package uk.ac.cam.em487.fjava.tick2star;
import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.net.SocketPermission;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.security.SecureClassLoader;
import java.util.PropertyPermission;
public class SafeObjectInputStream extends ObjectInputStream {
private static ClassLoader current = ClassLoader.getSystemClassLoader();
private static Permissions permissions = new Permissions();
private static ProtectionDomain domain;
public SafeObjectInputStream(InputStream in) throws IOException {
super(in);
permissions = new Permissions();
permissions.add(new PropertyPermission("user.home", "read"));
permissions.add(new FilePermission(System.getProperty("user.home"),
"read"));
permissions.add(new SocketPermission("www.cam.ac.uk:80", "connect"));
domain = new ProtectionDomain(null, permissions);
}
@Override
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException,
ClassNotFoundException {
try {
return current.loadClass(desc.getName());
}
catch (ClassNotFoundException e) {
return super.resolveClass(desc);
}
}
public void addClass(final String name, final byte[] defn) {
current = new SecureClassLoader(current) {
@Override
protected Class<?> findClass(String className)
throws ClassNotFoundException {
if (className.equals(name)) {
Class<?> result = defineClass(name, defn, 0, defn.length,
domain);
return result;
}
else {
throw new ClassNotFoundException();
}
}
};
}
}