6647452: Remove obfuscation, framework and provider self-verification checking
Reviewed-by: valeriep, vinnie
--- a/jdk/make/com/sun/crypto/provider/Makefile Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/com/sun/crypto/provider/Makefile Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
#
-# Copyright 2007-2008 Sun Microsystems, Inc. All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,54 +45,49 @@
# For OpenJDK, the jar files built here are installed directly into the
# OpenJDK.
#
-# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
-# files stored in the closed workspace that are not shipped in the
-# OpenJDK workspaces. We still build the JDK files here to verify the
-# files compile, and in preparation for possible signing and
-# obfuscation. Developers working on JCE in JDK must sign the JCE files
-# before testing: obfuscation is optional during development. The JCE
-# signing key is kept separate from the JDK workspace to prevent its
-# disclosure. The obfuscation tool has not been licensed for general
-# usage.
-#
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
+# the closed workspace that are not shipped in the OpenJDK workspaces.
+# We still build the JDK files here to verify the files compile, and in
+# preparation for possible signing. Developers working on JCE in JDK
+# must sign the JCE files before testing. The JCE signing key is kept
+# separate from the JDK workspace to prevent its disclosure.
+#
# SPECIAL NOTE TO JCE/JDK developers: The source files must eventually
-# be built, obfuscated, signed, and then the resulting jar files MUST BE
-# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*. This separate step
-# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
-# not be reflected in the shipped binaries. The "release" target should be
+# be built and signed, and the resulting jar files MUST BE CHECKED INTO
+# THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT BE
+# FORGOTTEN*, otherwise a bug fixed in the source code will not be
+# reflected in the shipped binaries. The "release" target should be
# used to generate the required files.
#
# There are a number of targets to help both JDK/OpenJDK developers.
#
# Main Targets (JDK/OPENJDK):
#
-# all/clobber/clean The usual.
-# If OpenJDK, installs sunjce_provider.jar.
-# If JDK, installs prebuilt
-# sunjce_provider.jar.
+# all/clobber/clean The usual.
+# If OpenJDK, installs sunjce_provider.jar.
+# If JDK, installs prebuilt
+# sunjce_provider.jar.
#
-# jar Builds/installs sunjce_provider.jar
-# If OpenJDK, does not sign.
-# If JDK, tries to sign.
+# jar Builds/installs sunjce_provider.jar
+# If OpenJDK, does not sign.
+# If JDK, tries to sign.
#
# Other lesser-used Targets (JDK/OPENJDK):
#
-# build-jar Builds sunjce_provider.jar
-# (does not sign/install)
+# build-jar Builds sunjce_provider.jar
+# (does not sign/install)
#
-# install-jar Alias for "jar" above.
+# install-jar Alias for "jar" above.
#
# Other targets (JDK only):
#
-# sign Alias for sign-jar
-# sign-jar Builds/signs sunjce_provider.jar (no install)
-#
-# obfus Builds/obfuscates/signs sunjce_provider.jar
+# sign Alias for sign-jar
+# sign-jar Builds/signs sunjce_provider.jar (no install)
#
-# release Builds all targets in preparation
-# for workspace integration.
+# release Builds all targets in preparation
+# for workspace integration.
#
-# install-prebuilt Installs the pre-built jar files
+# install-prebuilt Installs the pre-built jar files
#
# This makefile was written to support parallel target execution.
#
@@ -103,7 +98,7 @@
#
# The following is for when we need to do postprocessing
-# (signing/obfuscation) against a read-only build. If the OUTPUTDIR
+# (signing) against a read-only build. If the OUTPUTDIR
# isn't writable, the build currently crashes out.
#
ifndef OPENJDK
@@ -158,8 +153,8 @@
#
# We use a variety of subdirectories in the $(TEMPDIR) depending on what
# part of the build we're doing. Both OPENJDK/JDK builds are initially
-# done in the unsigned area. When files are signed or obfuscated in JDK,
-# they will be placed in the appropriate areas.
+# done in the unsigned area. When files are signed in JDK, they will be
+# placed in the appropriate areas.
#
UNSIGNED_DIR = $(TEMPDIR)/unsigned
@@ -223,62 +218,15 @@
endif
$(call sign-file, $(UNSIGNED_DIR)/sunjce_provider.jar)
+
# =====================================================
-# Obfuscate/sign/install the JDK build. Not needed for OpenJDK.
+# Create the Release Engineering files. Signed builds, etc.
#
-OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/sunjce
-
-CLOSED_DIR = $(BUILDDIR)/closed/com/sun/crypto/provider
-
-obfus: $(OBFUS_DIR)/sunjce_provider.jar
- $(release-warning)
-
-ifndef ALT_JCE_BUILD_DIR
-$(OBFUS_DIR)/sunjce_provider.jar: build-jar $(JCE_MANIFEST_FILE) \
- $(OBFUS_DIR)/sunjce.dox
-else
-$(OBFUS_DIR)/sunjce_provider.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/sunjce.dox
- @if [ ! -d $(CLASSDESTDIR) ] ; then \
- $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \
- exit 1; \
- fi
-endif
- @$(ECHO) ">>>Obfuscating SunJCE Provider..."
- $(presign)
- $(preobfus)
- $(prep-target)
- $(CD) $(OBFUS_DIR); \
- $(OBFUSCATOR) -fv sunjce.dox
- @$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
- $(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ \
- -C $(OBFUS_DIR)/build com \
- $(BOOT_JAR_JFLAGS)
- $(sign-target)
- @$(java-vm-cleanup)
-
-$(OBFUS_DIR)/sunjce.dox: $(CLOSED_DIR)/obfus/sunjce.dox
- @$(ECHO) ">>>Creating sunjce.dox"
- $(prep-target)
- $(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@
-
-#
-# The current obfuscator has a limitation in that it currently only
-# supports up to v49 class file format. Force v49 classfiles in our
-# builds for now.
-#
-SOURCE_LANGUAGE_VERSION = 5
-TARGET_CLASS_VERSION = 5
-
-
-# =====================================================
-# Create the Release Engineering files. Obfuscated builds, etc.
-#
-
-release: $(OBFUS_DIR)/sunjce_provider.jar
+release: $(SIGNED_DIR)/sunjce_provider.jar
$(RM) $(JCE_BUILD_DIR)/release/sunjce_provider.jar
$(MKDIR) -p $(JCE_BUILD_DIR)/release
- $(CP) $(OBFUS_DIR)/sunjce_provider.jar $(JCE_BUILD_DIR)/release
+ $(CP) $(SIGNED_DIR)/sunjce_provider.jar $(JCE_BUILD_DIR)/release
$(release-warning)
endif # OPENJDK
@@ -320,5 +268,5 @@
.PHONY: build-jar jar install-jar
ifndef OPENJDK
-.PHONY: sign sign-jar obfus release install-prebuilt
+.PHONY: sign sign-jar release install-prebuilt
endif
--- a/jdk/make/javax/crypto/Defs-jce.gmk Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/javax/crypto/Defs-jce.gmk Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
#
-# Copyright 2007-2008 Sun Microsystems, Inc. All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -61,7 +61,7 @@
SIGNING_ALIAS = jce_rsa
#
-# Defines for signing/obfuscating the various jar files.
+# Defines for signing the various jar files.
#
define presign
@@ -100,19 +100,4 @@
$(sign-target)
endef
-#
-# Location for the Obfuscation product. JDK currently has
-# the requirement that we obfuscate our JCE jars.
-#
-OBFUSCATOR = /security/tools/bin/obfus
-OBFUS_DIR = $(TEMPDIR)/obfus
-
-define preobfus
- @if [ ! -f $(OBFUSCATOR) ]; then \
- $(ECHO) "\n$(OBFUSCATOR): Obfuscator *NOT* available..." \
- $(README-MAKEFILE_WARNING); \
- exit 2; \
- fi
-endef
-
endif # !OPENJDK
--- a/jdk/make/javax/crypto/Makefile Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/javax/crypto/Makefile Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
#
-# Copyright 2007-2008 Sun Microsystems, Inc. All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -44,64 +44,65 @@
# For OpenJDK, the jar files built here are installed directly into the
# OpenJDK.
#
-# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
-# files stored in the closed workspace that are not shipped in the
-# OpenJDK workspaces. We still build the JDK files here to verify the
-# files compile, and in preparation for possible signing and
-# obfuscation. Developers working on JCE in JDK must sign the JCE files
-# before testing: obfuscation is optional during development. The JCE
-# signing key is kept separate from the JDK workspace to prevent its
-# disclosure. The obfuscation tool has not been licensed for general
-# usage.
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
+# the closed workspace that are not shipped in the OpenJDK workspaces.
+# We still build the JDK files here to verify the files compile, and in
+# preparation for possible signing. Developers working on JCE in JDK
+# must sign the JCE files before testing. The JCE signing key is kept
+# separate from the JDK workspace to prevent its disclosure.
#
# SPECIAL NOTE TO JCE/JDK developers: The source files must eventually
-# be built, obfuscated, signed, and the resulting jar files *MUST BE
-# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*. This separate step
-# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
-# not be reflected in the shipped binaries. The "release" target should
-# be used to generate the required files.
+# be built and signed, and the resulting jar files *MUST BE CHECKED INTO
+# THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT BE
+# FORGOTTEN*, otherwise a bug fixed in the source code will not be
+# reflected in the shipped binaries. The "release" target should be
+# used to generate the required files.
#
# There are a number of targets to help both JDK/OpenJDK developers.
#
# Main Targets (JDK/OPENJDK):
#
-# all/clobber/clean The usual.
-# If OpenJDK, installs
-# jce.jar/limited policy files.
-# If JDK, installs prebuilt
-# jce.jar/limited policy files.
+# all/clobber/clean The usual.
+# If OpenJDK: builds/installs the
+# jce.jar/limited policy files.
+# If JDK: builds but does not install.
+# During full tops-down builds,
+# prebuilt/presigned jce.jar &
+# limited policy files are copied
+# in by make/java/redist/Makefile.
+# If you are working in this directory
+# and want to install the prebuilts,
+# use the "install-prebuilt" target.
#
-# jar Builds/installs jce.jar
-# If OpenJDK, does not sign
-# If JDK, tries to sign
+# jar Builds/installs jce.jar
+# If OpenJDK, does not sign
+# If JDK, tries to sign
#
# Other lesser-used Targets (JDK/OPENJDK):
#
-# build-jar Builds jce.jar (does not sign/install)
+# build-jar Builds jce.jar (does not sign/install)
#
-# build-policy Builds policy files (does not sign/install)
+# build-policy Builds policy files (does not sign/install)
#
-# install-jar Alias for "jar" above
+# install-jar Alias for "jar" above
#
-# install-limited Builds/installs limited policy files
-# If OpenJDK, does not sign
-# If JDK, tries to sign
-# install-unlimited Builds/nstalls unlimited policy files
-# If OpenJDK, does not sign
-# If JDK, tries to sign
+# install-limited Builds/installs limited policy files
+# If OpenJDK, does not sign
+# If JDK, tries to sign
+# install-unlimited Builds/nstalls unlimited policy files
+# If OpenJDK, does not sign
+# If JDK, tries to sign
#
# Other targets (JDK only):
#
-# sign Alias for sign-jar and sign-policy
-# sign-jar Builds/signs jce.jar file (no install)
-# sign-policy Builds/signs policy files (no install)
+# sign Alias for sign-jar and sign-policy
+# sign-jar Builds/signs jce.jar file (no install)
+# sign-policy Builds/signs policy files (no install)
#
-# obfus Builds/obfuscates/signs jce.jar
+# release Builds all targets in preparation
+# for workspace integration.
#
-# release Builds all targets in preparation
-# for workspace integration.
-#
-# install-prebuilt Installs the pre-built jar files
+# install-prebuilt Installs the pre-built jar files
#
# This makefile was written to support parallel target execution.
#
@@ -112,7 +113,7 @@
#
# The following is for when we need to do postprocessing
-# (signing/obfuscation) against a read-only build. If the OUTPUTDIR
+# (signing) against a read-only build. If the OUTPUTDIR
# isn't writable, the build currently crashes out.
#
ifndef OPENJDK
@@ -169,8 +170,8 @@
#
# We use a variety of subdirectories in the $(TEMPDIR) depending on what
# part of the build we're doing. Both OPENJDK/JDK builds are initially
-# done in the unsigned area. When files are signed or obfuscated in JDK,
-# they will be placed in the appropriate areas.
+# done in the unsigned area. When files are signed in JDK, they will be
+# placed in the appropriate areas.
#
UNSIGNED_DIR = $(TEMPDIR)/unsigned
@@ -178,7 +179,7 @@
# =====================================================
-# Build the unsigned jce.jar file. Signing/obfuscation comes later.
+# Build the unsigned jce.jar file. Signing comes later.
#
JAR_DESTFILE = $(LIBDIR)/jce.jar
@@ -363,69 +364,13 @@
# =====================================================
-# Obfuscate/sign/install the JDK build. Not needed for OpenJDK.
+# Create the Release Engineering files. Signed builds,
+# unlimited policy file distribution, etc.
#
-OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/jce
-
CLOSED_DIR = $(BUILDDIR)/closed/javax/crypto
-obfus: $(OBFUS_DIR)/jce.jar
- $(release-warning)
-
-ifndef ALT_JCE_BUILD_DIR
-$(OBFUS_DIR)/jce.jar: build-jar $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox
-else
-#
-# We have to remove the build dependency, otherwise, we'll try to rebuild it
-# which we can't do on a read-only filesystem.
-#
-$(OBFUS_DIR)/jce.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox
- @if [ ! -d $(CLASSDESTDIR) ] ; then \
- $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \
- exit 1; \
- fi
-endif
- @$(ECHO) ">>>Obfuscating JCE framework..."
- $(presign)
- $(preobfus)
- $(prep-target)
- $(CD) $(OBFUS_DIR); \
- $(OBFUSCATOR) -fv framework.dox
- @$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
- @#
- @# The sun.security.internal classes are currently not obfuscated
- @# due to an obfus problem. Manually copy them to the build directory
- @# so that they are included in the jce.jar file.
- @#
- $(CP) -r $(CLASSDESTDIR)/sun $(OBFUS_DIR)/build
- $(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ \
- -C $(OBFUS_DIR)/build javax \
- -C $(OBFUS_DIR)/build sun \
- $(BOOT_JAR_JFLAGS)
- $(sign-target)
- @$(java-vm-cleanup)
-
-$(OBFUS_DIR)/framework.dox: $(CLOSED_DIR)/obfus/framework.dox
- @$(ECHO) ">>>Creating framework.dox"
- $(prep-target)
- $(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@
-
-#
-# The current obfuscator has a limitation in that it currently only
-# supports up to v49 class file format. Force v49 classfiles in our
-# builds for now.
-#
-SOURCE_LANGUAGE_VERSION = 5
-TARGET_CLASS_VERSION = 5
-
-
-# =====================================================
-# Create the Release Engineering files. Obfuscated builds,
-# unlimited policy file distribution, etc.
-#
-
-release: $(OBFUS_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
+release: $(SIGNED_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
$(CLOSED_DIR)/doc/README.txt
$(RM) -r \
$(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy \
@@ -434,7 +379,7 @@
$(JCE_BUILD_DIR)/release/local_policy.jar \
$(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy.zip
$(MKDIR) -p $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy
- $(CP) $(OBFUS_DIR)/jce.jar $(JCE_BUILD_DIR)/release
+ $(CP) $(SIGNED_DIR)/jce.jar $(JCE_BUILD_DIR)/release
$(CP) \
$(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \
$(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar \
@@ -530,5 +475,5 @@
.PHONY: build-jar jar build-policy unlimited limited install-jar \
install-limited install-unlimited
ifndef OPENJDK
-.PHONY: sign sign-jar sign-policy obfus release install-prebuilt
+.PHONY: sign sign-jar sign-policy release install-prebuilt
endif
--- a/jdk/make/sun/security/mscapi/Makefile Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/sun/security/mscapi/Makefile Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
#
-# Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved.
+# Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,31 @@
#
# Main Targets (JDK/OPENJDK):
#
-# all/clobber/clean The usual, plus the native libraries.
-# If OpenJDK, installs sunmscapi.jar.
-# If JDK, installs prebuilt
-# sunmscapi.jar.
+# all/clobber/clean The usual, plus the native libraries.
+# If OpenJDK, installs sunmscapi.jar.
+# If JDK, installs prebuilt
+# sunmscapi.jar.
#
-# jar Builds/installs sunmscapi.jar
-# If OpenJDK, does not sign.
-# If JDK, tries to sign.
+# jar Builds/installs sunmscapi.jar
+# If OpenJDK, does not sign.
+# If JDK, tries to sign.
#
# Other lesser-used Targets (JDK/OPENJDK):
#
-# build-jar Builds sunmscapi.jar
-# (does not sign/install)
+# build-jar Builds sunmscapi.jar
+# (does not sign/install)
#
-# install-jar Alias for "jar" above.
+# install-jar Alias for "jar" above.
#
# Other targets (JDK only):
#
-# sign Alias for sign-jar
-# sign-jar Builds/signs sunmscapi.jar (no install)
+# sign Alias for sign-jar
+# sign-jar Builds/signs sunmscapi.jar (no install)
#
-# release Builds all targets in preparation
-# for workspace integration.
+# release Builds all targets in preparation
+# for workspace integration.
#
-# install-prebuilt Installs the pre-built jar files
+# install-prebuilt Installs the pre-built jar files
#
# This makefile was written to support parallel target execution.
#
--- a/jdk/make/sun/security/pkcs11/Makefile Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/sun/security/pkcs11/Makefile Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
#
-# Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
+# Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,31 @@
#
# Main Targets (JDK/OPENJDK):
#
-# all/clobber/clean The usual, plus the native libraries.
-# If OpenJDK, installs sunpkcs11.jar.
-# If JDK, installs prebuilt
-# sunpkcs11.jar.
+# all/clobber/clean The usual, plus the native libraries.
+# If OpenJDK, installs sunpkcs11.jar.
+# If JDK, installs prebuilt
+# sunpkcs11.jar.
#
-# jar Builds/installs sunpkcs11.jar
-# If OpenJDK, does not sign.
-# If JDK, tries to sign.
+# jar Builds/installs sunpkcs11.jar
+# If OpenJDK, does not sign.
+# If JDK, tries to sign.
#
# Other lesser-used Targets (JDK/OPENJDK):
#
-# build-jar Builds sunpkcs11.jar
-# (does not sign/install)
+# build-jar Builds sunpkcs11.jar
+# (does not sign/install)
#
-# install-jar Alias for "jar" above.
+# install-jar Alias for "jar" above.
#
# Other targets (JDK only):
#
-# sign Alias for sign-jar
-# sign-jar Builds/signs sunpkcs11.jar (no install)
+# sign Alias for sign-jar
+# sign-jar Builds/signs sunpkcs11.jar (no install)
#
-# release Builds all targets in preparation
-# for workspace integration.
+# release Builds all targets in preparation
+# for workspace integration.
#
-# install-prebuilt Installs the pre-built jar files
+# install-prebuilt Installs the pre-built jar files
#
# This makefile was written to support parallel target execution.
#
--- a/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,8 @@
/**
* Creates an instance of AES cipher with default ECB mode and
* PKCS5Padding.
- *
- * @exception SecurityException if this constructor fails to verify
- * its own integrity
*/
public AESCipher() {
- SunJCE.ensureIntegrity(getClass());
core = new CipherCore(new AESCrypt(), AESConstants.AES_BLOCK_SIZE);
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/AESKeyGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/AESKeyGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -48,16 +48,9 @@
private int keySize = 16; // default keysize (in number of bytes)
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor.
*/
public AESKeyGenerator() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2004-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -65,12 +65,8 @@
/**
* Creates an instance of AES KeyWrap cipher with default
* mode, i.e. "ECB" and padding scheme, i.e. "NoPadding".
- *
- * @exception SecurityException if this constructor fails to verify
- * its own integrity
*/
public AESWrapCipher() {
- SunJCE.ensureIntegrity(getClass());
cipher = new AESCrypt();
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/ARCFOURCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/ARCFOURCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -62,7 +62,6 @@
// called by the JCE framework
public ARCFOURCipher() {
- SunJCE.ensureIntegrity(getClass());
S = new int[256];
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/BlowfishCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/BlowfishCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -60,12 +60,8 @@
/**
* Creates an instance of Blowfish cipher with default ECB mode and
* PKCS5Padding.
- *
- * @exception SecurityException if this constructor fails to verify
- * its own integrity
*/
public BlowfishCipher() {
- SunJCE.ensureIntegrity(getClass());
core = new CipherCore(new BlowfishCrypt(),
BlowfishConstants.BLOWFISH_BLOCK_SIZE);
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/BlowfishKeyGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/BlowfishKeyGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@
private int keysize = 16; // default keysize (in number of bytes)
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public BlowfishKeyGenerator() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,8 @@
/**
* Creates an instance of DES cipher with default ECB mode and
* PKCS5Padding.
- *
- * @exception SecurityException if this constructor fails to verify
- * its own integrity
*/
public DESCipher() {
- SunJCE.ensureIntegrity(getClass());
core = new CipherCore(new DESCrypt(), DESConstants.DES_BLOCK_SIZE);
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,17 +42,11 @@
public final class DESKeyFactory extends SecretKeyFactorySpi {
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public DESKeyFactory() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
}
+
/**
* Generates a <code>SecretKey</code> object from the provided key
* specification (key material).
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESKeyGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESKeyGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@
private SecureRandom random = null;
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public DESKeyGenerator() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -53,12 +53,8 @@
/**
* Creates an instance of DESede cipher with default ECB mode and
* PKCS5Padding.
- *
- * @exception SecurityException if this constructor fails to verify
- * its own integrity
*/
public DESedeCipher() {
- SunJCE.ensureIntegrity(getClass());
core = new CipherCore(new DESedeCrypt(), DESConstants.DES_BLOCK_SIZE);
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,16 +42,9 @@
public final class DESedeKeyFactory extends SecretKeyFactorySpi {
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public DESedeKeyFactory() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have been " +
- "tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -47,16 +47,9 @@
private int keysize = 168;
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public DESedeKeyGenerator() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have been " +
- "tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2004-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -74,12 +74,8 @@
/**
* Creates an instance of CMS DESede KeyWrap cipher with default
* mode, i.e. "CBC" and padding scheme, i.e. "NoPadding".
- *
- * @exception SecurityException if this constructor fails to verify
- * its own integrity.
*/
public DESedeWrapCipher() {
- SunJCE.ensureIntegrity(getClass());
cipher = new CipherBlockChaining(new DESedeCrypt());
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -58,16 +58,9 @@
private BigInteger y = BigInteger.ZERO;
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public DHKeyAgreement() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have been " +
- "tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,16 +49,9 @@
public final class DHKeyFactory extends KeyFactorySpi {
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public DHKeyFactory() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -241,7 +241,6 @@
public static final class HmacSHA256 extends MacSpi implements Cloneable {
private final HmacCore core;
public HmacSHA256() throws NoSuchAlgorithmException {
- SunJCE.ensureIntegrity(getClass());
core = new HmacCore("SHA-256", 64);
}
private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException {
@@ -278,7 +277,6 @@
public static final class HmacSHA384 extends MacSpi implements Cloneable {
private final HmacCore core;
public HmacSHA384() throws NoSuchAlgorithmException {
- SunJCE.ensureIntegrity(getClass());
core = new HmacCore("SHA-384", 128);
}
private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException {
@@ -315,7 +313,6 @@
public static final class HmacSHA512 extends MacSpi implements Cloneable {
private final HmacCore core;
public HmacSHA512() throws NoSuchAlgorithmException {
- SunJCE.ensureIntegrity(getClass());
core = new HmacCore("SHA-512", 128);
}
private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException {
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -44,16 +44,8 @@
/**
* Standard constructor, creates a new HmacMD5 instance.
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
*/
public HmacMD5() throws NoSuchAlgorithmException {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
hmac = new HmacCore(MessageDigest.getInstance("MD5"),
MD5_BLOCK_LENGTH);
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@
private int keysize = 64; // default keysize (in number of bytes)
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public HmacMD5KeyGenerator() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -48,13 +48,8 @@
/**
* Standard constructor, creates a new HmacSHA1 instance.
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
*/
public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
- SunJCE.ensureIntegrity(this.getClass());
this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
SHA1_BLOCK_LENGTH);
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -44,16 +44,8 @@
/**
* Standard constructor, creates a new HmacSHA1 instance.
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
*/
public HmacSHA1() throws NoSuchAlgorithmException {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
SHA1_BLOCK_LENGTH);
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@
private int keysize = 64; // default keysize (in number of bytes)
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public HmacSHA1KeyGenerator() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/JarVerifier.java Thu Jul 30 23:40:15 2009 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package com.sun.crypto.provider;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used. Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
- private static final boolean debug = false;
-
- /**
- * Verify the JAR file is signed by an entity which has a certificate
- * issued by a trusted CA.
- *
- * Note: this is a temporary method and will change soon to use the
- * exception chaining mechanism, which can provide more details
- * as to why the verification failed.
- *
- * @param c the class to be verified.
- * @return true if verification is successful.
- */
- static boolean verify(final Class c) {
- return true;
- }
-}
--- a/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,6 @@
public static final class HmacSHA256KG extends KeyGeneratorSpi {
private final KeyGeneratorCore core;
public HmacSHA256KG() {
- SunJCE.ensureIntegrity(getClass());
core = new KeyGeneratorCore("HmacSHA256", 256);
}
protected void engineInit(SecureRandom random) {
@@ -131,7 +130,6 @@
public static final class HmacSHA384KG extends KeyGeneratorSpi {
private final KeyGeneratorCore core;
public HmacSHA384KG() {
- SunJCE.ensureIntegrity(getClass());
core = new KeyGeneratorCore("HmacSHA384", 384);
}
protected void engineInit(SecureRandom random) {
@@ -153,7 +151,6 @@
public static final class HmacSHA512KG extends KeyGeneratorSpi {
private final KeyGeneratorCore core;
public HmacSHA512KG() {
- SunJCE.ensureIntegrity(getClass());
core = new KeyGeneratorCore("HmacSHA512", 512);
}
protected void engineInit(SecureRandom random) {
@@ -175,7 +172,6 @@
public static final class RC2KeyGenerator extends KeyGeneratorSpi {
private final KeyGeneratorCore core;
public RC2KeyGenerator() {
- SunJCE.ensureIntegrity(getClass());
core = new KeyGeneratorCore("RC2", 128);
}
protected void engineInit(SecureRandom random) {
@@ -201,7 +197,6 @@
public static final class ARCFOURKeyGenerator extends KeyGeneratorSpi {
private final KeyGeneratorCore core;
public ARCFOURKeyGenerator() {
- SunJCE.ensureIntegrity(getClass());
core = new KeyGeneratorCore("ARCFOUR", 128);
}
protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,16 +49,9 @@
private static HashSet<String> validTypes;
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Simple constructor
*/
private PBEKeyFactory(String keytype) {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
type = keytype;
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -55,16 +55,9 @@
* unavailable
* @exception NoSuchPaddingException if the required padding mechanism
* (PKCS5Padding) is unavailable
- *
- * @exception SecurityException if this constructor fails to verify
- * its own integrity
*/
public PBEWithMD5AndDESCipher()
throws NoSuchAlgorithmException, NoSuchPaddingException {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
core = new PBECipherCore("DES");
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -61,23 +61,14 @@
* Creates an instance of this cipher, and initializes its mode (CBC) and
* padding (PKCS5).
*
- * Verify the SunJCE provider in the constructor.
- *
* @exception NoSuchAlgorithmException if the required cipher mode (CBC) is
* unavailable
* @exception NoSuchPaddingException if the required padding mechanism
* (PKCS5Padding) is unavailable
- * @exception SecurityException if fails to verify
- * its own integrity
*/
public PBEWithMD5AndTripleDESCipher()
throws NoSuchAlgorithmException, NoSuchPaddingException
{
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
-
// set the encapsulated cipher to do triple DES
core = new PBECipherCore("DESede");
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,16 +45,9 @@
public final class PBKDF2HmacSHA1Factory extends SecretKeyFactorySpi {
/**
- * Verify the SunJCE provider in the constructor.
- *
- * @exception SecurityException if fails to verify
- * its own integrity
+ * Empty constructor
*/
public PBKDF2HmacSHA1Factory() {
- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -370,7 +370,6 @@
public static final class PBEWithSHA1AndDESede extends CipherSpi {
private final PKCS12PBECipherCore core;
public PBEWithSHA1AndDESede() throws NoSuchAlgorithmException {
- SunJCE.ensureIntegrity(this.getClass());
core = new PKCS12PBECipherCore("DESede", 24);
}
protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
@@ -446,7 +445,6 @@
public static final class PBEWithSHA1AndRC2_40 extends CipherSpi {
private final PKCS12PBECipherCore core;
public PBEWithSHA1AndRC2_40() throws NoSuchAlgorithmException {
- SunJCE.ensureIntegrity(this.getClass());
core = new PKCS12PBECipherCore("RC2", 5);
}
protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
--- a/jdk/src/share/classes/com/sun/crypto/provider/RC2Cipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/RC2Cipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,6 @@
private final RC2Crypt embeddedCipher;
public RC2Cipher() {
- SunJCE.ensureIntegrity(getClass());
embeddedCipher = new RC2Crypt();
core = new CipherCore(embeddedCipher, 8);
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,6 @@
private String oaepHashAlgorithm = "SHA-1";
public RSACipher() {
- SunJCE.ensureIntegrity(getClass());
paddingType = PAD_PKCS1;
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/SslMacCore.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/SslMacCore.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -226,9 +226,6 @@
static final byte[] md5Pad1 = genPad((byte)0x36, 48);
static final byte[] md5Pad2 = genPad((byte)0x5c, 48);
- static {
- SunJCE.ensureIntegrity(SslMacMD5.class);
- }
}
// nested static class for the SslMacMD5 implementation
@@ -262,9 +259,6 @@
static final byte[] shaPad1 = genPad((byte)0x36, 40);
static final byte[] shaPad2 = genPad((byte)0x5c, 40);
- static {
- SunJCE.ensureIntegrity(SslMacSHA1.class);
- }
}
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -93,10 +93,6 @@
static final SecureRandom RANDOM = new SecureRandom();
- // After the SunJCE passed self-integrity checking,
- // verifiedSelfIntegrity will be set to true.
- private static boolean verifiedSelfIntegrity = false;
-
public SunJCE() {
/* We are the "SunJCE" provider */
super("SunJCE", 1.7d, info);
@@ -441,21 +437,4 @@
}
});
}
-
- // set to true once self verification is complete
- private static volatile boolean integrityVerified;
-
- static void ensureIntegrity(Class c) {
- if (verifySelfIntegrity(c) == false) {
- throw new SecurityException("The SunJCE provider may have " +
- "been tampered.");
- }
- }
-
- static final boolean verifySelfIntegrity(Class c) {
- if (verifiedSelfIntegrity) {
- return true;
- }
- return (integrityVerified = JarVerifier.verify(c));
- }
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,6 @@
private int protocolVersion;
public TlsKeyMaterialGenerator() {
- SunJCE.ensureIntegrity(getClass());
}
protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -51,7 +51,6 @@
private int protocolVersion;
public TlsMasterSecretGenerator() {
- SunJCE.ensureIntegrity(getClass());
}
protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,6 @@
private TlsPrfParameterSpec spec;
public TlsPrfGenerator() {
- SunJCE.ensureIntegrity(getClass());
}
protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -48,7 +48,6 @@
private SecureRandom random;
public TlsRsaPremasterSecretGenerator() {
- SunJCE.ensureIntegrity(getClass());
}
protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/javax/crypto/JarVerifier.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/javax/crypto/JarVerifier.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2007-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,7 @@
import java.io.*;
import java.net.*;
import java.security.*;
-import java.util.*;
import java.util.jar.*;
-import javax.crypto.CryptoPolicyParser.ParsingException;
/**
* This class verifies JAR files (and any supporting JAR files), and
@@ -135,17 +133,6 @@
}
/**
- * Verify that the provided JarEntry was indeed signed by the
- * framework signing certificate.
- *
- * @param je the URL of the jar entry to be checked.
- * @throws Exception if the jar entry was not signed by
- * the proper certificate
- */
- static void verifyFrameworkSigned(URL je) throws Exception {
- }
-
- /**
* Verify that the provided certs include the
* framework signing certificate.
*
--- a/jdk/src/share/classes/javax/crypto/JceSecurity.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/javax/crypto/JceSecurity.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
package javax.crypto;
-import java.lang.ref.*;
import java.util.*;
import java.util.jar.*;
import java.io.*;
@@ -256,11 +255,6 @@
("Cannot locate policy or framework files!");
}
- // Enforce the signer restraint, i.e. signer of JCE framework
- // jar should also be the signer of the two jurisdiction policy
- // jar files.
- JarVerifier.verifyFrameworkSigned(jceCipherURL);
-
// Read jurisdiction policies.
CryptoPermissions defaultExport = new CryptoPermissions();
CryptoPermissions exemptExport = new CryptoPermissions();
--- a/jdk/src/share/classes/sun/security/pkcs11/JarVerifier.java Thu Jul 30 23:40:15 2009 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.security.pkcs11;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used. Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
- private static final boolean debug = false;
-
- /**
- * Verify the JAR file is signed by an entity which has a certificate
- * issued by a trusted CA.
- *
- * Note: this is a temporary method and will change soon to use the
- * exception chaining mechanism, which can provide more details
- * as to why the verification failed.
- *
- * @param c the class to be verified.
- * @return true if verification is successful.
- */
- static boolean verify(final Class c) {
- return true;
- }
-}
--- a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -390,24 +390,6 @@
return sb.toString();
}
- // set to true once self verification is complete
- private static volatile boolean integrityVerified;
-
- static void verifySelfIntegrity(Class c) {
- if (integrityVerified) {
- return;
- }
- doVerifySelfIntegrity(c);
- }
-
- private static synchronized void doVerifySelfIntegrity(Class c) {
- integrityVerified = JarVerifier.verify(c);
- if (integrityVerified == false) {
- throw new ProviderException
- ("The SunPKCS11 provider may have been tampered with.");
- }
- }
-
public boolean equals(Object obj) {
return this == obj;
}
@@ -923,7 +905,6 @@
if (type == MD) {
return new P11Digest(token, algorithm, mechanism);
} else if (type == CIP) {
- verifySelfIntegrity(getClass());
if (algorithm.startsWith("RSA")) {
return new P11RSACipher(token, algorithm, mechanism);
} else {
@@ -932,12 +913,10 @@
} else if (type == SIG) {
return new P11Signature(token, algorithm, mechanism);
} else if (type == MAC) {
- verifySelfIntegrity(getClass());
return new P11Mac(token, algorithm, mechanism);
} else if (type == KPG) {
return new P11KeyPairGenerator(token, algorithm, mechanism);
} else if (type == KA) {
- verifySelfIntegrity(getClass());
if (algorithm.equals("ECDH")) {
return new P11ECDHKeyAgreement(token, algorithm, mechanism);
} else {
@@ -946,11 +925,8 @@
} else if (type == KF) {
return token.getKeyFactory(algorithm);
} else if (type == SKF) {
- verifySelfIntegrity(getClass());
return new P11SecretKeyFactory(token, algorithm);
} else if (type == KG) {
- verifySelfIntegrity(getClass());
-
// reference equality
if (algorithm == "SunTlsRsaPremasterSecret") {
return new P11TlsRsaPremasterSecretGenerator(
--- a/jdk/src/windows/classes/sun/security/mscapi/JarVerifier.java Thu Jul 30 23:40:15 2009 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-
-package sun.security.mscapi;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used. Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
- private static final boolean debug = false;
-
- /**
- * Verify the JAR file is signed by an entity which has a certificate
- * issued by a trusted CA.
- *
- * Note: this is a temporary method and will change soon to use the
- * exception chaining mechanism, which can provide more details
- * as to why the verification failed.
- *
- * @param c the class to be verified.
- * @return true if verification is successful.
- */
- static boolean verify(final Class c) {
- return true;
- }
-}
--- a/jdk/src/windows/classes/sun/security/mscapi/RSACipher.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/windows/classes/sun/security/mscapi/RSACipher.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -93,7 +93,6 @@
private sun.security.mscapi.Key privateKey;
public RSACipher() {
- SunMSCAPI.verifySelfIntegrity(getClass());
paddingType = PAD_PKCS1;
}
--- a/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -117,22 +117,4 @@
AccessController.doPrivileged(new PutAllAction(this, map));
}
}
-
- // set to true once self verification is complete
- private static volatile boolean integrityVerified;
-
- static void verifySelfIntegrity(Class c) {
- if (integrityVerified) {
- return;
- }
- doVerifySelfIntegrity(c);
- }
-
- private static synchronized void doVerifySelfIntegrity(Class c) {
- integrityVerified = JarVerifier.verify(c);
- if (integrityVerified == false) {
- throw new ProviderException
- ("The SunMSCAPI provider may have been tampered with.");
- }
- }
}