| java.lang.Object
 org.apache.harmony.security.fortress.DefaultPolicyParser
| DefaultPolicyParser | | public class DefaultPolicyParser (Code) | | This is a basic loader of policy files. It delegates lexical analysis to
a pluggable scanner and converts received tokens to a set of
org.apache.harmony.security.PolicyEntry PolicyEntries .
For details of policy format, see the
org.apache.harmony.security.DefaultPolicy default policy description .
For ordinary uses, this class has just one public method parse(),
which performs the main task.
Extensions of this parser may redefine specific operations separately,
by overriding corresponding protected methods.
This implementation is effectively thread-safe, as it has no field references
to data being processed (that is, passes all the data as method parameters).
See Also: org.apache.harmony.security.DefaultPolicy
See Also: org.apache.harmony.security.DefaultPolicyScanner
See Also: org.apache.harmony.security.PolicyEntry |
| Method Summary | |
| protected Principal | getPrincipalByAlias(KeyStore ks, String alias)
Returns a subject's X500Principal of an X509Certificate,
which is associated with the specified keystore alias. | | protected KeyStore | initKeyStore(List<KeystoreEntry> keystores, URL base, Properties system, boolean resolve)
Returns the first successfully loaded KeyStore, from the specified list of
possible locations. | | public Collection<PolicyEntry> | parse(URL location, Properties system)
This is the main business method. | | protected PolicyEntry | resolveGrant(DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system, boolean resolve)
Translates GrantEntry token to PolicyEntry object. | | protected Permission | resolvePermission(DefaultPolicyScanner.PermissionEntry pe, DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system, boolean resolve)
Translates PermissionEntry token to Permission object. | | protected Certificate[] | resolveSigners(KeyStore ks, String signers)
Takes a comma-separated list of aliases and obtains corresponding
certificates. |
| getPrincipalByAlias | | protected Principal getPrincipalByAlias(KeyStore ks, String alias) throws KeyStoreException, CertificateException(Code) | | Returns a subject's X500Principal of an X509Certificate,
which is associated with the specified keystore alias.
Parameters:
ks - KeyStore for resolving Certificate, may be null
Parameters:
alias - alias to a certificate X500Principal with a subject distinguished name
throws:
KeyStoreException - if KeyStore is null or if it failed to provide a certificate
throws:
CertificateException - if found certificate is not an X509Certificate |
| initKeyStore | | protected KeyStore initKeyStore(List<KeystoreEntry> keystores, URL base, Properties system, boolean resolve)(Code) | | Returns the first successfully loaded KeyStore, from the specified list of
possible locations. This method iterates over the list of KeystoreEntries;
for each entry expands url and type,
tries to construct instances of specified URL and KeyStore and to load
the keystore. If it is loaded, returns the keystore, otherwise proceeds to
the next KeystoreEntry.
Note: an url may be relative to the policy file location or absolute.
Parameters:
keystores - list of available KeystoreEntries
Parameters:
base - the policy file location
Parameters:
system - system properties, used for property expansion
Parameters:
resolve - flag enabling/disabling property expansion the first successfully loaded KeyStore or null |
| parse | | public Collection<PolicyEntry> parse(URL location, Properties system) throws Exception(Code) | | This is the main business method. It manages loading process as follows:
the associated scanner is used to parse the stream to a set of
org.apache.harmony.security.DefaultPolicyScanner.GrantEntry composite tokens ,
then this set is iterated and each token is translated to a PolicyEntry.
Semantically invalid tokens are ignored, the same as void PolicyEntries.
A policy file may refer to some KeyStore(s), and in this case the first
valid reference is initialized and used in processing tokens.
Parameters:
location - an URL of a policy file to be loaded
Parameters:
system - system properties, used for property expansion a collection of PolicyEntry objects, may be empty
throws:
Exception - IO error while reading location or file syntax error |
| resolveGrant | | protected PolicyEntry resolveGrant(DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system, boolean resolve) throws Exception(Code) | | Translates GrantEntry token to PolicyEntry object. It goes step by step,
trying to resolve each component of the GrantEntry:
- If
codebase is specified, expand it and construct an URL.
- If
signers is specified, expand it and obtain
corresponding Certificates.
- If
principals collection is specified, iterate over it.
For each PrincipalEntry, expand name and if no class specified,
resolve actual X500Principal from a KeyStore certificate; otherwise keep it
as UnresolvedPrincipal.
- Iterate over
permissions collection. For each PermissionEntry,
try to resolve (see method
DefaultPolicyParser.resolvePermission(DefaultPolicyScanner.PermissionEntry,DefaultPolicyScanner.GrantEntry,KeyStore,Properties,boolean) resolvePermission() )
a corresponding permission. If resolution failed, ignore the PermissionEntry.
In fact, property expansion in the steps above is conditional and is ruled by
the parameter resolve.
Finally a new PolicyEntry is created, which associates the trinity
of resolved URL, Certificates and Principals to a set of granted Permissions.
Parameters:
ge - GrantEntry token to be resolved
Parameters:
ks - KeyStore for resolving Certificates, may be null
Parameters:
system - system properties, used for property expansion
Parameters:
resolve - flag enabling/disabling property expansion resolved PolicyEntry
throws:
Exception - if unable to resolve codebase, signers or principals of the GrantEntry
See Also: DefaultPolicyScanner.PrincipalEntry
See Also: DefaultPolicyScanner.PermissionEntry
See Also: org.apache.harmony.security.PolicyUtils |
| resolvePermission | | protected Permission resolvePermission(DefaultPolicyScanner.PermissionEntry pe, DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system, boolean resolve) throws Exception(Code) | | Translates PermissionEntry token to Permission object.
First, it performs general expansion for non-null name and
properties expansion for non-null name, action
and signers.
Then, it obtains signing Certificates(if any), tries to find a class specified by
klass name and instantiate a corresponding permission object.
If class is not found or it is signed improperly, returns UnresolvedPermission.
Parameters:
pe - PermissionEntry token to be resolved
Parameters:
ge - parental GrantEntry of the PermissionEntry
Parameters:
ks - KeyStore for resolving Certificates, may be null
Parameters:
system - system properties, used for property expansion
Parameters:
resolve - flag enabling/disabling property expansion resolved Permission object, either of concrete class or UnresolvedPermission
throws:
Exception - if failed to expand properties, or to get a Certificate, or to create an instance of a successfully found class |
| resolveSigners | | protected Certificate[] resolveSigners(KeyStore ks, String signers) throws Exception(Code) | | Takes a comma-separated list of aliases and obtains corresponding
certificates.
Parameters:
ks - KeyStore for resolving Certificates, may be null
Parameters:
signers - comma-separated list of certificate aliases, must be not null an array of signing Certificates
throws:
Exception - if KeyStore is null or if it failed to provide a certificate |
|
|