/** * Copyright 2012 JogAmp Community. All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, are * permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, this list of * conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright notice, this list * of conditions and the following disclaimer in the documentation and/or other materials * provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY JogAmp Community ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JogAmp Community OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * The views and conclusions contained in the software and documentation are those of the * authors and should not be interpreted as representing official policies, either expressed * or implied, of JogAmp Community. */ package com.jogamp.common.util; import java.security.AllPermission; import java.security.CodeSource; import java.security.Permission; import java.security.PrivilegedAction; import java.security.ProtectionDomain; import java.security.cert.Certificate; import jogamp.common.os.PlatformPropsImpl; public class SecurityUtil { @SuppressWarnings("removal") private static final SecurityManager securityManager; private static final Permission allPermissions; private static final boolean DEBUG = false; /** * Call wrapper for {@link System#getSecurityManager()}. *

* {@link System#getSecurityManager()} is deprecated * since Java 17 (JEP 411) and earmarked to be removed.
*

*

* On a Java 17 machine, this method will simply return null. *

*/ @SuppressWarnings({ "deprecation", "removal" }) public static final SecurityManager getSecurityManager() { if( PlatformPropsImpl.JAVA_17 ) { return null; } else { return System.getSecurityManager(); } } /** * Call wrapper for {@link java.security.AccessController#doPrivileged(PrivilegedAction)}. *

* {@link java.security.AccessController#doPrivileged(PrivilegedAction)} is deprecated * since Java 17 (JEP 411) and earmarked to be removed.
*

*

* On a Java 17 machine, this method will simply invoke the given PrivilegedAction. *

* @param return type of PrivilegedAction * @param o the PrivilegedAction * @return the return type */ @SuppressWarnings({ "deprecation", "removal" }) public static T doPrivileged(final PrivilegedAction o) { if( PlatformPropsImpl.JAVA_17 ) { return o.run(); } else { return java.security.AccessController.doPrivileged( o ); } } static { allPermissions = new AllPermission(); securityManager = getSecurityManager(); if( DEBUG ) { final boolean hasAllPermissions; { final ProtectionDomain insecPD = doPrivileged(new PrivilegedAction() { @Override public ProtectionDomain run() { return SecurityUtil.class.getProtectionDomain(); } } ); boolean _hasAllPermissions; try { insecPD.implies(allPermissions); _hasAllPermissions = true; } catch( final SecurityException ace ) { _hasAllPermissions = false; } hasAllPermissions = _hasAllPermissions; } System.err.println("SecurityUtil: Has SecurityManager: "+ ( null != securityManager ) ) ; System.err.println("SecurityUtil: Has AllPermissions: "+hasAllPermissions); final Certificate[] certs = doPrivileged(new PrivilegedAction() { @Override public Certificate[] run() { return getCerts(SecurityUtil.class); } } ); System.err.println("SecurityUtil: Cert count: "+ ( null != certs ? certs.length : 0 )); if( null != certs ) { for(int i=0; itrue if no {@link SecurityManager} has been installed * or the installed {@link SecurityManager}'s checkPermission(new AllPermission()) * passes. Otherwise method returns false. */ public static final boolean hasAllPermissions() { return hasPermission(allPermissions); } /** * Returns true if no {@link SecurityManager} has been installed * or the installed {@link SecurityManager}'s checkPermission(perm) * passes. Otherwise method returns false. */ public static final boolean hasPermission(final Permission perm) { try { checkPermission(perm); return true; } catch( final SecurityException ace ) { return false; } } /** * Throws an {@link SecurityException} if an installed {@link SecurityManager} * does not permit the requested {@link AllPermission}. */ public static final void checkAllPermissions() throws SecurityException { checkPermission(allPermissions); } /** * Throws an {@link SecurityException} if an installed {@link SecurityManager} * does not permit the requested {@link Permission}. */ public static final void checkPermission(final Permission perm) throws SecurityException { if( null != securityManager ) { securityManager.checkPermission(perm); } } /** * Returns true if no {@link SecurityManager} has been installed * or the installed {@link SecurityManager}'s checkLink(libName) * passes. Otherwise method returns false. */ public static final boolean hasLinkPermission(final String libName) { try { checkLinkPermission(libName); return true; } catch( final SecurityException ace ) { return false; } } /** * Throws an {@link SecurityException} if an installed {@link SecurityManager} * does not permit to dynamically link the given libName. */ public static final void checkLinkPermission(final String libName) throws SecurityException { if( null != securityManager ) { securityManager.checkLink(libName); } } /** * Throws an {@link SecurityException} if an installed {@link SecurityManager} * does not permit to dynamically link to all libraries. */ public static final void checkAllLinkPermission() throws SecurityException { if( null != securityManager ) { securityManager.checkPermission(allLinkPermission); } } private static final RuntimePermission allLinkPermission = new RuntimePermission("loadLibrary.*"); /** * @param clz * @return * @throws SecurityException if the caller has no permission to access the ProtectedDomain of the given class. */ public static final Certificate[] getCerts(final Class clz) throws SecurityException { final ProtectionDomain pd = clz.getProtectionDomain(); final CodeSource cs = (null != pd) ? pd.getCodeSource() : null; final Certificate[] certs = (null != cs) ? cs.getCertificates() : null; return (null != certs && certs.length>0) ? certs : null; } public static final boolean equals(final Certificate[] a, final Certificate[] b) { if(a == b) { return true; } if(a==null || b==null) { return false; } if(a.length != b.length) { return false; } int i = 0; while( i < a.length && a[i].equals(b[i]) ) { i++; } return i == a.length; } }