1 /* |
1 /* |
2 * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
55 private static CryptoPermissions exemptPolicy = null; |
55 private static CryptoPermissions exemptPolicy = null; |
56 |
56 |
57 // Map<Provider,?> of the providers we already have verified |
57 // Map<Provider,?> of the providers we already have verified |
58 // value == PROVIDER_VERIFIED is successfully verified |
58 // value == PROVIDER_VERIFIED is successfully verified |
59 // value is failure cause Exception in error case |
59 // value is failure cause Exception in error case |
60 private final static Map verificationResults = new IdentityHashMap(); |
60 private final static Map<Provider, Object> verificationResults = |
|
61 new IdentityHashMap<>(); |
61 |
62 |
62 // Map<Provider,?> of the providers currently being verified |
63 // Map<Provider,?> of the providers currently being verified |
63 private final static Map verifyingProviders = new IdentityHashMap(); |
64 private final static Map<Provider, Object> verifyingProviders = |
|
65 new IdentityHashMap<>(); |
64 |
66 |
65 // Set the default value. May be changed in the static initializer. |
67 // Set the default value. May be changed in the static initializer. |
66 private static boolean isRestricted = true; |
68 private static boolean isRestricted = true; |
67 |
69 |
68 /* |
70 /* |
71 private JceSecurity() { |
73 private JceSecurity() { |
72 } |
74 } |
73 |
75 |
74 static { |
76 static { |
75 try { |
77 try { |
76 AccessController.doPrivileged(new PrivilegedExceptionAction() { |
78 AccessController.doPrivileged( |
77 public Object run() throws Exception { |
79 new PrivilegedExceptionAction<Object>() { |
78 setupJurisdictionPolicies(); |
80 public Object run() throws Exception { |
79 return null; |
81 setupJurisdictionPolicies(); |
80 } |
82 return null; |
81 }); |
83 } |
|
84 }); |
82 |
85 |
83 isRestricted = defaultPolicy.implies( |
86 isRestricted = defaultPolicy.implies( |
84 CryptoAllPermission.INSTANCE) ? false : true; |
87 CryptoAllPermission.INSTANCE) ? false : true; |
85 } catch (Exception e) { |
88 } catch (Exception e) { |
86 SecurityException se = |
89 throw new SecurityException( |
87 new SecurityException( |
90 "Can not initialize cryptographic mechanism", e); |
88 "Can not initialize cryptographic mechanism"); |
91 } |
89 se.initCause(e); |
92 } |
90 throw se; |
93 |
91 } |
94 static Instance getInstance(String type, Class<?> clazz, String algorithm, |
92 } |
|
93 |
|
94 static Instance getInstance(String type, Class clazz, String algorithm, |
|
95 String provider) throws NoSuchAlgorithmException, |
95 String provider) throws NoSuchAlgorithmException, |
96 NoSuchProviderException { |
96 NoSuchProviderException { |
97 Service s = GetInstance.getService(type, algorithm, provider); |
97 Service s = GetInstance.getService(type, algorithm, provider); |
98 Exception ve = getVerificationResult(s.getProvider()); |
98 Exception ve = getVerificationResult(s.getProvider()); |
99 if (ve != null) { |
99 if (ve != null) { |
102 new NoSuchProviderException(msg).initCause(ve); |
102 new NoSuchProviderException(msg).initCause(ve); |
103 } |
103 } |
104 return GetInstance.getInstance(s, clazz); |
104 return GetInstance.getInstance(s, clazz); |
105 } |
105 } |
106 |
106 |
107 static Instance getInstance(String type, Class clazz, String algorithm, |
107 static Instance getInstance(String type, Class<?> clazz, String algorithm, |
108 Provider provider) throws NoSuchAlgorithmException { |
108 Provider provider) throws NoSuchAlgorithmException { |
109 Service s = GetInstance.getService(type, algorithm, provider); |
109 Service s = GetInstance.getService(type, algorithm, provider); |
110 Exception ve = JceSecurity.getVerificationResult(provider); |
110 Exception ve = JceSecurity.getVerificationResult(provider); |
111 if (ve != null) { |
111 if (ve != null) { |
112 String msg = "JCE cannot authenticate the provider " |
112 String msg = "JCE cannot authenticate the provider " |
114 throw new SecurityException(msg, ve); |
114 throw new SecurityException(msg, ve); |
115 } |
115 } |
116 return GetInstance.getInstance(s, clazz); |
116 return GetInstance.getInstance(s, clazz); |
117 } |
117 } |
118 |
118 |
119 static Instance getInstance(String type, Class clazz, String algorithm) |
119 static Instance getInstance(String type, Class<?> clazz, String algorithm) |
120 throws NoSuchAlgorithmException { |
120 throws NoSuchAlgorithmException { |
121 List services = GetInstance.getServices(type, algorithm); |
121 List<Service> services = GetInstance.getServices(type, algorithm); |
122 NoSuchAlgorithmException failure = null; |
122 NoSuchAlgorithmException failure = null; |
123 for (Iterator t = services.iterator(); t.hasNext(); ) { |
123 for (Service s : services) { |
124 Service s = (Service)t.next(); |
|
125 if (canUseProvider(s.getProvider()) == false) { |
124 if (canUseProvider(s.getProvider()) == false) { |
126 // allow only signed providers |
125 // allow only signed providers |
127 continue; |
126 continue; |
128 } |
127 } |
129 try { |
128 try { |
211 throw new RuntimeException(e); |
210 throw new RuntimeException(e); |
212 } |
211 } |
213 } |
212 } |
214 |
213 |
215 // reference to a Map we use as a cache for codebases |
214 // reference to a Map we use as a cache for codebases |
216 private static final Map codeBaseCacheRef = new WeakHashMap(); |
215 private static final Map<Class<?>, URL> codeBaseCacheRef = |
|
216 new WeakHashMap<>(); |
217 |
217 |
218 /* |
218 /* |
219 * Retuns the CodeBase for the given class. |
219 * Retuns the CodeBase for the given class. |
220 */ |
220 */ |
221 static URL getCodeBase(final Class clazz) { |
221 static URL getCodeBase(final Class<?> clazz) { |
222 URL url = (URL)codeBaseCacheRef.get(clazz); |
222 URL url = codeBaseCacheRef.get(clazz); |
223 if (url == null) { |
223 if (url == null) { |
224 url = (URL)AccessController.doPrivileged(new PrivilegedAction() { |
224 url = AccessController.doPrivileged(new PrivilegedAction<URL>() { |
225 public Object run() { |
225 public URL run() { |
226 ProtectionDomain pd = clazz.getProtectionDomain(); |
226 ProtectionDomain pd = clazz.getProtectionDomain(); |
227 if (pd != null) { |
227 if (pd != null) { |
228 CodeSource cs = pd.getCodeSource(); |
228 CodeSource cs = pd.getCodeSource(); |
229 if (cs != null) { |
229 if (cs != null) { |
230 return cs.getLocation(); |
230 return cs.getLocation(); |
288 CryptoPermissions exemptPolicy) |
288 CryptoPermissions exemptPolicy) |
289 throws Exception { |
289 throws Exception { |
290 |
290 |
291 JarFile jf = new JarFile(jarPathName); |
291 JarFile jf = new JarFile(jarPathName); |
292 |
292 |
293 Enumeration entries = jf.entries(); |
293 Enumeration<JarEntry> entries = jf.entries(); |
294 while (entries.hasMoreElements()) { |
294 while (entries.hasMoreElements()) { |
295 JarEntry je = (JarEntry)entries.nextElement(); |
295 JarEntry je = entries.nextElement(); |
296 InputStream is = null; |
296 InputStream is = null; |
297 try { |
297 try { |
298 if (je.getName().startsWith("default_")) { |
298 if (je.getName().startsWith("default_")) { |
299 is = jf.getInputStream(je); |
299 is = jf.getInputStream(je); |
300 defaultPolicy.load(is); |
300 defaultPolicy.load(is); |