| Frames | No Frames |
1: /* SocketPermission.java -- Class modeling permissions for socket operations 2: Copyright (C) 1998, 2000, 2001, 2002, 2004, 2006 Free Software 3: Foundation, Inc. 4: 5: This file is part of GNU Classpath. 6: 7: GNU Classpath is free software; you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation; either version 2, or (at your option) 10: any later version. 11: 12: GNU Classpath is distributed in the hope that it will be useful, but 13: WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15: General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with GNU Classpath; see the file COPYING. If not, write to the 19: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 20: 02110-1301 USA. 21: 22: Linking this library statically or dynamically with other modules is 23: making a combined work based on this library. Thus, the terms and 24: conditions of the GNU General Public License cover the whole 25: combination. 26: 27: As a special exception, the copyright holders of this library give you 28: permission to link this library with independent modules to produce an 29: executable, regardless of the license terms of these independent 30: modules, and to copy and distribute the resulting executable under 31: terms of your choice, provided that you also meet, for each linked 32: independent module, the terms and conditions of the license of that 33: module. An independent module is a module which is not derived from 34: or based on this library. If you modify this library, you may extend 35: this exception to your version of the library, but you are not 36: obligated to do so. If you do not wish to do so, delete this 37: exception statement from your version. */ 38: 39: package java.net; 40: 41: import gnu.java.lang.CPStringBuilder; 42: 43: import java.io.IOException; 44: import java.io.ObjectInputStream; 45: import java.io.ObjectOutputStream; 46: import java.io.Serializable; 47: import java.security.Permission; 48: import java.security.PermissionCollection; 49: import java.util.StringTokenizer; 50: 51: 52: /** 53: * This class models a specific set of permssions for connecting to a 54: * host. There are two elements to this, the host/port combination and 55: * the permission list. 56: * <p> 57: * The host/port combination is specified as followed 58: * <p> 59: * <pre> 60: * hostname[:[-]port[-[port]]] 61: * </pre> 62: * <p> 63: * The hostname portion can be either a hostname or IP address. If it is 64: * a hostname, a wildcard is allowed in hostnames. This wildcard is a "*" 65: * and matches one or more characters. Only one "*" may appear in the 66: * host and it must be the leftmost character. For example, 67: * "*.urbanophile.com" matches all hosts in the "urbanophile.com" domain. 68: * <p> 69: * The port portion can be either a single value, or a range of values 70: * treated as inclusive. The first or the last port value in the range 71: * can be omitted in which case either the minimum or maximum legal 72: * value for a port (respectively) is used by default. Here are some 73: * examples: 74: * <p><ul> 75: * <li>8080 - Represents port 8080 only</li> 76: * <li>2000-3000 - Represents ports 2000 through 3000 inclusive</li> 77: * <li>-4000 - Represents ports 0 through 4000 inclusive</li> 78: * <li>1024- - Represents ports 1024 through 65535 inclusive</li> 79: * </ul><p> 80: * The permission list is a comma separated list of individual permissions. 81: * These individual permissions are: 82: * <p> 83: * <pre> 84: * accept 85: * connect 86: * listen 87: * resolve 88: * </pre> 89: * <p> 90: * The "listen" permission is only relevant if the host is localhost. If 91: * any permission at all is specified, then resolve permission is implied to 92: * exist. 93: * <p> 94: * Here are a variety of examples of how to create SocketPermission's 95: * <p><pre> 96: * SocketPermission("www.urbanophile.com", "connect"); 97: * Can connect to any port on www.urbanophile.com 98: * SocketPermission("www.urbanophile.com:80", "connect,accept"); 99: * Can connect to or accept connections from www.urbanophile.com on port 80 100: * SocketPermission("localhost:1024-", "listen,accept,connect"); 101: * Can connect to, accept from, an listen on any local port number 1024 102: * and up. 103: * SocketPermission("*.edu", "connect"); 104: * Can connect to any host in the edu domain 105: * SocketPermission("197.197.20.1", "accept"); 106: * Can accept connections from 197.197.20.1 107: * </pre><p> 108: * 109: * This class also supports IPv6 addresses. These should be specified 110: * in either RFC 2732 format or in full uncompressed form. 111: * 112: * @since 1.2 113: * 114: * @author Written by Aaron M. Renn (arenn@urbanophile.com) 115: * @author Extensively modified by Gary Benson (gbenson@redhat.com) 116: */ 117: public final class SocketPermission extends Permission implements Serializable 118: { 119: static final long serialVersionUID = -7204263841984476862L; 120: 121: /** 122: * A hostname (possibly wildcarded). Will be set if and only if 123: * this object was initialized with a hostname. 124: */ 125: private transient String hostname = null; 126: 127: /** 128: * An IP address (IPv4 or IPv6). Will be set if and only if this 129: * object was initialized with a single literal IP address. 130: */ 131: private transient InetAddress address = null; 132: 133: /** 134: * A range of ports. 135: */ 136: private transient int minport; 137: private transient int maxport; 138: 139: /** 140: * Values used for minimum and maximum ports when one or both bounds 141: * are omitted. This class is essentially independent of the 142: * networking code it describes, so we do not limit ports to the 143: * usual network limits of 1 and 65535. 144: */ 145: private static final int MIN_PORT = 0; 146: private static final int MAX_PORT = Integer.MAX_VALUE; 147: 148: /** 149: * The actions for which we have permission. This field is present 150: * to make the serialized form correct and should not be used by 151: * anything other than writeObject: everything else should use 152: * actionmask. 153: */ 154: private String actions; 155: 156: /** 157: * A bitmask representing the actions for which we have permission. 158: */ 159: private transient int actionmask; 160: 161: /** 162: * The available actions, in the canonical order required for getActions(). 163: */ 164: private static final String[] ACTIONS = new String[] { 165: "connect", "listen", "accept", "resolve"}; 166: 167: /** 168: * Initializes a new instance of <code>SocketPermission</code> with the 169: * specified host/port combination and actions string. 170: * 171: * @param hostport The hostname/port number combination 172: * @param actions The actions string 173: */ 174: public SocketPermission(String hostport, String actions) 175: { 176: super(processHostport(hostport)); 177: 178: setHostPort(getName()); 179: setActions(actions); 180: } 181: 182: /** 183: * There are two cases in which hostport needs rewriting before 184: * being passed to the superclass constructor. If hostport is an 185: * empty string then it is substituted with "localhost". And if 186: * the host part of hostport is a literal IPv6 address in the full 187: * uncompressed form not enclosed with "[" and "]" then we enclose 188: * it with them. 189: */ 190: private static String processHostport(String hostport) 191: { 192: if (hostport.length() == 0) 193: return "localhost"; 194: 195: if (hostport.charAt(0) == '[') 196: return hostport; 197: 198: int colons = 0; 199: boolean colon_allowed = true; 200: for (int i = 0; i < hostport.length(); i++) 201: { 202: if (hostport.charAt(i) == ':') 203: { 204: if (!colon_allowed) 205: throw new IllegalArgumentException("Ambiguous hostport part"); 206: colons++; 207: colon_allowed = false; 208: } 209: else 210: colon_allowed = true; 211: } 212: 213: switch (colons) 214: { 215: case 0: 216: case 1: 217: // a hostname or IPv4 address 218: return hostport; 219: 220: case 7: 221: // an IPv6 address with no ports 222: return "[" + hostport + "]"; 223: 224: case 8: 225: // an IPv6 address with ports 226: int last_colon = hostport.lastIndexOf(':'); 227: return "[" + hostport.substring(0, last_colon) + "]" 228: + hostport.substring(last_colon); 229: 230: default: 231: throw new IllegalArgumentException("Ambiguous hostport part"); 232: } 233: } 234: 235: /** 236: * Parse the hostport argument to the constructor. 237: */ 238: private void setHostPort(String hostport) 239: { 240: // Split into host and ports 241: String host, ports; 242: if (hostport.charAt(0) == '[') 243: { 244: // host is a bracketed IPv6 address 245: int end = hostport.indexOf("]"); 246: if (end == -1) 247: throw new IllegalArgumentException("Unmatched '['"); 248: host = hostport.substring(1, end); 249: 250: address = InetAddress.getByLiteral(host); 251: if (address == null) 252: throw new IllegalArgumentException("Bad IPv6 address"); 253: 254: if (end == hostport.length() - 1) 255: ports = ""; 256: else if (hostport.charAt(end + 1) == ':') 257: ports = hostport.substring(end + 2); 258: else 259: throw new IllegalArgumentException("Bad character after ']'"); 260: } 261: else 262: { 263: // host is a hostname or IPv4 address 264: int sep = hostport.indexOf(":"); 265: if (sep == -1) 266: { 267: host = hostport; 268: ports = ""; 269: } 270: else 271: { 272: host = hostport.substring(0, sep); 273: ports = hostport.substring(sep + 1); 274: } 275: 276: address = InetAddress.getByLiteral(host); 277: if (address == null) 278: { 279: if (host.lastIndexOf('*') > 0) 280: throw new IllegalArgumentException("Bad hostname"); 281: 282: hostname = host; 283: } 284: } 285: 286: // Parse and validate the ports 287: if (ports.length() == 0) 288: { 289: minport = MIN_PORT; 290: maxport = MAX_PORT; 291: } 292: else 293: { 294: int sep = ports.indexOf("-"); 295: if (sep == -1) 296: { 297: // a single port 298: minport = maxport = Integer.parseInt(ports); 299: } 300: else 301: { 302: if (ports.indexOf("-", sep + 1) != -1) 303: throw new IllegalArgumentException("Unexpected '-'"); 304: 305: if (sep == 0) 306: { 307: // an upper bound 308: minport = MIN_PORT; 309: maxport = Integer.parseInt(ports.substring(1)); 310: } 311: else if (sep == ports.length() - 1) 312: { 313: // a lower bound 314: minport = 315: Integer.parseInt(ports.substring(0, ports.length() - 1)); 316: maxport = MAX_PORT; 317: } 318: else 319: { 320: // a range with two bounds 321: minport = Integer.parseInt(ports.substring(0, sep)); 322: maxport = Integer.parseInt(ports.substring(sep + 1)); 323: } 324: } 325: } 326: } 327: 328: /** 329: * Parse the actions argument to the constructor. 330: */ 331: private void setActions(String actionstring) 332: { 333: actionmask = 0; 334: 335: boolean resolve_needed = false; 336: boolean resolve_present = false; 337: 338: StringTokenizer t = new StringTokenizer(actionstring, ","); 339: while (t.hasMoreTokens()) 340: { 341: String action = t.nextToken(); 342: action = action.trim().toLowerCase(); 343: setAction(action); 344: 345: if (action.equals("resolve")) 346: resolve_present = true; 347: else 348: resolve_needed = true; 349: } 350: 351: if (resolve_needed && !resolve_present) 352: setAction("resolve"); 353: } 354: 355: /** 356: * Parse one element of the actions argument to the constructor. 357: */ 358: private void setAction(String action) 359: { 360: for (int i = 0; i < ACTIONS.length; i++) 361: { 362: if (action.equals(ACTIONS[i])) 363: { 364: actionmask |= 1 << i; 365: return; 366: } 367: } 368: throw new IllegalArgumentException("Unknown action " + action); 369: } 370: 371: /** 372: * Tests this object for equality against another. This will be true if 373: * and only if the passed object is an instance of 374: * <code>SocketPermission</code> and both its hostname/port combination 375: * and permissions string are identical. 376: * 377: * @param obj The object to test against for equality 378: * 379: * @return <code>true</code> if object is equal to this object, 380: * <code>false</code> otherwise. 381: */ 382: public boolean equals(Object obj) 383: { 384: SocketPermission p; 385: 386: if (obj instanceof SocketPermission) 387: p = (SocketPermission) obj; 388: else 389: return false; 390: 391: if (p.actionmask != actionmask || 392: p.minport != minport || 393: p.maxport != maxport) 394: return false; 395: 396: if (address != null) 397: { 398: if (p.address == null) 399: return false; 400: else 401: return p.address.equals(address); 402: } 403: else 404: { 405: if (p.hostname == null) 406: return false; 407: else 408: return p.hostname.equals(hostname); 409: } 410: } 411: 412: /** 413: * Returns a hash code value for this object. Overrides the 414: * <code>Permission.hashCode()</code>. 415: * 416: * @return A hash code 417: */ 418: public int hashCode() 419: { 420: int code = actionmask + minport + maxport; 421: if (address != null) 422: code += address.hashCode(); 423: else 424: code += hostname.hashCode(); 425: return code; 426: } 427: 428: /** 429: * Returns the list of permission actions in this object in canonical 430: * order. The canonical order is "connect,listen,accept,resolve" 431: * 432: * @return The permitted action string. 433: */ 434: public String getActions() 435: { 436: CPStringBuilder sb = new CPStringBuilder(""); 437: 438: for (int i = 0; i < ACTIONS.length; i++) 439: { 440: if ((actionmask & (1 << i)) != 0) 441: { 442: if (sb.length() != 0) 443: sb.append(","); 444: sb.append(ACTIONS[i]); 445: } 446: } 447: 448: return sb.toString(); 449: } 450: 451: /** 452: * Returns a new <code>PermissionCollection</code> object that can hold 453: * <code>SocketPermission</code>'s. 454: * 455: * @return A new <code>PermissionCollection</code>. 456: */ 457: public PermissionCollection newPermissionCollection() 458: { 459: // FIXME: Implement 460: 461: return null; 462: } 463: 464: /** 465: * Returns an array of all IP addresses represented by this object. 466: */ 467: private InetAddress[] getAddresses() 468: { 469: if (address != null) 470: return new InetAddress[] {address}; 471: 472: try 473: { 474: return InetAddress.getAllByName(hostname); 475: } 476: catch (UnknownHostException e) 477: { 478: return new InetAddress[0]; 479: } 480: } 481: 482: /** 483: * Returns the canonical hostname represented by this object, 484: * or null if this object represents a wildcarded domain. 485: */ 486: private String getCanonicalHostName() 487: { 488: if (address != null) 489: return address.internalGetCanonicalHostName(); 490: if (hostname.charAt(0) == '*') 491: return null; 492: try 493: { 494: return InetAddress.getByName(hostname).internalGetCanonicalHostName(); 495: } 496: catch (UnknownHostException e) 497: { 498: return null; 499: } 500: } 501: 502: /** 503: * Returns true if the permission object passed it is implied by the 504: * this permission. This will be true if: 505: * 506: * <ul> 507: * <li>The argument is of type <code>SocketPermission</code></li> 508: * <li>The actions list of the argument are in this object's actions</li> 509: * <li>The port range of the argument is within this objects port range</li> 510: * <li>The hostname is equal to or a subset of this objects hostname</li> 511: * </ul> 512: * 513: * <p>The argument's hostname will be a subset of this object's hostname if:</p> 514: * 515: * <ul> 516: * <li>The argument's hostname or IP address is equal to this object's.</li> 517: * <li>The argument's canonical hostname is equal to this object's.</li> 518: * <li>The argument's canonical name matches this domains hostname with 519: * wildcards</li> 520: * </ul> 521: * 522: * @param perm The <code>Permission</code> to check against 523: * 524: * @return <code>true</code> if the <code>Permission</code> is implied by 525: * this object, <code>false</code> otherwise. 526: */ 527: public boolean implies(Permission perm) 528: { 529: SocketPermission p; 530: 531: // First make sure we are the right object type 532: if (perm instanceof SocketPermission) 533: p = (SocketPermission) perm; 534: else 535: return false; 536: 537: // If p was initialised with an empty hostname then we do not 538: // imply it. This is not part of the spec, but it seems necessary. 539: if (p.hostname != null && p.hostname.length() == 0) 540: return false; 541: 542: // Next check the actions 543: if ((p.actionmask & actionmask) != p.actionmask) 544: return false; 545: 546: // Then check the ports 547: if ((p.minport < minport) || (p.maxport > maxport)) 548: return false; 549: 550: // Finally check the hosts 551: String p_canon = null; 552: 553: // Return true if this object was initialized with a single 554: // IP address which one of p's IP addresses is equal to. 555: if (address != null) 556: { 557: InetAddress[] addrs = p.getAddresses(); 558: for (int i = 0; i < addrs.length; i++) 559: { 560: if (address.equals(addrs[i])) 561: return true; 562: } 563: } 564: 565: // Return true if this object is a wildcarded domain that 566: // p's canonical name matches. 567: if (hostname != null && hostname.charAt(0) == '*') 568: { 569: p_canon = p.getCanonicalHostName(); 570: if (p_canon != null && p_canon.endsWith(hostname.substring(1))) 571: return true; 572: 573: } 574: 575: // Return true if this one of this object's IP addresses 576: // is equal to one of p's. 577: if (address == null) 578: { 579: InetAddress[] addrs = p.getAddresses(); 580: InetAddress[] p_addrs = p.getAddresses(); 581: 582: for (int i = 0; i < addrs.length; i++) 583: { 584: for (int j = 0; j < p_addrs.length; j++) 585: { 586: if (addrs[i].equals(p_addrs[j])) 587: return true; 588: } 589: } 590: } 591: 592: // Return true if this object's canonical name equals p's. 593: String canon = getCanonicalHostName(); 594: if (canon != null) 595: { 596: if (p_canon == null) 597: p_canon = p.getCanonicalHostName(); 598: if (p_canon != null && canon.equals(p_canon)) 599: return true; 600: } 601: 602: // Didn't make it 603: return false; 604: } 605: 606: /** 607: * Deserializes a <code>SocketPermission</code> object from 608: * an input stream. 609: * 610: * @param input the input stream. 611: * @throws IOException if an I/O error occurs in the stream. 612: * @throws ClassNotFoundException if the class of the 613: * serialized object could not be found. 614: */ 615: private void readObject(ObjectInputStream input) 616: throws IOException, ClassNotFoundException 617: { 618: input.defaultReadObject(); 619: setHostPort(getName()); 620: setActions(actions); 621: } 622: 623: /** 624: * Serializes a <code>SocketPermission</code> object to an 625: * output stream. 626: * 627: * @param output the output stream. 628: * @throws IOException if an I/O error occurs in the stream. 629: */ 630: private void writeObject(ObjectOutputStream output) 631: throws IOException 632: { 633: actions = getActions(); 634: output.defaultWriteObject(); 635: } 636: }