/* * @(#)SecureClassLoader.java 1.85 04/05/05 * * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.security; import java.util.HashMap; import java.util.ArrayList; import java.net.URL; import sun.security.util.Debug; /** * This class extends ClassLoader with additional support for defining * classes with an associated code source and permissions which are * retrieved by the system policy by default. * * @version 1.85, 05/05/04 * @author Li Gong * @author Roland Schemers */ public class SecureClassLoader extends ClassLoader { /* * If initialization succeed this is set to true and security checks will * succeed. Otherwise the object is not initialized and the object is * useless. */ private boolean initialized = false; // HashMap that maps CodeSource to ProtectionDomain private HashMap pdcache = new HashMap(11); private static final Debug debug = Debug.getInstance("scl"); /** * Creates a new SecureClassLoader using the specified parent * class loader for delegation. * *
If there is a security manager, this method first
* calls the security manager's checkCreateClassLoader
* method to ensure creation of a class loader is allowed.
*
* @param parent the parent ClassLoader
* @exception SecurityException if a security manager exists and its
* checkCreateClassLoader
method doesn't allow
* creation of a class loader.
* @see SecurityManager#checkCreateClassLoader
*/
protected SecureClassLoader(ClassLoader parent) {
super(parent);
// this is to make the stack depth consistent with 1.1
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkCreateClassLoader();
}
initialized = true;
}
/**
* Creates a new SecureClassLoader using the default parent class
* loader for delegation.
*
*
If there is a security manager, this method first
* calls the security manager's checkCreateClassLoader
* method to ensure creation of a class loader is allowed.
*
* @exception SecurityException if a security manager exists and its
* checkCreateClassLoader
method doesn't allow
* creation of a class loader.
* @see SecurityManager#checkCreateClassLoader
*/
protected SecureClassLoader() {
super();
// this is to make the stack depth consistent with 1.1
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkCreateClassLoader();
}
initialized = true;
}
/**
* Converts an array of bytes into an instance of class Class,
* with an optional CodeSource. Before the
* class can be used it must be resolved.
*
* If a non-null CodeSource is supplied a ProtectionDomain is * constructed and associated with the class being defined. *
* @param name the expected name of the class, or null
* if not known, using '.' and not '/' as the separator
* and without a trailing ".class" suffix.
* @param b the bytes that make up the class data. The bytes in
* positions off
through off+len-1
* should have the format of a valid class file as defined
* by the
* Java
* Virtual Machine Specification.
* @param off the start offset in b
of the class data
* @param len the length of the class data
* @param cs the associated CodeSource, or null
if none
* @return the Class
object created from the data,
* and optional CodeSource.
* @exception ClassFormatError if the data did not contain a valid class
* @exception IndexOutOfBoundsException if either off
or
* len
is negative, or if
* off+len
is greater than b.length
.
*
* @exception SecurityException if an attempt is made to add this class
* to a package that contains classes that were signed by
* a different set of certificates than this class, or if
* the class name begins with "java.".
*/
protected final Class> defineClass(String name,
byte[] b, int off, int len,
CodeSource cs)
{
if (cs == null)
return defineClass(name, b, off, len);
else
return defineClass(name, b, off, len, getProtectionDomain(cs));
}
/**
* Converts a {@link java.nio.ByteBuffer ByteBuffer}
* into an instance of class Class, with an optional CodeSource.
* Before the class can be used it must be resolved.
*
* If a non-null CodeSource is supplied a ProtectionDomain is * constructed and associated with the class being defined. *
* @param name the expected name of the class, or null
* if not known, using '.' and not '/' as the separator
* and without a trailing ".class" suffix.
* @param b the bytes that make up the class data. The bytes from positions
* b.position() through b.position() + b.limit() -1
* should have the format of a valid class file as defined by the
* Java Virtual
* Machine Specification.
* @param cs the associated CodeSource, or null
if none
* @return the Class
object created from the data,
* and optional CodeSource.
* @exception ClassFormatError if the data did not contain a valid class
* @exception SecurityException if an attempt is made to add this class
* to a package that contains classes that were signed by
* a different set of certificates than this class, or if
* the class name begins with "java.".
*
* @since 1.5
*/
protected final Class> defineClass(String name, java.nio.ByteBuffer b,
CodeSource cs)
{
if (cs == null)
return defineClass(name, b, (ProtectionDomain)null);
else
return defineClass(name, b, getProtectionDomain(cs));
}
/**
* Returns the permissions for the given CodeSource object.
*
* This method is invoked by the defineClass method which takes * a CodeSource as an argument when it is constructing the * ProtectionDomain for the class being defined. *
* @param codesource the codesource. * * @return the permissions granted to the codesource. * */ protected PermissionCollection getPermissions(CodeSource codesource) { check(); return new Permissions(); // ProtectionDomain defers the binding } /* * Returned cached ProtectionDomain for the specified CodeSource. */ private ProtectionDomain getProtectionDomain(CodeSource cs) { if (cs == null) return null; ProtectionDomain pd = null; synchronized (pdcache) { pd = (ProtectionDomain)pdcache.get(cs); if (pd == null) { PermissionCollection perms = getPermissions(cs); pd = new ProtectionDomain(cs, perms, this, null); if (pd != null) { pdcache.put(cs, pd); if (debug != null) { debug.println(" getPermissions "+ pd); debug.println(""); } } } } return pd; } /* * Check to make sure the class loader has been initialized. */ private void check() { if (!initialized) { throw new SecurityException("ClassLoader object not initialized"); } } }