Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java
41159 views
1
/*

2
 * Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
package javax.security.auth;

27


28
import java.security.AccessController;

29
import java.security.Principal;

30
import java.security.PrivilegedAction;

31
import java.security.ProtectionDomain;

32
import java.util.Set;

33
import java.util.WeakHashMap;

34
import java.lang.ref.WeakReference;

35


36
/**

37
 * A {@code SubjectDomainCombiner} updates ProtectionDomains

38
 * with Principals from the {@code Subject} associated with this

39
 * {@code SubjectDomainCombiner}.

40
 *

41
 * @since 1.4

42
 * @deprecated This class is only useful in conjunction with

43
 *       {@linkplain SecurityManager the Security Manager}, which is deprecated

44
 *       and subject to removal in a future release. Consequently, this class

45
 *       is also deprecated and subject to removal. There is no replacement for

46
 *       the Security Manager or this class.

47
 */

48
@SuppressWarnings("removal")

49
@Deprecated(since="17", forRemoval=true)

50
public class SubjectDomainCombiner implements java.security.DomainCombiner {

51


52
    private Subject subject;

53
    private WeakKeyValueMap<ProtectionDomain, ProtectionDomain> cachedPDs =

54
                new WeakKeyValueMap<>();

55
    private Set<Principal> principalSet;

56
    private Principal[] principals;

57


58
    private static final sun.security.util.Debug debug =

59
        sun.security.util.Debug.getInstance("combiner",

60
                                        "\t[SubjectDomainCombiner]");

61


62
    /**

63
     * Associate the provided {@code Subject} with this

64
     * {@code SubjectDomainCombiner}.

65
     *

66
     * @param subject the {@code Subject} to be associated with

67
     *          this {@code SubjectDomainCombiner}.

68
     */

69
    public SubjectDomainCombiner(Subject subject) {

70
        this.subject = subject;

71


72
        if (subject.isReadOnly()) {

73
            principalSet = subject.getPrincipals();

74
            principals = principalSet.toArray

75
                        (new Principal[principalSet.size()]);

76
        }

77
    }

78


79
    /**

80
     * Get the {@code Subject} associated with this

81
     * {@code SubjectDomainCombiner}.

82
     *

83
     * @return the {@code Subject} associated with this

84
     *          {@code SubjectDomainCombiner}, or {@code null}

85
     *          if no {@code Subject} is associated with this

86
     *          {@code SubjectDomainCombiner}.

87
     *

88
     * @exception SecurityException if the caller does not have permission

89
     *          to get the {@code Subject} associated with this

90
     *          {@code SubjectDomainCombiner}.

91
     */

92
    public Subject getSubject() {

93
        java.lang.SecurityManager sm = System.getSecurityManager();

94
        if (sm != null) {

95
            sm.checkPermission(new AuthPermission

96
                ("getSubjectFromDomainCombiner"));

97
        }

98
        return subject;

99
    }

100


101
    /**

102
     * Update the relevant ProtectionDomains with the Principals

103
     * from the {@code Subject} associated with this

104
     * {@code SubjectDomainCombiner}.

105
     *

106
     * <p> A new {@code ProtectionDomain} instance is created

107
     * for each non-static {@code ProtectionDomain} (

108
     * (staticPermissionsOnly() == false)

109
     * in the {@code currentDomains} array.  Each new {@code ProtectionDomain}

110
     * instance is created using the {@code CodeSource},

111
     * {@code Permission}s and {@code ClassLoader}

112
     * from the corresponding {@code ProtectionDomain} in

113
     * {@code currentDomains}, as well as with the Principals from

114
     * the {@code Subject} associated with this

115
     * {@code SubjectDomainCombiner}. Static ProtectionDomains are

116
     * combined as-is and no new instance is created.

117
     *

118
     * <p> All of the ProtectionDomains (static and newly instantiated) are

119
     * combined into a new array.  The ProtectionDomains from the

120
     * {@code assignedDomains} array are appended to this new array,

121
     * and the result is returned.

122
     *

123
     * <p> Note that optimizations such as the removal of duplicate

124
     * ProtectionDomains may have occurred.

125
     * In addition, caching of ProtectionDomains may be permitted.

126
     *

127
     * @param currentDomains the ProtectionDomains associated with the

128
     *          current execution Thread, up to the most recent

129
     *          privileged {@code ProtectionDomain}.

130
     *          The ProtectionDomains are listed in order of execution,

131
     *          with the most recently executing {@code ProtectionDomain}

132
     *          residing at the beginning of the array. This parameter may

133
     *          be {@code null} if the current execution Thread

134
     *          has no associated ProtectionDomains.

135
     *

136
     * @param assignedDomains the ProtectionDomains inherited from the

137
     *          parent Thread, or the ProtectionDomains from the

138
     *          privileged {@code context}, if a call to

139
     *          {@code AccessController.doPrivileged(..., context)}

140
     *          had occurred  This parameter may be {@code null}

141
     *          if there were no ProtectionDomains inherited from the

142
     *          parent Thread, or from the privileged {@code context}.

143
     *

144
     * @return a new array consisting of the updated ProtectionDomains,

145
     *          or {@code null}.

146
     */

147
    public ProtectionDomain[] combine(ProtectionDomain[] currentDomains,

148
                                ProtectionDomain[] assignedDomains) {

149
        if (debug != null) {

150
            if (subject == null) {

151
                debug.println("null subject");

152
            } else {

153
                final Subject s = subject;

154
                AccessController.doPrivileged

155
                    (new java.security.PrivilegedAction<Void>() {

156
                    public Void run() {

157
                        debug.println(s.toString());

158
                        return null;

159
                    }

160
                });

161
            }

162
            printInputDomains(currentDomains, assignedDomains);

163
        }

164


165
        if (currentDomains == null || currentDomains.length == 0) {

166
            // No need to optimize assignedDomains because it should

167
            // have been previously optimized (when it was set).

168


169
            // Note that we are returning a direct reference

170
            // to the input array - since ACC does not clone

171
            // the arrays when it calls combiner.combine,

172
            // multiple ACC instances may share the same

173
            // array instance in this case

174


175
            return assignedDomains;

176
        }

177


178
        // optimize currentDomains

179
        //

180
        // No need to optimize assignedDomains because it should

181
        // have been previously optimized (when it was set).

182


183
        currentDomains = optimize(currentDomains);

184
        if (debug != null) {

185
            debug.println("after optimize");

186
            printInputDomains(currentDomains, assignedDomains);

187
        }

188


189
        if (currentDomains == null && assignedDomains == null) {

190
            return null;

191
        }

192


193
        int cLen = (currentDomains == null ? 0 : currentDomains.length);

194
        int aLen = (assignedDomains == null ? 0 : assignedDomains.length);

195


196
        // the ProtectionDomains for the new AccessControlContext

197
        // that we will return

198
        ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];

199


200
        boolean allNew = true;

201
        synchronized(cachedPDs) {

202
            if (!subject.isReadOnly() &&

203
                !subject.getPrincipals().equals(principalSet)) {

204


205
                // if the Subject was mutated, clear the PD cache

206
                Set<Principal> newSet = subject.getPrincipals();

207
                synchronized(newSet) {

208
                    principalSet = new java.util.HashSet<Principal>(newSet);

209
                }

210
                principals = principalSet.toArray

211
                        (new Principal[principalSet.size()]);

212
                cachedPDs.clear();

213


214
                if (debug != null) {

215
                    debug.println("Subject mutated - clearing cache");

216
                }

217
            }

218


219
            ProtectionDomain subjectPd;

220
            for (int i = 0; i < cLen; i++) {

221
                ProtectionDomain pd = currentDomains[i];

222


223
                subjectPd = cachedPDs.getValue(pd);

224


225
                if (subjectPd == null) {

226
                    if (pd.staticPermissionsOnly()) {

227
                        // keep static ProtectionDomain objects static

228
                        subjectPd = pd;

229
                    } else {

230
                        subjectPd = new ProtectionDomain(pd.getCodeSource(),

231
                                                pd.getPermissions(),

232
                                                pd.getClassLoader(),

233
                                                principals);

234
                    }

235
                    cachedPDs.putValue(pd, subjectPd);

236
                } else {

237
                    allNew = false;

238
                }

239
                newDomains[i] = subjectPd;

240
            }

241
        }

242


243
        if (debug != null) {

244
            debug.println("updated current: ");

245
            for (int i = 0; i < cLen; i++) {

246
                debug.println("\tupdated[" + i + "] = " +

247
                                printDomain(newDomains[i]));

248
            }

249
        }

250


251
        // now add on the assigned domains

252
        if (aLen > 0) {

253
            System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);

254


255
            // optimize the result (cached PDs might exist in assignedDomains)

256
            if (!allNew) {

257
                newDomains = optimize(newDomains);

258
            }

259
        }

260


261
        // if aLen == 0 || allNew, no need to further optimize newDomains

262


263
        if (debug != null) {

264
            if (newDomains == null || newDomains.length == 0) {

265
                debug.println("returning null");

266
            } else {

267
                debug.println("combinedDomains: ");

268
                for (int i = 0; i < newDomains.length; i++) {

269
                    debug.println("newDomain " + i + ": " +

270
                                  printDomain(newDomains[i]));

271
                }

272
            }

273
        }

274


275
        // return the new ProtectionDomains

276
        if (newDomains == null || newDomains.length == 0) {

277
            return null;

278
        } else {

279
            return newDomains;

280
        }

281
    }

282


283
    private static ProtectionDomain[] optimize(ProtectionDomain[] domains) {

284
        if (domains == null || domains.length == 0)

285
            return null;

286


287
        ProtectionDomain[] optimized = new ProtectionDomain[domains.length];

288
        ProtectionDomain pd;

289
        int num = 0;

290
        for (int i = 0; i < domains.length; i++) {

291


292
            // skip domains with AllPermission

293
            // XXX

294
            //

295
            //  if (domains[i].implies(ALL_PERMISSION))

296
            //  continue;

297


298
            // skip System Domains

299
            if ((pd = domains[i]) != null) {

300


301
                // remove duplicates

302
                boolean found = false;

303
                for (int j = 0; j < num && !found; j++) {

304
                    found = (optimized[j] == pd);

305
                }

306
                if (!found) {

307
                    optimized[num++] = pd;

308
                }

309
            }

310
        }

311


312
        // resize the array if necessary

313
        if (num > 0 && num < domains.length) {

314
            ProtectionDomain[] downSize = new ProtectionDomain[num];

315
            System.arraycopy(optimized, 0, downSize, 0, downSize.length);

316
            optimized = downSize;

317
        }

318


319
        return ((num == 0 || optimized.length == 0) ? null : optimized);

320
    }

321


322
    private static void printInputDomains(ProtectionDomain[] currentDomains,

323
                                ProtectionDomain[] assignedDomains) {

324
        if (currentDomains == null || currentDomains.length == 0) {

325
            debug.println("currentDomains null or 0 length");

326
        } else {

327
            for (int i = 0; currentDomains != null &&

328
                        i < currentDomains.length; i++) {

329
                if (currentDomains[i] == null) {

330
                    debug.println("currentDomain " + i + ": SystemDomain");

331
                } else {

332
                    debug.println("currentDomain " + i + ": " +

333
                                printDomain(currentDomains[i]));

334
                }

335
            }

336
        }

337


338
        if (assignedDomains == null || assignedDomains.length == 0) {

339
            debug.println("assignedDomains null or 0 length");

340
        } else {

341
            debug.println("assignedDomains = ");

342
            for (int i = 0; assignedDomains != null &&

343
                        i < assignedDomains.length; i++) {

344
                if (assignedDomains[i] == null) {

345
                    debug.println("assignedDomain " + i + ": SystemDomain");

346
                } else {

347
                    debug.println("assignedDomain " + i + ": " +

348
                                printDomain(assignedDomains[i]));

349
                }

350
            }

351
        }

352
    }

353


354
    private static String printDomain(final ProtectionDomain pd) {

355
        if (pd == null) {

356
            return "null";

357
        }

358
        return AccessController.doPrivileged(new PrivilegedAction<String>() {

359
            public String run() {

360
                return pd.toString();

361
            }

362
        });

363
    }

364


365
    /**

366
     * A HashMap that has weak keys and values.

367
     *

368
     * Key objects in this map are the "current" ProtectionDomain instances

369
     * received via the combine method.  Each "current" PD is mapped to a

370
     * new PD instance that holds both the contents of the "current" PD,

371
     * as well as the principals from the Subject associated with this combiner.

372
     *

373
     * The newly created "principal-based" PD values must be stored as

374
     * WeakReferences since they contain strong references to the

375
     * corresponding key object (the "current" non-principal-based PD),

376
     * which will prevent the key from being GC'd.  Specifically,

377
     * a "principal-based" PD contains strong references to the CodeSource,

378
     * signer certs, PermissionCollection and ClassLoader objects

379
     * in the "current PD".

380
     */

381
    private static class WeakKeyValueMap<K,V> extends

382
                                        WeakHashMap<K,WeakReference<V>> {

383


384
        public V getValue(K key) {

385
            WeakReference<V> wr = super.get(key);

386
            if (wr != null) {

387
                return wr.get();

388
            }

389
            return null;

390
        }

391


392
        public V putValue(K key, V value) {

393
            WeakReference<V> wr = super.put(key, new WeakReference<V>(value));

394
            if (wr != null) {

395
                return wr.get();

396
            }

397
            return null;

398
        }

399
    }

400
}

401


402