PkgAgentSystem
Class AgentPolicy
java.lang.Object
|
+--java.security.Policy
|
+--PkgAgentSystem.PolicyByValue
|
+--PkgAgentSystem.AgentPolicy
- public class AgentPolicy
- extends PolicyByValue
The default policy for the agent system.
Agent may NEVER get the following permissions (or security may be forfeit!):
- AllPermission() -> Obviously!
- RuntimePermission("grantPermissions"): Can modify permissions
- RuntimePermission("revokePermissions"): Can modify permissions
- RuntimePermission("setClassification"): Can change the classification of certificates, etc.
- RuntimePermission("createClassLoader"): Even creating a classloader is dangerous
- RuntimePermission("getClassLoader"): If the agent gets the classloader, it might gain access to another classloader (e. g. through getSuperClass()->getSystemClassLoader())
- RuntimePermission("setContextClassLoader"): Could set ClassLoader for system threads, ...
- RuntimePermission("setSecurityManager"): Obviously not allowed!
- RuntimePermission("createSecurityManager"): Not even creation allowed; may get access to information on other classes
- RuntimePermission("setFactory"): Could set a new Handler for sockets; this can allow loading classcode from other sources than intended
- RuntimePermission("defineClassInPackage.PkgAgentSystem.*"): No subclassing of system classes by agents
- SecurityPermission(): All of them except most getProperty
- SerializablePermission("enableSubstitution"): Replace objects during serialization
- SerializablePermission("enableSubclassImplementation"): Replace objects during serialization
- ReflectPermission("suppressAccessChecks"): Allows acces to private methods and fields
- NetPermission("specifyStreamHandler"): Might load different class code if allowed to change streamhandler
- ReflectPermission("suppressAccessChecks"): The caller of an object could disable security and get access to protected and private fields and methods
Agent SHOULD not get access (to be on the safe side) for agent security reasons to the following permissions:
- RuntimePermission("getProtectionDomain"): Even access to the protection domain should not be possible
- RuntimePermission("loadLibrary.{library name}"): Loading of certain libraries can be dangerous (depends on the library)
- RuntimePermission("accessClassInPackage.{library name}"): See above.
- RuntimePermission("defineClassInPackage.{library name}"): See above.
- RuntimePermission("accessDeclaredMembers"): Allows acces to the names of all methods and fields and allows calling the non-public methods and access to non-public variables
- FilePermission(....,"execute"): Allows executing the file and starting a new process for this.
Agents SHOULD not get access for general security considerations to the following permissions:
- RuntimePermission("setIO"): Redirection of System.in, out and err
- RuntimePermission("modifyThread"): Start, suspend, resume any thread in the system
- RuntimePermission("stopThread"): Stop any thread in the system
- RuntimePermission("modifyThreadGroup"): Create and modify groups of threads
- RuntimePermission("exitVM"): Could stop the whole system
- RuntimePermission("readFileDescriptor"): Read-access to files through a filedescriptor
- RuntimePermission("writeFileDescriptor"): Write-access to files through a filedescriptor
- NetPermission("setDefaultAuthenticator"): Could monitor the authentication to websites
- NetPermission("requestPasswordAuthentication"): Request the password used for authentication
- Version:
- 1.0, 1.7.2000
- Author:
- Michael Sonntag
Method Summary |
protected boolean |
checkCA(Certificate[] cert)
Check a chain of certificates for validity and if the last one is a trusted certificate.
|
boolean |
checkCertificate(Certificate cert)
Checks whether a certificate is valid and trusted. |
int |
getCodeGroup(AgentData data)
Returns the group for the code of the agent:
0: Unsigned or challange of private key failed
1: Code certificates present
2: Code certificates present and signed by know CA
3: No certificates but local code |
int |
getGroup(AgentData data)
Returns the group an agent is in. |
int |
getOwnerGroup(AgentData data)
Returns the group for the owner of the agent:
0: No owner certificate
1: Owner certificate present and valid
2: Owner certificate present and signed by known CA
3: Owner certificate is the system certificate |
double |
getPriceScale()
Returns the global price scale. |
void |
refresh()
Refreshes/reloads the policy configuration. |
Methods inherited from class java.lang.Object |
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AgentPolicy
public AgentPolicy(AgentSystem agentSystem,
Certificate systemOwner,
double priceScale)
- Creates a new policy.
- Parameters:
agentSystem
- the agentsystemsystemOwner
- certificate of the owner of the system (might be nullpriceScale
- scale for the price must be larger than 0.0
AgentPolicy
public AgentPolicy(AgentSystem agentSystem,
Certificate systemOwner)
- Creates a new policy.
- Parameters:
agentSystem
- the agentsystemsystemOwner
- certificate of the owner of the system (might be null
getPriceScale
public double getPriceScale()
- Returns the global price scale.
- Returns:
- the scale for all prices
checkCertificate
public boolean checkCertificate(Certificate cert)
- Checks whether a certificate is valid and trusted.
- Parameters:
cert
- the certificate to check- Returns:
- true if the certificate is valid and trusted
getCodeGroup
public int getCodeGroup(AgentData data)
- Returns the group for the code of the agent:
0: Unsigned or challange of private key failed
1: Code certificates present
2: Code certificates present and signed by know CA
3: No certificates but local code
- Parameters:
data
- the information on this agent- Returns:
- the group according to the code
getOwnerGroup
public int getOwnerGroup(AgentData data)
- Returns the group for the owner of the agent:
0: No owner certificate
1: Owner certificate present and valid
2: Owner certificate present and signed by known CA
3: Owner certificate is the system certificate
- Parameters:
data
- the information on this agent- Returns:
- the group according to the owner
getGroup
public int getGroup(AgentData data)
- Returns the group an agent is in.
- Overrides:
getGroup
in class PolicyByValue
- Parameters:
data
- the information on this agent- Returns:
- the number of the security group the agent is in
refresh
public void refresh()
- Refreshes/reloads the policy configuration.
- Overrides:
refresh
in class Policy
- Throws:
SecurityException
- if the current thread does not have permission to refresh this Policy object.
checkCA
protected boolean checkCA(Certificate[] cert)
- Check a chain of certificates for validity and if the last one is a trusted certificate.
Verifies that all certificates are in their valid timespan, each is signed by one other
or by a trusted one. Currently ALL certificates must be of class
X509Certificate
.
- Parameters:
cert
- list of certficates. Must be ordered in the correct chain (each is signed by
the public key of certificate with the next higher index)- Returns:
true
if the verification succeeded- See Also:
X509Certificate
Submit a bug
Copyright 2001,2002 Michael Sonntag & Institute for Information Processing and Microprocessor Technology (FIM), Johannes-Kepler-University Linz, Altenbergerstr. 69, A-4040 Linz, Austria.