Migrate the security provider the latest felix version (FELIX-1101,FELIX-1577)
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@883923 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/framework.security/pom.xml b/framework.security/pom.xml
index 009f3d7..578694c 100644
--- a/framework.security/pom.xml
+++ b/framework.security/pom.xml
@@ -32,14 +32,14 @@
</description>
<dependencies>
<dependency>
- <groupId>${pom.groupId}</groupId>
+ <groupId>org.osgi</groupId>
<artifactId>org.osgi.core</artifactId>
- <version>1.2.0</version>
+ <version>4.1.0</version>
</dependency>
<dependency>
<groupId>${pom.groupId}</groupId>
<artifactId>org.apache.felix.framework</artifactId>
- <version>1.4.1</version>
+ <version>2.0.2</version>
<scope>provided</scope>
</dependency>
</dependencies>
diff --git a/framework.security/src/main/java/org/apache/felix/framework/SecurityActivator.java b/framework.security/src/main/java/org/apache/felix/framework/SecurityActivator.java
index fe8bcc9..f33b6fb 100644
--- a/framework.security/src/main/java/org/apache/felix/framework/SecurityActivator.java
+++ b/framework.security/src/main/java/org/apache/felix/framework/SecurityActivator.java
@@ -284,7 +284,7 @@
Bundle bundle = context.getBundle(Long.parseLong(id));
long timeLong = Long.parseLong(time);
if ((bundle == null) ||
- ((FelixBundle) bundle).getInfo().getLastModified() > timeLong)
+ (bundle.getLastModified() > timeLong))
{
continue;
}
diff --git a/framework.security/src/main/java/org/apache/felix/framework/SecurityProviderImpl.java b/framework.security/src/main/java/org/apache/felix/framework/SecurityProviderImpl.java
index 58efc4c..f7f4eb0 100644
--- a/framework.security/src/main/java/org/apache/felix/framework/SecurityProviderImpl.java
+++ b/framework.security/src/main/java/org/apache/felix/framework/SecurityProviderImpl.java
@@ -65,11 +65,9 @@
*/
public void checkBundle(Bundle bundle) throws Exception
{
- BundleInfo info = ((FelixBundle) bundle).getInfo();
-
m_parser.checkDNChains(
- (Long.toString(bundle.getBundleId()) + "-" + info.getLastModified()),
- info.getCurrentModule().getContentLoader());
+ (Long.toString(bundle.getBundleId()) + "-" + bundle.getLastModified()),
+ ((BundleImpl) bundle).getCurrentModule().getContent());
}
/**
@@ -78,11 +76,13 @@
public Object getSignerMatcher(final Bundle bundle)
{
return new SignerMatcher(Long.toString(bundle.getBundleId()),
- ((FelixBundle) bundle).getInfo().getLastModified(),
- ((FelixBundle) bundle).getInfo().getCurrentModule().getContentLoader(),
+ bundle.getLastModified(),
+ ((BundleImpl) bundle).getCurrentModule().getContent(),
m_parser);
}
+ ThreadLocal loopCheck = new ThreadLocal();
+
/**
* If we have a permissionadmin then ask that one first and have it
* decide in case there is a location bound. If not then either use its
@@ -92,12 +92,21 @@
public boolean hasBundlePermission(ProtectionDomain bundleProtectionDomain,
Permission permission, boolean direct)
{
+ if (loopCheck.get() != null)
+ {
+ return true;
+ }
+ else
+ {
+ loopCheck.set(this);
+ }
+ try
+ {
BundleProtectionDomain pd =
(BundleProtectionDomain) bundleProtectionDomain;
- FelixBundle bundle = pd.getBundle();
- BundleInfo info = bundle.getInfo();
+ BundleImpl bundle = pd.getBundle();
- if (info.getBundleId() == 0)
+ if (bundle.getBundleId() == 0)
{
return true;
}
@@ -108,7 +117,7 @@
if (m_pai != null)
{
result =
- m_pai.hasPermission(info.getLocation(), pd.getBundle(),
+ m_pai.hasPermission(bundle.getLocation(), pd.getBundle(),
permission, m_cpai, pd);
}
@@ -122,9 +131,9 @@
try
{
return m_cpai.hasPermission(bundle,
- info.getCurrentModule().getContentLoader(),
+ bundle.getCurrentModule().getContent(),
bundle.getBundleId() + "-" +
- info.getLastModified(),null, pd,
+ bundle.getLastModified(),null, pd,
permission, direct, m_pai);
}
catch (Exception e)
@@ -135,5 +144,8 @@
}
return false;
+ } finally {
+ loopCheck.set(null);
+ }
}
}
\ No newline at end of file
diff --git a/framework.security/src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java b/framework.security/src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java
index d5c5ed2..ad73e75 100644
--- a/framework.security/src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java
+++ b/framework.security/src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java
@@ -37,7 +37,7 @@
import org.apache.felix.framework.security.util.Permissions;
import org.apache.felix.framework.security.util.PropertiesCache;
import org.apache.felix.framework.util.IteratorToEnumeration;
-import org.apache.felix.moduleloader.IContentLoader;
+import org.apache.felix.moduleloader.IContent;
import org.osgi.framework.Bundle;
import org.osgi.service.condpermadmin.ConditionInfo;
import org.osgi.service.condpermadmin.ConditionalPermissionAdmin;
@@ -303,7 +303,7 @@
* @return true in case the permission is granted or there are postponed tuples
* false if not. Again, see the spec for more explanations.
*/
- public boolean hasPermission(Bundle felixBundle, IContentLoader loader, String root,
+ public boolean hasPermission(Bundle felixBundle, IContent content, String root,
String[] signers, ProtectionDomain pd, Permission permission,
boolean direct, Object admin)
{
@@ -352,7 +352,7 @@
// check the local permissions. they need to all the permission if there
// are any
- if (!m_localPermissions.implies(root, loader, felixBundle, permission))
+ if (!m_localPermissions.implies(root, content, felixBundle, permission))
{
return false;
}
diff --git a/framework.security/src/main/java/org/apache/felix/framework/security/util/LocalPermissions.java b/framework.security/src/main/java/org/apache/felix/framework/security/util/LocalPermissions.java
index 39f9a01..5f31205 100644
--- a/framework.security/src/main/java/org/apache/felix/framework/security/util/LocalPermissions.java
+++ b/framework.security/src/main/java/org/apache/felix/framework/security/util/LocalPermissions.java
@@ -33,7 +33,6 @@
import org.apache.felix.framework.security.util.Permissions;
import org.apache.felix.framework.security.util.PropertiesCache;
import org.apache.felix.moduleloader.IContent;
-import org.apache.felix.moduleloader.IContentLoader;
import org.osgi.framework.Bundle;
import org.osgi.service.permissionadmin.PermissionInfo;
@@ -82,7 +81,7 @@
* @param permission the permission to check
* @return true if implied by local permissions.
*/
- public boolean implies(String root, IContentLoader loader, Bundle bundle,
+ public boolean implies(String root, IContent content, Bundle bundle,
Permission permission)
{
PermissionInfo[] permissions = null;
@@ -92,11 +91,8 @@
if (!m_cache.containsKey(root))
{
InputStream in = null;
- IContent content = null;
try
{
- content = loader.getContent();
-
in = content.getEntryAsStream("OSGI-INF/permissions.perm");
if (in != null)
{
diff --git a/framework.security/src/main/java/org/apache/felix/framework/security/verifier/BundleDNParser.java b/framework.security/src/main/java/org/apache/felix/framework/security/verifier/BundleDNParser.java
index 73a751e..ef9f5d4 100644
--- a/framework.security/src/main/java/org/apache/felix/framework/security/verifier/BundleDNParser.java
+++ b/framework.security/src/main/java/org/apache/felix/framework/security/verifier/BundleDNParser.java
@@ -37,7 +37,6 @@
import org.apache.felix.framework.security.util.BundleInputStream;
import org.apache.felix.framework.security.util.TrustManager;
import org.apache.felix.moduleloader.IContent;
-import org.apache.felix.moduleloader.IContentLoader;
public final class BundleDNParser
{
@@ -98,7 +97,7 @@
}
}
- public void checkDNChains(String root, IContentLoader contentLoader) throws Exception
+ public void checkDNChains(String root, IContent content) throws Exception
{
synchronized (m_cache)
{
@@ -117,7 +116,7 @@
Exception org = null;
try
{
- result = _getDNChains(root, contentLoader.getContent());
+ result = _getDNChains(root, content);
}
catch (Exception ex)
{
@@ -135,7 +134,7 @@
}
}
- public String[] getDNChains(String root, IContentLoader bundleRevision)
+ public String[] getDNChains(String root, IContent bundleRevision)
{
synchronized (m_cache)
{
@@ -151,28 +150,15 @@
}
String[] result = new String[0];
-
- IContent content = null;
+
try
{
- content = bundleRevision.getContent();
- result = _getDNChains(root, content);
+ result = _getDNChains(root, bundleRevision);
}
catch (Exception ex)
{
// Ignore
}
- if (content != null)
- {
- try
- {
- content.close();
- }
- catch (Exception ex)
- {
- // Ignore
- }
- }
synchronized (m_cache)
{
diff --git a/framework.security/src/main/java/org/apache/felix/framework/security/verifier/SignerMatcher.java b/framework.security/src/main/java/org/apache/felix/framework/security/verifier/SignerMatcher.java
index a2d6915..98509d6 100644
--- a/framework.security/src/main/java/org/apache/felix/framework/security/verifier/SignerMatcher.java
+++ b/framework.security/src/main/java/org/apache/felix/framework/security/verifier/SignerMatcher.java
@@ -22,14 +22,14 @@
import java.util.Locale;
import java.util.Map;
-import org.apache.felix.moduleloader.IContentLoader;
+import org.apache.felix.moduleloader.IContent;
import org.apache.felix.moduleloader.IModule;
public final class SignerMatcher
{
private final String m_filter;
private final String m_root;
- private final IContentLoader m_archive;
+ private final IContent m_archive;
private final BundleDNParser m_parser;
private final long m_lastModified;
@@ -42,7 +42,7 @@
m_lastModified = 0;
}
- public SignerMatcher(String root, long lastModified, IContentLoader archive, BundleDNParser parser)
+ public SignerMatcher(String root, long lastModified, IContent archive, BundleDNParser parser)
{
m_filter = null;
m_root = root;
diff --git a/framework.security/src/main/java/org/osgi/service/condpermadmin/BundleLocationCondition.java b/framework.security/src/main/java/org/osgi/service/condpermadmin/BundleLocationCondition.java
index 6e6af96..3f66514 100644
--- a/framework.security/src/main/java/org/osgi/service/condpermadmin/BundleLocationCondition.java
+++ b/framework.security/src/main/java/org/osgi/service/condpermadmin/BundleLocationCondition.java
@@ -22,7 +22,6 @@
import java.security.PrivilegedAction;
import java.util.Hashtable;
-import org.apache.felix.framework.FilterImpl;
import org.osgi.framework.*;
/**
@@ -73,7 +72,7 @@
try
{
filter =
- new FilterImpl("(location=" + escapeLocation(args[0]) + ")");
+ FrameworkUtil.createFilter("(location=" + escapeLocation(args[0]) + ")");
}
catch (InvalidSyntaxException e)
{
diff --git a/framework.security/src/main/java/org/osgi/service/condpermadmin/BundleSignerCondition.java b/framework.security/src/main/java/org/osgi/service/condpermadmin/BundleSignerCondition.java
index a57e318..91f2854 100644
--- a/framework.security/src/main/java/org/osgi/service/condpermadmin/BundleSignerCondition.java
+++ b/framework.security/src/main/java/org/osgi/service/condpermadmin/BundleSignerCondition.java
@@ -26,9 +26,9 @@
import java.util.Dictionary;
import java.util.Hashtable;
-import org.apache.felix.framework.FilterImpl;
import org.osgi.framework.Bundle;
import org.osgi.framework.Filter;
+import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.InvalidSyntaxException;
/**
@@ -179,7 +179,7 @@
m_bundle = bundle;
try
{
- m_filter = new FilterImpl(filter);
+ m_filter = FrameworkUtil.createFilter(filter);
}
catch (InvalidSyntaxException e)
{