Example #1
0
 /**
  * Create a policy from a file
  *
  * @see     http://java.sun.com/j2se/1.4.1/docs/guide/security/PolicyFiles.html
  * @param   io.Stream stream
  * @return  security.Policy policy
  */
 public static function fromFile($stream)
 {
     static $errors = [PF_ST_EPARSE => 'Parse error', PF_ST_EGRANT => 'Grant syntax error', PF_ST_EPERM => 'Permission syntax error', PF_ST_ESTATE => 'State error', PF_ST_EREFLECT => 'Reflection error'];
     $policy = new self();
     $stream->open(File::READ);
     $state = PF_ST_INITIAL;
     $num = 0;
     do {
         while (!$stream->eof() && false !== ($line = $stream->readLine())) {
             $num++;
             // Ignore empty lines
             if (empty($line)) {
                 continue;
             }
             switch ($state) {
                 case PF_ST_INITIAL:
                     switch ($line[0]) {
                         case '/':
                             if ('/' != $line[1]) {
                                 $state = PF_ST_EPARSE;
                                 $message = 'expecting "/", have "' . $line[1] . '"';
                                 break 4;
                             }
                             $line = substr($line, 1);
                             // break missing intentionally
                         // break missing intentionally
                         case '#':
                         case ';':
                             // TBD: Put comments somewhere?
                             break;
                         case 'g':
                             // grant {
                             // grant signedBy "Duke" {
                             // grant signedBy "sysadmin", codeBase "file:/home/sysadmin/" {
                             if ('rant' == substr($line, 1, 4)) {
                                 $state = PF_ST_GRANT;
                                 $end = false;
                                 $t = strtok(substr($line, 5), " \t,");
                                 do {
                                     switch ($t) {
                                         case 'signedBy':
                                             $signer = strtok('"');
                                             break;
                                         case 'codeBase':
                                             $codebase = strtok('"');
                                             break;
                                         case '{':
                                             // End
                                             $end = true;
                                             break 2;
                                         default:
                                             $state = PF_ST_EGRANT;
                                             $message = 'unknown grant token "' . $t . '"';
                                             break 6;
                                     }
                                 } while ($t = strtok(" \t,"));
                                 // OK
                                 if ($end) {
                                     break;
                                 }
                                 $state = PF_ST_EGRANT;
                                 $message = 'expecting {';
                             }
                             break 4;
                         default:
                             $state = PF_ST_EPARSE;
                             $message = 'unexpected input "' . $line . '"';
                             break 4;
                     }
                     break;
                 case PF_ST_GRANT:
                     if (';' != $line[strlen($line) - 1]) {
                         $state = PF_ST_EPARSE;
                         $message = 'permission line not terminated by ";"';
                         break 3;
                     }
                     if ('}' == $line[0]) {
                         $state = PF_ST_INITIAL;
                         break;
                     }
                     // permission java.util.PropertyPermission "java.vendor", "read";
                     // permission java.security.SecurityPermission "Security.insertProvider.*";
                     if (false === ($p = strpos($line, 'permission'))) {
                         $state = PF_ST_EPARSE;
                         $message = 'expecting permission';
                         break 3;
                     }
                     if (false === ($class = strtok(substr($line, $p + 10), " \t;")) || false === ($name = strtok('"'))) {
                         $state = PF_ST_EPERM;
                         $message = 'class and name required but not found';
                         break 3;
                     }
                     try {
                         $permission = \lang\XPClass::forName($class);
                     } catch (\lang\ClassNotFoundException $e) {
                         $state = PF_ST_EREFLECT;
                         $message = $e->message;
                         break 3;
                     }
                     // Parse actions
                     $actions = [];
                     while ($t = strtok(', ";')) {
                         $actions[] = $t;
                     }
                     // Add permission
                     $policy->addPermission($permission->newInstance($name, $actions));
                     break;
             }
         }
         if (PF_ST_INITIAL != $state) {
             $state = PF_ST_ESTATE;
             $message = 'unterminated section';
         } else {
             $state = PF_ST_DONE;
         }
     } while (PF_ST_BREAK > $state);
     // Close stream
     $stream->close();
     if (PF_ST_DONE == $state) {
         return $policy;
     }
     // Errors
     throw new PolicyException(sprintf("%s in %s on line %d: %s", $errors[$state], $stream->uri, $num, $message));
 }
Example #2
0
 /**
  * Generate a new Permission instance to be saved to the data store.
  *
  * @param string $name Unique name of the role
  * @param string $description Optional description of this role
  * @param Permission[] $permissions Array of initial permissions to add to the role
  * @return Role
  */
 public static function create($name, $description = "", $permissions = [])
 {
     $role = new self();
     $role->name = $name;
     $role->description = $description;
     foreach ($permissions as $permission) {
         $role->addPermission($permission);
     }
     return $role;
 }