feat(jdk8): move files to new folder to avoid resources compiled.

2025-09-07 15:25:52 +08:00
parent 3f0047bf6f
commit 8c35cfb1c0
17415 changed files with 217 additions and 213 deletions
--- a/jdkSrc/jdk8/com/sun/jmx/remote/security/SubjectDelegator.java
+++ b/jdkSrc/jdk8/com/sun/jmx/remote/security/SubjectDelegator.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.jmx.remote.security;
+
+import java.security.AccessController;
+import java.security.AccessControlContext;
+import java.security.Permission;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import javax.security.auth.Subject;
+
+import javax.management.remote.SubjectDelegationPermission;
+
+import java.util.*;
+
+public class SubjectDelegator {
+    /* Return the AccessControlContext appropriate to execute an
+       operation on behalf of the delegatedSubject.  If the
+       authenticatedAccessControlContext does not have permission to
+       delegate to that subject, throw SecurityException.  */
+    public AccessControlContext
+        delegatedContext(AccessControlContext authenticatedACC,
+                         Subject delegatedSubject,
+                         boolean removeCallerContext)
+            throws SecurityException {
+
+        if (System.getSecurityManager() != null && authenticatedACC == null) {
+            throw new SecurityException("Illegal AccessControlContext: null");
+        }
+
+        // Check if the subject delegation permission allows the
+        // authenticated subject to assume the identity of each
+        // principal in the delegated subject
+        //
+        Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
+        final Collection<Permission> permissions = new ArrayList<>(ps.size());
+        for(Principal p : ps) {
+            final String pname = p.getClass().getName() + "." + p.getName();
+            permissions.add(new SubjectDelegationPermission(pname));
+        }
+        PrivilegedAction<Void> action =
+            new PrivilegedAction<Void>() {
+                public Void run() {
+                    for (Permission sdp : permissions) {
+                        AccessController.checkPermission(sdp);
+                    }
+                    return null;
+                }
+            };
+        AccessController.doPrivileged(action, authenticatedACC);
+
+        return getDelegatedAcc(delegatedSubject, removeCallerContext);
+    }
+
+    private AccessControlContext getDelegatedAcc(Subject delegatedSubject, boolean removeCallerContext) {
+        if (removeCallerContext) {
+            return JMXSubjectDomainCombiner.getDomainCombinerContext(delegatedSubject);
+        } else {
+            return JMXSubjectDomainCombiner.getContext(delegatedSubject);
+        }
+    }
+
+    /**
+     * Check if the connector server creator can assume the identity of each
+     * principal in the authenticated subject, i.e. check if the connector
+     * server creator codebase contains a subject delegation permission for
+     * each principal present in the authenticated subject.
+     *
+     * @return {@code true} if the connector server creator can delegate to all
+     * the authenticated principals in the subject. Otherwise, {@code false}.
+     */
+    public static synchronized boolean
+        checkRemoveCallerContext(Subject subject) {
+        try {
+            for (Principal p : getSubjectPrincipals(subject)) {
+                final String pname =
+                    p.getClass().getName() + "." + p.getName();
+                final Permission sdp =
+                    new SubjectDelegationPermission(pname);
+                AccessController.checkPermission(sdp);
+            }
+        } catch (SecurityException e) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Retrieves the {@linkplain Subject} principals
+     * @param subject The subject
+     * @return If the {@code Subject} is immutable it will return the principals directly.
+     *         If the {@code Subject} is mutable it will create an unmodifiable copy.
+     */
+    private static Collection<Principal> getSubjectPrincipals(Subject subject) {
+        if (subject.isReadOnly()) {
+            return subject.getPrincipals();
+        }
+
+        List<Principal> principals = Arrays.asList(subject.getPrincipals().toArray(new Principal[0]));
+        return Collections.unmodifiableList(principals);
+    }
+}