/*
* Returned cached ProtectionDomain for the specified CodeSource.
*/
private ProtectionDomain GetProtectionDomain(CodeSource cs)
{
if (cs == null)
{
return(null);
}
ProtectionDomain pd = null;
lock (Pdcache)
{
pd = Pdcache[cs];
if (pd == null)
{
PermissionCollection perms = GetPermissions(cs);
pd = new ProtectionDomain(cs, perms, this, null);
Pdcache[cs] = pd;
if (Debug != null)
{
Debug.println(" getPermissions " + pd);
Debug.println("");
}
}
}
return(pd);
}
/*
* Reads in a Hashtable of Class/PermissionCollections and saves them in the
* permsMap field. Reads in allPermission.
*/
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException
private void ReadObject(ObjectInputStream @in)
{
// Don't call defaultReadObject()
// Read in serialized fields
ObjectInputStream.GetField gfields = @in.ReadFields();
// Get allPermission
AllPermission = (PermissionCollection)gfields.Get("allPermission", null);
// Get permissions
// writeObject writes a Hashtable<Class<?>, PermissionCollection> for
// the perms key, so this cast is safe, unless the data is corrupt.
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @SuppressWarnings("unchecked") java.util.Hashtable<Class, PermissionCollection> perms = (java.util.Hashtable<Class, PermissionCollection>)gfields.get("perms", null);
Dictionary <Class, PermissionCollection> perms = (Dictionary <Class, PermissionCollection>)gfields.Get("perms", null);
PermsMap = new Dictionary <Class, PermissionCollection>(perms.Count * 2);
//JAVA TO C# CONVERTER TODO TASK: There is no .NET Dictionary equivalent to the Java 'putAll' method:
PermsMap.putAll(perms);
// Set hasUnresolved
UnresolvedPermissionCollection uc = (UnresolvedPermissionCollection)PermsMap[typeof(UnresolvedPermission)];
//JAVA TO C# CONVERTER TODO TASK: Java iterators are only converted within the context of 'while' and 'for' loops:
HasUnresolved = (uc != null && uc.Elements().hasMoreElements());
}
/// <summary>
/// Gets the PermissionCollection in this Permissions object for
/// permissions whose type is the same as that of <i>p</i>.
/// For example, if <i>p</i> is a FilePermission,
/// the FilePermissionCollection
/// stored in this Permissions object will be returned.
///
/// If createEmpty is true,
/// this method creates a new PermissionCollection object for the specified
/// type of permission objects if one does not yet exist.
/// To do so, it first calls the {@code newPermissionCollection} method
/// on <i>p</i>. Subclasses of class Permission
/// override that method if they need to store their permissions in a
/// particular PermissionCollection object in order to provide the
/// correct semantics when the {@code PermissionCollection.implies}
/// method is called.
/// If the call returns a PermissionCollection, that collection is stored
/// in this Permissions object. If the call returns null and createEmpty
/// is true, then
/// this method instantiates and stores a default PermissionCollection
/// that uses a hashtable to store its permission objects.
///
/// createEmpty is ignored when creating empty PermissionCollection
/// for unresolved permissions because of the overhead of determining the
/// PermissionCollection to use.
///
/// createEmpty should be set to false when this method is invoked from
/// implies() because it incurs the additional overhead of creating and
/// adding an empty PermissionCollection that will just return false.
/// It should be set to true when invoked from add().
/// </summary>
private PermissionCollection GetPermissionCollection(Permission p, bool createEmpty)
{
Class c = p.GetType();
PermissionCollection pc = PermsMap[c];
if (!HasUnresolved && !createEmpty)
{
return(pc);
}
else if (pc == null)
{
// Check for unresolved permissions
pc = (HasUnresolved ? GetUnresolvedPermissions(p) : null);
// if still null, create a new collection
if (pc == null && createEmpty)
{
pc = p.NewPermissionCollection();
// still no PermissionCollection?
// We'll give them a PermissionsHash.
if (pc == null)
{
pc = new PermissionsHash();
}
}
if (pc != null)
{
PermsMap[c] = pc;
}
}
return(pc);
}
/// <summary>
/// Adds a permission object to the PermissionCollection for the class the
/// permission belongs to. For example, if <i>permission</i> is a
/// FilePermission, it is added to the FilePermissionCollection stored
/// in this Permissions object.
///
/// This method creates
/// a new PermissionCollection object (and adds the permission to it)
/// if an appropriate collection does not yet exist. <para>
///
/// </para>
/// </summary>
/// <param name="permission"> the Permission object to add.
/// </param>
/// <exception cref="SecurityException"> if this Permissions object is
/// marked as readonly.
/// </exception>
/// <seealso cref= PermissionCollection#isReadOnly() </seealso>
public override void Add(Permission permission)
{
if (ReadOnly)
{
throw new SecurityException("attempt to add a Permission to a readonly Permissions object");
}
PermissionCollection pc;
lock (this)
{
pc = GetPermissionCollection(permission, true);
pc.Add(permission);
}
// No sync; staleness -> optimizations delayed, which is OK
if (permission is AllPermission)
{
AllPermission = pc;
}
if (permission is UnresolvedPermission)
{
HasUnresolved = true;
}
}
/// <summary>
/// add static permissions to provided permission collection
/// </summary>
private void AddStaticPerms(PermissionCollection perms, PermissionCollection statics)
{
if (statics != null)
{
lock (statics)
{
IEnumerator <Permission> e = statics.Elements();
while (e.MoveNext())
{
perms.Add(e.Current);
}
}
}
}
/// <summary>
/// Return a PermissionCollection object containing the set of
/// permissions granted to the specified ProtectionDomain.
///
/// <para> Applications are discouraged from calling this method
/// since this operation may not be supported by all policy implementations.
/// Applications should rely on the {@code implies} method
/// to perform policy checks.
///
/// </para>
/// <para> The default implementation of this method first retrieves
/// the permissions returned via {@code getPermissions(CodeSource)}
/// (the CodeSource is taken from the specified ProtectionDomain),
/// as well as the permissions located inside the specified ProtectionDomain.
/// All of these permissions are then combined and returned in a new
/// PermissionCollection object. If {@code getPermissions(CodeSource)}
/// returns Policy.UNSUPPORTED_EMPTY_COLLECTION, then this method
/// returns the permissions contained inside the specified ProtectionDomain
/// in a new PermissionCollection object.
///
/// </para>
/// <para> This method can be overridden if the policy implementation
/// supports returning a set of permissions granted to a ProtectionDomain.
///
/// </para>
/// </summary>
/// <param name="domain"> the ProtectionDomain to which the returned
/// PermissionCollection has been granted.
/// </param>
/// <returns> a set of permissions granted to the specified ProtectionDomain.
/// If this operation is supported, the returned
/// set of permissions must be a new mutable instance
/// and it must support heterogeneous Permission types.
/// If this operation is not supported,
/// Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
///
/// @since 1.4 </returns>
public virtual PermissionCollection GetPermissions(ProtectionDomain domain)
{
PermissionCollection pc = null;
if (domain == null)
{
return(new Permissions());
}
if (PdMapping == null)
{
InitPolicy(this);
}
lock (PdMapping)
{
pc = PdMapping.Get(domain.Key);
}
if (pc != null)
{
Permissions perms = new Permissions();
lock (pc)
{
for (IEnumerator <Permission> e = pc.Elements(); e.MoveNext();)
{
perms.Add(e.Current);
}
}
return(perms);
}
pc = GetPermissions(domain.CodeSource);
if (pc == null || pc == UNSUPPORTED_EMPTY_COLLECTION)
{
pc = new Permissions();
}
AddStaticPerms(pc, domain.Permissions);
return(pc);
}
/// <summary>
/// Checks to see if this object's PermissionCollection for permissions of
/// the specified permission's class implies the permissions
/// expressed in the <i>permission</i> object. Returns true if the
/// combination of permissions in the appropriate PermissionCollection
/// (e.g., a FilePermissionCollection for a FilePermission) together
/// imply the specified permission.
///
/// <para>For example, suppose there is a FilePermissionCollection in this
/// Permissions object, and it contains one FilePermission that specifies
/// "read" access for all files in all subdirectories of the "/tmp"
/// directory, and another FilePermission that specifies "write" access
/// for all files in the "/tmp/scratch/foo" directory.
/// Then if the {@code implies} method
/// is called with a permission specifying both "read" and "write" access
/// to files in the "/tmp/scratch/foo" directory, {@code true} is
/// returned.
///
/// </para>
/// <para>Additionally, if this PermissionCollection contains the
/// AllPermission, this method will always return true.
/// </para>
/// <para>
/// </para>
/// </summary>
/// <param name="permission"> the Permission object to check.
/// </param>
/// <returns> true if "permission" is implied by the permissions in the
/// PermissionCollection it
/// belongs to, false if not. </returns>
public override bool Implies(Permission permission)
{
// No sync; staleness -> skip optimization, which is OK
if (AllPermission != null)
{
return(true); // AllPermission has already been added
}
else
{
lock (this)
{
PermissionCollection pc = GetPermissionCollection(permission, false);
if (pc != null)
{
return(pc.Implies(permission));
}
else
{
// none found
return(false);
}
}
}
}
/// <summary>
/// Creates a new Permissions object containing no PermissionCollections.
/// </summary>
public Permissions()
{
PermsMap = new Dictionary <Class, PermissionCollection>(11);
AllPermission = null;
}
/// <summary>
/// Resolves any unresolved permissions of type p.
/// </summary>
/// <param name="p"> the type of unresolved permission to resolve
/// </param>
/// <returns> PermissionCollection containing the unresolved permissions,
/// or null if there were no unresolved permissions of type p.
/// </returns>
private PermissionCollection GetUnresolvedPermissions(Permission p)
{
// Called from within synchronized method so permsMap doesn't need lock
UnresolvedPermissionCollection uc = (UnresolvedPermissionCollection)PermsMap[typeof(UnresolvedPermission)];
// we have no unresolved permissions if uc is null
if (uc == null)
{
return(null);
}
IList <UnresolvedPermission> unresolvedPerms = uc.GetUnresolvedPermissions(p);
// we have no unresolved permissions of this type if unresolvedPerms is null
if (unresolvedPerms == null)
{
return(null);
}
java.security.cert.Certificate[] certs = null;
Object[] signers = p.GetType().Signers;
int n = 0;
if (signers != null)
{
for (int j = 0; j < signers.Length; j++)
{
if (signers[j] is java.security.cert.Certificate)
{
n++;
}
}
certs = new java.security.cert.Certificate[n];
n = 0;
for (int j = 0; j < signers.Length; j++)
{
if (signers[j] is java.security.cert.Certificate)
{
certs[n++] = (java.security.cert.Certificate)signers[j];
}
}
}
PermissionCollection pc = null;
lock (unresolvedPerms)
{
int len = unresolvedPerms.Count;
for (int i = 0; i < len; i++)
{
UnresolvedPermission up = unresolvedPerms[i];
Permission perm = up.Resolve(p, certs);
if (perm != null)
{
if (pc == null)
{
pc = p.NewPermissionCollection();
if (pc == null)
{
pc = new PermissionsHash();
}
}
pc.Add(perm);
}
}
}
return(pc);
}
/// <summary>
/// Initialize superclass state such that a legacy provider can
/// handle queries for itself.
///
/// @since 1.4
/// </summary>
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not allowed in .NET:
//ORIGINAL LINE: private static void initPolicy(final Policy p)
private static void InitPolicy(Policy p)
{
/*
* A policy provider not on the bootclasspath could trigger
* security checks fulfilling a call to either Policy.implies
* or Policy.getPermissions. If this does occur the provider
* must be able to answer for it's own ProtectionDomain
* without triggering additional security checks, otherwise
* the policy implementation will end up in an infinite
* recursion.
*
* To mitigate this, the provider can collect it's own
* ProtectionDomain and associate a PermissionCollection while
* it is being installed. The currently installed policy
* provider (if there is one) will handle calls to
* Policy.implies or Policy.getPermissions during this
* process.
*
* This Policy superclass caches away the ProtectionDomain and
* statically binds permissions so that legacy Policy
* implementations will continue to function.
*/
ProtectionDomain policyDomain = AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(p));
/*
* Collect the permissions granted to this protection domain
* so that the provider can be security checked while processing
* calls to Policy.implies or Policy.getPermissions.
*/
PermissionCollection policyPerms = null;
lock (p)
{
if (p.PdMapping == null)
{
p.PdMapping = new WeakHashMap <>();
}
}
if (policyDomain.CodeSource != null)
{
Policy pol = Policy_Renamed.Get().policy;
if (pol != null)
{
policyPerms = pol.GetPermissions(policyDomain);
}
if (policyPerms == null) // assume it has all
{
policyPerms = new Permissions();
policyPerms.Add(SecurityConstants.ALL_PERMISSION);
}
lock (p.PdMapping)
{
// cache of pd to permissions
p.PdMapping.Put(policyDomain.Key, policyPerms);
}
}
return;
}
