001/* PrivateCredentialPermission.java -- permissions governing private credentials.
002   Copyright (C) 2004 Free Software Foundation, Inc.
003
004This file is part of GNU Classpath.
005
006GNU Classpath is free software; you can redistribute it and/or modify
007it under the terms of the GNU General Public License as published by
008the Free Software Foundation; either version 2, or (at your option)
009any later version.
010
011GNU Classpath is distributed in the hope that it will be useful, but
012WITHOUT ANY WARRANTY; without even the implied warranty of
013MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014General Public License for more details.
015
016You should have received a copy of the GNU General Public License
017along with GNU Classpath; see the file COPYING.  If not, write to the
018Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
01902110-1301 USA.
020
021Linking this library statically or dynamically with other modules is
022making a combined work based on this library.  Thus, the terms and
023conditions of the GNU General Public License cover the whole
024combination.
025
026As a special exception, the copyright holders of this library give you
027permission to link this library with independent modules to produce an
028executable, regardless of the license terms of these independent
029modules, and to copy and distribute the resulting executable under
030terms of your choice, provided that you also meet, for each linked
031independent module, the terms and conditions of the license of that
032module.  An independent module is a module which is not derived from
033or based on this library.  If you modify this library, you may extend
034this exception to your version of the library, but you are not
035obligated to do so.  If you do not wish to do so, delete this
036exception statement from your version. */
037
038
039package javax.security.auth;
040
041import java.io.Serializable;
042
043import java.security.Permission;
044import java.security.PermissionCollection;
045
046import java.util.HashSet;
047import java.util.Iterator;
048import java.util.Set;
049import java.util.StringTokenizer;
050
051/**
052 * A permission governing access to a private credential. The action of this
053 * permission is always "read" -- meaning that the private credential
054 * information can be read from an object.
055 *
056 * <p>The target of this permission is formatted as follows:</p>
057 *
058 * <p><code>CredentialClassName ( PrinicpalClassName PrincipalName )*</code></p>
059 *
060 * <p><i>CredentialClassName</i> is either the name of a private credential
061 * class name, or a wildcard character (<code>'*'</code>).
062 * <i>PrinicpalClassName</i> is the class name of a principal object, and
063 * <i>PrincipalName</i> is a string representing the principal, or the
064 * wildcard character.</p>
065 */
066public final class PrivateCredentialPermission extends Permission
067  implements Serializable
068{
069  /**
070   * For compatability with Sun's JDK 1.4.2 rev. 5
071   */
072  private static final long serialVersionUID = 5284372143517237068L;
073
074  // Fields.
075  // -------------------------------------------------------------------------
076
077  /**
078   * @serial The credential class name.
079   */
080  private final String credentialClass;
081
082  /**
083   * @serial The principals, a set of CredOwner objects (an undocumented
084   *  inner class of this class).
085   */
086  private final Set principals;
087
088  /**
089   * @serial Who knows?
090   */
091  private final boolean testing;
092
093  // Constructor.
094  // -------------------------------------------------------------------------
095
096  /**
097   * Create a new private credential permission.
098   *
099   * @param name The permission target name.
100   * @param actions The list of actions, which, for this class, must be
101   *  <code>"read"</code>.
102   */
103  public PrivateCredentialPermission (final String name, String actions)
104  {
105    super(name);
106    actions = actions.trim().toLowerCase();
107    if (!"read".equals (actions))
108      {
109        throw new IllegalArgumentException("actions must be \"read\"");
110      }
111    StringTokenizer st = new StringTokenizer (name, " \"'");
112    principals = new HashSet();
113    if (st.countTokens() < 3 || (st.countTokens() & 1) == 0)
114      {
115        throw new IllegalArgumentException ("badly formed credential name");
116      }
117    credentialClass = st.nextToken();
118    while (st.hasMoreTokens())
119      {
120        principals.add (new CredOwner (st.nextToken(), st.nextToken()));
121      }
122    testing = false; // WTF ever.
123  }
124
125  // Instance methods.
126  // -------------------------------------------------------------------------
127
128  public boolean equals (Object o)
129  {
130    if (! (o instanceof PrivateCredentialPermission))
131      {
132        return false;
133      }
134    PrivateCredentialPermission that = (PrivateCredentialPermission) o;
135    if (!that.getActions().equals (getActions()))
136      {
137        return false;
138      }
139    if (!that.getCredentialClass().equals (getCredentialClass()))
140      {
141        return false;
142      }
143
144    final String[][] principals = getPrincipals();
145    final String[][] that_principals = that.getPrincipals();
146    if (that_principals == null)
147      {
148        return false;
149      }
150    if (that_principals.length != principals.length)
151      {
152        return false;
153      }
154    for (int i = 0; i < principals.length; i++)
155      {
156        if (!principals[i][0].equals (that_principals[i][0]) ||
157            !principals[i][1].equals (that_principals[i][1]))
158          {
159            return false;
160          }
161      }
162    return true;
163  }
164
165  /**
166   * Returns the actions this permission encompasses. For private credential
167   * permissions, this is always the string <code>"read"</code>.
168   *
169   * @return The list of actions.
170   */
171  public String getActions()
172  {
173    return "read";
174  }
175
176  /**
177   * Returns the credential class name that was embedded in this permission's
178   * target name.
179   *
180   * @return The credential class name.
181   */
182  public String getCredentialClass()
183  {
184    return credentialClass;
185  }
186
187  /**
188   * Returns the principal list that was embedded in this permission's target
189   * name.
190   *
191   * <p>Each element of the returned array is a pair; the first element is the
192   * principal class name, and the second is the principal name.
193   *
194   * @return The principal list.
195   */
196  public String[][] getPrincipals()
197  {
198    String[][] ret = new String[principals.size()][];
199    Iterator it = principals.iterator();
200    for (int i = 0; i < principals.size() && it.hasNext(); i++)
201      {
202        CredOwner co = (CredOwner) it.next();
203        ret[i] = new String[] { co.getPrincipalClass(), co.getPrincipalName() };
204      }
205    return ret;
206  }
207
208  public int hashCode()
209  {
210    return credentialClass.hashCode() + principals.hashCode();
211  }
212
213  /**
214   * Test if this permission implies another. This method returns true if:
215   *
216   * <ol>
217   * <li><i>p</i> is an instance of PrivateCredentialPermission</li>.
218   * <li>The credential class name of this instance matches that of <i>p</i>,
219   * and one of the principals of <i>p</i> is contained in the principals of
220   * this class. Thus,
221   *   <ul>
222   *   <li><code>[ * P "foo" ]  implies [ C P "foo" ]</code></li>
223   *   <li><code>[ C P1 "foo" ] implies [ C P1 "foo" P2 "bar" ]</code></li>
224   *   <li><code>[ C P1 "*" ]   implies [ C P1 "foo" ]</code></li>
225   *   </ul>
226   * </ol>
227   *
228   * @param p The permission to check.
229   * @return True if this permission implies <i>p</i>.
230   */
231  public boolean implies (Permission p)
232  {
233    if (! (p instanceof PrivateCredentialPermission))
234      {
235        return false;
236      }
237    PrivateCredentialPermission that = (PrivateCredentialPermission) p;
238    if (!credentialClass.equals ("*")
239        && !credentialClass.equals (that.getCredentialClass()))
240      {
241        return false;
242      }
243    String[][] principals = getPrincipals();
244    String[][] that_principals = that.getPrincipals();
245    if (that_principals == null)
246      {
247        return false;
248      }
249    for (int i = 0; i < principals.length; i++)
250      {
251        for (int j = 0; j < that_principals.length; j++)
252          {
253            if (principals[i][0].equals (that_principals[j][0]) &&
254                (principals[i][1].equals ("*") ||
255                 principals[i][1].equals (that_principals[j][1])))
256              {
257                return true;
258              }
259          }
260      }
261    return false;
262  }
263
264  /**
265   * This method is not necessary for this class, thus it always returns null.
266   *
267   * @return null.
268   */
269  public PermissionCollection newPermissionCollection()
270  {
271    return null;
272  }
273
274  // Inner class.
275  // -------------------------------------------------------------------------
276
277  /**
278   * An undocumented inner class present for serialization compatibility.
279   */
280  private static class CredOwner implements Serializable
281  {
282
283    // Fields.
284    // -----------------------------------------------------------------------
285
286    private final String principalClass;
287    private final String principalName;
288
289    // Constructor.
290    // -----------------------------------------------------------------------
291
292    CredOwner (final String principalClass, final String principalName)
293    {
294      this.principalClass = principalClass;
295      this.principalName = principalName;
296    }
297
298    // Instance methods.
299    // -----------------------------------------------------------------------
300
301    public boolean equals (Object o)
302    {
303      if (!(o instanceof CredOwner))
304        {
305          return false;
306        }
307      return principalClass.equals (((CredOwner) o).getPrincipalClass()) &&
308        principalName.equals (((CredOwner) o).getPrincipalName());
309    }
310
311    public int hashCode()
312    {
313      return principalClass.hashCode() + principalName.hashCode();
314    }
315
316    public String getPrincipalClass()
317    {
318      return principalClass;
319    }
320
321    public String getPrincipalName()
322    {
323      return principalName;
324    }
325  }
326}