| /******************************************************************************* |
| * Copyright (c) 2005, 2008 IBM Corporation and others. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * IBM Corporation - initial API and implementation |
| *******************************************************************************/ |
| package org.eclipse.osgi.internal.provisional.service.security; |
| |
| import org.eclipse.osgi.framework.eventmgr.*; |
| import org.eclipse.osgi.signedcontent.SignedContent; |
| import org.osgi.framework.BundleContext; |
| import org.osgi.util.tracker.ServiceTracker; |
| |
| /** |
| * An authorization engine is used to grant authorization to {@link SignedContent}. |
| * For example, an engine could determine if <code>SignedContent</code> is authorized |
| * to enable code from a signed bundle. |
| * @since 3.4 |
| */ |
| public abstract class AuthorizationEngine { |
| |
| private EventManager manager = new EventManager(); |
| private EventDispatcher dispatcher = new AuthEventDispatcher(); |
| private final ServiceTracker listenerTracker; |
| |
| public AuthorizationEngine(BundleContext context) { |
| listenerTracker = new ServiceTracker(context, AuthorizationListener.class.getName(), null); |
| listenerTracker.open(); |
| } |
| |
| /** |
| * Authorizes a <code>SignedContent</code> object. The engine determines if the |
| * signed content authorization should be granted. The context is the entity |
| * associated with the signed content. For example, signed content |
| * for a bundle will have a <code>Bundle</code> object as the context. |
| * @param content the signed content. The value may be <code>null</code>. |
| * @param context the context associated with the signed content. The value may be <code>null</code>. |
| */ |
| public final void authorize(SignedContent content, Object context) { |
| fireEvent(doAuthorize(content, context)); |
| } |
| |
| private void fireEvent(AuthorizationEvent event) { |
| if (event == null) |
| return; |
| Object[] services = listenerTracker.getServices(); |
| if (services == null) |
| return; |
| CopyOnWriteIdentityMap listeners = new CopyOnWriteIdentityMap(); |
| listeners.putAll(services); |
| ListenerQueue queue = new ListenerQueue(manager); |
| queue.queueListeners(listeners.entrySet(), dispatcher); |
| queue.dispatchEventSynchronous(0, event); |
| } |
| |
| /** |
| * Authorizes a <code>SignedContent</code> object. The engine determines if the |
| * signed content authorization should be granted. |
| * @param content |
| * @param context the context associated with the signed content |
| * @return an authorization event which will be fired. A value of <code>null</code> |
| * may be returned; in this case no authorization event will be fired. |
| */ |
| protected abstract AuthorizationEvent doAuthorize(SignedContent content, Object context); |
| |
| /** |
| * Return the current status of the Authorization system. |
| * |
| * @return A value of {@link AuthorizationStatus#OK} or {@link AuthorizationStatus#ERROR} |
| * @see AuthorizationStatus#OK |
| * @see AuthorizationStatus#ERROR |
| */ |
| abstract public int getStatus(); |
| |
| class AuthEventDispatcher implements EventDispatcher { |
| public void dispatchEvent(Object eventListener, Object listenerObject, int eventAction, Object eventObject) { |
| ((AuthorizationListener) eventListener).authorizationEvent((AuthorizationEvent) eventObject); |
| } |
| } |
| } |