001    /* SecureClassLoader.java --- A Secure Class Loader
002       Copyright (C) 1999, 2004, 2006  Free Software Foundation, Inc.
003    
004    This file is part of GNU Classpath.
005    
006    GNU Classpath is free software; you can redistribute it and/or modify
007    it under the terms of the GNU General Public License as published by
008    the Free Software Foundation; either version 2, or (at your option)
009    any later version.
010    
011    GNU Classpath is distributed in the hope that it will be useful, but
012    WITHOUT ANY WARRANTY; without even the implied warranty of
013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014    General Public License for more details.
015    
016    You should have received a copy of the GNU General Public License
017    along with GNU Classpath; see the file COPYING.  If not, write to the
018    Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
019    02110-1301 USA.
020    
021    Linking this library statically or dynamically with other modules is
022    making a combined work based on this library.  Thus, the terms and
023    conditions of the GNU General Public License cover the whole
024    combination.
025    
026    As a special exception, the copyright holders of this library give you
027    permission to link this library with independent modules to produce an
028    executable, regardless of the license terms of these independent
029    modules, and to copy and distribute the resulting executable under
030    terms of your choice, provided that you also meet, for each linked
031    independent module, the terms and conditions of the license of that
032    module.  An independent module is a module which is not derived from
033    or based on this library.  If you modify this library, you may extend
034    this exception to your version of the library, but you are not
035    obligated to do so.  If you do not wish to do so, delete this
036    exception statement from your version. */
037    
038    package java.security;
039    
040    import java.util.WeakHashMap;
041    
042    import java.nio.ByteBuffer;
043    import java.util.HashMap;
044    
045    /**
046     * A Secure Class Loader for loading classes with additional 
047     * support for specifying code source and permissions when
048     * they are retrieved by the system policy handler.
049     *
050     * @since 1.2
051     *
052     * @author Mark Benvenuto
053     */
054    public class SecureClassLoader extends ClassLoader
055    {
056      private final HashMap<CodeSource,ProtectionDomain> protectionDomainCache
057        = new HashMap<CodeSource, ProtectionDomain>();
058    
059      protected SecureClassLoader(ClassLoader parent)
060      {
061        super(parent);
062      }
063    
064      protected SecureClassLoader()
065      {
066      }
067    
068      /** 
069       * Creates a class using an array of bytes and a 
070       * CodeSource.
071       *
072       * @param name the name to give the class.  null if unknown.
073       * @param b the data representing the classfile, in classfile format.
074       * @param off the offset into the data where the classfile starts.
075       * @param len the length of the classfile data in the array.
076       * @param cs the CodeSource for the class or null when unknown.
077       *
078       * @return the class that was defined and optional CodeSource.
079       *
080       * @exception ClassFormatError if the byte array is not in proper classfile format.
081       */
082      protected final Class<?> defineClass(String name, byte[] b, int off, int len,
083                                        CodeSource cs)
084      {
085        return super.defineClass(name, b, off, len, getProtectionDomain(cs));
086      }
087    
088      /** 
089       * Creates a class using an ByteBuffer and a 
090       * CodeSource.
091       *
092       * @param name the name to give the class.  null if unknown.
093       * @param b the data representing the classfile, in classfile format.
094       * @param cs the CodeSource for the class or null when unknown.
095       *
096       * @return the class that was defined and optional CodeSource.
097       *
098       * @exception ClassFormatError if the byte array is not in proper classfile format.
099       *
100       * @since 1.5
101       */
102      protected final Class<?> defineClass(String name, ByteBuffer b, CodeSource cs)
103      {
104        return super.defineClass(name, b, getProtectionDomain(cs));
105      }
106    
107      /* Lookup or create a protection domain for the CodeSource,
108       * if CodeSource is null it will return null. */
109      private ProtectionDomain getProtectionDomain(CodeSource cs)
110      {
111        ProtectionDomain protectionDomain = null;
112        if (cs != null)
113          {
114            synchronized (protectionDomainCache)
115              {
116                protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs);
117              }
118    
119            if (protectionDomain == null)
120              {
121                protectionDomain 
122                  = new ProtectionDomain(cs, getPermissions(cs), this, null);
123                synchronized (protectionDomainCache)
124                  {
125                    ProtectionDomain domain 
126                      = (ProtectionDomain)protectionDomainCache.get(cs);
127                    if (domain == null)
128                      protectionDomainCache.put(cs, protectionDomain);
129                    else
130                      protectionDomain = domain;
131                  }
132              }
133          }
134        return protectionDomain;
135      }
136    
137      /**
138       * Returns a PermissionCollection for the specified CodeSource.
139       * The default implementation invokes 
140       * java.security.Policy.getPermissions.
141       *
142       * This method is called by defineClass that takes a CodeSource
143       * argument to build a proper ProtectionDomain for the class
144       * being defined.
145       */
146      protected PermissionCollection getPermissions(CodeSource cs)
147      {
148        Policy policy = Policy.getCurrentPolicy();
149        return policy.getPermissions(cs);
150      }
151    }