mono/mcs/class/System/System.Security.Permissions/ResourcePermissionBase.cs

//
// System.Security.Permissions.ResourcePermissionBase.cs
//
// Authors:
//	Jonathan Pryor ([email protected])
//	Sebastien Pouliot  <[email protected]>
//
// (C) 2002
// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
// 
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//

using System.Collections;
using System.Globalization;

namespace System.Security.Permissions {

	[Serializable]
	public abstract class ResourcePermissionBase : CodeAccessPermission, IUnrestrictedPermission {

		private const int version = 1;

		private ArrayList _list;
		private bool _unrestricted;
		private Type _type;
		private string[] _tags;

		protected ResourcePermissionBase ()
		{
			_list = new ArrayList ();
		}

		protected ResourcePermissionBase (PermissionState state) : this ()
		{
#if NET_2_0
			PermissionHelper.CheckPermissionState (state, true);
#else
			// there are no validation of the permission state
			// but any invalid value results in a restricted set
#endif
			_unrestricted = (state == PermissionState.Unrestricted);
		}

		public const string Any = "*";
		public const string Local = ".";

		protected Type PermissionAccessType {
			get { return _type; }
			set {
				if (value == null)
					throw new ArgumentNullException ("PermissionAccessType");
				if (!value.IsEnum)
					throw new ArgumentException ("!Enum", "PermissionAccessType");
				_type = value;
			}
		}

		protected string[] TagNames {
			get { return _tags; }
			set {
				if (value == null)
					throw new ArgumentNullException ("TagNames");
				if (value.Length == 0)
					throw new ArgumentException ("Length==0", "TagNames");
				_tags = value;
			}
		}

		protected void AddPermissionAccess (ResourcePermissionBaseEntry entry)
		{
			CheckEntry (entry);
			if (Exists (entry)) {
				string msg = Locale.GetText ("Entry already exists.");
				throw new InvalidOperationException (msg);
			}

			_list.Add (entry);
		}

		protected void Clear ()
		{
			_list.Clear ();
		}

		public override IPermission Copy ()
		{
			ResourcePermissionBase copy = CreateFromType (this.GetType (), _unrestricted);
			if (_tags != null)
				copy._tags = (string[]) _tags.Clone ();
			copy._type = _type;
			// FIXME: shallow or deep copy ?
			copy._list.AddRange (_list);
			return copy;
		}

		[MonoTODO ("incomplete - need more test")]
		public override void FromXml (SecurityElement securityElement)
		{
#if NET_2_0
			if (securityElement == null)
				throw new ArgumentNullException ("securityElement");
#else
			if (securityElement == null)
				throw new NullReferenceException ("securityElement");
#endif
			CheckSecurityElement (securityElement, "securityElement", version, version);
			// Note: we do not (yet) care about the return value 
			// as we only accept version 1 (min/max values)

			_list.Clear ();
			_unrestricted = PermissionHelper.IsUnrestricted (securityElement);
			if ((securityElement.Children == null) || (securityElement.Children.Count < 1))
				return;

			string[] names = new string [1];
			foreach (SecurityElement child in securityElement.Children) {
				// TODO: handle multiple names
				names [0] = child.Attribute ("name");
				int access = (int) Enum.Parse (PermissionAccessType, child.Attribute ("access"));
				ResourcePermissionBaseEntry entry = new ResourcePermissionBaseEntry (access, names);
				AddPermissionAccess (entry);
			}
		}

		protected ResourcePermissionBaseEntry[] GetPermissionEntries ()
		{
			ResourcePermissionBaseEntry[] entries = new ResourcePermissionBaseEntry [_list.Count];
			_list.CopyTo (entries, 0);
			return entries;
		}

		public override IPermission Intersect (IPermission target)
		{
			ResourcePermissionBase rpb = Cast (target);
			if (rpb == null)
				return null;

			bool su = this.IsUnrestricted ();
			bool tu = rpb.IsUnrestricted ();

			// if one is empty we return null (unless the other one is unrestricted)
			if (IsEmpty () && !tu)
				return null;
			if (rpb.IsEmpty () && !su)
				return null;

			ResourcePermissionBase result = CreateFromType (this.GetType (), (su && tu));
			foreach (ResourcePermissionBaseEntry entry in _list) {
				if (tu || rpb.Exists (entry))
					result.AddPermissionAccess (entry);
			}
			foreach (ResourcePermissionBaseEntry entry in rpb._list) {
				// don't add twice
				if ((su || this.Exists (entry)) && !result.Exists (entry))
					result.AddPermissionAccess (entry);
			}
			return result;
		}

		public override bool IsSubsetOf (IPermission target)
		{
			if (target == null) {
#if NET_2_0
				// do not use Cast - different permissions (and earlier Fx) return false :-/
				return true;
#else
				return false;
#endif
			}

			ResourcePermissionBase rpb = (target as ResourcePermissionBase);
			if (rpb == null)
				return false;
			if (rpb.IsUnrestricted ())
				return true;
			if (IsUnrestricted ())
				return rpb.IsUnrestricted ();
			foreach (ResourcePermissionBaseEntry entry in _list) {
				if (!rpb.Exists (entry))
					return false;
			}
			return true;
		}

		public bool IsUnrestricted ()
		{
			return _unrestricted;
		}

		protected void RemovePermissionAccess (ResourcePermissionBaseEntry entry)
		{
			CheckEntry (entry);
			for (int i = 0; i < _list.Count; i++) {
				ResourcePermissionBaseEntry rpbe = (ResourcePermissionBaseEntry) _list [i];
				if (Equals (entry, rpbe)) {
					_list.RemoveAt (i);
					return;
				}
			}
			string msg = Locale.GetText ("Entry doesn't exists.");
			throw new InvalidOperationException (msg);
		}

		public override SecurityElement ToXml ()
		{
			SecurityElement se = PermissionHelper.Element (this.GetType (), version);
			if (IsUnrestricted ()) {
				se.AddAttribute ("Unrestricted", "true");
			}
			else {
				foreach (ResourcePermissionBaseEntry entry in _list) {
					SecurityElement container = se;
					string access = null;
					if (PermissionAccessType != null)
						access = Enum.Format (PermissionAccessType, entry.PermissionAccess, "g");

					for (int i=0; i < _tags.Length; i++) {
						SecurityElement child = new SecurityElement (_tags [i]);
						child.AddAttribute ("name", entry.PermissionAccessPath [i]);
						if (access != null)
							child.AddAttribute ("access", access);
						container.AddChild (child);
						child = container;
					}
				}
			}
			return se;
		}

		public override IPermission Union (IPermission target)
		{
			ResourcePermissionBase rpb = Cast (target);
			if (rpb == null)
				return Copy ();
			if (IsEmpty () && rpb.IsEmpty ())
				return null;
			if (rpb.IsEmpty ())
				return Copy ();
			if (IsEmpty ())
				return rpb.Copy ();

			bool unrestricted = (IsUnrestricted () || rpb.IsUnrestricted ());
			ResourcePermissionBase result = CreateFromType (this.GetType (), unrestricted);
			// strangely unrestricted union doesn't process the elements (while intersect does)
			if (!unrestricted) {
				foreach (ResourcePermissionBaseEntry entry in _list) {
					result.AddPermissionAccess (entry);
				}
				foreach (ResourcePermissionBaseEntry entry in rpb._list) {
					// don't add twice
					if (!result.Exists (entry))
						result.AddPermissionAccess (entry);
				}
			}
			return result;
		}

		// helpers

		private bool IsEmpty ()
		{
			return (!_unrestricted && (_list.Count == 0));
		}

		private ResourcePermissionBase Cast (IPermission target)
		{
			if (target == null)
				return null;

			ResourcePermissionBase rp = (target as ResourcePermissionBase);
			if (rp == null) {
				PermissionHelper.ThrowInvalidPermission (target, typeof (ResourcePermissionBase));
			}

			return rp;
		}

		internal void CheckEntry (ResourcePermissionBaseEntry entry)
		{
			if (entry == null)
				throw new ArgumentNullException ("entry");
			if ((entry.PermissionAccessPath == null) || (entry.PermissionAccessPath.Length != _tags.Length)) {
				string msg = Locale.GetText ("Entry doesn't match TagNames");
				throw new InvalidOperationException (msg);
			}
		}

		internal bool Equals (ResourcePermissionBaseEntry entry1, ResourcePermissionBaseEntry entry2)
		{
			if (entry1.PermissionAccess != entry2.PermissionAccess)
				return false;
			if (entry1.PermissionAccessPath.Length != entry2.PermissionAccessPath.Length)
				return false;
			for (int i=0; i < entry1.PermissionAccessPath.Length; i++) {
				if (entry1.PermissionAccessPath [i] != entry2.PermissionAccessPath [i])
					return false;
			}
			return true;
		}

		internal bool Exists (ResourcePermissionBaseEntry entry)
		{
			if (_list.Count == 0)
				return false;
			foreach (ResourcePermissionBaseEntry rpbe in _list) {
				if (Equals (rpbe, entry))
					return true;
			}
			return false;
		}

		// logic isn't identical to PermissionHelper.CheckSecurityElement
		// - no throw on version mismatch
		internal int CheckSecurityElement (SecurityElement se, string parameterName, int minimumVersion, int maximumVersion) 
		{
			if (se == null)
				throw new ArgumentNullException (parameterName);
#if NET_2_0
			// Tag is case-sensitive
			if (se.Tag != "IPermission") {
				string msg = String.Format (Locale.GetText ("Invalid tag {0}"), se.Tag);
				throw new ArgumentException (msg, parameterName);
			}
#endif
			// Note: we do not care about the class attribute at 
			// this stage (in fact we don't even if the class 
			// attribute is present or not). Anyway the object has
			// already be created, with success, if we're loading it

			// we assume minimum version if no version number is supplied
			int version = minimumVersion;
			string v = se.Attribute ("version");
			if (v != null) {
				try {
					version = Int32.Parse (v);
				}
				catch (Exception e) {
					string msg = Locale.GetText ("Couldn't parse version from '{0}'.");
					msg = String.Format (msg, v);
					throw new ArgumentException (msg, parameterName, e);
				}
			}
#if NET_2_0
			if ((version < minimumVersion) || (version > maximumVersion)) {
				string msg = Locale.GetText ("Unknown version '{0}', expected versions between ['{1}','{2}'].");
				msg = String.Format (msg, version, minimumVersion, maximumVersion);
				throw new ArgumentException (msg, parameterName);
			}
#endif
			return version;
		}

		// static helpers

		private static char[] invalidChars = new char[] { '\t', '\n', '\v', '\f', '\r', ' ', '\\', '\x160' };

		internal static void ValidateMachineName (string name)
		{
			// FIXME: maybe other checks are required (but not documented)
			if ((name == null) || (name.Length == 0) || (name.IndexOfAny (invalidChars) != -1)) {
				string msg = Locale.GetText ("Invalid machine name '{0}'.");
				if (name == null)
					name = "(null)";
				msg = String.Format (msg, name);
				throw new ArgumentException (msg, "MachineName");
			}
		}

		internal static ResourcePermissionBase CreateFromType (Type type, bool unrestricted)
		{
			object[] parameters = new object [1];
			parameters [0] = (object) ((unrestricted) ? PermissionState.Unrestricted : PermissionState.None);
			// we must return the derived type - this is why an empty constructor is required ;-)
			return (ResourcePermissionBase) Activator.CreateInstance (type, parameters);
		}
	}
}