/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* This class verifies JAR files (and any supporting JAR files), and
* determines whether they may be used in this implementation.
*
* The JCE in OpenJDK has an open cryptographic interface, meaning it
* does not restrict which providers can be used. Compliance with
* United States export controls and with local law governing the
* the responsibility of the licensee.
*
* @since 1.7
*/
final class JarVerifier {
// The URL for the JAR file we want to verify.
private boolean savePerms;
/**
* Creates a JarVerifier object to verify the given URL.
*
* @param jarURL the JAR file to be verified.
* @param savePerms if true, save the permissions allowed by the
* exemption mechanism
*/
}
/**
* Verify the JAR file is signed by an entity which has a certificate
* issued by a trusted CA.
*
* In OpenJDK, we just need to examine the "cryptoperms" file to see
* if any permissions were bundled together with this jar file.
*/
// Short-circuit. If we weren't asked to save any, we're done.
if (!savePerms) {
return;
}
// If the protocol of jarURL isn't "jar", we should
// construct a JAR URL so we can open a JarURLConnection
// for verifying this provider.
try {
// Get a link to the Jarfile to search.
try {
new PrivilegedExceptionAction() {
// You could do some caching here as
// an optimization.
conn.setUseCaches(false);
return conn.getJarFile();
}
});
throw se;
}
throw new JarException(
"Can not find cryptoPerms");
}
try {
appPerms = new CryptoPermissions();
new JarException("Cannot load/parse" +
throw jex;
}
}
} finally {
// Only call close() when caching is not enabled.
// Otherwise, exceptions will be thrown for all
// subsequent accesses of this cached jar.
}
}
}
/**
* Verify that the provided certs include the
* framework signing certificate.
*
* @param certs the list of certs to be checked.
* @throws Exception if the list of certs did not contain
* the framework signing certificate
*/
throws Exception {
}
/**
* Returns the permissions which are bundled with the JAR file,
* aka the "cryptoperms" file.
*
* NOTE: if this JarVerifier instance is constructed with "savePerms"
* equal to false, then this method would always return null.
*/
return appPerms;
}
}