diff options
author | Thomas Watson | 2008-02-22 15:29:06 +0000 |
---|---|---|
committer | Thomas Watson | 2008-02-22 15:29:06 +0000 |
commit | 6a33d6abf5183832f2ff8b4307ab1259410d8b76 (patch) | |
tree | d8778856466214b717d3d2abdcf3e1de0da8f69c /bundles/org.eclipse.osgi/security/src/org | |
parent | c52097652f9a8e2a408b33f88c8e17a771da5ac7 (diff) | |
download | rt.equinox.framework-6a33d6abf5183832f2ff8b4307ab1259410d8b76.tar.gz rt.equinox.framework-6a33d6abf5183832f2ff8b4307ab1259410d8b76.tar.xz rt.equinox.framework-6a33d6abf5183832f2ff8b4307ab1259410d8b76.zip |
Bug 217503 DefaultAuthorizationEngine should allow policy to be set
Diffstat (limited to 'bundles/org.eclipse.osgi/security/src/org')
-rw-r--r-- | bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/DefaultAuthorizationEngine.java | 97 |
1 files changed, 78 insertions, 19 deletions
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/DefaultAuthorizationEngine.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/DefaultAuthorizationEngine.java index 9370f0f03..054fc4a8f 100644 --- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/DefaultAuthorizationEngine.java +++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/DefaultAuthorizationEngine.java @@ -10,9 +10,17 @@ *******************************************************************************/ package org.eclipse.osgi.internal.service.security; +import java.io.*; import java.security.cert.CertificateException; +import java.util.Properties; +import org.eclipse.core.runtime.adaptor.LocationManager; +import org.eclipse.osgi.baseadaptor.BaseData; +import org.eclipse.osgi.framework.internal.core.AbstractBundle; import org.eclipse.osgi.framework.internal.core.FrameworkProperties; +import org.eclipse.osgi.framework.log.FrameworkLogEntry; import org.eclipse.osgi.internal.baseadaptor.DevClassPathHelper; +import org.eclipse.osgi.internal.signedcontent.SignedBundleHook; +import org.eclipse.osgi.internal.signedcontent.SignedStorageHook; import org.eclipse.osgi.service.resolver.*; import org.eclipse.osgi.service.security.*; import org.eclipse.osgi.signedcontent.SignedContent; @@ -23,16 +31,12 @@ import org.osgi.framework.BundleContext; public class DefaultAuthorizationEngine extends AuthorizationEngine { private final State systemState; + private final BundleContext bundleContext; - public DefaultAuthorizationEngine(BundleContext context, State systemState) { - super(context); - this.systemState = systemState; - } - - private static final int ENFORCE_NONE = 0x0000; - private static final int ENFORCE_SIGNED = 0x0001; - private static final int ENFORCE_TRUSTED = 0x0002; - private static final int ENFORCE_VALIDITY = 0x0004; + public static final int ENFORCE_NONE = 0x0000; + public static final int ENFORCE_SIGNED = 0x0001; + public static final int ENFORCE_TRUSTED = 0x0002; + public static final int ENFORCE_VALIDITY = 0x0004; private static final String STR_ENFORCE_NONE = "any"; //$NON-NLS-1$ private static final String STR_ENFORCE_SIGNED = "signed"; //$NON-NLS-1$ @@ -40,19 +44,46 @@ public class DefaultAuthorizationEngine extends AuthorizationEngine { private static final String STR_ENFORCE_VALIDITY = "validity"; //$NON-NLS-1$ private static final String POLICY_NAME = "org.eclipse.equinox.security"; //$NON-NLS-1$ - private static final String POLICY = "osgi.signedcontent.authorization.engine.policy"; //$NON-NLS-1$ + private static final String POLICY_PROP = "osgi.signedcontent.authorization.engine.policy"; //$NON-NLS-1$ + private static final String FILE_LOAD_POLICY = ".loadpolicy"; //$NON-NLS-1$ private static int enforceFlags = 0; + private static final File policyFile; static { - String policy = FrameworkProperties.getProperty(POLICY); - if (policy == null || STR_ENFORCE_NONE.equals(policy)) - enforceFlags = ENFORCE_NONE; - else if (STR_ENFORCE_TRUSTED.equals(policy)) - enforceFlags = ENFORCE_TRUSTED | ENFORCE_SIGNED; - else if (STR_ENFORCE_SIGNED.equals(policy)) - enforceFlags = ENFORCE_SIGNED; - else if (STR_ENFORCE_VALIDITY.equals(policy)) - enforceFlags = ENFORCE_TRUSTED | ENFORCE_SIGNED | ENFORCE_VALIDITY; + File osgiFile = LocationManager.getOSGiConfigurationDir(); + policyFile = new File(osgiFile.getPath() + File.separatorChar + FILE_LOAD_POLICY); + + Properties properties = null; + // load the policy file, if not exist, create it and load it + if (policyFile.exists()) { + try { + properties = new Properties(); + properties.load(new FileInputStream(policyFile)); + } catch (IOException e) { + SignedBundleHook.log("Error loading policy file", FrameworkLogEntry.ERROR, e); //$NON-NLS-1$ + } + } + + if (properties != null && properties.getProperty(POLICY_PROP) != null) { + enforceFlags = Integer.parseInt(properties.getProperty(POLICY_PROP)); + } else { + String policy = FrameworkProperties.getProperty(POLICY_PROP); + if (policy == null || STR_ENFORCE_NONE.equals(policy)) + enforceFlags = ENFORCE_NONE; + else if (STR_ENFORCE_TRUSTED.equals(policy)) + enforceFlags = ENFORCE_TRUSTED | ENFORCE_SIGNED; + else if (STR_ENFORCE_SIGNED.equals(policy)) + enforceFlags = ENFORCE_SIGNED; + else if (STR_ENFORCE_VALIDITY.equals(policy)) + enforceFlags = ENFORCE_TRUSTED | ENFORCE_SIGNED | ENFORCE_VALIDITY; + } + + } + + public DefaultAuthorizationEngine(BundleContext context, State systemState) { + super(context); + this.bundleContext = context; + this.systemState = systemState; } protected AuthorizationEvent doAuthorize(SignedContent content, Object context) { @@ -104,4 +135,32 @@ public class DefaultAuthorizationEngine extends AuthorizationEngine { } return AuthorizationStatus.OK; } + + public void processInstalledBundles() { + Bundle[] bundles = bundleContext.getBundles(); + for (int i = 0; i < bundles.length; i++) { + BaseData baseData = (BaseData) ((AbstractBundle) bundles[i]).getBundleData(); + SignedStorageHook hook = (SignedStorageHook) baseData.getStorageHook(SignedStorageHook.KEY); + SignedContent signedContent = hook != null ? hook.getSignedContent() : null; + authorize(signedContent, bundles[i]); + } + } + + public void setLoadPolicy(int policy) { + if ((policy | ENFORCE_SIGNED | ENFORCE_TRUSTED | ENFORCE_VALIDITY) != (ENFORCE_SIGNED | ENFORCE_TRUSTED | ENFORCE_VALIDITY)) + throw new IllegalArgumentException("Invalid policy: " + policy); //$NON-NLS-1$ + enforceFlags = policy; + Properties properties = new Properties(); + properties.setProperty(POLICY_PROP, Integer.toString(policy)); + try { + properties.store(new FileOutputStream(policyFile), null); + } catch (IOException e) { + SignedBundleHook.log("Error saving load policy file", FrameworkLogEntry.ERROR, e); //$NON-NLS-1$ + } + } + + public int getLoadPolicy() { + return enforceFlags; + } + } |