| /* |
| * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package sun.rmi.server; |
| |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.io.ObjectInputStream; |
| import java.io.ObjectStreamClass; |
| import java.io.StreamCorruptedException; |
| import java.util.*; |
| import java.security.AccessControlException; |
| import java.security.Permission; |
| import java.rmi.server.RMIClassLoader; |
| import sun.misc.ObjectStreamClassValidator; |
| import sun.misc.SharedSecrets; |
| |
| /** |
| * MarshalInputStream is an extension of ObjectInputStream. When resolving |
| * a class, it reads an object from the stream written by a corresponding |
| * MarshalOutputStream. If the class to be resolved is not available |
| * locally, from the first class loader on the execution stack, or from the |
| * context class loader of the current thread, it will attempt to load the |
| * class from the location annotated by the sending MarshalOutputStream. |
| * This location object must be a string representing a path of URLs. |
| * |
| * A new MarshalInputStream should be created to deserialize remote objects or |
| * graphs containing remote objects. Objects are created from the stream |
| * using the ObjectInputStream.readObject method. |
| * |
| * @author Peter Jones |
| */ |
| public class MarshalInputStream extends ObjectInputStream { |
| interface StreamChecker extends ObjectStreamClassValidator { |
| void checkProxyInterfaceNames(String[] ifaces); |
| } |
| |
| private volatile StreamChecker streamChecker = null; |
| |
| /** |
| * Value of "java.rmi.server.useCodebaseOnly" property, |
| * as cached at class initialization time. |
| * |
| * The default value is true. That is, the value is true |
| * if the property is absent or is not equal to "false". |
| * The value is only false when the property is present |
| * and is equal to "false". |
| */ |
| private static final boolean useCodebaseOnlyProperty = |
| ! java.security.AccessController.doPrivileged( |
| new sun.security.action.GetPropertyAction( |
| "java.rmi.server.useCodebaseOnly", "true")) |
| .equalsIgnoreCase("false"); |
| |
| /** table to hold sun classes to which access is explicitly permitted */ |
| protected static Map<String, Class<?>> permittedSunClasses |
| = new HashMap<>(3); |
| |
| /** if true, don't try superclass first in resolveClass() */ |
| private boolean skipDefaultResolveClass = false; |
| |
| /** callbacks to make when done() called: maps Object to Runnable */ |
| private final Map<Object, Runnable> doneCallbacks |
| = new HashMap<>(3); |
| |
| /** |
| * if true, load classes (if not available locally) only from the |
| * URL specified by the "java.rmi.server.codebase" property. |
| */ |
| private boolean useCodebaseOnly = useCodebaseOnlyProperty; |
| |
| /* |
| * Fix for 4179055: The remote object services inside the |
| * activation daemon use stubs that are in the package |
| * sun.rmi.server. Classes for these stubs should be loaded from |
| * the classpath by RMI system code and not by the normal |
| * unmarshalling process as applications should not need to have |
| * permission to access the sun implementation classes. |
| * |
| * Note: this fix should be redone when API changes may be |
| * integrated |
| * |
| * During parameter unmarshalling RMI needs to explicitly permit |
| * access to three sun.* stub classes |
| */ |
| static { |
| try { |
| String system = |
| "sun.rmi.server.Activation$ActivationSystemImpl_Stub"; |
| String registry = "sun.rmi.registry.RegistryImpl_Stub"; |
| |
| permittedSunClasses.put(system, Class.forName(system)); |
| permittedSunClasses.put(registry, Class.forName(registry)); |
| |
| } catch (ClassNotFoundException e) { |
| throw new NoClassDefFoundError("Missing system class: " + |
| e.getMessage()); |
| } |
| } |
| |
| /** |
| * Create a new MarshalInputStream object. |
| */ |
| public MarshalInputStream(InputStream in) |
| throws IOException, StreamCorruptedException |
| { |
| super(in); |
| } |
| |
| /** |
| * Returns a callback previously registered via the setDoneCallback |
| * method with given key, or null if no callback has yet been registered |
| * with that key. |
| */ |
| public Runnable getDoneCallback(Object key) { |
| return doneCallbacks.get(key); // not thread-safe |
| } |
| |
| /** |
| * Registers a callback to make when this stream's done() method is |
| * invoked, along with a key for retrieving the same callback instance |
| * subsequently from the getDoneCallback method. |
| */ |
| public void setDoneCallback(Object key, Runnable callback) { |
| //assert(!doneCallbacks.contains(key)); |
| doneCallbacks.put(key, callback); // not thread-safe |
| } |
| |
| /** |
| * Indicates that the user of this MarshalInputStream is done reading |
| * objects from it, so all callbacks registered with the setDoneCallback |
| * method should now be (synchronously) executed. When this method |
| * returns, there are no more callbacks registered. |
| * |
| * This method is implicitly invoked by close() before it delegates to |
| * the superclass's close method. |
| */ |
| public void done() { |
| Iterator<Runnable> iter = doneCallbacks.values().iterator(); |
| while (iter.hasNext()) { // not thread-safe |
| Runnable callback = iter.next(); |
| callback.run(); |
| } |
| doneCallbacks.clear(); |
| } |
| |
| /** |
| * Closes this stream, implicitly invoking done() first. |
| */ |
| public void close() throws IOException { |
| done(); |
| super.close(); |
| } |
| |
| /** |
| * resolveClass is extended to acquire (if present) the location |
| * from which to load the specified class. |
| * It will find, load, and return the class. |
| */ |
| protected Class<?> resolveClass(ObjectStreamClass classDesc) |
| throws IOException, ClassNotFoundException |
| { |
| /* |
| * Always read annotation written by MarshalOutputStream |
| * describing where to load class from. |
| */ |
| Object annotation = readLocation(); |
| |
| String className = classDesc.getName(); |
| |
| /* |
| * Unless we were told to skip this consideration, choose the |
| * "default loader" to simulate the default ObjectInputStream |
| * resolveClass mechanism (that is, choose the first non-null |
| * loader on the execution stack) to maximize the likelihood of |
| * type compatibility with calling code. (This consideration |
| * is skipped during server parameter unmarshalling using the 1.2 |
| * stub protocol, because there would never be a non-null class |
| * loader on the stack in that situation anyway.) |
| */ |
| ClassLoader defaultLoader = |
| skipDefaultResolveClass ? null : latestUserDefinedLoader(); |
| |
| /* |
| * If the "java.rmi.server.useCodebaseOnly" property was true or |
| * useCodebaseOnly() was called or the annotation is not a String, |
| * load from the local loader using the "java.rmi.server.codebase" |
| * URL. Otherwise, load from a loader using the codebase URL in |
| * the annotation. |
| */ |
| String codebase = null; |
| if (!useCodebaseOnly && annotation instanceof String) { |
| codebase = (String) annotation; |
| } |
| |
| try { |
| return RMIClassLoader.loadClass(codebase, className, |
| defaultLoader); |
| } catch (AccessControlException e) { |
| return checkSunClass(className, e); |
| } catch (ClassNotFoundException e) { |
| /* |
| * Fix for 4442373: delegate to ObjectInputStream.resolveClass() |
| * to resolve primitive classes. |
| */ |
| try { |
| if (Character.isLowerCase(className.charAt(0)) && |
| className.indexOf('.') == -1) |
| { |
| return super.resolveClass(classDesc); |
| } |
| } catch (ClassNotFoundException e2) { |
| } |
| throw e; |
| } |
| } |
| |
| /** |
| * resolveProxyClass is extended to acquire (if present) the location |
| * to determine the class loader to define the proxy class in. |
| */ |
| protected Class<?> resolveProxyClass(String[] interfaces) |
| throws IOException, ClassNotFoundException |
| { |
| StreamChecker checker = streamChecker; |
| if (checker != null) { |
| checker.checkProxyInterfaceNames(interfaces); |
| } |
| |
| /* |
| * Always read annotation written by MarshalOutputStream. |
| */ |
| Object annotation = readLocation(); |
| |
| ClassLoader defaultLoader = |
| skipDefaultResolveClass ? null : latestUserDefinedLoader(); |
| |
| String codebase = null; |
| if (!useCodebaseOnly && annotation instanceof String) { |
| codebase = (String) annotation; |
| } |
| |
| return RMIClassLoader.loadProxyClass(codebase, interfaces, |
| defaultLoader); |
| } |
| |
| /* |
| * Returns first non-privileged class loader on the stack (excluding |
| * reflection generated frames) or the extension class loader if only |
| * class loaded by the boot class loader and extension class loader are |
| * found on the stack. |
| */ |
| private static ClassLoader latestUserDefinedLoader() { |
| return sun.misc.VM.latestUserDefinedLoader(); |
| } |
| |
| /** |
| * Fix for 4179055: Need to assist resolving sun stubs; resolve |
| * class locally if it is a "permitted" sun class |
| */ |
| private Class<?> checkSunClass(String className, AccessControlException e) |
| throws AccessControlException |
| { |
| // ensure that we are giving out a stub for the correct reason |
| Permission perm = e.getPermission(); |
| String name = null; |
| if (perm != null) { |
| name = perm.getName(); |
| } |
| |
| Class<?> resolvedClass = permittedSunClasses.get(className); |
| |
| // if class not permitted, throw the SecurityException |
| if ((name == null) || |
| (resolvedClass == null) || |
| ((!name.equals("accessClassInPackage.sun.rmi.server")) && |
| (!name.equals("accessClassInPackage.sun.rmi.registry")))) |
| { |
| throw e; |
| } |
| |
| return resolvedClass; |
| } |
| |
| /** |
| * Return the location for the class in the stream. This method can |
| * be overridden by subclasses that store this annotation somewhere |
| * else than as the next object in the stream, as is done by this class. |
| */ |
| protected Object readLocation() |
| throws IOException, ClassNotFoundException |
| { |
| return readObject(); |
| } |
| |
| /** |
| * Set a flag to indicate that the superclass's default resolveClass() |
| * implementation should not be invoked by our resolveClass(). |
| */ |
| void skipDefaultResolveClass() { |
| skipDefaultResolveClass = true; |
| } |
| |
| /** |
| * Disable code downloading except from the URL specified by the |
| * "java.rmi.server.codebase" property. |
| */ |
| void useCodebaseOnly() { |
| useCodebaseOnly = true; |
| } |
| |
| synchronized void setStreamChecker(StreamChecker checker) { |
| streamChecker = checker; |
| SharedSecrets.getJavaObjectInputStreamAccess().setValidator(this, checker); |
| } |
| @Override |
| protected ObjectStreamClass readClassDescriptor() throws IOException, |
| ClassNotFoundException { |
| ObjectStreamClass descriptor = super.readClassDescriptor(); |
| |
| validateDesc(descriptor); |
| |
| return descriptor; |
| } |
| |
| private void validateDesc(ObjectStreamClass descriptor) { |
| StreamChecker checker; |
| synchronized (this) { |
| checker = streamChecker; |
| } |
| if (checker != null) { |
| checker.validateDescriptor(descriptor); |
| } |
| } |
| } |
