/*
 *
 * Copyright (c) 1998 Scott Oaks. All Rights Reserved.
 *
 * Permission to use, copy, modify, and distribute this software
 * and its documentation for NON-COMMERCIAL purposes and
 * without fee is hereby granted.
 *
 * This sample source code is provided for example only,
 * on an unsupported, as-is basis. 
 *
 * AUTHOR MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF
 * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
 * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
 * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. AUTHOR SHALL NOT BE LIABLE FOR
 * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
 * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.
 *
 * THIS SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE OR RESALE AS ON-LINE
 * CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE
 * PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT
 * NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE
 * SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE
 * SOFTWARE COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE
 * PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES").  AUTHOR
 * SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR
 * HIGH RISK ACTIVITIES.
 */


import java.security.*;
import java.io.*;
import java.awt.AWTPermission;
import java.net.*;
import java.lang.reflect.*;
import java.util.*;

public class JavaRunnerManager extends SecurityManager {
	private ClassLoader getNonSystemClassLoader() {
		Class c[] = getClassContext();
		ClassLoader sys = ClassLoader.getSystemClassLoader();
		for (int i = 1; i < c.length; i++) {
			ClassLoader cl = c[i].getClassLoader();
			if (cl != null && !cl.equals(sys))
				return cl;
		}
		return null;
	}

	public void checkConnect(String host, int port) {
		try {
			super.checkConnect(host, port);
			return;
		} catch (AccessControlException ace) {
			// continue
		}

		// Starting in 1.2 beta 4, we can't depend upon the currentClassLoader
		// method anymore.  In fact, this code is better taken care of in
		// the class loader itself, using the getPermissions() method that
		// was introduced in 1.2 beta 4
		ClassLoader loader = getNonSystemClassLoader();
		String remoteHost;

		if (loader == null)
			return;
		if (!(loader instanceof JavaRunnerLoader)) {
			System.err.println("Class loader out of sync");
			return;
		}

		JavaRunnerLoader cl = (JavaRunnerLoader) loader;
		remoteHost = cl.getHost();

		if (host.equals(remoteHost))
			return;

		// Note that this entire block has been re-written for 1.2 beta 4
		// to use the new doPrivileged interface
		try {
			class testHost implements PrivilegedExceptionAction {
				String local, remote;
				testHost(String local, String remote) {
					this.local = local;
					this.remote = remote;
				}
				public Object run() throws UnknownHostException {
					InetAddress hostAddr = InetAddress.getByName(local);
					InetAddress remoteAddr = InetAddress.getByName(remote);
					if (hostAddr.equals(remoteAddr))
						return new Boolean("true");
					return new Boolean("false");
				}
			}
			testHost th = new testHost(host, remoteHost);
			Boolean b = (Boolean) AccessController.doPrivileged(th);
			if (b.booleanValue())
				return;
		} catch (PrivilegedActionException pae) {
			// Must be an UnknownHostException; continue and throw exception
		}

		throw new SecurityException(
					"Can't connect from " + remoteHost + " to " + host);
	}

	public void checkPackageAccess(String pkg) {
	}

	public void checkPackageDefinition(String pkg) {
		if (!pkg.startsWith("java."))
			return;
		try {
			super.checkPackageDefinition(pkg);
			return;
		} catch (AccessControlException ace) {
			// continue
		}
		if (inClassLoader())
			throw new SecurityException("Can't define sun/java classes");
	}

	public void checkExit(int status) {
	}

	public void checkAccess(Thread t) {
		ThreadGroup current = Thread.currentThread().getThreadGroup();
		if (!current.parentOf(t.getThreadGroup()))
			super.checkAccess(t);
	}

	public void checkAccess(ThreadGroup tg) {
		ThreadGroup current = Thread.currentThread().getThreadGroup();
		if (!current.parentOf(tg))
			super.checkAccess(tg);
	}
}