diff -r 3d2543e475e4 -r cd50a16cf47e jdk/src/java.base/share/classes/javax/crypto/JarVerifier.java --- a/jdk/src/java.base/share/classes/javax/crypto/JarVerifier.java Thu Oct 09 16:41:28 2014 +0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,153 +0,0 @@ -/* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package javax.crypto; - -import java.io.*; -import java.net.*; -import java.security.*; -import java.util.jar.*; - -/** - * This class verifies JAR files (and any supporting JAR files), and - * determines whether they may be used in this implementation. - * - * The JCE in OpenJDK has an open cryptographic interface, meaning it - * does not restrict which providers can be used. Compliance with - * United States export controls and with local law governing the - * import/export of products incorporating the JCE in the OpenJDK is - * the responsibility of the licensee. - * - * @since 1.7 - */ -final class JarVerifier { - - // The URL for the JAR file we want to verify. - private URL jarURL; - private boolean savePerms; - private CryptoPermissions appPerms = null; - - /** - * Creates a JarVerifier object to verify the given URL. - * - * @param jarURL the JAR file to be verified. - * @param savePerms if true, save the permissions allowed by the - * exemption mechanism - */ - JarVerifier(URL jarURL, boolean savePerms) { - this.jarURL = jarURL; - this.savePerms = savePerms; - } - - /** - * Verify the JAR file is signed by an entity which has a certificate - * issued by a trusted CA. - * - * In OpenJDK, we just need to examine the "cryptoperms" file to see - * if any permissions were bundled together with this jar file. - */ - void verify() throws JarException, IOException { - - // Short-circuit. If we weren't asked to save any, we're done. - if (!savePerms) { - return; - } - - // If the protocol of jarURL isn't "jar", we should - // construct a JAR URL so we can open a JarURLConnection - // for verifying this provider. - final URL url = jarURL.getProtocol().equalsIgnoreCase("jar")? - jarURL : new URL("jar:" + jarURL.toString() + "!/"); - - JarFile jf = null; - try { - - // Get a link to the Jarfile to search. - try { - jf = AccessController.doPrivileged( - new PrivilegedExceptionAction() { - public JarFile run() throws Exception { - JarURLConnection conn = - (JarURLConnection) url.openConnection(); - // You could do some caching here as - // an optimization. - conn.setUseCaches(false); - return conn.getJarFile(); - } - }); - } catch (java.security.PrivilegedActionException pae) { - throw new SecurityException("Cannot load " + url.toString(), pae); - } - - if (jf != null) { - JarEntry je = jf.getJarEntry("cryptoPerms"); - if (je == null) { - throw new JarException( - "Can not find cryptoPerms"); - } - try { - appPerms = new CryptoPermissions(); - appPerms.load(jf.getInputStream(je)); - } catch (Exception ex) { - JarException jex = - new JarException("Cannot load/parse" + - jarURL.toString()); - jex.initCause(ex); - throw jex; - } - } - } finally { - // Only call close() when caching is not enabled. - // Otherwise, exceptions will be thrown for all - // subsequent accesses of this cached jar. - if (jf != null) { - jf.close(); - } - } - } - - /** - * Verify that the provided certs include the - * framework signing certificate. - * - * @param certs the list of certs to be checked. - * @throws Exception if the list of certs did not contain - * the framework signing certificate - */ - static void verifyPolicySigned(java.security.cert.Certificate[] certs) - throws Exception { - } - - /** - * Returns the permissions which are bundled with the JAR file, - * aka the "cryptoperms" file. - * - * NOTE: if this JarVerifier instance is constructed with "savePerms" - * equal to false, then this method would always return null. - */ - CryptoPermissions getPermissions() { - return appPerms; - } -}