8198481: Coding style cleanups for src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java
Reviewed-by: mchung, alanb

   1 /*
   2  * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package jdk.internal.loader;
  27 
  28 import java.io.File;
  29 import java.io.FilePermission;
  30 import java.io.IOException;
  31 import java.io.InputStream;
  32 import java.lang.module.ModuleDescriptor;
  33 import java.lang.module.ModuleReference;
  34 import java.lang.module.ModuleReader;
  35 import java.lang.ref.SoftReference;
  36 import java.net.MalformedURLException;
  37 import java.net.URI;
  38 import java.net.URL;
  39 import java.nio.ByteBuffer;
  40 import java.security.AccessController;
  41 import java.security.CodeSigner;
  42 import java.security.CodeSource;
  43 import java.security.Permission;
  44 import java.security.PermissionCollection;
  45 import java.security.PrivilegedAction;
  46 import java.security.PrivilegedActionException;
  47 import java.security.PrivilegedExceptionAction;
  48 import java.security.SecureClassLoader;
  49 import java.util.ArrayList;
  50 import java.util.Collections;
  51 import java.util.Enumeration;
  52 import java.util.Iterator;
  53 import java.util.List;
  54 import java.util.Map;
  55 import java.util.NoSuchElementException;
  56 import java.util.Optional;
  57 import java.util.concurrent.ConcurrentHashMap;
  58 import java.util.function.Function;
  59 import java.util.jar.Attributes;
  60 import java.util.jar.Manifest;
  61 import java.util.stream.Stream;
  62 
  63 import jdk.internal.misc.VM;
  64 import jdk.internal.module.ModulePatcher.PatchedModuleReader;
  65 import jdk.internal.module.Resources;
  66 
  67 
  68 /**
  69  * The platform or application class loader. Resources loaded from modules
  70  * defined to the boot class loader are also loaded via an instance of this
  71  * ClassLoader type.
  72  *
  73  * <p> This ClassLoader supports loading of classes and resources from modules.
  74  * Modules are defined to the ClassLoader by invoking the {@link #loadModule}
  75  * method. Defining a module to this ClassLoader has the effect of making the
  76  * types in the module visible. </p>
  77  *
  78  * <p> This ClassLoader also supports loading of classes and resources from a
  79  * class path of URLs that are specified to the ClassLoader at construction
  80  * time. The class path may expand at runtime (the Class-Path attribute in JAR
  81  * files or via instrumentation agents). </p>
  82  *
  83  * <p> The delegation model used by this ClassLoader differs to the regular
  84  * delegation model. When requested to load a class then this ClassLoader first
  85  * maps the class name to its package name. If there is a module defined to a
  86  * BuiltinClassLoader containing this package then the class loader delegates
  87  * directly to that class loader. If there isn't a module containing the
  88  * package then it delegates the search to the parent class loader and if not
  89  * found in the parent then it searches the class path. The main difference
  90  * between this and the usual delegation model is that it allows the platform
  91  * class loader to delegate to the application class loader, important with
  92  * upgraded modules defined to the platform class loader.
  93  */

  94 public class BuiltinClassLoader
  95     extends SecureClassLoader
  96 {
  97     static {
  98         if (!ClassLoader.registerAsParallelCapable())
  99             throw new InternalError("Unable to register as parallel capable");
 100     }
 101 
 102     /** parent ClassLoader */
 103     private final BuiltinClassLoader parent;
 104 
 105     /** the URL class path, or null if there is no class path */
 106     private final URLClassPath ucp;
 107 
 108 
 109     /**
 110      * A module defined/loaded by a built-in class loader.
 111      *
 112      * A LoadedModule encapsulates a ModuleReference along with its CodeSource
 113      * URL to avoid needing to create this URL when defining classes.
 114      */
 115     private static class LoadedModule {
 116         private final BuiltinClassLoader loader;
 117         private final ModuleReference mref;
 118         private final URL codeSourceURL;          // may be null
 119 
 120         LoadedModule(BuiltinClassLoader loader, ModuleReference mref) {
 121             URL url = null;
 122             if (mref.location().isPresent()) {
 123                 try {
 124                     url = mref.location().get().toURL();
 125                 } catch (MalformedURLException | IllegalArgumentException e) { }
 126             }
 127             this.loader = loader;
 128             this.mref = mref;
 129             this.codeSourceURL = url;
 130         }
 131 
 132         BuiltinClassLoader loader() { return loader; }
 133         ModuleReference mref() { return mref; }
 134         String name() { return mref.descriptor().name(); }
 135         URL codeSourceURL() { return codeSourceURL; }
 136     }
 137 
 138 
 139     // maps package name to loaded module for modules in the boot layer
 140     private static final Map<String, LoadedModule> packageToModule
 141         = new ConcurrentHashMap<>(1024);
 142 
 143     // maps a module name to a module reference
 144     private final Map<String, ModuleReference> nameToModule;
 145 
 146     // maps a module reference to a module reader
 147     private final Map<ModuleReference, ModuleReader> moduleToReader;
 148 
 149     // cache of resource name -> list of URLs.
 150     // used only for resources that are not in module packages
 151     private volatile SoftReference<Map<String, List<URL>>> resourceCache;
 152 
 153     /**
 154      * Create a new instance.
 155      */
 156     BuiltinClassLoader(String name, BuiltinClassLoader parent, URLClassPath ucp) {
 157         // ensure getParent() returns null when the parent is the boot loader
 158         super(name, parent == null || parent == ClassLoaders.bootLoader() ? null : parent);
 159 
 160         this.parent = parent;
 161         this.ucp = ucp;
 162 
 163         this.nameToModule = new ConcurrentHashMap<>();
 164         this.moduleToReader = new ConcurrentHashMap<>();
 165     }
 166 
 167     /**
 168      * Returns {@code true} if there is a class path associated with this
 169      * class loader.
 170      */
 171     boolean hasClassPath() {
 172         return ucp != null;
 173     }
 174 
 175     /**
 176      * Register a module this class loader. This has the effect of making the
 177      * types in the module visible.
 178      */
 179     public void loadModule(ModuleReference mref) {
 180         String mn = mref.descriptor().name();
 181         if (nameToModule.putIfAbsent(mn, mref) != null) {
 182             throw new InternalError(mn + " already defined to this loader");
 183         }
 184 
 185         LoadedModule loadedModule = new LoadedModule(this, mref);
 186         for (String pn : mref.descriptor().packages()) {
 187             LoadedModule other = packageToModule.putIfAbsent(pn, loadedModule);
 188             if (other != null) {
 189                 throw new InternalError(pn + " in modules " + mn + " and "
 190                                         + other.mref().descriptor().name());
 191             }
 192         }
 193 
 194         // clear resources cache if VM is already initialized
 195         if (VM.isModuleSystemInited() && resourceCache != null) {
 196             resourceCache = null;
 197         }
 198     }
 199 
 200     /**
 201      * Returns the {@code ModuleReference} for the named module defined to
 202      * this class loader; or {@code null} if not defined.
 203      *
 204      * @param name The name of the module to find
 205      */
 206     protected ModuleReference findModule(String name) {
 207         return nameToModule.get(name);
 208     }
 209 
 210 
 211     // -- finding resources
 212 
 213     /**
 214      * Returns a URL to a resource of the given name in a module defined to
 215      * this class loader.
 216      */
 217     @Override
 218     public URL findResource(String mn, String name) throws IOException {
 219         URL url = null;
 220 
 221         if (mn != null) {
 222             // find in module
 223             ModuleReference mref = nameToModule.get(mn);
 224             if (mref != null) {
 225                 url = findResource(mref, name);
 226             }
 227         } else {
 228             // find on class path
 229             url = findResourceOnClassPath(name);
 230         }
 231 
 232         return checkURL(url);  // check access before returning
 233     }
 234 
 235     /**
 236      * Returns an input stream to a resource of the given name in a module
 237      * defined to this class loader.
 238      */
 239     public InputStream findResourceAsStream(String mn, String name)
 240         throws IOException
 241     {
 242         // Need URL to resource when running with a security manager so that
 243         // the right permission check is done.
 244         if (System.getSecurityManager() != null || mn == null) {
 245             URL url = findResource(mn, name);
 246             return (url != null) ? url.openStream() : null;
 247         }
 248 
 249         // find in module defined to this loader, no security manager
 250         ModuleReference mref = nameToModule.get(mn);
 251         if (mref != null) {
 252             return moduleReaderFor(mref).open(name).orElse(null);
 253         } else {
 254             return null;
 255         }
 256     }
 257 
 258     /**
 259      * Finds a resource with the given name in the modules defined to this
 260      * class loader or its class path.
 261      */
 262     @Override
 263     public URL findResource(String name) {
 264         String pn = Resources.toPackageName(name);
 265         LoadedModule module = packageToModule.get(pn);
 266         if (module != null) {
 267 
 268             // resource is in a package of a module defined to this loader
 269             if (module.loader() == this) {
 270                 URL url;
 271                 try {
 272                     url = findResource(module.name(), name); // checks URL
 273                 } catch (IOException ioe) {
 274                     return null;
 275                 }
 276                 if (url != null
 277                     && (name.endsWith(".class")
 278                         || url.toString().endsWith("/")
 279                         || isOpen(module.mref(), pn))) {
 280                     return url;
 281                 }
 282             }
 283 
 284         } else {
 285 
 286             // not in a module package but may be in module defined to this loader
 287             try {
 288                 List<URL> urls = findMiscResource(name);
 289                 if (!urls.isEmpty()) {
 290                     URL url = urls.get(0);
 291                     if (url != null) {
 292                         return checkURL(url); // check access before returning
 293                     }
 294                 }
 295             } catch (IOException ioe) {
 296                 return null;
 297             }
 298 
 299         }
 300 
 301         // search class path
 302         URL url = findResourceOnClassPath(name);
 303         return checkURL(url);
 304     }
 305 
 306     /**
 307      * Returns an enumeration of URL objects to all the resources with the
 308      * given name in modules defined to this class loader or on the class
 309      * path of this loader.
 310      */
 311     @Override
 312     public Enumeration<URL> findResources(String name) throws IOException {
 313         List<URL> checked = new ArrayList<>();  // list of checked URLs
 314 
 315         String pn = Resources.toPackageName(name);
 316         LoadedModule module = packageToModule.get(pn);
 317         if (module != null) {
 318 
 319             // resource is in a package of a module defined to this loader
 320             if (module.loader() == this) {
 321                 URL url = findResource(module.name(), name); // checks URL
 322                 if (url != null
 323                     && (name.endsWith(".class")
 324                         || url.toString().endsWith("/")
 325                         || isOpen(module.mref(), pn))) {
 326                     checked.add(url);
 327                 }
 328             }
 329 
 330         } else {
 331             // not in a package of a module defined to this loader
 332             for (URL url : findMiscResource(name)) {
 333                 url = checkURL(url);
 334                 if (url != null) {
 335                     checked.add(url);
 336                 }
 337             }
 338         }
 339 
 340         // class path (not checked)
 341         Enumeration<URL> e = findResourcesOnClassPath(name);
 342 
 343         // concat the checked URLs and the (not checked) class path
 344         return new Enumeration<>() {
 345             final Iterator<URL> iterator = checked.iterator();
 346             URL next;
 347             private boolean hasNext() {
 348                 if (next != null) {
 349                     return true;
 350                 } else if (iterator.hasNext()) {
 351                     next = iterator.next();
 352                     return true;
 353                 } else {
 354                     // need to check each URL
 355                     while (e.hasMoreElements() && next == null) {
 356                         next = checkURL(e.nextElement());
 357                     }
 358                     return next != null;
 359                 }
 360             }
 361             @Override
 362             public boolean hasMoreElements() {
 363                 return hasNext();
 364             }
 365             @Override
 366             public URL nextElement() {
 367                 if (hasNext()) {
 368                     URL result = next;
 369                     next = null;
 370                     return result;
 371                 } else {
 372                     throw new NoSuchElementException();
 373                 }
 374             }
 375         };
 376 
 377     }
 378 
 379     /**
 380      * Returns the list of URLs to a "miscellaneous" resource in modules
 381      * defined to this loader. A miscellaneous resource is not in a module
 382      * package, e.g. META-INF/services/p.S.
 383      *
 384      * The cache used by this method avoids repeated searching of all modules.
 385      */
 386     private List<URL> findMiscResource(String name) throws IOException {
 387         SoftReference<Map<String, List<URL>>> ref = this.resourceCache;
 388         Map<String, List<URL>> map = (ref != null) ? ref.get() : null;
 389         if (map == null) {
 390             map = new ConcurrentHashMap<>();
 391             this.resourceCache = new SoftReference<>(map);
 392         } else {
 393             List<URL> urls = map.get(name);
 394             if (urls != null)
 395                 return urls;
 396         }
 397 
 398         // search all modules for the resource
 399         List<URL> urls;
 400         try {
 401             urls = AccessController.doPrivileged(
 402                 new PrivilegedExceptionAction<>() {
 403                     @Override
 404                     public List<URL> run() throws IOException {
 405                         List<URL> result = null;
 406                         for (ModuleReference mref : nameToModule.values()) {
 407                             URI u = moduleReaderFor(mref).find(name).orElse(null);
 408                             if (u != null) {
 409                                 try {
 410                                     if (result == null)
 411                                         result = new ArrayList<>();
 412                                     result.add(u.toURL());
 413                                 } catch (MalformedURLException |
 414                                          IllegalArgumentException e) {
 415                                 }
 416                             }
 417                         }
 418                         return (result != null) ? result : Collections.emptyList();
 419                     }
 420                 });
 421         } catch (PrivilegedActionException pae) {
 422             throw (IOException) pae.getCause();
 423         }
 424 
 425         // only cache resources after VM is fully initialized
 426         if (VM.isModuleSystemInited()) {
 427             map.putIfAbsent(name, urls);
 428         }
 429 
 430         return urls;
 431     }
 432 
 433     /**
 434      * Returns the URL to a resource in a module or {@code null} if not found.
 435      */
 436     private URL findResource(ModuleReference mref, String name) throws IOException {
 437         URI u;
 438         if (System.getSecurityManager() == null) {
 439             u = moduleReaderFor(mref).find(name).orElse(null);
 440         } else {
 441             try {
 442                 u = AccessController.doPrivileged(new PrivilegedExceptionAction<> () {
 443                     @Override
 444                     public URI run() throws IOException {
 445                         return moduleReaderFor(mref).find(name).orElse(null);
 446                     }
 447                 });
 448             } catch (PrivilegedActionException pae) {
 449                 throw (IOException) pae.getCause();
 450             }
 451         }
 452         if (u != null) {
 453             try {
 454                 return u.toURL();
 455             } catch (MalformedURLException | IllegalArgumentException e) { }
 456         }
 457         return null;
 458     }
 459 
 460     /**
 461      * Returns the URL to a resource in a module. Returns {@code null} if not found
 462      * or an I/O error occurs.
 463      */
 464     private URL findResourceOrNull(ModuleReference mref, String name) {
 465         try {
 466             return findResource(mref, name);
 467         } catch (IOException ignore) {
 468             return null;
 469         }
 470     }
 471 
 472     /**
 473      * Returns a URL to a resource on the class path.
 474      */
 475     private URL findResourceOnClassPath(String name) {
 476         if (hasClassPath()) {
 477             if (System.getSecurityManager() == null) {
 478                 return ucp.findResource(name, false);
 479             } else {
 480                 PrivilegedAction<URL> pa = () -> ucp.findResource(name, false);
 481                 return AccessController.doPrivileged(pa);
 482             }
 483         } else {
 484             // no class path
 485             return null;
 486         }
 487     }
 488 
 489     /**
 490      * Returns the URLs of all resources of the given name on the class path.
 491      */
 492     private Enumeration<URL> findResourcesOnClassPath(String name) {
 493         if (hasClassPath()) {
 494             if (System.getSecurityManager() == null) {
 495                 return ucp.findResources(name, false);
 496             } else {
 497                 PrivilegedAction<Enumeration<URL>> pa;
 498                 pa = () -> ucp.findResources(name, false);
 499                 return AccessController.doPrivileged(pa);
 500             }
 501         } else {
 502             // no class path
 503             return Collections.emptyEnumeration();
 504         }
 505     }
 506 
 507     // -- finding/loading classes
 508 
 509     /**
 510      * Finds the class with the specified binary name.
 511      */
 512     @Override
 513     protected Class<?> findClass(String cn) throws ClassNotFoundException {
 514         // no class loading until VM is fully initialized
 515         if (!VM.isModuleSystemInited())
 516             throw new ClassNotFoundException(cn);
 517 
 518         // find the candidate module for this class
 519         LoadedModule loadedModule = findLoadedModule(cn);
 520 
 521         Class<?> c = null;
 522         if (loadedModule != null) {
 523 
 524             // attempt to load class in module defined to this loader
 525             if (loadedModule.loader() == this) {
 526                 c = findClassInModuleOrNull(loadedModule, cn);
 527             }
 528 
 529         } else {
 530 
 531             // search class path
 532             if (hasClassPath()) {
 533                 c = findClassOnClassPathOrNull(cn);
 534             }
 535 
 536         }
 537 
 538         // not found
 539         if (c == null)
 540             throw new ClassNotFoundException(cn);
 541 
 542         return c;
 543     }
 544 
 545     /**
 546      * Finds the class with the specified binary name in a module.
 547      * This method returns {@code null} if the class cannot be found
 548      * or not defined in the specified module.
 549      */
 550     @Override
 551     protected Class<?> findClass(String mn, String cn) {
 552         if (mn != null) {
 553             // find the candidate module for this class
 554             LoadedModule loadedModule = findLoadedModule(mn, cn);
 555             if (loadedModule == null) {
 556                 return null;
 557             }
 558 
 559             // attempt to load class in module defined to this loader
 560             assert loadedModule.loader() == this;
 561             return findClassInModuleOrNull(loadedModule, cn);
 562         }
 563 
 564         // search class path
 565         if (hasClassPath()) {
 566             return findClassOnClassPathOrNull(cn);
 567         }
 568 
 569         return null;
 570     }
 571 
 572     /**
 573      * Loads the class with the specified binary name.
 574      */
 575     @Override
 576     protected Class<?> loadClass(String cn, boolean resolve)
 577         throws ClassNotFoundException
 578     {
 579         Class<?> c = loadClassOrNull(cn, resolve);
 580         if (c == null)
 581             throw new ClassNotFoundException(cn);
 582         return c;
 583     }
 584 
 585     /**
 586      * A variation of {@code loadCass} to load a class with the specified
 587      * binary name. This method returns {@code null} when the class is not
 588      * found.
 589      */
 590     protected Class<?> loadClassOrNull(String cn, boolean resolve) {
 591         synchronized (getClassLoadingLock(cn)) {
 592             // check if already loaded
 593             Class<?> c = findLoadedClass(cn);
 594 
 595             if (c == null) {
 596 
 597                 // find the candidate module for this class
 598                 LoadedModule loadedModule = findLoadedModule(cn);
 599                 if (loadedModule != null) {
 600 
 601                     // package is in a module
 602                     BuiltinClassLoader loader = loadedModule.loader();
 603                     if (loader == this) {
 604                         if (VM.isModuleSystemInited()) {
 605                             c = findClassInModuleOrNull(loadedModule, cn);
 606                         }
 607                     } else {
 608                         // delegate to the other loader
 609                         c = loader.loadClassOrNull(cn);
 610                     }
 611 
 612                 } else {
 613 
 614                     // check parent
 615                     if (parent != null) {
 616                         c = parent.loadClassOrNull(cn);
 617                     }
 618 
 619                     // check class path
 620                     if (c == null && hasClassPath() && VM.isModuleSystemInited()) {
 621                         c = findClassOnClassPathOrNull(cn);
 622                     }
 623                 }
 624 
 625             }
 626 
 627             if (resolve && c != null)
 628                 resolveClass(c);
 629 
 630             return c;
 631         }
 632     }
 633 
 634     /**
 635      * A variation of {@code loadCass} to load a class with the specified
 636      * binary name. This method returns {@code null} when the class is not
 637      * found.
 638      */
 639     protected  Class<?> loadClassOrNull(String cn) {
 640         return loadClassOrNull(cn, false);
 641     }
 642 
 643     /**
 644      * Find the candidate loaded module for the given class name.
 645      * Returns {@code null} if none of the modules defined to this
 646      * class loader contain the API package for the class.
 647      */
 648     private LoadedModule findLoadedModule(String cn) {
 649         int pos = cn.lastIndexOf('.');
 650         if (pos < 0)
 651             return null; // unnamed package
 652 
 653         String pn = cn.substring(0, pos);
 654         return packageToModule.get(pn);
 655     }
 656 
 657     /**
 658      * Find the candidate loaded module for the given class name
 659      * in the named module.  Returns {@code null} if the named module
 660      * is not defined to this class loader or does not contain
 661      * the API package for the class.
 662      */
 663     private LoadedModule findLoadedModule(String mn, String cn) {
 664         LoadedModule loadedModule = findLoadedModule(cn);
 665         if (loadedModule != null && mn.equals(loadedModule.name())) {
 666             return loadedModule;
 667         } else {
 668             return null;
 669         }
 670     }
 671 
 672     /**
 673      * Finds the class with the specified binary name if in a module
 674      * defined to this ClassLoader.
 675      *
 676      * @return the resulting Class or {@code null} if not found
 677      */
 678     private Class<?> findClassInModuleOrNull(LoadedModule loadedModule, String cn) {
 679         if (System.getSecurityManager() == null) {
 680             return defineClass(cn, loadedModule);
 681         } else {
 682             PrivilegedAction<Class<?>> pa = () -> defineClass(cn, loadedModule);
 683             return AccessController.doPrivileged(pa);
 684         }
 685     }
 686 
 687     /**
 688      * Finds the class with the specified binary name on the class path.
 689      *
 690      * @return the resulting Class or {@code null} if not found
 691      */
 692     private Class<?> findClassOnClassPathOrNull(String cn) {
 693         String path = cn.replace('.', '/').concat(".class");
 694         if (System.getSecurityManager() == null) {
 695             Resource res = ucp.getResource(path, false);
 696             if (res != null) {
 697                 try {
 698                     return defineClass(cn, res);
 699                 } catch (IOException ioe) {
 700                     // TBD on how I/O errors should be propagated
 701                 }
 702             }
 703             return null;
 704         } else {
 705             // avoid use of lambda here
 706             PrivilegedAction<Class<?>> pa = new PrivilegedAction<>() {
 707                 public Class<?> run() {
 708                     Resource res = ucp.getResource(path, false);
 709                     if (res != null) {
 710                         try {
 711                             return defineClass(cn, res);
 712                         } catch (IOException ioe) {
 713                             // TBD on how I/O errors should be propagated
 714                         }
 715                     }
 716                     return null;
 717                 }
 718             };
 719             return AccessController.doPrivileged(pa);
 720         }
 721     }
 722 
 723     /**
 724      * Defines the given binary class name to the VM, loading the class
 725      * bytes from the given module.
 726      *
 727      * @return the resulting Class or {@code null} if an I/O error occurs
 728      */
 729     private Class<?> defineClass(String cn, LoadedModule loadedModule) {
 730         ModuleReference mref = loadedModule.mref();
 731         ModuleReader reader = moduleReaderFor(mref);
 732 
 733         try {
 734             ByteBuffer bb = null;
 735             URL csURL = null;
 736 
 737             // locate class file, special handling for patched modules to
 738             // avoid locating the resource twice
 739             String rn = cn.replace('.', '/').concat(".class");
 740             if (reader instanceof PatchedModuleReader) {
 741                 Resource r = ((PatchedModuleReader)reader).findResource(rn);
 742                 if (r != null) {
 743                     bb = r.getByteBuffer();
 744                     csURL = r.getCodeSourceURL();
 745                 }
 746             } else {
 747                 bb = reader.read(rn).orElse(null);
 748                 csURL = loadedModule.codeSourceURL();
 749             }
 750 
 751             if (bb == null) {
 752                 // class not found
 753                 return null;
 754             }
 755 
 756             CodeSource cs = new CodeSource(csURL, (CodeSigner[]) null);
 757             try {
 758                 // define class to VM
 759                 return defineClass(cn, bb, cs);
 760 
 761             } finally {
 762                 reader.release(bb);
 763             }
 764 
 765         } catch (IOException ioe) {
 766             // TBD on how I/O errors should be propagated
 767             return null;
 768         }
 769     }
 770 
 771     /**
 772      * Defines the given binary class name to the VM, loading the class
 773      * bytes via the given Resource object.
 774      *
 775      * @return the resulting Class
 776      * @throws IOException if reading the resource fails
 777      * @throws SecurityException if there is a sealing violation (JAR spec)
 778      */
 779     private Class<?> defineClass(String cn, Resource res) throws IOException {
 780         URL url = res.getCodeSourceURL();
 781 
 782         // if class is in a named package then ensure that the package is defined
 783         int pos = cn.lastIndexOf('.');
 784         if (pos != -1) {
 785             String pn = cn.substring(0, pos);
 786             Manifest man = res.getManifest();
 787             defineOrCheckPackage(pn, man, url);
 788         }
 789 
 790         // defines the class to the runtime
 791         ByteBuffer bb = res.getByteBuffer();
 792         if (bb != null) {
 793             CodeSigner[] signers = res.getCodeSigners();
 794             CodeSource cs = new CodeSource(url, signers);
 795             return defineClass(cn, bb, cs);
 796         } else {
 797             byte[] b = res.getBytes();
 798             CodeSigner[] signers = res.getCodeSigners();
 799             CodeSource cs = new CodeSource(url, signers);
 800             return defineClass(cn, b, 0, b.length, cs);
 801         }
 802     }
 803 
 804 
 805     // -- packages
 806 
 807     /**
 808      * Defines a package in this ClassLoader. If the package is already defined
 809      * then its sealing needs to be checked if sealed by the legacy sealing
 810      * mechanism.
 811      *
 812      * @throws SecurityException if there is a sealing violation (JAR spec)
 813      */
 814     protected Package defineOrCheckPackage(String pn, Manifest man, URL url) {
 815         Package pkg = getAndVerifyPackage(pn, man, url);
 816         if (pkg == null) {
 817             try {
 818                 if (man != null) {
 819                     pkg = definePackage(pn, man, url);
 820                 } else {
 821                     pkg = definePackage(pn, null, null, null, null, null, null, null);
 822                 }
 823             } catch (IllegalArgumentException iae) {
 824                 // defined by another thread so need to re-verify
 825                 pkg = getAndVerifyPackage(pn, man, url);
 826                 if (pkg == null)
 827                     throw new InternalError("Cannot find package: " + pn);
 828             }
 829         }
 830         return pkg;
 831     }
 832 
 833     /**
 834      * Get the Package with the specified package name. If defined
 835      * then verify that it against the manifest and code source.
 836      *
 837      * @throws SecurityException if there is a sealing violation (JAR spec)
 838      */
 839     private Package getAndVerifyPackage(String pn, Manifest man, URL url) {
 840         Package pkg = getDefinedPackage(pn);
 841         if (pkg != null) {
 842             if (pkg.isSealed()) {
 843                 if (!pkg.isSealed(url)) {
 844                     throw new SecurityException(
 845                         "sealing violation: package " + pn + " is sealed");
 846                 }
 847             } else {
 848                 // can't seal package if already defined without sealing
 849                 if ((man != null) && isSealed(pn, man)) {
 850                     throw new SecurityException(
 851                         "sealing violation: can't seal package " + pn +
 852                         ": already defined");
 853                 }
 854             }
 855         }
 856         return pkg;
 857     }
 858 
 859     /**
 860      * Defines a new package in this ClassLoader. The attributes in the specified
 861      * Manifest are use to get the package version and sealing information.
 862      *
 863      * @throws IllegalArgumentException if the package name duplicates an
 864      * existing package either in this class loader or one of its ancestors
 865      */
 866     private Package definePackage(String pn, Manifest man, URL url) {
 867         String specTitle = null;
 868         String specVersion = null;
 869         String specVendor = null;
 870         String implTitle = null;
 871         String implVersion = null;
 872         String implVendor = null;
 873         String sealed = null;
 874         URL sealBase = null;
 875 
 876         if (man != null) {
 877             Attributes attr = man.getAttributes(pn.replace('.', '/').concat("/"));
 878             if (attr != null) {
 879                 specTitle = attr.getValue(Attributes.Name.SPECIFICATION_TITLE);
 880                 specVersion = attr.getValue(Attributes.Name.SPECIFICATION_VERSION);
 881                 specVendor = attr.getValue(Attributes.Name.SPECIFICATION_VENDOR);
 882                 implTitle = attr.getValue(Attributes.Name.IMPLEMENTATION_TITLE);
 883                 implVersion = attr.getValue(Attributes.Name.IMPLEMENTATION_VERSION);
 884                 implVendor = attr.getValue(Attributes.Name.IMPLEMENTATION_VENDOR);
 885                 sealed = attr.getValue(Attributes.Name.SEALED);
 886             }
 887 
 888             attr = man.getMainAttributes();
 889             if (attr != null) {
 890                 if (specTitle == null)
 891                     specTitle = attr.getValue(Attributes.Name.SPECIFICATION_TITLE);
 892                 if (specVersion == null)
 893                     specVersion = attr.getValue(Attributes.Name.SPECIFICATION_VERSION);
 894                 if (specVendor == null)
 895                     specVendor = attr.getValue(Attributes.Name.SPECIFICATION_VENDOR);
 896                 if (implTitle == null)
 897                     implTitle = attr.getValue(Attributes.Name.IMPLEMENTATION_TITLE);
 898                 if (implVersion == null)
 899                     implVersion = attr.getValue(Attributes.Name.IMPLEMENTATION_VERSION);
 900                 if (implVendor == null)
 901                     implVendor = attr.getValue(Attributes.Name.IMPLEMENTATION_VENDOR);
 902                 if (sealed == null)
 903                     sealed = attr.getValue(Attributes.Name.SEALED);
 904             }
 905 
 906             // package is sealed
 907             if ("true".equalsIgnoreCase(sealed))
 908                 sealBase = url;
 909         }
 910         return definePackage(pn,
 911                 specTitle,
 912                 specVersion,
 913                 specVendor,
 914                 implTitle,
 915                 implVersion,
 916                 implVendor,
 917                 sealBase);
 918     }
 919 
 920     /**
 921      * Returns {@code true} if the specified package name is sealed according to
 922      * the given manifest.
 923      */
 924     private boolean isSealed(String pn, Manifest man) {
 925         String path = pn.replace('.', '/').concat("/");
 926         Attributes attr = man.getAttributes(path);
 927         String sealed = null;
 928         if (attr != null)
 929             sealed = attr.getValue(Attributes.Name.SEALED);
 930         if (sealed == null && (attr = man.getMainAttributes()) != null)
 931             sealed = attr.getValue(Attributes.Name.SEALED);
 932         return "true".equalsIgnoreCase(sealed);
 933     }
 934 
 935     // -- permissions
 936 
 937     /**
 938      * Returns the permissions for the given CodeSource.
 939      */
 940     @Override
 941     protected PermissionCollection getPermissions(CodeSource cs) {
 942         PermissionCollection perms = super.getPermissions(cs);
 943 
 944         // add the permission to access the resource
 945         URL url = cs.getLocation();
 946         if (url == null)
 947             return perms;
 948 
 949         // avoid opening connection when URL is to resource in run-time image
 950         if (url.getProtocol().equals("jrt")) {
 951             perms.add(new RuntimePermission("accessSystemModules"));
 952             return perms;
 953         }
 954 
 955         // open connection to determine the permission needed
 956         try {
 957             Permission p = url.openConnection().getPermission();
 958             if (p != null) {
 959                 // for directories then need recursive access
 960                 if (p instanceof FilePermission) {
 961                     String path = p.getName();
 962                     if (path.endsWith(File.separator)) {
 963                         path += "-";
 964                         p = new FilePermission(path, "read");
 965                     }
 966                 }
 967                 perms.add(p);
 968             }
 969         } catch (IOException ioe) { }
 970 
 971         return perms;
 972     }
 973 
 974 
 975     // -- miscellaneous supporting methods
 976 
 977     /**
 978      * Returns the ModuleReader for the given module, creating it if needed
 979      */
 980     private ModuleReader moduleReaderFor(ModuleReference mref) {
 981         ModuleReader reader = moduleToReader.get(mref);
 982         if (reader == null) {
 983             // avoid method reference during startup
 984             Function<ModuleReference, ModuleReader> create = new Function<>() {
 985                 public ModuleReader apply(ModuleReference moduleReference) {
 986                     try {
 987                         return mref.open();
 988                     } catch (IOException e) {
 989                         // Return a null module reader to avoid a future class
 990                         // load attempting to open the module again.
 991                         return new NullModuleReader();
 992                     }
 993                 }
 994             };
 995             reader = moduleToReader.computeIfAbsent(mref, create);
 996         }
 997         return reader;
 998     }
 999 
1000     /**
1001      * A ModuleReader that doesn't read any resources.
1002      */
1003     private static class NullModuleReader implements ModuleReader {
1004         @Override
1005         public Optional<URI> find(String name) {
1006             return Optional.empty();
1007         }
1008         @Override
1009         public Stream<String> list() {
1010             return Stream.empty();
1011         }
1012         @Override
1013         public void close() {
1014             throw new InternalError("Should not get here");
1015         }
1016     };
1017 
1018     /**
1019      * Returns true if the given module opens the given package
1020      * unconditionally.
1021      *
1022      * @implNote This method currently iterates over each of the open
1023      * packages. This will be replaced once the ModuleDescriptor.Opens
1024      * API is updated.
1025      */
1026     private boolean isOpen(ModuleReference mref, String pn) {
1027         ModuleDescriptor descriptor = mref.descriptor();
1028         if (descriptor.isOpen() || descriptor.isAutomatic())
1029             return true;
1030         for (ModuleDescriptor.Opens opens : descriptor.opens()) {
1031             String source = opens.source();
1032             if (!opens.isQualified() && source.equals(pn)) {
1033                 return true;
1034             }
1035         }
1036         return false;
1037     }
1038 
1039     /**
1040      * Checks access to the given URL. We use URLClassPath for consistent
1041      * checking with java.net.URLClassLoader.
1042      */
1043     private static URL checkURL(URL url) {
1044         return URLClassPath.checkURL(url);
1045     }
1046 }
--- EOF ---