com.sun.jini.tool.envcheck.plugins
Class CheckJsseProps

java.lang.Object
  extended by com.sun.jini.tool.envcheck.AbstractPlugin
      extended by com.sun.jini.tool.envcheck.plugins.CheckJsseProps
All Implemented Interfaces:
Plugin

public class CheckJsseProps
extends AbstractPlugin

Checks whether various security oriented configuration files exist and are accessible. content verification is done only for the login configuration, and is limited to verifying that javax.security.auth.login.Configuration.getConfiguration() can be called successfully. The -security must be included on the command line for these checks to be done. The checks performed include:

These checks are performed for the command line being analyzed and for the activation group if one exists.


Nested Class Summary
static class CheckJsseProps.CheckLoginConfigInit
          Checks the existence and accessibility of the login configuration.
static class CheckJsseProps.CheckProviderTask
          Checks the policy provider of the group.
static class CheckJsseProps.GetGroupLoginConfigs
          Gets login configuration urls of the group.
 
Field Summary
private static boolean doChecks
          flag indicating whether to run this plugin
(package private)  EnvCheck envCheck
          reference to the plugin container
(package private)  String fileAccessTask
           
 
Constructor Summary
CheckJsseProps()
           
 
Method Summary
private  String[] args(String s1, String s2)
          Return a string array representing the given arguments.
private  void checkDiscoveryStore(SharedActivationGroupDescriptor gd)
          Check the validity of the discovery trust store definition for the command line or group.
private  boolean checkExistance(SharedActivationGroupDescriptor gd, String propName, String desc, String source)
          Check the existence of a property definition in the group or command line.
private  void checkKeyStore(SharedActivationGroupDescriptor gd)
          Check the validity of the key store definition for the command line or group.
private  void checkLoginConfigs(SharedActivationGroupDescriptor gd)
          Check the validity of the login configuration for the command line or group.
private  void checkProvider(SharedActivationGroupDescriptor gd)
          Check that the security provider is an instance of DynamicPolicyProvider.
private  void checkTrustStore(SharedActivationGroupDescriptor gd)
          Check the validity of the trust store definition for the command line or group.
private static ArrayList getLoginConfigs()
          Get the names of the login configuration files which will be accessed when the login configuration is constructed.
private  String getSource(SharedActivationGroupDescriptor gd)
          Get the source string identifying the activation group (if gd is not null) or the command line (if gd is null).
 boolean isPluginOption(String opt)
          Determine whether arg is a plugin-specific command-line option for this plugin and save any necessary state.
 void run(EnvCheck envCheck)
          Check the security files for the current VM and for the group VM if there is a SharedActivationGroupDescriptor.
 
Methods inherited from class com.sun.jini.tool.envcheck.AbstractPlugin
getBundle, getString, getString, getString, getString, handleUnexpectedSubtaskReturn, taskName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

envCheck

EnvCheck envCheck
reference to the plugin container


doChecks

private static boolean doChecks
flag indicating whether to run this plugin


fileAccessTask

String fileAccessTask
Constructor Detail

CheckJsseProps

public CheckJsseProps()
Method Detail

isPluginOption

public boolean isPluginOption(String opt)
Description copied from interface: Plugin
Determine whether arg is a plugin-specific command-line option for this plugin and save any necessary state. State should be saved in static fields since plugin instances may not be cached.

Specified by:
isPluginOption in interface Plugin
Overrides:
isPluginOption in class AbstractPlugin
Parameters:
opt - the command-line option to examine
Returns:
true if the plugin supports this option

run

public void run(EnvCheck envCheck)
Check the security files for the current VM and for the group VM if there is a SharedActivationGroupDescriptor.

Parameters:
envCheck - a reference to the plugin container

getSource

private String getSource(SharedActivationGroupDescriptor gd)
Get the source string identifying the activation group (if gd is not null) or the command line (if gd is null).

Parameters:
gd - the group descriptor
Returns:
the source text

args

private String[] args(String s1,
                      String s2)
Return a string array representing the given arguments.

Parameters:
s1 - first array object
s2 - second array object
Returns:
the array

checkTrustStore

private void checkTrustStore(SharedActivationGroupDescriptor gd)
Check the validity of the trust store definition for the command line or group.

Parameters:
gd - the group descriptor, or null to test the command line

checkDiscoveryStore

private void checkDiscoveryStore(SharedActivationGroupDescriptor gd)
Check the validity of the discovery trust store definition for the command line or group.

Parameters:
gd - the group descriptor, or null to test the command line

checkKeyStore

private void checkKeyStore(SharedActivationGroupDescriptor gd)
Check the validity of the key store definition for the command line or group.

Parameters:
gd - the group descriptor, or null to test the command line

checkLoginConfigs

private void checkLoginConfigs(SharedActivationGroupDescriptor gd)
Check the validity of the login configuration for the command line or group.

Parameters:
gd - the group descriptor, or null to test the command line

getLoginConfigs

private static ArrayList getLoginConfigs()
Get the names of the login configuration files which will be accessed when the login configuration is constructed. If java.security.auth.login.config is defined with a '==', then it's value is the sole configuration file. Otherwise, search the security properties for property names of the form login.config.url.[n], starting with n of one until there is a break in the sequence. Merge the resulting list with the value of java.security.auth.login.config if it was defined (with a single '='). If the resulting list is not empty, return it; otherwise, check for the existence of a file named .java.login.config in the users home directory. If found, place this value in the list.

Returns:
the list of login configuration files which will apply to the calling VM, or an empty list if there are not such files.

checkExistance

private boolean checkExistance(SharedActivationGroupDescriptor gd,
                               String propName,
                               String desc,
                               String source)
Check the existence of a property definition in the group or command line.

Parameters:
gd - the group descriptor, or null to check the command line
propName - the property name to check for
desc - phrase describing the property
source - the source descriptive text
Returns:
true if the property is defined

checkProvider

private void checkProvider(SharedActivationGroupDescriptor gd)
Check that the security provider is an instance of DynamicPolicyProvider. Done for the tool VM and for the group VM if a SharedActivationGroupDescriptor exists.



Copyright 2007-2010, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.