felix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rickh...@apache.org
Subject svn commit: r782737 [6/8] - in /felix/trunk/org.osgi.core/src/main/java/org/osgi: framework/ framework/hooks/ framework/hooks/service/ framework/launch/ service/condpermadmin/ service/packageadmin/ service/permissionadmin/ service/startlevel/ service/url/
Date Mon, 08 Jun 2009 19:31:08 GMT
Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/PackagePermission.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/PackagePermission.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/PackagePermission.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/PackagePermission.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/PackagePermission.java,v 1.14 2006/06/16 16:31:18 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2000, 2006). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2000, 2009). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,9 +17,25 @@
 package org.osgi.framework;
 
 import java.io.IOException;
-import java.security.*;
+import java.io.NotSerializableException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.ObjectStreamField;
+import java.security.AccessController;
+import java.security.BasicPermission;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Dictionary;
 import java.util.Enumeration;
+import java.util.HashMap;
 import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
 
 /**
  * A bundle's authority to import or export a package.
@@ -33,54 +47,90 @@
  * For example:
  * 
  * <pre>
- * <code>
  * org.osgi.service.http
- * </code>
  * </pre>
  * 
  * <p>
- * <code>PackagePermission</code> has two actions: <code>EXPORT</code> and
- * <code>IMPORT</code>. The <code>EXPORT</code> action implies the
- * <code>IMPORT</code> action.
+ * <code>PackagePermission</code> has three actions: <code>exportonly</code>,
+ * <code>import</code> and <code>export</code>. The <code>export</code> action,
+ * which is deprecated, implies the <code>import</code> action.
  * 
- * @version $Revision: 1.14 $
+ * @ThreadSafe
+ * @version $Revision: 6530 $
  */
 
 public final class PackagePermission extends BasicPermission {
-	static final long			serialVersionUID	= -5107705877071099135L;
+	static final long						serialVersionUID	= -5107705877071099135L;
+
+	/**
+	 * The action string <code>export</code>. The <code>export</code> action
+	 * implies the <code>import</code> action.
+	 * 
+	 * @deprecated Since 1.5. Use <code>exportonly</code> instead.
+	 */
+	public final static String				EXPORT				= "export";
+
 	/**
-	 * The action string <code>export</code>.
+	 * The action string <code>exportonly</code>. The <code>exportonly</code>
+	 * action does not imply the <code>import</code> action.
+	 * 
+	 * @since 1.5
 	 */
-	public final static String	EXPORT				= "export";
+	public final static String				EXPORTONLY			= "exportonly";
 
 	/**
 	 * The action string <code>import</code>.
 	 */
-	public final static String	IMPORT				= "import";
+	public final static String				IMPORT				= "import";
+
+	private final static int				ACTION_EXPORT		= 0x00000001;
+	private final static int				ACTION_IMPORT		= 0x00000002;
+	private final static int				ACTION_ALL			= ACTION_EXPORT
+																		| ACTION_IMPORT;
+	final static int						ACTION_NONE			= 0;
 
-	private final static int	ACTION_EXPORT		= 0x00000001;
-	private final static int	ACTION_IMPORT		= 0x00000002;
-	private final static int	ACTION_ALL			= ACTION_EXPORT
-															| ACTION_IMPORT;
-	private final static int	ACTION_NONE			= 0;
 	/**
 	 * The actions mask.
 	 */
-	private transient int		action_mask			= ACTION_NONE;
+	transient int							action_mask;
 
 	/**
 	 * The actions in canonical form.
 	 * 
 	 * @serial
 	 */
-	private String				actions				= null;
+	private volatile String					actions				= null;
+
+	/**
+	 * The bundle used by this PackagePermission.
+	 */
+	transient final Bundle					bundle;
+
+	/**
+	 * If this PackagePermission was constructed with a filter, this holds a
+	 * Filter matching object used to evaluate the filter in implies.
+	 */
+	transient Filter						filter;
+
+	/**
+	 * This dictionary holds the properties of the permission, used to match a
+	 * filter in implies. This is not initialized until necessary, and then
+	 * cached in this object.
+	 */
+	private transient volatile Dictionary	properties;
 
 	/**
-	 * Defines the authority to import and/or export a package within the OSGi
-	 * environment.
+	 * Creates a new <code>PackagePermission</code> object.
+	 * 
 	 * <p>
 	 * The name is specified as a normal Java package name: a dot-separated
-	 * string. Wildcards may be used. For example:
+	 * string. Wildcards may be used.
+	 * 
+	 * <pre>
+	 * name ::= &lt;package name&gt; | &lt;package name ending in &quot;.*&quot;&gt; | *
+	 * </pre>
+	 * 
+	 * Examples:
 	 * 
 	 * <pre>
 	 * org.osgi.service.http
@@ -88,34 +138,85 @@
 	 * *
 	 * </pre>
 	 * 
+	 * For the <code>import</code> action, the name can also be a filter
+	 * expression. The filter gives access to the following attributes:
+	 * <ul>
+	 * <li>signer - A Distinguished Name chain used to sign the exporting
+	 * bundle. Wildcards in a DN are not matched according to the filter string
+	 * rules, but according to the rules defined for a DN chain.</li>
+	 * <li>location - The location of the exporting bundle.</li>
+	 * <li>id - The bundle ID of the exporting bundle.</li>
+	 * <li>name - The symbolic name of the exporting bundle.</li>
+	 * <li>package.name - The name of the requested package.</li>
+	 * </ul>
+	 * Filter attribute names are processed in a case sensitive manner.
+	 * 
 	 * <p>
 	 * Package Permissions are granted over all possible versions of a package.
 	 * 
 	 * A bundle that needs to export a package must have the appropriate
-	 * <code>PackagePermission</code> for that package; similarly, a bundle
-	 * that needs to import a package must have the appropriate
+	 * <code>PackagePermission</code> for that package; similarly, a bundle that
+	 * needs to import a package must have the appropriate
 	 * <code>PackagePermssion</code> for that package.
 	 * <p>
 	 * Permission is granted for both classes and resources.
 	 * 
-	 * @param name Package name.
-	 * @param actions <code>EXPORT</code>,<code>IMPORT</code> (canonical
+	 * @param name Package name or filter expression. A filter expression can
+	 *        only be specified if the specified action is <code>import</code>.
+	 * @param actions <code>exportonly</code>,<code>import</code> (canonical
 	 *        order).
+	 * @throw IllegalArgumentException If the specified name is a filter
+	 *        expression and either the specified action is not
+	 *        <code>import</code> or the filter has an invalid syntax.
 	 */
-
 	public PackagePermission(String name, String actions) {
-		this(name, getMask(actions));
+		this(name, parseActions(actions));
+		if ((filter != null)
+				&& ((action_mask & ACTION_ALL) != ACTION_IMPORT)) {
+			throw new IllegalArgumentException(
+					"invalid action string for filter expression");
+		}
+	}
+
+	/**
+	 * Creates a new requested <code>PackagePermission</code> object to be used
+	 * by code that must perform <code>checkPermission</code> for the
+	 * <code>import</code> action. <code>PackagePermission</code> objects
+	 * created with this constructor cannot be added to a
+	 * <code>PackagePermission</code> permission collection.
+	 * 
+	 * @param name The name of the requested package to import.
+	 * @param exportingBundle The bundle exporting the requested package.
+	 * @param actions The action <code>import</code>.
+	 * @throw IllegalArgumentException If the specified action is not
+	 *        <code>import</code> or the name is a filter expression.
+	 * @since 1.5
+	 */
+	public PackagePermission(String name, Bundle exportingBundle, String actions) {
+		super(name);
+		setTransients(name, parseActions(actions));
+		this.bundle = exportingBundle;
+		if (exportingBundle == null) {
+			throw new IllegalArgumentException("bundle must not be null");
+		}
+		if (filter != null) {
+			throw new IllegalArgumentException("invalid name");
+		}
+		if ((action_mask & ACTION_ALL) != ACTION_IMPORT) {
+			throw new IllegalArgumentException("invalid action string");
+		}
 	}
 
 	/**
 	 * Package private constructor used by PackagePermissionCollection.
 	 * 
-	 * @param name class name
+	 * @param name package name
 	 * @param mask action mask
 	 */
 	PackagePermission(String name, int mask) {
 		super(name);
-		init(mask);
+		setTransients(name, mask);
+		this.bundle = null;
 	}
 
 	/**
@@ -123,12 +224,12 @@
 	 * 
 	 * @param mask action mask
 	 */
-	private void init(int mask) {
+	private void setTransients(String name, int mask) {
 		if ((mask == ACTION_NONE) || ((mask & ACTION_ALL) != mask)) {
 			throw new IllegalArgumentException("invalid action string");
 		}
-
 		action_mask = mask;
+		filter = parseFilter(name);
 	}
 
 	/**
@@ -137,20 +238,20 @@
 	 * @param actions Action string.
 	 * @return action mask.
 	 */
-	private static int getMask(String actions) {
+	private static int parseActions(String actions) {
 		boolean seencomma = false;
 
 		int mask = ACTION_NONE;
 
 		if (actions == null) {
-			return (mask);
+			return mask;
 		}
 
 		char[] a = actions.toCharArray();
 
 		int i = a.length - 1;
 		if (i < 0)
-			return (mask);
+			return mask;
 
 		while (i != -1) {
 			char c;
@@ -186,9 +287,25 @@
 
 				}
 				else {
-					// parse error
-					throw new IllegalArgumentException("invalid permission: "
-							+ actions);
+					if (i >= 9 && (a[i - 9] == 'e' || a[i - 9] == 'E')
+							&& (a[i - 8] == 'x' || a[i - 8] == 'X')
+							&& (a[i - 7] == 'p' || a[i - 7] == 'P')
+							&& (a[i - 6] == 'o' || a[i - 6] == 'O')
+							&& (a[i - 5] == 'r' || a[i - 5] == 'R')
+							&& (a[i - 4] == 't' || a[i - 4] == 'T')
+							&& (a[i - 3] == 'o' || a[i - 3] == 'O')
+							&& (a[i - 2] == 'n' || a[i - 2] == 'N')
+							&& (a[i - 1] == 'l' || a[i - 1] == 'L')
+							&& (a[i] == 'y' || a[i] == 'Y')) {
+						matchlen = 10;
+						mask |= ACTION_EXPORT;
+
+					}
+					else {
+						// parse error
+						throw new IllegalArgumentException(
+								"invalid permission: " + actions);
+					}
 				}
 
 			// make sure we didn't just match the tail of a word
@@ -198,7 +315,7 @@
 				switch (a[i - matchlen]) {
 					case ',' :
 						seencomma = true;
-					/* FALLTHROUGH */
+						/* FALLTHROUGH */
 					case ' ' :
 					case '\r' :
 					case '\n' :
@@ -220,7 +337,32 @@
 			throw new IllegalArgumentException("invalid permission: " + actions);
 		}
 
-		return (mask);
+		return mask;
+	}
+
+	/**
+	 * Parse filter string into a Filter object.
+	 * 
+	 * @param filterString The filter string to parse.
+	 * @return a Filter for this bundle. If the specified filterString is not a
+	 *         filter expression, then <code>null</code> is returned.
+	 * @throws IllegalArgumentException If the filter syntax is invalid.
+	 */
+	private static Filter parseFilter(String filterString) {
+		filterString = filterString.trim();
+		if (filterString.charAt(0) != '(') {
+			return null;
+		}
+
+		try {
+			return FrameworkUtil.createFilter(filterString);
+		}
+		catch (InvalidSyntaxException e) {
+			IllegalArgumentException iae = new IllegalArgumentException(
+					"invalid filter");
+			iae.initCause(e);
+			throw iae;
+		}
 	}
 
 	/**
@@ -242,21 +384,49 @@
 	 * x.y,&quot;export&quot; -&gt; x.y.z, &quot;export&quot;  is false
 	 * </pre>
 	 * 
-	 * @param p The target permission to interrogate.
-	 * @return <code>true</code> if the specified
-	 *         <code>PackagePermission</code> action is implied by this
+	 * @param p The requested permission.
+	 * @return <code>true</code> if the specified permission is implied by this
 	 *         object; <code>false</code> otherwise.
 	 */
-
 	public boolean implies(Permission p) {
-		if (p instanceof PackagePermission) {
-			PackagePermission target = (PackagePermission) p;
-
-			return (((action_mask & target.action_mask) == target.action_mask) && super
-					.implies(p));
+		if (!(p instanceof PackagePermission)) {
+			return false;
+		}
+		PackagePermission requested = (PackagePermission) p;
+		if (bundle != null) {
+			return false;
 		}
+		// if requested permission has a filter, then it is an invalid argument
+		if (requested.filter != null) {
+			return false;
+		}
+		return implies0(requested, ACTION_NONE);
+	}
 
-		return (false);
+	/**
+	 * Internal implies method. Used by the implies and the permission
+	 * collection implies methods.
+	 * 
+	 * @param requested The requested PackagePermission which has already be
+	 *        validated as a proper argument. The requested PackagePermission
+	 *        must not have a filter expression.
+	 * @param effective The effective actions with which to start.
+	 * @return <code>true</code> if the specified permission is implied by this
+	 *         object; <code>false</code> otherwise.
+	 */
+	boolean implies0(PackagePermission requested, int effective) {
+		/* check actions first - much faster */
+		effective |= action_mask;
+		final int desired = requested.action_mask;
+		if ((effective & desired) != desired) {
+			return false;
+		}
+		/* Get filter if any */
+		Filter f = filter;
+		if (f == null) {
+			return super.implies(requested);
+		}
+		return f.matchCase(requested.getProperties());
 	}
 
 	/**
@@ -265,32 +435,32 @@
 	 * 
 	 * <p>
 	 * Always returns present <code>PackagePermission</code> actions in the
-	 * following order: <code>EXPORT</code>,<code>IMPORT</code>.
+	 * following order: <code>EXPORTONLY</code>,<code>IMPORT</code>.
 	 * 
 	 * @return Canonical string representation of the
 	 *         <code>PackagePermission</code> actions.
 	 */
-
 	public String getActions() {
-		if (actions == null) {
+		String result = actions;
+		if (result == null) {
 			StringBuffer sb = new StringBuffer();
 			boolean comma = false;
 
-			if ((action_mask & ACTION_EXPORT) == ACTION_EXPORT) {
-				sb.append(EXPORT);
+			int mask = action_mask;
+			if ((mask & ACTION_EXPORT) == ACTION_EXPORT) {
+				sb.append(EXPORTONLY);
 				comma = true;
 			}
 
-			if ((action_mask & ACTION_IMPORT) == ACTION_IMPORT) {
+			if ((mask & ACTION_IMPORT) == ACTION_IMPORT) {
 				if (comma)
 					sb.append(',');
 				sb.append(IMPORT);
 			}
 
-			actions = sb.toString();
+			actions = result = sb.toString();
 		}
-
-		return (actions);
+		return result;
 	}
 
 	/**
@@ -300,7 +470,7 @@
 	 * @return A new <code>PermissionCollection</code> object.
 	 */
 	public PermissionCollection newPermissionCollection() {
-		return (new PackagePermissionCollection());
+		return new PackagePermissionCollection();
 	}
 
 	/**
@@ -313,22 +483,25 @@
 	 * @param obj The object to test for equality with this
 	 *        <code>PackagePermission</code> object.
 	 * @return <code>true</code> if <code>obj</code> is a
-	 *         <code>PackagePermission</code>, and has the same package name
-	 *         and actions as this <code>PackagePermission</code> object;
+	 *         <code>PackagePermission</code>, and has the same package name and
+	 *         actions as this <code>PackagePermission</code> object;
 	 *         <code>false</code> otherwise.
 	 */
 	public boolean equals(Object obj) {
 		if (obj == this) {
-			return (true);
+			return true;
 		}
 
 		if (!(obj instanceof PackagePermission)) {
-			return (false);
+			return false;
 		}
 
-		PackagePermission p = (PackagePermission) obj;
+		PackagePermission pp = (PackagePermission) obj;
 
-		return ((action_mask == p.action_mask) && getName().equals(p.getName()));
+		return (action_mask == pp.action_mask)
+				&& getName().equals(pp.getName())
+				&& ((bundle == pp.bundle) || ((bundle != null) && bundle
+						.equals(pp.bundle)));
 	}
 
 	/**
@@ -336,20 +509,13 @@
 	 * 
 	 * @return A hash code value for this object.
 	 */
-
 	public int hashCode() {
-		return (getName().hashCode() ^ getActions().hashCode());
-	}
-
-	/**
-	 * Returns the current action mask.
-	 * <p>
-	 * Used by the PackagePermissionCollection class.
-	 * 
-	 * @return Current action mask.
-	 */
-	int getMask() {
-		return (action_mask);
+		int h = 31 * 17 + getName().hashCode();
+		h = 31 * h + getActions().hashCode();
+		if (bundle != null) {
+			h = 31 * h + bundle.hashCode();
+		}
+		return h;
 	}
 
 	/**
@@ -357,9 +523,11 @@
 	 * stream. The actions are serialized, and the superclass takes care of the
 	 * name.
 	 */
-
 	private synchronized void writeObject(java.io.ObjectOutputStream s)
 			throws IOException {
+		if (bundle != null) {
+			throw new NotSerializableException("cannot serialize");
+		}
 		// Write out the actions. The superclass takes care of the name
 		// call getActions to make sure actions field is initialized
 		if (actions == null)
@@ -375,7 +543,41 @@
 			throws IOException, ClassNotFoundException {
 		// Read in the action, then initialize the rest
 		s.defaultReadObject();
-		init(getMask(actions));
+		setTransients(getName(), parseActions(actions));
+	}
+
+	/**
+	 * Called by <code><@link PackagePermission#implies(Permission)></code>.
+	 * 
+	 * @return a dictionary of properties for this permission.
+	 */
+	private Dictionary getProperties() {
+		Dictionary result = properties;
+		if (result != null) {
+			return result;
+		}
+		final Dictionary dict = new Hashtable(5);
+		if (filter == null) {
+			dict.put("package.name", getName());
+		}
+		if (bundle != null) {
+			AccessController.doPrivileged(new PrivilegedAction() {
+				public Object run() {
+					dict.put("id", new Long(bundle.getBundleId()));
+					dict.put("location", bundle.getLocation());
+					String name = bundle.getSymbolicName();
+					if (name != null) {
+						dict.put("name", name);
+					}
+					SignerProperty signer = new SignerProperty(bundle);
+					if (signer.isBundleSigned()) {
+						dict.put("signer", signer);
+					}
+					return null;
+				}
+			});
+		}
+		return properties = dict;
 	}
 }
 
@@ -388,73 +590,100 @@
  */
 
 final class PackagePermissionCollection extends PermissionCollection {
-	static final long	serialVersionUID	= -3350758995234427603L;
+	static final long		serialVersionUID	= -3350758995234427603L;
 	/**
-	 * Table of permissions.
+	 * Table of permissions with names.
 	 * 
-	 * @serial
+	 * @GuardedBy this
 	 */
-	private Hashtable	permissions;
+	private transient Map	permissions;
 
 	/**
 	 * Boolean saying if "*" is in the collection.
 	 * 
 	 * @serial
+	 * @GuardedBy this
 	 */
-	private boolean		all_allowed;
+	private boolean			all_allowed;
 
 	/**
-	 * Create an empty PackagePermissions object.
+	 * Table of permissions with filter expressions.
+	 * 
+	 * @serial
+	 * @GuardedBy this
 	 */
+	private Map				filterPermissions;
 
+	/**
+	 * Create an empty PackagePermissions object.
+	 */
 	public PackagePermissionCollection() {
-		permissions = new Hashtable();
+		permissions = new HashMap();
 		all_allowed = false;
 	}
 
 	/**
-	 * Adds a permission to the <code>PackagePermission</code> objects. The
-	 * key for the hash is the name.
+	 * Adds a permission to this permission collection.
 	 * 
 	 * @param permission The <code>PackagePermission</code> object to add.
-	 * 
-	 * @throws IllegalArgumentException If the permission is not a
-	 *         <code>PackagePermission</code> instance.
-	 * 
+	 * @throws IllegalArgumentException If the specified permission is not a
+	 *         <code>PackagePermission</code> instance or was constructed with a
+	 *         Bundle object.
 	 * @throws SecurityException If this
 	 *         <code>PackagePermissionCollection</code> object has been marked
 	 *         read-only.
 	 */
-
-	public void add(Permission permission) {
-		if (!(permission instanceof PackagePermission))
+	public void add(final Permission permission) {
+		if (!(permission instanceof PackagePermission)) {
 			throw new IllegalArgumentException("invalid permission: "
 					+ permission);
-		if (isReadOnly())
+		}
+		if (isReadOnly()) {
 			throw new SecurityException("attempt to add a Permission to a "
 					+ "readonly PermissionCollection");
+		}
 
-		PackagePermission pp = (PackagePermission) permission;
-		String name = pp.getName();
-
-		PackagePermission existing = (PackagePermission) permissions.get(name);
+		final PackagePermission pp = (PackagePermission) permission;
+		if (pp.bundle != null) {
+			throw new IllegalArgumentException("cannot add to collection: "
+					+ pp);
+		}
 
-		if (existing != null) {
-			int oldMask = existing.getMask();
-			int newMask = pp.getMask();
-			if (oldMask != newMask) {
-				permissions.put(name, new PackagePermission(name, oldMask
-						| newMask));
+		final String name = pp.getName();
+		final Filter f = pp.filter;
+		synchronized (this) {
+			/* select the bucket for the permission */
+			Map pc;
+			if (f != null) {
+				pc = filterPermissions;
+				if (pc == null) {
+					filterPermissions = pc = new HashMap();
+				}
+			}
+			else {
+				pc = permissions;
+			}
+			
+			final PackagePermission existing = (PackagePermission) pc.get(name);
+			if (existing != null) {
+				final int oldMask = existing.action_mask;
+				final int newMask = pp.action_mask;
+				if (oldMask != newMask) {
+					pc
+							.put(name, new PackagePermission(name, oldMask
+									| newMask));
 
+				}
+			}
+			else {
+				pc.put(name, pp);
 			}
-		}
-		else {
-			permissions.put(name, permission);
-		}
 
-		if (!all_allowed) {
-			if (name.equals("*"))
-				all_allowed = true;
+			if (!all_allowed) {
+				if (name.equals("*")) {
+					all_allowed = true;
+				}
+			}
 		}
 	}
 
@@ -464,68 +693,80 @@
 	 * 
 	 * @param permission The Permission object to compare with this
 	 *        <code>PackagePermission</code> object.
-	 * 
-	 * @return <code>true</code> if <code>permission</code> is a proper
-	 *         subset of a permission in the set; <code>false</code>
-	 *         otherwise.
+	 * @return <code>true</code> if <code>permission</code> is a proper subset
+	 *         of a permission in the set; <code>false</code> otherwise.
 	 */
-
-	public boolean implies(Permission permission) {
-		if (!(permission instanceof PackagePermission))
-			return (false);
-
-		PackagePermission pp = (PackagePermission) permission;
-		PackagePermission x;
-
-		int desired = pp.getMask();
-		int effective = 0;
-
-		// short circuit if the "*" Permission was added
-		if (all_allowed) {
-			x = (PackagePermission) permissions.get("*");
-			if (x != null) {
-				effective |= x.getMask();
-				if ((effective & desired) == desired)
-					return (true);
+	public boolean implies(final Permission permission) {
+		if (!(permission instanceof PackagePermission)) {
+			return false;
+		}
+		final PackagePermission requested = (PackagePermission) permission;
+		/* if requested permission has a filter, then it is an invalid argument */
+		if (requested.filter != null) {
+			return false;
+		}
+		String requestedName = requested.getName();
+		final int desired = requested.action_mask;
+		int effective = PackagePermission.ACTION_NONE;
+
+		Collection perms;
+		synchronized (this) {
+			Map pc = permissions;
+			PackagePermission pp;
+			/* short circuit if the "*" Permission was added */
+			if (all_allowed) {
+				pp = (PackagePermission) pc.get("*");
+				if (pp != null) {
+					effective |= pp.action_mask;
+					if ((effective & desired) == desired) {
+						return true;
+					}
+				}
 			}
+			/*
+			 * strategy: Check for full match first. Then work our way up the
+			 * name looking for matches on a.b.*
+			 */
+			pp = (PackagePermission) pc.get(requestedName);
+			if (pp != null) {
+				/* we have a direct hit! */
+				effective |= pp.action_mask;
+				if ((effective & desired) == desired) {
+					return true;
+				}
+			}
+			/* work our way up the tree... */
+			int last;
+			int offset = requestedName.length() - 1;
+			while ((last = requestedName.lastIndexOf(".", offset)) != -1) {
+				requestedName = requestedName.substring(0, last + 1) + "*";
+				pp = (PackagePermission) pc.get(requestedName);
+				if (pp != null) {
+					effective |= pp.action_mask;
+					if ((effective & desired) == desired) {
+						return true;
+					}
+				}
+				offset = last - 1;
+			}
+			/*
+			 * we don't have to check for "*" as it was already checked before
+			 * we were called.
+			 */
+			pc = filterPermissions;
+			if (pc == null) {
+				return false;
+			}
+			perms = pc.values();
 		}
-
-		// strategy:
-		// Check for full match first. Then work our way up the
-		// name looking for matches on a.b.*
-
-		String name = pp.getName();
-
-		x = (PackagePermission) permissions.get(name);
-
-		if (x != null) {
-			// we have a direct hit!
-			effective |= x.getMask();
-			if ((effective & desired) == desired)
-				return (true);
-		}
-
-		// work our way up the tree...
-		int last, offset;
-
-		offset = name.length() - 1;
-
-		while ((last = name.lastIndexOf(".", offset)) != -1) {
-
-			name = name.substring(0, last + 1) + "*";
-			x = (PackagePermission) permissions.get(name);
-
-			if (x != null) {
-				effective |= x.getMask();
-				if ((effective & desired) == desired)
-					return (true);
+		/* iterate one by one over filteredPermissions */
+		for (Iterator iter = perms.iterator(); iter.hasNext();) {
+			if (((PackagePermission) iter.next())
+					.implies0(requested, effective)) {
+				return true;
 			}
-			offset = last - 1;
 		}
-
-		// we don't have to check for "*" as it was already checked
-		// at the top (all_allowed), so we just return false
-		return (false);
+		return false;
 	}
 
 	/**
@@ -534,8 +775,37 @@
 	 * 
 	 * @return Enumeration of all <code>PackagePermission</code> objects.
 	 */
+	public synchronized Enumeration elements() {
+		List all = new ArrayList(permissions.values());
+		Map pc = filterPermissions;
+		if (pc != null) {
+			all.addAll(pc.values());
+		}
+		return Collections.enumeration(all);
+	}
+
+	/* serialization logic */
+	private static final ObjectStreamField[]	serialPersistentFields	= {
+			new ObjectStreamField("permissions", Hashtable.class),
+			new ObjectStreamField("all_allowed", Boolean.TYPE),
+			new ObjectStreamField("filterPermissions", HashMap.class)	};
 
-	public Enumeration elements() {
-		return (permissions.elements());
+	private synchronized void writeObject(ObjectOutputStream out)
+			throws IOException {
+		Hashtable hashtable = new Hashtable(permissions);
+		ObjectOutputStream.PutField pfields = out.putFields();
+		pfields.put("permissions", hashtable);
+		pfields.put("all_allowed", all_allowed);
+		pfields.put("filterPermissions", filterPermissions);
+		out.writeFields();
+	}
+
+	private synchronized void readObject(java.io.ObjectInputStream in)
+			throws IOException, ClassNotFoundException {
+		ObjectInputStream.GetField gfields = in.readFields();
+		Hashtable hashtable = (Hashtable) gfields.get("permissions", null);
+		permissions = new HashMap(hashtable);
+		all_allowed = gfields.get("all_allowed", false);
+		filterPermissions = (HashMap) gfields.get("filterPermissions", null);
 	}
 }

Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceEvent.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceEvent.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceEvent.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceEvent.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/ServiceEvent.java,v 1.15 2007/02/20 00:14:12 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2000, 2007). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2000, 2009). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,14 +16,15 @@
 
 package org.osgi.framework;
 
+import java.util.Dictionary;
 import java.util.EventObject;
 
 /**
  * An event from the Framework describing a service lifecycle change.
  * <p>
  * <code>ServiceEvent</code> objects are delivered to
- * <code>ServiceListener</code>s and <code>AllServiceListener</code>s when
- * a change occurs in this service's lifecycle. A type code is used to identify
+ * <code>ServiceListener</code>s and <code>AllServiceListener</code>s when a
+ * change occurs in this service's lifecycle. A type code is used to identify
  * the event type for future extendability.
  * 
  * <p>
@@ -34,7 +33,7 @@
  * @Immutable
  * @see ServiceListener
  * @see AllServiceListener
- * @version $Revision: 1.15 $
+ * @version $Revision: 6542 $
  */
 
 public class ServiceEvent extends EventObject {
@@ -55,10 +54,7 @@
 	 * This event is synchronously delivered <strong>after</strong> the service
 	 * has been registered with the Framework.
 	 * 
-	 * <p>
-	 * The value of <code>REGISTERED</code> is 0x00000001.
-	 * 
-	 * @see BundleContext#registerService(String[],Object,java.util.Dictionary)
+	 * @see BundleContext#registerService(String[],Object,Dictionary)
 	 */
 	public final static int			REGISTERED			= 0x00000001;
 
@@ -68,9 +64,6 @@
 	 * This event is synchronously delivered <strong>after</strong> the service
 	 * properties have been modified.
 	 * 
-	 * <p>
-	 * The value of <code>MODIFIED</code> is 0x00000002.
-	 * 
 	 * @see ServiceRegistration#setProperties
 	 */
 	public final static int			MODIFIED			= 0x00000002;
@@ -78,8 +71,8 @@
 	/**
 	 * This service is in the process of being unregistered.
 	 * <p>
-	 * This event is synchronously delivered <strong>before</strong> the
-	 * service has completed unregistering.
+	 * This event is synchronously delivered <strong>before</strong> the service
+	 * has completed unregistering.
 	 * 
 	 * <p>
 	 * If a bundle is using a service that is <code>UNREGISTERING</code>, the
@@ -88,20 +81,32 @@
 	 * this event, the Framework will automatically release the bundle's use of
 	 * the service while completing the service unregistration operation.
 	 * 
-	 * <p>
-	 * The value of UNREGISTERING is 0x00000004.
-	 * 
 	 * @see ServiceRegistration#unregister
 	 * @see BundleContext#ungetService
 	 */
 	public final static int			UNREGISTERING		= 0x00000004;
 
 	/**
+	 * The properties of a registered service have been modified and the new
+	 * properties no longer match the listener's filter.
+	 * <p>
+	 * This event is synchronously delivered <strong>after</strong> the service
+	 * properties have been modified. This event is only delivered to listeners
+	 * which were added with a non-<code>null</code> filter where the filter
+	 * matched the service properties prior to the modification but the filter
+	 * does not match the modified service properties.
+	 * 
+	 * @see ServiceRegistration#setProperties
+	 * @since 1.5
+	 */
+	public final static int			MODIFIED_ENDMATCH	= 0x00000008;
+
+	/**
 	 * Creates a new service event object.
 	 * 
 	 * @param type The event type.
 	 * @param reference A <code>ServiceReference</code> object to the service
-	 *        that had a lifecycle change.
+	 * 	that had a lifecycle change.
 	 */
 	public ServiceEvent(int type, ServiceReference reference) {
 		super(reference);
@@ -124,9 +129,10 @@
 	/**
 	 * Returns the type of event. The event type values are:
 	 * <ul>
-	 * <li>{@link #REGISTERED}
-	 * <li>{@link #MODIFIED}
-	 * <li>{@link #UNREGISTERING}
+	 * <li>{@link #REGISTERED} </li> 
+	 * <li>{@link #MODIFIED} </li> 
+	 * <li>{@link #MODIFIED_ENDMATCH} </li> 
+	 * <li>{@link #UNREGISTERING} </li>
 	 * </ul>
 	 * 
 	 * @return Type of service lifecycle change.

Added: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceException.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceException.java?rev=782737&view=auto
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceException.java (added)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceException.java Mon Jun  8 19:31:06 2009
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) OSGi Alliance (2007, 2009). All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.osgi.framework;
+
+/**
+ * A service exception used to indicate that a service problem occurred.
+ * 
+ * <p>
+ * A <code>ServiceException</code> object is created by the Framework or
+ * service implementation to denote an exception condition in the service. A
+ * type code is used to identify the exception type for future extendability.
+ * Service implementations may also create subclasses of
+ * <code>ServiceException</code>. When subclassing, the subclass should set
+ * the type to {@link #SUBCLASSED} to indicate that
+ * <code>ServiceException</code> has been subclassed.
+ * 
+ * <p>
+ * This exception conforms to the general purpose exception chaining mechanism.
+ * 
+ * @version $Revision: 6518 $
+ * @since 1.5
+ */
+
+public class ServiceException extends RuntimeException {
+	static final long		serialVersionUID	= 3038963223712959631L;
+
+	/**
+	 * Type of service exception.
+	 */
+	private final int		type;
+
+	/**
+	 * No exception type is unspecified.
+	 */
+	public static final int	UNSPECIFIED			= 0;
+	/**
+	 * The service has been unregistered.
+	 */
+	public static final int	UNREGISTERED		= 1;
+	/**
+	 * The service factory produced an invalid service object.
+	 */
+	public static final int	FACTORY_ERROR		= 2;
+	/**
+	 * The service factory threw an exception.
+	 */
+	public static final int	FACTORY_EXCEPTION	= 3;
+	/**
+	 * The exception is a subclass of ServiceException. The subclass should be
+	 * examined for the type of the exception.
+	 */
+	public static final int	SUBCLASSED			= 4;
+	/**
+	 * An error occurred invoking a remote service.
+	 */
+	public static final int REMOTE 				= 5;
+
+	/**
+	 * Creates a <code>ServiceException</code> with the specified message and
+	 * exception cause.
+	 * 
+	 * @param msg The associated message.
+	 * @param cause The cause of this exception.
+	 */
+	public ServiceException(String msg, Throwable cause) {
+		this(msg, UNSPECIFIED, cause);
+	}
+
+	/**
+	 * Creates a <code>ServiceException</code> with the specified message.
+	 * 
+	 * @param msg The message.
+	 */
+	public ServiceException(String msg) {
+		this(msg, UNSPECIFIED);
+	}
+
+	/**
+	 * Creates a <code>ServiceException</code> with the specified message,
+	 * type and exception cause.
+	 * 
+	 * @param msg The associated message.
+	 * @param type The type for this exception.
+	 * @param cause The cause of this exception.
+	 */
+	public ServiceException(String msg, int type, Throwable cause) {
+		super(msg, cause);
+		this.type = type;
+	}
+
+	/**
+	 * Creates a <code>ServiceException</code> with the specified message and
+	 * type.
+	 * 
+	 * @param msg The message.
+	 * @param type The type for this exception.
+	 */
+	public ServiceException(String msg, int type) {
+		super(msg);
+		this.type = type;
+	}
+
+	/**
+	 * Returns the type for this exception or <code>UNSPECIFIED</code> if the
+	 * type was unspecified or unknown.
+	 * 
+	 * @return The type of this exception.
+	 */
+	public int getType() {
+		return type;
+	}
+}

Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceFactory.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceFactory.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceFactory.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceFactory.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/ServiceFactory.java,v 1.10 2007/02/20 00:16:30 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2000, 2007). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2000, 2008). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,7 +46,7 @@
  * 
  * @see BundleContext#getService
  * @ThreadSafe
- * @version $Revision: 1.10 $
+ * @version $Revision: 5967 $
  */
 
 public interface ServiceFactory {
@@ -65,7 +63,9 @@
 	 * <p>
 	 * The Framework caches the value returned (unless it is <code>null</code>),
 	 * and will return the same service object on any future call to
-	 * <code>BundleContext.getService</code> from the same bundle.
+	 * <code>BundleContext.getService</code> for the same bundle. This means the
+	 * Framework must not allow this method to be concurrently called for the
+	 * same bundle.
 	 * 
 	 * <p>
 	 * The Framework will check if the returned service object is an instance of
@@ -75,8 +75,8 @@
 	 * @param bundle The bundle using the service.
 	 * @param registration The <code>ServiceRegistration</code> object for the
 	 *        service.
-	 * @return A service object that <strong>must </strong> be an instance of
-	 *         all the classes named when the service was registered.
+	 * @return A service object that <strong>must</strong> be an instance of all
+	 *         the classes named when the service was registered.
 	 * @see BundleContext#getService
 	 */
 	public Object getService(Bundle bundle, ServiceRegistration registration);

Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceListener.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceListener.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceListener.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceListener.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/ServiceListener.java,v 1.15 2007/02/20 00:16:30 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2000, 2007). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2000, 2008). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,7 +51,7 @@
  * @see ServiceEvent
  * @see ServicePermission
  * @ThreadSafe
- * @version $Revision: 1.15 $
+ * @version $Revision: 5673 $
  */
 
 public interface ServiceListener extends EventListener {

Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServicePermission.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServicePermission.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServicePermission.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServicePermission.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/ServicePermission.java,v 1.15 2007/02/20 00:06:02 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2000, 2007). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2000, 2009). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,34 +17,51 @@
 package org.osgi.framework;
 
 import java.io.IOException;
-import java.security.*;
+import java.io.NotSerializableException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.ObjectStreamField;
+import java.security.AccessController;
+import java.security.BasicPermission;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Dictionary;
 import java.util.Enumeration;
+import java.util.HashMap;
 import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
 
 /**
  * A bundle's authority to register or get a service.
  * <ul>
- * <li>The <code>ServicePermission.REGISTER</code> action allows a bundle to
- * register a service on the specified names.
- * <li>The <code>ServicePermission.GET</code> action allows a bundle to
- * detect a service and get it.
+ * <li>The <code>register</code> action allows a bundle to register a service on
+ * the specified names.
+ * <li>The <code>get</code> action allows a bundle to detect a service and get
+ * it.
  * </ul>
  * Permission to get a service is required in order to detect events regarding
  * the service. Untrusted bundles should not be able to detect the presence of
  * certain services unless they have the appropriate
  * <code>ServicePermission</code> to get the specific service.
  * 
- * @version $Revision: 1.15 $
+ * @ThreadSafe
+ * @version $Revision: 6530 $
  */
 
-final public class ServicePermission extends BasicPermission {
+public final class ServicePermission extends BasicPermission {
 	static final long			serialVersionUID	= -7662148639076511574L;
 	/**
-	 * The action string <code>get</code> (Value is "get").
+	 * The action string <code>get</code>.
 	 */
 	public final static String	GET					= "get";
 	/**
-	 * The action string <code>register</code> (Value is "register").
+	 * The action string <code>register</code>.
 	 */
 	public final static String	REGISTER			= "register";
 
@@ -54,27 +69,65 @@
 	private final static int	ACTION_REGISTER		= 0x00000002;
 	private final static int	ACTION_ALL			= ACTION_GET
 															| ACTION_REGISTER;
-	private final static int	ACTION_NONE			= 0;
+	final static int						ACTION_NONE			= 0;
+
 	/**
 	 * The actions mask.
 	 */
-	private transient int		action_mask			= ACTION_NONE;
+	transient int							action_mask;
 
 	/**
 	 * The actions in canonical form.
 	 * 
 	 * @serial
 	 */
-	private String				actions				= null;
+	private volatile String		actions				= null;
+
+	/**
+	 * The service used by this ServicePermission. Must be null if not
+	 * constructed with a service.
+	 */
+	transient final ServiceReference		service;
+
+	/**
+	 * The object classes for this ServicePermission. Must be null if not
+	 * constructed with a service.
+	 */
+	transient final String[]				objectClass;
+
+	/**
+	 * If this ServicePermission was constructed with a filter, this holds a
+	 * Filter matching object used to evaluate the filter in implies.
+	 */
+	transient Filter						filter;
+
+	/**
+	 * This dictionary holds the properties of the permission, used to match a
+	 * filter in implies. This is not initialized until necessary, and then
+	 * cached in this object.
+	 */
+	private transient volatile Dictionary	properties;
+
+	/**
+	 * True if constructed with a name and the name is "*" or ends with ".*".
+	 */
+	private transient boolean				wildcard;
+
+	/**
+	 * If constructed with a name and the name ends with ".*", this contains the
+	 * name without the final "*".
+	 */
+	private transient String				prefix;
 
 	/**
 	 * Create a new ServicePermission.
 	 * 
 	 * <p>
 	 * The name of the service is specified as a fully qualified class name.
+	 * Wildcards may be used.
 	 * 
 	 * <pre>
-	 * ClassName ::= &lt;class name&gt; | &lt;class name ending in &quot;.*&quot;&gt;
+	 * name ::= &lt;class name&gt; | &lt;class name ending in &quot;.*&quot;&gt; | *
 	 * </pre>
 	 * 
 	 * Examples:
@@ -82,23 +135,88 @@
 	 * <pre>
 	 * org.osgi.service.http.HttpService
 	 * org.osgi.service.http.*
-	 * org.osgi.service.snmp.*
+	 * *
 	 * </pre>
 	 * 
+	 * For the <code>get</code> action, the name can also be a filter
+	 * expression. The filter gives access to the service properties as well as
+	 * the following attributes:
+	 * <ul>
+	 * <li>signer - A Distinguished Name chain used to sign the bundle
+	 * publishing the service. Wildcards in a DN are not matched according to
+	 * the filter string rules, but according to the rules defined for a DN
+	 * chain.</li>
+	 * <li>location - The location of the bundle publishing the service.</li>
+	 * <li>id - The bundle ID of the bundle publishing the service.</li>
+	 * <li>name - The symbolic name of the bundle publishing the service.</li>
+	 * </ul>
+	 * Since the above attribute names may conflict with service property names
+	 * used by a service, you can prefix an attribute name with '@' in the
+	 * filter expression to match against the service property and not one of
+	 * the above attributes. Filter attribute names are processed in a case
+	 * sensitive manner unless the attribute references a service property.
+	 * Service properties names are case insensitive.
+	 * 
 	 * <p>
 	 * There are two possible actions: <code>get</code> and
-	 * <code>register</code>. The <code>get</code> permission allows the
-	 * owner of this permission to obtain a service with this name. The
-	 * <code>register</code> permission allows the bundle to register a
-	 * service under that name.
-	 * 
-	 * @param name class name
-	 * @param actions <code>get</code>,<code>register</code> (canonical
-	 *        order)
+	 * <code>register</code>. The <code>get</code> permission allows the owner
+	 * of this permission to obtain a service with this name. The
+	 * <code>register</code> permission allows the bundle to register a service
+	 * under that name.
+	 * 
+	 * @param name The service class name
+	 * @param actions <code>get</code>,<code>register</code> (canonical order)
+	 * @throw IllegalArgumentException If the specified name is a filter
+	 *        expression and either the specified action is not <code>get</code>
+	 *        or the filter has an invalid syntax.
 	 */
-
 	public ServicePermission(String name, String actions) {
-		this(name, getMask(actions));
+		this(name, parseActions(actions));
+		if ((filter != null)
+				&& ((action_mask & ACTION_ALL) != ACTION_GET)) {
+			throw new IllegalArgumentException(
+					"invalid action string for filter expression");
+		}
+	}
+
+	/**
+	 * Creates a new requested <code>ServicePermission</code> object to be used
+	 * by code that must perform <code>checkPermission</code> for the
+	 * <code>get</code> action. <code>ServicePermission</code> objects created
+	 * with this constructor cannot be added to a <code>ServicePermission</code>
+	 * permission collection.
+	 * 
+	 * @param reference The requested service.
+	 * @param actions The action <code>get</code>.
+	 * @throw IllegalArgumentException If the specified action is not
+	 *        <code>get</code> or reference is <code>null</code>.
+	 * @since 1.5
+	 */
+	public ServicePermission(ServiceReference reference, String actions) {
+		super(createName(reference));
+		setTransients(null, parseActions(actions));
+		this.service = reference;
+		this.objectClass = (String[]) reference
+				.getProperty(Constants.OBJECTCLASS);
+		if ((action_mask & ACTION_ALL) != ACTION_GET) {
+			throw new IllegalArgumentException("invalid action string");
+		}
+	}
+
+	/**
+	 * Create a permission name from a ServiceReference
+	 * 
+	 * @param reference ServiceReference to use to create permission name.
+	 * @return permission name.
+	 */
+	private static String createName(ServiceReference reference) {
+		if (reference == null) {
+			throw new IllegalArgumentException("reference must not be null");
+		}
+		StringBuffer sb = new StringBuffer("(service.id=");
+		sb.append(reference.getProperty(Constants.SERVICE_ID));
+		sb.append(")");
+		return sb.toString();
 	}
 
 	/**
@@ -109,8 +227,9 @@
 	 */
 	ServicePermission(String name, int mask) {
 		super(name);
-
-		init(mask);
+		setTransients(parseFilter(name), mask);
+		this.service = null;
+		this.objectClass = null;
 	}
 
 	/**
@@ -118,12 +237,22 @@
 	 * 
 	 * @param mask action mask
 	 */
-	private void init(int mask) {
+	private void setTransients(Filter f, int mask) {
 		if ((mask == ACTION_NONE) || ((mask & ACTION_ALL) != mask)) {
 			throw new IllegalArgumentException("invalid action string");
 		}
-
 		action_mask = mask;
+		filter = f;
+		if (f == null) {
+			String name = getName();
+			int l = name.length();
+			/* if "*" or endsWith ".*" */
+			wildcard = ((name.charAt(l - 1) == '*') && ((l == 1) || (name
+					.charAt(l - 2) == '.')));
+			if (wildcard && (l > 1)) {
+				prefix = name.substring(0, l - 1);
+			}
+		}
 	}
 
 	/**
@@ -132,7 +261,7 @@
 	 * @param actions Action string.
 	 * @return action mask.
 	 */
-	private static int getMask(String actions) {
+	private static int parseActions(String actions) {
 		boolean seencomma = false;
 
 		int mask = ACTION_NONE;
@@ -218,23 +347,105 @@
 	}
 
 	/**
+	 * Parse filter string into a Filter object.
+	 * 
+	 * @param filterString The filter string to parse.
+	 * @return a Filter for this bundle. If the specified filterString is not a
+	 *         filter expression, then <code>null</code> is returned.
+	 * @throws IllegalArgumentException If the filter syntax is invalid.
+	 */
+	private static Filter parseFilter(String filterString) {
+		filterString = filterString.trim();
+		if (filterString.charAt(0) != '(') {
+			return null;
+		}
+
+		try {
+			return FrameworkUtil.createFilter(filterString);
+		}
+		catch (InvalidSyntaxException e) {
+			IllegalArgumentException iae = new IllegalArgumentException(
+					"invalid filter");
+			iae.initCause(e);
+			throw iae;
+		}
+	}
+
+	/**
 	 * Determines if a <code>ServicePermission</code> object "implies" the
 	 * specified permission.
 	 * 
 	 * @param p The target permission to check.
-	 * @return <code>true</code> if the specified permission is implied by
-	 *         this object; <code>false</code> otherwise.
+	 * @return <code>true</code> if the specified permission is implied by this
+	 *         object; <code>false</code> otherwise.
 	 */
-
 	public boolean implies(Permission p) {
-		if (p instanceof ServicePermission) {
-			ServicePermission target = (ServicePermission) p;
-
-			return (((action_mask & target.action_mask) == target.action_mask) && super
-					.implies(p));
+		if (!(p instanceof ServicePermission)) {
+			return false;
 		}
+		ServicePermission requested = (ServicePermission) p;
+		if (service != null) {
+			return false;
+		}
+		// if requested permission has a filter, then it is an invalid argument
+		if (requested.filter != null) {
+			return false;
+		}
+		return implies0(requested, ACTION_NONE);
+	}
 
-		return (false);
+	/**
+	 * Internal implies method. Used by the implies and the permission
+	 * collection implies methods.
+	 * 
+	 * @param requested The requested ServicePermission which has already be
+	 *        validated as a proper argument. The requested ServicePermission
+	 *        must not have a filter expression.
+	 * @param effective The effective actions with which to start.
+	 * @return <code>true</code> if the specified permission is implied by this
+	 *         object; <code>false</code> otherwise.
+	 */
+	boolean implies0(ServicePermission requested, int effective) {
+		/* check actions first - much faster */
+		effective |= action_mask;
+		final int desired = requested.action_mask;
+		if ((effective & desired) != desired) {
+			return false;
+		}
+		/* we have name of "*" */
+		if (wildcard && (prefix == null)) {
+			return true;
+		}
+		/* if we have a filter */
+		Filter f = filter;
+		if (f != null) {
+			return f.matchCase(requested.getProperties());
+		}
+		/* if requested permission not created with ServiceReference */
+		String[] requestedNames = requested.objectClass;
+		if (requestedNames == null) {
+			return super.implies(requested);
+		}
+		/* requested permission created with ServiceReference */
+		if (wildcard) {
+			int pl = prefix.length();
+			for (int i = 0, l = requestedNames.length; i < l; i++) {
+				String requestedName = requestedNames[i];
+				if ((requestedName.length() > pl)
+						&& requestedName.startsWith(prefix)) {
+					return true;
+				}
+			}
+		}
+		else {
+			String name = getName();
+			for (int i = 0, l = requestedNames.length; i < l; i++) {
+				if (requestedNames[i].equals(name)) {
+					return true;
+				}
+			}
+		}
+		return false;
 	}
 
 	/**
@@ -245,25 +456,27 @@
 	 * @return The canonical string representation of the actions.
 	 */
 	public String getActions() {
-		if (actions == null) {
+		String result = actions;
+		if (result == null) {
 			StringBuffer sb = new StringBuffer();
 			boolean comma = false;
 
-			if ((action_mask & ACTION_GET) == ACTION_GET) {
+			int mask = action_mask;
+			if ((mask & ACTION_GET) == ACTION_GET) {
 				sb.append(GET);
 				comma = true;
 			}
 
-			if ((action_mask & ACTION_REGISTER) == ACTION_REGISTER) {
+			if ((mask & ACTION_REGISTER) == ACTION_REGISTER) {
 				if (comma)
 					sb.append(',');
 				sb.append(REGISTER);
 			}
 
-			actions = sb.toString();
+			actions = result = sb.toString();
 		}
 
-		return (actions);
+		return result;
 	}
 
 	/**
@@ -274,33 +487,35 @@
 	 * <code>ServicePermission</code> objects.
 	 */
 	public PermissionCollection newPermissionCollection() {
-		return (new ServicePermissionCollection());
+		return new ServicePermissionCollection();
 	}
 
 	/**
-	 * Determines the equalty of two ServicePermission objects.
+	 * Determines the equality of two ServicePermission objects.
 	 * 
 	 * Checks that specified object has the same class name and action as this
 	 * <code>ServicePermission</code>.
 	 * 
 	 * @param obj The object to test for equality.
-	 * @return true if obj is a <code>ServicePermission</code>, and has the
-	 *         same class name and actions as this
-	 *         <code>ServicePermission</code> object; <code>false</code>
-	 *         otherwise.
+	 * @return true if obj is a <code>ServicePermission</code>, and has the same
+	 *         class name and actions as this <code>ServicePermission</code>
+	 *         object; <code>false</code> otherwise.
 	 */
 	public boolean equals(Object obj) {
 		if (obj == this) {
-			return (true);
+			return true;
 		}
 
 		if (!(obj instanceof ServicePermission)) {
-			return (false);
+			return false;
 		}
 
-		ServicePermission p = (ServicePermission) obj;
+		ServicePermission sp = (ServicePermission) obj;
 
-		return ((action_mask == p.action_mask) && getName().equals(p.getName()));
+		return (action_mask == sp.action_mask)
+				&& getName().equals(sp.getName())
+				&& ((service == sp.service) || ((service != null) && (service
+						.compareTo(sp.service) == 0)));
 	}
 
 	/**
@@ -308,28 +523,24 @@
 	 * 
 	 * @return Hash code value for this object.
 	 */
-
 	public int hashCode() {
-		return (getName().hashCode() ^ getActions().hashCode());
-	}
-
-	/**
-	 * Returns the current action mask. Used by the ServicePermissionCollection
-	 * object.
-	 * 
-	 * @return The actions mask.
-	 */
-	int getMask() {
-		return (action_mask);
+		int h = 31 * 17 + getName().hashCode();
+		h = 31 * h + getActions().hashCode();
+		if (service != null) {
+			h = 31 * h + service.hashCode();
+		}
+		return h;
 	}
 
 	/**
 	 * WriteObject is called to save the state of this permission to a stream.
 	 * The actions are serialized, and the superclass takes care of the name.
 	 */
-
 	private synchronized void writeObject(java.io.ObjectOutputStream s)
 			throws IOException {
+		if (service != null) {
+			throw new NotSerializableException("cannot serialize");
+		}
 		// Write out the actions. The superclass takes care of the name
 		// call getActions to make sure actions field is initialized
 		if (actions == null)
@@ -345,7 +556,123 @@
 			throws IOException, ClassNotFoundException {
 		// Read in the action, then initialize the rest
 		s.defaultReadObject();
-		init(getMask(actions));
+		setTransients(parseFilter(getName()), parseActions(actions));
+	}
+	/**
+	 * Called by <code><@link ServicePermission#implies(Permission)></code>.
+	 * 
+	 * @return a dictionary of properties for this permission.
+	 */
+	private Dictionary getProperties() {
+		Dictionary result = properties;
+		if (result != null) {
+			return result;
+		}
+		if (service == null) {
+			result = new Hashtable(1);
+			if (filter == null) {
+				result.put(Constants.OBJECTCLASS, new String[] {getName()});
+			}
+			return properties = result;
+		}
+		final Map props = new HashMap(4);
+		final Bundle bundle = service.getBundle();
+		if (bundle != null) {
+			AccessController.doPrivileged(new PrivilegedAction() {
+				public Object run() {
+					props.put("id", new Long(bundle.getBundleId()));
+					props.put("location", bundle.getLocation());
+					String name = bundle.getSymbolicName();
+					if (name != null) {
+						props.put("name", name);
+					}
+					SignerProperty signer = new SignerProperty(bundle);
+					if (signer.isBundleSigned()) {
+						props.put("signer", signer);
+					}
+					return null;
+				}
+			});
+		}
+		return properties = new Properties(props, service);
+	}
+	
+	private static class Properties extends Dictionary {
+		private final Map				properties;
+		private final ServiceReference	service;
+
+		Properties(Map properties, ServiceReference service) {
+			this.properties = properties;
+			this.service = service;
+		}
+
+		public Object get(Object k) {
+			if (!(k instanceof String)) {
+				return null;
+			}
+			String key = (String) k;
+			if (key.charAt(0) == '@') {
+				return service.getProperty(key.substring(1));
+			}
+			Object value = properties.get(key);
+			if (value != null) { // fall back to service properties
+				return value;
+			}
+			return service.getProperty(key);
+		}
+
+		public int size() {
+			return properties.size() + service.getPropertyKeys().length;
+		}
+
+		public boolean isEmpty() {
+			// we can return false because this must never be empty
+			return false;
+		}
+
+		public Enumeration keys() {
+			Collection pk = properties.keySet();
+			String spk[] = service.getPropertyKeys();
+			List all = new ArrayList(pk.size() + spk.length);
+			all.addAll(pk);
+			add:
+			for (int i = 0, length = spk.length; i < length; i++) {
+				String key = spk[i];
+				for (Iterator iter = pk.iterator(); iter.hasNext();) {
+					if (key.equalsIgnoreCase((String) iter.next())) {
+						continue add;
+					}
+				}
+				all.add(key);
+			}
+			return Collections.enumeration(all);
+		}
+
+		public Enumeration elements() {
+			Collection pk = properties.keySet();
+			String spk[] = service.getPropertyKeys();
+			List all = new ArrayList(pk.size() + spk.length);
+			all.addAll(properties.values());
+			add:
+			for (int i = 0, length = spk.length; i < length; i++) {
+				String key = spk[i];
+				for (Iterator iter = pk.iterator(); iter.hasNext();) {
+					if (key.equalsIgnoreCase((String) iter.next())) {
+						continue add;
+					}
+				}
+				all.add(service.getProperty(key));
+			}
+			return Collections.enumeration(all);
+		}
+
+		public Object put(Object key, Object value) {
+			throw new UnsupportedOperationException();
+		}
+
+		public Object remove(Object key) {
+			throw new UnsupportedOperationException();
+		}
 	}
 }
 
@@ -356,73 +683,99 @@
  * @see java.security.Permissions
  * @see java.security.PermissionCollection
  */
-
 final class ServicePermissionCollection extends PermissionCollection {
 	static final long	serialVersionUID	= 662615640374640621L;
 	/**
 	 * Table of permissions.
 	 * 
-	 * @serial
+	 * @GuardedBy this
 	 */
-	private Hashtable	permissions;
+	private transient Map	permissions;
 
 	/**
 	 * Boolean saying if "*" is in the collection.
 	 * 
 	 * @serial
+	 * @GuardedBy this
 	 */
 	private boolean		all_allowed;
 
 	/**
-	 * Creates an empty ServicePermissions object.
+	 * Table of permissions with filter expressions.
+	 * 
+	 * @serial
+	 * @GuardedBy this
 	 */
+	private Map				filterPermissions;
 
+	/**
+	 * Creates an empty ServicePermissions object.
+	 */
 	public ServicePermissionCollection() {
-		permissions = new Hashtable();
+		permissions = new HashMap();
 		all_allowed = false;
 	}
 
 	/**
-	 * Adds a permission to the <code>ServicePermission</code> objects using
-	 * the key for the hash as the name.
+	 * Adds a permission to this permission collection.
 	 * 
 	 * @param permission The Permission object to add.
-	 * 
-	 * @throws IllegalArgumentException If the permission is not a
+	 * @throws IllegalArgumentException If the specified permission is not a
 	 *         ServicePermission object.
 	 * @throws SecurityException If this
 	 *         <code>ServicePermissionCollection</code> object has been marked
 	 *         read-only.
 	 */
-
-	public void add(Permission permission) {
-		if (!(permission instanceof ServicePermission))
+	public void add(final Permission permission) {
+		if (!(permission instanceof ServicePermission)) {
 			throw new IllegalArgumentException("invalid permission: "
 					+ permission);
-		if (isReadOnly())
+		}
+		if (isReadOnly()) {
 			throw new SecurityException("attempt to add a Permission to a "
 					+ "readonly PermissionCollection");
-
-		ServicePermission sp = (ServicePermission) permission;
-		String name = sp.getName();
-
-		ServicePermission existing = (ServicePermission) permissions.get(name);
-
-		if (existing != null) {
-			int oldMask = existing.getMask();
-			int newMask = sp.getMask();
-			if (oldMask != newMask) {
-				permissions.put(name, new ServicePermission(name, oldMask
-						| newMask));
-			}
-		}
-		else {
-			permissions.put(name, permission);
 		}
 
-		if (!all_allowed) {
-			if (name.equals("*"))
-				all_allowed = true;
+		final ServicePermission sp = (ServicePermission) permission;
+		if (sp.service != null) {
+			throw new IllegalArgumentException("cannot add to collection: "
+					+ sp);
+		}
+		
+		final String name = sp.getName();
+		final Filter f = sp.filter;
+		synchronized (this) {
+			/* select the bucket for the permission */
+			Map pc;
+			if (f != null) {
+				pc = filterPermissions;
+				if (pc == null) {
+					filterPermissions = pc = new HashMap();
+				}
+			}
+			else {
+				pc = permissions;
+			}
+			final ServicePermission existing = (ServicePermission) pc.get(name);
+			
+			if (existing != null) {
+				final int oldMask = existing.action_mask;
+				final int newMask = sp.action_mask;
+				if (oldMask != newMask) {
+					pc
+							.put(name, new ServicePermission(name, oldMask
+							| newMask));
+				}
+			}
+			else {
+				pc.put(name, sp);
+			}
+			
+			if (!all_allowed) {
+				if (name.equals("*")) {
+					all_allowed = true;
+				}
+			}
 		}
 	}
 
@@ -431,78 +784,149 @@
 	 * <code>permission</code>.
 	 * 
 	 * @param permission The Permission object to compare.
-	 * 
 	 * @return <code>true</code> if <code>permission</code> is a proper
 	 *         subset of a permission in the set; <code>false</code>
 	 *         otherwise.
 	 */
-
-	public boolean implies(Permission permission) {
-		if (!(permission instanceof ServicePermission))
-			return (false);
-
-		ServicePermission sp = (ServicePermission) permission;
-		ServicePermission x;
-
-		int desired = sp.getMask();
-		int effective = 0;
-
-		// short circuit if the "*" Permission was added
-		if (all_allowed) {
-			x = (ServicePermission) permissions.get("*");
-			if (x != null) {
-				effective |= x.getMask();
-				if ((effective & desired) == desired)
-					return (true);
+	public boolean implies(final Permission permission) {
+		if (!(permission instanceof ServicePermission)) {
+			return false;
+		}
+		final ServicePermission requested = (ServicePermission) permission;
+		/* if requested permission has a filter, then it is an invalid argument */
+		if (requested.filter != null) {
+			return false;
+		}
+
+		int effective = ServicePermission.ACTION_NONE;
+		Collection perms;
+		synchronized (this) {
+			final int desired = requested.action_mask;
+			/* short circuit if the "*" Permission was added */
+			if (all_allowed) {
+				ServicePermission sp = (ServicePermission) permissions.get("*");
+				if (sp != null) {
+					effective |= sp.action_mask;
+					if ((effective & desired) == desired) {
+						return true;
+					}
+				}
+			}
+			
+			String[] requestedNames = requested.objectClass;
+			/* if requested permission not created with ServiceReference */
+			if (requestedNames == null) {
+				effective |= effective(requested.getName(), desired, effective);
+				if ((effective & desired) == desired) {
+					return true;
+				}
+			}
+			/* requested permission created with ServiceReference */
+			else {
+				for (int i = 0, l = requestedNames.length; i < l; i++) {
+					if ((effective(requestedNames[i], desired, effective) & desired) == desired) {
+						return true;
+					}
+				}
+			}
+			Map pc = filterPermissions;
+			if (pc == null) {
+				return false;
+			}
+			perms = pc.values();
+		}
+		
+		/* iterate one by one over filteredPermissions */
+		for (Iterator iter = perms.iterator(); iter.hasNext();) {
+			if (((ServicePermission) iter.next())
+					.implies0(requested, effective)) {
+				return true;
 			}
 		}
+		return false;
+	}
 
+	/**
+	 * Consult permissions map to compute the effective permission for the
+	 * requested permission name.
+	 * 
+	 * @param requestedName The requested service name.
+	 * @param desired The desired actions.
+	 * @param effective The effective actions.
+	 * @return The new effective actions.
+	 */
+	private int effective(String requestedName, final int desired,
+			int effective) {
+		final Map pc = permissions;
+		ServicePermission sp = (ServicePermission) pc.get(requestedName);
 		// strategy:
 		// Check for full match first. Then work our way up the
 		// name looking for matches on a.b.*
-
-		String name = sp.getName();
-
-		x = (ServicePermission) permissions.get(name);
-
-		if (x != null) {
+		if (sp != null) {
 			// we have a direct hit!
-			effective |= x.getMask();
-			if ((effective & desired) == desired)
-				return (true);
+			effective |= sp.action_mask;
+			if ((effective & desired) == desired) {
+				return effective;
+			}
 		}
-
 		// work our way up the tree...
-		int last, offset;
-
-		offset = name.length() - 1;
-
-		while ((last = name.lastIndexOf(".", offset)) != -1) {
-
-			name = name.substring(0, last + 1) + "*";
-			x = (ServicePermission) permissions.get(name);
-
-			if (x != null) {
-				effective |= x.getMask();
-				if ((effective & desired) == desired)
-					return (true);
+		int last;
+		int offset = requestedName.length() - 1;
+		while ((last = requestedName.lastIndexOf(".", offset)) != -1) {
+			requestedName = requestedName.substring(0, last + 1) + "*";
+			sp = (ServicePermission) pc.get(requestedName);
+			if (sp != null) {
+				effective |= sp.action_mask;
+				if ((effective & desired) == desired) {
+					return effective;
+				}
 			}
 			offset = last - 1;
 		}
-
-		// we don't have to check for "*" as it was already checked
-		// at the top (all_allowed), so we just return false
-		return (false);
+		/*
+		 * we don't have to check for "*" as it was already checked before we
+		 * were called.
+		 */
+		return effective;
 	}
-
+	
 	/**
 	 * Returns an enumeration of all the <code>ServicePermission</code>
 	 * objects in the container.
 	 * 
 	 * @return Enumeration of all the ServicePermission objects.
 	 */
+	public synchronized Enumeration elements() {
+		List all = new ArrayList(permissions.values());
+		Map pc = filterPermissions;
+		if (pc != null) {
+			all.addAll(pc.values());
+		}
+		return Collections.enumeration(all);
+	}
+	
+	/* serialization logic */
+	private static final ObjectStreamField[]	serialPersistentFields	= {
+			new ObjectStreamField("permissions", Hashtable.class),
+			new ObjectStreamField("all_allowed", Boolean.TYPE),
+			new ObjectStreamField("filterPermissions", HashMap.class)	};
 
-	public Enumeration elements() {
-		return (permissions.elements());
+	private synchronized void writeObject(ObjectOutputStream out)
+			throws IOException {
+		Hashtable hashtable = new Hashtable(permissions);
+		ObjectOutputStream.PutField pfields = out.putFields();
+		pfields.put("permissions", hashtable);
+		pfields.put("all_allowed", all_allowed);
+		pfields.put("filterPermissions", filterPermissions);
+		out.writeFields();
+	}
+
+	private synchronized void readObject(java.io.ObjectInputStream in)
+			throws IOException, ClassNotFoundException {
+		ObjectInputStream.GetField gfields = in.readFields();
+		Hashtable hashtable = (Hashtable) gfields.get("permissions", null);
+		permissions = new HashMap(hashtable);
+		all_allowed = gfields.get("all_allowed", false);
+		filterPermissions = (HashMap) gfields.get("filterPermissions", null);
 	}
 }

Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceReference.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceReference.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceReference.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceReference.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/ServiceReference.java,v 1.20 2007/02/21 16:49:05 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2000, 2007). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2000, 2009). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +16,8 @@
 
 package org.osgi.framework;
 
+import java.util.Dictionary;
+
 /**
  * A reference to a service.
  * 
@@ -46,7 +46,7 @@
  * @see BundleContext#getServiceReferences
  * @see BundleContext#getService
  * @ThreadSafe
- * @version $Revision: 1.20 $
+ * @version $Revision: 6374 $
  */
 
 public interface ServiceReference extends Comparable {
@@ -85,8 +85,8 @@
 	 * This method is <i>case-preserving </i>; this means that every key in the
 	 * returned array must have the same case as the corresponding key in the
 	 * properties <code>Dictionary</code> that was passed to the
-	 * {@link BundleContext#registerService(String[],Object,java.util.Dictionary)}
-	 * or {@link ServiceRegistration#setProperties} methods.
+	 * {@link BundleContext#registerService(String[],Object,Dictionary)} or
+	 * {@link ServiceRegistration#setProperties} methods.
 	 * 
 	 * @return An array of property keys.
 	 */
@@ -102,9 +102,9 @@
 	 * unregistered.
 	 * 
 	 * @return The bundle that registered the service referenced by this
-	 *         <code>ServiceReference</code> object; <code>null</code> if
-	 *         that service has already been unregistered.
-	 * @see BundleContext#registerService(String[],Object,java.util.Dictionary)
+	 *         <code>ServiceReference</code> object; <code>null</code> if that
+	 *         service has already been unregistered.
+	 * @see BundleContext#registerService(String[],Object,Dictionary)
 	 */
 	public Bundle getBundle();
 
@@ -146,7 +146,9 @@
 	 *         referenced by this <code>ServiceReference</code> and the
 	 *         specified bundle use the same source for the package of the
 	 *         specified class name. Otherwise <code>false</code> is returned.
-	 * 
+	 * @throws IllegalArgumentException If the specified <code>Bundle</code> was
+	 *         not created by the same framework instance as this
+	 *         <code>ServiceReference</code>.
 	 * @since 1.3
 	 */
 	public boolean isAssignableTo(Bundle bundle, String className);
@@ -157,10 +159,9 @@
 	 * 
 	 * <p>
 	 * If this <code>ServiceReference</code> and the specified
-	 * <code>ServiceReference</code> have the same
-	 * {@link Constants#SERVICE_ID service id} they are equal. This
-	 * <code>ServiceReference</code> is less than the specified
-	 * <code>ServiceReference</code> if it has a lower
+	 * <code>ServiceReference</code> have the same {@link Constants#SERVICE_ID
+	 * service id} they are equal. This <code>ServiceReference</code> is less
+	 * than the specified <code>ServiceReference</code> if it has a lower
 	 * {@link Constants#SERVICE_RANKING service ranking} and greater if it has a
 	 * higher service ranking. Otherwise, if this <code>ServiceReference</code>
 	 * and the specified <code>ServiceReference</code> have the same
@@ -172,8 +173,11 @@
 	 * 
 	 * @param reference The <code>ServiceReference</code> to be compared.
 	 * @return Returns a negative integer, zero, or a positive integer if this
-	 *         <code>ServiceReference</code> is less than, equal to, or
-	 *         greater than the specified <code>ServiceReference</code>.
+	 *         <code>ServiceReference</code> is less than, equal to, or greater
+	 *         than the specified <code>ServiceReference</code>.
+	 * @throws IllegalArgumentException If the specified
+	 *         <code>ServiceReference</code> was not created by the same
+	 *         framework instance as this <code>ServiceReference</code>.
 	 * @since 1.4
 	 */
 	public int compareTo(Object reference);

Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceRegistration.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceRegistration.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceRegistration.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/ServiceRegistration.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/ServiceRegistration.java,v 1.14 2007/02/21 16:49:05 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2000, 2007). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2000, 2009). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +32,7 @@
  * 
  * @see BundleContext#registerService(String[],Object,Dictionary)
  * @ThreadSafe
- * @version $Revision: 1.14 $
+ * @version $Revision: 6361 $
  */
 
 public interface ServiceRegistration {
@@ -45,7 +43,7 @@
 	 * The <code>ServiceReference</code> object may be shared with other
 	 * bundles.
 	 * 
-	 * @throws java.lang.IllegalStateException If this
+	 * @throws IllegalStateException If this
 	 *         <code>ServiceRegistration</code> object has already been
 	 *         unregistered.
 	 * @return <code>ServiceReference</code> object.
@@ -64,8 +62,7 @@
 	 * The following steps are required to modify service properties:
 	 * <ol>
 	 * <li>The service's properties are replaced with the provided properties.
-	 * <li>A service event of type {@link ServiceEvent#MODIFIED} is
-	 * fired.
+	 * <li>A service event of type {@link ServiceEvent#MODIFIED} is fired.
 	 * </ol>
 	 * 
 	 * @param properties The properties for this service. See {@link Constants}
@@ -84,17 +81,19 @@
 	 * Unregisters a service. Remove a <code>ServiceRegistration</code> object
 	 * from the Framework service registry. All <code>ServiceReference</code>
 	 * objects associated with this <code>ServiceRegistration</code> object
-	 * can no longer be used to interact with the service.
+	 * can no longer be used to interact with the service once unregistration is
+	 * complete.
 	 * 
 	 * <p>
 	 * The following steps are required to unregister a service:
 	 * <ol>
 	 * <li>The service is removed from the Framework service registry so that
-	 * it can no longer be used. <code>ServiceReference</code> objects for the
-	 * service may no longer be used to get a service object for the service.
-	 * <li>A service event of type {@link ServiceEvent#UNREGISTERING} is
-	 * fired so that bundles using this service can release their
-	 * use of it.
+	 * it can no longer be obtained.
+	 * <li>A service event of type {@link ServiceEvent#UNREGISTERING} is fired
+	 * so that bundles using this service can release their use of the service.
+	 * Once delivery of the service event is complete, the
+	 * <code>ServiceReference</code> objects for the service may no longer be
+	 * used to get a service object for the service.
 	 * <li>For each bundle whose use count for this service is greater than
 	 * zero: <br>
 	 * The bundle's use count for this service is set to zero. <br>
@@ -103,7 +102,7 @@
 	 * the service object for the bundle.
 	 * </ol>
 	 * 
-	 * @throws java.lang.IllegalStateException If this
+	 * @throws IllegalStateException If this
 	 *         <code>ServiceRegistration</code> object has already been
 	 *         unregistered.
 	 * @see BundleContext#ungetService

Added: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/SignerProperty.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/SignerProperty.java?rev=782737&view=auto
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/SignerProperty.java (added)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/SignerProperty.java Mon Jun  8 19:31:06 2009
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) OSGi Alliance (2009). All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.osgi.framework;
+
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Package private class used by permissions for filter matching on signer key
+ * during filter expression evaluation in the permission implies method.
+ * 
+ * @Immutable
+ * @version $Revision: 6479 $
+ */
+class SignerProperty {
+	private final Bundle	bundle;
+	private final String	pattern;
+
+	/**
+	 * String constructor used by the filter matching algorithm to construct a
+	 * SignerProperty from the attribute value in a filter expression.
+	 * 
+	 * @param pattern Attribute value in the filter expression.
+	 */
+	public SignerProperty(String pattern) {
+		this.pattern = pattern;
+		this.bundle = null;
+	}
+
+	/**
+	 * Used by the permission implies method to build the properties for a
+	 * filter match.
+	 * 
+	 * @param bundle The bundle whose signers are to be matched.
+	 */
+	SignerProperty(Bundle bundle) {
+		this.bundle = bundle;
+		this.pattern = null;
+	}
+
+	/**
+	 * Used by the filter matching algorithm. This methods does NOT satisfy the
+	 * normal equals contract. Since the class is only used in filter expression
+	 * evaluations, it only needs to support comparing an instance created with
+	 * a Bundle to an instance created with a pattern string from the filter
+	 * expression.
+	 * 
+	 * @param o SignerProperty to compare against.
+	 * @return true if the DN name chain matches the pattern.
+	 */
+	public boolean equals(Object o) {
+		if (!(o instanceof SignerProperty))
+			return false;
+		SignerProperty other = (SignerProperty) o;
+		Bundle matchBundle = bundle != null ? bundle : other.bundle;
+		String matchPattern = bundle != null ? other.pattern : pattern;
+		Map/* <X509Certificate, List<X509Certificate>> */signers = matchBundle
+				.getSignerCertificates(Bundle.SIGNERS_TRUSTED);
+		for (Iterator iSigners = signers.values().iterator(); iSigners
+				.hasNext();) {
+			List/* <X509Certificate> */signerCerts = (List) iSigners.next();
+			List/* <String> */dnChain = new ArrayList(signerCerts.size());
+			for (Iterator iCerts = signerCerts.iterator(); iCerts.hasNext();) {
+				dnChain.add(((X509Certificate) iCerts.next()).getSubjectDN()
+						.getName());
+			}
+			if (FrameworkUtil
+					.matchDistinguishedNameChain(matchPattern, dnChain)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * Since the equals method does not obey the general equals contract, this
+	 * method cannot generate hash codes which obey the equals contract.
+	 */
+	public int hashCode() {
+		return 31;
+	}
+
+	/**
+	 * Check if the bundle is signed.
+	 * 
+	 * @return true if constructed with a bundle that is signed.
+	 */
+	boolean isBundleSigned() {
+		if (bundle == null) {
+			return false;
+		}
+		Map/* <X509Certificate, List<X509Certificate>> */signers = bundle
+				.getSignerCertificates(Bundle.SIGNERS_TRUSTED);
+		return !signers.isEmpty();
+	}
+}

Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/SynchronousBundleListener.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/SynchronousBundleListener.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/SynchronousBundleListener.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/SynchronousBundleListener.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/SynchronousBundleListener.java,v 1.15 2007/02/20 00:16:30 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2001, 2007). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2001, 2008). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,7 +45,7 @@
  * @since 1.1
  * @see BundleEvent
  * @ThreadSafe
- * @version $Revision: 1.15 $
+ * @version $Revision: 5673 $
  */
 
 public interface SynchronousBundleListener extends BundleListener {

Modified: felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/Version.java
URL: http://svn.apache.org/viewvc/felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/Version.java?rev=782737&r1=782736&r2=782737&view=diff
==============================================================================
--- felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/Version.java (original)
+++ felix/trunk/org.osgi.core/src/main/java/org/osgi/framework/Version.java Mon Jun  8 19:31:06 2009
@@ -1,7 +1,5 @@
 /*
- * $Header: /cvshome/build/org.osgi.framework/src/org/osgi/framework/Version.java,v 1.17 2007/02/20 00:07:22 hargrave Exp $
- * 
- * Copyright (c) OSGi Alliance (2004, 2007). All Rights Reserved.
+ * Copyright (c) OSGi Alliance (2004, 2009). All Rights Reserved.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -39,7 +37,7 @@
  * 
  * @since 1.3
  * @Immutable
- * @version $Revision: 1.17 $
+ * @version $Revision: 6860 $
  */
 
 public class Version implements Comparable {
@@ -50,8 +48,7 @@
 	private static final String	SEPARATOR		= ".";					//$NON-NLS-1$
 
 	/**
-	 * The empty version "0.0.0". Equivalent to calling
-	 * <code>new Version(0,0,0)</code>.
+	 * The empty version "0.0.0".
 	 */
 	public static final Version	emptyVersion	= new Version(0, 0, 0);
 
@@ -72,14 +69,14 @@
 	}
 
 	/**
-	 * Creates a version identifier from the specifed components.
+	 * Creates a version identifier from the specified components.
 	 * 
 	 * @param major Major component of the version identifier.
 	 * @param minor Minor component of the version identifier.
 	 * @param micro Micro component of the version identifier.
 	 * @param qualifier Qualifier component of the version identifier. If
-	 *        <code>null</code> is specified, then the qualifier will be set
-	 *        to the empty string.
+	 *        <code>null</code> is specified, then the qualifier will be set to
+	 *        the empty string.
 	 * @throws IllegalArgumentException If the numerical components are negative
 	 *         or the qualifier string is invalid.
 	 */
@@ -118,26 +115,26 @@
 	 *         formatted.
 	 */
 	public Version(String version) {
-		int major = 0;
-		int minor = 0;
-		int micro = 0;
-		String qualifier = ""; //$NON-NLS-1$
+		int maj = 0;
+		int min = 0;
+		int mic = 0;
+		String qual = ""; //$NON-NLS-1$
 
 		try {
 			StringTokenizer st = new StringTokenizer(version, SEPARATOR, true);
-			major = Integer.parseInt(st.nextToken());
+			maj = Integer.parseInt(st.nextToken());
 
 			if (st.hasMoreTokens()) {
 				st.nextToken(); // consume delimiter
-				minor = Integer.parseInt(st.nextToken());
+				min = Integer.parseInt(st.nextToken());
 
 				if (st.hasMoreTokens()) {
 					st.nextToken(); // consume delimiter
-					micro = Integer.parseInt(st.nextToken());
+					mic = Integer.parseInt(st.nextToken());
 
 					if (st.hasMoreTokens()) {
 						st.nextToken(); // consume delimiter
-						qualifier = st.nextToken();
+						qual = st.nextToken();
 
 						if (st.hasMoreTokens()) {
 							throw new IllegalArgumentException("invalid format"); //$NON-NLS-1$
@@ -150,10 +147,10 @@
 			throw new IllegalArgumentException("invalid format"); //$NON-NLS-1$
 		}
 
-		this.major = major;
-		this.minor = minor;
-		this.micro = micro;
-		this.qualifier = qualifier;
+		major = maj;
+		minor = min;
+		micro = mic;
+		qualifier = qual;
 		validate();
 	}
 
@@ -173,11 +170,23 @@
 		if (micro < 0) {
 			throw new IllegalArgumentException("negative micro"); //$NON-NLS-1$
 		}
-		int length = qualifier.length();
-		for (int i = 0; i < length; i++) {
-			if ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-".indexOf(qualifier.charAt(i)) == -1) { //$NON-NLS-1$
-				throw new IllegalArgumentException("invalid qualifier"); //$NON-NLS-1$
+		char[] chars = qualifier.toCharArray();
+		for (int i = 0, length = chars.length; i < length; i++) {
+	        char ch = chars[i];
+			if (('A' <= ch) && (ch <= 'Z')) {
+				continue;
 			}
+			if (('a' <= ch) && (ch <= 'z')) {
+				continue;
+			}
+			if (('0' <= ch) && (ch <= '9')) {
+				continue;
+			}
+			if ((ch == '_') || (ch == '-')) {
+				continue;
+			}
+			throw new IllegalArgumentException(
+					"invalid qualifier: " + qualifier); //$NON-NLS-1$
 		}
 	}
 
@@ -256,13 +265,18 @@
 	 * @return The string representation of this version identifier.
 	 */
 	public String toString() {
-		String base = major + SEPARATOR + minor + SEPARATOR + micro;
-		if (qualifier.length() == 0) { //$NON-NLS-1$
-			return base;
-		}
-		else {
-			return base + SEPARATOR + qualifier;
+		int q = qualifier.length();
+		StringBuffer result = new StringBuffer(20 + q);
+		result.append(major);
+		result.append(SEPARATOR);
+		result.append(minor);
+		result.append(SEPARATOR);
+		result.append(micro);
+		if (q > 0) {
+			result.append(SEPARATOR);
+			result.append(qualifier);
 		}
+		return result.toString();
 	}
 
 	/**



Mime
View raw message