1 /*
2 * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import sun.security.util.Debug;
29
30 import java.util.Map;
31 import java.util.Objects;
32 import java.util.concurrent.ConcurrentHashMap;
33 import java.util.function.Function;
34
35 /**
36 * This class extends {@code ClassLoader} with additional support for defining
37 * classes with an associated code source and permissions which are
38 * retrieved by the system policy by default.
39 *
40 * @author Li Gong
41 * @author Roland Schemers
42 * @since 1.2
43 */
44 public class SecureClassLoader extends ClassLoader {
45
46 /*
47 * Map that maps the CodeSource to a ProtectionDomain. The key is a
48 * CodeSourceKey class that uses a {@code String} instead of a URL to avoid
49 * potential expensive name service lookups. This does mean that URLs that
50 * are equivalent after nameservice lookup will be placed in separate
51 * ProtectionDomains; however during policy enforcement these URLs will be
52 * canonicalized and resolved resulting in a consistent set of granted
53 * permissions.
243 return Objects.hashCode(cs.getLocationNoFragString());
244 }
245
246 @Override
247 public boolean equals(Object obj) {
248 if (obj == this) {
249 return true;
250 }
251
252 return obj instanceof CodeSourceKey other
253 && Objects.equals(cs.getLocationNoFragString(),
254 other.cs.getLocationNoFragString())
255 && cs.matchCerts(other.cs, true);
256 }
257 }
258
259 /**
260 * Called by the VM, during -Xshare:dump
261 */
262 private void resetArchivedStates() {
263 pdcache.clear();
264 }
265 }
|
1 /*
2 * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import sun.security.util.Debug;
29
30 import java.util.Map;
31 import java.util.Objects;
32 import java.util.concurrent.ConcurrentHashMap;
33 import java.util.function.Function;
34 import jdk.internal.misc.CDS;
35
36 /**
37 * This class extends {@code ClassLoader} with additional support for defining
38 * classes with an associated code source and permissions which are
39 * retrieved by the system policy by default.
40 *
41 * @author Li Gong
42 * @author Roland Schemers
43 * @since 1.2
44 */
45 public class SecureClassLoader extends ClassLoader {
46
47 /*
48 * Map that maps the CodeSource to a ProtectionDomain. The key is a
49 * CodeSourceKey class that uses a {@code String} instead of a URL to avoid
50 * potential expensive name service lookups. This does mean that URLs that
51 * are equivalent after nameservice lookup will be placed in separate
52 * ProtectionDomains; however during policy enforcement these URLs will be
53 * canonicalized and resolved resulting in a consistent set of granted
54 * permissions.
244 return Objects.hashCode(cs.getLocationNoFragString());
245 }
246
247 @Override
248 public boolean equals(Object obj) {
249 if (obj == this) {
250 return true;
251 }
252
253 return obj instanceof CodeSourceKey other
254 && Objects.equals(cs.getLocationNoFragString(),
255 other.cs.getLocationNoFragString())
256 && cs.matchCerts(other.cs, true);
257 }
258 }
259
260 /**
261 * Called by the VM, during -Xshare:dump
262 */
263 private void resetArchivedStates() {
264 if (CDS.isDumpingProtectionDomains()) {
265 if (System.getProperty("cds.debug.archived.protection.domains") != null) {
266 for (Map.Entry<CodeSourceKey, ProtectionDomain> entry : pdcache.entrySet()) {
267 CodeSourceKey key = entry.getKey();
268 System.out.println("Archiving ProtectionDomain " + key.cs + " for " + this);
269 }
270 }
271 } else {
272 pdcache.clear();
273 }
274 }
275 }
|