package org.intellimate.izou.security;
import org.intellimate.izou.addon.AddOnModel;
import org.intellimate.izou.main.Main;
import org.intellimate.izou.security.exceptions.IzouPermissionException;
import org.intellimate.izou.security.exceptions.IzouSocketPermissionException;
import ro.fortsoft.pf4j.PluginDescriptor;
import java.net.SocketPermission;
import java.security.Permission;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Function;
/**
* The SocketPermissionModule stores addOns that registered themselves to use socket connections.
*/
public final class SocketPermissionModule extends PermissionModule {
private final List<String> allowedSocketConnections;
/**
* Creates a new PermissionModule
*
* @param main the instance of main
*/
SocketPermissionModule(Main main, SecurityManager securityManager) {
super(main, securityManager);
allowedSocketConnections = new ArrayList<>();
//TODO: why????? I don't think this is save
allowedSocketConnections.add(System.getProperty("host.name"));
allowedSocketConnections.add("local");
allowedSocketConnections.add("smtp");
}
/**
* returns true if able to check permissions
*
* @param permission the permission to check
* @return true if able to, false if not
*/
@Override
public boolean canCheckPermission(Permission permission) {
return permission instanceof SocketPermission;
}
/**
* Checks if the given addOn is allowed to access the requested service and registers them if not yet registered.
*
* @param permission the Permission to check
* @param addon the identifiable to check
* @throws IzouPermissionException thrown if the addOn is not allowed to access its requested service
*/
@Override
public void checkPermission(Permission permission, AddOnModel addon) throws IzouPermissionException {
for (String socket : allowedSocketConnections) {
if (permission.getName().contains(socket)) {
return;
}
}
if (isRegistered(addon))
return;
Function<PluginDescriptor, Boolean> checkPermission = descriptor -> {
if (descriptor.getAddOnProperties() == null)
throw new IzouPermissionException("addon_config.properties not found for addon:" + addon);
try {
return descriptor.getAddOnProperties().getProperty("socket_connection") != null
&& descriptor.getAddOnProperties().getProperty("socket_connection").trim().equals("true")
&& descriptor.getAddOnProperties().getProperty("socket_usage_descripton") != null
&& !descriptor.getAddOnProperties().getProperty("socket_usage_descripton").trim().equals("null")
&& !descriptor.getAddOnProperties().getProperty("socket_usage_descripton").trim().isEmpty();
} catch (NullPointerException e) {
return false;
}
};
String exceptionMessage = "Socket Permission Denied: " + addon + "is not registered to "
+ "use socket connections, please add the required information to the addon_config.properties "
+ "file of your addOn.";
registerOrThrow(addon, () -> new IzouSocketPermissionException(exceptionMessage), checkPermission);
}
}