SecureNodeStoreAccess.java
4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
/*
* Decompiled with CFR 0_118.
*
* Could not load the following classes:
* com.google.common.collect.ImmutableSet
* javax.annotation.Nonnull
* org.apache.felix.scr.annotations.Activate
* org.apache.felix.scr.annotations.Component
* org.apache.felix.scr.annotations.Service
* org.apache.jackrabbit.oak.spi.state.NodeStore
* org.osgi.framework.Bundle
* org.osgi.framework.BundleContext
* org.osgi.framework.ServiceEvent
* org.osgi.framework.ServiceReference
* org.osgi.framework.hooks.service.EventListenerHook
* org.osgi.framework.hooks.service.FindHook
* org.slf4j.Logger
* org.slf4j.LoggerFactory
*/
package com.day.crx.sling.server.impl.jmx;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceEvent;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.hooks.service.EventListenerHook;
import org.osgi.framework.hooks.service.FindHook;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Component(immediate=1)
@Service(value={FindHook.class})
public class SecureNodeStoreAccess
implements FindHook,
EventListenerHook {
private static final Logger log = LoggerFactory.getLogger(SecureNodeStoreAccess.class);
private static final Set<String> CLASS_NAMES = ImmutableSet.of((Object)NodeStore.class.getName());
private Set<String> allowed = new HashSet<String>();
@Activate
public void activate(BundleContext bundleContext) {
this.allowed.add(bundleContext.getBundle().getSymbolicName());
this.allowed.add("org.apache.felix.webconsole");
this.allowed.add("org.apache.jackrabbit.oak-core");
this.allowed.add("org.apache.jackrabbit.oak-segment");
this.allowed.add("org.apache.jackrabbit.oak-tarmk-failover");
this.allowed.add("org.apache.aries.jmx.core");
this.allowed.add("com.adobe.granite.license");
}
public void find(BundleContext bundleContext, String name, String filter, boolean allServices, Collection references) {
String symName = bundleContext.getBundle().getSymbolicName();
String msg = "Reference to NodeStore Service(s) from bundle '{}' is not allowed.";
if (!this.allowed.contains(symName)) {
if (name != null) {
if (CLASS_NAMES.contains(name)) {
log.warn(msg, (Object)symName);
references.clear();
}
} else {
Iterator iterator = references.iterator();
while (iterator.hasNext()) {
ServiceReference sr = (ServiceReference)iterator.next();
if (!SecureNodeStoreAccess.isStoreReference(sr)) continue;
log.warn(msg, (Object)symName);
iterator.remove();
}
}
}
}
public void event(ServiceEvent serviceEvent, Map bundleContextCollectionMap) {
if (SecureNodeStoreAccess.isStoreReference(serviceEvent.getServiceReference())) {
Iterator it = bundleContextCollectionMap.entrySet().iterator();
while (it.hasNext()) {
BundleContext ctx = (BundleContext)it.next().getKey();
if (this.allowed.contains(ctx.getBundle().getSymbolicName())) continue;
it.remove();
}
}
}
private static boolean isStoreReference(@Nonnull ServiceReference serviceReference) {
Object objectClass = serviceReference.getProperty("objectClass");
for (Object o : (Object[])objectClass) {
if (!CLASS_NAMES.contains(o.toString())) continue;
return true;
}
return false;
}
}