Apple Developer Connection Student Program

home *** CD-ROM | disk | FTP | other *** search

/ Apple Developer Connection Student Program / ADC Tools Sampler CD Disk 3 1999.iso / Metrowerks CodeWarrior / Java Support / Java_Source / Java2 / src / java / net / SocketPermission.java < prev next >

Wrap

Java Source | 1999-05-28 | 28.2 KB | 1,069 lines | [TEXT/CWIE]

/* * @(#)SocketPermission.java 1.22 98/12/01 * * Copyright 1997, 1998 by Sun Microsystems, Inc., * 901 San Antonio Road, Palo Alto, California, 94303, U.S.A. * All rights reserved. * * This software is the confidential and proprietary information * of Sun Microsystems, Inc. ("Confidential Information"). You * shall not disclose such Confidential Information and shall use * it only in accordance with the terms of the license agreement * you entered into with Sun. */ package java.net; import java.util.Enumeration; import java.util.Vector; import java.util.Hashtable; import java.util.StringTokenizer; import java.net.InetAddress; import java.security.Permission; import java.security.PermissionCollection; import java.io.Serializable; import java.io.IOException; /** * This class represents access to a network via sockets. * A SocketPermission consists of a * host specification and a set of "actions" specifying ways to * connect to that host. The host is specified as * <pre> * host = (hostname | IPaddress)[:portrange] * portrange = portnumber | -portnumber | portnumber-[portnumber] * </pre> * The host is expressed as a DNS name, as a numerical IP address, * or as "localhost" (for the local machine). * The wildcard "*" may be included once in a DNS name host * specification. If it is included, it must be in the leftmost * position, as in "*.sun.com". * * The port or portrange is optional. A port specification of the * form "N-", where N is a port number, signifies all ports * numbered N and above, while a specification of the * form "-N" indicates all ports numbered N and below. * * The possible ways to connect to the host are * <pre> * accept * connect * listen * resolve * </pre> * The "listen" action is only meaningful when used with "localhost". * The "resolve" (resolve host/ip name service lookups) action is implied * when any of the other actions are present. * * As an example of the creation and meaning of SocketPermissions, * note that if the following permission: * * <pre> * p1 = new SocketPermission("puffin.eng.sun.com:7777", "connect,accept"); * </pre> * * is granted to some code, it allows that code to connect to port 7777 on * <code>puffin.eng.sun.com</code>, and to accept connections on that port. * * Similarly, if the following permission: * * <pre> * p1 = new SocketPermission("puffin.eng.sun.com:7777", "connect,accept"); * p2 = new SocketPermission("localhost:1024-", "accept,connect,listen"); * </pre> * * is granted to some code, it allows that code to * accept connections on, connect to, or listen on any port between * 1024 and 65535 on the local host. * * Note: Granting code permission to accept or make connections to remote * hosts may be dangerous because malevolent code can then more easily * transfer and share confidential data among parties who may not * otherwise have access to the data. * * @see Permissions * @see SocketPermissions * * @version 1.22 99/03/26 * * @author Marianne Mueller * @author Roland Schemers */ public final class SocketPermission extends Permission implements java.io.Serializable { /** * Connect to host:port */ private final static int CONNECT = 0x1; /** * Listen on host:port */ private final static int LISTEN = 0x2; /** * Accept a connection from host:port */ private final static int ACCEPT = 0x4; /** * Resolve DNS queries */ private final static int RESOLVE = 0x8; /** * No actions */ private final static int NONE = 0x0; /** * All actions */ private final static int ALL = CONNECT|LISTEN|ACCEPT|RESOLVE; // various port constants private static final int PORT_MIN = 0; private static final int PORT_MAX = 65535; private static final int PRIV_PORT_MAX = 1023; // the actions mask private transient int mask; /** * the actions string. * * @serial */ private String actions; // Left null as long as possible, then // created and re-used in the getAction function. // the canonical name of the host // in the case of "*.foo.com", cname is ".foo.com". private transient String cname; // all the IP addresses of the host private transient InetAddress[] addresses; // true if the hostname is a wildcard (e.g. "*.sun.com") private transient boolean wildcard; // true if we were initialized with a single numeric IP address private transient boolean init_with_ip; // true if this SocketPermission represents an invalid/unknown host // used for implies when the delayed lookup has already failed private transient boolean invalid; // port range on host private transient int[] portrange; // true if the trustProxy system property is set private static boolean trustProxy; static { Boolean tmp = (Boolean) java.security.AccessController.doPrivileged( new sun.security.action.GetBooleanAction("trustProxy")); trustProxy = tmp.booleanValue(); } /** * Creates a new SocketPermission object with the specified actions. * The host is expressed as a DNS name, or as a numerical IP address. * Optionally, a port or a portrange may be supplied (separated * from the DNS name or IP address by a colon). * * To specify the local machine, use "localhost" as the host. * Also note: An empty host String ("") is equivalent to "localhost". * * The actions parameter contains a comma-separated list of the * actions granted for the specified host (and port(s)). Possible actions are * "connect", "listen", "accept", "resolve", or * any combination of those. "resolve" is automatically added * when any of the other three are specified. * * Examples of SocketPermission instantiation are the following: * <pre> * nr = new SocketPermission("www.catalog.com", "connect"); * nr = new SocketPermission("www.sun.com:80", "connect"); * nr = new SocketPermission("*.sun.com", "connect"); * nr = new SocketPermission("*.edu", "resolve"); * nr = new SocketPermission("204.160.241.0", "connect"); * nr = new SocketPermission("localhost:1024-65535", "listen"); * nr = new SocketPermission("204.160.241.0:1024-65535", "connect"); * </pre> * * @param host the hostname or IPaddress of the computer, optionally * including a colon followed by a port or port range. * @param action the action string. */ public SocketPermission(String host, String action) { super(getHost(host)); init(host, getMask(action)); } SocketPermission(String host, int mask) { super(getHost(host)); init(host, mask); } private static String getHost(String host) { if (host.equals("")) return "localhost"; else return host; } private boolean isDottedIP(String host) { char[] h = host.toCharArray(); int n = h.length - 1; int components = 0; if (n > -1 && h[0] == '.') return false; while (n != -1) { char c0, c1, c2; c0 = h[n]; if (n < 2) { c2 = '.'; if (n == 1) { c1 = h[0]; } else { c1 = '.'; } n = -1; } else { c1 = h[n-1]; if (c1 == '.') { c2 = '.'; n -= 2; } else { c2 = h[n-2]; if (c2 == '.') { n -= 3; } else { if ((n-3) != -1) { if (h[n-3] != '.') return false; n -= 4; } else n -= 3; } } } if (c0 < '0' || c0 > '9' || (c1 < '0' && c1 != '.') || c1 > '9' || (c2 < '0' && c2 != '.') || c2 > '2' || (c2 == '2' && (c1 > '5' || (c1 == '5' && c0 > '5')))) return false; components++; } return (components == 4); } private int[] parsePort(String port) throws Exception { if (port == null || port.equals("") || port.equals("*")) { return new int[] {PORT_MIN, PORT_MAX}; } int dash = port.indexOf('-'); if (dash == -1) { int p = Integer.parseInt(port); return new int[] {p, p}; } else { String low = port.substring(0, dash); String high = port.substring(dash+1); int l,h; if (low.equals("")) { l = PORT_MIN; } else { l = Integer.parseInt(low); } if (high.equals("")) { h = PORT_MAX; } else { h = Integer.parseInt(high); } if (h<l) throw new IllegalArgumentException("invalid port range"); return new int[] {l, h}; } } /** * Initialize the SocketPermission object. We don't do any DNS lookups * as this point, instead we hold off until the implies method is * called. */ private void init(String host, int mask) { host = getHost(host); // Set the integer mask that represents the actions if ((mask & ALL) != mask) throw new IllegalArgumentException("invalid actions mask"); // always OR in RESOLVE if we allow any of the others this.mask = mask | RESOLVE; // Parse the host name. A name has up to three components, the // hostname, a port number, or two numbers representing a port // range. "www.sun.com:8080-9090" is a valid host name. int sep = host.indexOf(':'); if (sep != -1) { String port = host.substring(sep+1); host = host.substring(0, sep); try { portrange = parsePort(port); } catch (Exception e) { throw new IllegalArgumentException("invalid port range: "+port); } } else { portrange = new int[] { PORT_MIN, PORT_MAX }; } // is this a domain wildcard specification if (host.startsWith("*")) { wildcard = true; if (host.equals("*")) { cname = ""; } else if (host.startsWith("*.")) { cname = host.substring(1).toLowerCase(); } else { throw new IllegalArgumentException("invalid host wildcard specification"); } return; } else { // see if we are being initialized with an IP address. if (isDottedIP(host)) { try { addresses = new InetAddress[] {InetAddress.getByName(host) }; init_with_ip = true; } catch (UnknownHostException uhe) { // this shouldn't happen invalid = true; } } } } /** * Convert an action string to an integer actions mask. * * @param action the action string * @return the action mask */ private static int getMask(String action) { int mask = NONE; if (action == null) { return mask; } char[] a = action.toCharArray(); int i = a.length - 1; if (i < 0) return mask; while (i != -1) { char c; // skip whitespace while ((i!=-1) && ((c = a[i]) == ' ' || c == '\r' || c == '\n' || c == '\f' || c == '\t')) i--; // check for the known strings int matchlen; if (i >= 6 && (a[i-6] == 'c' || a[i-6] == 'C') && (a[i-5] == 'o' || a[i-5] == 'O') && (a[i-4] == 'n' || a[i-4] == 'N') && (a[i-3] == 'n' || a[i-3] == 'N') && (a[i-2] == 'e' || a[i-2] == 'E') && (a[i-1] == 'c' || a[i-1] == 'C') && (a[i] == 't' || a[i] == 'T')) { matchlen = 7; mask |= CONNECT; } else if (i >= 6 && (a[i-6] == 'r' || a[i-6] == 'R') && (a[i-5] == 'e' || a[i-5] == 'E') && (a[i-4] == 's' || a[i-4] == 'S') && (a[i-3] == 'o' || a[i-3] == 'O') && (a[i-2] == 'l' || a[i-2] == 'L') && (a[i-1] == 'v' || a[i-1] == 'V') && (a[i] == 'e' || a[i] == 'E')) { matchlen = 7; mask |= RESOLVE; } else if (i >= 5 && (a[i-5] == 'l' || a[i-5] == 'L') && (a[i-4] == 'i' || a[i-4] == 'I') && (a[i-3] == 's' || a[i-3] == 'S') && (a[i-2] == 't' || a[i-2] == 'T') && (a[i-1] == 'e' || a[i-1] == 'E') && (a[i] == 'n' || a[i] == 'N')) { matchlen = 6; mask |= LISTEN; } else if (i >= 5 && (a[i-5] == 'a' || a[i-5] == 'A') && (a[i-4] == 'c' || a[i-4] == 'C') && (a[i-3] == 'c' || a[i-3] == 'C') && (a[i-2] == 'e' || a[i-2] == 'E') && (a[i-1] == 'p' || a[i-1] == 'P') && (a[i] == 't' || a[i] == 'T')) { matchlen = 6; mask |= ACCEPT; } else { // parse error throw new IllegalArgumentException( "invalid permission: " + action); } // make sure we didn't just match the tail of a word // like "ackbarfaccept". Also, skip to the comma. boolean seencomma = false; while (i >= matchlen && !seencomma) { switch(a[i-matchlen]) { case ',': seencomma = true; /*FALLTHROUGH*/ case ' ': case '\r': case '\n': case '\f': case '\t': break; default: throw new IllegalArgumentException( "invalid permission: " + action); } i--; } // point i at the location of the comma minus one (or -1). i -= matchlen; } return mask; } /** * attempt to get the fully qualified domain name * */ void getCanonName() throws UnknownHostException { if (cname != null || invalid) return; // attempt to get the canonical name try { // first get the IP addresses if we don't have them yet // this is because we need the IP address to then get // FQDN. if (addresses == null) { getIP(); } // we have to do this check, otherwise we might not // get the fully qualified domain name if (init_with_ip) { cname = addresses[0].getHostName(false).toLowerCase(); } else { cname = InetAddress.getByName(addresses[0].getHostAddress()). getHostName(false).toLowerCase(); } } catch (UnknownHostException uhe) { invalid = true; throw uhe; } } /** * get IP addresses. Sets invalid to true if we can't get them. * */ void getIP() throws UnknownHostException { if (addresses != null || wildcard || invalid) return; try { // now get all the IP addresses String host; int i = getName().indexOf(":"); if (i == -1) host = getName(); else { host = getName().substring(0,i); } addresses = new InetAddress[] {InetAddress.getAllByName0(host, false)[0]}; } catch (UnknownHostException uhe) { invalid = true; throw uhe; } } /** * Checks if this socket permission object "implies" the * specified permission. * * More specifically, this method first ensures that all of the following * are true (and returns false if any of them are not): * <ul> * <li> p is an instanceof SocketPermission, * <li> p's actions are a proper subset of this * object's actions, and * <li> p's port range is included in this port range. * </ul> * * Then <code>implies</code> checks each of the following, in order, * and for each returns true if the stated condition is true: * <ul> * <li> If this object was initialized with a single IP address and one of p's * IP addresses is equal to this object's IP address. * <li>If this object is a wildcard domain (such as *.sun.com), and * p's canonical name (the name without any preceding *) * ends with this object's canonical host name. For example, *.sun.com * implies *.eng.sun.com.. * <li>If this object was not initialized with a single IP address, and one of this * object's IP addresses equals one of p's IP addresses. * <li>If this canonical name equals p's canonical name. * </ul> * * If none of the above are true, <code>implies</code> returns false. * @param p the permission to check against. * * @return true if the specified permission is implied by this object, * false if not. */ public boolean implies(Permission p) { int i,j; if (!(p instanceof SocketPermission)) return false; SocketPermission that = (SocketPermission) p; return ((this.mask & that.mask) == that.mask) && impliesIgnoreMask(that); } /** * Checks if the incoming Permission's action are a proper subset of * the this object's actions. * * Check, in the following order: * <ul> * <li> Checks that "p" is an instanceof a SocketPermission * <li> Checks that "p"'s actions are a proper subset of the * current object's actions. * <li> Checks that "p"'s port range is included in this port range * <li> If this object was initialized with an IP address, checks that * one of "p"'s IP addresses is equal to this object's IP address. * <li> If either object is a wildcard domain (i.e., "*.sun.com"), * attempt to match based on the wildcard. * <li> If this object was not initialized with an IP address, attempt * to find a match based on the IP addresses in both objects. * <li> Attempt to match on the canonical hostnames of both objects. * </ul> * @param p the incoming permission request * * @return true if "permission" is a proper subset of the current object, * false if not. */ boolean impliesIgnoreMask(SocketPermission that) { int i,j; if ((that.mask & RESOLVE) != that.mask) { // check port range if ((that.portrange[0] < this.portrange[0]) || (that.portrange[1] > this.portrange[1])) { return false; } } // allow a "*" wildcard to always match anything if (this.wildcard && this.getName().equals("*")) return true; // return if either one of these NetPerm objects are invalid... if (this.invalid || that.invalid) { if (!trustProxy) return false; // if we trust the proxy, we see if the original names/IPs passed // in were equal. String thisHost = getName(); String thatHost = that.getName(); int sep = thisHost.indexOf(':'); if (sep != -1) thisHost = thisHost.substring(0, sep); sep = thatHost.indexOf(':'); if (sep != -1) thatHost = thatHost.substring(0, sep); if (thisHost == null) return false; else return thisHost.equalsIgnoreCase(thatHost); } try { if (this.init_with_ip) { // we only check IP addresses if (that.wildcard) return false; if (that.init_with_ip) { return (this.addresses[0].equals(that.addresses[0])); } else { if (that.addresses == null) { that.getIP(); } for (i=0; i < that.addresses.length; i++) { if (this.addresses[0].equals(that.addresses[i])) return true; } } // since "this" was initialized with an IP address, we // don't check any other cases return false; } // check and see if we have any wildcards... if (this.wildcard || that.wildcard) { // if they are both wildcards, return true iff // that's cname ends with this cname (i.e., *.sun.com // implies *.eng.sun.com) if (this.wildcard && that.wildcard) return (that.cname.endsWith(this.cname)); // a non-wildcard can't imply a wildcard if (that.wildcard) return false; // this is a wildcard, lets see if that's cname ends with // it... if (that.cname == null) { that.getCanonName(); } return (that.cname.endsWith(this.cname)); } // comapare IP addresses if (this.addresses == null) { this.getIP(); } if (that.addresses == null) { that.getIP(); } for (j = 0; j < this.addresses.length; j++) { for (i=0; i < that.addresses.length; i++) { if (this.addresses[j].equals(that.addresses[i])) return true; } } // XXX: if all else fails, compare hostnames? // Do we really want this? if (this.cname == null) { this.getCanonName(); } if (that.cname == null) { that.getCanonName(); } return (this.cname.equalsIgnoreCase(that.cname)); } catch (UnknownHostException uhe) { // commented out, otherwise the last return is // flagged as unreachable by the compiler. // return false; } // make sure the first thing that is done here is to return // false. If not, uncomment the return false in the above catch. return false; } /** * Checks two SocketPermission objects for equality. * * @param obj the object to test for equality with this object. * * @return true if obj is a SocketPermission, and has the same hostname, * port range, and * actions as this SocketPermission object. */ public boolean equals(Object obj) { if (obj == this) return true; if (! (obj instanceof SocketPermission)) return false; SocketPermission that = (SocketPermission) obj; //this is (overly?) complex!!! // check the mask first if (this.mask != that.mask) return false; // now check the port range... if ((this.portrange[0] != that.portrange[0]) || (this.portrange[1] != that.portrange[1])) { return false; } // short cut. This catches: // "crypto" equal to "crypto", or // "1.2.3.4" equal to "1.2.3.4.", or // "*.edu" equal to "*.edu", but it // does not catch "crypto" equal to // "crypto.eng.sun.com". if (this.getName().equalsIgnoreCase(that.getName())) { return true; } // we now attempt to get the Canonical (FQDN) name and // compare that. If this fails, about all we can do is return // false. try { this.getCanonName(); that.getCanonName(); } catch (UnknownHostException uhe) { return false; } if (this.invalid || that.invalid) return false; if (this.cname != null) { return this.cname.equalsIgnoreCase(that.cname); } return false; } /** * Returns the hash code value for this object. * * @return a hash code value for this object. */ public int hashCode() { /* * If this SocketPermission was initialized with an IP address * or a wildcard, use getName().hashCode(), otherwise use * the hashCode() of the host name returned from * java.net.InetAddress.getHostName method. */ if (init_with_ip || wildcard) { return this.getName().hashCode(); } try { getCanonName(); } catch (UnknownHostException uhe) { } if (invalid || cname == null) return this.getName().hashCode(); else return this.cname.hashCode(); } /** * Return the current action mask. * * @return the actions mask. */ int getMask() { return mask; } /** * Returns the "canonical string representation" of the actions in the * specified mask. * Always returns present actions in the following order: * connect, listen, accept, resolve. * * @param mask a specific integer action mask to translate into a string * @return the canonical string representation of the actions */ private static String getActions(int mask) { StringBuffer sb = new StringBuffer(); boolean comma = false; if ((mask & CONNECT) == CONNECT) { comma = true; sb.append("connect"); } if ((mask & LISTEN) == LISTEN) { if (comma) sb.append(','); else comma = true; sb.append("listen"); } if ((mask & ACCEPT) == ACCEPT) { if (comma) sb.append(','); else comma = true; sb.append("accept"); } if ((mask & RESOLVE) == RESOLVE) { if (comma) sb.append(','); else comma = true; sb.append("resolve"); } return sb.toString(); } /** * Returns the canonical string representation of the actions. * Always returns present actions in the following order: * connect, listen, accept, resolve. * * @return the canonical string representation of the actions. */ public String getActions() { if (actions == null) actions = getActions(this.mask); return actions; } /** * Returns a new PermissionCollection object for storing SocketPermission * objects. * * SocketPermission objects must be stored in a manner that allows them * to be inserted into the collection in any order, but that also enables the * PermissionCollection <code>implies</code> * method to be implemented in an efficient (and consistent) manner. * * @return a new PermissionCollection object suitable for storing SocketPermissions. */ public PermissionCollection newPermissionCollection() { return new SocketPermissionCollection(); } /** * WriteObject is called to save the state of the SocketPermission * to a stream. The actions are serialized, and the superclass * takes care of the name. */ private synchronized void writeObject(java.io.ObjectOutputStream s) throws IOException { // Write out the actions. The superclass takes care of the name // call getActions to make sure actions field is initialized if (actions == null) getActions(); s.defaultWriteObject(); } /** * readObject is called to restore the state of the SocketPermission from * a stream. */ private synchronized void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException { // Read in the action, then initialize the rest s.defaultReadObject(); init(getName(),getMask(actions)); } /* public String toString() { StringBuffer s = new StringBuffer(super.toString() + "\n" + "cname = " + cname + "\n" + "wildcard = " + wildcard + "\n" + "invalid = " + invalid + "\n" + "portrange = " + portrange[0] + "," + portrange[1] + "\n"); if (addresses != null) for (int i=0; i<addresses.length; i++) { s.append( addresses[i].getHostAddress()); s.append("\n"); } else { s.append("(no addresses)\n"); } return s.toString(); } public static void main(String args[]) throws Exception { SocketPermission this_ = new SocketPermission(args[0], "connect"); SocketPermission that_ = new SocketPermission(args[1], "connect"); System.out.println("-----\n"); System.out.println("this.implies(that) = " + this_.implies(that_)); System.out.println("-----\n"); System.out.println("this = "+this_); System.out.println("-----\n"); System.out.println("that = "+that_); System.out.println("-----\n"); SocketPermissionCollection nps = new SocketPermissionCollection(); nps.add(this_); nps.add(new SocketPermission("www-leland.stanford.edu","connect")); nps.add(new SocketPermission("www-sun.com","connect")); System.out.println("nps.implies(that) = " + nps.implies(that_)); System.out.println("-----\n"); } */ } /** if (init'd with IP, key is IP as string) if wildcard, its the wild card else its the cname? * * @see java.security.Permission * @see java.security.Permissions * @see java.security.PermissionCollection * * @version 1.22 99/03/26 * * @author Roland Schemers */ final class SocketPermissionCollection extends PermissionCollection implements Serializable { /** * The SocketPermissions for this set. */ private Vector permissions; /** * Create an empty SocketPermissions object. * */ public SocketPermissionCollection() { permissions = new Vector(); } /** * Adds a permission to the SocketPermissions. The key for the hash is * the name in the case of wildcards, or all the IP addresses. * * @param permission the Permission object to add. */ public void add(Permission permission) { if (! (permission instanceof SocketPermission)) throw new IllegalArgumentException("invalid permission: "+ permission); permissions.addElement(permission); } /** * Check and see if this collection of permissions implies the permissions * expressed in "permission". * * @param p the Permission object to compare * * @return true if "permission" is a proper subset of a permission in * the collection, false if not. */ public boolean implies(Permission permission) { if (! (permission instanceof SocketPermission)) return false; SocketPermission np = (SocketPermission) permission; int desired = np.getMask(); int effective = 0; int needed = desired; Enumeration e = permissions.elements(); //System.out.println("implies "+np); while (e.hasMoreElements()) { SocketPermission x = (SocketPermission) e.nextElement(); //System.out.println(" trying "+x); if (((needed & x.getMask()) != 0) && x.impliesIgnoreMask(np)) { effective |= x.getMask(); if ((effective & desired) == desired) return true; needed = (desired ^ effective); } } return false; } /** * Returns an enumeration of all the SocketPermission objects in the * container. * * @return an enumeration of all the SocketPermission objects. */ public Enumeration elements() { return permissions.elements(); } }