PkgAgentSystem
Class AgentPolicy

java.lang.Object
  |
  +--java.security.Policy
        |
        +--PkgAgentSystem.PolicyByValue
              |
              +--PkgAgentSystem.AgentPolicy

public class AgentPolicy

extends PolicyByValue

The default policy for the agent system. Agent may NEVER get the following permissions (or security may be forfeit!):

• AllPermission() -> Obviously!
• RuntimePermission("grantPermissions"): Can modify permissions
• RuntimePermission("revokePermissions"): Can modify permissions
• RuntimePermission("setClassification"): Can change the classification of certificates, etc.
• RuntimePermission("createClassLoader"): Even creating a classloader is dangerous
• RuntimePermission("getClassLoader"): If the agent gets the classloader, it might gain access to another classloader (e. g. through getSuperClass()->getSystemClassLoader())
• RuntimePermission("setContextClassLoader"): Could set ClassLoader for system threads, ...
• RuntimePermission("setSecurityManager"): Obviously not allowed!
• RuntimePermission("createSecurityManager"): Not even creation allowed; may get access to information on other classes
• RuntimePermission("setFactory"): Could set a new Handler for sockets; this can allow loading classcode from other sources than intended
• RuntimePermission("defineClassInPackage.PkgAgentSystem.*"): No subclassing of system classes by agents
• SecurityPermission(): All of them except most getProperty
• SerializablePermission("enableSubstitution"): Replace objects during serialization
• SerializablePermission("enableSubclassImplementation"): Replace objects during serialization
• ReflectPermission("suppressAccessChecks"): Allows acces to private methods and fields
• NetPermission("specifyStreamHandler"): Might load different class code if allowed to change streamhandler
• ReflectPermission("suppressAccessChecks"): The caller of an object could disable security and get access to protected and private fields and methods

Agent SHOULD not get access (to be on the safe side) for agent security reasons to the following permissions:

• RuntimePermission("getProtectionDomain"): Even access to the protection domain should not be possible
• RuntimePermission("loadLibrary.{library name}"): Loading of certain libraries can be dangerous (depends on the library)
• RuntimePermission("accessClassInPackage.{library name}"): See above.
• RuntimePermission("defineClassInPackage.{library name}"): See above.
• RuntimePermission("accessDeclaredMembers"): Allows acces to the names of all methods and fields and allows calling the non-public methods and access to non-public variables
• FilePermission(....,"execute"): Allows executing the file and starting a new process for this.

Agents SHOULD not get access for general security considerations to the following permissions:

• RuntimePermission("setIO"): Redirection of System.in, out and err
• RuntimePermission("modifyThread"): Start, suspend, resume any thread in the system
• RuntimePermission("stopThread"): Stop any thread in the system
• RuntimePermission("modifyThreadGroup"): Create and modify groups of threads
• RuntimePermission("exitVM"): Could stop the whole system
• RuntimePermission("readFileDescriptor"): Read-access to files through a filedescriptor
• RuntimePermission("writeFileDescriptor"): Write-access to files through a filedescriptor
• NetPermission("setDefaultAuthenticator"): Could monitor the authentication to websites
• NetPermission("requestPasswordAuthentication"): Request the password used for authentication

Version:

1.0, 1.7.2000

Author:

Michael Sonntag

Fields inherited from class PkgAgentSystem.PolicyByValue

agentSystem, CHALLENGE_ERROR, CHALLENGE_FAILED, CHALLENGE_SUCCESS, NOT_CHALLENGED

Constructor Summary

AgentPolicy(AgentSystem agentSystem, Certificate systemOwner)
Creates a new policy.

AgentPolicy(AgentSystem agentSystem, Certificate systemOwner, double priceScale)
Creates a new policy.

Method Summary

protected boolean	checkCA(Certificate[] cert) Check a chain of certificates for validity and if the last one is a trusted certificate.
boolean	checkCertificate(Certificate cert) Checks whether a certificate is valid and trusted.
int	getCodeGroup(AgentData data) Returns the group for the code of the agent: 0: Unsigned or challange of private key failed 1: Code certificates present 2: Code certificates present and signed by know CA 3: No certificates but local code
int	getGroup(AgentData data) Returns the group an agent is in.
int	getOwnerGroup(AgentData data) Returns the group for the owner of the agent: 0: No owner certificate 1: Owner certificate present and valid 2: Owner certificate present and signed by known CA 3: Owner certificate is the system certificate
double	getPriceScale() Returns the global price scale.
void	refresh() Refreshes/reloads the policy configuration.

Methods inherited from class PkgAgentSystem.PolicyByValue

getAdditionalPermissions, getBasicPermissions, getCheapestPermission, getCheapestPermissionSet, getCheapestPrice, getCheapestSetPrice, getPermissions, getSetPrice, setPermissionsForGroup

Methods inherited from class java.security.Policy

getPolicy, getPolicyNoCheck, isSet, setPolicy

Methods inherited from class java.lang.Object

, clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AgentPolicy

public AgentPolicy(AgentSystem agentSystem,
                   Certificate systemOwner,
                   double priceScale)

Creates a new policy.

Parameters:

agentSystem - the agentsystem

systemOwner - certificate of the owner of the system (might be null

priceScale - scale for the price must be larger than 0.0

AgentPolicy

public AgentPolicy(AgentSystem agentSystem,
                   Certificate systemOwner)

Creates a new policy.

Parameters:

agentSystem - the agentsystem

systemOwner - certificate of the owner of the system (might be null

Method Detail

getPriceScale

public double getPriceScale()

Returns the global price scale.

Returns:

the scale for all prices

checkCertificate

public boolean checkCertificate(Certificate cert)

Checks whether a certificate is valid and trusted.

Parameters:

cert - the certificate to check

Returns:

true if the certificate is valid and trusted

getCodeGroup

public int getCodeGroup(AgentData data)

Returns the group for the code of the agent:
0: Unsigned or challange of private key failed 1: Code certificates present 2: Code certificates present and signed by know CA 3: No certificates but local code

Parameters:

data - the information on this agent

Returns:

the group according to the code

getOwnerGroup

public int getOwnerGroup(AgentData data)

Returns the group for the owner of the agent:
0: No owner certificate 1: Owner certificate present and valid 2: Owner certificate present and signed by known CA 3: Owner certificate is the system certificate

Parameters:

data - the information on this agent

Returns:

the group according to the owner

getGroup

public int getGroup(AgentData data)

Returns the group an agent is in.

Overrides:

getGroup in class PolicyByValue

Parameters:

data - the information on this agent

Returns:

the number of the security group the agent is in

refresh

public void refresh()

Refreshes/reloads the policy configuration.

Overrides:

refresh in class Policy

Throws:

SecurityException - if the current thread does not have permission to refresh this Policy object.

checkCA

protected boolean checkCA(Certificate[] cert)

Check a chain of certificates for validity and if the last one is a trusted certificate. Verifies that all certificates are in their valid timespan, each is signed by one other or by a trusted one. Currently ALL certificates must be of class X509Certificate.

Parameters:

cert - list of certficates. Must be ordered in the correct chain (each is signed by the public key of certificate with the next higher index)

Returns:

true if the verification succeeded

See Also:

X509Certificate