001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.JavaDetector;
020    
021    import java.security.Permission;
022    
023    import sun.reflect.Reflection;
024    
025    /**
026     * @author Brian Wing Shun Chan
027     */
028    public class NetChecker extends BaseChecker {
029    
030            public void afterPropertiesSet() {
031            }
032    
033            public void checkPermission(Permission permission) {
034                    String name = permission.getName();
035    
036                    if (name.equals(NET_PERMISSION_GET_PROXY_SELECTOR)) {
037                            if (!hasGetProxySelector()) {
038                                    throwSecurityException(_log, "Attempted to get proxy selector");
039                            }
040                    }
041                    else if (name.equals(NET_PERMISSION_SPECIFY_STREAM_HANDLER)) {
042    
043                            // TODO
044    
045                    }
046            }
047    
048            protected boolean hasGetProxySelector() {
049                    if (JavaDetector.isJDK7()) {
050                            Class<?> callerClass8 = Reflection.getCallerClass(8);
051    
052                            String className8 = callerClass8.getName();
053    
054                            if (className8.startsWith(_CLASS_NAME_SOCKS_SOCKET_IMPL) &&
055                                    CheckerUtil.isAccessControllerDoPrivileged(9)) {
056    
057                                    logGetProxySelector(callerClass8, 8);
058    
059                                    return true;
060                            }
061                    }
062                    else {
063                            Class<?> callerClass7 = Reflection.getCallerClass(7);
064    
065                            String className7 = callerClass7.getName();
066    
067                            if (className7.startsWith(_CLASS_NAME_SOCKS_SOCKET_IMPL) &&
068                                    CheckerUtil.isAccessControllerDoPrivileged(8)) {
069    
070                                    logGetProxySelector(callerClass7, 7);
071    
072                                    return true;
073                            }
074                    }
075    
076                    return false;
077            }
078    
079            protected void logGetProxySelector(Class<?> callerClass, int frame) {
080                    if (_log.isInfoEnabled()) {
081                            _log.info(
082                                    "Allowing frame " + frame + " with caller " + callerClass +
083                                            " to get the proxy selector");
084                    }
085            }
086    
087            private static final String _CLASS_NAME_SOCKS_SOCKET_IMPL =
088                    "java.net.SocksSocketImpl$";
089    
090            private static Log _log = LogFactoryUtil.getLog(NetChecker.class);
091    
092    }