You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2010/03/28 14:57:05 UTC
svn commit: r928394 [5/6] - in /incubator/river/jtsk/trunk: ./ qa/
qa/harness/policy/ qa/jtreg/net/jini/jeri/kerberos/UnitTests/
qa/jtreg/net/jini/jeri/transport/multihomed/ qa/jtreg/unittestlib/
qa/src/com/sun/jini/qa/harness/ qa/src/com/sun/jini/qa/r...
Added: incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/UnresolvedPrincipal.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/UnresolvedPrincipal.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/UnresolvedPrincipal.java (added)
+++ incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/UnresolvedPrincipal.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+* @author Alexey V. Varlamov
+* @version $Revision$
+*/
+
+package org.apache.river.security.policy.util;
+
+import java.security.Principal;
+
+
+/**
+ * Descriptive implementation of Principal, which holds a name and a classname
+ * of unresolved principal. It is used to define an arbitrary Principal which
+ * may be not yet instantiated and authenticated.
+ * <br>
+ * This concept is somewhat similar to UnresolvedPermission. A principal-based
+ * policy may grant permissions depending on what Principals own the current
+ * execution thread. So the policy refers to this model definition of
+ * acceptable principal and compares it with the actual principal.
+ *
+ * @see PolicyEntry
+ * @see org.apache.harmony.security.DefaultPolicy
+ */
+public final class UnresolvedPrincipal implements Principal {
+
+ /**
+ * Wildcard value denotes any class and/or any name.
+ */
+ public static final String WILDCARD = DefaultPolicyScanner.PrincipalEntry.WILDCARD;
+
+ // Class name
+ private final String klass;
+
+ // Principal name
+ private final String name;
+
+ /**
+ * Constructs a a new definition of a Principal with specified
+ * parameters.
+ * @param klass fully qualified class name, may be wildcard
+ * @param name name of principal, may be wildcard
+ * @throws IllegalArgumentException if <code>klass</code> value
+ * is <code>null </code> or is empty string
+ */
+ public UnresolvedPrincipal(String klass, String name) {
+ if (klass == null || klass.length() == 0) {
+ throw new IllegalArgumentException(Messages.getString("security.91")); //$NON-NLS-1$
+ }
+
+ this.klass = klass;
+ this.name = name;
+ }
+
+ /**
+ * Returns name of a modeled Principal, or wildcard
+ * if any name is acceptable.
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Returns fully qualified class name of a modeled Principal,
+ * or wildcard if any class is acceptable.
+ */
+ public String getClassName() {
+ return klass;
+ }
+
+ /**
+ * Returns <code>true</code> if compared object is a Principal
+ * matching this definition, or if it is an UnresolvedPrincipal,
+ * which defines the same Principal; <code>false</code> otherwise.
+ */
+ public boolean equals(Object that) {
+ if (that instanceof UnresolvedPrincipal) {
+ UnresolvedPrincipal up = (UnresolvedPrincipal) that;
+ return klass.equals(up.klass)
+ && (name == null ? up.name == null : name.equals(up.name));
+ }
+ if (that instanceof Principal) {
+ return implies((Principal) that);
+ }
+ return false;
+ }
+
+ /**
+ * Returns <code>true</code> if compared object is a Principal
+ * exactly matching this definition. Namely, if the fully qualified name
+ * of class of passed Principal is equal to the class name value
+ * of this definition and the name of passed Principal is equal to
+ * the name value of this definition, or if this definition allows
+ * any class or name, respectively.
+ * Otherwise returns <code>false</code> .
+ */
+ public boolean implies(Principal another) {
+ return (another != null)
+ && (WILDCARD.equals(klass)
+ || klass.equals(another.getClass().getName())
+ && (WILDCARD.equals(name)
+ || (name == null ? another.getName() == null
+ : name.equals(another.getName()))));
+ }
+
+ /**
+ * Returns the hash code value for this object.
+ */
+ public int hashCode() {
+ int hash = 0;
+ if (name != null) {
+ hash ^= name.hashCode();
+ }
+ if (klass != null) {
+ hash ^= klass.hashCode();
+ }
+ return hash;
+ }
+
+ /**
+ * Returns a string describing this model of Principal.
+ * The format is 'Principal classname "name"'.
+ */
+ public String toString() {
+ return "Principal " + klass + " \"" + name + "\""; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ }
+}
\ No newline at end of file
Propchange: incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/UnresolvedPrincipal.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/Util.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/Util.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/Util.java (added)
+++ incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/Util.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.security.policy.util;
+
+public class Util {
+
+ public static String toUpperCase(String s) {
+ return toASCIIUpperCase(s);
+ }
+
+ public static boolean equalsIgnoreCase(String s1, String s2) {
+ s1 = toASCIIUpperCase(s1);
+ s2 = toASCIIUpperCase(s2);
+ return s1.equals(s2);
+ }
+ public static String toASCIIUpperCase(String s) {
+ int len = s.length();
+ StringBuilder buffer = new StringBuilder(len);
+ for (int i = 0; i < len; i++) {
+ char c = s.charAt(i);
+ if ('a' <= c && c <= 'z') {
+ buffer.append((char) (c - ('a' - 'A')));
+ } else {
+ buffer.append(c);
+ }
+ }
+ return buffer.toString();
+ }
+
+}
Propchange: incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/Util.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/messages.properties
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/messages.properties?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/messages.properties (added)
+++ incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/messages.properties Sun Mar 28 12:57:03 2010
@@ -0,0 +1,344 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# messages for EN locale
+security.01=Algorithm is null
+security.02=Provider is null or empty string
+security.03=Provider {0} is not available
+security.04=Provider is null
+security.05=Incorrect offset/len parameters
+security.06=Null input parameter
+security.07=the type parameter is null
+security.08=the algorithm parameter is null
+security.09=the format parameter is null
+security.0A=the encoded parameter is null
+security.0B=Could not create SecretKeySpec: {0}
+security.0C=unrecognized type/format combination: {0}/{1}
+security.0D=Could not resolute key: {0}
+security.0E=unrecognized key type: {0}
+security.0F=timestamp cannot be null
+security.10=signerCertPath cannot be null
+security.100=ASN.1 implicitly tagged type is expected at [{0}]. Expected tag: {1}, but encountered tag {2}
+security.101=ASN.1 type:{0} is not designed to be encoded
+security.102=Negative tag number
+security.103=Wrong tag class
+security.104=Tag long form is not implemented
+security.105=DER: only definite length encoding MUST be used
+security.106=ASN.1 bitstring: constructed identifier at [{0}]. Not valid for DER.
+security.107=ASN.1 bitstring: wrong content at [{0}]. DER requires zero unused bits in final octet.
+security.108=ASN.1 boolean: wrong content at [{0}]. DER allows only 0x00 or 0xFF values
+security.109=ASN.1 octetstring: constructed identifier at [{0}]. Not valid for DER.
+security.10A=ASN.1 string: constructed identifier at [{0}]. Not valid for DER.
+security.10B=ASN.1 UTCTime: constructed identifier at [{0}]. Not valid for DER.
+security.10C=ASN.1 UTCTime: wrong format for DER, identifier at [{0}]
+security.10D=ASN.1 GeneralizedTime: constructed identifier at [{0}]. Not valid for DER.
+security.10E=ASN.1 choice type: {0} MUST have at least one alternative
+security.10F=ASN.1 choice type: {0} MUST have alternatives with distinct tags
+security.11={0} {1} implementation not found: {2}
+security.110=Failed to decode ASN.1 choice type. No alternatives were found for {0}
+security.111=Wrong content length
+security.112=Decoding indefined length encoding is not provided
+security.113=Too long encoding at [{0}]
+security.114=ASN.1 Bitstring: wrong length. Tag at [{0}]
+security.115=ASN.1 Bitstring: wrong content at [{0}]. A number of unused bits MUST be in range 0 to 7
+security.116=ASN.1 Bitstring: wrong content at [{0}]. For empty string unused bits MUST be 0
+security.117=Decoding constructed ASN.1 bitstring type is not provided
+security.118=ASN.1 bitstring identifier is expected at [{0}], but encountered: {1}
+security.119=ASN.1 enumerated identifier is expected at [{0}], but encountered: {1}
+security.11A=ASN.1 enumerated: wrong length for identifier at [{0}]
+security.11B=ASN.1 enumerated: wrong content at [{0}]. An integer MUST be encoded in minimum number of octets
+security.11C=ASN.1 boolean identifier is expected at [{0}], but encountered:{1}
+security.11D=Wrong length for ASN.1 boolean at [{0}]
+security.11E=ASN.1 GeneralizedTime: encoded format is not implemented
+security.11F=ASN.1 GeneralizedTime wrongly encoded at [{0}]
+security.12={0}: service cannot use the parameter
+security.120=Decoding constructed ASN.1 GeneralizedTime type is not provided
+security.121=ASN.1 GeneralizedTime identifier is expected at [{0}], but encountered: {1}
+security.122=ASN.1 UTCTime: local time format is not supported.
+security.123=ASN.1 UTCTime: wrong length, identifier at [{0}]
+security.124=Decoding constructed ASN.1 UTCTime type is not provided
+security.125=ASN.1 UTCTime identifier is expected at [{0}], but encountered: {1}
+security.126=Time encoding has invalid char
+security.127=ASN.1 integer identifier is expected at [{0}], but encountered: {1}
+security.128=Wrong length for ASN.1 integer at [{0}]
+security.129=Wrong content for ASN.1 integer at [{0}]. An integer MUST be encoded in minimum number of octets
+security.12A=Decoding constructed ASN.1 octet string type is not provided
+security.12B=ASN.1 octetstring identifier is expected at [{0}], but encountered: {1}
+security.12C=ASN.1 OID identifier is expected at [{0}], but encountered: {1}
+security.12D=Wrong length for ASN.1 object identifier at [{0}]
+security.12E=Wrong encoding at [{0}]
+security.12F=ASN.1 sequence identifier is expected at [{0}], but encountered: {1}
+security.13=Cert's public key does not match Identity's public key
+security.130=ASN.1 Sequence: mandatory value is missing at [{0}]
+security.131=Mandatory value is missing at [{0}]
+security.132=ASN.1 Sequence: mandatory value is missing at [{0}]
+security.133=Mandatory value is missing at [{0}]
+security.134=Wrong encoding at [{0}]. Content's length and encoded length are not the same
+security.135=ASN.1 sequenceOf identifier is expected at [{0}], but encountered: {1}
+security.136=ASN.1 set identifier is expected at [{0}], but encountered: {1}
+security.137=Decoding ASN.1 Set type is not provided
+security.138=ASN.1 setOf identifier is expected at [{0}], but encountered: {1}
+security.139=Decoding constructed ASN.1 string type is not provided
+security.13A=ASN.1 string type identifier is expected at [{0}], but encountered: {1}
+security.13B=Unexpected end of encoding
+security.13C=Failed to read encoded content
+security.13D=Number of unused bits MUST be in range 0-7
+security.13E=For empty bit string unused bits MUST be 0
+security.13F=ASN.1 explicitly tagged type is expected at [{0}]. Expected tag: {1}, but encountered tag {2}
+security.14=key already used in scope
+security.140=thread can not be null
+security.141=You can not modify this map.
+security.142=null context may be stored only once.
+security.143=Error expanding alias : {0}
+security.144=Self protocol is valid only in context of Principal-based grant entries
+security.145=Unknown expansion protocol : {0}
+security.146=No KeyStore to resolve signers : "{0}"
+security.147=No KeyStore to resolve principal by alias : "{0}"
+security.148=Invalid certificate for alias "{0}" : {1}. Only X509Certificate should be aliased to principals.
+security.149=Null algorithm name
+security.14A={0} {1} implementation not found
+security.14B={0} , algorithm is null
+security.14C=Provider implementation should be specified via "{0}" security property
+security.14D=Provided class {0} does not implement {1}
+security.14E=Unable to instantiate provider : {0}
+security.14F=Unknown key: {0}
+security.15=collection is read-only
+security.150=No suitable constructors found in permission class : {0}. Zero, one or two-argument constructor is expected
+security.151=Certificate Factory supports CRLs and Certificates in (PEM) ASN.1 DER encoded form, and Certification Paths in PkiPath and PKCS7 formats.
+security.152=Input Stream contains not enough data.
+security.153=Input stream should not be null.
+security.154=Invalid PKCS7 data provided
+security.155=There is no data in the stream.
+security.156=Incorrect PEM encoding: EOF before content.
+security.157=Incorrect Base64 encoding: EOF without closing delimiter.
+security.158=Incorrect Base64 encoding: New line code is expected before closing delimiter boundary.
+security.159=Incorrect Base64 encoding.
+security.15A=Could not reset the stream: position became invalid or stream has not been marked.
+security.15B=Incorrect PEM encoding: '-----BEGIN{0}' is expected as opening delimiter boundary.
+security.15B1=Incorrect PEM encoding: '-----END{0}' is expected as closing delimiter boundary.
+security.15B2=Incorrect PEM encoding: New line code is expected after the opening delimiter boundary."
+security.15B3=Bad Certificate encoding.
+security.15B4=Bad CRL encoding.
+security.15C=Signature was not verified.
+security.15D=One of provided certificates is not X509 certificate
+security.15E=Incorrect encoded form: {0}
+security.15F=Unsupported encoding.
+security.16=invalid permission: {0}
+security.160=Incorrect PKCS7 encoded form: missing signed data
+security.161=Encoding Error occurred
+security.162=null is passed to 'buf' parameter
+security.163=buf.lendth doesn't fit supplied offset and len
+security.164=\ len < digest's length (which is 20 bytes)
+security.165=negative offset: {0}
+security.166=no byte[] passed to 'input' parameter
+security.167=input.lendth doesn't fit supplied offset and len
+security.168='privateKey' is not instanceof DSAPrivateKey
+security.169=bad p
+security.16A=bad q
+security.16B=x is not positive or >= q
+security.16C='publicKey' is not instanceof DSAPublicKey
+security.16D=y is not positive
+security.16E=invalid parameter for this engine
+security.16F=signature bytes have invalid encoding
+security.17=no more elements
+security.170=bad argument: byte[] is too small
+security.171=numBytes={0}
+security.172=OID's group is null
+security.173=No SignedData found
+security.174=Can not recognize a critical extension
+security.175=Incorrect MD
+security.176=Incorrect signature
+security.177=Illegal format:
+security.178=Unrecognizable attribute name: {0}
+security.179=AttributeValue getDecodedObject MUST not be invoked
+security.17A=AttributeValue encodeContent MUST not be invoked
+security.17B=ObjectIdentifier: invalid static initialization - duplicate OIDs:{0}, {1}
+security.17C=ObjectIdentifier: invalid static initialization - small OID pool capacity
+security.17D=permittedSubtrees are empty
+security.17E=excludedSubtrees are empty
+security.17F=DistributionPoint MUST NOT consist of only the reasons field
+security.18=Could not store certificate
+security.180=Unknown string representation for type [{0}]
+security.181=Unknown type: [{0}]
+security.182=Specified iPAddress is not correct.
+security.183=GeneralName: unknown tag: {0}
+security.184=DNS name must start with a letter:'{0}' {1}
+security.185=Incorrect DNS name: {0}
+security.186=Incorrect DNS name: label ends with '-': {0}
+security.187=Bad representation of uniformResourceIdentifier. It must include the scheme and a scheme-specific-part: {0}
+security.188=Bad representation of uniformResourceIdentifier. It should not be relative: {0}
+security.189=Bad representation of uniformResourceIdentifier.{0}
+security.18A=OID should consist of no less than 2 components:{0}
+security.18B=Component of IPv4 address should consist of no more than 3 decimal numbers: {0}
+security.18C=Incorrect IP representation: {0}
+security.18D=IPv4 address should consist of 4 decimal numbers: {0}
+security.18E=Incorrect IPv6 representation: '{0}'
+security.18F=IPv6 address should consist of 8 hexadecimal numbers: {0}
+security.19=Could not find CertificateFactory of type {0}
+security.190=GeneralName: scheme is missing in URI: {0}
+security.191=GeneralName: unknown tag: {0}
+security.192=Invalid distinguished name string
+security.193=ATTENTION: 'bytesRead == -1' in getLinuxRandomBits()
+security.194=ATTENTION: IOException in RandomBitsSupplier.getLinuxRandomBits()\n
+security.195=numBytes <= 0 : {0}
+security.196=ATTENTION: service is not available : no random devices
+security.197=ATTENTION: service is not available : native library is not linked
+security.198=ATTENTION: getWindowsRandom(myBytes, numBytes) returned false
+security.199={0} {1} implementation not found:
+security.1A=Could not generate certificate
+security.1B=The value of len parameter is less than the actual digest length.
+security.1C=Invalid negative offset
+security.1D=Incorrect offset or len value
+security.1E=Parameter has already been initialized
+security.1F=Parameter has not been initialized
+security.20=invalid null permission
+security.21=Null permission
+security.22=collection is corrupted
+security.23=all-enabled flag is corrupted
+security.24=Inconsistent types of contained permissions
+security.25=Invalid state of wildcard flag
+security.26=The public key in the certificate cannot be used for digital signature purposes
+security.27=Signature object is not initialized properly.
+security.28=name must not be null
+security.29=name must not be empty
+security.2D=The value of len parameter is less than the actual signature length
+security.2E=Method initialize(AlgorithmParameterSpec params, SecureRandom random)is not supported
+security.2F=type cannot be null
+security.2A=The filter is null
+security.2B=The filter is not in the required format
+security.2C=The key is null
+security.30=Cannot encode certificate {0}
+security.31=target type field is corrupted
+security.32=Error decoding certificate
+security.33=Not Supported operation
+security.35=protectionParameter is neither PasswordProtection nor CallbackHandlerProtection instance
+security.36=Password was destroyed
+security.37=ProtectionParameter object is not PasswordProtection: {0}
+security.38=Unknown KeyStore.Entry object
+security.39=entry is null
+security.3A=protParam should be PasswordProtection or CallbackHandlerProtection
+security.3B=Entry object is neither PrivateKeyObject nor SecretKeyEntrynor TrustedCertificateEntry: {0}
+security.3C=Incorrect ProtectionParameter
+security.3D=Default CallbackHandler was not defined
+security.3E=LoadSroreParameter is null
+security.3F=alias is null
+security.40=entryClass is null
+security.41=keystore is null
+security.41=the keyStore parameter is null
+security.42=protectionParameter is null
+security.43=file is null
+security.44=File: {0} does not exist
+security.45={0} does not refer to a normal file
+security.46=getKeyStore() was not invoked
+security.47=handler is null
+security.48=privateKey is null
+security.49=chain is null
+security.4A=chain length equals 0
+security.4B=Algorithm of private key does not match algorithm of public key in end certificate of entry (with index number: 0)
+security.4C=Certificates from the given chain have different types
+security.4D=secretKey is null
+security.4E=trustCertificate is null
+security.4F=KeyStore was not initialized
+security.50=password is null
+security.51=stream is null
+security.52=Certificate chain is not defined for Private key
+security.53=Index should be -1 when CertPath is null
+security.54=Invalid index
+security.55=the certPath parameter is null
+security.56=The OID: "{0}" is incorrect.
+security.57=The name component is not a Stirng or a byte array.
+security.58=pathLen criteria should be >= -2
+security.59=Failed to get X500Principal issuer
+security.5A=Failed to get X500Principal subject
+security.5B=the maxPathLength parameter is less than -1
+security.5C=the trustedCert parameter is null
+security.5D=the caName parameter is null
+security.5E=the caPublicKey parameter is null
+security.5F=the caName parameter is empty string
+security.60=the caPrincipal parameter is null
+security.62=The name is not a String or byte array
+security.61=issuer
+security.63=Provided parameter is null
+security.64=the trustAnchor parameter is null
+security.65=the subjectPublicKey parameter is null
+security.66=Could not create serialization object:{0}
+security.67=Could not resolve cert path: {0}
+security.68=Could not resolve certificate: {0}
+security.69=the encoded length is 0
+security.6A=the keystore is empty
+security.6B=all list elements must be of type java.security.cert.CertStore
+security.6C=all set elements must be of type java.lang.String
+security.6D=the trust anchors set is empty
+security.6E=all set elements must be of type java.security.cert.TrustAnchor
+security.6F=the trustAnchors parameter is null
+security.70=Method engineGenerateCertPath(InputStream inStream) is not supported
+security.71=Method engineGenerateCertPath(InputStream inStream, String encoding) is not supported
+security.72=Method engineGenerateCertPath(List certificates) is not supported
+security.73=Method engineGetCertPathEncodings() is not supported
+security.74=There are no CertPath encodings
+security.75=the m is not positive
+security.76=the rp is null
+security.77=the rp is invalid
+security.78=the length of ks is invalid
+security.79=the ks is invalid
+security.7A=the field parameter is null
+security.7B=the a parameter is null
+security.7C=the b parameter is null
+security.7D=the a is not in the field
+security.7E=the b is not in the field
+security.7F=invalid saltLen
+security.80=the mdName parameter is null
+security.81=mgfName is null
+security.82=invalid trailerField
+security.83=the {0} parameter is null
+security.84=the w parameter is point at infinity
+security.85=the otherPrimeInfo length is 0
+security.86=the {0} parameter is not positive
+security.87=The stream should not be null
+security.88=The data should not be null
+security.89=Expected entries are : "grant" or "keystore"
+security.8A=Expected syntax is : keystore "url"[, "type"]
+security.8B=Expected syntax is : signedby "name1,...,nameN"
+security.8C=Expected syntax is : codebase "url"
+security.8D=Expected syntax is : principal [class_name] "principal_name"
+security.8E=Expected syntax is : permission permission_class_name ["target_name"] [, "action_list"] [, signedby "name1,...,nameN"]
+security.8F=Unexpected token encountered: {0}. {1}
+security.90=Unexpected token encountered: {0}
+security.91=Class cannot be null or empty
+security.92=identity is null
+security.93=name '{0}' is already used
+security.94=key '{0}' is already used
+security.95=invalid identity's name
+security.96=identity is not found
+security.97=ASN.1 Named Bitstring: size contstrains
+security.98=OID's array is null
+security.99=OID MUST have at least 2 subidentifiers
+security.9A=Valid values for first subidentifier are 0, 1 and 2
+security.9B=If the first subidentifier has 0 or 1 value the second subidentifier value MUST be less then 40.
+security.9C=Subidentifier MUST have positive value.
+security.9D=ObjectIdentifier string is null
+security.9E=Incorrect syntax
+security.9F=Implicit tagging can not be used for ASN.1 ANY or CHOICE type
+security.19A=Failed to decode keySpec encoding: {0}
+security.19B=Failed to decode parameters: {0}
+security.19C='keySpec' is neither DSAPrivateKeySpec nor PKCS8EncodedKeySpec
+security.19D='keySpec' is neither DSAPublicKeySpec nor X509EncodedKeySpec
+security.19E=null is passed to the 'keySpec' argument
+security.19F='key' is neither DSAPublicKey nor DSAPrivateKey
+security.1A0=ATTENTION: InvalidKeySpecException in engineGeneratePrivate: {0}
+security.1A1=ATTENTION: InvalidKeySpecException in engineGeneratePublic: {0}
+security.1A2=Failed to encode issuer name
+security.1A3=AccessDescriptions list is null or empty
Propchange: incubator/river/jtsk/trunk/src/org/apache/river/security/policy/util/messages.properties
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/src/org/apache/river/util/concurrent/WeakIdentityMap.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/util/concurrent/WeakIdentityMap.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/util/concurrent/WeakIdentityMap.java (added)
+++ incubator/river/jtsk/trunk/src/org/apache/river/util/concurrent/WeakIdentityMap.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,214 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.util.concurrent;
+
+
+import java.lang.ref.ReferenceQueue;
+import java.lang.ref.WeakReference;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+/**
+ * Identity-based weak hash map, safe for concurrent threads.
+ *
+ * Based on an underlying ConcurrentHashMap, it doesn't accept null keys.
+ *
+ *
+ * @param K - key
+ * @param V - value
+ * @author Peter Firmstone.
+ *
+ * @since 2.3
+ */
+public class WeakIdentityMap<K, V> implements ConcurrentMap<K, V> {
+ // ConcurrentHashMap must be protected from null values;
+ private final ConcurrentHashMap<Key, V> map = new ConcurrentHashMap<Key, V>();
+ private final ReferenceQueue queue = new ReferenceQueue();
+
+ /**
+ * Associates value with given key, returning value previously associated
+ * with key, or null if none.
+ * @param key - Key
+ * @param value - Value
+ * @return previous value or null
+ */
+ public V put(K key, V value) {
+ processQueue();
+ if (key == null){return null;}
+ return map.put(Key.create(key, queue), value);
+ }
+
+ /**
+ * Returns value associated with given key, or null if none.
+ */
+ public V get(Object key) {
+ processQueue();
+ if (key == null) { return null;}
+ return map.get(Key.create(key, null));
+ }
+
+ /**
+ * Removes association for given key, returning value previously associated
+ * with key, or null if none.
+ */
+ public V remove(Object key) {
+ processQueue();
+ if (key == null) {return null;}
+ return map.remove(Key.create(key, null));
+ }
+
+ /**
+ * Returns collection containing all values currently held in this map.
+ */
+ public Collection<V> values() {
+ processQueue();
+ return map.values();
+ }
+
+ /**
+ * Removes all associations from this map.
+ */
+ public void clear() {
+ processQueue();
+ map.clear();
+ }
+
+ private void processQueue() {
+ Key k;
+ while ((k = (Key) queue.poll()) != null) {
+ map.remove(k);
+ }
+ }
+
+ private static class Key<T> extends WeakReference<T> {
+ private final int hash;
+
+ @SuppressWarnings("unchecked")
+ static Key create(Object k, ReferenceQueue q) {
+ //if (k == null) {return null;} // Perhaps this is incorrect
+ if (q == null) {return new Key(k);}
+ return new Key(k, q);
+ }
+
+ private Key(T k) {
+ super(k);
+ hash = System.identityHashCode(k);
+ }
+
+ private Key(T k, ReferenceQueue<? super T> q) {
+ super(k, q);
+ hash = System.identityHashCode(k);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ } else if (!(o instanceof Key)) {
+ return false;
+ }
+ Object k1 = get(), k2 = ((Key) o).get();
+ return (k1 != null && k2 != null && k1 == k2);
+ }
+
+ @Override
+ public int hashCode() {
+ return hash;
+ }
+ }
+
+ public int size() {
+ processQueue();
+ return map.size();
+ }
+
+ public boolean isEmpty() {
+ processQueue();
+ return map.isEmpty();
+ }
+
+ @SuppressWarnings("unchecked")
+ public boolean containsKey(Object key) {
+ processQueue();
+ if (key == null) {return false;}
+ return map.containsKey(new Key(key));
+ }
+
+ public boolean containsValue(Object value) {
+ processQueue();
+ if (value == null) {return false;}
+ return map.containsValue(value);
+ }
+
+ /**
+ * Unsupported method
+ * @param m
+ */
+ public void putAll(Map<? extends K, ? extends V> m) {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
+
+ @SuppressWarnings("unchecked")
+ public Set<K> keySet() {
+ processQueue();
+ Enumeration<Key> keys = map.keys(); //Defensive copy by ConcurrentHashMap
+ Set<K> keySet = new HashSet<K>();
+ while (keys.hasMoreElements()){
+ keySet.add( (K) keys.nextElement().get());
+ }
+ return keySet;
+ }
+
+ /**
+ * Unsupported method
+ * @return
+ */
+ public Set<Map.Entry<K, V>> entrySet() {
+ throw new UnsupportedOperationException("Not supported yet, ever?");
+ }
+
+ @SuppressWarnings("unchecked")
+ public V putIfAbsent(K key, V value) {
+ processQueue(); //may be a slight delay before atomic putIfAbsent
+ return map.putIfAbsent(new Key(key), value);
+ }
+
+ @SuppressWarnings("unchecked")
+ public boolean remove(Object key, Object value) {
+ return map.remove(new Key(key), value);
+ }
+
+ @SuppressWarnings("unchecked")
+ public boolean replace(K key, V oldValue, V newValue) {
+ processQueue();
+ return map.replace(new Key(key), oldValue, newValue);
+ }
+
+ @SuppressWarnings("unchecked")
+ public V replace(K key, V value) {
+ processQueue();
+ return map.replace(new Key(key), value);
+ }
+}
Propchange: incubator/river/jtsk/trunk/src/org/apache/river/util/concurrent/WeakIdentityMap.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPermissionsTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPermissionsTest.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPermissionsTest.java (added)
+++ incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPermissionsTest.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,189 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package org.apache.river.security.concurrent;
+
+import java.lang.reflect.ReflectPermission;
+import java.net.NetPermission;
+import java.security.Permission;
+import java.security.Permissions;
+import java.security.UnresolvedPermission;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.PropertyPermission;
+import net.jini.security.AuthenticationPermission;
+import org.apache.river.security.RevokeablePermissionCollection;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author peter
+ */
+public class ConcurrentPermissionsTest {
+
+ public ConcurrentPermissionsTest() {
+ }
+
+ @BeforeClass
+ public static void setUpClass() throws Exception {
+ }
+
+ @AfterClass
+ public static void tearDownClass() throws Exception {
+ }
+
+ @Before
+ public void setUp() {
+ }
+
+ @After
+ public void tearDown() {
+ }
+
+ /**
+ * Test of add method, of class ConcurrentPermissions.
+ */
+ @Test
+ public void implies1() {
+ System.out.println("add");
+ Permission permission = new RuntimePermission("getClassLoader");
+ ConcurrentPermissions instance = new ConcurrentPermissions();
+ instance.add(permission);
+ boolean result = instance.implies(permission);
+ assertEquals(true, result);
+ }
+
+
+ @Test
+ public void impliesOrig(){
+ System.out.println("add Permissions");
+ Permission permission = new RuntimePermission("getClassLoader");
+ Permissions instance = new Permissions();
+ boolean result = false;
+ synchronized (instance){
+ try {
+ instance.add(permission);
+ result = instance.implies(permission);
+ } catch (Exception e) {
+ System.out.println("Test Failed" + e.getMessage());
+ }
+ }
+ assertEquals(true, result);
+ }
+
+ /**
+ * Test of implies method, of class ConcurrentPermissions.
+ */
+ @Test
+ public void implies2() {
+ System.out.println("implies");
+ Permission permission = new AuthenticationPermission("javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen");
+ ConcurrentPermissions instance = new ConcurrentPermissions();
+ instance.add(permission);
+ boolean expResult = true;
+ boolean result = instance.implies(permission);
+ assertEquals(expResult, result);
+ }
+
+ /**
+ * Test of elements method, of class ConcurrentPermissions.
+ * TODO Concurrent adds.
+ */
+ @Test
+ public void elements() {
+ System.out.println("elements");
+ Permission permission0 = new ReflectPermission ("suppressAccessChecks");
+ Permission permission1 = new PropertyPermission ("sun.security.key.serial.interop", "read");
+ Permission permission2 = new NetPermission ("specifyStreamHandler");
+ ConcurrentPermissions instance = new ConcurrentPermissions();
+ instance.add(permission0);
+ instance.add(permission1);
+ instance.add(permission2);
+ ArrayList<Permission> expResult = new ArrayList<Permission>();
+ expResult.add(permission0);
+ expResult.add(permission1);
+ expResult.add(permission2);
+ Enumeration<Permission> elem = instance.elements();
+ ArrayList<Permission> result = new ArrayList<Permission>();
+ while (elem.hasMoreElements()){
+ result.add(elem.nextElement());
+ }
+ int expRes = expResult.size();
+ int res = result.size();
+ assertEquals(expRes, res);
+ }
+
+ /**
+ * Test of revoke method, of class MultiReadPermissionCollection.
+ */
+ @org.junit.Test
+ public void revoke() {
+ System.out.println("revoke");
+ Permission permission0 = new ReflectPermission ("suppressAccessChecks");
+ Permission permission1 = new PropertyPermission ("sun.security.key.serial.interop", "read");
+ Permission permission2 = new NetPermission ("specifyStreamHandler");
+ RevokeablePermissionCollection instance = new ConcurrentPermissions();
+ instance.add(permission0);
+ instance.add(permission1);
+ instance.add(permission2);
+ assertTrue(instance.implies(permission0));
+ assertTrue(instance.implies(permission1));
+ assertTrue(instance.implies(permission2));
+ int result = instance.revoke(permission1, permission0 , permission2);
+ int expectedResult = 1;
+ assertEquals(expectedResult, result);
+ assertFalse(instance.implies(permission0));
+ assertFalse(instance.implies(permission1));
+ assertFalse(instance.implies(permission2));
+ }
+
+ /**
+ * Test of revoke method, of class MultiReadPermissionCollection.
+ * This test adds an UnresolvedPermission, the revoke() method
+ * must first attempt to resolve any UnresolvedPermission's before
+ * revoking
+ *
+ */
+ @org.junit.Test
+ public void revokeUnresolvedPermission() {
+ System.out.println("revokeUnresolvedPermission");
+ Permission permission2 = new NetPermission ("specifyStreamHandler");
+ Permission permission3 = new UnresolvedPermission("java.net.NetPermission",
+ "specifyStreamHandler", null, null);
+ RevokeablePermissionCollection instance = new ConcurrentPermissions();
+ instance.add(permission3);
+ //We don't check implies for permission2, that would cause resolution.
+ assertFalse(instance.implies(permission3));
+ int result = instance.revoke( permission2);
+ int expectedResult = 1;
+ assertEquals(expectedResult, result);
+ assertFalse(instance.implies(permission2));
+ }
+
+ /**
+ * Test of revokeAll method, of class MultiReadPermissionCollection.
+ */
+ @org.junit.Test
+ public void revokeAll() {
+ System.out.println("revokeAll");
+ Permission permission0 = new ReflectPermission ("suppressAccessChecks");
+ Permission permission1 = new PropertyPermission ("sun.security.key.serial.interop", "read");
+ Permission permission2 = new NetPermission ("specifyStreamHandler");
+ RevokeablePermissionCollection instance = new ConcurrentPermissions();
+ instance.add(permission0);
+ instance.add(permission1);
+ instance.add(permission2);
+ instance.revokeAll(permission1);
+ boolean result = instance.implies(permission1);
+ assertEquals(false, result);
+ }
+
+
+}
\ No newline at end of file
Propchange: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPermissionsTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPolicyFileTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPolicyFileTest.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPolicyFileTest.java (added)
+++ incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPolicyFileTest.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,179 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+* @author Alexey V. Varlamov
+* @version $Revision$
+*/
+
+package org.apache.river.security.concurrent;
+
+import tests.support.FakePrincipal;
+import java.net.URL;
+import java.security.cert.Certificate;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.security.SecurityPermission;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Properties;
+
+import org.apache.river.security.policy.util.PolicyEntry;
+import org.apache.river.security.policy.util.UnresolvedPrincipal;
+import org.apache.river.security.policy.util.DefaultPolicyParser;
+import junit.framework.TestCase;
+
+
+/**
+ * Tests for ConcurrentPolicyFile
+ *
+ */
+public class ConcurrentPolicyFileTest extends TestCase {
+
+ public static void main(String[] args) {
+ junit.textui.TestRunner.run(ConcurrentPolicyFileTest.class);
+ }
+
+ static class TestParser extends DefaultPolicyParser {
+
+ PolicyEntry[] content;
+
+ public TestParser(PolicyEntry[] content) {
+ this.content = content;
+ }
+
+ public Collection parse(URL location, Properties system)
+ throws Exception {
+ if (content != null) {
+ return Arrays.asList(content);
+ }
+ throw new RuntimeException();
+ }
+ }
+
+ /**
+ * Tests that policy is really resetted on refresh().
+ */
+ public void testRefresh() {
+ Permission sp = new SecurityPermission("sdf");
+ PolicyEntry[] pe = new PolicyEntry[] { new PolicyEntry(null, null,
+ Arrays.asList(new Permission[] { sp })) };
+ TestParser tp = new TestParser(pe);
+ ConcurrentPolicyFile policy = new ConcurrentPolicyFile(tp);
+ CodeSource cs = new CodeSource(null, (Certificate[])null);
+ assertTrue(policy.getPermissions(cs).implies(sp));
+
+ tp.content = new PolicyEntry[0];
+ policy.refresh();
+ assertFalse(policy.getPermissions(cs).implies(sp));
+
+ tp.content = null;
+ policy.refresh();
+ assertFalse(policy.getPermissions(cs).implies(sp));
+ }
+
+ /**
+ * Tests that refresh() does not fail on failing parser.
+ */
+ public void testRefresh_Failure() {
+ CodeSource cs = new CodeSource(null, (Certificate[])null);
+ ConcurrentPolicyFile policy = new ConcurrentPolicyFile(new TestParser(null));
+ policy.refresh();
+ assertFalse(policy.getPermissions(cs).elements().hasMoreElements());
+ }
+
+ /**
+ * Tests proper policy evaluation for CodeSource parameters.
+ */
+ public void testGetPermissions_CodeSource() throws Exception {
+ CodeSource cs = new CodeSource(null, (Certificate[])null);
+ CodeSource cs2 = new CodeSource(new URL("http://a.b.c"),
+ (Certificate[])null);
+ Permission sp1 = new SecurityPermission("aaa");
+ Permission sp2 = new SecurityPermission("bbb");
+ Permission sp3 = new SecurityPermission("ccc");
+ PolicyEntry pe1 = new PolicyEntry(cs, null, Arrays
+ .asList(new Permission[] { sp1 }));
+ PolicyEntry pe2 = new PolicyEntry(cs2, new HashSet(), Arrays
+ .asList(new Permission[] { sp2 }));
+ PolicyEntry pe3 = new PolicyEntry(cs, Arrays
+ .asList(new Principal[] { new FakePrincipal("qqq") }), Arrays
+ .asList(new Permission[] { sp3 }));
+ PolicyEntry[] peArray = new PolicyEntry[] {
+ pe1, pe2, pe3 };
+ ConcurrentPolicyFile policy = new ConcurrentPolicyFile(new TestParser(peArray));
+
+ assertTrue(policy.getPermissions(cs).implies(sp1));
+ assertFalse(policy.getPermissions(cs).implies(sp2));
+ assertFalse(policy.getPermissions(cs).implies(sp3));
+
+ assertTrue(policy.getPermissions(cs2).implies(sp1));
+ assertTrue(policy.getPermissions(cs2).implies(sp2));
+ assertFalse(policy.getPermissions(cs2).implies(sp3));
+ }
+
+ /**
+ * Tests proper policy evaluation for ProtectionDomain parameters.
+ */
+ public void testGetPermissions_ProtectionDomain() throws Exception {
+ Permission sp1 = new SecurityPermission("aaa");
+ Permission sp2 = new SecurityPermission("bbb");
+ Permission sp3 = new SecurityPermission("ccc");
+ Permission sp4 = new SecurityPermission("ddd");
+ Permission spZ = new SecurityPermission("zzz");
+ PermissionCollection pcZ = spZ.newPermissionCollection();
+ pcZ.add(spZ);
+ CodeSource cs = new CodeSource(null, (Certificate[])null);
+ CodeSource cs2 = new CodeSource(new URL("http://a.b.c"),
+ (Certificate[])null);
+ ProtectionDomain pd1 = new ProtectionDomain(cs, null);
+ ProtectionDomain pd2 = new ProtectionDomain(cs2, pcZ, null,
+ new Principal[] { new FakePrincipal("qqq") });
+
+ PolicyEntry pe1 = new PolicyEntry(cs, null, Arrays
+ .asList(new Permission[] { sp1 }));
+ PolicyEntry pe2 = new PolicyEntry(cs2, Arrays
+ .asList(new Principal[] { new UnresolvedPrincipal(
+ UnresolvedPrincipal.WILDCARD, UnresolvedPrincipal.WILDCARD) }),
+ Arrays.asList(new Permission[] { sp2 }));
+ PolicyEntry pe3 = new PolicyEntry(cs, Arrays
+ .asList(new Principal[] { new UnresolvedPrincipal(
+ FakePrincipal.class.getName(), "qqq") }), Arrays
+ .asList(new Permission[] { sp3 }));
+ PolicyEntry pe4 = new PolicyEntry(cs2, Arrays
+ .asList(new Principal[] { new UnresolvedPrincipal(
+ FakePrincipal.class.getName(), "ttt") }), Arrays
+ .asList(new Permission[] { sp4 }));
+ PolicyEntry[] peArray = new PolicyEntry[] {
+ pe1, pe2, pe3, pe4 };
+ ConcurrentPolicyFile policy = new ConcurrentPolicyFile(new TestParser(peArray));
+
+ assertTrue(policy.getPermissions(pd1).implies(sp1));
+ assertFalse(policy.getPermissions(pd1).implies(sp2));
+ assertFalse(policy.getPermissions(pd1).implies(sp3));
+ assertFalse(policy.getPermissions(pd1).implies(sp4));
+
+ assertTrue(policy.getPermissions(pd2).implies(sp1));
+ assertTrue(policy.getPermissions(pd2).implies(sp2));
+ assertTrue(policy.getPermissions(pd2).implies(sp3));
+ assertFalse(policy.getPermissions(pd2).implies(sp4));
+ }
+}
Propchange: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/ConcurrentPolicyFileTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/MultiReadPermissionCollectionTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/MultiReadPermissionCollectionTest.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/MultiReadPermissionCollectionTest.java (added)
+++ incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/MultiReadPermissionCollectionTest.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,151 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package org.apache.river.security.concurrent;
+
+import org.apache.river.security.concurrent.MultiReadPermissionCollection;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import net.jini.security.AccessPermission;
+import net.jini.security.AuthenticationPermission;
+import org.apache.river.security.RevokeablePermissionCollection;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author peter
+ */
+public class MultiReadPermissionCollectionTest {
+
+ public MultiReadPermissionCollectionTest() {
+ }
+
+ @org.junit.BeforeClass
+ public static void setUpClass() throws Exception {
+ }
+
+ @org.junit.AfterClass
+ public static void tearDownClass() throws Exception {
+ }
+
+ @org.junit.Before
+ public void setUp() throws Exception {
+ }
+
+ @org.junit.After
+ public void tearDown() throws Exception {
+ }
+
+ /**
+ * Test of isReadOnly method, of class MultiReadPermissionCollection.
+ */
+ @org.junit.Test
+ public void isReadOnly() {
+ System.out.println("isReadOnly");
+ Permission permission0 = new RuntimePermission("getClassLoader");
+ MultiReadPermissionCollection instance = new MultiReadPermissionCollection(permission0);
+ instance.setReadOnly();
+ SecurityException exp = new SecurityException("attempt to add a Permission to a readonly Permissions object");
+ String result = null;
+ Permission permission1 = new AuthenticationPermission("javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen");
+ try {
+ instance.add(permission1);
+ }catch (SecurityException e) {
+ result = e.toString();
+ System.out.println(e.toString());
+ }
+ String expResult = exp.toString();
+ assertEquals(expResult, result);
+ }
+
+ /**
+ * Test of implies method, of class MultiReadPermissionCollection.
+ */
+ @org.junit.Test
+ public void implies() {
+ System.out.println("add");
+ Permission permission = new RuntimePermission("getClassLoader");
+ RevokeablePermissionCollection instance = new MultiReadPermissionCollection(permission);
+ instance.add(permission);
+ boolean result = instance.implies(permission);
+ assertEquals(true, result);
+ }
+
+ /**
+ * Test of elements method, of class MultiReadPermissionCollection.
+ */
+ @org.junit.Test
+ public void elements() {
+ System.out.println("elements");
+ Permission permission0 = new AccessPermission("org.some.class");
+ Permission permission1 = new AccessPermission("org.some.other.class");
+ Permission permission2 = new AccessPermission("org.another.class");
+ RevokeablePermissionCollection instance = new MultiReadPermissionCollection(permission0);
+ instance.add(permission0);
+ instance.add(permission1);
+ instance.add(permission2);
+ ArrayList<Permission> expResult = new ArrayList<Permission>();
+ expResult.add(permission0);
+ expResult.add(permission1);
+ expResult.add(permission2);
+ Enumeration<Permission> elem = instance.elements();
+ ArrayList<Permission> result = new ArrayList<Permission>();
+ while (elem.hasMoreElements()){
+ result.add(elem.nextElement());
+ }
+ int expRes = expResult.size();
+ int res = result.size();
+ assertEquals(expRes, res);
+ }
+
+ /**
+ * Test of revoke method, of class MultiReadPermissionCollection.
+ */
+ @org.junit.Test
+ public void revoke() {
+ System.out.println("revoke");
+ Permission permission0 = new AccessPermission("org.some.class");
+ Permission permission1 = new AccessPermission("org.some.other.class");
+ Permission permission2 = new AccessPermission("org.another.class");
+ RevokeablePermissionCollection instance = new MultiReadPermissionCollection(permission0);
+ instance.add(permission0);
+ instance.add(permission1);
+ instance.add(permission2);
+ instance.revoke(permission1);
+ boolean result = instance.implies(permission1);
+ assertEquals(false, result);
+ }
+
+ /**
+ * Test of revokeAll method, of class MultiReadPermissionCollection.
+ */
+ @org.junit.Test
+ public void revokeAll() {
+ System.out.println("revokeAll");
+ Permission permission0 = new AccessPermission("org.some.class");
+ Permission permission1 = new AccessPermission("org.some.other.class");
+ Permission permission2 = new AccessPermission("org.another.class");
+ RevokeablePermissionCollection instance = new MultiReadPermissionCollection(permission0);
+ instance.add(permission0);
+ instance.add(permission1);
+ instance.add(permission2);
+ instance.revokeAll(permission1);
+ ArrayList<Permission> expResult = new ArrayList<Permission>();
+ Enumeration<Permission> elem = instance.elements();
+ ArrayList<Permission> result = new ArrayList<Permission>();
+ while (elem.hasMoreElements()){
+ result.add(elem.nextElement());
+ }
+ int expRes = expResult.size();
+ int res = result.size();
+ assertEquals(expRes, res);
+ }
+
+}
\ No newline at end of file
Propchange: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/MultiReadPermissionCollectionTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/PermissionCollectionTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/PermissionCollectionTest.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/PermissionCollectionTest.java (added)
+++ incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/PermissionCollectionTest.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,243 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.security.concurrent;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.SecurityPermission;
+import java.util.StringTokenizer;
+
+import tests.support.Support_Exec;
+import tests.support.Support_GetLocal;
+import tests.support.Support_Resources;
+
+/* Test originated from Apace Harmony. Need to test signed jar file
+ *
+ */
+
+public class PermissionCollectionTest extends junit.framework.TestCase {
+
+ // The below test is known to fail. Haven't got to the bottom of
+ // it yet but here is what has been determined :-
+ //
+ // * the Support_PermissionCollection application that is forked off
+ // near the end of this test needs to verify a signed jar (signedBKS.jar).
+ // This means that com.ibm.oti.util.JarUtils.verifySignature() ends up
+ // getting called. But at present that exists as just a lightweight/stub
+ // implementation which simply returns NULL. That behaviour causes a
+ // security exception inside java.util.jar.JarVerifier.
+ //
+ // * the above problem was fixed by rebuilding Harmony with the STUB
+ // IMPLEMENTATION of com.ibm.oti.util.JarUtils.verifySignature() replaced
+ // with one that delegates to
+ // org.apache.harmony.security.utils.JarUtils.verifySignature().
+ //
+ // * unfortunately, a NPE is raised in line 103 of Harmony's JarUtils class.
+ //
+ // * the cause of that NPE has still not been determined. Could it be
+ // related to Harmony's current stub implementation of BigInteger ?
+ /**
+ * @tests java.security.PermissionCollection#implies(java.security.Permission)
+ */
+// public void test_impliesLjava_security_Permission() throws Exception{
+//
+// // Look for the tests classpath
+// URL classURL = this.getClass().getProtectionDomain().getCodeSource()
+// .getLocation();
+// assertNotNull("Could not get this class' location", classURL);
+//
+// File policyFile = Support_GetLocal.createTempFile(".policy");
+// policyFile.deleteOnExit();
+//
+// URL signedBKS = getResourceURL("PermissionCollection/signedBKS.jar");
+// URL keystoreBKS = getResourceURL("PermissionCollection/keystore.bks");
+//
+// // Create the policy file (and save the existing one if any)
+// FileOutputStream fileOut = null;
+// try {
+// fileOut = new FileOutputStream(policyFile);
+// String linebreak = System.getProperty("line.separator");
+// StringBuilder towrite = new StringBuilder();
+// towrite.append("grant {");
+// towrite.append(linebreak);
+// towrite.append("permission java.io.FilePermission \"");
+// towrite.append(signedBKS.getFile());
+// towrite.append("\", \"read\";");
+// towrite.append(linebreak);
+// towrite.append("permission java.lang.RuntimePermission \"getProtectionDomain\";");
+// towrite.append(linebreak);
+// towrite.append("permission java.security.SecurityPermission \"getPolicy\";");
+// towrite.append(linebreak);
+// towrite.append("};");
+// towrite.append(linebreak);
+// towrite.append("grant codeBase \"");
+// towrite.append(signedBKS.toExternalForm());
+// towrite.append("\" signedBy \"eleanor\" {");
+// towrite.append(linebreak);
+// towrite.append("permission java.io.FilePermission \"test1.txt\", \"write\";");
+// towrite.append(linebreak);
+// towrite.append("permission mypackage.MyPermission \"essai\", signedBy \"eleanor,dylan\";");
+// towrite.append(linebreak);
+// towrite.append("};");
+// towrite.append(linebreak);
+// towrite.append("grant codeBase \"");
+// towrite.append(signedBKS.toExternalForm());
+// towrite.append("\" signedBy \"eleanor\" {");
+// towrite.append(linebreak);
+// towrite.append("permission java.io.FilePermission \"test2.txt\", \"write\";");
+// towrite.append(linebreak);
+// towrite.append("};");
+// towrite.append(linebreak);
+// towrite.append("grant codeBase \"");
+// towrite.append(classURL.toExternalForm());
+// towrite.append("\" {");
+// towrite.append(linebreak);
+// towrite.append("permission java.security.AllPermission;");
+// towrite.append(linebreak);
+// towrite.append("};");
+// towrite.append(linebreak);
+// towrite.append("keystore \"");
+// towrite.append(keystoreBKS.toExternalForm());
+// towrite.append("\",\"BKS\";");
+// fileOut.write(towrite.toString().getBytes());
+// fileOut.flush();
+// } finally {
+// if (fileOut != null) {
+// fileOut.close();
+// }
+// }
+//
+// // Copy mypermissionBKS.jar to the user directory so that it can be put
+// // in
+// // the classpath
+// File jarFile = null;
+// FileOutputStream fout = null;
+// InputStream jis = null;
+// try {
+// jis = Support_Resources
+// .getResourceStream("PermissionCollection/mypermissionBKS.jar");
+// jarFile = Support_GetLocal.createTempFile(".jar");
+// jarFile.deleteOnExit();
+// fout = new FileOutputStream(jarFile);
+// int c = jis.read();
+// while (c != -1) {
+// fout.write(c);
+// c = jis.read();
+// }
+// fout.flush();
+// } finally {
+// if (fout != null) {
+// fout.close();
+// }
+// if (jis != null) {
+// jis.close();
+// }
+// }
+//
+// String classPath = new File(classURL.getFile()).getPath();
+//
+// // Execute Support_PermissionCollection in another VM
+// String[] classPathArray = new String[2];
+// classPathArray[0] = classPath;
+// classPathArray[1] = jarFile.getPath();
+// String[] args = { "-Djava.security.policy=" + policyFile.toURL(),
+// "tests.support.Support_PermissionCollection",
+// signedBKS.toExternalForm() };
+//
+// String result = Support_Exec.execJava(args, classPathArray, true);
+//
+// StringTokenizer resultTokenizer = new StringTokenizer(result, ",");
+//
+// // Check the test result from the new VM process
+// assertEquals("Permission should be granted", "false", resultTokenizer
+// .nextToken());
+// assertEquals("signed Permission should be granted", "false",
+// resultTokenizer.nextToken());
+// assertEquals("Permission should not be granted", "false",
+// resultTokenizer.nextToken());
+// }
+//
+// /**
+// * @tests java.security.PermissionCollection#PermissionCollection()
+// */
+// public void test_Constructor() {
+// // test java.security.permissionCollection.PermissionCollection()
+// SecurityPermission permi = new SecurityPermission(
+// "testing permissionCollection-isReadOnly");
+// PermissionCollection permCollect = permi.newPermissionCollection();
+// assertNotNull("creat permissionCollection constructor returned a null",
+// permCollect);
+// }
+//
+// /**
+// * @tests java.security.PermissionCollection#isReadOnly()
+// */
+// public void test_isReadOnly() {
+// // test java.security.permissionCollection.isReadOnly()
+// SecurityPermission permi = new SecurityPermission(
+// "testing permissionCollection-isREadOnly");
+// PermissionCollection permCollect = permi.newPermissionCollection();
+// assertTrue("readOnly has not been set, but isReadOnly returned true",
+// !permCollect.isReadOnly());
+// permCollect.setReadOnly();
+// assertTrue("readOnly is set, but isReadonly returned false",
+// permCollect.isReadOnly());
+// }
+
+ /**
+ * @tests java.security.PermissionCollection#setReadOnly()
+ */
+ public void test_setReadOnly() {
+ // test java.security.permissionCollection.setReadOnly()
+ SecurityPermission permi = new SecurityPermission(
+ "testing permissionCollection-setReadOnly");
+ PermissionCollection permCollect = permi.newPermissionCollection();
+ assertTrue("readOnly has not been set, but isReadOnly returned true",
+ !permCollect.isReadOnly());
+ permCollect.setReadOnly();
+ assertTrue("readOnly is set, but isReadonly returned false",
+ permCollect.isReadOnly());
+ }
+
+ /**
+ * @tests java.security.PermissionCollection#toString()
+ */
+ public void test_toString() {
+ // test java.security.permissionCollection.toString()
+ SecurityPermission permi = new SecurityPermission(
+ "testing permissionCollection-isREadOnly");
+ assertNotNull("toString should have returned a string of elements",
+ permi.newPermissionCollection().toString());
+ assertTrue(permi.newPermissionCollection().toString().endsWith("\n"));
+ }
+
+ // FIXME move me to Support_Resources
+ public static URL getResourceURL(String name) {
+
+ URL url = ClassLoader.getSystemClassLoader().getResource(name);
+
+ if (url == null) {
+ throw new RuntimeException("Failed to get resource url: " + name);
+ }
+
+ return url;
+ }
+}
\ No newline at end of file
Propchange: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/PermissionCollectionTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/Permissions_ImplTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/Permissions_ImplTest.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/Permissions_ImplTest.java (added)
+++ incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/Permissions_ImplTest.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+* @author Alexey V. Varlamov
+* @version $Revision$
+*/
+
+package org.apache.river.security.concurrent;
+import java.security.AllPermission;
+import java.security.BasicPermission;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.SecurityPermission;
+import java.security.UnresolvedPermission;
+
+import junit.framework.TestCase;
+
+/**
+ * Tests for <code>Permissions</code>
+ *
+ */
+
+public class Permissions_ImplTest extends TestCase {
+
+ /**
+ * A permission is implied by this collection, if either of the following is
+ * true:
+ * <ul>
+ * <li>This collection contains AllPermission;
+ * <li>This collection has elements of the same type as the permission
+ * being checked, and they imply it;
+ * <li>This collection has UnresolvedPermissions which can be resolved to
+ * the checked type, and after resolving they imply the checked one.
+ * </ul>
+ * The only exception is UnresolvedPermission itself, which is effectively
+ * implied only by AllPermission
+ */
+ public void testImplies() {
+ ConcurrentPermissions ps = new ConcurrentPermissions();
+ Permission ap = new AllPermission();
+ Permission bp1 = new BasicPermission("jhb23jhg5") {
+ };
+ Permission bp2 = new BasicPermission("&%#&^$HJVH") {
+
+ public PermissionCollection newPermissionCollection() {
+ return null;
+ }
+ };
+ Permission sp1 = new SecurityPermission("a.b.c");
+ Permission sp2 = new SecurityPermission("a.b.*");
+ Permission sp3 = new SecurityPermission("a.*");
+ Permission up = new UnresolvedPermission(
+ "java.security.SecurityPermission", "*", null, null);
+
+ Permission[] arr = new Permission[] {
+ ap, bp1, bp2, sp1, sp2, up };
+ for (int i = 0; i < arr.length; i++) {
+ assertFalse(ps.implies(arr[i]));
+ }
+
+ ps.add(bp1);
+ assertTrue(ps.implies(bp1));
+ assertFalse(ps.implies(bp2));
+ assertFalse(ps.implies(ap));
+ assertFalse(ps.implies(sp1));
+
+ ps.add(sp2);
+ assertTrue(ps.implies(sp1));
+ assertTrue(ps.implies(sp2));
+ assertFalse(ps.implies(sp3));
+
+ ps.add(up);
+ assertFalse(ps.implies(up));
+ assertTrue(ps.implies(sp1));
+ assertTrue(ps.implies(sp2));
+ assertTrue(ps.implies(sp3));
+
+ ps.add(ap);
+ for (int i = 0; i < arr.length; i++) {
+ assertTrue(ps.implies(arr[i]));
+ }
+ }
+ }
Propchange: incubator/river/jtsk/trunk/test/src/org/apache/river/security/concurrent/Permissions_ImplTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/test/src/org/apache/river/security/policy/util/DefaultPolicyParserTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/org/apache/river/security/policy/util/DefaultPolicyParserTest.java?rev=928394&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/test/src/org/apache/river/security/policy/util/DefaultPolicyParserTest.java (added)
+++ incubator/river/jtsk/trunk/test/src/org/apache/river/security/policy/util/DefaultPolicyParserTest.java Sun Mar 28 12:57:03 2010
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+* @author Alexey V. Varlamov
+* @version $Revision$
+*/
+
+package org.apache.river.security.policy.util;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.net.URL;
+import java.security.CodeSource;
+import java.security.Principal;
+import java.security.SecurityPermission;
+import java.security.cert.Certificate;
+import java.util.Collection;
+import java.util.Iterator;
+
+import junit.framework.TestCase;
+
+
+/**
+ * Tests for DefaultPolicyParser
+ *
+ */
+
+public class DefaultPolicyParserTest extends TestCase {
+
+ public static void main(String[] args) {
+ junit.textui.TestRunner.run(DefaultPolicyParserTest.class);
+ }
+
+ /**
+ * Tests parsing of a sample policy from temporary file, validates returned
+ * PolicyEntries.
+ */
+ public void testParse() throws Exception {
+ File tmp = File.createTempFile("policy", null);
+ try {
+ FileWriter out = new FileWriter(tmp);
+ out.write("grant{}KeyStore \"url2\", \"type2\" "
+ + "GRANT signedby \"duke,Li\", codebase\"\", principal a.b.c \"guest\" "
+ + "{permission XXX \"YYY\", SignedBy \"ZZZ\" \n \t };;;"
+ + "GRANT codebase\"http://a.b.c/-\", principal * * "
+ + "{permission java.security.SecurityPermission \"YYY\";}"
+ + "GRANT {permission java.security.SecurityPermission \"ZZZ\";}"
+ + "GRANT {permission java.security.UnresolvedPermission \"NONE\";}");
+ out.flush();
+ out.close();
+
+ DefaultPolicyParser parser = new DefaultPolicyParser();
+ Collection entries = parser.parse(tmp.toURI().toURL(), null);
+ assertEquals(2, entries.size());
+ for (Iterator iter = entries.iterator(); iter.hasNext();) {
+ PolicyEntry element = (PolicyEntry)iter.next();
+ if (element.getPermissions()
+ .contains(new SecurityPermission("ZZZ"))) {
+ assertTrue(element.impliesCodeSource(new CodeSource(null,
+ (Certificate[])null)));
+ assertTrue(element.impliesPrincipals(null));
+ } else if (element.getPermissions()
+ .contains(new SecurityPermission("YYY"))) {
+ assertFalse(element.impliesCodeSource(null));
+ assertFalse(element.impliesPrincipals(null));
+ assertTrue(element.impliesCodeSource(new CodeSource(new URL(
+ "http://a.b.c/-"), (Certificate[])null)));
+ assertTrue(element
+ .impliesPrincipals(new Principal[] { new FakePrincipal(
+ "qqq") }));
+ } else {
+ fail("Extra entry parsed");
+ }
+ }
+ } finally {
+ tmp.delete();
+ }
+ }
+}
+
+class FakePrincipal implements Principal {
+
+ private String name;
+
+ public FakePrincipal(String name) {
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+}
Propchange: incubator/river/jtsk/trunk/test/src/org/apache/river/security/policy/util/DefaultPolicyParserTest.java
------------------------------------------------------------------------------
svn:eol-style = native