org.osgi.service.deploymentadmin.DeploymentAdminPermission Maven / Gradle / Ivy
/*
* Copyright (c) OSGi Alliance (2005, 2012). All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.osgi.service.deploymentadmin;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.PrivilegedAction;
import org.osgi.framework.Bundle;
/**
* DeploymentAdminPermission controls access to the Deployment Admin service.
*
*
* The permission uses a filter string formatted similarly to the
* {@link org.osgi.framework.Filter}. The filter determines the target of the
* permission. The {@code DeploymentAdminPermission} uses the {@code name} and
* the {@code signer} filter attributes only. The value of the {@code signer}
* attribute is matched against the signer chain (represented with its semicolon
* separated Distinguished Name chain) of the Deployment Package, and the value
* of the {@code name} attribute is matched against the value of the
* "DeploymentPackage-Name" manifest header of the Deployment Package. Example:
*
*
* - (signer=cn = Bugs Bunny, o = ACME, c = US)
* - (name=org.osgi.ExampleApp)
*
*
* Wildcards also can be used:
*
*
*
* (signer=cn=*,o=ACME,c=*)
*
*
* "cn" and "c" may have an arbitrary value
*
*
* (signer=*, o=ACME, c=US)
*
*
* Only the value of "o" and "c" are significant
*
*
* (signer=* ; ou=S & V, o=Tweety Inc., c=US)
*
*
* The first element of the certificate chain is not important, only the second
* (the Distinguished Name of the root certificate)
*
*
* (signer=- ; *, o=Tweety Inc., c=US)
*
*
* The same as the previous but '-' represents zero or more certificates,
* whereas the asterisk only represents a single certificate
*
*
* (name=*)
*
*
* The name of the Deployment Package doesn't matter
*
*
* (name=org.osgi.*)
*
*
* The name has to begin with "org.osgi."
*
*
* The following actions are allowed:
*
*
* list
*
* A holder of this permission can access the inventory information of the
* deployment packages selected by the <filter> string. The filter selects
* the deployment packages on which the holder of the permission can acquire
* detailed inventory information. See
* {@link DeploymentAdmin#getDeploymentPackage(Bundle)},
* {@link DeploymentAdmin#getDeploymentPackage(String)} and
* {@link DeploymentAdmin#listDeploymentPackages}.
*
*
* install
*
*
* A holder of this permission can install/update deployment packages if the
* deployment package satisfies the <filter> string. See
* {@link DeploymentAdmin#installDeploymentPackage}.
*
*
* uninstall
*
*
* A holder of this permission can uninstall deployment packages if the
* deployment package satisfies the <filter> string. See
* {@link DeploymentPackage#uninstall()}.
*
*
* uninstall_forced
*
*
* A holder of this permission can forcefully uninstall deployment packages if
* the deployment package satisfies the <filter> string. See
* {@link DeploymentPackage#uninstallForced()}.
*
*
* cancel
*
*
* A holder of this permission can cancel an active deployment action. This
* action being canceled could correspond to the install, update or uninstall of
* a deployment package that satisfies the <filter> string. See
* {@link DeploymentAdmin#cancel()}
*
*
* metadata
*
*
* A holder of this permission is able to retrieve metadata information about a
* Deployment Package (e.g. is able to ask its manifest headers). See
* {@link org.osgi.service.deploymentadmin.DeploymentPackage#getBundle(String)},
* {@link org.osgi.service.deploymentadmin.DeploymentPackage#getBundleInfos()},
* {@link org.osgi.service.deploymentadmin.DeploymentPackage#getHeader(String)},
* {@link org.osgi.service.deploymentadmin.DeploymentPackage#getResourceHeader(String, String)},
* {@link org.osgi.service.deploymentadmin.DeploymentPackage#getResourceProcessor(String)}, {@link org.osgi.service.deploymentadmin.DeploymentPackage#getResources()}
*
*
* The actions string is converted to lower case before processing.
*/
public final class DeploymentAdminPermission extends Permission {
/**
*
*/
private static final long serialVersionUID = 1L;
/**
* Constant String to the "install" action.
*
*
* @see DeploymentAdmin#installDeploymentPackage(InputStream)
*/
public static final String INSTALL = "install";
/**
* Constant String to the "list" action.
*
*
* @see DeploymentAdmin#listDeploymentPackages()
* @see DeploymentAdmin#getDeploymentPackage(String)
* @see DeploymentAdmin#getDeploymentPackage(Bundle)
*/
public static final String LIST = "list";
/**
* Constant String to the "uninstall" action.
*
*
* @see DeploymentPackage#uninstall()
*/
public static final String UNINSTALL = "uninstall";
/**
* Constant String to the "uninstall_forced" action.
*
*
* @see DeploymentPackage#uninstallForced()
*/
public static final String UNINSTALL_FORCED = "uninstall_forced";
/**
* Constant String to the "cancel" action.
*
*
* @see DeploymentAdmin#cancel()
*/
public static final String CANCEL = "cancel";
/**
* Constant String to the "metadata" action.
*
*
* @see org.osgi.service.deploymentadmin.DeploymentPackage#getBundle(String)
* @see org.osgi.service.deploymentadmin.DeploymentPackage#getBundleInfos()
* @see org.osgi.service.deploymentadmin.DeploymentPackage#getHeader(String)
* @see org.osgi.service.deploymentadmin.DeploymentPackage#getResourceHeader(String,
* String)
* @see org.osgi.service.deploymentadmin.DeploymentPackage#getResourceProcessor(String)
* @see org.osgi.service.deploymentadmin.DeploymentPackage#getResources()
*/
public static final String METADATA = "metadata";
private static final String delegateProperty = "org.osgi.vendor.deploymentadmin";
private static final Constructor constructor;
private final Permission delegate;
static {
constructor = (Constructor) AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
String pckg = System.getProperty(delegateProperty);
if (null == pckg)
throw new RuntimeException("Property '" + delegateProperty + "' is not set");
try {
Class c = Class.forName(pckg + ".DeploymentAdminPermission");
return c.getConstructor(new Class[] {String.class, String.class});
} catch (Exception e) {
throw new RuntimeException(e);
}
}
});
}
/**
* Creates a new {@code DeploymentAdminPermission} object for the given
* {@code name} and {@code action}.
*
* The {@code name} parameter identifies the target deployment package the
* permission relates to. The {@code actions} parameter contains the comma
* separated list of allowed actions.
*
* @param name filter string, must not be null.
* @param actions action string, must not be null. "*" means all the
* possible actions.
* @throws IllegalArgumentException if the filter is invalid, the list of
* actions contains unknown operations or one of the parameters is
* null
*/
public DeploymentAdminPermission(String name, String actions) {
super(name);
try {
try {
delegate = (Permission) constructor.newInstance(new Object[] {name, actions});
} catch (InvocationTargetException e) {
throw e.getTargetException();
}
} catch (Error e) {
throw e;
} catch (RuntimeException e) {
throw e;
} catch (Throwable e) {
throw new RuntimeException(e);
}
}
/**
* Checks two DeploymentAdminPermission objects for equality. Two permission
* objects are equal if:
*
*
*
* - their target filters are semantically equal and
* - their actions are the same
*
*
* @param obj The reference object with which to compare.
* @return true if the two objects are equal.
* @see java.lang.Object#equals(java.lang.Object)
*/
public boolean equals(Object obj) {
if (obj == this)
return true;
if (!(obj instanceof DeploymentAdminPermission))
return false;
DeploymentAdminPermission dap = (DeploymentAdminPermission) obj;
return delegate.equals(dap.delegate);
}
/**
* Returns hash code for this permission object.
*
* @return Hash code for this permission object.
* @see java.lang.Object#hashCode()
*/
public int hashCode() {
return delegate.hashCode();
}
/**
* Returns the String representation of the action list.
*
* The method always gives back the actions in the following (alphabetical)
* order:
* {@code cancel, install, list, metadata, uninstall, uninstall_forced}
*
* @return Action list of this permission instance. This is a
* comma-separated list that reflects the action parameter of the
* constructor.
* @see java.security.Permission#getActions()
*/
public String getActions() {
return delegate.getActions();
}
/**
* Checks if this DeploymentAdminPermission would imply the parameter
* permission.
*
* Precondition of the implication is that the action set of this permission
* is the superset of the action set of the other permission. Further rules
* of implication are determined by the {@link org.osgi.framework.Filter}
* rules and the "OSGi Service Platform, Core Specification Release 4,
* Chapter Certificate Matching".
*
*
* The allowed attributes are: {@code name} (the symbolic name of the
* deployment package) and {@code signer} (the signer of the deployment
* package). In both cases wildcards can be used.
*
*
* Examples:
*
*
* 1. DeploymentAdminPermission("(name=org.osgi.ExampleApp)", "list")
* 2. DeploymentAdminPermission("(name=org.osgi.ExampleApp)", "list, install")
* 3. DeploymentAdminPermission("(name=org.osgi.*)", "list")
* 4. DeploymentAdminPermission("(signer=*, o=ACME, c=US)", "list")
* 5. DeploymentAdminPermission("(signer=cn=Bugs Bunny, o=ACME, c=US)", "list")
*
*
*
*
* 1. implies 1.
* 2. implies 1.
* 1. doesn't implies 2.
* 3. implies 1.
* 4. implies 5.
*
*
* @param permission Permission to check.
* @return true if this DeploymentAdminPermission object implies the
* specified permission.
* @see java.security.Permission#implies(java.security.Permission)
* @see org.osgi.framework.Filter
*/
public boolean implies(Permission permission) {
if (!(permission instanceof DeploymentAdminPermission))
return false;
DeploymentAdminPermission dap = (DeploymentAdminPermission) permission;
return delegate.implies(dap.delegate);
}
/**
* Returns a new PermissionCollection object for storing
* DeploymentAdminPermission objects.
*
* @return The new PermissionCollection.
* @see java.security.Permission#newPermissionCollection()
*/
public PermissionCollection newPermissionCollection() {
return delegate.newPermissionCollection();
}
}