/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* This class instantiates implementations of JCE engine classes from
* providers registered with the java.security.Security object.
*
* @author Jan Luehe
* @author Sharon Liu
* @since 1.4
*/
final class JceSecurity {
// The defaultPolicy and exemptPolicy will be set up
// in the static initializer.
// Map<Provider,?> of the providers we already have verified
// value == PROVIDER_VERIFIED is successfully verified
// value is failure cause Exception in error case
// Map<Provider,?> of the providers currently being verified
// Set the default value. May be changed in the static initializer.
private static boolean isRestricted = true;
/*
* Don't let anyone instantiate this.
*/
private JceSecurity() {
}
static {
try {
return null;
}
});
CryptoAllPermission.INSTANCE) ? false : true;
} catch (Exception e) {
new SecurityException(
"Can not initialize cryptographic mechanism");
throw se;
}
}
throw (NoSuchProviderException)
}
}
}
}
throws NoSuchAlgorithmException {
if (canUseProvider(s.getProvider()) == false) {
// allow only signed providers
continue;
}
try {
return instance;
} catch (NoSuchAlgorithmException e) {
failure = e;
}
}
+ " not available", failure);
}
/**
* Verify if the JAR at URL codeBase is a signed exempt application
* JAR file and returns the permissions bundled with the JAR.
*
* @throws Exception on error
*/
return jv.getPermissions();
}
/**
* Verify if the JAR at URL codeBase is a signed provider JAR file.
*
* @throws Exception on error
*/
// Verify the provider JAR file and all
// supporting JAR files if there are any.
}
/*
* Verify that the provider JAR files are signed properly, which
* means the signer's certificate can be traced back to a
* JCE trusted CA.
* Return null if ok, failure Exception if verification failed.
*/
if (o == PROVIDER_VERIFIED) {
return null;
} else if (o != null) {
return (Exception)o;
}
// this method is static synchronized, must be recursion
// return failure now but do not save the result
return new NoSuchProviderException("Recursion during verification");
}
try {
// Verified ok, cache result
return null;
} catch (Exception e) {
verificationResults.put(p, e);
return e;
} finally {
}
}
// return whether this provider is properly signed and can be used by JCE
return getVerificationResult(p) == null;
}
// dummy object to represent null
static {
try {
} catch (Exception e) {
throw new RuntimeException(e);
}
}
// reference to a Map we use as a cache for codebases
/*
* Retuns the CodeBase for the given class.
*/
return cs.getLocation();
}
}
return NULL_URL;
}
});
}
}
"security" + sep;
("javax/crypto/Cipher.class");
if ((jceCipherURL == null) ||
throw new SecurityException
("Cannot locate policy or framework files!");
}
// Read jurisdiction policies.
// Merge the export and import policies for default applications.
throw new SecurityException("Missing mandatory jurisdiction " +
"policy files");
}
// Merge the export and import policies for exempt applications.
if (exemptExport.isEmpty()) {
} else {
}
}
/**
* Load the policies from the specified file. Also checks that the
* policies are correctly signed.
*/
throws Exception {
while (entries.hasMoreElements()) {
try {
} else {
continue;
}
} finally {
}
}
// Enforce the signer restraint, i.e. signer of JCE framework
// jar should also be the signer of the two jurisdiction policy
// jar files.
}
// Close and nullify the JarFile reference to help GC.
}
return defaultPolicy;
}
return exemptPolicy;
}
static boolean isRestricted() {
return isRestricted;
}
}