This class extends the concept of a codebase to
encapsulate not only the location (URL) but also the certificate chains
that were used to verify signed code originating from that location.
| Method from java.security.CodeSource Detail: |
|---|
 public boolean equals(Object obj) {
if (obj == this)
return true;
// objects types must be equal
if (!(obj instanceof CodeSource))
return false;
CodeSource cs = (CodeSource) obj;
// URLs must match
if (location == null) {
// if location is null, then cs.location must be null as well
if (cs.location != null) return false;
} else {
// if location is not null, then it must equal cs.location
if (!location.equals(cs.location)) return false;
}
// certs must match
return matchCerts(cs, true);
}
Tests for equality between the specified object and this
object. Two CodeSource objects are considered equal if their
locations are of identical value and if their signer certificate
chains are of identical value. It is not required that
the certificate chains be in the same order. |
public final Certificate[] getCertificates() {
if (certs != null) {
return certs.clone();
} else if (signers != null) {
// Convert the code signers to certs
ArrayList< java.security.cert.Certificate > certChains =
new ArrayList< java.security.cert.Certificate >();
for (int i = 0; i < signers.length; i++) {
certChains.addAll(
signers[i].getSignerCertPath().getCertificates());
}
certs = certChains.toArray(
new java.security.cert.Certificate[certChains.size()]);
return certs.clone();
} else {
return null;
}
} Returns the certificates associated with this CodeSource.
If this CodeSource object was created using the
#CodeSource(URL url, CodeSigner[] signers)
constructor then its certificate chains are extracted and used to
create an array of Certificate objects. Each signer certificate is
followed by its supporting certificate chain (which may be empty).
Each signer certificate and its supporting certificate chain is ordered
bottom-to-top (i.e., with the signer certificate first and the (root)
certificate authority last). |
public final CodeSigner[] getCodeSigners() {
if (signers != null) {
return signers.clone();
} else if (certs != null) {
// Convert the certs to code signers
signers = convertCertArrayToSignerArray(certs);
return signers.clone();
} else {
return null;
}
} Returns the code signers associated with this CodeSource.
If this CodeSource object was created using the
#CodeSource(URL url, Certificate[] certs)
constructor then its certificate chains are extracted and used to
create an array of CodeSigner objects. Note that only X.509 certificates
are examined - all other certificate types are ignored. |
public final URL getLocation() {
/* since URL is practically immutable, returning itself is not
a security problem */
return this.location;
} Returns the location associated with this CodeSource. |
public int hashCode() {
if (location != null)
return location.hashCode();
else
return 0;
} Returns the hash code value for this object. |
public boolean implies(CodeSource codesource) {
if (codesource == null)
return false;
return matchCerts(codesource, false) && matchLocation(codesource);
} Returns true if this CodeSource object "implies" the specified CodeSource.
More specifically, this method makes the following checks, in order.
If any fail, it returns false. If they all succeed, it returns true.
- codesource must not be null.
- If this object's certificates are not null, then all
of this object's certificates must be present in codesource's
certificates.
- If this object's location (getLocation()) is not null, then the
following checks are made against this object's location and
codesource's:
- codesource's location must not be null.
- If this object's location
equals codesource's location, then return true.
- This object's protocol (getLocation().getProtocol()) must be
equal to codesource's protocol.
- If this object's host (getLocation().getHost()) is not null,
then the SocketPermission
constructed with this object's host must imply the
SocketPermission constructed with codesource's host.
- If this object's port (getLocation().getPort()) is not
equal to -1 (that is, if a port is specified), it must equal
codesource's port.
- If this object's file (getLocation().getFile()) doesn't equal
codesource's file, then the following checks are made:
If this object's file ends with "/-",
then codesource's file must start with this object's
file (exclusive the trailing "-").
If this object's file ends with a "/*",
then codesource's file must start with this object's
file and must not have any further "/" separators.
If this object's file doesn't end with a "/",
then codesource's file must match this object's
file with a '/' appended.
- If this object's reference (getLocation().getRef()) is
not null, it must equal codesource's reference.
For example, the codesource objects with the following locations
and null certificates all imply
the codesource with the location "http://java.sun.com/classes/foo.jar"
and null certificates:
http:
http://*.sun.com/classes/*
http://java.sun.com/classes/-
http://java.sun.com/classes/foo.jar
Note that if this CodeSource has a null location and a null
certificate chain, then it implies every other CodeSource. |
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("(");
sb.append(this.location);
if (this.certs != null && this.certs.length > 0) {
for (int i = 0; i < this.certs.length; i++) {
sb.append( " " + this.certs[i]);
}
} else if (this.signers != null && this.signers.length > 0) {
for (int i = 0; i < this.signers.length; i++) {
sb.append( " " + this.signers[i]);
}
} else {
sb.append(" < no signer certificates >");
}
sb.append(")");
return sb.toString();
} Returns a string describing this CodeSource, telling its
URL and certificates. |
java.security.CodeSource
Save This Page