blob: 94eea19050b84907f1257d7a12ebf8ab404f4473 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
/*
* Copyright (c) OSGi Alliance (2009, 2012). All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.osgi.framework;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
/**
* Package private class used by permissions for filter matching on signer key
* during filter expression evaluation in the permission implies method.
*
* @Immutable
* @version $Id$
*/
final class SignerProperty {
private final Bundle bundle;
private final String pattern;
/**
* String constructor used by the filter matching algorithm to construct a
* SignerProperty from the attribute value in a filter expression.
*
* @param pattern Attribute value in the filter expression.
*/
public SignerProperty(String pattern) {
this.pattern = pattern;
this.bundle = null;
}
/**
* Used by the permission implies method to build the properties for a
* filter match.
*
* @param bundle The bundle whose signers are to be matched.
*/
SignerProperty(Bundle bundle) {
this.bundle = bundle;
this.pattern = null;
}
/**
* Used by the filter matching algorithm. This methods does NOT satisfy the
* normal equals contract. Since the class is only used in filter expression
* evaluations, it only needs to support comparing an instance created with
* a Bundle to an instance created with a pattern string from the filter
* expression.
*
* @param o SignerProperty to compare against.
* @return true if the DN name chain matches the pattern.
*/
public boolean equals(Object o) {
if (!(o instanceof SignerProperty))
return false;
SignerProperty other = (SignerProperty) o;
Bundle matchBundle = bundle != null ? bundle : other.bundle;
String matchPattern = bundle != null ? other.pattern : pattern;
Map<X509Certificate, List<X509Certificate>> signers = matchBundle.getSignerCertificates(Bundle.SIGNERS_TRUSTED);
for (List<X509Certificate> signerCerts : signers.values()) {
List<String> dnChain = new ArrayList<String>(signerCerts.size());
for (X509Certificate signerCert : signerCerts) {
dnChain.add(signerCert.getSubjectDN().getName());
}
try {
if (FrameworkUtil.matchDistinguishedNameChain(matchPattern, dnChain)) {
return true;
}
} catch (IllegalArgumentException e) {
continue; // bad pattern
}
}
return false;
}
/**
* Since the equals method does not obey the general equals contract, this
* method cannot generate hash codes which obey the equals contract.
*/
public int hashCode() {
return 31;
}
/**
* Check if the bundle is signed.
*
* @return true if constructed with a bundle that is signed.
*/
boolean isBundleSigned() {
if (bundle == null) {
return false;
}
Map<X509Certificate, List<X509Certificate>> signers = bundle.getSignerCertificates(Bundle.SIGNERS_TRUSTED);
return !signers.isEmpty();
}
}
|
