src/java.base/share/classes/sun/security/provider/PolicyFile.java

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this

@@ -276,11 +276,10 @@
     // contains the policy grant entries, PD cache, and alias mapping
     private AtomicReference<PolicyInfo> policyInfo = new AtomicReference<>();
     private boolean constructed = false;
 
     private boolean expandProperties = true;
-    private boolean ignoreIdentityScope = true;
     private boolean allowSystemProperties = true;
     private boolean notUtf8 = false;
     private URL url;
 
     // for use with the reflection API

@@ -413,12 +412,10 @@
         String numCacheStr =
           AccessController.doPrivileged(new PrivilegedAction<String>() {
             public String run() {
                 expandProperties = "true".equalsIgnoreCase
                     (Security.getProperty("policy.expandProperties"));
-                ignoreIdentityScope = "true".equalsIgnoreCase
-                    (Security.getProperty("policy.ignoreIdentityScope"));
                 allowSystemProperties = "true".equalsIgnoreCase
                     (Security.getProperty("policy.allowSystemProperty"));
                 notUtf8 = "false".equalsIgnoreCase
                     (System.getProperty("sun.security.policy.utf8"));
                 return System.getProperty("sun.security.policy.numcaches");

@@ -1204,35 +1201,10 @@
 
         for (PolicyEntry entry : pi.policyEntries) {
             addPermissions(perms, cs, principals, entry);
         }
 
-        // Go through policyEntries gotten from identity db; sync required
-        // because checkForTrustedIdentity (below) might update list
-        synchronized (pi.identityPolicyEntries) {
-            for (PolicyEntry entry : pi.identityPolicyEntries) {
-                addPermissions(perms, cs, principals, entry);
-            }
-        }
-
-        // now see if any of the keys are trusted ids.
-        if (!ignoreIdentityScope) {
-            Certificate certs[] = cs.getCertificates();
-            if (certs != null) {
-                for (int k=0; k < certs.length; k++) {
-                    Object idMap = pi.aliasMapping.get(certs[k]);
-                    if (idMap == null &&
-                        checkForTrustedIdentity(certs[k], pi)) {
-                        // checkForTrustedIdentity added it
-                        // to the policy for us. next time
-                        // around we'll find it. This time
-                        // around we need to add it.
-                        perms.add(SecurityConstants.ALL_PERMISSION);
-                    }
-                }
-            }
-        }
         return perms;
     }
 
     private void addPermissions(Permissions perms,
         final CodeSource cs,

@@ -1618,11 +1590,11 @@
     /*
      * Returns the signer certificates from the list of certificates
      * associated with the given code source.
      *
      * The signer certificates are those certificates that were used
-     * to verifysigned code originating from the codesource location.
+     * to verify signed code originating from the codesource location.
      *
      * This method assumes that in the given code source, each signer
      * certificate is followed by its supporting certificate chain
      * (which may be empty), and that the signer certificate and its
      * supporting certificate chain are ordered bottom-to-top

@@ -1915,21 +1887,10 @@
             return p.getName();
         }
     }
 
     /**
-     * Checks public key. If it is marked as trusted in
-     * the identity database, add it to the policy
-     * with the AllPermission.
-     */
-    private boolean checkForTrustedIdentity(final Certificate cert,
-        PolicyInfo myInfo)
-    {
-        return false;
-    }
-
-    /**
      * Each entry in the policy configuration file is represented by a
      * PolicyEntry object.  <p>
      *
      * A PolicyEntry is a (CodeSource,Permission) pair.  The
      * CodeSource contains the (URL, PublicKey) that together identify

@@ -2280,25 +2241,19 @@
         private static final boolean verbose = false;
 
         // Stores grant entries in the policy
         final List<PolicyEntry> policyEntries;
 
-        // Stores grant entries gotten from identity database
-        // Use separate lists to avoid sync on policyEntries
-        final List<PolicyEntry> identityPolicyEntries;
-
         // Maps aliases to certs
         final Map<Object, Object> aliasMapping;
 
         // Maps ProtectionDomain to PermissionCollection
         private final ProtectionDomainCache[] pdMapping;
         private java.util.Random random;
 
         PolicyInfo(int numCaches) {
             policyEntries = new ArrayList<>();
-            identityPolicyEntries =
-                Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
             aliasMapping = Collections.synchronizedMap(new HashMap<>(11));
 
             pdMapping = new ProtectionDomainCache[numCaches];
             JavaSecurityProtectionDomainAccess jspda
                 = SharedSecrets.getJavaSecurityProtectionDomainAccess();