< prev index next >
src/java.base/share/classes/sun/security/provider/PolicyFile.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 276,286 ****
// contains the policy grant entries, PD cache, and alias mapping
private AtomicReference<PolicyInfo> policyInfo = new AtomicReference<>();
private boolean constructed = false;
private boolean expandProperties = true;
- private boolean ignoreIdentityScope = true;
private boolean allowSystemProperties = true;
private boolean notUtf8 = false;
private URL url;
// for use with the reflection API
--- 276,285 ----
*** 413,424 ****
String numCacheStr =
AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
expandProperties = "true".equalsIgnoreCase
(Security.getProperty("policy.expandProperties"));
- ignoreIdentityScope = "true".equalsIgnoreCase
- (Security.getProperty("policy.ignoreIdentityScope"));
allowSystemProperties = "true".equalsIgnoreCase
(Security.getProperty("policy.allowSystemProperty"));
notUtf8 = "false".equalsIgnoreCase
(System.getProperty("sun.security.policy.utf8"));
return System.getProperty("sun.security.policy.numcaches");
--- 412,421 ----
*** 1204,1238 ****
for (PolicyEntry entry : pi.policyEntries) {
addPermissions(perms, cs, principals, entry);
}
- // Go through policyEntries gotten from identity db; sync required
- // because checkForTrustedIdentity (below) might update list
- synchronized (pi.identityPolicyEntries) {
- for (PolicyEntry entry : pi.identityPolicyEntries) {
- addPermissions(perms, cs, principals, entry);
- }
- }
-
- // now see if any of the keys are trusted ids.
- if (!ignoreIdentityScope) {
- Certificate certs[] = cs.getCertificates();
- if (certs != null) {
- for (int k=0; k < certs.length; k++) {
- Object idMap = pi.aliasMapping.get(certs[k]);
- if (idMap == null &&
- checkForTrustedIdentity(certs[k], pi)) {
- // checkForTrustedIdentity added it
- // to the policy for us. next time
- // around we'll find it. This time
- // around we need to add it.
- perms.add(SecurityConstants.ALL_PERMISSION);
- }
- }
- }
- }
return perms;
}
private void addPermissions(Permissions perms,
final CodeSource cs,
--- 1201,1210 ----
*** 1618,1628 ****
/*
* Returns the signer certificates from the list of certificates
* associated with the given code source.
*
* The signer certificates are those certificates that were used
! * to verifysigned code originating from the codesource location.
*
* This method assumes that in the given code source, each signer
* certificate is followed by its supporting certificate chain
* (which may be empty), and that the signer certificate and its
* supporting certificate chain are ordered bottom-to-top
--- 1590,1600 ----
/*
* Returns the signer certificates from the list of certificates
* associated with the given code source.
*
* The signer certificates are those certificates that were used
! * to verify signed code originating from the codesource location.
*
* This method assumes that in the given code source, each signer
* certificate is followed by its supporting certificate chain
* (which may be empty), and that the signer certificate and its
* supporting certificate chain are ordered bottom-to-top
*** 1915,1935 ****
return p.getName();
}
}
/**
- * Checks public key. If it is marked as trusted in
- * the identity database, add it to the policy
- * with the AllPermission.
- */
- private boolean checkForTrustedIdentity(final Certificate cert,
- PolicyInfo myInfo)
- {
- return false;
- }
-
- /**
* Each entry in the policy configuration file is represented by a
* PolicyEntry object. <p>
*
* A PolicyEntry is a (CodeSource,Permission) pair. The
* CodeSource contains the (URL, PublicKey) that together identify
--- 1887,1896 ----
*** 2280,2304 ****
private static final boolean verbose = false;
// Stores grant entries in the policy
final List<PolicyEntry> policyEntries;
- // Stores grant entries gotten from identity database
- // Use separate lists to avoid sync on policyEntries
- final List<PolicyEntry> identityPolicyEntries;
-
// Maps aliases to certs
final Map<Object, Object> aliasMapping;
// Maps ProtectionDomain to PermissionCollection
private final ProtectionDomainCache[] pdMapping;
private java.util.Random random;
PolicyInfo(int numCaches) {
policyEntries = new ArrayList<>();
- identityPolicyEntries =
- Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
aliasMapping = Collections.synchronizedMap(new HashMap<>(11));
pdMapping = new ProtectionDomainCache[numCaches];
JavaSecurityProtectionDomainAccess jspda
= SharedSecrets.getJavaSecurityProtectionDomainAccess();
--- 2241,2259 ----
< prev index next >