Overview  Package   Class  Tree  Deprecated  Index  Help  Legend 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

java.security
Class CodeSource

java.lang.Object
  |
  +--java.security.CodeSource
All Implemented Interfaces:
Serializable
public class CodeSource
extends Object
implements Serializable

Untamed:

This class extends the concept of a codebase to encapsulate not only the location (URL) but also the certificate(s) that were used to verify signed code originating from that location.

Version:
1.31, 12/03/01
Author:
Li Gong, Roland Schemers
See Also:
Serialized Form

Field Summary
private  java.security.cert.Certificate[] certs
           
private  URL location
          The code location.
private  SocketPermission sp
           
 
Constructor Summary
CodeSource(URL url, java.security.cert.Certificate[] certs)
          Enabled: Constructs a CodeSource and associates it with the specified location and set of certificates.
 
Method Summary
 boolean equals(Object obj)
          Suppressed: Tests for equality between the specified object and this object.
 java.security.cert.Certificate[] getCertificates()
          Enabled: Returns the certificates associated with this CodeSource.
 URL getLocation()
          Enabled: Returns the location associated with this CodeSource.
 int hashCode()
          Suppressed: Returns the hash code value for this object.
 boolean implies(CodeSource codesource)
          Enabled: Returns true if this CodeSource object "implies" the specified CodeSource.
private  boolean matchCerts(CodeSource that)
          Returns true if all the certs in this CodeSource are also in that.
private  boolean matchLocation(CodeSource that)
          Returns true if two CodeSource's have the "same" location.
private  void readObject(ObjectInputStream ois)
          Restores this object from a stream (i.e., deserializes it).
 String toString()
          Suppressed: Returns a string describing this CodeSource, telling its URL and certificates.
private  void writeObject(ObjectOutputStream oos)
          Writes this object out to a stream (i.e., serializes it).
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

location

private URL location
The code location.

certs

private transient java.security.cert.Certificate[] certs

sp

private transient SocketPermission sp
Constructor Detail

CodeSource

public CodeSource(URL url,
                  java.security.cert.Certificate[] certs)
Enabled: Constructs a CodeSource and associates it with the specified location and set of certificates.

Parameters:
url - the location (URL).
certs - the certificate(s).
Method Detail

hashCode

public int hashCode()
Suppressed: Returns the hash code value for this object.

Overrides:
hashCode in class Object
Returns:
a hash code value for this object.
See Also:
java.lang.Object#equals(java.lang.Object), java.util.Hashtable

equals

public boolean equals(Object obj)
Suppressed: Tests for equality between the specified object and this object. Two CodeSource objects are considered equal if their locations are of identical value and if the two sets of certificates are of identical values. It is not required that the certificates be in the same order.

Overrides:
equals in class Object
Parameters:
obj - the object to test for equality with this object.
Returns:
true if the objects are considered equal, false otherwise.
See Also:
Object.hashCode(), java.util.Hashtable

getLocation

public final URL getLocation()
Enabled: Returns the location associated with this CodeSource.

Returns:
the location (URL).

getCertificates

public final java.security.cert.Certificate[] getCertificates()
Enabled: Returns the certificates associated with this CodeSource.

Returns:
the certificates

implies

public boolean implies(CodeSource codesource)
Enabled: Returns true if this CodeSource object "implies" the specified CodeSource.

More specifically, this method makes the following checks, in order. If any fail, it returns false. If they all succeed, it returns true.

  1. codesource must not be null.
  2. If this object's certificates are not null, then all of this object's certificates must be present in codesource's certificates.
  3. If this object's location (getLocation()) is not null, then the following checks are made against this object's location and codesource's:

    1. codesource's location must not be null.
    2. If this object's location equals codesource's location, then return true.
    3. This object's protocol (getLocation().getProtocol()) must be equal to codesource's protocol.
    4. If this object's host (getLocation().getHost()) is not null, then the SocketPermission constructed with this object's host must imply the SocketPermission constructed with codesource's host.
    5. If this object's port (getLocation().getPort()) is not equal to -1 (that is, if a port is specified), it must equal codesource's port.
    6. If this object's file (getLocation().getFile()) doesn't equal codesource's file, then the following checks are made: If this object's file ends with "/-", then codesource's file must start with this object's file (exclusive the trailing "-"). If this object's file ends with a "/*", then codesource's file must start with this object's file and must not have any further "/" separators. If this object's file doesn't end with a "/", then codesource's file must match this object's file with a '/' appended.
    7. If this object's reference (getLocation().getRef()) is not null, it must equal codesource's reference.

For example, the codesource objects with the following locations and null certificates all imply the codesource with the location "http://java.sun.com/classes/foo.jar" and null certificates: 

     http:
     http://*.sun.com/classes/*
     http://java.sun.com/classes/-
     http://java.sun.com/classes/foo.jar
Note that if this CodeSource has a null location and a null certificate chain, then it implies every other CodeSource.

Parameters:
codesource - CodeSource to compare against.
Returns:
true if the specified codesource is implied by this codesource, false if not.

matchCerts

private boolean matchCerts(CodeSource that)
Returns true if all the certs in this CodeSource are also in that.

Parameters:
that - the CodeSource to check against.

matchLocation

private boolean matchLocation(CodeSource that)
Returns true if two CodeSource's have the "same" location.

Parameters:
that - CodeSource to compare against

toString

public String toString()
Suppressed: Returns a string describing this CodeSource, telling its URL and certificates.

Overrides:
toString in class Object
Returns:
information about this CodeSource.

writeObject

private void writeObject(ObjectOutputStream oos)
                  throws IOException
Writes this object out to a stream (i.e., serializes it).

IOException

readObject

private void readObject(ObjectInputStream ois)
                 throws IOException,
                        ClassNotFoundException
Restores this object from a stream (i.e., deserializes it).

IOException
ClassNotFoundException
Overview  Package   Class  Tree  Deprecated  Index  Help  Legend 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
comments?