提交 6c3a3338 编写于 作者: M mullan

7019834: Eliminate dependency from PolicyFile to com.sun.security.auth.PrincipalComparator

Summary: Add new java.security.Principal.implies method
Reviewed-by: alanb
上级 e01da2eb
/*
* Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -25,6 +25,8 @@
package java.security;
import javax.security.auth.Subject;
/**
* This interface represents the abstract notion of a principal, which
* can be used to represent any entity, such as an individual, a
......@@ -45,7 +47,6 @@ public interface Principal {
*
* @return true if the principal passed in is the same as that
* encapsulated by this principal, and false otherwise.
*/
public boolean equals(Object another);
......@@ -69,4 +70,24 @@ public interface Principal {
* @return the name of this principal.
*/
public String getName();
/**
* Returns true if the specified subject is implied by this principal.
*
* <p>The default implementation of this method returns true if
* {@code subject} is non-null and contains at least one principal that
* is equal to this principal.
*
* <p>Subclasses may override this with a different implementation, if
* necessary.
*
* @return true if {@code subject} is non-null and is
* implied by this principal, or false otherwise.
* @since 1.8
*/
public default boolean implies(Subject subject) {
if (subject == null)
return false;
return subject.getPrincipals().contains(this);
}
}
......@@ -31,13 +31,7 @@ import java.net.MalformedURLException;
import java.net.URL;
import java.net.URI;
import java.util.*;
import java.util.Enumeration;
import java.util.List;
import java.util.StringTokenizer;
import java.util.ArrayList;
import java.util.ListIterator;
import java.text.MessageFormat;
import com.sun.security.auth.PrincipalComparator;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
......@@ -46,19 +40,7 @@ import javax.security.auth.x500.X500Principal;
import java.io.FilePermission;
import java.net.SocketPermission;
import java.net.NetPermission;
import java.util.PropertyPermission;
import java.util.concurrent.atomic.AtomicReference;
/*
import javax.security.auth.AuthPermission;
import javax.security.auth.kerberos.ServicePermission;
import javax.security.auth.kerberos.DelegationPermission;
import java.io.SerializablePermission;
import java.util.logging.LoggingPermission;
import java.sql.SQLPermission;
import java.lang.reflect.ReflectPermission;
import javax.sound.sampled.AudioPermission;
import javax.net.ssl.SSLPermission;
*/
import sun.misc.JavaSecurityProtectionDomainAccess;
import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
import sun.misc.SharedSecrets;
......@@ -794,11 +776,8 @@ public class PolicyFile extends java.security.Policy {
debug.println("Adding policy entry: ");
debug.println(" signedBy " + ge.signedBy);
debug.println(" codeBase " + ge.codeBase);
if (ge.principals != null && ge.principals.size() > 0) {
ListIterator<PolicyParser.PrincipalEntry> li =
ge.principals.listIterator();
while (li.hasNext()) {
PolicyParser.PrincipalEntry pppe = li.next();
if (ge.principals != null) {
for (PolicyParser.PrincipalEntry pppe : ge.principals) {
debug.println(" " + pppe.toString());
}
}
......@@ -955,11 +934,15 @@ public class PolicyFile extends java.security.Policy {
InvocationTargetException
{
//XXX we might want to keep a hash of created factories...
Class<?> pc = Class.forName(type);
Class<?> pc = Class.forName(type, false, null);
Permission answer = getKnownInstance(pc, name, actions);
if (answer != null) {
return answer;
}
if (!Permission.class.isAssignableFrom(pc)) {
// not the right subtype
throw new ClassCastException(type + " is not a Permission");
}
if (name == null && actions == null) {
try {
......@@ -1001,7 +984,6 @@ public class PolicyFile extends java.security.Policy {
*/
private static final Permission getKnownInstance(Class<?> claz,
String name, String actions) {
// XXX shorten list to most popular ones?
if (claz.equals(FilePermission.class)) {
return new FilePermission(name, actions);
} else if (claz.equals(SocketPermission.class)) {
......@@ -1014,30 +996,6 @@ public class PolicyFile extends java.security.Policy {
return new NetPermission(name, actions);
} else if (claz.equals(AllPermission.class)) {
return SecurityConstants.ALL_PERMISSION;
/*
} else if (claz.equals(ReflectPermission.class)) {
return new ReflectPermission(name, actions);
} else if (claz.equals(SecurityPermission.class)) {
return new SecurityPermission(name, actions);
} else if (claz.equals(PrivateCredentialPermission.class)) {
return new PrivateCredentialPermission(name, actions);
} else if (claz.equals(AuthPermission.class)) {
return new AuthPermission(name, actions);
} else if (claz.equals(ServicePermission.class)) {
return new ServicePermission(name, actions);
} else if (claz.equals(DelegationPermission.class)) {
return new DelegationPermission(name, actions);
} else if (claz.equals(SerializablePermission.class)) {
return new SerializablePermission(name, actions);
} else if (claz.equals(AudioPermission.class)) {
return new AudioPermission(name, actions);
} else if (claz.equals(SSLPermission.class)) {
return new SSLPermission(name, actions);
} else if (claz.equals(LoggingPermission.class)) {
return new LoggingPermission(name, actions);
} else if (claz.equals(SQLPermission.class)) {
return new SQLPermission(name, actions);
*/
} else {
return null;
}
......@@ -1079,7 +1037,7 @@ public class PolicyFile extends java.security.Policy {
if (cert != null) {
if (vcerts == null)
vcerts = new ArrayList<Certificate>();
vcerts = new ArrayList<>();
vcerts.add(cert);
}
}
......@@ -1329,7 +1287,7 @@ public class PolicyFile extends java.security.Policy {
List<PolicyParser.PrincipalEntry> entryPs = entry.getPrincipals();
if (debug != null) {
ArrayList<PolicyParser.PrincipalEntry> accPs = new ArrayList<>();
List<PolicyParser.PrincipalEntry> accPs = new ArrayList<>();
if (principals != null) {
for (int i = 0; i < principals.length; i++) {
accPs.add(new PolicyParser.PrincipalEntry
......@@ -1368,79 +1326,72 @@ public class PolicyFile extends java.security.Policy {
// has principals. see if policy entry principals match
// principals in current ACC
for (int i = 0; i < entryPs.size(); i++) {
PolicyParser.PrincipalEntry pppe = entryPs.get(i);
// see if principal entry is a PrincipalComparator
try {
Class<?> pClass = Class.forName
(pppe.principalClass,
true,
Thread.currentThread().getContextClassLoader());
if (!PrincipalComparator.class.isAssignableFrom(pClass)) {
for (PolicyParser.PrincipalEntry pppe : entryPs) {
// common case - dealing with regular Principal class.
// see if policy entry principal is in current ACC
// Check for wildcards
if (pppe.isWildcardClass()) {
// a wildcard class matches all principals in current ACC
continue;
}
if (!checkEntryPs(principals, pppe)) {
if (pppe.isWildcardName()) {
// a wildcard name matches any principal with the same class
for (Principal p : principals) {
if (pppe.principalClass.equals(p.getClass().getName())) {
continue;
}
}
if (debug != null) {
debug.println("evaluation (principals) failed");
debug.println("evaluation (principal name wildcard) failed");
}
// policy entry principal not in current ACC -
// immediately return and go to next policy entry
return;
}
} else {
// dealing with a PrincipalComparator
Set<Principal> pSet = new HashSet<>(Arrays.asList(principals));
Subject subject = new Subject(true, pSet,
Collections.EMPTY_SET,
Collections.EMPTY_SET);
try {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
Class<?> pClass = Class.forName(pppe.principalClass, false, cl);
if (!Principal.class.isAssignableFrom(pClass)) {
// not the right subtype
throw new ClassCastException(pppe.principalClass +
" is not a Principal");
}
Constructor<?> c = pClass.getConstructor(PARAMS1);
PrincipalComparator pc = (PrincipalComparator)c.newInstance
(new Object[] { pppe.principalName });
Principal p = (Principal)c.newInstance(new Object[] {
pppe.principalName });
if (debug != null) {
debug.println("found PrincipalComparator " +
pc.getClass().getName());
debug.println("found Principal " + p.getClass().getName());
}
// check if the PrincipalComparator
// implies the current thread's principals
Set<Principal> pSet = new HashSet<>(principals.length);
for (int j = 0; j < principals.length; j++) {
pSet.add(principals[j]);
}
Subject subject = new Subject(true,
pSet,
Collections.EMPTY_SET,
Collections.EMPTY_SET);
if (!pc.implies(subject)) {
// check if the Principal implies the current
// thread's principals
if (!p.implies(subject)) {
if (debug != null) {
debug.println
("evaluation (principal comparator) failed");
debug.println("evaluation (principal implies) failed");
}
// policy principal does not imply the current Subject -
// immediately return and go to next policy entry
return;
}
}
} catch (Exception e) {
// fall back to regular principal comparison.
// fall back to default principal comparison.
// see if policy entry principal is in current ACC
if (debug != null) {
e.printStackTrace();
}
if (!checkEntryPs(principals, pppe)) {
if (!pppe.implies(subject)) {
if (debug != null) {
debug.println("evaluation (principals) failed");
debug.println("evaluation (default principal implies) failed");
}
// policy entry principal not in current ACC -
......@@ -1450,7 +1401,7 @@ public class PolicyFile extends java.security.Policy {
}
// either the principal information matched,
// or the PrincipalComparator.implies succeeded.
// or the Principal.implies succeeded.
// continue loop and test the next policy principal
}
......@@ -1484,47 +1435,6 @@ public class PolicyFile extends java.security.Policy {
}
}
/**
* This method returns, true, if the principal in the policy entry,
* pppe, is part of the current thread's principal array, pList.
* This method also returns, true, if the policy entry's principal
* is appropriately wildcarded.
*
* Note that the provided <i>pppe</i> argument may have
* wildcards (*) for both the <code>Principal</code> class and name.
*
* @param pList an array of principals from the current thread's
* AccessControlContext.
*
* @param pppe a Principal specified in a policy grant entry.
*
* @return true if the current thread's pList "contains" the
* principal in the policy entry, pppe. This method
* also returns true if the policy entry's principal
* appropriately wildcarded.
*/
private boolean checkEntryPs(Principal[] pList,
PolicyParser.PrincipalEntry pppe) {
for (int i = 0; i < pList.length; i++) {
if (pppe.principalClass.equals
(PolicyParser.PrincipalEntry.WILDCARD_CLASS) ||
pppe.principalClass.equals
(pList[i].getClass().getName())) {
if (pppe.principalName.equals
(PolicyParser.PrincipalEntry.WILDCARD_NAME) ||
pppe.principalName.equals
(pList[i].getName())) {
return true;
}
}
}
return false;
}
/**
* <p>
*
......@@ -1568,8 +1478,7 @@ public class PolicyFile extends java.security.Policy {
sb.append(sp.getSelfName().substring(startIndex, v));
// expand SELF
ListIterator<PolicyParser.PrincipalEntry> pli =
entryPs.listIterator();
Iterator<PolicyParser.PrincipalEntry> pli = entryPs.iterator();
while (pli.hasNext()) {
PolicyParser.PrincipalEntry pppe = pli.next();
String[][] principalInfo = getPrincipalInfo(pppe,pdp);
......@@ -1673,10 +1582,7 @@ public class PolicyFile extends java.security.Policy {
// 2) the entry's Principal name is wildcarded only
// 3) the entry's Principal class and name are wildcarded
if (!pe.principalClass.equals
(PolicyParser.PrincipalEntry.WILDCARD_CLASS) &&
!pe.principalName.equals
(PolicyParser.PrincipalEntry.WILDCARD_NAME)) {
if (!pe.isWildcardClass() && !pe.isWildcardName()) {
// build an info array for the principal
// from the Policy entry
......@@ -1685,24 +1591,19 @@ public class PolicyFile extends java.security.Policy {
info[0][1] = pe.principalName;
return info;
} else if (!pe.principalClass.equals
(PolicyParser.PrincipalEntry.WILDCARD_CLASS) &&
pe.principalName.equals
(PolicyParser.PrincipalEntry.WILDCARD_NAME)) {
} else if (!pe.isWildcardClass() && pe.isWildcardName()) {
// build an info array for every principal
// in the current domain which has a principal class
// that is equal to policy entry principal class name
List<Principal> plist = new ArrayList<>();
for (int i = 0; i < pdp.length; i++) {
if(pe.principalClass.equals(pdp[i].getClass().getName()))
if (pe.principalClass.equals(pdp[i].getClass().getName()))
plist.add(pdp[i]);
}
String[][] info = new String[plist.size()][2];
int i = 0;
java.util.Iterator<Principal> pIterator = plist.iterator();
while (pIterator.hasNext()) {
Principal p = pIterator.next();
for (Principal p : plist) {
info[i][0] = p.getClass().getName();
info[i][1] = p.getName();
i++;
......@@ -1763,7 +1664,7 @@ public class PolicyFile extends java.security.Policy {
// Done
return certs;
ArrayList<Certificate> userCertList = new ArrayList<>();
List<Certificate> userCertList = new ArrayList<>();
i = 0;
while (i < certs.length) {
userCertList.add(certs[i]);
......@@ -1889,10 +1790,8 @@ public class PolicyFile extends java.security.Policy {
if (principals == null || principals.isEmpty() || keystore == null)
return true;
ListIterator<PolicyParser.PrincipalEntry> i = principals.listIterator();
while (i.hasNext()) {
PolicyParser.PrincipalEntry pppe = i.next();
if (pppe.principalClass.equals(PolicyParser.REPLACE_NAME)) {
for (PolicyParser.PrincipalEntry pppe : principals) {
if (pppe.isReplaceName()) {
// perform replacement
// (only X509 replacement is possible now)
......@@ -2241,8 +2140,7 @@ public class PolicyFile extends java.security.Policy {
if (this.certs == null) {
// extract the signer certs
ArrayList<Certificate> signerCerts =
new ArrayList<>();
List<Certificate> signerCerts = new ArrayList<>();
i = 0;
while (i < certs.length) {
signerCerts.add(certs[i]);
......@@ -2406,11 +2304,10 @@ public class PolicyFile extends java.security.Policy {
private java.util.Random random;
PolicyInfo(int numCaches) {
policyEntries = new ArrayList<PolicyEntry>();
policyEntries = new ArrayList<>();
identityPolicyEntries =
Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
aliasMapping = Collections.synchronizedMap(
new HashMap<Object, Object>(11));
aliasMapping = Collections.synchronizedMap(new HashMap<>(11));
pdMapping = new ProtectionDomainCache[numCaches];
JavaSecurityProtectionDomainAccess jspda
......
/*
* Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -29,16 +29,17 @@ import java.io.*;
import java.lang.RuntimePermission;
import java.net.SocketPermission;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.ListIterator;
import java.util.Vector;
import java.util.StringTokenizer;
import java.text.MessageFormat;
import javax.security.auth.x500.X500Principal;
import java.security.GeneralSecurityException;
import sun.security.util.Debug;
import sun.security.util.PropertyExpander;
import sun.security.util.ResourcesMgr;
......@@ -72,7 +73,7 @@ import sun.security.util.ResourcesMgr;
* Permissions perms = policy.getPermissions(protectiondomain)
* </pre>
*
* <p>The protection domain contains CodeSource
* <p>The protection domain contains a CodeSource
* object, which encapsulates its codebase (URL) and public key attributes.
* It also contains the principals associated with the domain.
* The Policy object evaluates the global policy in light of who the
......@@ -87,9 +88,6 @@ import sun.security.util.ResourcesMgr;
public class PolicyParser {
// needs to be public for PolicyTool
public static final String REPLACE_NAME = "PolicyParser.REPLACE_NAME";
private static final String EXTDIRS_PROPERTY = "java.ext.dirs";
private static final String OLD_EXTDIRS_EXPANSION =
"${" + EXTDIRS_PROPERTY + "}";
......@@ -452,7 +450,7 @@ public class PolicyParser {
peekAndMatch(",");
} else if (peekAndMatch("Principal")) {
if (principals == null) {
principals = new LinkedList<PrincipalEntry>();
principals = new LinkedList<>();
}
String principalClass;
......@@ -461,7 +459,7 @@ public class PolicyParser {
if (peek("\"")) {
// both the principalClass and principalName
// will be replaced later
principalClass = REPLACE_NAME;
principalClass = PrincipalEntry.REPLACE_NAME;
principalName = match("principal type");
} else {
// check for principalClass wildcard
......@@ -916,7 +914,7 @@ public class PolicyParser {
out.print(",\n");
}
if (principals != null && principals.size() > 0) {
ListIterator<PrincipalEntry> pli = principals.listIterator();
Iterator<PrincipalEntry> pli = principals.iterator();
while (pli.hasNext()) {
out.print(" ");
PrincipalEntry pe = pli.next();
......@@ -949,23 +947,22 @@ public class PolicyParser {
/**
* Principal info (class and name) in a grant entry
*/
public static class PrincipalEntry {
public static class PrincipalEntry implements Principal {
public static final String WILDCARD_CLASS = "WILDCARD_PRINCIPAL_CLASS";
public static final String WILDCARD_NAME = "WILDCARD_PRINCIPAL_NAME";
public static final String REPLACE_NAME = "PolicyParser.REPLACE_NAME";
String principalClass;
String principalName;
/**
* A PrincipalEntry consists of the <code>Principal</code>
* class and <code>Principal</code> name.
* A PrincipalEntry consists of the Principal class and Principal name.
*
* <p>
*
* @param principalClass the <code>Principal</code> class. <p>
*
* @param principalName the <code>Principal</code> name. <p>
* @param principalClass the Principal class
* @param principalName the Principal name
* @throws NullPointerException if principalClass or principalName
* are null
*/
public PrincipalEntry(String principalClass, String principalName) {
if (principalClass == null || principalName == null)
......@@ -975,6 +972,18 @@ public class PolicyParser {
this.principalName = principalName;
}
boolean isWildcardName() {
return principalName.equals(WILDCARD_NAME);
}
boolean isWildcardClass() {
return principalClass.equals(WILDCARD_CLASS);
}
boolean isReplaceName() {
return principalClass.equals(REPLACE_NAME);
}
public String getPrincipalClass() {
return principalClass;
}
......@@ -984,9 +993,9 @@ public class PolicyParser {
}
public String getDisplayClass() {
if (principalClass.equals(WILDCARD_CLASS)) {
if (isWildcardClass()) {
return "*";
} else if (principalClass.equals(REPLACE_NAME)) {
} else if (isReplaceName()) {
return "";
}
else return principalClass;
......@@ -997,7 +1006,7 @@ public class PolicyParser {
}
public String getDisplayName(boolean addQuote) {
if (principalName.equals(WILDCARD_NAME)) {
if (isWildcardName()) {
return "*";
}
else {
......@@ -1006,8 +1015,14 @@ public class PolicyParser {
}
}
@Override
public String getName() {
return principalName;
}
@Override
public String toString() {
if (!principalClass.equals(REPLACE_NAME)) {
if (!isReplaceName()) {
return getDisplayClass() + "/" + getDisplayName();
} else {
return getDisplayName();
......@@ -1016,15 +1031,13 @@ public class PolicyParser {
/**
* Test for equality between the specified object and this object.
* Two PrincipalEntries are equal if their PrincipalClass and
* PrincipalName values are equal.
*
* <p>
* Two PrincipalEntries are equal if their class and name values
* are equal.
*
* @param obj the object to test for equality with this object.
*
* @return true if the objects are equal, false otherwise.
* @param obj the object to test for equality with this object
* @return true if the objects are equal, false otherwise
*/
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
......@@ -1033,24 +1046,20 @@ public class PolicyParser {
return false;
PrincipalEntry that = (PrincipalEntry)obj;
if (this.principalClass.equals(that.principalClass) &&
this.principalName.equals(that.principalName)) {
return true;
}
return false;
return (principalClass.equals(that.principalClass) &&
principalName.equals(that.principalName));
}
/**
* Return a hashcode for this <code>PrincipalEntry</code>.
*
* <p>
* Return a hashcode for this PrincipalEntry.
*
* @return a hashcode for this <code>PrincipalEntry</code>.
* @return a hashcode for this PrincipalEntry
*/
@Override
public int hashCode() {
return principalClass.hashCode();
}
public void write(PrintWriter out) {
out.print("principal " + getDisplayClass() + " " +
getDisplayName(true));
......@@ -1101,6 +1110,7 @@ public class PolicyParser {
* Calculates a hash code value for the object. Objects
* which are equal will also have the same hashcode.
*/
@Override
public int hashCode() {
int retval = permission.hashCode();
if (name != null) retval ^= name.hashCode();
......@@ -1108,6 +1118,7 @@ public class PolicyParser {
return retval;
}
@Override
public boolean equals(Object obj) {
if (obj == this)
return true;
......@@ -1210,28 +1221,18 @@ public class PolicyParser {
i18nMessage = form.format(source);
}
@Override
public String getLocalizedMessage() {
return i18nMessage;
}
}
public static void main(String arg[]) throws Exception {
FileReader fr = null;
FileWriter fw = null;
try {
try (FileReader fr = new FileReader(arg[0]);
FileWriter fw = new FileWriter(arg[1])) {
PolicyParser pp = new PolicyParser(true);
fr = new FileReader(arg[0]);
pp.read(fr);
fw = new FileWriter(arg[1]);
pp.write(fw);
} finally {
if (fr != null) {
fr.close();
}
if (fw != null) {
fw.close();
}
}
}
}
......@@ -604,7 +604,7 @@ public class PolicyTool {
InstantiationException
{
if (type.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) ||
type.equals(PolicyParser.REPLACE_NAME)) {
type.equals(PolicyParser.PrincipalEntry.REPLACE_NAME)) {
return;
}
Class<?> PRIN = Class.forName("java.security.Principal");
......@@ -2094,7 +2094,7 @@ class ToolDialog extends Dialog {
} else if (pclass.equals("")) {
// make this consistent with what PolicyParser does
// when it sees an empty principal class
pclass = PolicyParser.REPLACE_NAME;
pclass = PolicyParser.PrincipalEntry.REPLACE_NAME;
tool.warnings.addElement(
"Warning: Principal name '" + pname +
"' specified without a Principal class.\n" +
......
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7019834
* @summary test default implementation of Principal.implies
*/
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.x500.X500Principal;
public class Implies {
public static void main(String[] args) throws Exception {
X500Principal duke = new X500Principal("CN=Duke");
// should not throw NullPointerException
testImplies(duke, (Subject)null, false);
Set<Principal> principals = new HashSet<>();
principals.add(duke);
testImplies(duke, principals, true);
X500Principal tux = new X500Principal("CN=Tux");
principals.add(tux);
testImplies(duke, principals, true);
principals.add(new KerberosPrincipal("duke@java.com"));
testImplies(duke, principals, true);
principals.clear();
principals.add(tux);
testImplies(duke, principals, false);
System.out.println("test passed");
}
private static void testImplies(Principal principal,
Set<? extends Principal> principals,
boolean result)
throws SecurityException
{
Subject subject = new Subject(true, principals, Collections.emptySet(),
Collections.emptySet());
testImplies(principal, subject, result);
}
private static void testImplies(Principal principal,
Subject subject, boolean result)
throws SecurityException
{
if (principal.implies(subject) != result) {
throw new SecurityException("test failed");
}
}
}
/*
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -39,7 +39,6 @@ import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import sun.security.provider.PolicyFile;
import com.sun.security.auth.PrincipalComparator;
import com.sun.security.auth.UnixPrincipal;
import com.sun.security.auth.NTUserPrincipal;
import com.sun.security.auth.SolarisPrincipal;
......@@ -90,7 +89,7 @@ public class Comparator {
private static final Principal[] badP = new Principal[] {
new SolarisPrincipal("bad") };
public static class PCompare1 implements PrincipalComparator {
public static class PCompare1 implements Principal {
private String name;
......@@ -98,6 +97,12 @@ public class Comparator {
this.name = name;
}
@Override
public String getName() {
return name;
}
@Override
public boolean implies (Subject subject) {
if (subject.getPrincipals().contains(p1[0])) {
return true;
......@@ -106,13 +111,19 @@ public class Comparator {
}
}
public static class PCompare2 implements PrincipalComparator {
public static class PCompare2 implements Principal {
private String name;
public PCompare2(String name) {
this.name = name;
}
@Override
public String getName() {
return name;
}
@Override
public boolean implies (Subject subject) {
if (subject.getPrincipals().contains(p2[0]) &&
subject.getPrincipals().contains(p2[1])) {
......@@ -122,13 +133,19 @@ public class Comparator {
}
}
public static class PCompare3 implements PrincipalComparator {
public static class PCompare3 implements Principal {
private String name;
public PCompare3(String name) {
this.name = name;
}
@Override
public String getName() {
return name;
}
@Override
public boolean implies (Subject subject) {
return false;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册