|
|||||||||||||||||||
| 30 day Evaluation Version distributed via the Maven Jar Repository. Clover is not free. You have 30 days to evaluate it. Please visit http://www.thecortex.net/clover to obtain a licensed version of Clover | |||||||||||||||||||
| Source file | Conditionals | Statements | Methods | TOTAL | |||||||||||||||
| PolicyVerifier.java | 0% | 0% | 0% | 0% |
|
||||||||||||||
| 1 |
/*
|
|
| 2 |
* Copyright (C) The Spice Group. All rights reserved.
|
|
| 3 |
*
|
|
| 4 |
* This software is published under the terms of the Spice
|
|
| 5 |
* Software License version 1.1, a copy of which has been included
|
|
| 6 |
* with this distribution in the LICENSE.txt file.
|
|
| 7 |
*/
|
|
| 8 |
package org.codehaus.spice.xmlpolicy.verifier;
|
|
| 9 |
|
|
| 10 |
import org.codehaus.spice.xmlpolicy.metadata.GrantMetaData;
|
|
| 11 |
import org.codehaus.spice.xmlpolicy.metadata.KeyStoreMetaData;
|
|
| 12 |
import org.codehaus.spice.xmlpolicy.metadata.PermissionMetaData;
|
|
| 13 |
import org.codehaus.spice.xmlpolicy.metadata.PolicyMetaData;
|
|
| 14 |
import org.codehaus.spice.salt.i18n.Resources;
|
|
| 15 |
import org.codehaus.spice.salt.i18n.ResourceManager;
|
|
| 16 |
|
|
| 17 |
/**
|
|
| 18 |
* Verify Policy set is valid. Validity is defined as
|
|
| 19 |
* <ul>
|
|
| 20 |
* <li>All KeyStore names should be defined starting with
|
|
| 21 |
* letters or '_' and then continuing with Alpha-Numeric
|
|
| 22 |
* characters, '-', '.' or '_'.</li>
|
|
| 23 |
* <li>If signedBy is specified then keystore is specified
|
|
| 24 |
* for both grants and permissions.</li>
|
|
| 25 |
* <li>That any keystore names used by grant or permission
|
|
| 26 |
* reference actual keystores.</li>
|
|
| 27 |
* <li>If target is null then actions is null.</li>
|
|
| 28 |
* </ul>
|
|
| 29 |
*
|
|
| 30 |
* @author Peter Donald
|
|
| 31 |
* @version $Revision: 1.1 $ $Date: 2003/12/02 09:16:07 $
|
|
| 32 |
*/
|
|
| 33 |
public class PolicyVerifier |
|
| 34 |
{
|
|
| 35 |
private final static Resources REZ = |
|
| 36 |
ResourceManager.getPackageResources( PolicyVerifier.class );
|
|
| 37 |
|
|
| 38 | 0 |
public void verifyPolicy( final PolicyMetaData policy ) |
| 39 |
throws Exception
|
|
| 40 |
{
|
|
| 41 | 0 |
String message = null;
|
| 42 |
|
|
| 43 | 0 |
message = REZ.getString( "valid-names.notice" );
|
| 44 | 0 |
info( message ); |
| 45 | 0 |
verifyNames( policy ); |
| 46 |
|
|
| 47 | 0 |
message = REZ.getString( "valid-keyStoreReferences.notice" );
|
| 48 | 0 |
info( message ); |
| 49 | 0 |
verifyKeyStoreReferences( policy ); |
| 50 |
|
|
| 51 | 0 |
message = REZ.getString( "valid-actions.notice" );
|
| 52 | 0 |
info( message ); |
| 53 | 0 |
verifyActions( policy ); |
| 54 |
} |
|
| 55 |
|
|
| 56 |
/**
|
|
| 57 |
* Log an informational message.
|
|
| 58 |
* Sub-classes should overide this.
|
|
| 59 |
*
|
|
| 60 |
* @param message the message
|
|
| 61 |
*/
|
|
| 62 | 0 |
protected void info( final String message ) |
| 63 |
{
|
|
| 64 |
//noop
|
|
| 65 |
} |
|
| 66 |
|
|
| 67 |
/**
|
|
| 68 |
* Verify that all the keystores have valid names.
|
|
| 69 |
*
|
|
| 70 |
* @throws Exception if validity check fails
|
|
| 71 |
*/
|
|
| 72 | 0 |
private void verifyNames( final PolicyMetaData policy ) |
| 73 |
throws Exception
|
|
| 74 |
{
|
|
| 75 | 0 |
final KeyStoreMetaData[] keyStores = policy.getKeyStores(); |
| 76 | 0 |
for( int i = 0; i < keyStores.length; i++ ) |
| 77 |
{
|
|
| 78 | 0 |
final String name = keyStores[ i ].getName(); |
| 79 | 0 |
verifyName( name ); |
| 80 |
} |
|
| 81 |
} |
|
| 82 |
|
|
| 83 |
/**
|
|
| 84 |
* Verify that each reference to a keystore is valid.
|
|
| 85 |
*
|
|
| 86 |
* @throws Exception if validity check fails
|
|
| 87 |
*/
|
|
| 88 | 0 |
private void verifyKeyStoreReferences( final PolicyMetaData policy ) |
| 89 |
throws Exception
|
|
| 90 |
{
|
|
| 91 | 0 |
final GrantMetaData[] grants = policy.getGrants(); |
| 92 | 0 |
for( int i = 0; i < grants.length; i++ ) |
| 93 |
{
|
|
| 94 | 0 |
verifyKeyStore( policy, grants[ i ] ); |
| 95 |
} |
|
| 96 |
} |
|
| 97 |
|
|
| 98 |
/**
|
|
| 99 |
* Verify that each reference to a keystore is valid.
|
|
| 100 |
*
|
|
| 101 |
* @throws Exception if validity check fails
|
|
| 102 |
*/
|
|
| 103 | 0 |
private void verifyKeyStore( final PolicyMetaData policy, |
| 104 |
final GrantMetaData grant ) |
|
| 105 |
throws Exception
|
|
| 106 |
{
|
|
| 107 | 0 |
verifyKeyStoreReference( policy, grant.getKeyStore() ); |
| 108 | 0 |
final PermissionMetaData[] permissions = grant.getPermissions(); |
| 109 | 0 |
for( int j = 0; j < permissions.length; j++ ) |
| 110 |
{
|
|
| 111 | 0 |
final PermissionMetaData permission = permissions[ j ]; |
| 112 | 0 |
verifyKeyStoreReference( policy, permission.getKeyStore() ); |
| 113 |
} |
|
| 114 |
} |
|
| 115 |
|
|
| 116 |
/**
|
|
| 117 |
* Verify that each reference to a keystore is valid.
|
|
| 118 |
*
|
|
| 119 |
* @throws Exception if validity check fails
|
|
| 120 |
*/
|
|
| 121 | 0 |
private void verifyKeyStoreReference( final PolicyMetaData policy, |
| 122 |
final String keyStoreName ) |
|
| 123 |
throws Exception
|
|
| 124 |
{
|
|
| 125 |
//Ignore keystores that are not specified
|
|
| 126 | 0 |
if( null == keyStoreName ) |
| 127 |
{
|
|
| 128 | 0 |
return;
|
| 129 |
} |
|
| 130 | 0 |
final KeyStoreMetaData[] keyStores = policy.getKeyStores(); |
| 131 | 0 |
for( int i = 0; i < keyStores.length; i++ ) |
| 132 |
{
|
|
| 133 | 0 |
final KeyStoreMetaData keyStore = keyStores[ i ]; |
| 134 | 0 |
if( keyStore.getName().equals( keyStoreName ) )
|
| 135 |
{
|
|
| 136 | 0 |
return;
|
| 137 |
} |
|
| 138 |
} |
|
| 139 |
|
|
| 140 | 0 |
final String message = |
| 141 |
REZ.format( "bad-keystore-reference.error",
|
|
| 142 |
keyStoreName ); |
|
| 143 | 0 |
throw new Exception( message ); |
| 144 |
} |
|
| 145 |
|
|
| 146 |
/**
|
|
| 147 |
* Verify that all the classloaders have valid names.
|
|
| 148 |
*
|
|
| 149 |
* @throws Exception if validity check fails
|
|
| 150 |
*/
|
|
| 151 | 0 |
private void verifyName( final String name ) |
| 152 |
throws Exception
|
|
| 153 |
{
|
|
| 154 | 0 |
final int size = name.length();
|
| 155 | 0 |
if( 0 == size )
|
| 156 |
{
|
|
| 157 | 0 |
final String message = |
| 158 |
REZ.format( "empty-name.error",
|
|
| 159 |
name ); |
|
| 160 | 0 |
throw new Exception( message ); |
| 161 |
} |
|
| 162 | 0 |
final char ch = name.charAt( 0 );
|
| 163 | 0 |
if( !Character.isLetter( ch ) &&
|
| 164 |
'_' != ch ) |
|
| 165 |
{
|
|
| 166 | 0 |
final String message = |
| 167 |
REZ.format( "name-invalid-start.error",
|
|
| 168 |
name ); |
|
| 169 | 0 |
throw new Exception( message ); |
| 170 |
} |
|
| 171 |
|
|
| 172 | 0 |
for( int i = 1; i < size; i++ ) |
| 173 |
{
|
|
| 174 | 0 |
final char c = name.charAt( i );
|
| 175 | 0 |
if( !Character.isLetterOrDigit( c ) &&
|
| 176 |
'_' != c && |
|
| 177 |
'-' != c && |
|
| 178 |
'.' != c ) |
|
| 179 |
{
|
|
| 180 | 0 |
final String message = |
| 181 |
REZ.format( "name-invalid-char.error",
|
|
| 182 |
name, |
|
| 183 |
String.valueOf( c ) ); |
|
| 184 | 0 |
throw new Exception( message ); |
| 185 |
} |
|
| 186 |
} |
|
| 187 |
} |
|
| 188 |
|
|
| 189 |
/**
|
|
| 190 |
* Verify that an action is null if a target is null.
|
|
| 191 |
*
|
|
| 192 |
* @throws Exception if validity check fails
|
|
| 193 |
*/
|
|
| 194 | 0 |
private void verifyActions( final PolicyMetaData policy ) |
| 195 |
throws Exception
|
|
| 196 |
{
|
|
| 197 | 0 |
final GrantMetaData[] grants = policy.getGrants(); |
| 198 | 0 |
for( int i = 0; i < grants.length; i++ ) |
| 199 |
{
|
|
| 200 | 0 |
final GrantMetaData grant = grants[ i ]; |
| 201 | 0 |
final PermissionMetaData[] permissions = grant.getPermissions(); |
| 202 | 0 |
for( int j = 0; j < permissions.length; j++ ) |
| 203 |
{
|
|
| 204 | 0 |
final PermissionMetaData permission = permissions[ j ]; |
| 205 | 0 |
final String target = permission.getTarget(); |
| 206 | 0 |
final String action = permission.getAction(); |
| 207 | 0 |
if( null == target && null != action ) |
| 208 |
{
|
|
| 209 | 0 |
final String message = |
| 210 |
REZ.format( "permission-missing-action.error",
|
|
| 211 |
grant.getCodebase(), |
|
| 212 |
permission.getClassname() ); |
|
| 213 | 0 |
throw new Exception( message ); |
| 214 |
} |
|
| 215 |
} |
|
| 216 |
} |
|
| 217 |
} |
|
| 218 |
} |
|
| 219 |
|
|
||||||||||