RE: Request for 1.2 Feature

jgindin@walldata.com
Fri, 16 Jan 1998 10:01:24 -0800

From: jgindin@walldata.com
Message-Id: <199801161800.KAA20322@java1.javasoft.com>
To: David.Brownell@Eng, gong@games.eng.sun.com
Subject: RE: Request for 1.2 Feature
Date: Fri, 16 Jan 1998 10:01:24 -0800

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------ =_NextPart_000_01BD2265.EB513150
Content-Type: text/plain

See my responses below.

> -----Original Message-----
>
> > The problem, in a nutshell, is that I cannot trust the caller of a
> > method to honestly tell the called method who he is.
>
> Right ...
>
> > I'm particularly
> > interested in being able to determine if the caller implements a
> > particular interface, ISecureObject. If I (the called method) know
that
> > the caller implements that interface, then I can interrogate the
caller
> > for authentication information (i.e., calling a method like
> > ISecureObject.getCertificate()). At that point, I know that I'm
getting
> > the real information about the real caller.
>
> But do you really have reason to trust what the object chooses to
> tell you about itself?
>
> class EvilCaller ... implements ISecureObject {
> ...
> X509Certificate getCertificate () {
> return highlyTrustedCertificateOfSomeoneElse;
> }
> ...
> }
>

You're correct, except that (in this case) I happen to know that the
objects in this system extend a base class whose getCertificate
implementation is a final method, and the java.security.Certificate
member field is private to that base class. There is no
setCertificate() method so, in theory, there's no way for a derived
class to return back someone else's Certificate.

However, you bring up a flaw in my thinking--I've been too narrowly
focussed on the problem as it currently exists. I need to ensure that
down the road, it will be possible for classes to implement the
ISecureObject interface without deriving from a particular base class.
At that point, the scenario you present above becomes a very real
possibility...

> I can't speak for Li, but for me what'd be more useful is to hear from
> you about problem you're trying to solve, rather than the solution you
> would like to see (getting an ISecureObject). The JDK does record
data
> about who signed a class; is that what you want to use? What do you
want
> to do with the information you retrieve from ISecureObject ... can you
> use the JDK's policy support? Should it relate to the user who at
some
> level caused the call, rather than the software developer who coded
it?
>
> - Dave
>

The problem I'm trying to solve, as stated above, is runtime
authentication of the caller of any particular method. In addition,
there are multiple levels of authentication that I must have:
1. The certificate of the code signer. This information I
presume I could get from the JDK, though I'm not sure exactly how.
java.lang.Class.getSigners()? java.security.SignedObject?
java.security.CodeSource? Some other way?
2. The certificate being carried by the object. This
certificate is actually the certificate of the user (i.e., Jay Gindin's
certificate) who created the object. I believe that this is the same as
your question above about relating to the user who caused the call, as
opposed to the software developer. (It is important to note that method
calls will not all be directly attributable to a user's (immediate)
action. For example, an object may (based on runtime criteria,
including system properties, time of day, etc...) "decide" to perform
some action.)

As for being able to use the JDK's policy support, I could see the
method that needs to be protected creating a new Permission object, and
then invoking the AccessController.checkPermission method. However, I
still need to get the information listed above.

Please let me know if you need more clarification.

Jay Gindin

------ =_NextPart_000_01BD2265.EB513150
Content-Type: application/ms-tnef
Content-Transfer-Encoding: base64

eJ8+IjoSAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQSAAQAcAAAAUkU6IFJlcXVlc3QgZm9yIDEuMiBGZWF0dXJlAN4I
AQmAAQAhAAAAQTkzMkI4MUU3NDhDRDExMTgzNTYwMDYwQjBBMTJEQTAA8wYBIIADAA4AAADOBwEA
EAAKAAIANQAFACwBAQWAAwAOAAAAzgcBABAACgABABgABQAOAQENgAQAAgAAAAIAAgABA5AGAFgN
AAAvAAAACwACAAEAAAALACsAAAAAAAMALgAAAAAAQAA5AGCVCcKoIr0BHgBwAAEAAAAYAAAAUmVx
dWVzdCBmb3IgMS4yIEZlYXR1cmUAAgFxAAEAAAAbAAAAAb0ioUZlW3YkGY4AEdGwZgCgJIOL5QAA
VJlQAB4AQhABAAAAKgAAADwxOTk4MDExNjE2NDYuSUFBMTg0NzdAYXJnb24uZW5nLnN1bi5jb20+
AAAAAwDeP+QEAAADAAFuIAAAAAsADoALIAYAAAAAAMAAAAAAAABGAAAAAACIAAAAAAAACwAPgAsg
BgAAAAAAwAAAAAAAAEYAAAAABYgAAAAAAAADAAWACCAGAAAAAADAAAAAAAAARgAAAAABhQAAAAAA
AAsAAYAIIAYAAAAAAMAAAAAAAABGAAAAAAOFAAAAAAAACwAAgAggBgAAAAAAwAAAAAAAAEYAAAAA
DoUAAAAAAAADAAaACCAGAAAAAADAAAAAAAAARgAAAAARhQAAAAAAAAMAB4AIIAYAAAAAAMAAAAAA
AABGAAAAABiFAAAAAAAAAwACgAggBgAAAAAAwAAAAAAAAEYAAAAAEIUAAAAAAAADAAOACCAGAAAA
AADAAAAAAAAARgAAAABShQAAxxIAAB4ABIAIIAYAAAAAAMAAAAAAAABGAAAAAFSFAAABAAAABAAA
ADguNQAeAAiACCAGAAAAAADAAAAAAAAARgAAAAA2hQAAAQAAAAEAAAAAAAAAHgAJgAggBgAAAAAA
wAAAAAAAAEYAAAAAN4UAAAEAAAABAAAAAAAAAB4ACoAIIAYAAAAAAMAAAAAAAABGAAAAADiFAAAB
AAAAAQAAAAAAAAADACYAAAAAAAMANgAAAAAAHgAxQAEAAAAQAAAASkdJTkRJTjhDOUM3RUNDAAMA
GkAAAAAAHgAwQAEAAAAQAAAASkdJTkRJTjhDOUM3RUNDAAMAGUAAAAAAAgEJEAEAAAA5CAAANQgA
AK4PAABMWkZ1OCN6cYcACgENA0N0ZXh0Aff/AqQD5AXrAoMAUALzBrQCgyYyA8UCAGNoCsBzZdh0
MCAHEwKAfQqACM9/CdkCgAqECzcSwgHQBlFlkCBteSAVQHNwAiCTE6AEIGJlFNB3LgqjowqFCoA+
IC0aQk8FEB5nC4AHQAXQB5BzYWeeZRpDGbYZtxogVGgX8IZwA2ACYGVtLCALgIAgYSBudXRzHSBs
bGwdwQQgdBNwBUBJJCBjAHBubwVAdHJ8dXMfwR0hH3AekASQIPxvZh4AHGkHgB8ABHAe8JRvICIQ
bgeQdGwYIN8O8B6QIDgiMCHldyIQInCvF/AEABk2HFhSGrBoBUA+LiaQJS8cUAGRH0AnbUMdQArA
dGljdQtgcv8i4BxpC4AO8BhBDvAiMB3h+xjgC4BnHgAdgSJCAQAqAf5tC4Ak0SEAIEkHcAtQHaBf
CfAeUCEbKHgp1GYA0GUdHcBJBmAowBVAT2JqcQWQdC4gH0AhAB9QKPEjbykgax+gB+AfAhxp/yx/
LYMfAy9JIEEDoB9TKdT9A2BnHyArUSBXHGkCEAXA3mEeQDYxKKEfIGkCIB3RBzjhAMA5wyhpLmUu
nx3AIIIq4yHWO3BrZRxpsy/8G3B0QwSQKKBmOZLQZSgpKTDBQSAiHyH/GHAp4S/RMngoIz4hKKAq
8P8zHRVAGvE6GgGgCGAgJEKzUyCEJr8gQkPxZCJgea8IYEKjIuETcHZCk3M54f8iUR/kJIAfISBC
HXAwgh9g/SIQbxiiIlAZtyMTRqJDxGZpHlAY8GY/RS9NMmPTC2AEEUV2AxBDIJQmkf8tGi/7AzAA
ABnGJ+MmmVEE8Fg1MDk+WSfjPiwxMG8yYFBuTTIVQHQIcAOgaLsmQSLgVB/yCYA+WU8GoKUDcGUi
kUVsE6A7UIy8XH1Qj0y7WcgZTFkIYP4nFUAfYAWwFUAwoB3ADwD/L7AFMR8DOtBH8VaABCAfcM8T
oDJgH1ATcHBwNkEiUc9AeEj4BCBfFnN5KkEoUO8PAQnwIjAeEGJfoU11JIH/Y7FTvS0nObUtsTjQ
GtMh5C8dwABwIjEdIWpHYGEu5xOgMCFLwHkuU+oHgAbQvyDBPqAY8CpxBCAdUGloUP83YkghHxJj
mDDBHRFdgR7R/x+gYoA+PSHWR9AdwyBBBbCWeTYDFUAnbRN3YRgg/zjjK5Fq4SPhTYQiUVYVY5D8
Y2tu0VhDXjBYoXAhPlnVGT1IGRBlR3ByHcBGouZiBRAq8XVwZqILYAfg5x3hGBFfQW5rKuEaQCgw
v0dxGOBgUyJgGuA3EXci4f8CECjABBAj4UfiHSgeAGHx/0mBCHAVQAIwIuEPAAQAHlDfMMIeIAng
IjMJ8HMwMR707UZwd3pkA2BhZ4F7cQPw7yMxGOA/0QQQaSsyOOJNg/9J8y0YIDNPjC9Hf0EiAUZC
/3EyKuIDUh4BLplr2z9tIEL/BPAJ8ArAOdBGkx1QB5CBsv9DwXhzBaAHgh4QdcEYIhrxv3/UAxBo
0ianGU4fUycFQE8YYELActA44kxpHcBi70PxOOIHgEiTJyIwf6EEYP9dgSAAARAo0B7DJKIKwQNS
vxm3Syh6xkahXXIf4Hkq4tsiUUfQbEdwHcByHyBssX8e8npklEEeQDnSRqEZt3ffCGBqcTxSlAMX
4ShBVWehxy/sPyIdEkpES0ZhB5H3XeEFsCIwZB8gIShDxCSC3QCQZyKgY1JNgzsex0ijX0aicICB
wiJgkCE/MNBX/330nmdKSCuBcGGDwSAzOhr/RqQf4AiQR3GEw0+MTpI2kn+WSpAhIDOaMXAhGHA7
cGPfGCB9kGAwFOGfYVOD4Wpy/wVAFUALYGsmkAMFwCSCHyH/cvIZtx2QR3BEkpAhZ9Qggn+Un27R
AYBwgF2BAQCrMW9/YECptAWgAQCoUkwvGjAg/kRHYVvvGWodGSgjk697Qf8gEDdRY1GJQh6zH/A5
cY8B9zktIPEgTW4YIC6ZIeQwwvkd8WRkS8A50W+1HgBdgf5tKNAooC1BqwQEICDyOTxvHwW7gCAR
R1I6GUYn8jH/MMAdEi+wVAi3hgRxnJRFAN9sgh7ROhofUIiydY8BH1H/lxM+IYS0plU2AghgJlAo
I/8fon2TDwAA0CLSIhAZIDDQv2gzC2Aq8GkAbDM+IVPBc95zPwCfYWg8yJNkMGTJL/8IUAEAWCAI
cC+wp9JYMSDg75TTcIGvdifjMr+PKrUfcP83EAiQj4F3kkkWwca/6maCfTCgdUcDIEO//6l0OtVK
/XCRRwuAumCNYNHLMmCus/9CsSpS0MsfUBjho1NhBcISex7ih8FhtmIEIEahBcBx/wpQIBBDhUdx
Q8Soo5PVqUv/q397Qa5gf9F9FK1PrlMwwPwoSTVRYfEtMBThnsUfof99xSHlIIJkIX9iH6IgkX+S
/7pgXeIi4R8gozGOgSsmHhD3qYJwITrQbQeAumDW48ah+znRMMFGBbHGgS0yZ5JJJvsAwBggKGOS
ejO2FgUBKgH3BzAdwk2AddYBKwBilR1R/65xKKAHkDYBtlIg8Zswb6GtE7BjJpEyYCIFgWkBAL4i
IkKucToycuPoFikZTP5BBCA44irMph+nKUAyw8T/l+IgQiHmHxJ88nHjf6IDYH8O8DCgcXLXgjuE
IqAH4FA/K9J/8bdSMHNnlzaydm/zd/IgM0FjL7AEEAhQAjDvA2BE0xNgBZBr+Xm5h3WH/x9Q23Hk
Yn0FxCKh3jtwKkP7iTMZPVAdkGOiHZDjUjJ0/yxBRqJ884/TTYERITmVGT0F1Zh9B9AAAAADAIAQ
/////wIB+T8BAAAAVAAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAYAAAAvTz1XQUxMREFUQS9P
VT1FWEhRMDEvQ049TVNNQUlMVVNFUlMvQ049SkdJTkRJTjhDOUM3RUNDAB4A+D8BAAAAFgAAAEdp
bmRpbiwgSmF5IChNUyBNYWlsKQAAAB4AOEABAAAAEAAAAEpHSU5ESU44QzlDN0VDQwACAfs/AQAA
AFQAAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAGAAAAL089V0FMTERBVEEvT1U9RVhIUTAxL0NO
PU1TTUFJTFVTRVJTL0NOPUpHSU5ESU44QzlDN0VDQwAeAPo/AQAAABYAAABHaW5kaW4sIEpheSAo
TVMgTWFpbCkAAAAeADlAAQAAABAAAABKR0lORElOOEM5QzdFQ0MAQAAHMKBWyZiiIr0BQAAIMPjr
Z/eoIr0BHgA9AAEAAAAFAAAAUkU6IAAAAAAeAB0OAQAAABgAAABSZXF1ZXN0IGZvciAxLjIgRmVh
dHVyZQALACkAAAAAAAsAIwAAAAAAAwAGEM7K92cDAAcQoAoAAAMAEBAAAAAAAwAREAAAAAAeAAgQ
AQAAAGUAAABTRUVNWVJFU1BPTlNFU0JFTE9XLS0tLS1PUklHSU5BTE1FU1NBR0UtLS0tLVRIRVBS
T0JMRU0sSU5BTlVUU0hFTEwsSVNUSEFUSUNBTk5PVFRSVVNUVEhFQ0FMTEVST0ZBTUVUAAAAAKnk

------ =_NextPart_000_01BD2265.EB513150--