * @param file File to write to.
> + * @param content String to be written to file.
> + * @throws IOException on an io exception.
> + */
> + public static void writeContentToFile(File file, String content)
> + throws IOException {
> + BufferedWriter writer = new BufferedWriter(new FileWriter(file));
> + try {
> + writer.write(content);
> + } finally {
> + writer.close();
> + }
> + }
> +
> + /**
> + * Read file contents.
> + *
> + * @param file File to be read.
> + * @return String containing the contents of the file.
> + * @throws IOException on an io exception.
> + */
> + public static String readContentFromFile(File file) throws IOException {
> + BufferedReader reader = new BufferedReader(new FileReader(file));
> + StringBuilder sb = new StringBuilder();
> + try {
> + int c;
> + while ((c = reader.read()) != -1) {
> + sb.append((char) c);
> + }
> + } finally {
> + reader.close();
> + }
> + return sb.toString();
> + }
> }
More information about the distro-pkg-dev
mailing list