3909N/A * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * Collection of methods to get and set provider list. Also includes 0N/A * special code for the provider list during JAR verification. 0N/A * @author Andreas Sterbenz 0N/A // number of threads currently using thread-local provider lists 0N/A // tracked to allow an optimization if == 0 0N/A // current system-wide provider list 0N/A // Note volatile immutable object, so no synchronization needed. 0N/A // set providerList to empty list first in case initialization somehow 0N/A // triggers a getInstance() call (although that should not happen) 0N/A // we need special handling to resolve circularities when loading 0N/A // signed JAR files during startup. The code below is part of that. 0N/A // Basically, before we load data from a signed JAR file, we parse 0N/A // the PKCS#7 file and verify the signature. We need a 0N/A // CertificateFactory, Signatures, etc. to do that. We have to make 0N/A // sure that we do not try to load the implementation from the JAR 0N/A // file we are just verifying. 0N/A // To avoid that, we use different provider settings during JAR 0N/A // verification. However, we do not want those provider settings to 0N/A // interfere with other parts of the system. Therefore, we make them local 0N/A // to the Thread executing the JAR verification code. 0N/A // The code here is used by sun.security.util.SignatureFileVerifier. 0N/A // See there for details. 0N/A "sun.security.provider.VerificationProvider";
0N/A // Hardcoded classnames of providers to use for JAR verification. 0N/A // MUST NOT be on the bootclasspath and not in signed JAR files. 0N/A "sun.security.provider.Sun",
0N/A "sun.security.rsa.SunRsaSign",
1786N/A // Note: SunEC *is* in a signed JAR file, but it's not signed 1786N/A // by EC itself. So it's still safe to be listed here. 0N/A // Return to Sun provider or its backup. 0N/A // This method should only be called by 0N/A // sun.security.util.ManifestEntryVerifier and java.security.SecureRandom. 0N/A * Start JAR verification. This sets a special provider list for 0N/A * the current thread. You MUST save the return value from this 0N/A * method and you MUST call stopJarVerification() with that object 0N/A * once you are done. 0N/A // return the old thread-local provider list, usually null 0N/A * Stop JAR verification. Call once you have completed JAR verification. 0N/A // restore old thread-local provider list 0N/A * Return the current ProviderList. If the thread-local list is set, 0N/A * it is returned. Otherwise, the system wide list is returned. 0N/A * Set the current ProviderList. Affects the thread-local list if set, 0N/A * otherwise the system wide list. 0N/A * Get the full provider list with invalid providers (those that 0N/A * could not be loaded) removed. This is the list we need to 0N/A * present to applications. 0N/A // avoid accessing the threadlocal if none are currently in use 0N/A // (first use of ThreadLocal.get() for a Thread allocates a Map) 0N/A // Change the thread local provider list. Use only if the current thread 0N/A // is already using a thread local list and you want to change it in place. 0N/A * Methods to manipulate the thread local provider list. It is for use by 0N/A * JAR verification (see above) and the SunJSSE FIPS mode only. 0N/A * It should be used as follows: 0N/A * ProviderList list = ...; 0N/A * ProviderList oldList = Providers.beginThreadProviderList(list); 0N/A * // code that needs thread local provider list 0N/A * Providers.endThreadProviderList(oldList); 0N/A (
"Restoring previous ThreadLocal providers: " +
list);