2004-09-03 Sebastien Pouliot <sebastien@ximian.com>

	* EnvironmentPermission.cs: Fixed GetPathList which has little
	differences between Fx 1.1 and 2.0. Required to run the MSDN samples.
	* FileDialogPermission.cs: Fixed IsSubsetOf and Intersect.
	* RegistryPermission.cs: Fixed ToXml to avoid NullReferenceException.
	Required to run the MSDN library samples.
	* SecurityPermission.cs: Return null for an empty intersection.
	Required to run the MSDN library samples.
	* SiteIdentityPermission.cs: Implemented wildcard support in
	Intersect, IsSubsetOf and Union.
	* StrongNameIdentityPermission.cs: Implemented wildcard support in
	Intersect, IsSubsetOf and Union. Fixed ToXml to pass the MSDN samples.
	* UrlIdentityPermission.cs: Implemented wildcard support in Intersect,
	IsSubsetOf and Union. Fixed difference between Fx1.1 and 2.0 in Copy.

svn path=/trunk/mcs/; revision=33268

8 files changed, 243 insertions, 69 deletions

diff --git a/mcs/class/corlib/System.Security.Permissions/ChangeLog b/mcs/class/corlib/System.Security.Permissions/ChangeLog
index 62ea0e00f91..1ee79662dcf 100644
--- a/mcs/class/corlib/System.Security.Permissions/ChangeLog
+++ b/mcs/class/corlib/System.Security.Permissions/ChangeLog
@@ -1,3 +1,19 @@
+2004-09-03  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* EnvironmentPermission.cs: Fixed GetPathList which has little 
+	differences between Fx 1.1 and 2.0. Required to run the MSDN samples.
+	* FileDialogPermission.cs: Fixed IsSubsetOf and Intersect.
+	* RegistryPermission.cs: Fixed ToXml to avoid NullReferenceException.
+	Required to run the MSDN library samples.
+	* SecurityPermission.cs: Return null for an empty intersection. 
+	Required to run the MSDN library samples.
+	* SiteIdentityPermission.cs: Implemented wildcard support in 
+	Intersect, IsSubsetOf and Union.
+	* StrongNameIdentityPermission.cs: Implemented wildcard support in 
+	Intersect, IsSubsetOf and Union. Fixed ToXml to pass the MSDN samples.
+	* UrlIdentityPermission.cs: Implemented wildcard support in Intersect,
+	IsSubsetOf and Union. Fixed difference between Fx1.1 and 2.0 in Copy.
+
 2004-09-02  Sebastien Pouliot  <sebastien@ximian.com>
 
 	* SiteIdentityPermission.cs: Updated to match latest unit tests, i.e. 
diff --git a/mcs/class/corlib/System.Security.Permissions/EnvironmentPermission.cs b/mcs/class/corlib/System.Security.Permissions/EnvironmentPermission.cs
index 9a0e8758e42..7903f1f5f44 100644
--- a/mcs/class/corlib/System.Security.Permissions/EnvironmentPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/EnvironmentPermission.cs
@@ -126,10 +126,10 @@ namespace System.Security.Permissions {
 			// Note: we do not (yet) care about the return value 
 			// as we only accept version 1 (min/max values)
 
-			string read = (esd.Attributes ["Read"] as string);
+			string read = esd.Attribute ("Read");
 			if ((read != null) && (read.Length > 0))
 				SetPathList (EnvironmentPermissionAccess.Read, read);
-			string write = (esd.Attributes ["Write"] as string);
+			string write = esd.Attribute ("Write");
 			if ((write != null) && (write.Length > 0))
 				SetPathList (EnvironmentPermissionAccess.Write, write);
 
@@ -138,38 +138,20 @@ namespace System.Security.Permissions {
 
 		public string GetPathList (EnvironmentPermissionAccess flag)
 		{
-			StringBuilder sb = new StringBuilder ();
 			switch (flag) {
 				case EnvironmentPermissionAccess.AllAccess:
 				case EnvironmentPermissionAccess.NoAccess:
 					ThrowInvalidFlag (flag, true);
 					break;
 				case EnvironmentPermissionAccess.Read:
-					foreach (string path in readList) {
-						sb.Append (path);
-						sb.Append (";");
-					}
-					break;
+					return GetPathList (readList);
 				case EnvironmentPermissionAccess.Write:
-					foreach (string path in writeList) {
-						sb.Append (path);
-						sb.Append (";");
-					}
-					break;
+					return GetPathList (writeList);
 				default:
 					ThrowInvalidFlag (flag, false);
 					break;
 			}
-			string result = sb.ToString ();
-			// remove last ';'
-			int n = result.Length;
-			if (n > 0)
-				return result.Substring (0, n - 1);
-#if NET_2_0
-			return String.Empty;
-#else
-			return ((_state == PermissionState.Unrestricted) ? String.Empty : null);
-#endif
+			return null; // never reached
 		}
 
 		public override IPermission Intersect (IPermission target)
@@ -303,6 +285,9 @@ namespace System.Security.Permissions {
 			if (IsUnrestricted () || ep.IsUnrestricted ())
 				return new EnvironmentPermission (PermissionState.Unrestricted);
 
+			if (IsEmpty () && ep.IsEmpty ())
+				return null;
+
 			EnvironmentPermission result = (EnvironmentPermission) Copy ();
 			string path = ep.GetPathList (EnvironmentPermissionAccess.Read);
 			if (path != null) 
@@ -321,6 +306,11 @@ namespace System.Security.Permissions {
 
 		// helpers
 
+		private bool IsEmpty ()
+		{
+			return ((_state == PermissionState.None) && (readList.Count == 0) && (writeList.Count == 0));
+		}
+
 		private EnvironmentPermission Cast (IPermission target)
 		{
 			if (target == null)
@@ -344,6 +334,35 @@ namespace System.Security.Permissions {
 			throw new ArgumentException (String.Format (msg, flag), "flag");
 		}
 
+		private string GetPathList (ArrayList list)
+		{
+			if (IsUnrestricted ())
+				return String.Empty;
+#if NET_2_0
+			if (list.Count == 0)
+				return String.Empty;
+#else
+			if (list.Count == 0)
+				return null;
+#endif
+			StringBuilder sb = new StringBuilder ();
+			foreach (string path in list) {
+				sb.Append (path);
+				sb.Append (";");
+			}
+
+			string result = sb.ToString ();
+			// remove last ';'
+			int n = result.Length;
+			if (n > 0)
+				return result.Substring (0, n - 1);
+#if NET_2_0
+			return String.Empty;
+#else
+			return ((_state == PermissionState.Unrestricted) ? String.Empty : null);
+#endif
+		}
+
 		#endregion // Methods
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/FileDialogPermission.cs b/mcs/class/corlib/System.Security.Permissions/FileDialogPermission.cs
index b615daf2b66..e59a1711be1 100644
--- a/mcs/class/corlib/System.Security.Permissions/FileDialogPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/FileDialogPermission.cs
@@ -99,15 +99,7 @@ namespace System.Security.Permissions {
 			if (fdp == null)
 				return null;
 
-			if (IsUnrestricted ())
-				return fdp.Copy ();
-			if (fdp.IsUnrestricted ())
-				return Copy ();
-
-			FileDialogPermissionAccess a = FileDialogPermissionAccess.None;
-			// note: there are no more OpenSave cases (as they're Unrestricted)
-			a = (_access & fdp._access);
-
+			FileDialogPermissionAccess a = (_access & fdp._access);
 			return ((a == FileDialogPermissionAccess.None) ? null : new FileDialogPermission (a));
 		}
 
@@ -117,12 +109,7 @@ namespace System.Security.Permissions {
 			if (fdp == null)
 				return false;
 
-			if (IsUnrestricted ())
-				return fdp.IsUnrestricted ();
-			else if (fdp.IsUnrestricted ())
-				return true;
-
-			return ((_access | fdp._access) == _access);
+			return ((_access & fdp._access) == _access);
 		}
 
 		public bool IsUnrestricted () 
diff --git a/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs b/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
index a42270c8273..96843ab9333 100644
--- a/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
@@ -158,7 +158,8 @@ namespace System.Security.Permissions {
 		public override SecurityElement ToXml () 
 		{
 			SecurityElement e = Element (version);
-			e.AddAttribute (_access.ToString (), _pathList);
+			if (_pathList != null)
+				e.AddAttribute (_access.ToString (), _pathList);
 			return e;
 		}
 
diff --git a/mcs/class/corlib/System.Security.Permissions/SecurityPermission.cs b/mcs/class/corlib/System.Security.Permissions/SecurityPermission.cs
index dc863355cfe..9f970097c69 100644
--- a/mcs/class/corlib/System.Security.Permissions/SecurityPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/SecurityPermission.cs
@@ -93,7 +93,12 @@ namespace System.Security.Permissions {
 				return sp.Copy ();
 			if (sp.IsUnrestricted ())
 				return this.Copy ();
-			return new SecurityPermission (flags & sp.flags);
+
+			SecurityPermissionFlag f = flags & sp.flags;
+			if (f == SecurityPermissionFlag.NoFlags)
+				return null;
+			else
+				return new SecurityPermission (f);
 		}
 
 		public override IPermission Union (IPermission target) 
diff --git a/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermission.cs b/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermission.cs
index db69c287835..0dd59f71d8f 100644
--- a/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermission.cs
@@ -56,12 +56,12 @@ namespace System.Security.Permissions {
 		public string Site {
 			get { 
 				if (IsEmpty ())
-					throw new NullReferenceException ("Site");
+					throw new NullReferenceException ("No site.");
 				return _site; 
 			}
 			set {
 				if (!IsValid (value))
-					throw new ArgumentException ("Site");
+					throw new ArgumentException ("Invalid site.");
 				_site = value;
 			}
 		}
@@ -88,24 +88,35 @@ namespace System.Security.Permissions {
 				Site = s;
 		}
 
-		[MonoTODO ("do not support wildcard")]
 		public override IPermission Intersect (IPermission target)
 		{
 			SiteIdentityPermission sip = Cast (target);
 			if ((sip == null) || (IsEmpty ()))
 				return null;
-			if (_site == sip._site)
-				return Copy ();
+
+			if (Match (sip._site)) {
+				string s = ((_site.Length > sip._site.Length) ? _site : sip._site);
+				return new SiteIdentityPermission (s);
+			}
 			return null;
 		}
 
-		[MonoTODO ("do not support wildcard")]
 		public override bool IsSubsetOf (IPermission target) 
 		{
 			SiteIdentityPermission sip = Cast (target);
 			if (sip == null)
 				return IsEmpty ();
-			return (_site == sip._site);
+			if ((_site == null) && (sip._site == null))
+				return true;
+			if ((_site == null) || (sip._site == null))
+				return false;
+
+			int wildcard = sip._site.IndexOf ('*');
+			if (wildcard == -1) {
+				// exact match
+				return (_site == sip._site);
+			}
+			return _site.EndsWith (sip._site.Substring (wildcard + 1));
 		}
 
 		public override SecurityElement ToXml ()
@@ -116,14 +127,18 @@ namespace System.Security.Permissions {
                         return e;
 		}
 
-		[MonoTODO ("do not support wildcard")]
 		public override IPermission Union (IPermission target) 
 		{
 			SiteIdentityPermission sip = Cast (target);
-			if ((sip == null) || (_site == sip._site) || sip.IsEmpty ())
+			if ((sip == null) || sip.IsEmpty ())
 				return Copy ();
 			if (IsEmpty ())
 				return sip.Copy ();
+
+			if (Match (sip._site)) {
+				string s = ((_site.Length < sip._site.Length) ? _site : sip._site);
+				return new SiteIdentityPermission (s);
+			}
 #if NET_2_0
 			throw new ArgumentException (Locale.GetText (
 				"Cannot union two different sites."), "target");
@@ -173,7 +188,7 @@ namespace System.Security.Permissions {
 
 		private bool IsValid (string s)
 		{
-			if (s == null)
+			if ((s == null) || (s.Length == 0))
 				return false;
 
 			for (int i = 0; i < s.Length; i++) {
@@ -198,11 +213,36 @@ namespace System.Security.Permissions {
 			return true;
 		}
 
-		private bool HasWildcard ()
+		private bool Match (string target) 
 		{
-			if (_site == null)
+			if ((_site == null) || (target == null))
 				return false;
-			return (_site.IndexOf ('*') >= 0);
+
+			int wcs = _site.IndexOf ('*');
+			int wct = target.IndexOf ('*');
+			int pos = Int32.MaxValue;
+
+			if ((wcs == -1) && (wct == -1)) {
+				// no wildcard, this is an exact match
+				return (_site == target);
+			}
+			else if (wcs == -1) {
+				// only "target" has a wildcard, use it
+				return _site.EndsWith (target.Substring (wct + 1));
+			}
+			else if (wct == -1) {
+				// only "this" has a wildcard, use it
+				return target.EndsWith (_site.Substring (wcs + 1));
+			}
+			else {
+				// both have wildcards, partial match with the smallest
+				string s = _site.Substring (wcs + 1);
+				target = target.Substring (wct + 1);
+				if (s.Length > target.Length)
+					return s.EndsWith (target);
+				else
+					return target.EndsWith (s);
+			}
 		}
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/StrongNameIdentityPermission.cs b/mcs/class/corlib/System.Security.Permissions/StrongNameIdentityPermission.cs
index 5ef44ed25ec..b77755c349d 100644
--- a/mcs/class/corlib/System.Security.Permissions/StrongNameIdentityPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/StrongNameIdentityPermission.cs
@@ -111,20 +111,20 @@ namespace System.Security.Permissions {
 		public override IPermission Intersect (IPermission target) 
 		{
 			StrongNameIdentityPermission snip = (target as StrongNameIdentityPermission);
-			if (snip == null)
+			if ((snip == null) || IsEmpty ())
 				return null;
-
-			if (IsEmpty () || snip.IsEmpty ())
+			if (snip.IsEmpty ())
 				return new StrongNameIdentityPermission (PermissionState.None);
-
-			if (name != snip.name)
+			if (!Match (snip.name))
 				return null;
+
+			string n = ((name.Length < snip.name.Length) ? name : snip.name);
 			if (!assemblyVersion.Equals (snip.assemblyVersion))
 				return null;
 			if (!publickey.Equals (snip.publickey))
 				return null;
 
-			return Copy ();
+			return new StrongNameIdentityPermission (publickey, n, assemblyVersion);
 		}
 	
 		public override bool IsSubsetOf (IPermission target) 
@@ -133,11 +133,18 @@ namespace System.Security.Permissions {
 			if (snip == null)
 				return IsEmpty ();
 
-			if (((name != null) && (name.Length > 0)) && (name != snip.Name))
+			if (IsEmpty ())
+				return true;
+
+			if ((name != null) && (name.Length > 0) && !IsNameSubsetOf (snip.Name))
 				return false;
 			if ((assemblyVersion != null) && !assemblyVersion.Equals (snip.assemblyVersion))
 				return false;
-			return publickey.Equals (snip.publickey);
+			// in case PermissionState.None was used in the constructor
+			if (publickey == null)
+				return (snip.publickey == null);
+			else
+				return publickey.Equals (snip.publickey);
 		}
 	
 		public override SecurityElement ToXml () 
@@ -158,6 +165,9 @@ namespace System.Security.Permissions {
 			if ((snip == null) || snip.IsEmpty ())
 				return Copy ();
 
+			if (IsEmpty ())
+				return snip.Copy ();
+
 			if (!publickey.Equals (snip.publickey)) {
 #if NET_2_0
 				string msg = Locale.GetText ("Permissions have different public keys.");
@@ -171,6 +181,9 @@ namespace System.Security.Permissions {
 			if ((n == null) || (n.Length == 0)) {
 				n = snip.name;
 			}
+			else if (Match (snip.name)) {
+				n = ((name.Length > snip.name.Length) ? name : snip.name);
+			}
 			else if ((snip.name != null) && (snip.name.Length > 0) && (n != snip.name)) {
 #if NET_2_0
 				string msg = String.Format (Locale.GetText ("Name mismatch: '{0}' versus '{1}'"), n, snip.Name);
@@ -225,5 +238,45 @@ namespace System.Security.Permissions {
 
 			return snip;
 		}
+
+		private bool IsNameSubsetOf (string target) 
+		{
+			int wildcard = name.LastIndexOf ('*');
+			if (wildcard == 0)
+				return true;		// *
+			if (wildcard == -1)
+				wildcard = name.Length;	// exact match
+
+			return (String.Compare (name, 0, target, 0, wildcard, true, CultureInfo.InvariantCulture) == 0);
+		}
+
+		private bool Match (string target) 
+		{
+			if ((name == null) || (target == null))
+				return false;
+
+			int wcu = name.LastIndexOf ('*');
+			int wct = target.LastIndexOf ('*');
+			int length = Int32.MaxValue;
+
+			if ((wcu == -1) && (wct == -1)) {
+				// no wildcard, this is an exact match
+				length = Math.Max (name.Length, target.Length);
+			}
+			else if (wcu == -1) {
+				// only "target" has a wildcard, use it
+				length = wct;
+			}
+			else if (wct == -1) {
+				// only "this" has a wildcard, use it
+				length = wcu;
+			}
+			else {
+				// both have wildcards, partial match with the smallest
+				length = Math.Min (wcu, wct);
+			}
+
+			return (String.Compare (name, 0, target, 0, length, true, CultureInfo.InvariantCulture) == 0);
+		}
 	} 
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermission.cs b/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermission.cs
index c19139e6c7e..837572b703d 100644
--- a/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermission.cs
@@ -71,8 +71,13 @@ namespace System.Security.Permissions {
 
 		public override IPermission Copy () 
 		{
-			if (url == null)
+			if (url == null) {
+#if NET_2_0
 				return new UrlIdentityPermission (PermissionState.None);
+#else
+				throw new NullReferenceException ("Url");
+#endif
+			}
 			else
 				return new UrlIdentityPermission (url);
 		}
@@ -91,7 +96,6 @@ namespace System.Security.Permissions {
 				Url = u;
 		}
 
-		[MonoTODO ("do not support wildcard")]
 		public override IPermission Intersect (IPermission target) 
 		{
 			// if one permission is null (object or url) then there's no intersection
@@ -99,18 +103,32 @@ namespace System.Security.Permissions {
 			UrlIdentityPermission uip = Cast (target);
 			if ((uip == null) || (IsEmpty ()))
 				return null;
-			if (url == uip.url)
-				return Copy ();
+			if (Match (uip.url)) {
+				// longest form is the intersection
+				if (url.Length > uip.url.Length)
+					return Copy ();
+				else
+					return uip.Copy ();
+			}
 			return null;
 		}
 
-		[MonoTODO ("do not support wildcard")]
 		public override bool IsSubsetOf (IPermission target) 
 		{
 			UrlIdentityPermission uip = Cast (target);
 			if (uip == null)
 				return IsEmpty ();
-			return (url == uip.url);
+			if (IsEmpty ())
+				return true;
+			if (uip.url == null)
+				return false;
+
+			// here Match wouldn't work as it is bidirectional
+			int wildcard = uip.url.LastIndexOf ('*');
+			if (wildcard == -1)
+				wildcard = uip.url.Length;	// exact match
+
+			return (String.Compare (url, 0, uip.url, 0, wildcard, true, CultureInfo.InvariantCulture) == 0);
 		}
 
 		public override SecurityElement ToXml () 
@@ -121,7 +139,6 @@ namespace System.Security.Permissions {
 			return se;
 		}
 
-		[MonoTODO ("do not support wildcard")]
 		public override IPermission Union (IPermission target) 
 		{
 			UrlIdentityPermission uip = Cast (target);
@@ -129,10 +146,17 @@ namespace System.Security.Permissions {
 				return Copy ();
 			if (IsEmpty () && uip.IsEmpty ())
 				return null;
-			if (uip.IsEmpty () || (url == uip.url))
+			if (uip.IsEmpty ())
 				return Copy ();
 			if (IsEmpty ())
 				return uip.Copy ();
+			if (Match (uip.url)) {
+				// shortest form is the union
+				if (url.Length < uip.url.Length)
+					return Copy ();
+				else
+					return uip.Copy ();
+			}
 #if NET_2_0
 			throw new ArgumentException (Locale.GetText (
 				"Cannot union two different urls."), "target");
@@ -166,5 +190,34 @@ namespace System.Security.Permissions {
 
 			return uip;
 		}
+
+		private bool Match (string target) 
+		{
+			if ((url == null) || (target == null))
+				return false;
+
+			int wcu = url.LastIndexOf ('*');
+			int wct = target.LastIndexOf ('*');
+			int length = Int32.MaxValue;
+
+			if ((wcu == -1) && (wct == -1)) {
+				// no wildcard, this is an exact match
+				length = Math.Max (url.Length, target.Length);
+			}
+			else if (wcu == -1) {
+				// only "this" has a wildcard, use it
+				length = wct;
+			}
+			else if (wct == -1) {
+				// only "target" has a wildcard, use it
+				length = wcu;
+			}
+			else {
+				// both have wildcards, partial match with the smallest
+				length = Math.Min (wcu, wct);
+			}
+
+			return (String.Compare (url, 0, target, 0, length, true, CultureInfo.InvariantCulture) == 0);
+		}
 	}
 }