/* |
|
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved. |
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
* |
|
* This code is free software; you can redistribute it and/or modify it |
|
* under the terms of the GNU General Public License version 2 only, as |
|
* published by the Free Software Foundation. Oracle designates this |
|
* particular file as subject to the "Classpath" exception as provided |
|
* by Oracle in the LICENSE file that accompanied this code. |
|
* |
|
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
* version 2 for more details (a copy is included in the LICENSE file that |
|
* accompanied this code). |
|
* |
|
* You should have received a copy of the GNU General Public License version |
|
* 2 along with this work; if not, write to the Free Software Foundation, |
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
* |
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
* or visit www.oracle.com if you need additional information or have any |
|
* questions. |
|
*/ |
|
package javax.crypto; |
|
import java.security.*; |
|
import java.security.spec.AlgorithmParameterSpec; |
|
import java.io.Serializable; |
|
import java.util.Enumeration; |
|
import java.util.Vector; |
|
import javax.crypto.spec.*; |
|
/** |
|
* The CryptoPermission class extends the |
|
* java.security.Permission class. A |
|
* CryptoPermission object is used to represent |
|
* the ability of an application/applet to use certain |
|
* algorithms with certain key sizes and other |
|
* restrictions in certain environments. <p> |
|
* |
|
* @see java.security.Permission |
|
* |
|
* @author Jan Luehe |
|
* @author Sharon Liu |
|
* @since 1.4 |
|
*/ |
|
class CryptoPermission extends java.security.Permission { |
|
private static final long serialVersionUID = 8987399626114087514L; |
|
private String alg; |
|
private int maxKeySize = Integer.MAX_VALUE; // no restriction on maxKeySize |
|
private String exemptionMechanism = null; |
|
private AlgorithmParameterSpec algParamSpec = null; |
|
private boolean checkParam = false; // no restriction on param |
|
static final String ALG_NAME_WILDCARD = "*"; |
|
/** |
|
* Constructor that takes an algorithm name. |
|
* |
|
* This constructor implies that the given algorithm can be |
|
* used without any restrictions. |
|
* |
|
* @param alg the algorithm name. |
|
*/ |
|
CryptoPermission(String alg) { |
|
super(null); |
|
this.alg = alg; |
|
} |
|
/** |
|
* Constructor that takes an algorithm name and a maximum |
|
* key size. |
|
* |
|
* This constructor implies that the given algorithm can be |
|
* used with a key size up to <code>maxKeySize</code>. |
|
* |
|
* @param alg the algorithm name. |
|
* |
|
* @param maxKeySize the maximum allowable key size, |
|
* specified in number of bits. |
|
*/ |
|
CryptoPermission(String alg, int maxKeySize) { |
|
super(null); |
|
this.alg = alg; |
|
this.maxKeySize = maxKeySize; |
|
} |
|
/** |
|
* Constructor that takes an algorithm name, a maximum |
|
* key size, and an AlgorithmParameterSpec object. |
|
* |
|
* This constructor implies that the given algorithm can be |
|
* used with a key size up to <code>maxKeySize</code>, and |
|
* algorithm |
|
* parameters up to the limits set in <code>algParamSpec</code>. |
|
* |
|
* @param alg the algorithm name. |
|
* |
|
* @param maxKeySize the maximum allowable key size, |
|
* specified in number of bits. |
|
* |
|
* @param algParamSpec the limits for allowable algorithm |
|
* parameters. |
|
*/ |
|
CryptoPermission(String alg, |
|
int maxKeySize, |
|
AlgorithmParameterSpec algParamSpec) { |
|
super(null); |
|
this.alg = alg; |
|
this.maxKeySize = maxKeySize; |
|
this.checkParam = true; |
|
this.algParamSpec = algParamSpec; |
|
} |
|
/** |
|
* Constructor that takes an algorithm name and the name of |
|
* an exemption mechanism. |
|
* |
|
* This constructor implies that the given algorithm can be |
|
* used without any key size or algorithm parameter restrictions |
|
* provided that the specified exemption mechanism is enforced. |
|
* |
|
* @param alg the algorithm name. |
|
* |
|
* @param exemptionMechanism the name of the exemption mechanism. |
|
*/ |
|
CryptoPermission(String alg, |
|
String exemptionMechanism) { |
|
super(null); |
|
this.alg = alg; |
|
this.exemptionMechanism = exemptionMechanism; |
|
} |
|
/** |
|
* Constructor that takes an algorithm name, a maximum key |
|
* size, and the name of an exemption mechanism. |
|
* |
|
* This constructor implies that the given algorithm can be |
|
* used with a key size up to <code>maxKeySize</code> |
|
* provided that the |
|
* specified exemption mechanism is enforced. |
|
* |
|
* @param alg the algorithm name. |
|
* @param maxKeySize the maximum allowable key size, |
|
* specified in number of bits. |
|
* @param exemptionMechanism the name of the exemption |
|
* mechanism. |
|
*/ |
|
CryptoPermission(String alg, |
|
int maxKeySize, |
|
String exemptionMechanism) { |
|
super(null); |
|
this.alg = alg; |
|
this.exemptionMechanism = exemptionMechanism; |
|
this.maxKeySize = maxKeySize; |
|
} |
|
/** |
|
* Constructor that takes an algorithm name, a maximum key |
|
* size, the name of an exemption mechanism, and an |
|
* AlgorithmParameterSpec object. |
|
* |
|
* This constructor implies that the given algorithm can be |
|
* used with a key size up to <code>maxKeySize</code> |
|
* and algorithm |
|
* parameters up to the limits set in <code>algParamSpec</code> |
|
* provided that |
|
* the specified exemption mechanism is enforced. |
|
* |
|
* @param alg the algorithm name. |
|
* @param maxKeySize the maximum allowable key size, |
|
* specified in number of bits. |
|
* @param algParamSpec the limit for allowable algorithm |
|
* parameter spec. |
|
* @param exemptionMechanism the name of the exemption |
|
* mechanism. |
|
*/ |
|
CryptoPermission(String alg, |
|
int maxKeySize, |
|
AlgorithmParameterSpec algParamSpec, |
|
String exemptionMechanism) { |
|
super(null); |
|
this.alg = alg; |
|
this.exemptionMechanism = exemptionMechanism; |
|
this.maxKeySize = maxKeySize; |
|
this.checkParam = true; |
|
this.algParamSpec = algParamSpec; |
|
} |
|
/** |
|
* Checks if the specified permission is "implied" by |
|
* this object. |
|
* <p> |
|
* More specifically, this method returns true if: |
|
* <ul> |
|
* <li> <i>p</i> is an instance of CryptoPermission, and</li> |
|
* <li> <i>p</i>'s algorithm name equals or (in the case of wildcards) |
|
* is implied by this permission's algorithm name, and</li> |
|
* <li> <i>p</i>'s maximum allowable key size is less or |
|
* equal to this permission's maximum allowable key size, and</li> |
|
* <li> <i>p</i>'s algorithm parameter spec equals or is |
|
* implied by this permission's algorithm parameter spec, and</li> |
|
* <li> <i>p</i>'s exemptionMechanism equals or |
|
* is implied by this permission's |
|
* exemptionMechanism (a <code>null</code> exemption mechanism |
|
* implies any other exemption mechanism).</li> |
|
* </ul> |
|
* |
|
* @param p the permission to check against. |
|
* |
|
* @return true if the specified permission is equal to or |
|
* implied by this permission, false otherwise. |
|
*/ |
|
public boolean implies(Permission p) { |
|
if (!(p instanceof CryptoPermission)) |
|
return false; |
|
CryptoPermission cp = (CryptoPermission)p; |
|
if ((!alg.equalsIgnoreCase(cp.alg)) && |
|
(!alg.equalsIgnoreCase(ALG_NAME_WILDCARD))) { |
|
return false; |
|
} |
|
// alg is the same as cp's alg or |
|
// alg is a wildcard. |
|
if (cp.maxKeySize <= this.maxKeySize) { |
|
// check algParamSpec. |
|
if (!impliesParameterSpec(cp.checkParam, cp.algParamSpec)) { |
|
return false; |
|
} |
|
// check exemptionMechanism. |
|
if (impliesExemptionMechanism(cp.exemptionMechanism)) { |
|
return true; |
|
} |
|
} |
|
return false; |
|
} |
|
/** |
|
* Checks two CryptoPermission objects for equality. Checks that |
|
* <code>obj</code> is a CryptoPermission, and has the same |
|
* algorithm name, |
|
* exemption mechanism name, maximum allowable key size and |
|
* algorithm parameter spec |
|
* as this object. |
|
* <P> |
|
* @param obj the object to test for equality with this object. |
|
* @return true if <code>obj</code> is equal to this object. |
|
*/ |
|
public boolean equals(Object obj) { |
|
if (obj == this) |
|
return true; |
|
if (!(obj instanceof CryptoPermission)) |
|
return false; |
|
CryptoPermission that = (CryptoPermission) obj; |
|
if (!(alg.equalsIgnoreCase(that.alg)) || |
|
(maxKeySize != that.maxKeySize)) { |
|
return false; |
|
} |
|
if (this.checkParam != that.checkParam) { |
|
return false; |
|
} |
|
return (equalObjects(this.exemptionMechanism, |
|
that.exemptionMechanism) && |
|
equalObjects(this.algParamSpec, |
|
that.algParamSpec)); |
|
} |
|
/** |
|
* Returns the hash code value for this object. |
|
* |
|
* @return a hash code value for this object. |
|
*/ |
|
public int hashCode() { |
|
int retval = alg.hashCode(); |
|
retval ^= maxKeySize; |
|
if (exemptionMechanism != null) { |
|
retval ^= exemptionMechanism.hashCode(); |
|
} |
|
if (checkParam) retval ^= 100; |
|
if (algParamSpec != null) { |
|
retval ^= algParamSpec.hashCode(); |
|
} |
|
return retval; |
|
} |
|
/** |
|
* There is no action defined for a CryptoPermission |
|
* onject. |
|
*/ |
|
public String getActions() |
|
{ |
|
return null; |
|
} |
|
/** |
|
* Returns a new PermissionCollection object for storing |
|
* CryptoPermission objects. |
|
* |
|
* @return a new PermissionCollection object suitable for storing |
|
* CryptoPermissions. |
|
*/ |
|
public PermissionCollection newPermissionCollection() { |
|
return new CryptoPermissionCollection(); |
|
} |
|
/** |
|
* Returns the algorithm name associated with |
|
* this CryptoPermission object. |
|
*/ |
|
final String getAlgorithm() { |
|
return alg; |
|
} |
|
/** |
|
* Returns the exemption mechanism name |
|
* associated with this CryptoPermission |
|
* object. |
|
*/ |
|
final String getExemptionMechanism() { |
|
return exemptionMechanism; |
|
} |
|
/** |
|
* Returns the maximum allowable key size associated |
|
* with this CryptoPermission object. |
|
*/ |
|
final int getMaxKeySize() { |
|
return maxKeySize; |
|
} |
|
/** |
|
* Returns true if there is a limitation on the |
|
* AlgorithmParameterSpec associated with this |
|
* CryptoPermission object and false if otherwise. |
|
*/ |
|
final boolean getCheckParam() { |
|
return checkParam; |
|
} |
|
/** |
|
* Returns the AlgorithmParameterSpec |
|
* associated with this CryptoPermission |
|
* object. |
|
*/ |
|
final AlgorithmParameterSpec getAlgorithmParameterSpec() { |
|
return algParamSpec; |
|
} |
|
/** |
|
* Returns a string describing this CryptoPermission. The convention is to |
|
* specify the class name, the algorithm name, the maximum allowable |
|
* key size, and the name of the exemption mechanism, in the following |
|
* format: '("ClassName" "algorithm" "keysize" "exemption_mechanism")'. |
|
* |
|
* @return information about this CryptoPermission. |
|
*/ |
|
public String toString() { |
|
StringBuilder buf = new StringBuilder(100); |
|
buf.append("(CryptoPermission " + alg + " " + maxKeySize); |
|
if (algParamSpec != null) { |
|
if (algParamSpec instanceof RC2ParameterSpec) { |
|
buf.append(" , effective " + |
|
((RC2ParameterSpec)algParamSpec).getEffectiveKeyBits()); |
|
} else if (algParamSpec instanceof RC5ParameterSpec) { |
|
buf.append(" , rounds " + |
|
((RC5ParameterSpec)algParamSpec).getRounds()); |
|
} |
|
} |
|
if (exemptionMechanism != null) { // OPTIONAL |
|
buf.append(" " + exemptionMechanism); |
|
} |
|
buf.append(")"); |
|
return buf.toString(); |
|
} |
|
private boolean impliesExemptionMechanism(String exemptionMechanism) { |
|
if (this.exemptionMechanism == null) { |
|
return true; |
|
} |
|
if (exemptionMechanism == null) { |
|
return false; |
|
} |
|
if (this.exemptionMechanism.equals(exemptionMechanism)) { |
|
return true; |
|
} |
|
return false; |
|
} |
|
private boolean impliesParameterSpec(boolean checkParam, |
|
AlgorithmParameterSpec algParamSpec) { |
|
if ((this.checkParam) && checkParam) { |
|
if (algParamSpec == null) { |
|
return true; |
|
} else if (this.algParamSpec == null) { |
|
return false; |
|
} |
|
if (this.algParamSpec.getClass() != algParamSpec.getClass()) { |
|
return false; |
|
} |
|
if (algParamSpec instanceof RC2ParameterSpec) { |
|
if (((RC2ParameterSpec)algParamSpec).getEffectiveKeyBits() <= |
|
((RC2ParameterSpec) |
|
(this.algParamSpec)).getEffectiveKeyBits()) { |
|
return true; |
|
} |
|
} |
|
if (algParamSpec instanceof RC5ParameterSpec) { |
|
if (((RC5ParameterSpec)algParamSpec).getRounds() <= |
|
((RC5ParameterSpec)this.algParamSpec).getRounds()) { |
|
return true; |
|
} |
|
} |
|
if (algParamSpec instanceof PBEParameterSpec) { |
|
if (((PBEParameterSpec)algParamSpec).getIterationCount() <= |
|
((PBEParameterSpec)this.algParamSpec).getIterationCount()) { |
|
return true; |
|
} |
|
} |
|
// For classes we don't know, the following |
|
// may be the best try. |
|
if (this.algParamSpec.equals(algParamSpec)) { |
|
return true; |
|
} |
|
return false; |
|
} else if (this.checkParam) { |
|
return false; |
|
} else { |
|
return true; |
|
} |
|
} |
|
private boolean equalObjects(Object obj1, Object obj2) { |
|
if (obj1 == null) { |
|
return (obj2 == null ? true : false); |
|
} |
|
return obj1.equals(obj2); |
|
} |
|
} |
|
/** |
|
* A CryptoPermissionCollection stores a set of CryptoPermission |
|
* permissions. |
|
* |
|
* @see java.security.Permission |
|
* @see java.security.Permissions |
|
* @see java.security.PermissionCollection |
|
* |
|
* @author Sharon Liu |
|
*/ |
|
final class CryptoPermissionCollection extends PermissionCollection |
|
implements Serializable |
|
{ |
|
private static final long serialVersionUID = -511215555898802763L; |
|
private Vector<Permission> permissions; |
|
/** |
|
* Creates an empty CryptoPermissionCollection |
|
* object. |
|
*/ |
|
CryptoPermissionCollection() { |
|
permissions = new Vector<Permission>(3); |
|
} |
|
/** |
|
* Adds a permission to the CryptoPermissionCollection. |
|
* |
|
* @param permission the Permission object to add. |
|
* |
|
* @exception SecurityException - if this CryptoPermissionCollection |
|
* object has been marked <i>readOnly</i>. |
|
*/ |
|
public void add(Permission permission) { |
|
if (isReadOnly()) |
|
throw new SecurityException("attempt to add a Permission " + |
|
"to a readonly PermissionCollection"); |
|
if (!(permission instanceof CryptoPermission)) |
|
return; |
|
permissions.addElement(permission); |
|
} |
|
/** |
|
* Check and see if this CryptoPermission object implies |
|
* the given Permission object. |
|
* |
|
* @param permission the Permission object to compare |
|
* |
|
* @return true if the given permission is implied by this |
|
* CryptoPermissionCollection, false if not. |
|
*/ |
|
public boolean implies(Permission permission) { |
|
if (!(permission instanceof CryptoPermission)) |
|
return false; |
|
CryptoPermission cp = (CryptoPermission)permission; |
|
Enumeration<Permission> e = permissions.elements(); |
|
while (e.hasMoreElements()) { |
|
CryptoPermission x = (CryptoPermission) e.nextElement(); |
|
if (x.implies(cp)) { |
|
return true; |
|
} |
|
} |
|
return false; |
|
} |
|
/** |
|
* Returns an enumeration of all the CryptoPermission objects |
|
* in the container. |
|
* |
|
* @return an enumeration of all the CryptoPermission objects. |
|
*/ |
|
public Enumeration<Permission> elements() { |
|
return permissions.elements(); |
|
} |
|
} |