/*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security;
import java.net.URL;
import java.net.SocketPermission;
import java.util.ArrayList;
import java.util.List;
import java.util.Hashtable;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.*;
import sun.net.util.URLUtil;
import sun.security.util.IOUtils;
This class extends the concept of a codebase to
encapsulate not only the location (URL) but also the certificate chains
that were used to verify signed code originating from that location.
Author: Li Gong, Roland Schemers Since: 1.2
/**
*
* <p>This class extends the concept of a codebase to
* encapsulate not only the location (URL) but also the certificate chains
* that were used to verify signed code originating from that location.
*
* @author Li Gong
* @author Roland Schemers
* @since 1.2
*/
public class CodeSource implements java.io.Serializable {
private static final long serialVersionUID = 4977541819976013951L;
The code location.
@serial
/**
* The code location.
*
* @serial
*/
private final URL location;
/*
* The code signers.
*/
private transient CodeSigner[] signers = null;
/*
* The code signers. Certificate chains are concatenated.
*/
private transient java.security.cert.Certificate[] certs = null;
// cached SocketPermission used for matchLocation
private transient SocketPermission sp;
// for generating cert paths
private transient CertificateFactory factory = null;
A String form of the URL for use as a key in HashMaps/Sets. The String
form should be behave in the same manner as the URL when compared for
equality in a HashMap/Set, except that no nameservice lookup is done
on the hostname (only string comparison), and the fragment is not
considered.
/**
* A String form of the URL for use as a key in HashMaps/Sets. The String
* form should be behave in the same manner as the URL when compared for
* equality in a HashMap/Set, except that no nameservice lookup is done
* on the hostname (only string comparison), and the fragment is not
* considered.
*/
private transient String locationNoFragString;
Constructs a CodeSource and associates it with the specified
location and set of certificates.
Params: - url – the location (URL). It may be
null
. - certs – the certificate(s). It may be
null
. The contents of the array are copied to protect against subsequent modification.
/**
* Constructs a CodeSource and associates it with the specified
* location and set of certificates.
*
* @param url the location (URL). It may be {@code null}.
* @param certs the certificate(s). It may be {@code null}. The contents
* of the array are copied to protect against subsequent modification.
*/
public CodeSource(URL url, java.security.cert.Certificate[] certs) {
this.location = url;
if (url != null) {
this.locationNoFragString = URLUtil.urlNoFragString(url);
}
// Copy the supplied certs
if (certs != null) {
this.certs = certs.clone();
}
}
Constructs a CodeSource and associates it with the specified
location and set of code signers.
Params: - url – the location (URL). It may be
null
. - signers – the code signers. It may be
null
. The contents of the array are copied to protect against subsequent modification.
Since: 1.5
/**
* Constructs a CodeSource and associates it with the specified
* location and set of code signers.
*
* @param url the location (URL). It may be {@code null}.
* @param signers the code signers. It may be {@code null}. The contents
* of the array are copied to protect against subsequent modification.
*
* @since 1.5
*/
public CodeSource(URL url, CodeSigner[] signers) {
this.location = url;
if (url != null) {
this.locationNoFragString = URLUtil.urlNoFragString(url);
}
// Copy the supplied signers
if (signers != null) {
this.signers = signers.clone();
}
}
Returns the hash code value for this object.
Returns: a hash code value for this object.
/**
* Returns the hash code value for this object.
*
* @return a hash code value for this object.
*/
@Override
public int hashCode() {
if (location != null)
return location.hashCode();
else
return 0;
}
Tests for equality between the specified object and this
object. Two CodeSource objects are considered equal if their
locations are of identical value and if their signer certificate
chains are of identical value. It is not required that
the certificate chains be in the same order.
Params: - obj – the object to test for equality with this object.
Returns: true if the objects are considered equal, false otherwise.
/**
* Tests for equality between the specified object and this
* object. Two CodeSource objects are considered equal if their
* locations are of identical value and if their signer certificate
* chains are of identical value. It is not required that
* the certificate chains be in the same order.
*
* @param obj the object to test for equality with this object.
*
* @return true if the objects are considered equal, false otherwise.
*/
@Override
public boolean equals(Object obj) {
if (obj == this)
return true;
// objects types must be equal
if (!(obj instanceof CodeSource))
return false;
CodeSource cs = (CodeSource) obj;
// URLs must match
if (location == null) {
// if location is null, then cs.location must be null as well
if (cs.location != null) return false;
} else {
// if location is not null, then it must equal cs.location
if (!location.equals(cs.location)) return false;
}
// certs must match
return matchCerts(cs, true);
}
Returns the location associated with this CodeSource.
Returns: the location (URL), or null
if no URL was supplied during construction.
/**
* Returns the location associated with this CodeSource.
*
* @return the location (URL), or {@code null} if no URL was supplied
* during construction.
*/
public final URL getLocation() {
/* since URL is practically immutable, returning itself is not
a security problem */
return this.location;
}
Returns a String form of the URL for use as a key in HashMaps/Sets.
/**
* Returns a String form of the URL for use as a key in HashMaps/Sets.
*/
String getLocationNoFragString() {
return locationNoFragString;
}
Returns the certificates associated with this CodeSource.
If this CodeSource object was created using the CodeSource(URL url, CodeSigner[] signers)
constructor then its certificate chains are extracted and used to create an array of Certificate objects. Each signer certificate is followed by its supporting certificate chain (which may be empty). Each signer certificate and its supporting certificate chain is ordered bottom-to-top (i.e., with the signer certificate first and the (root) certificate authority last).
Returns: a copy of the certificate array, or null
if there is none.
/**
* Returns the certificates associated with this CodeSource.
* <p>
* If this CodeSource object was created using the
* {@link #CodeSource(URL url, CodeSigner[] signers)}
* constructor then its certificate chains are extracted and used to
* create an array of Certificate objects. Each signer certificate is
* followed by its supporting certificate chain (which may be empty).
* Each signer certificate and its supporting certificate chain is ordered
* bottom-to-top (i.e., with the signer certificate first and the (root)
* certificate authority last).
*
* @return a copy of the certificate array, or {@code null} if there
* is none.
*/
public final java.security.cert.Certificate[] getCertificates() {
if (certs != null) {
return certs.clone();
} else if (signers != null) {
// Convert the code signers to certs
ArrayList<java.security.cert.Certificate> certChains =
new ArrayList<>();
for (int i = 0; i < signers.length; i++) {
certChains.addAll(
signers[i].getSignerCertPath().getCertificates());
}
certs = certChains.toArray(
new java.security.cert.Certificate[certChains.size()]);
return certs.clone();
} else {
return null;
}
}
Returns the code signers associated with this CodeSource.
If this CodeSource object was created using the CodeSource(URL url, Certificate[] certs)
constructor then its certificate chains are extracted and used to create an array of CodeSigner objects. Note that only X.509 certificates are examined - all other certificate types are ignored.
Returns: a copy of the code signer array, or null
if there is none. Since: 1.5
/**
* Returns the code signers associated with this CodeSource.
* <p>
* If this CodeSource object was created using the
* {@link #CodeSource(URL url, java.security.cert.Certificate[] certs)}
* constructor then its certificate chains are extracted and used to
* create an array of CodeSigner objects. Note that only X.509 certificates
* are examined - all other certificate types are ignored.
*
* @return a copy of the code signer array, or {@code null} if there
* is none.
*
* @since 1.5
*/
public final CodeSigner[] getCodeSigners() {
if (signers != null) {
return signers.clone();
} else if (certs != null) {
// Convert the certs to code signers
signers = convertCertArrayToSignerArray(certs);
return signers.clone();
} else {
return null;
}
}
Returns true if this CodeSource object "implies" the specified CodeSource.
More specifically, this method makes the following checks.
If any fail, it returns false. If they all succeed, it returns true.
- codesource must not be null.
- If this object's certificates are not null, then all
of this object's certificates must be present in codesource's
certificates.
- If this object's location (getLocation()) is not null, then the
following checks are made against this object's location and
codesource's:
- codesource's location must not be null.
- If this object's location
equals codesource's location, then return true.
- This object's protocol (getLocation().getProtocol()) must be
equal to codesource's protocol, ignoring case.
- If this object's host (getLocation().getHost()) is not null,
then the SocketPermission
constructed with this object's host must imply the
SocketPermission constructed with codesource's host.
- If this object's port (getLocation().getPort()) is not
equal to -1 (that is, if a port is specified), it must equal
codesource's port or default port
(codesource.getLocation().getDefaultPort()).
- If this object's file (getLocation().getFile()) doesn't equal
codesource's file, then the following checks are made:
If this object's file ends with "/-",
then codesource's file must start with this object's
file (exclusive the trailing "-").
If this object's file ends with a "/*",
then codesource's file must start with this object's
file and must not have any further "/" separators.
If this object's file doesn't end with a "/",
then codesource's file must match this object's
file with a '/' appended.
- If this object's reference (getLocation().getRef()) is
not null, it must equal codesource's reference.
For example, the codesource objects with the following locations
and null certificates all imply
the codesource with the location "http://www.example.com/classes/foo.jar"
and null certificates:
http:
http://*.example.com/classes/*
http://www.example.com/classes/-
http://www.example.com/classes/foo.jar
Note that if this CodeSource has a null location and a null
certificate chain, then it implies every other CodeSource.
Params: - codesource – CodeSource to compare against.
Returns: true if the specified codesource is implied by this codesource,
false if not.
/**
* Returns true if this CodeSource object "implies" the specified CodeSource.
* <p>
* More specifically, this method makes the following checks.
* If any fail, it returns false. If they all succeed, it returns true.
* <ul>
* <li> <i>codesource</i> must not be null.
* <li> If this object's certificates are not null, then all
* of this object's certificates must be present in <i>codesource</i>'s
* certificates.
* <li> If this object's location (getLocation()) is not null, then the
* following checks are made against this object's location and
* <i>codesource</i>'s:
* <ul>
* <li> <i>codesource</i>'s location must not be null.
*
* <li> If this object's location
* equals <i>codesource</i>'s location, then return true.
*
* <li> This object's protocol (getLocation().getProtocol()) must be
* equal to <i>codesource</i>'s protocol, ignoring case.
*
* <li> If this object's host (getLocation().getHost()) is not null,
* then the SocketPermission
* constructed with this object's host must imply the
* SocketPermission constructed with <i>codesource</i>'s host.
*
* <li> If this object's port (getLocation().getPort()) is not
* equal to -1 (that is, if a port is specified), it must equal
* <i>codesource</i>'s port or default port
* (codesource.getLocation().getDefaultPort()).
*
* <li> If this object's file (getLocation().getFile()) doesn't equal
* <i>codesource</i>'s file, then the following checks are made:
* If this object's file ends with "/-",
* then <i>codesource</i>'s file must start with this object's
* file (exclusive the trailing "-").
* If this object's file ends with a "/*",
* then <i>codesource</i>'s file must start with this object's
* file and must not have any further "/" separators.
* If this object's file doesn't end with a "/",
* then <i>codesource</i>'s file must match this object's
* file with a '/' appended.
*
* <li> If this object's reference (getLocation().getRef()) is
* not null, it must equal <i>codesource</i>'s reference.
*
* </ul>
* </ul>
* <p>
* For example, the codesource objects with the following locations
* and null certificates all imply
* the codesource with the location "http://www.example.com/classes/foo.jar"
* and null certificates:
* <pre>
* http:
* http://*.example.com/classes/*
* http://www.example.com/classes/-
* http://www.example.com/classes/foo.jar
* </pre>
*
* Note that if this CodeSource has a null location and a null
* certificate chain, then it implies every other CodeSource.
*
* @param codesource CodeSource to compare against.
*
* @return true if the specified codesource is implied by this codesource,
* false if not.
*/
public boolean implies(CodeSource codesource)
{
if (codesource == null)
return false;
return matchCerts(codesource, false) && matchLocation(codesource);
}
Returns true if all the certs in this
CodeSource are also in that.
Params: - that – the CodeSource to check against.
- strict – if true then a strict equality match is performed.
Otherwise a subset match is performed.
/**
* Returns true if all the certs in this
* CodeSource are also in <i>that</i>.
*
* @param that the CodeSource to check against.
* @param strict if true then a strict equality match is performed.
* Otherwise a subset match is performed.
*/
boolean matchCerts(CodeSource that, boolean strict)
{
boolean match;
// match any key
if (certs == null && signers == null) {
if (strict) {
return (that.certs == null && that.signers == null);
} else {
return true;
}
// both have signers
} else if (signers != null && that.signers != null) {
if (strict && signers.length != that.signers.length) {
return false;
}
for (int i = 0; i < signers.length; i++) {
match = false;
for (int j = 0; j < that.signers.length; j++) {
if (signers[i].equals(that.signers[j])) {
match = true;
break;
}
}
if (!match) return false;
}
return true;
// both have certs
} else if (certs != null && that.certs != null) {
if (strict && certs.length != that.certs.length) {
return false;
}
for (int i = 0; i < certs.length; i++) {
match = false;
for (int j = 0; j < that.certs.length; j++) {
if (certs[i].equals(that.certs[j])) {
match = true;
break;
}
}
if (!match) return false;
}
return true;
}
return false;
}
Returns true if two CodeSource's have the "same" location.
Params: - that – CodeSource to compare against
/**
* Returns true if two CodeSource's have the "same" location.
*
* @param that CodeSource to compare against
*/
private boolean matchLocation(CodeSource that) {
if (location == null)
return true;
if ((that == null) || (that.location == null))
return false;
if (location.equals(that.location))
return true;
if (!location.getProtocol().equalsIgnoreCase(that.location.getProtocol()))
return false;
int thisPort = location.getPort();
if (thisPort != -1) {
int thatPort = that.location.getPort();
int port = thatPort != -1 ? thatPort
: that.location.getDefaultPort();
if (thisPort != port)
return false;
}
if (location.getFile().endsWith("/-")) {
// Matches the directory and (recursively) all files
// and subdirectories contained in that directory.
// For example, "/a/b/-" implies anything that starts with
// "/a/b/"
String thisPath = location.getFile().substring(0,
location.getFile().length()-1);
if (!that.location.getFile().startsWith(thisPath))
return false;
} else if (location.getFile().endsWith("/*")) {
// Matches the directory and all the files contained in that
// directory.
// For example, "/a/b/*" implies anything that starts with
// "/a/b/" but has no further slashes
int last = that.location.getFile().lastIndexOf('/');
if (last == -1)
return false;
String thisPath = location.getFile().substring(0,
location.getFile().length()-1);
String thatPath = that.location.getFile().substring(0, last+1);
if (!thatPath.equals(thisPath))
return false;
} else {
// Exact matches only.
// For example, "/a/b" and "/a/b/" both imply "/a/b/"
if ((!that.location.getFile().equals(location.getFile()))
&& (!that.location.getFile().equals(location.getFile()+"/"))) {
return false;
}
}
if (location.getRef() != null
&& !location.getRef().equals(that.location.getRef())) {
return false;
}
String thisHost = location.getHost();
String thatHost = that.location.getHost();
if (thisHost != null) {
if (("".equals(thisHost) || "localhost".equals(thisHost)) &&
("".equals(thatHost) || "localhost".equals(thatHost))) {
// ok
} else if (!thisHost.equals(thatHost)) {
if (thatHost == null) {
return false;
}
if (this.sp == null) {
this.sp = new SocketPermission(thisHost, "resolve");
}
if (that.sp == null) {
that.sp = new SocketPermission(thatHost, "resolve");
}
if (!this.sp.implies(that.sp)) {
return false;
}
}
}
// everything matches
return true;
}
Returns a string describing this CodeSource, telling its
URL and certificates.
Returns: information about this CodeSource.
/**
* Returns a string describing this CodeSource, telling its
* URL and certificates.
*
* @return information about this CodeSource.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("(");
sb.append(this.location);
if (this.certs != null && this.certs.length > 0) {
for (int i = 0; i < this.certs.length; i++) {
sb.append( " " + this.certs[i]);
}
} else if (this.signers != null && this.signers.length > 0) {
for (int i = 0; i < this.signers.length; i++) {
sb.append( " " + this.signers[i]);
}
} else {
sb.append(" <no signer certificates>");
}
sb.append(")");
return sb.toString();
}
Writes this object out to a stream (i.e., serializes it).
@serialData An initial URL
is followed by an int
indicating the number of certificates to follow (a value of "zero" denotes that there are no certificates associated with this object). Each certificate is written out starting with a String
denoting the certificate type, followed by an int
specifying the length of the certificate encoding, followed by the certificate encoding itself which is written out as an array of bytes. Finally, if any code signers are present then the array of code signers is serialized and written out too.
/**
* Writes this object out to a stream (i.e., serializes it).
*
* @serialData An initial {@code URL} is followed by an
* {@code int} indicating the number of certificates to follow
* (a value of "zero" denotes that there are no certificates associated
* with this object).
* Each certificate is written out starting with a {@code String}
* denoting the certificate type, followed by an
* {@code int} specifying the length of the certificate encoding,
* followed by the certificate encoding itself which is written out as an
* array of bytes. Finally, if any code signers are present then the array
* of code signers is serialized and written out too.
*/
private void writeObject(java.io.ObjectOutputStream oos)
throws IOException
{
oos.defaultWriteObject(); // location
// Serialize the array of certs
if (certs == null || certs.length == 0) {
oos.writeInt(0);
} else {
// write out the total number of certs
oos.writeInt(certs.length);
// write out each cert, including its type
for (int i = 0; i < certs.length; i++) {
java.security.cert.Certificate cert = certs[i];
try {
oos.writeUTF(cert.getType());
byte[] encoded = cert.getEncoded();
oos.writeInt(encoded.length);
oos.write(encoded);
} catch (CertificateEncodingException cee) {
throw new IOException(cee.getMessage());
}
}
}
// Serialize the array of code signers (if any)
if (signers != null && signers.length > 0) {
oos.writeObject(signers);
}
}
Restores this object from a stream (i.e., deserializes it).
/**
* Restores this object from a stream (i.e., deserializes it).
*/
private void readObject(java.io.ObjectInputStream ois)
throws IOException, ClassNotFoundException
{
CertificateFactory cf;
Hashtable<String, CertificateFactory> cfs = null;
List<java.security.cert.Certificate> certList = null;
ois.defaultReadObject(); // location
// process any new-style certs in the stream (if present)
int size = ois.readInt();
if (size > 0) {
// we know of 3 different cert types: X.509, PGP, SDSI, which
// could all be present in the stream at the same time
cfs = new Hashtable<>(3);
certList = new ArrayList<>(size > 20 ? 20 : size);
} else if (size < 0) {
throw new IOException("size cannot be negative");
}
for (int i = 0; i < size; i++) {
// read the certificate type, and instantiate a certificate
// factory of that type (reuse existing factory if possible)
String certType = ois.readUTF();
if (cfs.containsKey(certType)) {
// reuse certificate factory
cf = cfs.get(certType);
} else {
// create new certificate factory
try {
cf = CertificateFactory.getInstance(certType);
} catch (CertificateException ce) {
throw new ClassNotFoundException
("Certificate factory for " + certType + " not found");
}
// store the certificate factory so we can reuse it later
cfs.put(certType, cf);
}
// parse the certificate
byte[] encoded = IOUtils.readExactlyNBytes(ois, ois.readInt());
ByteArrayInputStream bais = new ByteArrayInputStream(encoded);
try {
certList.add(cf.generateCertificate(bais));
} catch (CertificateException ce) {
throw new IOException(ce.getMessage());
}
bais.close();
}
if (certList != null) {
this.certs = certList.toArray(
new java.security.cert.Certificate[size]);
}
// Deserialize array of code signers (if any)
try {
this.signers = ((CodeSigner[])ois.readObject()).clone();
} catch (IOException ioe) {
// no signers present
}
if (location != null) {
locationNoFragString = URLUtil.urlNoFragString(location);
}
}
/*
* Convert an array of certificates to an array of code signers.
* The array of certificates is a concatenation of certificate chains
* where the initial certificate in each chain is the end-entity cert.
*
* @return an array of code signers or null if none are generated.
*/
private CodeSigner[] convertCertArrayToSignerArray(
java.security.cert.Certificate[] certs) {
if (certs == null) {
return null;
}
try {
// Initialize certificate factory
if (factory == null) {
factory = CertificateFactory.getInstance("X.509");
}
// Iterate through all the certificates
int i = 0;
List<CodeSigner> signers = new ArrayList<>();
while (i < certs.length) {
List<java.security.cert.Certificate> certChain =
new ArrayList<>();
certChain.add(certs[i++]); // first cert is an end-entity cert
int j = i;
// Extract chain of certificates
// (loop while certs are not end-entity certs)
while (j < certs.length &&
certs[j] instanceof X509Certificate &&
((X509Certificate)certs[j]).getBasicConstraints() != -1) {
certChain.add(certs[j]);
j++;
}
i = j;
CertPath certPath = factory.generateCertPath(certChain);
signers.add(new CodeSigner(certPath, null));
}
if (signers.isEmpty()) {
return null;
} else {
return signers.toArray(new CodeSigner[signers.size()]);
}
} catch (CertificateException e) {
return null; //TODO - may be better to throw an ex. here
}
}
}