001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.StringPool;
021    
022    import java.net.SocketPermission;
023    
024    import java.security.Permission;
025    import java.security.Permissions;
026    
027    /**
028     * @author Brian Wing Shun Chan
029     * @author Raymond Augé
030     */
031    public class SocketChecker extends BaseChecker {
032    
033            public void afterPropertiesSet() {
034                    initAcceptHostsAndPorts();
035                    initConnectHostsAndPorts();
036                    initListenPorts();
037            }
038    
039            public void checkPermission(Permission permission) {
040                    String actions = permission.getActions();
041                    String name = permission.getName();
042    
043                    if (!_permissions.implies(permission)) {
044                            throwSecurityException(
045                                    _log, "Attempted " + actions + " for address " + name);
046                    }
047            }
048    
049            @Override
050            public AuthorizationProperty generateAuthorizationProperty(
051                    Object... arguments) {
052    
053                    if ((arguments == null) || (arguments.length != 1) ||
054                            !(arguments[0] instanceof Permission)) {
055    
056                            return null;
057                    }
058    
059                    Permission permission = (Permission)arguments[0];
060    
061                    String actions = permission.getActions();
062    
063                    if (actions.equals(SOCKET_PERMISSION_RESOLVE)) {
064    
065                            // There is no need for an authorization property because this
066                            // action is always allowed
067    
068                            return null;
069                    }
070    
071                    String name = permission.getName();
072    
073                    int index = name.indexOf(StringPool.COLON);
074    
075                    int port = GetterUtil.getInteger(name.substring(index + 1));
076    
077                    String key = null;
078                    String value = null;
079    
080                    if (actions.contains(SOCKET_PERMISSION_ACCEPT)) {
081                            key = "security-manager-sockets-accept";
082                            value = name;
083                    }
084                    else if (actions.contains(SOCKET_PERMISSION_CONNECT)) {
085                            key = "security-manager-sockets-connect";
086                            value = name;
087                    }
088                    else if (actions.contains(SOCKET_PERMISSION_LISTEN)) {
089                            key = "security-manager-sockets-listen";
090                            value = String.valueOf(port);
091                    }
092                    else {
093                            return null;
094                    }
095    
096                    AuthorizationProperty authorizationProperty =
097                            new AuthorizationProperty();
098    
099                    authorizationProperty.setKey(key);
100                    authorizationProperty.setValue(value);
101    
102                    return authorizationProperty;
103            }
104    
105            protected void initAcceptHostsAndPorts() {
106                    String[] networkParts = getPropertyArray(
107                            "security-manager-sockets-accept");
108    
109                    for (String networkPart : networkParts) {
110                            initHostsAndPorts(networkPart, SOCKET_PERMISSION_ACCEPT);
111                    }
112            }
113    
114            protected void initConnectHostsAndPorts() {
115                    String[] networkParts = getPropertyArray(
116                            "security-manager-sockets-connect");
117    
118                    for (String networkPart : networkParts) {
119                            initHostsAndPorts(networkPart, SOCKET_PERMISSION_CONNECT);
120                    }
121            }
122    
123            protected void initHostsAndPorts(String networkPart, String action) {
124                    SocketPermission socketPermission = new SocketPermission(
125                            networkPart, action);
126    
127                    _permissions.add(socketPermission);
128            }
129    
130            protected void initListenPorts() {
131                    String[] listenParts = getPropertyArray(
132                            "security-manager-sockets-listen");
133    
134                    for (String listenPart : listenParts) {
135                            initListenPorts(listenPart);
136                    }
137            }
138    
139            protected void initListenPorts(String listenPart) {
140                    initHostsAndPorts("*:" + listenPart, SOCKET_PERMISSION_LISTEN);
141            }
142    
143            private static Log _log = LogFactoryUtil.getLog(SocketChecker.class);
144    
145            private Permissions _permissions = new Permissions();
146    
147    }