SecurityUtil: Generalize cert validation and AccessControlContext query; PropertyAccess: Fix security code, grant access to common 'trusted' properties

- SecurityUtil - Generalize cert validation for JAR and property access - Grant access to common AccessControlContext for 'same' cert - PropertyAccess: - Fix security code: Passing the current AccessControlContext from the caller didn't include priviledges. - Grant access to common 'trusted' properties, which removes the need of passing the AccessControlContext for general properties like 'jnlp.', 'jogamp.' .. - Enable registering 'trusted' properties, when caller's cert is 'same'
author: Sven Gothel <[email protected]> 2012-03-13 19:56:54 +0100
committer: Sven Gothel <[email protected]> 2012-03-13 19:56:54 +0100
commit: f4ac27e177f6deb444280d3b375e7d343e38bd08 (patch)
tree: 5dc8835bd3fb47475219d71e278d622ef5742420 /src/java/com/jogamp/common/util/SecurityUtil.java
parent: bab77b637e7cdd327de5f66989fcbfc0298b9b88 (diff)
1 files changed, 92 insertions, 0 deletions
diff --git a/src/java/com/jogamp/common/util/SecurityUtil.java b/src/java/com/jogamp/common/util/SecurityUtil.java
new file mode 100644
index 0000000..4583201
--- /dev/null
+++ b/src/java/com/jogamp/common/util/SecurityUtil.java
@@ -0,0 +1,92 @@
+/**
+ * Copyright 2012 JogAmp Community. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are
+ * permitted provided that the following conditions are met:
+ * 
+ *    1. Redistributions of source code must retain the above copyright notice, this list of
+ *       conditions and the following disclaimer.
+ * 
+ *    2. Redistributions in binary form must reproduce the above copyright notice, this list
+ *       of conditions and the following disclaimer in the documentation and/or other materials
+ *       provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY JogAmp Community ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JogAmp Community OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * The views and conclusions contained in the software and documentation are those of the
+ * authors and should not be interpreted as representing official policies, either expressed
+ * or implied, of JogAmp Community.
+ */
+package com.jogamp.common.util;
+
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
+
+public class SecurityUtil {
+    /* package private */ static final AccessControlContext localACC;
+    /* package private */ static final Certificate[] localCerts;
+    
+    static {
+        localACC = AccessController.doPrivileged(new PrivilegedAction<AccessControlContext>() {
+                                public AccessControlContext run() { 
+                                    return AccessController.getContext(); 
+                                } } );        
+        localCerts = getCerts(SecurityUtil.class);
+    }
+    
+    public static final Certificate[] getCerts(final Class<?> clz) {
+        final ProtectionDomain pd = AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
+                                        public ProtectionDomain run() {
+                                            return clz.getProtectionDomain();
+                                        } } );                
+        final CodeSource cs = (null != pd) ? pd.getCodeSource() : null;
+        final Certificate[] certs = (null != cs) ? cs.getCertificates() : null;
+        return (null != certs && certs.length>0) ? certs : null;
+    }
+    
+    public static final boolean equals(Certificate[] a, Certificate[] b) {
+        if(a == b) {
+            return true;
+        }
+        if(a==null || b==null) {
+            return false;
+        }
+        if(a.length != b.length) {
+            return false;
+        }
+        
+        int i = 0;
+        while( i < a.length && a[i].equals(b[i]) ) {
+            i++;
+        }        
+        return i == a.length;
+    }
+    
+    public static final boolean equalsLocalCert(Certificate[] b) {
+        return equals(localCerts, b);
+    }
+    
+    public static final boolean equalsLocalCert(Class<?> clz) {
+        return equalsLocalCert(getCerts(clz));
+    }
+    
+    public static final AccessControlContext getCommonAccessControlContext(Class<?> clz) {
+        if(equalsLocalCert(clz)) {
+            return localACC;
+        } else {
+            return null;
+        }
+    }
+}
author	Sven Gothel <[email protected]>	2012-03-13 19:56:54 +0100
committer	Sven Gothel <[email protected]>	2012-03-13 19:56:54 +0100
commit	f4ac27e177f6deb444280d3b375e7d343e38bd08 (patch)
tree	5dc8835bd3fb47475219d71e278d622ef5742420 /src/java/com/jogamp/common/util/SecurityUtil.java
parent	bab77b637e7cdd327de5f66989fcbfc0298b9b88 (diff)