/*

 * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

package javax.crypto;

import java.util.*;

import java.io.*;

import java.net.URL;

import java.nio.file.*;

import java.security.*;

import java.security.Provider.Service;

import sun.security.jca.*;

import sun.security.jca.GetInstance.Instance;

/**

 * This class instantiates implementations of JCE engine classes from

 * providers registered with the java.security.Security object.

 *

 * @author Jan Luehe

 * @author Sharon Liu

 * @since 1.4

 */

final class JceSecurity {

    static final SecureRandom RANDOM = new SecureRandom();

    // The defaultPolicy and exemptPolicy will be set up

    // in the static initializer.

    private static CryptoPermissions defaultPolicy = null;

    private static CryptoPermissions exemptPolicy = null;

    // Map<Provider,?> of the providers we already have verified

    // value == PROVIDER_VERIFIED is successfully verified

    // value is failure cause Exception in error case

    private static final Map<Provider, Object> verificationResults =

            new IdentityHashMap<>();

    // Map<Provider,?> of the providers currently being verified

    private static final Map<Provider, Object> verifyingProviders =

            new IdentityHashMap<>();

    private static final boolean isRestricted;

    /*

     * Don't let anyone instantiate this.

     */

    private JceSecurity() {

    }

    static {

        try {

            AccessController.doPrivileged(

                new PrivilegedExceptionAction<> () {

                    @Override

                    public Void run() throws Exception {

                        setupJurisdictionPolicies();

                        return null;

                    }

                }

            );

            isRestricted = defaultPolicy.implies(

                CryptoAllPermission.INSTANCE) ? false : true;

        } catch (Exception e) {

            throw new SecurityException(

                    "Can not initialize cryptographic mechanism", e);

        }

    }

    static Instance getInstance(String type, Class<?> clazz, String algorithm,

            String provider) throws NoSuchAlgorithmException,

            NoSuchProviderException {

        Service s = GetInstance.getService(type, algorithm, provider);

        Exception ve = getVerificationResult(s.getProvider());

        if (ve != null) {

            String msg = "JCE cannot authenticate the provider " + provider;

            throw (NoSuchProviderException)

                                new NoSuchProviderException(msg).initCause(ve);

        }

        return GetInstance.getInstance(s, clazz);

    }

    static Instance getInstance(String type, Class<?> clazz, String algorithm,

            Provider provider) throws NoSuchAlgorithmException {

        Service s = GetInstance.getService(type, algorithm, provider);

        Exception ve = JceSecurity.getVerificationResult(provider);

        if (ve != null) {

            String msg = "JCE cannot authenticate the provider "

                + provider.getName();

            throw new SecurityException(msg, ve);

        }

        return GetInstance.getInstance(s, clazz);

    }

    static Instance getInstance(String type, Class<?> clazz, String algorithm)

            throws NoSuchAlgorithmException {

        List<Service> services = GetInstance.getServices(type, algorithm);

        NoSuchAlgorithmException failure = null;

        for (Service s : services) {

            if (canUseProvider(s.getProvider()) == false) {

                // allow only signed providers

                continue;

            }

            try {

                Instance instance = GetInstance.getInstance(s, clazz);

                return instance;

            } catch (NoSuchAlgorithmException e) {

                failure = e;

            }

        }

        throw new NoSuchAlgorithmException("Algorithm " + algorithm

                + " not available", failure);

    }

    /**

     * Verify if the JAR at URL codeBase is a signed exempt application

     * JAR file and returns the permissions bundled with the JAR.

     *

     * @throws Exception on error

     */

    static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {

        ProviderVerifier pv = new ProviderVerifier(codeBase, true);

        pv.verify();

        return pv.getPermissions();

    }

    /**

     * Verify if the JAR at URL codeBase is a signed provider JAR file.

     *

     * @throws Exception on error

     */

    static void verifyProvider(URL codeBase, Provider p) throws Exception {

        // Verify the provider JAR file and all

        // supporting JAR files if there are any.

        ProviderVerifier pv = new ProviderVerifier(codeBase, p, false);

        pv.verify();

    }

    private static final Object PROVIDER_VERIFIED = Boolean.TRUE;

    /*

     * Verify that the provider JAR files are signed properly, which

     * means the signer's certificate can be traced back to a

     * JCE trusted CA.

     * Return null if ok, failure Exception if verification failed.

     */

    static synchronized Exception getVerificationResult(Provider p) {

        Object o = verificationResults.get(p);

        if (o == PROVIDER_VERIFIED) {

            return null;

        } else if (o != null) {

            return (Exception)o;

        }

        if (verifyingProviders.get(p) != null) {

            // this method is static synchronized, must be recursion

            // return failure now but do not save the result

            return new NoSuchProviderException("Recursion during verification");

        }

        try {

            verifyingProviders.put(p, Boolean.FALSE);

            URL providerURL = getCodeBase(p.getClass());

            verifyProvider(providerURL, p);

            // Verified ok, cache result

            verificationResults.put(p, PROVIDER_VERIFIED);

            return null;

        } catch (Exception e) {

            verificationResults.put(p, e);

            return e;

        } finally {

            verifyingProviders.remove(p);

        }

    }

    // return whether this provider is properly signed and can be used by JCE

    static boolean canUseProvider(Provider p) {

        return getVerificationResult(p) == null;

    }

    // dummy object to represent null

    private static final URL NULL_URL;

    static {

        try {

            NULL_URL = new URL("http://null.oracle.com/");

        } catch (Exception e) {

            throw new RuntimeException(e);

        }

    }

    // reference to a Map we use as a cache for codebases

    private static final Map<Class<?>, URL> codeBaseCacheRef =

            new WeakHashMap<>();

    /*

     * Returns the CodeBase for the given class.

     */

    static URL getCodeBase(final Class<?> clazz) {

        synchronized (codeBaseCacheRef) {

            URL url = codeBaseCacheRef.get(clazz);

            if (url == null) {

                url = AccessController.doPrivileged(

                    new PrivilegedAction<>() {

                        @Override

                        public URL run() {

                            ProtectionDomain pd = clazz.getProtectionDomain();

                            if (pd != null) {

                                CodeSource cs = pd.getCodeSource();

                                if (cs != null) {

                                    return cs.getLocation();

                                }

                            }

                            return NULL_URL;

                        }

                    });

                codeBaseCacheRef.put(clazz, url);

            }

            return (url == NULL_URL) ? null : url;

        }

    }

    // This is called from within an doPrivileged block.

    private static void setupJurisdictionPolicies() throws Exception {

        // Sanity check the crypto.policy Security property.  Single

        // directory entry, no pseudo-directories (".", "..", leading/trailing

        // path separators). normalize()/getParent() will help later.

        String cryptoPolicyProperty = Security.getProperty("crypto.policy");

        Path cpPath = Paths.get(cryptoPolicyProperty);

                (cpPath.compareTo(cpPath.getFileName()) != 0)) {

            throw new SecurityException(

                "Invalid policy directory name format: " +

                cryptoPolicyProperty);

        }

        // Prepend java.home to get the full path.  normalize() in

        // case an extra "." or ".." snuck in somehow.

        String javaHomeProperty = System.getProperty("java.home");

        Path javaHomePolicyPath = Paths.get(javaHomeProperty, "conf",

                "security", "policy").normalize();

        Path cryptoPolicyPath = Paths.get(javaHomeProperty, "conf", "security",

                "policy", cryptoPolicyProperty).normalize();

        if (cryptoPolicyPath.getParent().compareTo(javaHomePolicyPath) != 0) {

            throw new SecurityException(

                "Invalid cryptographic jurisdiction policy directory path: " +

                cryptoPolicyProperty);

        }

        if (!Files.isDirectory(cryptoPolicyPath)

                || !Files.isReadable(cryptoPolicyPath)) {

            throw new SecurityException(

                "Can't read cryptographic policy directory: " +

                cryptoPolicyProperty);

        }

        try (DirectoryStream<Path> stream = Files.newDirectoryStream(

                cryptoPolicyPath, "{default,exempt}_*.policy")) {

            for (Path entry : stream) {

                try (InputStream is = new BufferedInputStream(

                        Files.newInputStream(entry))) {

                    String filename = entry.getFileName().toString();

                    CryptoPermissions tmpPerms = new CryptoPermissions();

                    tmpPerms.load(is);

                    if (filename.startsWith("default_")) {

                        // Did we find a default perms?

                        defaultPolicy = ((defaultPolicy == null) ? tmpPerms :

                                defaultPolicy.getMinimum(tmpPerms));

                    } else if (filename.startsWith("exempt_")) {

                        // Did we find a exempt perms?

                        exemptPolicy = ((exemptPolicy == null) ? tmpPerms :

                                exemptPolicy.getMinimum(tmpPerms));

                    } else {

                        // This should never happen.  newDirectoryStream

                        // should only throw return "{default,exempt}_*.policy"

                        throw new SecurityException(

                            "Unexpected jurisdiction policy files in : " +

                            cryptoPolicyProperty);

                    }

                } catch (Exception e) {

                    throw new SecurityException(

                        "Couldn't parse jurisdiction policy files in: " +

                        cryptoPolicyProperty);

                }

            }

        } catch (DirectoryIteratorException ex) {

            // I/O error encountered during the iteration,

            // the cause is an IOException

            throw new SecurityException(

                "Couldn't iterate through the jurisdiction policy files: " +

                cryptoPolicyProperty);

        }

        // Must have a default policy

        if ((defaultPolicy == null) || defaultPolicy.isEmpty()) {

            throw new SecurityException(

                "Missing mandatory jurisdiction policy files: " +

                cryptoPolicyProperty);

        }

        // If there was an empty exempt policy file, ignore it.

        if ((exemptPolicy != null) && exemptPolicy.isEmpty()) {

            exemptPolicy = null;

        }

    }

    static CryptoPermissions getDefaultPolicy() {

        return defaultPolicy;

    }

    static CryptoPermissions getExemptPolicy() {

        return exemptPolicy;

    }

    static boolean isRestricted() {

        return isRestricted;

    }

}