1 package groovy.lang;
2
3 import groovy.security.GroovyCodeSourcePermission;
4
5 import java.io.ByteArrayInputStream;
6 import java.io.File;
7 import java.io.FileInputStream;
8 import java.io.FileNotFoundException;
9 import java.io.IOException;
10 import java.io.InputStream;
11 import java.net.MalformedURLException;
12 import java.net.URL;
13 import java.security.AccessController;
14 import java.security.CodeSource;
15 import java.security.PrivilegedActionException;
16 import java.security.PrivilegedExceptionAction;
17 import java.security.cert.Certificate;
18
19 /***
20 * CodeSource wrapper class that allows specific security policies to be associated with a class
21 * compiled from groovy source.
22 *
23 * @author Steve Goetze
24 */
25 public class GroovyCodeSource {
26
27 /***
28 * The codeSource to be given the generated class. This can be used by policy file
29 * grants to administer security.
30 */
31 private CodeSource codeSource;
32 /*** The name given to the generated class */
33 private String name;
34 /*** The groovy source to be compiled and turned into a class */
35 private InputStream inputStream;
36 /*** The certificates used to sign the items from the codesource */
37 Certificate[] certs;
38
39 private File file;
40
41 public GroovyCodeSource(String script, String name, String codeBase) {
42 this(new ByteArrayInputStream(script.getBytes()), name, codeBase);
43 }
44
45 /***
46 * Construct a GroovyCodeSource for an inputStream of groovyCode that has an
47 * unknown provenance -- meaning it didn't come from a File or a URL (e.g. a String).
48 * The supplied codeBase will be used to construct a File URL that should match up
49 * with a java Policy entry that determines the grants to be associated with the
50 * class that will be built from the InputStream.
51 *
52 * The permission groovy.security.GroovyCodeSourcePermission will be used to determine if the given codeBase
53 * may be specified. That is, the current Policy set must have a GroovyCodeSourcePermission that implies
54 * the codeBase, or an exception will be thrown. This is to prevent callers from hijacking
55 * existing codeBase policy entries unless explicitly authorized by the user.
56 */
57 public GroovyCodeSource(InputStream inputStream, String name, String codeBase) {
58 this.inputStream = inputStream;
59 this.name = name;
60 SecurityManager sm = System.getSecurityManager();
61 if (sm != null) {
62 sm.checkPermission(new GroovyCodeSourcePermission(codeBase));
63 }
64 try {
65 this.codeSource = new CodeSource(new URL("file", "", codeBase), (java.security.cert.Certificate[])null);
66 } catch (MalformedURLException murle) {
67 throw new RuntimeException("A CodeSource file URL cannot be constructed from the supplied codeBase: " + codeBase);
68 }
69 }
70
71 /***
72 * Package private constructor called by GroovyClassLoader for signed jar entries
73 */
74 GroovyCodeSource(InputStream inputStream, String name, final File path, final Certificate[] certs) {
75 this.inputStream = inputStream;
76 this.name = name;
77 try {
78 this.codeSource = (CodeSource) AccessController.doPrivileged( new PrivilegedExceptionAction() {
79 public Object run() throws MalformedURLException {
80
81 return new CodeSource(path.toURI().toURL(), certs);
82 }
83 });
84 } catch (PrivilegedActionException pae) {
85
86 throw new RuntimeException("Could not construct a URL from: " + path);
87 }
88 }
89
90 public GroovyCodeSource(final File file) throws FileNotFoundException {
91 if (!file.exists())
92 throw new FileNotFoundException(file.toString() + " (" + file.getAbsolutePath() + ")");
93 else {
94 try {
95 if (!file.canRead())
96 throw new RuntimeException(file.toString() + " can not be read. Check the read permisson of the file \"" + file.toString() + "\" (" + file.getAbsolutePath() + ").");
97 }
98 catch (SecurityException e) {
99 throw e;
100 }
101 }
102
103
104 this.file = file;
105 this.inputStream = null;
106
107
108 try {
109 Object[] info = (Object[]) AccessController.doPrivileged( new PrivilegedExceptionAction() {
110 public Object run() throws MalformedURLException {
111 Object[] info = new Object[2];
112 info[0] = file.getAbsolutePath();
113
114 info[1] = new CodeSource(file.toURI().toURL(), (Certificate[]) null);
115 return info;
116 }
117 });
118 this.name = (String) info[0];
119 this.codeSource = (CodeSource) info[1];
120 } catch (PrivilegedActionException pae) {
121 throw new RuntimeException("Could not construct a URL from: " + file);
122 }
123 }
124
125 public GroovyCodeSource(URL url) throws IOException {
126 if (url == null) {
127 throw new RuntimeException("Could not construct a GroovyCodeSource from a null URL");
128 }
129 this.inputStream = url.openStream();
130 this.name = url.toExternalForm();
131 this.codeSource = new CodeSource(url, (java.security.cert.Certificate[])null);
132 }
133
134 CodeSource getCodeSource() {
135 return codeSource;
136 }
137
138 public InputStream getInputStream() {
139 try {
140 if (file!=null) return new FileInputStream(file);
141 } catch (FileNotFoundException fnfe) {}
142 return inputStream;
143 }
144
145 public String getName() {
146 return name;
147 }
148
149 public File getFile() {
150 return file;
151 }
152 }