author | jjg |
Mon, 15 Aug 2011 11:48:20 -0700 | |
changeset 10336 | 0bb1999251f8 |
parent 5506 | 202f599c92aa |
child 24501 | 767c30e88a61 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
2 |
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package javax.crypto; |
|
27 |
||
28 |
import java.util.*; |
|
29 |
import java.util.jar.*; |
|
30 |
import java.io.*; |
|
31 |
import java.net.URL; |
|
32 |
import java.security.*; |
|
33 |
||
34 |
import java.security.Provider.Service; |
|
35 |
||
36 |
import sun.security.jca.*; |
|
37 |
import sun.security.jca.GetInstance.Instance; |
|
38 |
||
39 |
/** |
|
40 |
* This class instantiates implementations of JCE engine classes from |
|
41 |
* providers registered with the java.security.Security object. |
|
42 |
* |
|
43 |
* @author Jan Luehe |
|
44 |
* @author Sharon Liu |
|
45 |
* @since 1.4 |
|
46 |
*/ |
|
47 |
||
48 |
final class JceSecurity { |
|
49 |
||
50 |
static final SecureRandom RANDOM = new SecureRandom(); |
|
51 |
||
52 |
// The defaultPolicy and exemptPolicy will be set up |
|
53 |
// in the static initializer. |
|
54 |
private static CryptoPermissions defaultPolicy = null; |
|
55 |
private static CryptoPermissions exemptPolicy = null; |
|
56 |
||
57 |
// Map<Provider,?> of the providers we already have verified |
|
58 |
// value == PROVIDER_VERIFIED is successfully verified |
|
59 |
// value is failure cause Exception in error case |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
60 |
private final static Map<Provider, Object> verificationResults = |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
61 |
new IdentityHashMap<>(); |
2 | 62 |
|
63 |
// Map<Provider,?> of the providers currently being verified |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
64 |
private final static Map<Provider, Object> verifyingProviders = |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
65 |
new IdentityHashMap<>(); |
2 | 66 |
|
67 |
// Set the default value. May be changed in the static initializer. |
|
68 |
private static boolean isRestricted = true; |
|
69 |
||
70 |
/* |
|
71 |
* Don't let anyone instantiate this. |
|
72 |
*/ |
|
73 |
private JceSecurity() { |
|
74 |
} |
|
75 |
||
76 |
static { |
|
77 |
try { |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
78 |
AccessController.doPrivileged( |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
79 |
new PrivilegedExceptionAction<Object>() { |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
80 |
public Object run() throws Exception { |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
81 |
setupJurisdictionPolicies(); |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
82 |
return null; |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
83 |
} |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
84 |
}); |
2 | 85 |
|
86 |
isRestricted = defaultPolicy.implies( |
|
87 |
CryptoAllPermission.INSTANCE) ? false : true; |
|
88 |
} catch (Exception e) { |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
89 |
throw new SecurityException( |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
90 |
"Can not initialize cryptographic mechanism", e); |
2 | 91 |
} |
92 |
} |
|
93 |
||
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
94 |
static Instance getInstance(String type, Class<?> clazz, String algorithm, |
2 | 95 |
String provider) throws NoSuchAlgorithmException, |
96 |
NoSuchProviderException { |
|
97 |
Service s = GetInstance.getService(type, algorithm, provider); |
|
98 |
Exception ve = getVerificationResult(s.getProvider()); |
|
99 |
if (ve != null) { |
|
100 |
String msg = "JCE cannot authenticate the provider " + provider; |
|
101 |
throw (NoSuchProviderException) |
|
102 |
new NoSuchProviderException(msg).initCause(ve); |
|
103 |
} |
|
104 |
return GetInstance.getInstance(s, clazz); |
|
105 |
} |
|
106 |
||
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
107 |
static Instance getInstance(String type, Class<?> clazz, String algorithm, |
2 | 108 |
Provider provider) throws NoSuchAlgorithmException { |
109 |
Service s = GetInstance.getService(type, algorithm, provider); |
|
110 |
Exception ve = JceSecurity.getVerificationResult(provider); |
|
111 |
if (ve != null) { |
|
112 |
String msg = "JCE cannot authenticate the provider " |
|
113 |
+ provider.getName(); |
|
114 |
throw new SecurityException(msg, ve); |
|
115 |
} |
|
116 |
return GetInstance.getInstance(s, clazz); |
|
117 |
} |
|
118 |
||
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
119 |
static Instance getInstance(String type, Class<?> clazz, String algorithm) |
2 | 120 |
throws NoSuchAlgorithmException { |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
121 |
List<Service> services = GetInstance.getServices(type, algorithm); |
2 | 122 |
NoSuchAlgorithmException failure = null; |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
123 |
for (Service s : services) { |
2 | 124 |
if (canUseProvider(s.getProvider()) == false) { |
125 |
// allow only signed providers |
|
126 |
continue; |
|
127 |
} |
|
128 |
try { |
|
129 |
Instance instance = GetInstance.getInstance(s, clazz); |
|
130 |
return instance; |
|
131 |
} catch (NoSuchAlgorithmException e) { |
|
132 |
failure = e; |
|
133 |
} |
|
134 |
} |
|
135 |
throw new NoSuchAlgorithmException("Algorithm " + algorithm |
|
136 |
+ " not available", failure); |
|
137 |
} |
|
138 |
||
139 |
/** |
|
140 |
* Verify if the JAR at URL codeBase is a signed exempt application |
|
141 |
* JAR file and returns the permissions bundled with the JAR. |
|
142 |
* |
|
143 |
* @throws Exception on error |
|
144 |
*/ |
|
145 |
static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception { |
|
146 |
JarVerifier jv = new JarVerifier(codeBase, true); |
|
147 |
jv.verify(); |
|
148 |
return jv.getPermissions(); |
|
149 |
} |
|
150 |
||
151 |
/** |
|
152 |
* Verify if the JAR at URL codeBase is a signed provider JAR file. |
|
153 |
* |
|
154 |
* @throws Exception on error |
|
155 |
*/ |
|
156 |
static void verifyProviderJar(URL codeBase) throws Exception { |
|
157 |
// Verify the provider JAR file and all |
|
158 |
// supporting JAR files if there are any. |
|
159 |
JarVerifier jv = new JarVerifier(codeBase, false); |
|
160 |
jv.verify(); |
|
161 |
} |
|
162 |
||
163 |
private final static Object PROVIDER_VERIFIED = Boolean.TRUE; |
|
164 |
||
165 |
/* |
|
166 |
* Verify that the provider JAR files are signed properly, which |
|
167 |
* means the signer's certificate can be traced back to a |
|
168 |
* JCE trusted CA. |
|
169 |
* Return null if ok, failure Exception if verification failed. |
|
170 |
*/ |
|
171 |
static synchronized Exception getVerificationResult(Provider p) { |
|
172 |
Object o = verificationResults.get(p); |
|
173 |
if (o == PROVIDER_VERIFIED) { |
|
174 |
return null; |
|
175 |
} else if (o != null) { |
|
176 |
return (Exception)o; |
|
177 |
} |
|
178 |
if (verifyingProviders.get(p) != null) { |
|
179 |
// this method is static synchronized, must be recursion |
|
180 |
// return failure now but do not save the result |
|
181 |
return new NoSuchProviderException("Recursion during verification"); |
|
182 |
} |
|
183 |
try { |
|
184 |
verifyingProviders.put(p, Boolean.FALSE); |
|
185 |
URL providerURL = getCodeBase(p.getClass()); |
|
186 |
verifyProviderJar(providerURL); |
|
187 |
// Verified ok, cache result |
|
188 |
verificationResults.put(p, PROVIDER_VERIFIED); |
|
189 |
return null; |
|
190 |
} catch (Exception e) { |
|
191 |
verificationResults.put(p, e); |
|
192 |
return e; |
|
193 |
} finally { |
|
194 |
verifyingProviders.remove(p); |
|
195 |
} |
|
196 |
} |
|
197 |
||
198 |
// return whether this provider is properly signed and can be used by JCE |
|
199 |
static boolean canUseProvider(Provider p) { |
|
200 |
return getVerificationResult(p) == null; |
|
201 |
} |
|
202 |
||
203 |
// dummy object to represent null |
|
204 |
private static final URL NULL_URL; |
|
205 |
||
206 |
static { |
|
207 |
try { |
|
208 |
NULL_URL = new URL("http://null.sun.com/"); |
|
209 |
} catch (Exception e) { |
|
210 |
throw new RuntimeException(e); |
|
211 |
} |
|
212 |
} |
|
213 |
||
214 |
// reference to a Map we use as a cache for codebases |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
215 |
private static final Map<Class<?>, URL> codeBaseCacheRef = |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
216 |
new WeakHashMap<>(); |
2 | 217 |
|
218 |
/* |
|
219 |
* Retuns the CodeBase for the given class. |
|
220 |
*/ |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
221 |
static URL getCodeBase(final Class<?> clazz) { |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
222 |
URL url = codeBaseCacheRef.get(clazz); |
2 | 223 |
if (url == null) { |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
224 |
url = AccessController.doPrivileged(new PrivilegedAction<URL>() { |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
225 |
public URL run() { |
2 | 226 |
ProtectionDomain pd = clazz.getProtectionDomain(); |
227 |
if (pd != null) { |
|
228 |
CodeSource cs = pd.getCodeSource(); |
|
229 |
if (cs != null) { |
|
230 |
return cs.getLocation(); |
|
231 |
} |
|
232 |
} |
|
233 |
return NULL_URL; |
|
234 |
} |
|
235 |
}); |
|
236 |
codeBaseCacheRef.put(clazz, url); |
|
237 |
} |
|
238 |
return (url == NULL_URL) ? null : url; |
|
239 |
} |
|
240 |
||
241 |
private static void setupJurisdictionPolicies() throws Exception { |
|
242 |
String javaHomeDir = System.getProperty("java.home"); |
|
243 |
String sep = File.separator; |
|
244 |
String pathToPolicyJar = javaHomeDir + sep + "lib" + sep + |
|
245 |
"security" + sep; |
|
246 |
||
247 |
File exportJar = new File(pathToPolicyJar, "US_export_policy.jar"); |
|
248 |
File importJar = new File(pathToPolicyJar, "local_policy.jar"); |
|
249 |
URL jceCipherURL = ClassLoader.getSystemResource |
|
250 |
("javax/crypto/Cipher.class"); |
|
251 |
||
252 |
if ((jceCipherURL == null) || |
|
253 |
!exportJar.exists() || !importJar.exists()) { |
|
254 |
throw new SecurityException |
|
255 |
("Cannot locate policy or framework files!"); |
|
256 |
} |
|
257 |
||
258 |
// Read jurisdiction policies. |
|
259 |
CryptoPermissions defaultExport = new CryptoPermissions(); |
|
260 |
CryptoPermissions exemptExport = new CryptoPermissions(); |
|
261 |
loadPolicies(exportJar, defaultExport, exemptExport); |
|
262 |
||
263 |
CryptoPermissions defaultImport = new CryptoPermissions(); |
|
264 |
CryptoPermissions exemptImport = new CryptoPermissions(); |
|
265 |
loadPolicies(importJar, defaultImport, exemptImport); |
|
266 |
||
267 |
// Merge the export and import policies for default applications. |
|
268 |
if (defaultExport.isEmpty() || defaultImport.isEmpty()) { |
|
269 |
throw new SecurityException("Missing mandatory jurisdiction " + |
|
270 |
"policy files"); |
|
271 |
} |
|
272 |
defaultPolicy = defaultExport.getMinimum(defaultImport); |
|
273 |
||
274 |
// Merge the export and import policies for exempt applications. |
|
275 |
if (exemptExport.isEmpty()) { |
|
276 |
exemptPolicy = exemptImport.isEmpty() ? null : exemptImport; |
|
277 |
} else { |
|
278 |
exemptPolicy = exemptExport.getMinimum(exemptImport); |
|
279 |
} |
|
280 |
} |
|
281 |
||
282 |
/** |
|
283 |
* Load the policies from the specified file. Also checks that the |
|
284 |
* policies are correctly signed. |
|
285 |
*/ |
|
286 |
private static void loadPolicies(File jarPathName, |
|
287 |
CryptoPermissions defaultPolicy, |
|
288 |
CryptoPermissions exemptPolicy) |
|
289 |
throws Exception { |
|
290 |
||
291 |
JarFile jf = new JarFile(jarPathName); |
|
292 |
||
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
293 |
Enumeration<JarEntry> entries = jf.entries(); |
2 | 294 |
while (entries.hasMoreElements()) { |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
295 |
JarEntry je = entries.nextElement(); |
2 | 296 |
InputStream is = null; |
297 |
try { |
|
298 |
if (je.getName().startsWith("default_")) { |
|
299 |
is = jf.getInputStream(je); |
|
300 |
defaultPolicy.load(is); |
|
301 |
} else if (je.getName().startsWith("exempt_")) { |
|
302 |
is = jf.getInputStream(je); |
|
303 |
exemptPolicy.load(is); |
|
304 |
} else { |
|
305 |
continue; |
|
306 |
} |
|
307 |
} finally { |
|
308 |
if (is != null) { |
|
309 |
is.close(); |
|
310 |
} |
|
311 |
} |
|
312 |
||
313 |
// Enforce the signer restraint, i.e. signer of JCE framework |
|
314 |
// jar should also be the signer of the two jurisdiction policy |
|
315 |
// jar files. |
|
316 |
JarVerifier.verifyPolicySigned(je.getCertificates()); |
|
317 |
} |
|
318 |
// Close and nullify the JarFile reference to help GC. |
|
319 |
jf.close(); |
|
320 |
jf = null; |
|
321 |
} |
|
322 |
||
323 |
static CryptoPermissions getDefaultPolicy() { |
|
324 |
return defaultPolicy; |
|
325 |
} |
|
326 |
||
327 |
static CryptoPermissions getExemptPolicy() { |
|
328 |
return exemptPolicy; |
|
329 |
} |
|
330 |
||
331 |
static boolean isRestricted() { |
|
332 |
return isRestricted; |
|
333 |
} |
|
334 |
} |