• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5  *
6  * This code is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 only, as
8  * published by the Free Software Foundation.  Oracle designates this
9  * particular file as subject to the "Classpath" exception as provided
10  * by Oracle in the LICENSE file that accompanied this code.
11  *
12  * This code is distributed in the hope that it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15  * version 2 for more details (a copy is included in the LICENSE file that
16  * accompanied this code).
17  *
18  * You should have received a copy of the GNU General Public License version
19  * 2 along with this work; if not, write to the Free Software Foundation,
20  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
21  *
22  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
23  * or visit www.oracle.com if you need additional information or have any
24  * questions.
25  */
26 
27 package java.security;
28 
29 import java.io.Serializable;
30 import java.util.Enumeration;
31 import java.util.Properties;
32 
33 /**
34  * <p>This class represents a scope for identities. It is an Identity
35  * itself, and therefore has a name and can have a scope. It can also
36  * optionally have a public key and associated certificates.
37  *
38  * <p>An IdentityScope can contain Identity objects of all kinds, including
39  * Signers. All types of Identity objects can be retrieved, added, and
40  * removed using the same methods. Note that it is possible, and in fact
41  * expected, that different types of identity scopes will
42  * apply different policies for their various operations on the
43  * various types of Identities.
44  *
45  * <p>There is a one-to-one mapping between keys and identities, and
46  * there can only be one copy of one key per scope. For example, suppose
47  * <b>Acme Software, Inc</b> is a software publisher known to a user.
48  * Suppose it is an Identity, that is, it has a public key, and a set of
49  * associated certificates. It is named in the scope using the name
50  * "Acme Software". No other named Identity in the scope has the same
51  * public  key. Of course, none has the same name as well.
52  *
53  * @see Identity
54  * @see Signer
55  * @see Principal
56  * @see Key
57  *
58  * @author Benjamin Renaud
59  *
60  * @deprecated This class is no longer used. Its functionality has been
61  * replaced by {@code java.security.KeyStore}, the
62  * {@code java.security.cert} package, and
63  * {@code java.security.Principal}.
64  */
65 @Deprecated
66 // Android-added: Identity is deprecated too, no need to warn here.
67 @SuppressWarnings("removal")
68 public abstract
69 class IdentityScope extends Identity {
70 
71     private static final long serialVersionUID = -2337346281189773310L;
72 
73     /* The system's scope */
74     private static IdentityScope scope;
75 
76     // initialize the system scope
initializeSystemScope()77     private static void initializeSystemScope() {
78 
79         String classname = AccessController.doPrivileged(
80                                 new PrivilegedAction<String>() {
81             public String run() {
82                 return Security.getProperty("system.scope");
83             }
84         });
85 
86         if (classname == null) {
87             return;
88 
89         } else {
90 
91             try {
92                 // Android-changed: Actually set the system scope after initializing it
93                 // Class.forName(classname);
94                 scope = (IdentityScope) Class.forName(classname).newInstance();
95             } catch (Exception e) {
96                 //Security.error("unable to establish a system scope from " +
97                 //             classname);
98                 e.printStackTrace();
99             }
100         }
101     }
102 
103     /**
104      * This constructor is used for serialization only and should not
105      * be used by subclasses.
106      */
IdentityScope()107     protected IdentityScope() {
108         this("restoring...");
109     }
110 
111     /**
112      * Constructs a new identity scope with the specified name.
113      *
114      * @param name the scope name.
115      */
IdentityScope(String name)116     public IdentityScope(String name) {
117         super(name);
118     }
119 
120     /**
121      * Constructs a new identity scope with the specified name and scope.
122      *
123      * @param name the scope name.
124      * @param scope the scope for the new identity scope.
125      *
126      * @exception KeyManagementException if there is already an identity
127      * with the same name in the scope.
128      */
IdentityScope(String name, IdentityScope scope)129     public IdentityScope(String name, IdentityScope scope)
130     throws KeyManagementException {
131         super(name, scope);
132     }
133 
134     /**
135      * Returns the system's identity scope.
136      *
137      * @return the system's identity scope, or {@code null} if none has been
138      *         set.
139      *
140      * @see #setSystemScope
141      */
getSystemScope()142     public static IdentityScope getSystemScope() {
143         if (scope == null) {
144             initializeSystemScope();
145         }
146         return scope;
147     }
148 
149 
150     /**
151      * Sets the system's identity scope.
152      *
153      * <p>First, if there is a security manager, its
154      * {@code checkSecurityAccess}
155      * method is called with {@code "setSystemScope"}
156      * as its argument to see if it's ok to set the identity scope.
157      *
158      * @param scope the scope to set.
159      *
160      * @exception  SecurityException  if a security manager exists and its
161      * {@code checkSecurityAccess} method doesn't allow
162      * setting the identity scope.
163      *
164      * @see #getSystemScope
165      * @see SecurityManager#checkSecurityAccess
166      */
setSystemScope(IdentityScope scope)167     protected static void setSystemScope(IdentityScope scope) {
168         check("setSystemScope");
169         IdentityScope.scope = scope;
170     }
171 
172     /**
173      * Returns the number of identities within this identity scope.
174      *
175      * @return the number of identities within this identity scope.
176      */
size()177     public abstract int size();
178 
179     /**
180      * Returns the identity in this scope with the specified name (if any).
181      *
182      * @param name the name of the identity to be retrieved.
183      *
184      * @return the identity named {@code name}, or null if there are
185      * no identities named {@code name} in this scope.
186      */
getIdentity(String name)187     public abstract Identity getIdentity(String name);
188 
189     /**
190      * Retrieves the identity whose name is the same as that of the
191      * specified principal. (Note: Identity implements Principal.)
192      *
193      * @param principal the principal corresponding to the identity
194      * to be retrieved.
195      *
196      * @return the identity whose name is the same as that of the
197      * principal, or null if there are no identities of the same name
198      * in this scope.
199      */
getIdentity(Principal principal)200     public Identity getIdentity(Principal principal) {
201         return getIdentity(principal.getName());
202     }
203 
204     /**
205      * Retrieves the identity with the specified public key.
206      *
207      * @param key the public key for the identity to be returned.
208      *
209      * @return the identity with the given key, or null if there are
210      * no identities in this scope with that key.
211      */
getIdentity(PublicKey key)212     public abstract Identity getIdentity(PublicKey key);
213 
214     /**
215      * Adds an identity to this identity scope.
216      *
217      * @param identity the identity to be added.
218      *
219      * @exception KeyManagementException if the identity is not
220      * valid, a name conflict occurs, another identity has the same
221      * public key as the identity being added, or another exception
222      * occurs. */
addIdentity(Identity identity)223     public abstract void addIdentity(Identity identity)
224     throws KeyManagementException;
225 
226     /**
227      * Removes an identity from this identity scope.
228      *
229      * @param identity the identity to be removed.
230      *
231      * @exception KeyManagementException if the identity is missing,
232      * or another exception occurs.
233      */
removeIdentity(Identity identity)234     public abstract void removeIdentity(Identity identity)
235     throws KeyManagementException;
236 
237     /**
238      * Returns an enumeration of all identities in this identity scope.
239      *
240      * @return an enumeration of all identities in this identity scope.
241      */
identities()242     public abstract Enumeration<Identity> identities();
243 
244     /**
245      * Returns a string representation of this identity scope, including
246      * its name, its scope name, and the number of identities in this
247      * identity scope.
248      *
249      * @return a string representation of this identity scope.
250      */
toString()251     public String toString() {
252         return super.toString() + "[" + size() + "]";
253     }
254 
check(String directive)255     private static void check(String directive) {
256         SecurityManager security = System.getSecurityManager();
257         if (security != null) {
258             security.checkSecurityAccess(directive);
259         }
260     }
261 
262 }
263