jaulib v1.3.0
Jau Support Library (C++, Java, ..)
SecurityUtil.java
Go to the documentation of this file.
1/**
2 * Author: Sven Gothel <sgothel@jausoft.com>
3 * Copyright (c) 2021-2023 Gothel Software e.K.
4 * Copyright (c) 2012 Gothel Software e.K.
5 * Copyright (c) 2012 JogAmp Community.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining
8 * a copy of this software and associated documentation files (the
9 * "Software"), to deal in the Software without restriction, including
10 * without limitation the rights to use, copy, modify, merge, publish,
11 * distribute, sublicense, and/or sell copies of the Software, and to
12 * permit persons to whom the Software is furnished to do so, subject to
13 * the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be
16 * included in all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
20 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
22 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
23 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
24 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 */
26package org.jau.sec;
27
28import java.security.AllPermission;
29import java.security.CodeSource;
30import java.security.Permission;
31import java.security.PrivilegedAction;
32import java.security.ProtectionDomain;
33import java.security.cert.Certificate;
34
35import org.jau.sys.PlatformProps;
36
37public class SecurityUtil {
38 @SuppressWarnings("removal")
39 private static final SecurityManager securityManager;
40 private static final Permission allPermissions;
41 private static final boolean DEBUG = false;
42
43 /**
44 * Call wrapper for {@link System#getSecurityManager()}.
45 * <p>
46 * {@link System#getSecurityManager()} is deprecated
47 * since Java 17 (JEP 411) and earmarked to be removed.<br/>
48 * </p>
49 * <p>
50 * On a Java 17 machine, this method will simply return null.
51 * </p>
52 */
53 @SuppressWarnings({ "deprecation", "removal" })
54 public static final SecurityManager getSecurityManager() {
56 return null;
57 } else {
58 return System.getSecurityManager();
59 }
60 }
61
62 /**
63 * Call wrapper for {@link java.security.AccessController#doPrivileged(PrivilegedAction)}.
64 * <p>
65 * {@link java.security.AccessController#doPrivileged(PrivilegedAction)} is deprecated
66 * since Java 17 (JEP 411) and earmarked to be removed.<br/>
67 * </p>
68 * <p>
69 * On a Java 17 machine, this method will simply invoke the given PrivilegedAction<T>.
70 * </p>
71 * @param <T> return type of PrivilegedAction<T>
72 * @param o the PrivilegedAction<T>
73 * @return the return type
74 */
75 @SuppressWarnings({ "deprecation", "removal" })
76 public static <T> T doPrivileged(final PrivilegedAction<T> o) {
78 return o.run();
79 } else {
80 return java.security.AccessController.doPrivileged( o );
81 }
82 }
83
84 static {
85 allPermissions = new AllPermission();
86 securityManager = getSecurityManager();
87
88 if( DEBUG ) {
89 final boolean hasAllPermissions;
90 {
91 final ProtectionDomain insecPD = doPrivileged(new PrivilegedAction<ProtectionDomain>() {
92 @Override
93 public ProtectionDomain run() {
94 return SecurityUtil.class.getProtectionDomain();
95 } } );
96 boolean _hasAllPermissions;
97 try {
98 insecPD.implies(allPermissions);
99 _hasAllPermissions = true;
100 } catch( final SecurityException ace ) {
101 _hasAllPermissions = false;
102 }
103 hasAllPermissions = _hasAllPermissions;
104 }
105
106 System.err.println("SecurityUtil: Has SecurityManager: "+ ( null != securityManager ) ) ;
107 System.err.println("SecurityUtil: Has AllPermissions: "+hasAllPermissions);
108 final Certificate[] certs = doPrivileged(new PrivilegedAction<Certificate[]>() {
109 @Override
110 public Certificate[] run() {
111 return getCerts(SecurityUtil.class);
112 } } );
113 System.err.println("SecurityUtil: Cert count: "+ ( null != certs ? certs.length : 0 ));
114 if( null != certs ) {
115 for(int i=0; i<certs.length; i++) {
116 System.err.println("\t cert["+i+"]: "+certs[i].toString());
117 }
118 }
119 }
120 }
121
122 /**
123 * Returns <code>true</code> if no {@link SecurityManager} has been installed
124 * or the installed {@link SecurityManager}'s <code>checkPermission(new AllPermission())</code>
125 * passes. Otherwise method returns <code>false</code>.
126 */
127 public static final boolean hasAllPermissions() {
128 return hasPermission(allPermissions);
129 }
130
131 /**
132 * Returns <code>true</code> if no {@link SecurityManager} has been installed
133 * or the installed {@link SecurityManager}'s <code>checkPermission(perm)</code>
134 * passes. Otherwise method returns <code>false</code>.
135 */
136 public static final boolean hasPermission(final Permission perm) {
137 try {
138 checkPermission(perm);
139 return true;
140 } catch( final SecurityException ace ) {
141 return false;
142 }
143 }
144
145 /**
146 * Throws an {@link SecurityException} if an installed {@link SecurityManager}
147 * does not permit the requested {@link AllPermission}.
148 */
149 public static final void checkAllPermissions() throws SecurityException {
150 checkPermission(allPermissions);
151 }
152
153 /**
154 * Throws an {@link SecurityException} if an installed {@link SecurityManager}
155 * does not permit the requested {@link Permission}.
156 */
157 @SuppressWarnings({ "deprecation", "removal" })
158 public static final void checkPermission(final Permission perm) throws SecurityException {
159 if( null != securityManager ) {
160 securityManager.checkPermission(perm);
161 }
162 }
163
164 /**
165 * Returns <code>true</code> if no {@link SecurityManager} has been installed
166 * or the installed {@link SecurityManager}'s <code>checkLink(libName)</code>
167 * passes. Otherwise method returns <code>false</code>.
168 */
169 public static final boolean hasLinkPermission(final String libName) {
170 try {
171 checkLinkPermission(libName);
172 return true;
173 } catch( final SecurityException ace ) {
174 return false;
175 }
176 }
177
178 /**
179 * Throws an {@link SecurityException} if an installed {@link SecurityManager}
180 * does not permit to dynamically link the given libName.
181 */
182 @SuppressWarnings({ "deprecation", "removal" })
183 public static final void checkLinkPermission(final String libName) throws SecurityException {
184 if( null != securityManager ) {
185 securityManager.checkLink(libName);
186 }
187 }
188
189 /**
190 * Throws an {@link SecurityException} if an installed {@link SecurityManager}
191 * does not permit to dynamically link to all libraries.
192 */
193 @SuppressWarnings({ "deprecation", "removal" })
194 public static final void checkAllLinkPermission() throws SecurityException {
195 if( null != securityManager ) {
196 securityManager.checkPermission(allLinkPermission);
197 }
198 }
199 private static final RuntimePermission allLinkPermission = new RuntimePermission("loadLibrary.*");
200
201 /**
202 * @param clz
203 * @return
204 * @throws SecurityException if the caller has no permission to access the ProtectedDomain of the given class.
205 */
206 public static final Certificate[] getCerts(final Class<?> clz) throws SecurityException {
207 final ProtectionDomain pd = clz.getProtectionDomain();
208 final CodeSource cs = (null != pd) ? pd.getCodeSource() : null;
209 final Certificate[] certs = (null != cs) ? cs.getCertificates() : null;
210 return (null != certs && certs.length>0) ? certs : null;
211 }
212
213 public static final boolean equals(final Certificate[] a, final Certificate[] b) {
214 if(a == b) {
215 return true;
216 }
217 if(a==null || b==null) {
218 return false;
219 }
220 if(a.length != b.length) {
221 return false;
222 }
223
224 int i = 0;
225 while( i < a.length && a[i].equals(b[i]) ) {
226 i++;
227 }
228 return i == a.length;
229 }
230}
static final boolean hasPermission(final Permission perm)
Returns true if no SecurityManager has been installed or the installed SecurityManager's checkPermiss...
static final SecurityManager getSecurityManager()
Call wrapper for System#getSecurityManager().
static final boolean hasLinkPermission(final String libName)
Returns true if no SecurityManager has been installed or the installed SecurityManager's checkLink(li...
static final void checkPermission(final Permission perm)
Throws an SecurityException if an installed SecurityManager does not permit the requested Permission.
static final void checkLinkPermission(final String libName)
Throws an SecurityException if an installed SecurityManager does not permit to dynamically link the g...
static final void checkAllLinkPermission()
Throws an SecurityException if an installed SecurityManager does not permit to dynamically link to al...
static final boolean hasAllPermissions()
Returns true if no SecurityManager has been installed or the installed SecurityManager's checkPermiss...
static final Certificate[] getCerts(final Class<?> clz)
static final boolean equals(final Certificate[] a, final Certificate[] b)
static< T > T doPrivileged(final PrivilegedAction< T > o)
Call wrapper for java.security.AccessController#doPrivileged(PrivilegedAction).
static final void checkAllPermissions()
Throws an SecurityException if an installed SecurityManager does not permit the requested AllPermissi...
Platform Properties derived from Java properties.
static final boolean JAVA_17
True only if being compatible w/ language level 17, e.g.