1 package es.caib.signatura.impl;
2
3 import java.io.FileDescriptor;
4 import java.io.FilePermission;
5 import java.net.InetAddress;
6 import java.security.AccessController;
7 import java.security.Permission;
8 import java.security.PrivilegedAction;
9 import java.security.SecurityPermission;
10
11 public class CAIBSecurityManager extends java.lang.SecurityManager {
12 private java.lang.SecurityManager proxy;
13 private static boolean isRegistered = false;
14 private ClassLoader trustedClassLoader;
15 private ClassLoader systemClassLoader;
16 private ThreadLocal checkIn = new ThreadLocal() {
17 private boolean ckechInBoolean = false;
18 protected synchronized Object initialValue() {
19 return new Boolean(ckechInBoolean);
20 }
21 public synchronized void set(Object booleanObject) {
22 if(booleanObject != null){
23 if(booleanObject instanceof Boolean){
24 Boolean booleanValue = (Boolean)booleanObject;
25 ckechInBoolean = booleanValue.booleanValue();
26 }
27 }
28 }
29 public synchronized Object get() {
30 return new Boolean(ckechInBoolean);
31 }
32 };
33
34
35 private boolean hasAllPermission ()
36 {
37 if ( getInCheck() )
38 return true;
39 try{
40 checkIn.set(new Boolean(true));
41 Class classes [] = getClassContext();
42 for (int i = classes.length - 1; i >= 0; i--)
43 {
44 try{
45 ClassLoader cl = classes[i].getClassLoader();
46 if (classes[i] != CAIBSecurityManager.class &&
47 cl == CAIBSecurityManager.class.getClassLoader() &&
48 classes[i].getPackage().getName().startsWith("es.caib.signatura."))
49 {
50 checkIn.set(new Boolean(false));
51 return true;
52 }
53 }catch(Exception e){
54 System.out.println("WARNING. Excepcion en security manager:");
55 e.printStackTrace(System.out);
56
57
58
59
60
61 }
62 }
63 }finally{
64 checkIn.set(new Boolean(false));
65 }
66 return false;
67 }
68
69
70 public static void register ()
71 {
72 AccessController.doPrivileged(
73 new PrivilegedAction() {
74 public Object run() {
75 try {
76 if ( ! isRegistered && System.getSecurityManager() != null)
77 {
78 System.setSecurityManager( new CAIBSecurityManager (System.getSecurityManager()));
79 isRegistered = true;
80 }
81 } catch (Throwable t) {
82 t.printStackTrace() ;
83 }
84 return null;
85 };
86 }
87 );
88 }
89
90 public CAIBSecurityManager(java.lang.SecurityManager proxy) {
91 this.proxy = proxy;
92 try {
93 trustedClassLoader = ClassLoaderFactory.getFactory().getMasterClassLoader();
94 systemClassLoader = getClass().getClassLoader();
95 } catch (Throwable e) {
96 e.printStackTrace();
97 }
98 }
99
100 public void checkAccept(String host, int port) {
101 proxy.checkAccept(host, port);
102 }
103
104 public void checkAccess(Thread t) {
105 proxy.checkAccess(t);
106 }
107
108 public void checkAccess(ThreadGroup g) {
109 proxy.checkAccess(g);
110 }
111
112 public void checkAwtEventQueueAccess() {
113 proxy.checkAwtEventQueueAccess();
114 }
115
116 public void checkConnect(String host, int port, Object context) {
117 if (! hasAllPermission())
118 proxy.checkConnect(host, port, context);
119 }
120
121 public void checkConnect(String host, int port) {
122 if (hasAllPermission())
123 return;
124 proxy.checkConnect(host, port);
125 }
126
127 public void checkCreateClassLoader() {
128 if (!hasAllPermission())
129 proxy.checkCreateClassLoader();
130 }
131
132 public void checkDelete(String file) {
133 if (hasAllPermission() &&
134 file.startsWith(System.getProperty("java.io.tmpdir")) &&
135 file.endsWith("pkcs11.cfg"))
136 return;
137 proxy.checkDelete(file);
138 }
139
140 public void checkExec(String cmd) {
141 if (! hasAllPermission())
142 proxy.checkExec(cmd);
143 }
144
145 public void checkExit(int status) {
146 proxy.checkExit(status);
147 }
148
149 public void checkLink(String lib) {
150 if (! hasAllPermission())
151 proxy.checkLink(lib);
152 }
153
154 public void checkListen(int port) {
155 proxy.checkListen(port);
156 }
157
158 public void checkMemberAccess(Class arg0, int arg1) {
159 if(hasAllPermission()){
160 return;
161 }
162 proxy.checkMemberAccess(arg0, arg1);
163 }
164
165 public void checkMulticast(InetAddress maddr, byte ttl) {
166 proxy.checkMulticast(maddr, ttl);
167 }
168
169 public void checkMulticast(InetAddress maddr) {
170 proxy.checkMulticast(maddr);
171 }
172
173 public void checkPackageAccess(String pkg) {
174 if(hasAllPermission()){
175 return;
176 }
177 if (pkg.startsWith("sun.security.pkcs11")){
178 return ;
179 }
180 proxy.checkPackageAccess(pkg);
181
182 }
183
184 public void checkPackageDefinition(String pkg) {
185 proxy.checkPackageDefinition(pkg);
186 }
187
188 public void checkPermission(Permission perm, Object context) {
189 if( perm instanceof java.util.logging.LoggingPermission && hasAllPermission()){
190 return;
191 }
192 if(perm instanceof java.lang.RuntimePermission && hasAllPermission()){
193 return;
194 }
195 proxy.checkPermission(perm, context);
196 }
197
198 public void checkPermission(Permission perm) {
199 if (perm instanceof FilePermission)
200 {
201 FilePermission fperm = (FilePermission) perm;
202 if ("read".equals(fperm.getActions()) && hasAllPermission())
203 {
204 return;
205 }
206 }
207 if (perm instanceof SecurityPermission && perm.getName().startsWith("authProvider.SunPKCS11-"))
208 return;
209
210 if(perm instanceof java.util.logging.LoggingPermission && hasAllPermission()){
211 return;
212 }
213 if(perm instanceof java.lang.RuntimePermission && hasAllPermission()){
214 return;
215 }
216
217
218 if(perm instanceof java.net.NetPermission && "specifyStreamHandler".equals(perm.getName()) && hasAllPermission()){
219 return;
220 }
221
222 proxy.checkPermission(perm);
223 }
224
225 public void checkPrintJobAccess() {
226 proxy.checkPrintJobAccess();
227 }
228
229 public void checkPropertiesAccess() {
230 if (! hasAllPermission())
231 proxy.checkPropertiesAccess();
232 }
233
234 public void checkPropertyAccess(String key) {
235
236 if (! hasAllPermission())
237 proxy.checkPropertyAccess(key);
238 }
239
240 public void checkRead(FileDescriptor fd) {
241
242 if (! hasAllPermission())
243 proxy.checkRead(fd);
244 }
245
246 public void checkRead(String file, Object context) {
247
248 if (! hasAllPermission())
249 proxy.checkRead(file, context);
250 }
251
252 public void checkRead(String file) {
253
254 if (! hasAllPermission())
255 proxy.checkRead(file);
256 }
257
258 public void checkSecurityAccess(String target) {
259 if ( (target.startsWith("putProviderProperty.") ||
260 target.startsWith ("insertProvider.")) &&
261 hasAllPermission())
262 {
263 return ;
264 }
265 proxy.checkSecurityAccess(target);
266 }
267
268 public void checkSetFactory() {
269
270 proxy.checkSetFactory();
271 }
272
273 public void checkSystemClipboardAccess() {
274
275 proxy.checkSystemClipboardAccess();
276 }
277
278 public boolean checkTopLevelWindow(Object window) {
279
280 return proxy.checkTopLevelWindow(window);
281 }
282
283 public void checkWrite(FileDescriptor fd) {
284
285 if(hasAllPermission()) return;
286 proxy.checkWrite(fd);
287 }
288
289 public void checkWrite(String file) {
290 if (hasAllPermission() && (
291 file.startsWith(System.getProperty("java.io.tmpdir")) &&
292 file.endsWith("pkcs11.cfg") ||
293 file.equals(System.getProperty("java.home")+"/lib/signaturacaib/signatura_api.properties") ||
294 file.contains("serviceLog.txt")
295 )
296 )
297 return;
298 proxy.checkWrite(file);
299 }
300
301 public boolean equals(Object obj) {
302
303 return proxy.equals(obj);
304 }
305
306 public boolean getInCheck() {
307 boolean toReturn = false;
308 if(checkIn.get() != null){
309 if(checkIn.get() instanceof Boolean){
310 if(((Boolean)checkIn.get()).booleanValue()){
311 toReturn = true;
312 }
313 }
314 }
315 toReturn = toReturn || proxy.getInCheck();
316 return toReturn;
317 }
318
319 public Object getSecurityContext() {
320
321 return proxy.getSecurityContext();
322 }
323
324 public ThreadGroup getThreadGroup() {
325 return proxy.getThreadGroup();
326 }
327
328 public int hashCode() {
329 return proxy.hashCode();
330 }
331
332 public String toString() {
333 return proxy.toString();
334 }
335
336 }