jdk-sandbox: comparison jdk/src/java.base/share/classes/javax/crypto/JceSecurity.java.template

equal deleted inserted replaced

-:c5a725b3d358
+:5e640c2994d6
+/*
+* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* This code is free software; you can redistribute it and/or modify it
+* under the terms of the GNU General Public License version 2 only, as
+* published by the Free Software Foundation.  Oracle designates this
+* particular file as subject to the "Classpath" exception as provided
+* by Oracle in the LICENSE file that accompanied this code.
+*
+* This code is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+* version 2 for more details (a copy is included in the LICENSE file that
+* accompanied this code).
+*
+* You should have received a copy of the GNU General Public License version
+* 2 along with this work; if not, write to the Free Software Foundation,
+* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+*
+* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+* or visit www.oracle.com if you need additional information or have any
+* questions.
+*/
+/*
+* README README README README README README README README README
+*
+* This file is the template for generating the JceSecurity.java source
+* file.
+*
+* In the current jdk builds, this file is first preprocessed to replace
+* @@JCE_DEFAULT_POLICY@ [sic] with "limited" or "unlimited" which is
+* determined by the $(UNLIMTED_CRYPTO) make variable.  This variable is
+* set by top-level configure script, using either
+* --disable-unlimited-crypto or --enable-unlimited-crypto [default].
+*
+* Since this file is a generated source, incremental changes to
+* this file require regenerating the source.  Compilation options:
+*
+*     (fewer dependencies/"faster" ones first)
+*
+* 1.  make JDK_FILTER=javax/crypto java.base-gensrc-only java.base-java-only
+* 2.  make java.base-gensrc-only java.base-java-only
+* 3.  make java.base-gensrc-only java.base-only
+* 4.  make java.base-only
+* 5.  make
+*/
+package javax.crypto;
+import java.util.*;
+import java.io.*;
+import java.net.URL;
+import java.nio.file.*;
+import java.security.*;
+import java.security.Provider.Service;
+import sun.security.jca.*;
+import sun.security.jca.GetInstance.Instance;
+import sun.security.util.Debug;
+/**
+* This class instantiates implementations of JCE engine classes from
+* providers registered with the java.security.Security object.
+*
+* @author Jan Luehe
+* @author Sharon Liu
+* @since 1.4
+*/
+final class JceSecurity {
+private static final Debug debug = Debug.getInstance("jca");
+static final SecureRandom RANDOM = new SecureRandom();
+// The defaultPolicy and exemptPolicy will be set up
+// in the static initializer.
+private static CryptoPermissions defaultPolicy = null;
+private static CryptoPermissions exemptPolicy = null;
+// Map<Provider,?> of the providers we already have verified
+// value == PROVIDER_VERIFIED is successfully verified
+// value is failure cause Exception in error case
+private static final Map<Provider, Object> verificationResults =
+new IdentityHashMap<>();
+// Map<Provider,?> of the providers currently being verified
+private static final Map<Provider, Object> verifyingProviders =
+new IdentityHashMap<>();
+private static final boolean isRestricted;
+/*
+* Don't let anyone instantiate this.
+*/
+private JceSecurity() {
+}
+static {
+try {
+AccessController.doPrivileged(
+new PrivilegedExceptionAction<> () {
+@Override
+public Void run() throws Exception {
+setupJurisdictionPolicies();
+return null;
+}
+}
+);
+isRestricted = defaultPolicy.implies(
+CryptoAllPermission.INSTANCE) ? false : true;
+} catch (Exception e) {
+throw new SecurityException(
+"Can not initialize cryptographic mechanism", e);
+}
+}
+static Instance getInstance(String type, Class<?> clazz, String algorithm,
+String provider) throws NoSuchAlgorithmException,
+NoSuchProviderException {
+Service s = GetInstance.getService(type, algorithm, provider);
+Exception ve = getVerificationResult(s.getProvider());
+if (ve != null) {
+String msg = "JCE cannot authenticate the provider " + provider;
+throw (NoSuchProviderException)
+new NoSuchProviderException(msg).initCause(ve);
+}
+return GetInstance.getInstance(s, clazz);
+}
+static Instance getInstance(String type, Class<?> clazz, String algorithm,
+Provider provider) throws NoSuchAlgorithmException {
+Service s = GetInstance.getService(type, algorithm, provider);
+Exception ve = JceSecurity.getVerificationResult(provider);
+if (ve != null) {
+String msg = "JCE cannot authenticate the provider "
++ provider.getName();
+throw new SecurityException(msg, ve);
+}
+return GetInstance.getInstance(s, clazz);
+}
+static Instance getInstance(String type, Class<?> clazz, String algorithm)
+throws NoSuchAlgorithmException {
+List<Service> services = GetInstance.getServices(type, algorithm);
+NoSuchAlgorithmException failure = null;
+for (Service s : services) {
+if (canUseProvider(s.getProvider()) == false) {
+// allow only signed providers
+continue;
+}
+try {
+Instance instance = GetInstance.getInstance(s, clazz);
+return instance;
+} catch (NoSuchAlgorithmException e) {
+failure = e;
+}
+}
+throw new NoSuchAlgorithmException("Algorithm " + algorithm
++ " not available", failure);
+}
+/**
+* Verify if the JAR at URL codeBase is a signed exempt application
+* JAR file and returns the permissions bundled with the JAR.
+*
+* @throws Exception on error
+*/
+static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
+ProviderVerifier pv = new ProviderVerifier(codeBase, true);
+pv.verify();
+return pv.getPermissions();
+}
+/**
+* Verify if the JAR at URL codeBase is a signed provider JAR file.
+*
+* @throws Exception on error
+*/
+static void verifyProvider(URL codeBase, Provider p) throws Exception {
+// Verify the provider JAR file and all
+// supporting JAR files if there are any.
+ProviderVerifier pv = new ProviderVerifier(codeBase, p, false);
+pv.verify();
+}
+private static final Object PROVIDER_VERIFIED = Boolean.TRUE;
+/*
+* Verify that the provider JAR files are signed properly, which
+* means the signer's certificate can be traced back to a
+* JCE trusted CA.
+* Return null if ok, failure Exception if verification failed.
+*/
+static synchronized Exception getVerificationResult(Provider p) {
+Object o = verificationResults.get(p);
+if (o == PROVIDER_VERIFIED) {
+return null;
+} else if (o != null) {
+return (Exception)o;
+}
+if (verifyingProviders.get(p) != null) {
+// this method is static synchronized, must be recursion
+// return failure now but do not save the result
+return new NoSuchProviderException("Recursion during verification");
+}
+try {
+verifyingProviders.put(p, Boolean.FALSE);
+URL providerURL = getCodeBase(p.getClass());
+verifyProvider(providerURL, p);
+// Verified ok, cache result
+verificationResults.put(p, PROVIDER_VERIFIED);
+return null;
+} catch (Exception e) {
+verificationResults.put(p, e);
+return e;
+} finally {
+verifyingProviders.remove(p);
+}
+}
+// return whether this provider is properly signed and can be used by JCE
+static boolean canUseProvider(Provider p) {
+return getVerificationResult(p) == null;
+}
+// dummy object to represent null
+private static final URL NULL_URL;
+static {
+try {
+NULL_URL = new URL("http://null.oracle.com/");
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+// reference to a Map we use as a cache for codebases
+private static final Map<Class<?>, URL> codeBaseCacheRef =
+new WeakHashMap<>();
+/*
+* Returns the CodeBase for the given class.
+*/
+static URL getCodeBase(final Class<?> clazz) {
+synchronized (codeBaseCacheRef) {
+URL url = codeBaseCacheRef.get(clazz);
+if (url == null) {
+url = AccessController.doPrivileged(
+new PrivilegedAction<>() {
+@Override
+public URL run() {
+ProtectionDomain pd = clazz.getProtectionDomain();
+if (pd != null) {
+CodeSource cs = pd.getCodeSource();
+if (cs != null) {
+return cs.getLocation();
+}
+}
+return NULL_URL;
+}
+});
+codeBaseCacheRef.put(clazz, url);
+}
+return (url == NULL_URL) ? null : url;
+}
+}
+// This is called from within an doPrivileged block.
+private static void setupJurisdictionPolicies() throws Exception {
+// Sanity check the crypto.policy Security property.  Single
+// directory entry, no pseudo-directories (".", "..", leading/trailing
+// path separators). normalize()/getParent() will help later.
+String cryptoPolicyProperty = Security.getProperty("crypto.policy");
+/*
+* In case no property is present, rather than fail catastrophically,
+* we at least try for a "sane" value, which is what we were
+* built with.  We first preprocess this file to plug in that
+* value, then compile the result gensrc.
+*
+* Log the warning first.
+*/
+if (cryptoPolicyProperty == null) {
+cryptoPolicyProperty = "@@JCE_DEFAULT_POLICY@@";
+if (debug != null) {
+debug.println(
+"Security Property 'crypto.policy' not found: "
++ "using '" + cryptoPolicyProperty + "' as fallback");
+}
+}
+Path cpPath = Paths.get(cryptoPolicyProperty);
+if ((cpPath.getNameCount() != 1) ||
+(cpPath.compareTo(cpPath.getFileName()) != 0)) {
+throw new SecurityException(
+"Invalid policy directory name format: " +
+cryptoPolicyProperty);
+}
+// Prepend java.home to get the full path.  normalize() in
+// case an extra "." or ".." snuck in somehow.
+String javaHomeProperty = System.getProperty("java.home");
+Path javaHomePolicyPath = Paths.get(javaHomeProperty, "conf",
+"security", "policy").normalize();
+Path cryptoPolicyPath = Paths.get(javaHomeProperty, "conf", "security",
+"policy", cryptoPolicyProperty).normalize();
+if (cryptoPolicyPath.getParent().compareTo(javaHomePolicyPath) != 0) {
+throw new SecurityException(
+"Invalid cryptographic jurisdiction policy directory path: " +
+cryptoPolicyProperty);
+}
+if (!Files.isDirectory(cryptoPolicyPath)
+|| !Files.isReadable(cryptoPolicyPath)) {
+throw new SecurityException(
+"Can't read cryptographic policy directory: " +
+cryptoPolicyProperty);
+}
+try (DirectoryStream<Path> stream = Files.newDirectoryStream(
+cryptoPolicyPath, "{default,exempt}_*.policy")) {
+for (Path entry : stream) {
+try (InputStream is = new BufferedInputStream(
+Files.newInputStream(entry))) {
+String filename = entry.getFileName().toString();
+CryptoPermissions tmpPerms = new CryptoPermissions();
+tmpPerms.load(is);
+if (filename.startsWith("default_")) {
+// Did we find a default perms?
+defaultPolicy = ((defaultPolicy == null) ? tmpPerms :
+defaultPolicy.getMinimum(tmpPerms));
+} else if (filename.startsWith("exempt_")) {
+// Did we find a exempt perms?
+exemptPolicy = ((exemptPolicy == null) ? tmpPerms :
+exemptPolicy.getMinimum(tmpPerms));
+} else {
+// This should never happen.  newDirectoryStream
+// should only throw return "{default,exempt}_*.policy"
+throw new SecurityException(
+"Unexpected jurisdiction policy files in : " +
+cryptoPolicyProperty);
+}
+} catch (Exception e) {
+throw new SecurityException(
+"Couldn't parse jurisdiction policy files in: " +
+cryptoPolicyProperty);
+}
+}
+} catch (DirectoryIteratorException ex) {
+// I/O error encountered during the iteration,
+// the cause is an IOException
+throw new SecurityException(
+"Couldn't iterate through the jurisdiction policy files: " +
+cryptoPolicyProperty);
+}
+// Must have a default policy
+if ((defaultPolicy == null) || defaultPolicy.isEmpty()) {
+throw new SecurityException(
+"Missing mandatory jurisdiction policy files: " +
+cryptoPolicyProperty);
+}
+// If there was an empty exempt policy file, ignore it.
+if ((exemptPolicy != null) && exemptPolicy.isEmpty()) {
+exemptPolicy = null;
+}
+}
+static CryptoPermissions getDefaultPolicy() {
+return defaultPolicy;
+}
+static CryptoPermissions getExemptPolicy() {
+return exemptPolicy;
+}
+static boolean isRestricted() {
+return isRestricted;
+}
+}

changeset 42365	5e640c2994d6
parent 40565	3ac0ba151e70