avalon-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dona...@apache.org
Subject cvs commit: jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/verifier PolicyVerifier.java Resources.properties
Date Wed, 25 Sep 2002 11:25:05 GMT
donaldp     2002/09/25 04:25:05

  Added:       loader/src/java/org/apache/excalibur/policy/verifier
                        PolicyVerifier.java Resources.properties
  Log:
  Add in verifier for Policy stuff
  
  Revision  Changes    Path
  1.1                  jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/verifier/PolicyVerifier.java
  
  Index: PolicyVerifier.java
  ===================================================================
  /*
   * Copyright (C) The Apache Software Foundation. All rights reserved.
   *
   * This software is published under the terms of the Apache Software License
   * version 1.1, a copy of which has been included with this distribution in
   * the LICENSE.txt file.
   */
  package org.apache.excalibur.policy.verifier;
  
  import org.apache.avalon.excalibur.i18n.ResourceManager;
  import org.apache.avalon.excalibur.i18n.Resources;
  import org.apache.excalibur.policy.metadata.GrantMetaData;
  import org.apache.excalibur.policy.metadata.KeyStoreMetaData;
  import org.apache.excalibur.policy.metadata.PermissionMetaData;
  import org.apache.excalibur.policy.metadata.PolicyMetaData;
  
  /**
   * Verify Policy set is valid. Validity is defined as
   * <ul>
   *   <li>All KeyStore names should be defined starting with
   *       letters or '_' and then continuing with Alpha-Numeric
   *       characters, '-', '.' or '_'.</li>
   *   <li>If signedBy is specified then keystore is specified
   *       for both grants and permissions.</li>
   *   <li>That any keystore names used by grant or permission
   *       reference actual keystores.</li>
   *   <li>If target is null then actions is null.</li>
   * </ul>
   *
   * @author <a href="mailto:peter at apache.org">Peter Donald</a>
   * @version $Revision: 1.1 $ $Date: 2002/09/25 11:25:05 $
   */
  public class PolicyVerifier
  {
      private final static Resources REZ =
          ResourceManager.getPackageResources( PolicyVerifier.class );
  
      public void verifyPolicy( final PolicyMetaData policy )
          throws Exception
      {
          String message = null;
  
          message = REZ.getString( "valid-names.notice" );
          info( message );
          verifyNames( policy );
  
          message = REZ.getString( "valid-signedBy.notice" );
          info( message );
          verifySignedBy( policy );
  
          message = REZ.getString( "valid-keyStoreReferences.notice" );
          info( message );
          verifyKeyStoreReferences( policy );
  
          message = REZ.getString( "valid-actions.notice" );
          info( message );
          verifyActions( policy );
      }
  
      /**
       * Log an informational message.
       * Sub-classes should overide this.
       *
       * @param message the message
       */
      protected void info( final String message )
      {
          //noop
      }
  
      /**
       * Verify that all the keystores have valid names.
       *
       * @throws Exception if validity check fails
       */
      private void verifyNames( final PolicyMetaData policy )
          throws Exception
      {
          final KeyStoreMetaData[] keyStores = policy.getKeyStores();
          for( int i = 0; i < keyStores.length; i++ )
          {
              final String name = keyStores[ i ].getName();
              verifyName( name );
          }
      }
  
      /**
       * Verify that all the signedBy are accompanied by keystores.
       *
       * @throws Exception if validity check fails
       */
      private void verifySignedBy( final PolicyMetaData policy )
          throws Exception
      {
          final GrantMetaData[] grants = policy.getGrants();
          for( int i = 0; i < grants.length; i++ )
          {
              verifySignedBy( grants[ i ] );
          }
      }
  
      /**
       * Verify that all the signedBy are accompanied by keystores.
       *
       * @throws Exception if validity check fails
       */
      private void verifySignedBy( final GrantMetaData grant ) throws Exception
      {
          final String signedBy = grant.getSignedBy();
          final String keyStore = grant.getKeyStore();
          if( null != signedBy && null == keyStore )
          {
              final String message =
                  REZ.getString( "grant-missing-keystore.error",
                                 grant.getCodebase() );
              throw new Exception( message );
  
          }
          else if( null == signedBy && null != keyStore )
          {
              final String message =
                  REZ.getString( "grant-extra-keystore.error",
                                 grant.getCodebase() );
              throw new Exception( message );
          }
          final PermissionMetaData[] permissions = grant.getPermissions();
          for( int i = 0; i < permissions.length; i++ )
          {
              final PermissionMetaData permission = permissions[ i ];
              verifySignedBy( grant, permission );
          }
      }
  
      /**
       * Verify that all the signedBy are accompanied by keystores.
       *
       * @throws Exception if validity check fails
       */
      private void verifySignedBy( final GrantMetaData grant,
                                   final PermissionMetaData permission )
          throws Exception
      {
          final String signedBy = permission.getSignedBy();
          final String keyStore = permission.getKeyStore();
          if( null != signedBy && null == keyStore )
          {
              final String message =
                  REZ.getString( "permission-missing-keystore.error",
                                 grant.getCodebase(),
                                 permission.getClassname() );
              throw new Exception( message );
  
          }
          else if( null == signedBy && null != keyStore )
          {
              final String message =
                  REZ.getString( "permission-extra-keystore.error",
                                 grant.getCodebase(),
                                 permission.getClassname() );
              throw new Exception( message );
          }
      }
  
      /**
       * Verify that each reference to a keystore is valid.
       *
       * @throws Exception if validity check fails
       */
      private void verifyKeyStoreReferences( final PolicyMetaData policy )
          throws Exception
      {
          final GrantMetaData[] grants = policy.getGrants();
          for( int i = 0; i < grants.length; i++ )
          {
              verifyKeyStore( policy, grants[ i ] );
          }
      }
  
      /**
       * Verify that each reference to a keystore is valid.
       *
       * @throws Exception if validity check fails
       */
      private void verifyKeyStore( final PolicyMetaData policy,
                                   final GrantMetaData grant )
          throws Exception
      {
          verifyKeyStoreReference( policy, grant.getKeyStore() );
          final PermissionMetaData[] permissions = grant.getPermissions();
          for( int j = 0; j < permissions.length; j++ )
          {
              final PermissionMetaData permission = permissions[ j ];
              verifyKeyStoreReference( policy, permission.getKeyStore() );
          }
      }
  
      /**
       * Verify that each reference to a keystore is valid.
       *
       * @throws Exception if validity check fails
       */
      private void verifyKeyStoreReference( final PolicyMetaData policy,
                                            final String keyStoreName )
          throws Exception
      {
          final KeyStoreMetaData[] keyStores = policy.getKeyStores();
          for( int i = 0; i < keyStores.length; i++ )
          {
              final KeyStoreMetaData keyStore = keyStores[ i ];
              if( keyStore.getName().equals( keyStoreName ) )
              {
                  return;
              }
          }
  
          final String message =
              REZ.getString( "bad-keystore-reference.error",
                             keyStoreName );
          throw new Exception( message );
      }
  
      /**
       * Verify that all the classloaders have valid names.
       *
       * @throws Exception if validity check fails
       */
      private void verifyName( final String name )
          throws Exception
      {
          final int size = name.length();
          if( 0 == size )
          {
              final String message =
                  REZ.getString( "empty-name.error",
                                 name );
              throw new Exception( message );
          }
          final char ch = name.charAt( 0 );
          if( !Character.isLetter( ch ) &&
              '_' != ch )
          {
              final String message =
                  REZ.getString( "name-invalid-start.error",
                                 name );
              throw new Exception( message );
          }
  
          for( int i = 1; i < size; i++ )
          {
              final char c = name.charAt( i );
              if( !Character.isLetterOrDigit( c ) &&
                  '_' != c &&
                  '-' != c &&
                  '.' != c )
              {
                  final String message =
                      REZ.getString( "name-invalid-char.error",
                                     name,
                                     String.valueOf( c ) );
                  throw new Exception( message );
              }
          }
      }
  
      /**
       * Verify that an action is null if a target is null.
       *
       * @throws Exception if validity check fails
       */
      private void verifyActions( final PolicyMetaData policy )
          throws Exception
      {
          final GrantMetaData[] grants = policy.getGrants();
          for( int i = 0; i < grants.length; i++ )
          {
              final GrantMetaData grant = grants[ i ];
              final PermissionMetaData[] permissions = grant.getPermissions();
              for( int j = 0; j < permissions.length; j++ )
              {
                  final PermissionMetaData permission = permissions[ j ];
                  final String target = permission.getTarget();
                  final String action = permission.getAction();
                  if( null == target && null != action )
                  {
                      final String message =
                          REZ.getString( "permission-missing-action.error",
                                         grant.getCodebase(),
                                         permission.getClassname() );
                      throw new Exception( message );
                  }
              }
          }
      }
  }
  
  
  
  1.1                  jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/verifier/Resources.properties
  
  Index: Resources.properties
  ===================================================================
  valid-names.notice=Verifying that all key-stores have valid names.
  valid-signedBy.notice=Verifying that all signed-by attributes are accompanied by a key-store
attribute.
  valid-keyStoreReferences.notice=Verify that any keystore names used by grant or permission
reference actual keystores
  valid-actions.notice=Verify that if target is null then actions is null.
  
  grant-missing-keystore.error=Grant for codebase "{0}" has a signed-by attribute but no key-store
attribute.
  grant-extra-keystore.error=Grant for codebase "{0}" defined a key-store attribute without
defining a signed-by attribute.
  permission-missing-keystore.error=Permission loaded from codebase "{0}" of type "{1}" has
a signed-by attribute but no key-store attribute.
  permission-extra-keystore.error=Permission loaded from codebase "{0}" of type "{1}" defined
a key-store attribute without defining a signed-by attribute.
  
  bad-keystore-reference.error=Referenced non-existent keystore {0}.
  
  empty-name.error=Keystore name is empty.
  name-invalid-start.error=Keystore name "{0}" starts with an invalid character.
  name-invalid-char.error=Keystore name "{0}" contains an invalid character "{1}".
  permission-missing-action.error=Permission on codebase "{0}" of type "{1}" defines a target
without an action.
  
  

--
To unsubscribe, e-mail:   <mailto:avalon-cvs-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:avalon-cvs-help@jakarta.apache.org>


Mime
View raw message