1 /* |
1 /* |
2 * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
48 final class JceSecurityManager extends SecurityManager { |
47 final class JceSecurityManager extends SecurityManager { |
49 |
48 |
50 private static final CryptoPermissions defaultPolicy; |
49 private static final CryptoPermissions defaultPolicy; |
51 private static final CryptoPermissions exemptPolicy; |
50 private static final CryptoPermissions exemptPolicy; |
52 private static final CryptoAllPermission allPerm; |
51 private static final CryptoAllPermission allPerm; |
53 private static final Vector TrustedCallersCache = new Vector(2); |
52 private static final Vector<Class<?>> TrustedCallersCache = |
54 private static final Map exemptCache = new HashMap(); |
53 new Vector<>(2); |
|
54 private static final Map<URL, CryptoPermissions> exemptCache = |
|
55 new HashMap<>(); |
55 |
56 |
56 // singleton instance |
57 // singleton instance |
57 static final JceSecurityManager INSTANCE; |
58 static final JceSecurityManager INSTANCE; |
58 |
59 |
59 static { |
60 static { |
60 defaultPolicy = JceSecurity.getDefaultPolicy(); |
61 defaultPolicy = JceSecurity.getDefaultPolicy(); |
61 exemptPolicy = JceSecurity.getExemptPolicy(); |
62 exemptPolicy = JceSecurity.getExemptPolicy(); |
62 allPerm = CryptoAllPermission.INSTANCE; |
63 allPerm = CryptoAllPermission.INSTANCE; |
63 INSTANCE = (JceSecurityManager) |
64 INSTANCE = AccessController.doPrivileged( |
64 AccessController.doPrivileged(new PrivilegedAction() { |
65 new PrivilegedAction<JceSecurityManager>() { |
65 public Object run() { |
66 public JceSecurityManager run() { |
66 return new JceSecurityManager(); |
67 return new JceSecurityManager(); |
67 } |
68 } |
68 }); |
69 }); |
69 } |
70 } |
70 |
71 |
71 private JceSecurityManager() { |
72 private JceSecurityManager() { |
72 // empty |
73 // empty |
73 } |
74 } |
92 // Determine the codebase of the caller of the JCE API. |
93 // Determine the codebase of the caller of the JCE API. |
93 // This is the codebase of the first class which is not in |
94 // This is the codebase of the first class which is not in |
94 // javax.crypto.* packages. |
95 // javax.crypto.* packages. |
95 // NOTE: javax.crypto.* package maybe subject to package |
96 // NOTE: javax.crypto.* package maybe subject to package |
96 // insertion, so need to check its classloader as well. |
97 // insertion, so need to check its classloader as well. |
97 Class[] context = getClassContext(); |
98 Class<?>[] context = getClassContext(); |
98 URL callerCodeBase = null; |
99 URL callerCodeBase = null; |
99 int i; |
100 int i; |
100 for (i=0; i<context.length; i++) { |
101 for (i=0; i<context.length; i++) { |
101 Class cls = context[i]; |
102 Class<?> cls = context[i]; |
102 callerCodeBase = JceSecurity.getCodeBase(cls); |
103 callerCodeBase = JceSecurity.getCodeBase(cls); |
103 if (callerCodeBase != null) { |
104 if (callerCodeBase != null) { |
104 break; |
105 break; |
105 } else { |
106 } else { |
106 if (cls.getName().startsWith("javax.crypto.")) { |
107 if (cls.getName().startsWith("javax.crypto.")) { |
117 } |
118 } |
118 |
119 |
119 CryptoPermissions appPerms; |
120 CryptoPermissions appPerms; |
120 synchronized (this.getClass()) { |
121 synchronized (this.getClass()) { |
121 if (exemptCache.containsKey(callerCodeBase)) { |
122 if (exemptCache.containsKey(callerCodeBase)) { |
122 appPerms = (CryptoPermissions)exemptCache.get(callerCodeBase); |
123 appPerms = exemptCache.get(callerCodeBase); |
123 } else { |
124 } else { |
124 appPerms = getAppPermissions(callerCodeBase); |
125 appPerms = getAppPermissions(callerCodeBase); |
125 exemptCache.put(callerCodeBase, appPerms); |
126 exemptCache.put(callerCodeBase, appPerms); |
126 } |
127 } |
127 } |
128 } |
141 // Return that permission, if present. |
142 // Return that permission, if present. |
142 PermissionCollection appPc = appPerms.getPermissionCollection(alg); |
143 PermissionCollection appPc = appPerms.getPermissionCollection(alg); |
143 if (appPc == null) { |
144 if (appPc == null) { |
144 return defaultPerm; |
145 return defaultPerm; |
145 } |
146 } |
146 Enumeration enum_ = appPc.elements(); |
147 Enumeration<Permission> enum_ = appPc.elements(); |
147 while (enum_.hasMoreElements()) { |
148 while (enum_.hasMoreElements()) { |
148 CryptoPermission cp = (CryptoPermission)enum_.nextElement(); |
149 CryptoPermission cp = (CryptoPermission)enum_.nextElement(); |
149 if (cp.getExemptionMechanism() == null) { |
150 if (cp.getExemptionMechanism() == null) { |
150 return cp; |
151 return cp; |
151 } |
152 } |
213 |
214 |
214 /** |
215 /** |
215 * Returns the default permission for the given algorithm. |
216 * Returns the default permission for the given algorithm. |
216 */ |
217 */ |
217 private CryptoPermission getDefaultPermission(String alg) { |
218 private CryptoPermission getDefaultPermission(String alg) { |
218 Enumeration enum_ = |
219 Enumeration<Permission> enum_ = |
219 defaultPolicy.getPermissionCollection(alg).elements(); |
220 defaultPolicy.getPermissionCollection(alg).elements(); |
220 return (CryptoPermission)enum_.nextElement(); |
221 return (CryptoPermission)enum_.nextElement(); |
221 } |
222 } |
222 |
223 |
223 // See bug 4341369 & 4334690 for more info. |
224 // See bug 4341369 & 4334690 for more info. |