1 /*
2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package javax.crypto;
27
28 import java.util.*;
29 import java.util.jar.*;
30 import java.io.*;
31 import java.net.URL;
32 import java.security.*;
33
34 import java.security.Provider.Service;
35
36 import sun.security.jca.*;
37 import sun.security.jca.GetInstance.Instance;
38
39 /**
40 * This class instantiates implementations of JCE engine classes from
41 * providers registered with the java.security.Security object.
42 *
43 * @author Jan Luehe
44 * @author Sharon Liu
45 * @since 1.4
46 */
47
48 final class JceSecurity {
49
50 static final SecureRandom RANDOM = new SecureRandom();
51
52 // The defaultPolicy and exemptPolicy will be set up
53 // in the static initializer.
54 private static CryptoPermissions defaultPolicy = null;
55 private static CryptoPermissions exemptPolicy = null;
56
57 // Map<Provider,?> of the providers we already have verified
58 // value == PROVIDER_VERIFIED is successfully verified
59 // value is failure cause Exception in error case
60 private final static Map<Provider, Object> verificationResults =
61 new IdentityHashMap<>();
62
63 // Map<Provider,?> of the providers currently being verified
64 private final static Map<Provider, Object> verifyingProviders =
65 new IdentityHashMap<>();
66
67 // Set the default value. May be changed in the static initializer.
68 private static boolean isRestricted = true;
69
70 /*
71 * Don't let anyone instantiate this.
72 */
73 private JceSecurity() {
74 }
75
76 static {
77 try {
78 AccessController.doPrivileged(
79 new PrivilegedExceptionAction<Object>() {
80 public Object run() throws Exception {
81 setupJurisdictionPolicies();
82 return null;
83 }
84 });
85
86 isRestricted = defaultPolicy.implies(
87 CryptoAllPermission.INSTANCE) ? false : true;
88 } catch (Exception e) {
89 throw new SecurityException(
90 "Can not initialize cryptographic mechanism", e);
91 }
92 }
93
94 static Instance getInstance(String type, Class<?> clazz, String algorithm,
95 String provider) throws NoSuchAlgorithmException,
96 NoSuchProviderException {
97 Service s = GetInstance.getService(type, algorithm, provider);
98 Exception ve = getVerificationResult(s.getProvider());
99 if (ve != null) {
100 String msg = "JCE cannot authenticate the provider " + provider;
101 throw (NoSuchProviderException)
102 new NoSuchProviderException(msg).initCause(ve);
103 }
104 return GetInstance.getInstance(s, clazz);
105 }
106
107 static Instance getInstance(String type, Class<?> clazz, String algorithm,
108 Provider provider) throws NoSuchAlgorithmException {
109 Service s = GetInstance.getService(type, algorithm, provider);
110 Exception ve = JceSecurity.getVerificationResult(provider);
111 if (ve != null) {
112 String msg = "JCE cannot authenticate the provider "
113 + provider.getName();
114 throw new SecurityException(msg, ve);
115 }
116 return GetInstance.getInstance(s, clazz);
117 }
118
119 static Instance getInstance(String type, Class<?> clazz, String algorithm)
120 throws NoSuchAlgorithmException {
121 List<Service> services = GetInstance.getServices(type, algorithm);
122 NoSuchAlgorithmException failure = null;
123 for (Service s : services) {
124 if (canUseProvider(s.getProvider()) == false) {
125 // allow only signed providers
126 continue;
127 }
128 try {
129 Instance instance = GetInstance.getInstance(s, clazz);
130 return instance;
131 } catch (NoSuchAlgorithmException e) {
132 failure = e;
133 }
134 }
135 throw new NoSuchAlgorithmException("Algorithm " + algorithm
136 + " not available", failure);
137 }
138
139 /**
140 * Verify if the JAR at URL codeBase is a signed exempt application
141 * JAR file and returns the permissions bundled with the JAR.
142 *
143 * @throws Exception on error
144 */
145 static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
146 JarVerifier jv = new JarVerifier(codeBase, true);
147 jv.verify();
148 return jv.getPermissions();
149 }
150
151 /**
152 * Verify if the JAR at URL codeBase is a signed provider JAR file.
153 *
154 * @throws Exception on error
155 */
156 static void verifyProviderJar(URL codeBase) throws Exception {
157 // Verify the provider JAR file and all
158 // supporting JAR files if there are any.
159 JarVerifier jv = new JarVerifier(codeBase, false);
160 jv.verify();
161 }
162
163 private final static Object PROVIDER_VERIFIED = Boolean.TRUE;
164
165 /*
166 * Verify that the provider JAR files are signed properly, which
167 * means the signer's certificate can be traced back to a
168 * JCE trusted CA.
169 * Return null if ok, failure Exception if verification failed.
170 */
171 static synchronized Exception getVerificationResult(Provider p) {
172 Object o = verificationResults.get(p);
173 if (o == PROVIDER_VERIFIED) {
174 return null;
175 } else if (o != null) {
176 return (Exception)o;
177 }
178 if (verifyingProviders.get(p) != null) {
179 // this method is static synchronized, must be recursion
180 // return failure now but do not save the result
181 return new NoSuchProviderException("Recursion during verification");
182 }
183 try {
184 verifyingProviders.put(p, Boolean.FALSE);
185 URL providerURL = getCodeBase(p.getClass());
186 verifyProviderJar(providerURL);
187 // Verified ok, cache result
188 verificationResults.put(p, PROVIDER_VERIFIED);
189 return null;
190 } catch (Exception e) {
191 verificationResults.put(p, e);
192 return e;
193 } finally {
194 verifyingProviders.remove(p);
195 }
196 }
197
198 // return whether this provider is properly signed and can be used by JCE
199 static boolean canUseProvider(Provider p) {
200 return getVerificationResult(p) == null;
201 }
202
203 // dummy object to represent null
204 private static final URL NULL_URL;
205
206 static {
207 try {
208 NULL_URL = new URL("http://null.sun.com/");
209 } catch (Exception e) {
210 throw new RuntimeException(e);
211 }
212 }
213
214 // reference to a Map we use as a cache for codebases
215 private static final Map<Class<?>, URL> codeBaseCacheRef =
216 new WeakHashMap<>();
217
218 /*
219 * Retuns the CodeBase for the given class.
220 */
221 static URL getCodeBase(final Class<?> clazz) {
222 URL url = codeBaseCacheRef.get(clazz);
223 if (url == null) {
224 url = AccessController.doPrivileged(new PrivilegedAction<URL>() {
225 public URL run() {
226 ProtectionDomain pd = clazz.getProtectionDomain();
227 if (pd != null) {
228 CodeSource cs = pd.getCodeSource();
229 if (cs != null) {
230 return cs.getLocation();
231 }
232 }
233 return NULL_URL;
234 }
235 });
236 codeBaseCacheRef.put(clazz, url);
237 }
238 return (url == NULL_URL) ? null : url;
239 }
240
241 private static void setupJurisdictionPolicies() throws Exception {
242 String javaHomeDir = System.getProperty("java.home");
243 String sep = File.separator;
244 String pathToPolicyJar = javaHomeDir + sep + "lib" + sep +
245 "security" + sep;
246
247 File exportJar = new File(pathToPolicyJar, "US_export_policy.jar");
248 File importJar = new File(pathToPolicyJar, "local_policy.jar");
249 URL jceCipherURL = ClassLoader.getSystemResource
250 ("javax/crypto/Cipher.class");
251
252 if ((jceCipherURL == null) ||
253 !exportJar.exists() || !importJar.exists()) {
254 throw new SecurityException
255 ("Cannot locate policy or framework files!");
256 }
257
258 // Read jurisdiction policies.
259 CryptoPermissions defaultExport = new CryptoPermissions();
260 CryptoPermissions exemptExport = new CryptoPermissions();
261 loadPolicies(exportJar, defaultExport, exemptExport);
262
263 CryptoPermissions defaultImport = new CryptoPermissions();
264 CryptoPermissions exemptImport = new CryptoPermissions();
265 loadPolicies(importJar, defaultImport, exemptImport);
266
267 // Merge the export and import policies for default applications.
268 if (defaultExport.isEmpty() || defaultImport.isEmpty()) {
269 throw new SecurityException("Missing mandatory jurisdiction " +
270 "policy files");
271 }
272 defaultPolicy = defaultExport.getMinimum(defaultImport);
273
274 // Merge the export and import policies for exempt applications.
275 if (exemptExport.isEmpty()) {
276 exemptPolicy = exemptImport.isEmpty() ? null : exemptImport;
277 } else {
278 exemptPolicy = exemptExport.getMinimum(exemptImport);
279 }
280 }
281
282 /**
283 * Load the policies from the specified file. Also checks that the
284 * policies are correctly signed.
285 */
286 private static void loadPolicies(File jarPathName,
287 CryptoPermissions defaultPolicy,
288 CryptoPermissions exemptPolicy)
289 throws Exception {
290
291 JarFile jf = new JarFile(jarPathName);
292
293 Enumeration<JarEntry> entries = jf.entries();
294 while (entries.hasMoreElements()) {
295 JarEntry je = entries.nextElement();
296 InputStream is = null;
297 try {
298 if (je.getName().startsWith("default_")) {
299 is = jf.getInputStream(je);
300 defaultPolicy.load(is);
301 } else if (je.getName().startsWith("exempt_")) {
302 is = jf.getInputStream(je);
303 exemptPolicy.load(is);
304 } else {
305 continue;
306 }
307 } finally {
308 if (is != null) {
309 is.close();
310 }
311 }
312
313 // Enforce the signer restraint, i.e. signer of JCE framework
314 // jar should also be the signer of the two jurisdiction policy
315 // jar files.
316 JarVerifier.verifyPolicySigned(je.getCertificates());
317 }
318 // Close and nullify the JarFile reference to help GC.
319 jf.close();
320 jf = null;
321 }
322
323 static CryptoPermissions getDefaultPolicy() {
324 return defaultPolicy;
325 }
326
327 static CryptoPermissions getExemptPolicy() {
328 return exemptPolicy;
329 }
330
331 static boolean isRestricted() {
332 return isRestricted;
333 }
334 }