/** * @param clz * @return * @throws SecurityException if the caller has no permission to access the ProtectedDomain of the given class. */ public static final Certificate[] getCerts(final Class<?> clz) throws SecurityException { final ProtectionDomain pd = clz.getProtectionDomain(); final CodeSource cs = (null != pd) ? pd.getCodeSource() : null; final Certificate[] certs = (null != cs) ? cs.getCertificates() : null; return (null != certs && certs.length>0) ? certs : null; }
/** * Creates a new code source. * * @param codeSource The code source. */ public CodeSourceFacade(final CodeSource codeSource) { this.location = codeSource.getLocation(); final Certificate[] certificates = codeSource.getCertificates(); if (null == certificates || 0 == certificates.length) { LOGGER.warning(String.format("no certificate found for %s", codeSource)); this.firstCertificate = null; return; } this.firstCertificate = (X509Certificate)certificates[0]; }
Certificate[] certificates = YourClass.class.getProtectionDomain().getCodeSource().getCertificates();
@Override public boolean implies(CodeSource codeSource, Principal[] p) { if ( !implies(p)) return false; if ( codeSource == null ) return false; if ( certs.isEmpty() ) return true; Certificate[] signers = codeSource.getCertificates(); List<Certificate> certificates = Arrays.asList(signers); return certificates.containsAll(certs); }
private boolean impliesCodeSource(CodeSource codeSource) { ProtectionDomain pd = domain != null ? domain.get(): null; if (pd == null) return false; // is void - why did I have true? // The CodeSource is not normalized, if the PD was created by a domain // combiner it is likely that the CodeSource will have the same referent. CodeSource cs = pd.getCodeSource(); // Don't normalise CodeSource. if (cs == codeSource) return true; // same reference. if (cs == null && codeSource == null) return true; // if both null, when pd exists. if (cs == null) return false; // Null cs indicates system domain, does not imply. // Most won't get to here, since domain combiners shouldn't duplicate CodeSource. // But just in case... // Don't use CodeSource.equals() because that causes DNS Lookup. Certificate[] myCerts = cs.getCertificates(); Certificate[] hisCerts = codeSource.getCertificates(); if ( myCerts != null && !Arrays.equals(myCerts, hisCerts)) return false; try { URI myLocation = cs.getLocation().toURI(); URI hisLocation = codeSource.getLocation().toURI(); if (myLocation.equals(hisLocation)) return true; } catch (URISyntaxException ex) { // We only compare URL if we can't compare URI URL myLocation = cs.getLocation(); URL hisLocation = codeSource.getLocation(); // Only use string representation to compare, DNS cache poisioning // presents a security risk, so URL.equals isn't used. if (myLocation.toExternalForm().equals(hisLocation.toExternalForm())) return true; } return false; }
parsedCodeSource = new CodeSource(locationURL, getSignerCertificates(cs)); } else { parsedCodeSource = new CodeSource(locationURL, cs.getCertificates());
/** * Returns {@link AllPermission} for any code sources that do not end in * rogue.jar and an empty set of permissions for code sources that do end * in rogue.jar, denying access to all local resources to the rogue * plugin. * * @param codeSource * The code source to get the permissiosn for * @return The permissions for the given code source */ @Override public PermissionCollection getPermissions(CodeSource codeSource) { Permissions p = new Permissions(); Certificate[] certificates = codeSource.getCertificates(); for (Certificate cert : certificates) { //TODO -- Validate certificates asociated with the jar file } // For now permit every plugin p.add(new AllPermission()); return p; } }
Certificate[] certParent = csParent.getCertificates(); CodeSource csChild = certParent == null ? new CodeSource(url, csParent.getCodeSigners())
Certificate[] certParent = csParent.getCertificates(); CodeSource csChild = certParent == null ? new CodeSource(url, csParent.getCodeSigners())
if( origURL != null ) permCS = new CodeSource(origURL, cs.getCertificates());
if( origURL != null ) permCS = new CodeSource(origURL, cs.getCertificates());