8285662: Better permission resolution
Reviewed-by: rhalade, weijun, mullan
This commit is contained in:
Jamil Nimeh
Henry Jen
parent
ff1867438f
commit
48cc9a8717
@ -153,7 +153,7 @@ implements java.io.Serializable
|
||||
* Each chain is ordered bottom-to-top (i.e., with the signer certificate
|
||||
* first and the (root) certificate authority last). The signer
|
||||
* certificates are copied from the array. Subsequent changes to
|
||||
* the array will not affect this UnsolvedPermission.
|
||||
* the array will not affect this UnresolvedPermission.
|
||||
*/
|
||||
public UnresolvedPermission(String type,
|
||||
String name,
|
||||
@ -165,59 +165,63 @@ implements java.io.Serializable
|
||||
if (type == null)
|
||||
throw new NullPointerException("type can't be null");
|
||||
|
||||
// Perform a defensive copy and reassign certs if we have a non-null
|
||||
// reference
|
||||
if (certs != null) {
|
||||
certs = certs.clone();
|
||||
}
|
||||
|
||||
this.type = type;
|
||||
this.name = name;
|
||||
this.actions = actions;
|
||||
|
||||
if (certs != null) {
|
||||
// Extract the signer certs from the list of certificates.
|
||||
for (int i=0; i<certs.length; i++) {
|
||||
for (int i = 0; i < certs.length; i++) {
|
||||
if (!(certs[i] instanceof X509Certificate)) {
|
||||
// there is no concept of signer certs, so we store the
|
||||
// entire cert array
|
||||
this.certs = certs.clone();
|
||||
break;
|
||||
// entire cert array. No further processing is necessary.
|
||||
this.certs = certs;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (this.certs == null) {
|
||||
// Go through the list of certs and see if all the certs are
|
||||
// signer certs.
|
||||
int i = 0;
|
||||
int count = 0;
|
||||
while (i < certs.length) {
|
||||
count++;
|
||||
while (((i+1) < certs.length) &&
|
||||
((X509Certificate)certs[i]).getIssuerX500Principal().equals(
|
||||
((X509Certificate)certs[i+1]).getSubjectX500Principal())) {
|
||||
i++;
|
||||
}
|
||||
// Go through the list of certs and see if all the certs are
|
||||
// signer certs.
|
||||
int i = 0;
|
||||
int count = 0;
|
||||
while (i < certs.length) {
|
||||
count++;
|
||||
while (((i + 1) < certs.length) &&
|
||||
((X509Certificate)certs[i]).getIssuerX500Principal().equals(
|
||||
((X509Certificate)certs[i + 1]).getSubjectX500Principal())) {
|
||||
i++;
|
||||
}
|
||||
if (count == certs.length) {
|
||||
// All the certs are signer certs, so we store the entire
|
||||
// array
|
||||
this.certs = certs.clone();
|
||||
}
|
||||
|
||||
if (this.certs == null) {
|
||||
// extract the signer certs
|
||||
ArrayList<java.security.cert.Certificate> signerCerts =
|
||||
new ArrayList<>();
|
||||
i = 0;
|
||||
while (i < certs.length) {
|
||||
signerCerts.add(certs[i]);
|
||||
while (((i+1) < certs.length) &&
|
||||
((X509Certificate)certs[i]).getIssuerX500Principal().equals(
|
||||
((X509Certificate)certs[i+1]).getSubjectX500Principal())) {
|
||||
i++;
|
||||
}
|
||||
i++;
|
||||
}
|
||||
this.certs =
|
||||
new java.security.cert.Certificate[signerCerts.size()];
|
||||
signerCerts.toArray(this.certs);
|
||||
}
|
||||
i++;
|
||||
}
|
||||
if (count == certs.length) {
|
||||
// All the certs are signer certs, so we store the entire
|
||||
// array. No further processing is needed.
|
||||
this.certs = certs;
|
||||
return;
|
||||
}
|
||||
|
||||
// extract the signer certs
|
||||
ArrayList<java.security.cert.Certificate> signerCerts =
|
||||
new ArrayList<>();
|
||||
i = 0;
|
||||
while (i < certs.length) {
|
||||
signerCerts.add(certs[i]);
|
||||
while (((i + 1) < certs.length) &&
|
||||
((X509Certificate)certs[i]).getIssuerX500Principal().equals(
|
||||
((X509Certificate)certs[i + 1]).getSubjectX500Principal())) {
|
||||
i++;
|
||||
}
|
||||
i++;
|
||||
}
|
||||
this.certs =
|
||||
new java.security.cert.Certificate[signerCerts.size()];
|
||||
signerCerts.toArray(this.certs);
|
||||
}
|
||||
}
|
||||
|
||||
@ -310,6 +314,7 @@ implements java.io.Serializable
|
||||
*
|
||||
* @return {@code false}.
|
||||
*/
|
||||
@Override
|
||||
public boolean implies(Permission p) {
|
||||
return false;
|
||||
}
|
||||
@ -330,6 +335,7 @@ implements java.io.Serializable
|
||||
* and has the same type (class) name, permission name, actions, and
|
||||
* certificates as this object.
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
if (obj == this)
|
||||
return true;
|
||||
@ -402,7 +408,7 @@ implements java.io.Serializable
|
||||
*
|
||||
* @return a hash code value for this object.
|
||||
*/
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
int hash = type.hashCode();
|
||||
if (name != null)
|
||||
@ -422,6 +428,7 @@ implements java.io.Serializable
|
||||
*
|
||||
* @return the empty string "".
|
||||
*/
|
||||
@Override
|
||||
public String getActions()
|
||||
{
|
||||
return "";
|
||||
@ -491,6 +498,7 @@ implements java.io.Serializable
|
||||
*
|
||||
* @return information about this {@code UnresolvedPermission}.
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
return "(unresolved " + type + " " + name + " " + actions + ")";
|
||||
}
|
||||
@ -502,7 +510,7 @@ implements java.io.Serializable
|
||||
* @return a new PermissionCollection object suitable for
|
||||
* storing {@code UnresolvedPermissions}.
|
||||
*/
|
||||
|
||||
@Override
|
||||
public PermissionCollection newPermissionCollection() {
|
||||
return new UnresolvedPermissionCollection();
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user