PkgAgentSystem
Class AgentPolicy
java.lang.Object
|
+--java.security.Policy
|
+--PkgAgentSystem.PolicyByValue
|
+--PkgAgentSystem.AgentPolicy
- public class AgentPolicy
- extends PolicyByValue
The default policy for the agent system.
Agent may NEVER get the following permissions (or security may be forfeit!):
- AllPermission() -> Obviously!
- RuntimePermission("grantPermissions"): Can modify permissions
- RuntimePermission("revokePermissions"): Can modify permissions
- RuntimePermission("setClassification"): Can change the classification of certificates, etc.
- RuntimePermission("createClassLoader"): Even creating a classloader is dangerous
- RuntimePermission("getClassLoader"): If the agent gets the classloader, it might gain access to another classloader (e. g. through getSuperClass()->getSystemClassLoader())
- RuntimePermission("setContextClassLoader"): Could set ClassLoader for system threads, ...
- RuntimePermission("setSecurityManager"): Obviously not allowed!
- RuntimePermission("createSecurityManager"): Not even creation allowed; may get access to information on other classes
- RuntimePermission("setFactory"): Could set a new Handler for sockets; this can allow loading classcode from other sources than intended
- RuntimePermission("defineClassInPackage.PkgAgentSystem.*"): No subclassing of system classes by agents
- SecurityPermission(): All of them except most getProperty
- SerializablePermission("enableSubstitution"): Replace objects during serialization
- SerializablePermission("enableSubclassImplementation"): Replace objects during serialization
- ReflectPermission("suppressAccessChecks"): Allows acces to private methods and fields
- NetPermission("specifyStreamHandler"): Might load different class code if allowed to change streamhandler
- ReflectPermission("suppressAccessChecks"): The caller of an object could disable security and get access to protected and private fields and methods
Agent SHOULD not get access (to be on the safe side) for agent security reasons to the following permissions:
- RuntimePermission("getProtectionDomain"): Even access to the protection domain should not be possible
- RuntimePermission("loadLibrary.{library name}"): Loading of certain libraries can be dangerous (depends on the library)
- RuntimePermission("accessClassInPackage.{library name}"): See above.
- RuntimePermission("defineClassInPackage.{library name}"): See above.
- RuntimePermission("accessDeclaredMembers"): Allows acces to the names of all methods and fields and allows calling the non-public methods and access to non-public variables
- FilePermission(....,"execute"): Allows executing the file and starting a new process for this.
Agents SHOULD not get access for general security considerations to the following permissions:
- RuntimePermission("setIO"): Redirection of System.in, out and err
- RuntimePermission("modifyThread"): Start, suspend, resume any thread in the system
- RuntimePermission("stopThread"): Stop any thread in the system
- RuntimePermission("modifyThreadGroup"): Create and modify groups of threads
- RuntimePermission("exitVM"): Could stop the whole system
- RuntimePermission("readFileDescriptor"): Read-access to files through a filedescriptor
- RuntimePermission("writeFileDescriptor"): Write-access to files through a filedescriptor
- NetPermission("setDefaultAuthenticator"): Could monitor the authentication to websites
- NetPermission("requestPasswordAuthentication"): Request the password used for authentication
- Version:
- 1.0, 1.7.2000
- Author:
- Michael Sonntag
Method Summary |
protected boolean |
checkCA(Certificate[] cert)
Check a chain of certificates for validity and if the last one is a trusted certificate.
|
boolean |
checkCertificate(Certificate cert)
Checks whether a certificate is valid and trusted. |
int |
getGroup(AgentData data)
Returns the group an agent is in. |
double |
getPriceScale()
Returns the global price scale. |
void |
refresh()
Refreshes/reloads the policy configuration. |
Methods inherited from class java.lang.Object |
,
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
AgentPolicy
public AgentPolicy(String homedir,
Certificate systemOwner,
PersonalSecurityStore secStore,
double priceScale)
- Creates a new policy.
- Parameters:
homedir
- the home directory of the systemsystemOwner
- certificate of the owner of the system (might be nullsecStore
- security store where the trusted certificates are storedpriceScale
- scale for the price must be larger than 0.0
AgentPolicy
public AgentPolicy(String homedir,
Certificate systemOwner,
PersonalSecurityStore secStore)
- Creates a new policy.
- Parameters:
homedir
- the home directory of the systemsystemOwner
- certificate of the owner of the system (might be nullsecStore
- security store where the trusted certificates are stored
getPriceScale
public double getPriceScale()
- Returns the global price scale.
- Returns:
- the scale for all prices
checkCertificate
public boolean checkCertificate(Certificate cert)
- Checks whether a certificate is valid and trusted.
- Parameters:
cert
- the certificate to check- Returns:
- true if the certificate is valid and trusted
getGroup
public int getGroup(AgentData data)
- Returns the group an agent is in.
- Parameters:
data
- the information on this agent- Returns:
- the number of the security group the agent is in
- Overrides:
- getGroup in class PolicyByValue
refresh
public void refresh()
- Refreshes/reloads the policy configuration.
- Throws:
- SecurityException - if the current thread does not have permission to refresh this Policy object.
- Overrides:
- refresh in class Policy
checkCA
protected boolean checkCA(Certificate[] cert)
- Check a chain of certificates for validity and if the last one is a trusted certificate.
Verifies that all certificates are in their valid timespan, each is signed by one other
or by a trusted one. Currently ALL certificates must be of class
X509Certificate
.
- Parameters:
cert
- list of certficates. Must be ordered in the correct chain (each is signed by
the public key of certificate with the next higher index)- Returns:
true
if the verification succeeded- See Also:
X509Certificate
Submit a bug
Copyright 2000 Michael Sonntag & Institute for Information Processing and Microprocessor Technology (FIM), Johannes-Kepler-University Linz, Altenbergerstr. 69, A-4040 Linz, Austria.