You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@avalon.apache.org by do...@apache.org on 2002/09/25 13:25:05 UTC
cvs commit: jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/verifier PolicyVerifier.java Resources.properties
donaldp 2002/09/25 04:25:05
Added: loader/src/java/org/apache/excalibur/policy/verifier
PolicyVerifier.java Resources.properties
Log:
Add in verifier for Policy stuff
Revision Changes Path
1.1 jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/verifier/PolicyVerifier.java
Index: PolicyVerifier.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE.txt file.
*/
package org.apache.excalibur.policy.verifier;
import org.apache.avalon.excalibur.i18n.ResourceManager;
import org.apache.avalon.excalibur.i18n.Resources;
import org.apache.excalibur.policy.metadata.GrantMetaData;
import org.apache.excalibur.policy.metadata.KeyStoreMetaData;
import org.apache.excalibur.policy.metadata.PermissionMetaData;
import org.apache.excalibur.policy.metadata.PolicyMetaData;
/**
* Verify Policy set is valid. Validity is defined as
* <ul>
* <li>All KeyStore names should be defined starting with
* letters or '_' and then continuing with Alpha-Numeric
* characters, '-', '.' or '_'.</li>
* <li>If signedBy is specified then keystore is specified
* for both grants and permissions.</li>
* <li>That any keystore names used by grant or permission
* reference actual keystores.</li>
* <li>If target is null then actions is null.</li>
* </ul>
*
* @author <a href="mailto:peter at apache.org">Peter Donald</a>
* @version $Revision: 1.1 $ $Date: 2002/09/25 11:25:05 $
*/
public class PolicyVerifier
{
private final static Resources REZ =
ResourceManager.getPackageResources( PolicyVerifier.class );
public void verifyPolicy( final PolicyMetaData policy )
throws Exception
{
String message = null;
message = REZ.getString( "valid-names.notice" );
info( message );
verifyNames( policy );
message = REZ.getString( "valid-signedBy.notice" );
info( message );
verifySignedBy( policy );
message = REZ.getString( "valid-keyStoreReferences.notice" );
info( message );
verifyKeyStoreReferences( policy );
message = REZ.getString( "valid-actions.notice" );
info( message );
verifyActions( policy );
}
/**
* Log an informational message.
* Sub-classes should overide this.
*
* @param message the message
*/
protected void info( final String message )
{
//noop
}
/**
* Verify that all the keystores have valid names.
*
* @throws Exception if validity check fails
*/
private void verifyNames( final PolicyMetaData policy )
throws Exception
{
final KeyStoreMetaData[] keyStores = policy.getKeyStores();
for( int i = 0; i < keyStores.length; i++ )
{
final String name = keyStores[ i ].getName();
verifyName( name );
}
}
/**
* Verify that all the signedBy are accompanied by keystores.
*
* @throws Exception if validity check fails
*/
private void verifySignedBy( final PolicyMetaData policy )
throws Exception
{
final GrantMetaData[] grants = policy.getGrants();
for( int i = 0; i < grants.length; i++ )
{
verifySignedBy( grants[ i ] );
}
}
/**
* Verify that all the signedBy are accompanied by keystores.
*
* @throws Exception if validity check fails
*/
private void verifySignedBy( final GrantMetaData grant ) throws Exception
{
final String signedBy = grant.getSignedBy();
final String keyStore = grant.getKeyStore();
if( null != signedBy && null == keyStore )
{
final String message =
REZ.getString( "grant-missing-keystore.error",
grant.getCodebase() );
throw new Exception( message );
}
else if( null == signedBy && null != keyStore )
{
final String message =
REZ.getString( "grant-extra-keystore.error",
grant.getCodebase() );
throw new Exception( message );
}
final PermissionMetaData[] permissions = grant.getPermissions();
for( int i = 0; i < permissions.length; i++ )
{
final PermissionMetaData permission = permissions[ i ];
verifySignedBy( grant, permission );
}
}
/**
* Verify that all the signedBy are accompanied by keystores.
*
* @throws Exception if validity check fails
*/
private void verifySignedBy( final GrantMetaData grant,
final PermissionMetaData permission )
throws Exception
{
final String signedBy = permission.getSignedBy();
final String keyStore = permission.getKeyStore();
if( null != signedBy && null == keyStore )
{
final String message =
REZ.getString( "permission-missing-keystore.error",
grant.getCodebase(),
permission.getClassname() );
throw new Exception( message );
}
else if( null == signedBy && null != keyStore )
{
final String message =
REZ.getString( "permission-extra-keystore.error",
grant.getCodebase(),
permission.getClassname() );
throw new Exception( message );
}
}
/**
* Verify that each reference to a keystore is valid.
*
* @throws Exception if validity check fails
*/
private void verifyKeyStoreReferences( final PolicyMetaData policy )
throws Exception
{
final GrantMetaData[] grants = policy.getGrants();
for( int i = 0; i < grants.length; i++ )
{
verifyKeyStore( policy, grants[ i ] );
}
}
/**
* Verify that each reference to a keystore is valid.
*
* @throws Exception if validity check fails
*/
private void verifyKeyStore( final PolicyMetaData policy,
final GrantMetaData grant )
throws Exception
{
verifyKeyStoreReference( policy, grant.getKeyStore() );
final PermissionMetaData[] permissions = grant.getPermissions();
for( int j = 0; j < permissions.length; j++ )
{
final PermissionMetaData permission = permissions[ j ];
verifyKeyStoreReference( policy, permission.getKeyStore() );
}
}
/**
* Verify that each reference to a keystore is valid.
*
* @throws Exception if validity check fails
*/
private void verifyKeyStoreReference( final PolicyMetaData policy,
final String keyStoreName )
throws Exception
{
final KeyStoreMetaData[] keyStores = policy.getKeyStores();
for( int i = 0; i < keyStores.length; i++ )
{
final KeyStoreMetaData keyStore = keyStores[ i ];
if( keyStore.getName().equals( keyStoreName ) )
{
return;
}
}
final String message =
REZ.getString( "bad-keystore-reference.error",
keyStoreName );
throw new Exception( message );
}
/**
* Verify that all the classloaders have valid names.
*
* @throws Exception if validity check fails
*/
private void verifyName( final String name )
throws Exception
{
final int size = name.length();
if( 0 == size )
{
final String message =
REZ.getString( "empty-name.error",
name );
throw new Exception( message );
}
final char ch = name.charAt( 0 );
if( !Character.isLetter( ch ) &&
'_' != ch )
{
final String message =
REZ.getString( "name-invalid-start.error",
name );
throw new Exception( message );
}
for( int i = 1; i < size; i++ )
{
final char c = name.charAt( i );
if( !Character.isLetterOrDigit( c ) &&
'_' != c &&
'-' != c &&
'.' != c )
{
final String message =
REZ.getString( "name-invalid-char.error",
name,
String.valueOf( c ) );
throw new Exception( message );
}
}
}
/**
* Verify that an action is null if a target is null.
*
* @throws Exception if validity check fails
*/
private void verifyActions( final PolicyMetaData policy )
throws Exception
{
final GrantMetaData[] grants = policy.getGrants();
for( int i = 0; i < grants.length; i++ )
{
final GrantMetaData grant = grants[ i ];
final PermissionMetaData[] permissions = grant.getPermissions();
for( int j = 0; j < permissions.length; j++ )
{
final PermissionMetaData permission = permissions[ j ];
final String target = permission.getTarget();
final String action = permission.getAction();
if( null == target && null != action )
{
final String message =
REZ.getString( "permission-missing-action.error",
grant.getCodebase(),
permission.getClassname() );
throw new Exception( message );
}
}
}
}
}
1.1 jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/verifier/Resources.properties
Index: Resources.properties
===================================================================
valid-names.notice=Verifying that all key-stores have valid names.
valid-signedBy.notice=Verifying that all signed-by attributes are accompanied by a key-store attribute.
valid-keyStoreReferences.notice=Verify that any keystore names used by grant or permission reference actual keystores
valid-actions.notice=Verify that if target is null then actions is null.
grant-missing-keystore.error=Grant for codebase "{0}" has a signed-by attribute but no key-store attribute.
grant-extra-keystore.error=Grant for codebase "{0}" defined a key-store attribute without defining a signed-by attribute.
permission-missing-keystore.error=Permission loaded from codebase "{0}" of type "{1}" has a signed-by attribute but no key-store attribute.
permission-extra-keystore.error=Permission loaded from codebase "{0}" of type "{1}" defined a key-store attribute without defining a signed-by attribute.
bad-keystore-reference.error=Referenced non-existent keystore {0}.
empty-name.error=Keystore name is empty.
name-invalid-start.error=Keystore name "{0}" starts with an invalid character.
name-invalid-char.error=Keystore name "{0}" contains an invalid character "{1}".
permission-missing-action.error=Permission on codebase "{0}" of type "{1}" defines a target without an action.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>