001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl.checker;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.StringPool;
021    
022    import java.net.SocketPermission;
023    
024    import java.security.Permission;
025    import java.security.Permissions;
026    
027    /**
028     * @author Brian Wing Shun Chan
029     * @author Raymond Augé
030     */
031    public class SocketChecker extends BaseChecker {
032    
033            public void afterPropertiesSet() {
034                    initAcceptHostsAndPorts();
035                    initConnectHostsAndPorts();
036                    initListenPorts();
037            }
038    
039            @Override
040            public AuthorizationProperty generateAuthorizationProperty(
041                    Object... arguments) {
042    
043                    if ((arguments == null) || (arguments.length != 1) ||
044                            !(arguments[0] instanceof Permission)) {
045    
046                            return null;
047                    }
048    
049                    Permission permission = (Permission)arguments[0];
050    
051                    String actions = permission.getActions();
052    
053                    if (actions.equals(SOCKET_PERMISSION_RESOLVE)) {
054    
055                            // There is no need for an authorization property because this
056                            // action is always allowed
057    
058                            return null;
059                    }
060    
061                    String name = permission.getName();
062    
063                    int index = name.indexOf(StringPool.COLON);
064    
065                    int port = GetterUtil.getInteger(name.substring(index + 1));
066    
067                    String key = null;
068                    String value = null;
069    
070                    if (actions.contains(SOCKET_PERMISSION_ACCEPT)) {
071                            key = "security-manager-sockets-accept";
072                            value = name;
073                    }
074                    else if (actions.contains(SOCKET_PERMISSION_CONNECT)) {
075                            key = "security-manager-sockets-connect";
076                            value = name;
077                    }
078                    else if (actions.contains(SOCKET_PERMISSION_LISTEN)) {
079                            key = "security-manager-sockets-listen";
080                            value = String.valueOf(port);
081                    }
082                    else {
083                            return null;
084                    }
085    
086                    AuthorizationProperty authorizationProperty =
087                            new AuthorizationProperty();
088    
089                    authorizationProperty.setKey(key);
090                    authorizationProperty.setValue(value);
091    
092                    return authorizationProperty;
093            }
094    
095            public boolean implies(Permission permission) {
096                    String actions = permission.getActions();
097                    String name = permission.getName();
098    
099                    if (!_permissions.implies(permission)) {
100                            logSecurityException(
101                                    _log, "Attempted " + actions + " for address " + name);
102    
103                            return false;
104                    }
105    
106                    return true;
107            }
108    
109            protected void initAcceptHostsAndPorts() {
110                    String[] networkParts = getPropertyArray(
111                            "security-manager-sockets-accept");
112    
113                    for (String networkPart : networkParts) {
114                            initHostsAndPorts(networkPart, SOCKET_PERMISSION_ACCEPT);
115                    }
116            }
117    
118            protected void initConnectHostsAndPorts() {
119                    String[] networkParts = getPropertyArray(
120                            "security-manager-sockets-connect");
121    
122                    for (String networkPart : networkParts) {
123                            initHostsAndPorts(networkPart, SOCKET_PERMISSION_CONNECT);
124                    }
125            }
126    
127            protected void initHostsAndPorts(String networkPart, String action) {
128                    SocketPermission socketPermission = new SocketPermission(
129                            networkPart, action);
130    
131                    _permissions.add(socketPermission);
132            }
133    
134            protected void initListenPorts() {
135                    String[] listenParts = getPropertyArray(
136                            "security-manager-sockets-listen");
137    
138                    for (String listenPart : listenParts) {
139                            initListenPorts(listenPart);
140                    }
141            }
142    
143            protected void initListenPorts(String listenPart) {
144                    initHostsAndPorts("*:" + listenPart, SOCKET_PERMISSION_LISTEN);
145            }
146    
147            private static Log _log = LogFactoryUtil.getLog(SocketChecker.class);
148    
149            private Permissions _permissions = new Permissions();
150    
151    }