private Set<Long> parseMechanisms(String keyword) throws IOException { checkDup(keyword); Set<Long> mechs = new HashSet<Long>(); parseEquals(); parseOpenBraces(); while (true) { int token = nextToken(); if (isCloseBraces(token)) { break; } if (token == TT_EOL) { continue; } if (token != TT_WORD) { throw excToken("Expected mechanism, read"); } long mech = parseMechanism(st.sval); mechs.add(Long.valueOf(mech)); } if (DEBUG) { System.out.print("mechanisms: ["); for (Long mech : mechs) { System.out.print(Functions.getMechanismName(mech)); System.out.print(", "); } System.out.println("]"); } return mechs; }
private void checkStartup( Map<String, ServiceData> map, List<ServiceData> start, ServiceData sd, Set<ServiceData> cyclic) { if (sd.after.isEmpty() || start.contains(sd)) return; if (cyclic.contains(sd)) { reporter.error("Cyclic dependency for " + sd.name); return; } cyclic.add(sd); for (String dependsOn : sd.after) { if (dependsOn.equals("boot")) continue; ServiceData deps = map.get(dependsOn); if (deps == null) { reporter.error("No such service " + dependsOn + " but " + sd.name + " depends on it"); } else { checkStartup(map, start, deps, cyclic); } } start.add(sd); }
public boolean isProtectedMethod(String method) { boolean retval = false; if (protectedMethods.isEmpty() || protectedMethods.contains(method)) { retval = true; } return retval; }
/** * Adds <tt>listener</tt> to the list of {@link CapsVerListener}s that we notify when new features * occur and the version hash needs to be regenerated. The method would also notify * <tt>listener</tt> if our current caps version has been generated and is different than * <tt>null</tt>. * * @param listener the {@link CapsVerListener} we'd like to register. */ public void addCapsVerListener(CapsVerListener listener) { synchronized (capsVerListeners) { if (capsVerListeners.contains(listener)) return; capsVerListeners.add(listener); if (currentCapsVersion != null) listener.capsVerUpdated(currentCapsVersion); } }
boolean isEnabled(long m) { if (enabledMechanisms != null) { return enabledMechanisms.contains(Long.valueOf(m)); } if (disabledMechanisms != null) { return !disabledMechanisms.contains(Long.valueOf(m)); } return true; }
PKIXValidator(String variant, Collection trustedCerts) { super(TYPE_PKIX, variant); if (trustedCerts instanceof Set) { this.trustedCerts = (Set) trustedCerts; } else { this.trustedCerts = new HashSet(trustedCerts); } Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>(); for (Iterator t = trustedCerts.iterator(); t.hasNext(); ) { X509Certificate cert = (X509Certificate) t.next(); trustAnchors.add(new TrustAnchor(cert, null)); } try { parameterTemplate = new PKIXBuilderParameters(trustAnchors, null); } catch (InvalidAlgorithmParameterException e) { throw new RuntimeException("Unexpected error: " + e.toString(), e); } setDefaultParameters(variant); initCommon(); }
public static void loadPermissions(URL url) throws IOException, PermissionParseException { BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream())); String line; Pattern ignore = Pattern.compile("^\\s*(//.*)?$"); Pattern valid = Pattern.compile("^\\s*permission\\s+(\\S+)" + "(\\s+\"([^\"]*)\"(,\\s+\"([^\"]*)\")?)?;$"); Set<Permission> perms = new HashSet<Permission>(); while ((line = in.readLine()) != null) { if (ignore.matcher(line).matches()) { continue; } Matcher matcher = valid.matcher(line); if (!matcher.matches()) { throw new PermissionParseException("invalid syntax: " + line); } int nGroups = matcher.groupCount(); String type = matcher.group(1); String name = expand(nGroups >= 3 ? matcher.group(3) : null); String actions = expand(nGroups >= 5 ? matcher.group(5) : null); try { Permission perm = getPermission(type, name, actions); perms.add(perm); } catch (Throwable e) { String message = String.format( "could not instantiate permission: " + "type=%s name=%s actions=", type, name, actions); throw new PermissionParseException(message, e); } } in.close(); permSet.addAll(perms); }
protected static synchronized String checkCompressors(String compressors) { // Syntactic check of compressors Set<String> cset = new HashSet<>(); compressors = compressors.replace(',', ' '); compressors = compressors.replace('\t', ' '); String[] pieces = compressors.split("[ ]+"); for (String p : pieces) { for (String c : KNOWNCOMPRESSORS) { if (p.equalsIgnoreCase(c)) { cset.add(c); break; } } } StringBuilder buf = new StringBuilder(); for (String s : cset) { if (buf.length() > 0) buf.append(","); buf.append(s); } return buf.toString(); }
/** * Write the output file with a graph format. * * @param outputFileName the output file to write to * @param urlToImageFileMap the map of url's to image files * @param edgeList the list of sources and sinks to write */ public void writeDotFile( String outputFileName, Map<String, String> urlToImageFileMap, Map<String, Set<String>> edgeList) { try { File outputFile = new File(outputFileName); FileWriter fileWriter = new FileWriter(outputFile); fileWriter.write("digraph G {\n"); fileWriter.write(" node [shape=box];\n"); Set<String> urls = urlToImageFileMap.keySet(); for (String url : urls) { String hashedUrl = getHashCode(url); String imageFileName = urlToImageFileMap.get(url); fileWriter.write(" " + hashedUrl + "[label=\"\" image=\"" + imageFileName + "\"];\n"); } for (String url : urls) { Set<String> links = edgeList.get(url); if (links != null) { for (String link : links) { if (urls.contains(link)) { String hashUrlSource = getHashCode(url); String hashUrlSink = getHashCode(link); fileWriter.write(" " + hashUrlSource + " -> " + hashUrlSink + "\n"); } } } } fileWriter.write("}\n"); fileWriter.flush(); fileWriter.close(); System.out.println("Wrote results to [" + outputFileName + "]"); } catch (Exception e) { System.out.println("Exception writing the results to the output file: " + e); } }
PKIXValidator(String variant, PKIXBuilderParameters params) { super(TYPE_PKIX, variant); trustedCerts = new HashSet(); for (Iterator t = params.getTrustAnchors().iterator(); t.hasNext(); ) { TrustAnchor anchor = (TrustAnchor) t.next(); X509Certificate cert = anchor.getTrustedCert(); if (cert != null) { trustedCerts.add(cert); } } parameterTemplate = params; initCommon(); }
private void initCommon() { if (TRY_VALIDATOR == false) { return; } trustedSubjects = new HashMap<X500Principal, List<PublicKey>>(); for (Iterator t = trustedCerts.iterator(); t.hasNext(); ) { X509Certificate cert = (X509Certificate) t.next(); X500Principal dn = cert.getSubjectX500Principal(); List<PublicKey> keys; if (trustedSubjects.containsKey(dn)) { keys = trustedSubjects.get(dn); } else { keys = new ArrayList<PublicKey>(); trustedSubjects.put(dn, keys); } keys.add(cert.getPublicKey()); } try { factory = CertificateFactory.getInstance("X.509"); } catch (CertificateException e) { throw new RuntimeException("Internal error", e); } plugin = variant.equals(VAR_PLUGIN_CODE_SIGNING); }
/** * Creates an organization, its classification, and its services, and saves it to the registry. */ public String executePublish(String username, String password, String endpoint) { String id = null; RegistryService rs = null; BusinessLifeCycleManager blcm = null; BusinessQueryManager bqm = null; try { rs = connection.getRegistryService(); blcm = rs.getBusinessLifeCycleManager(); bqm = rs.getBusinessQueryManager(); System.out.println("Got registry service, query " + "manager, and life cycle manager"); // Get authorization from the registry PasswordAuthentication passwdAuth = new PasswordAuthentication(username, password.toCharArray()); Set creds = new HashSet(); creds.add(passwdAuth); connection.setCredentials(creds); System.out.println("Established security credentials"); // Get hardcoded strings from a ResourceBundle ResourceBundle bundle = ResourceBundle.getBundle("com.sun.cb.CoffeeRegistry"); // Create organization name and description Organization org = blcm.createOrganization(bundle.getString("org.name")); InternationalString s = blcm.createInternationalString(bundle.getString("org.description")); org.setDescription(s); // Create primary contact, set name User primaryContact = blcm.createUser(); PersonName pName = blcm.createPersonName(bundle.getString("person.name")); primaryContact.setPersonName(pName); // Set primary contact phone number TelephoneNumber tNum = blcm.createTelephoneNumber(); tNum.setNumber(bundle.getString("phone.number")); Collection phoneNums = new ArrayList(); phoneNums.add(tNum); primaryContact.setTelephoneNumbers(phoneNums); // Set primary contact email address EmailAddress emailAddress = blcm.createEmailAddress(bundle.getString("email.address")); Collection emailAddresses = new ArrayList(); emailAddresses.add(emailAddress); primaryContact.setEmailAddresses(emailAddresses); // Set primary contact for organization org.setPrimaryContact(primaryContact); // Set classification scheme to NAICS ClassificationScheme cScheme = bqm.findClassificationSchemeByName(null, bundle.getString("classification.scheme")); // Create and add classification Classification classification = (Classification) blcm.createClassification( cScheme, bundle.getString("classification.name"), bundle.getString("classification.value")); Collection classifications = new ArrayList(); classifications.add(classification); org.addClassifications(classifications); // Create services and service Collection services = new ArrayList(); Service service = blcm.createService(bundle.getString("service.name")); InternationalString is = blcm.createInternationalString(bundle.getString("service.description")); service.setDescription(is); // Create service bindings Collection serviceBindings = new ArrayList(); ServiceBinding binding = blcm.createServiceBinding(); is = blcm.createInternationalString(bundle.getString("service.binding")); binding.setDescription(is); binding.setValidateURI(false); binding.setAccessURI(endpoint); serviceBindings.add(binding); // Add service bindings to service service.addServiceBindings(serviceBindings); // Add service to services, then add services to organization services.add(service); org.addServices(services); // Add organization and submit to registry // Retrieve key if successful Collection orgs = new ArrayList(); orgs.add(org); BulkResponse response = blcm.saveOrganizations(orgs); Collection exceptions = response.getExceptions(); if (exceptions == null) { System.out.println("Organization saved"); Collection keys = response.getCollection(); Iterator keyIter = keys.iterator(); if (keyIter.hasNext()) { javax.xml.registry.infomodel.Key orgKey = (javax.xml.registry.infomodel.Key) keyIter.next(); id = orgKey.getId(); System.out.println("Organization key is " + id); } } else { Iterator excIter = exceptions.iterator(); Exception exception = null; while (excIter.hasNext()) { exception = (Exception) excIter.next(); System.err.println("Exception on save: " + exception.toString()); } } } catch (Exception e) { e.printStackTrace(); if (connection != null) { try { connection.close(); } catch (JAXRException je) { System.err.println("Connection close failed"); } } } return id; }
X509Certificate[] engineValidate(X509Certificate[] chain, Collection otherCerts, Object parameter) throws CertificateException { if ((chain == null) || (chain.length == 0)) { throw new CertificateException("null or zero-length certificate chain"); } if (TRY_VALIDATOR) { // check that chain is in correct order and check if chain contains // trust anchor X500Principal prevIssuer = null; for (int i = 0; i < chain.length; i++) { X509Certificate cert = chain[i]; X500Principal dn = cert.getSubjectX500Principal(); if (i != 0 && !dn.equals(prevIssuer)) { // chain is not ordered correctly, call builder instead return doBuild(chain, otherCerts); } // Check if chain[i] is already trusted. It may be inside // trustedCerts, or has the same dn and public key as a cert // inside trustedCerts. The latter happens when a CA has // updated its cert with a stronger signature algorithm in JRE // but the weak one is still in circulation. if (trustedCerts.contains(cert) || // trusted cert (trustedSubjects.containsKey(dn) && // replacing ... trustedSubjects .get(dn) .contains( // ... weak cert cert.getPublicKey()))) { if (i == 0) { return new X509Certificate[] {chain[0]}; } // Remove and call validator on partial chain [0 .. i-1] X509Certificate[] newChain = new X509Certificate[i]; System.arraycopy(chain, 0, newChain, 0, i); return doValidate(newChain); } prevIssuer = cert.getIssuerX500Principal(); } // apparently issued by trust anchor? X509Certificate last = chain[chain.length - 1]; X500Principal issuer = last.getIssuerX500Principal(); X500Principal subject = last.getSubjectX500Principal(); if (trustedSubjects.containsKey(issuer) && isSignatureValid(trustedSubjects.get(issuer), last)) { return doValidate(chain); } // don't fallback to builder if called from plugin/webstart if (plugin) { // Validate chain even if no trust anchor is found. This // allows plugin/webstart to make sure the chain is // otherwise valid if (chain.length > 1) { X509Certificate[] newChain = new X509Certificate[chain.length - 1]; System.arraycopy(chain, 0, newChain, 0, newChain.length); // temporarily set last cert as sole trust anchor PKIXBuilderParameters params = (PKIXBuilderParameters) parameterTemplate.clone(); try { params.setTrustAnchors( Collections.singleton(new TrustAnchor(chain[chain.length - 1], null))); } catch (InvalidAlgorithmParameterException iape) { // should never occur, but ... throw new CertificateException(iape); } doValidate(newChain, params); } // if the rest of the chain is valid, throw exception // indicating no trust anchor was found throw new ValidatorException(ValidatorException.T_NO_TRUST_ANCHOR); } // otherwise, fall back to builder } return doBuild(chain, otherCerts); }
/** * Removes <tt>listener</tt> from the list of currently registered {@link CapsVerListener}s. * * @param listener the {@link CapsVerListener} we'd like to unregister. */ public void removeCapsVerListener(CapsVerListener listener) { synchronized (capsVerListeners) { capsVerListeners.remove(listener); } }
private void checkDup(String keyword) throws IOException { if (parsedKeywords.contains(keyword)) { throw excLine(keyword + " must only be specified once"); } }
private void parse() throws IOException { while (true) { int token = nextToken(); if (token == TT_EOF) { break; } if (token == TT_EOL) { continue; } if (token != TT_WORD) { throw excToken("Unexpected token:"); } String word = st.sval; if (word.equals("name")) { name = parseStringEntry(word); } else if (word.equals("library")) { library = parseLibrary(word); } else if (word.equals("description")) { parseDescription(word); } else if (word.equals("slot")) { parseSlotID(word); } else if (word.equals("slotListIndex")) { parseSlotListIndex(word); } else if (word.equals("enabledMechanisms")) { parseEnabledMechanisms(word); } else if (word.equals("disabledMechanisms")) { parseDisabledMechanisms(word); } else if (word.equals("attributes")) { parseAttributes(word); } else if (word.equals("handleStartupErrors")) { parseHandleStartupErrors(word); } else if (word.endsWith("insertionCheckInterval")) { insertionCheckInterval = parseIntegerEntry(word); if (insertionCheckInterval < 100) { throw excLine(word + " must be at least 100 ms"); } } else if (word.equals("showInfo")) { showInfo = parseBooleanEntry(word); } else if (word.equals("keyStoreCompatibilityMode")) { keyStoreCompatibilityMode = parseBooleanEntry(word); } else if (word.equals("explicitCancel")) { explicitCancel = parseBooleanEntry(word); } else if (word.equals("omitInitialize")) { omitInitialize = parseBooleanEntry(word); } else if (word.equals("allowSingleThreadedModules")) { allowSingleThreadedModules = parseBooleanEntry(word); } else if (word.equals("functionList")) { functionList = parseStringEntry(word); } else if (word.equals("nssUseSecmod")) { nssUseSecmod = parseBooleanEntry(word); } else if (word.equals("nssLibraryDirectory")) { nssLibraryDirectory = parseLibrary(word); nssUseSecmod = true; } else if (word.equals("nssSecmodDirectory")) { nssSecmodDirectory = expand(parseStringEntry(word)); nssUseSecmod = true; } else if (word.equals("nssModule")) { nssModule = parseStringEntry(word); nssUseSecmod = true; } else if (word.equals("nssDbMode")) { String mode = parseStringEntry(word); if (mode.equals("readWrite")) { nssDbMode = Secmod.DbMode.READ_WRITE; } else if (mode.equals("readOnly")) { nssDbMode = Secmod.DbMode.READ_ONLY; } else if (mode.equals("noDb")) { nssDbMode = Secmod.DbMode.NO_DB; } else { throw excToken("nssDbMode must be one of readWrite, readOnly, and noDb:"); } nssUseSecmod = true; } else if (word.equals("nssNetscapeDbWorkaround")) { nssNetscapeDbWorkaround = parseBooleanEntry(word); nssUseSecmod = true; } else if (word.equals("nssArgs")) { parseNSSArgs(word); } else if (word.equals("nssUseSecmodTrust")) { nssUseSecmodTrust = parseBooleanEntry(word); } else if (word.equals("useEcX963Encoding")) { useEcX963Encoding = parseBooleanEntry(word); } else if (word.equals("nssOptimizeSpace")) { nssOptimizeSpace = parseBooleanEntry(word); } else { throw new ConfigurationException("Unknown keyword '" + word + "', line " + st.lineno()); } parsedKeywords.add(word); } reader.close(); reader = null; st = null; parsedKeywords = null; if (name == null) { throw new ConfigurationException("name must be specified"); } if (nssUseSecmod == false) { if (library == null) { throw new ConfigurationException("library must be specified"); } } else { if (library != null) { throw new ConfigurationException("library must not be specified in NSS mode"); } if ((slotID != -1) || (slotListIndex != -1)) { throw new ConfigurationException( "slot and slotListIndex must not be specified in NSS mode"); } if (nssArgs != null) { throw new ConfigurationException("nssArgs must not be specified in NSS mode"); } if (nssUseSecmodTrust != false) { throw new ConfigurationException( "nssUseSecmodTrust is an " + "internal option and must not be specified in NSS mode"); } } }