Address PR comments

Author: kumargu

libs/agent-sm/agent-policy/src/main/java/org/opensearch/secure_sm/policy/GrantNode.java renamed to libs/agent-sm/agent-policy/src/main/java/org/opensearch/secure_sm/policy/GrantEntry.java

@@ -12,15 +12,15 @@
 import java.util.Enumeration;
 import java.util.LinkedList;
 
-public class GrantNode {
+public class GrantEntry {
     public String codeBase;
-    private final LinkedList<PermissionNode> permissionEntries = new LinkedList<>();
+    private final LinkedList<PermissionEntry> permissionEntries = new LinkedList<>();
 
-    public void add(PermissionNode entry) {
+    public void add(PermissionEntry entry) {
         permissionEntries.add(entry);
     }
 
-    public Enumeration<PermissionNode> permissionElements() {
+    public Enumeration<PermissionEntry> permissionElements() {
         return Collections.enumeration(permissionEntries);
     }
 
@@ -32,7 +32,7 @@ public void write(PrintWriter out) {
             out.print("\"");
         }
         out.println(" {");
-        for (PermissionNode pe : permissionEntries) {
+        for (PermissionEntry pe : permissionEntries) {
             out.print("  permission ");
             out.print(pe.permission);
             if (pe.name != null) {

libs/agent-sm/agent-policy/src/main/java/org/opensearch/secure_sm/policy/PermissionNode.java renamed to libs/agent-sm/agent-policy/src/main/java/org/opensearch/secure_sm/policy/PermissionEntry.java

@@ -10,7 +10,7 @@
 import java.io.PrintWriter;
 import java.util.Objects;
 
-public class PermissionNode {
+public class PermissionEntry {
     public String permission;
     public String name;
     public String action;
@@ -24,7 +24,7 @@ public int hashCode() {
     public boolean equals(Object obj) {
         if (obj == this) return true;
 
-        return obj instanceof PermissionNode that
+        return obj instanceof PermissionEntry that
             && Objects.equals(this.permission, that.permission)
             && Objects.equals(this.name, that.name)
             && Objects.equals(this.action, that.action);

libs/agent-sm/agent-policy/src/main/java/org/opensearch/secure_sm/policy/PolicyFile.java

@@ -44,7 +44,8 @@ public class PolicyFile extends java.security.Policy {
         "org.opensearch.SpecialPermission",
         "org.bouncycastle.crypto.CryptoServicesPermission",
         "org.opensearch.script.ClassPermission",
-        "javax.security.auth.AuthPermission"
+        "javax.security.auth.AuthPermission",
+        "javax.security.auth.kerberos.ServicePermission"
     );
 
     private static final int DEFAULT_CACHE_SIZE = 1;
@@ -76,8 +77,8 @@ private void init(URL policy, PolicyInfo newInfo) throws PolicyInitializationExc
             PolicyParser policyParser = new PolicyParser();
             policyParser.read(reader);
 
-            for (GrantNode grantNode : Collections.list(policyParser.grantElements())) {
-                addGrantNode(grantNode, newInfo);
+            for (GrantEntry grantEntry : Collections.list(policyParser.grantElements())) {
+                addGrantEntry(grantEntry, newInfo);
             }
 
         } catch (Exception e) {
@@ -95,7 +96,7 @@ public static InputStream getInputStream(URL url) throws IOException {
         }
     }
 
-    private CodeSource getCodeSource(GrantNode grantEntry, PolicyInfo newInfo) throws PolicyInitializationException {
+    private CodeSource getCodeSource(GrantEntry grantEntry, PolicyInfo newInfo) throws PolicyInitializationException {
         try {
             Certificate[] certs = null;
             URL location = (grantEntry.codeBase != null) ? newURL(grantEntry.codeBase) : null;
@@ -105,16 +106,16 @@ private CodeSource getCodeSource(GrantNode grantEntry, PolicyInfo newInfo) throw
         }
     }
 
-    private void addGrantNode(GrantNode grantEntry, PolicyInfo newInfo) throws PolicyInitializationException {
+    private void addGrantEntry(GrantEntry grantEntry, PolicyInfo newInfo) throws PolicyInitializationException {
         CodeSource codesource = getCodeSource(grantEntry, newInfo);
         if (codesource == null) {
             throw new PolicyInitializationException("Null CodeSource for: " + grantEntry.codeBase);
         }
 
         PolicyEntry entry = new PolicyEntry(codesource);
-        Enumeration<PermissionNode> enum_ = grantEntry.permissionElements();
+        Enumeration<PermissionEntry> enum_ = grantEntry.permissionElements();
         while (enum_.hasMoreElements()) {
-            PermissionNode pe = enum_.nextElement();
+            PermissionEntry pe = enum_.nextElement();
             expandPermissionName(pe);
             try {
                 Optional<Permission> perm = getInstance(pe.permission, pe.name, pe.action);
@@ -136,7 +137,7 @@ private void addGrantNode(GrantNode grantEntry, PolicyInfo newInfo) throws Polic
         newInfo.policyEntries.add(entry);
     }
 
-    private void expandPermissionName(PermissionNode pe) {
+    private void expandPermissionName(PermissionEntry pe) {
         if (pe.name == null || !pe.name.contains("${{")) {
             return;
         }

libs/agent-sm/agent-policy/src/main/java/org/opensearch/secure_sm/policy/PolicyParser.java

@@ -16,11 +16,12 @@
 import java.io.Reader;
 import java.io.StreamTokenizer;
 import java.util.Enumeration;
+import java.util.Optional;
 import java.util.Vector;
 
 public class PolicyParser {
 
-    private final Vector<GrantNode> grantEntries = new Vector<>();
+    private final Vector<GrantEntry> grantEntries = new Vector<>();
     private TokenStream tokenStream;
 
     public PolicyParser() {}
@@ -34,11 +35,7 @@ public void read(Reader policy) throws ParsingException, IOException {
 
         while (!tokenStream.isEOF()) {
             if (peek("grant")) {
-                GrantNode grantNode = parseGrantEntry();
-
-                if (grantNode != null) {
-                    addGrantNode(grantNode);
-                }
+                parseGrantEntry().ifPresent(this::addGrantEntry);
             }
         }
     }
@@ -81,23 +78,24 @@ private String poll(String expected) throws IOException, ParsingException {
         throw new ParsingException(token.line, expected, token.text);
     }
 
-    private GrantNode parseGrantEntry() throws ParsingException, IOException {
-        GrantNode grantNode = new GrantNode();
+    private Optional<GrantEntry> parseGrantEntry() throws ParsingException, IOException {
+        GrantEntry grantEntry = new GrantEntry();
         poll("grant");
 
         while (!peek("{")) {
             if (pollOnMatch("Codebase")) {
-                if (grantNode.codeBase != null) {
+                if (grantEntry.codeBase != null) {
                     throw new ParsingException(tokenStream.line(), "Multiple Codebase expressions");
                 }
 
                 String rawCodebase = poll(tokenStream.peek().text);
                 try {
-                    grantNode.codeBase = PropertyExpander.expand(rawCodebase, true).replace(File.separatorChar, '/');
+                    grantEntry.codeBase = PropertyExpander.expand(rawCodebase, true).replace(File.separatorChar, '/');
                 } catch (ExpandException e) {
                     // skip this grant as expansion failed due to missing expansion property.
                     skipCurrentGrantBlock();
-                    return null;
+
+                    return Optional.empty();
                 }
                 pollOnMatch(",");
             } else {
@@ -109,8 +107,8 @@ private GrantNode parseGrantEntry() throws ParsingException, IOException {
 
         while (!peek("}")) {
             if (peek("Permission")) {
-                PermissionNode permissionEntry = parsePermissionEntry();
-                grantNode.add(permissionEntry);
+                PermissionEntry permissionEntry = parsePermissionEntry();
+                grantEntry.add(permissionEntry);
                 poll(";");
             } else {
                 throw new ParsingException(tokenStream.line(), "Expected permission entry");
@@ -123,11 +121,11 @@ private GrantNode parseGrantEntry() throws ParsingException, IOException {
             poll(";");
         }
 
-        if (grantNode.codeBase != null) {
-            grantNode.codeBase = grantNode.codeBase.replace(File.separatorChar, '/');
+        if (grantEntry.codeBase != null) {
+            grantEntry.codeBase = grantEntry.codeBase.replace(File.separatorChar, '/');
         }
 
-        return grantNode;
+        return Optional.of(grantEntry);
     }
 
     private void skipCurrentGrantBlock() throws IOException, ParsingException {
@@ -161,8 +159,8 @@ private void skipCurrentGrantBlock() throws IOException, ParsingException {
         }
     }
 
-    private PermissionNode parsePermissionEntry() throws ParsingException, IOException {
-        PermissionNode permissionEntry = new PermissionNode();
+    private PermissionEntry parsePermissionEntry() throws ParsingException, IOException {
+        PermissionEntry permissionEntry = new PermissionEntry();
         poll("Permission");
         permissionEntry.permission = poll(tokenStream.peek().text);
 
@@ -185,11 +183,11 @@ private boolean isQuotedToken(Token token) {
         return token.type == '"' || token.type == '\'';
     }
 
-    public void addGrantNode(GrantNode grantNode) {
-        grantEntries.addElement(grantNode);
+    public void addGrantEntry(GrantEntry grantEntry) {
+        grantEntries.addElement(grantEntry);
     }
 
-    public Enumeration<GrantNode> grantElements() {
+    public Enumeration<GrantEntry> grantElements() {
         return grantEntries.elements();
     }