# HG changeset patch # User wetmore # Date 1411334342 25200 # Sun Sep 21 14:19:02 2014 -0700 # Node ID 35aae6b7279f1f12456467f90270a85aa558c721 # Parent e785dfef65ce6987d041610b63d114637f1d1fb6 8058845: Update JCE environment for build improvements Reviewed-by: mullan, alanb, erikj, mchung, katleman diff --git a/make/CreatePolicyJars.gmk b/make/CreatePolicyJars.gmk --- a/make/CreatePolicyJars.gmk +++ b/make/CreatePolicyJars.gmk @@ -1,5 +1,5 @@ # -# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -41,31 +41,51 @@ US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED := \ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/US_export_policy.jar + ifndef OPENJDK + # + # In past releases, Oracle JDK has had a separately downloadable set of + # policy files which has been a nightmare for deployment. + # + # Now if we're closed and limited (default for Oracle JDK), create + # an "unlimited_policy" directory that contains the unlimited policy + # files. It will be up to the user/deployer to make an informed choice + # as to whether they are legally entitled to use the unlimited policy + # file in their environment. Users/deployers simply need to overwrite + # the files. Consult README.txt (below) for more info. + # + UNLIMITED_POLICY_DIR := $(JDK_OUTPUTDIR)/lib/security/unlimited_policy + endif + # # TODO fix so that SetupArchive does not write files into SRCS # then we don't need this extra copying # # NOTE: We currently do not place restrictions on our limited export # policy. This was not a typo. This means we are shipping the same file - # for both limimted and unlimited US_export_policy.jar. + # for both limited and unlimited US_export_policy.jar. Only the local + # policy file currently has restrictions. # - US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited + US_EXPORT_POLICY_JAR_SRC_DIR := \ + $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited US_EXPORT_POLICY_JAR_TMP := \ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/US_export_policy_jar.tmp $(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/% $(install-file) - US_EXPORT_POLICY_JAR_DEPS := $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy + US_EXPORT_POLICY_JAR_DEPS := \ + $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy - $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, $(US_EXPORT_POLICY_JAR_DEPS), \ + $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, \ + $(US_EXPORT_POLICY_JAR_DEPS), \ SRCS := $(US_EXPORT_POLICY_JAR_TMP), \ SUFFIXES := .policy, \ JAR := $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED), \ EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ SKIP_METAINF := true)) - $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED): $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) + $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED): \ + $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) $(ECHO) $(LOG_INFO) Copying unlimited $(patsubst $(OUTPUT_ROOT)/%,%,$@) $(install-file) @@ -73,20 +93,20 @@ $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) endif -ifndef OPENJDK - ifeq ($(UNLIMITED_CRYPTO), true) - $(error No prebuilt unlimited crypto jars available) - endif - $(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar - $(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +ifeq ($(UNLIMITED_CRYPTO), true) + $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) $(install-file) else - ifeq ($(UNLIMITED_CRYPTO), true) - $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) + $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED) $(install-file) - else - $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED) +endif + +ifndef OPENJDK + ifneq ($(UNLIMITED_CRYPTO), true) + $(UNLIMITED_POLICY_DIR)/US_export_policy.jar: \ + $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) $(install-file) + TARGETS += $(UNLIMITED_POLICY_DIR)/US_export_policy.jar endif endif @@ -112,10 +132,12 @@ LOCAL_POLICY_JAR_UNLIMITED_TMP := \ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/local_policy_jar.tmp - $(LOCAL_POLICY_JAR_LIMITED_TMP)/%: $(JDK_TOPDIR)/make/data/cryptopolicy/limited/% + $(LOCAL_POLICY_JAR_LIMITED_TMP)/%: \ + $(JDK_TOPDIR)/make/data/cryptopolicy/limited/% $(install-file) - $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/%: $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited/% + $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/%: \ + $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited/% $(install-file) $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_LIMITED, \ @@ -135,28 +157,34 @@ EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ SKIP_METAINF := true)) - TARGETS += $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) + TARGETS += $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) \ + $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) ifndef OPENJDK - $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt: \ - $(JDK_TOPDIR)/make/closed/javax/crypto/doc/README.txt - $(install-file) + ifneq ($(UNLIMITED_CRYPTO), true) + $(UNLIMITED_POLICY_DIR)/README.txt: \ + $(JDK_TOPDIR)/make/closed/javax/crypto/doc/README.txt + $(install-file) - TARGETS += $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt + TARGETS += $(UNLIMITED_POLICY_DIR)/README.txt + endif endif endif +ifeq ($(UNLIMITED_CRYPTO), true) + $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) + $(install-file) +else + $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) + $(install-file) +endif + ifndef OPENJDK - $(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar - $(ECHO) $(LOG_INFO) Copying prebuilt $(@F) - $(install-file) -else - ifeq ($(UNLIMITED_CRYPTO), true) - $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) - $(install-file) - else - $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) - $(install-file) + ifneq ($(UNLIMITED_CRYPTO), true) + $(UNLIMITED_POLICY_DIR)/local_policy.jar: \ + $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) + $(install-file) + TARGETS += $(UNLIMITED_POLICY_DIR)/local_policy.jar endif endif diff --git a/make/CreateSecurityJars.gmk b/make/CreateSecurityJars.gmk --- a/make/CreateSecurityJars.gmk +++ b/make/CreateSecurityJars.gmk @@ -1,5 +1,5 @@ # -# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -29,16 +29,13 @@ include MakeBase.gmk include JavaCompilation.gmk -# The jars created in this file are required for the exploded jdk image to function and -# cannot wait to be built in the images target. - ########################################################################################## # Create manifest for security jars # # Include these extra attributes for now, should probably take out. # MAINMANIFEST := $(JDK_TOPDIR)/make/data/mainmanifest/manifest.mf -JCE_MANIFEST := $(JDK_OUTPUTDIR)/lib/_the.security.manifest.mf +JCE_MANIFEST := $(JDK_OUTPUTDIR)/jce/unsigned/_the.security.manifest.mf $(JCE_MANIFEST): $(MAINMANIFEST) $(MKDIR) -p $(@D) @@ -48,18 +45,15 @@ $(MAINMANIFEST) >> $@.tmp $(ECHO) "Extension-Name: javax.crypto" >> $@.tmp $(ECHO) "Implementation-Vendor-Id: com.sun" >> $@.tmp + $(ECHO) "Release-Version: $(RELEASE)" >> $@.tmp $(MV) $@.tmp $@ ########################################################################################## -# For security and crypto jars, always build the jar, but for closed, install the prebuilt -# signed version instead of the newly built jar. Unsigned jars are treated as intermediate -# targets and explicitly added to the TARGETS list. For open, signing is not needed. See -# SignJars.gmk for more information. +# For crypto jars, always build the jar. # -# The source for the crypto jars is not available for all licensees. The BUILD_CRYPTO -# variable is set to no if these jars can't be built to skip that step of the build. -# Note that for OPENJDK, the build will fail if BUILD_CRYPTO=no since then there is no -# other way to get the jars than to build them. +# The source for the crypto jars is not available for all licensees. +# The BUILD_CRYPTO variable is set to no if these jars can't be built +# to skip that step of the build. SUNPKCS11_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunpkcs11.jar SUNPKCS11_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/sunpkcs11.jar @@ -74,15 +68,8 @@ $(SUNPKCS11_JAR_UNSIGNED): $(JCE_MANIFEST) -ifndef OPENJDK - SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar - $(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +$(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED) $(install-file) -else - $(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED) - $(install-file) -endif TARGETS += $(SUNPKCS11_JAR_UNSIGNED) $(SUNPKCS11_JAR_DST) @@ -101,22 +88,16 @@ $(SUNEC_JAR_UNSIGNED): $(JCE_MANIFEST) -ifndef OPENJDK - SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar - $(SUNEC_JAR_DST): $(SUNEC_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +$(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED) $(install-file) -else - $(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED) - $(install-file) -endif TARGETS += $(SUNEC_JAR_UNSIGNED) $(SUNEC_JAR_DST) ########################################################################################## SUNJCE_PROVIDER_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunjce_provider.jar -SUNJCE_PROVIDER_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/sunjce_provider.jar +SUNJCE_PROVIDER_JAR_UNSIGNED := \ + $(JDK_OUTPUTDIR)/jce/unsigned/sunjce_provider.jar ifneq ($(BUILD_CRYPTO), no) $(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR, , \ @@ -132,15 +113,8 @@ TARGETS += $(SUNJCE_PROVIDER_JAR_UNSIGNED) endif -ifndef OPENJDK - SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar - $(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +$(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED) $(install-file) -else - $(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED) - $(install-file) -endif TARGETS += $(SUNJCE_PROVIDER_JAR_DST) @@ -163,15 +137,8 @@ TARGETS += $(JCE_JAR_UNSIGNED) endif -ifndef OPENJDK - JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar - $(JCE_JAR_DST): $(JCE_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +$(JCE_JAR_DST): $(JCE_JAR_UNSIGNED) $(install-file) -else - $(JCE_JAR_DST): $(JCE_JAR_UNSIGNED) - $(install-file) -endif TARGETS += $(JCE_JAR_DST) @@ -192,15 +159,8 @@ $(SUNMSCAPI_JAR_UNSIGNED): $(JCE_MANIFEST) - ifndef OPENJDK - SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar - $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) + $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED) $(install-file) - else - $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED) - $(install-file) - endif TARGETS += $(SUNMSCAPI_JAR_UNSIGNED) $(SUNMSCAPI_JAR_DST) @@ -213,7 +173,6 @@ UCRYPTO_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/ucrypto.jar UCRYPTO_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/ucrypto.jar - UCRYPTO_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ucrypto/ucrypto.jar $(eval $(call SetupArchive,BUILD_UCRYPTO_JAR, , \ SRCS := $(JDK_OUTPUTDIR)/modules/jdk.crypto.ucrypto, \ @@ -225,8 +184,7 @@ $(UCRYPTO_JAR_UNSIGNED): $(JCE_MANIFEST) - $(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) + $(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_UNSIGNED) $(install-file) TARGETS += $(UCRYPTO_JAR_UNSIGNED) $(UCRYPTO_JAR_DST) diff --git a/make/SignJars.gmk b/make/SignJars.gmk deleted file mode 100644 --- a/make/SignJars.gmk +++ /dev/null @@ -1,126 +0,0 @@ -# -# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. Oracle designates this -# particular file as subject to the "Classpath" exception as provided -# by Oracle in the LICENSE file that accompanied this code. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -include $(SPEC) -include MakeBase.gmk - -# (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Oracle JDK -# builds respectively.) -# -# JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE -# jar files do not require signing, but those for JDK do. If an unsigned -# jar file is installed into JDK, things will break when the crypto -# routines are called. -# -# All jars are created in CreateJars.gmk. This Makefile does the signing -# of the jars for JDK. -# -# For JDK, the binaries use pre-built/pre-signed binary files stored in -# the closed workspace that are not shipped in the OpenJDK workspaces. -# We still build the JDK files to verify the files compile, and in -# preparation for possible signing. Developers working on JCE in JDK -# must sign the JCE files before testing. The JCE signing key is kept -# separate from the JDK workspace to prevent its disclosure. -# -# SPECIAL NOTE TO JCE/JDK developers: The source files must eventually -# be built, signed, and then the resulting jar files MUST BE CHECKED -# INTO THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT -# BE FORGOTTEN*, otherwise a bug fixed in the source code will not be -# reflected in the shipped binaries. -# -# Please consult with Release Engineering, which is responsible for -# creating the final JCE builds suitable for checkin. -# - -# Default target -all: - -ifndef OPENJDK - -README-MAKEFILE_WARNING := \ - "\nPlease read jdk/make/SignJars.gmk for further build instructions.\n" - -# -# Location for JCE codesigning key. -# -SIGNING_KEY_DIR := /security/ws/JCE-signing/src -SIGNING_KEYSTORE := $(SIGNING_KEY_DIR)/KeyStore.jks -SIGNING_PASSPHRASE := $(SIGNING_KEY_DIR)/passphrase.txt -SIGNING_ALIAS := oracle_jce_rsa - -# -# Defines for signing the various jar files. -# -check-keystore: - @if [ ! -f $(SIGNING_KEYSTORE) -o ! -f $(SIGNING_PASSPHRASE) ]; then \ - $(PRINTF) "\n$(SIGNING_KEYSTORE): Signing mechanism *NOT* available..."; \ - $(PRINTF) $(README-MAKEFILE_WARNING); \ - exit 2; \ - fi - -$(JDK_OUTPUTDIR)/jce/signed/%: $(JDK_OUTPUTDIR)/jce/unsigned/% - $(call install-file) - $(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \ - $@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE) - @$(PRINTF) "\nJar codesigning finished.\n" - -JAR_LIST := \ - jce.jar \ - policy/limited/local_policy.jar \ - policy/limited/US_export_policy.jar \ - policy/unlimited/local_policy.jar \ - policy/unlimited/US_export_policy.jar \ - sunec.jar \ - sunjce_provider.jar \ - sunpkcs11.jar \ - sunmscapi.jar \ - ucrypto.jar \ - # - -UNSIGNED_JARS := $(wildcard $(addprefix $(JDK_OUTPUTDIR)/jce/unsigned/, $(JAR_LIST))) - -ifeq ($(UNSIGNED_JARS), ) - $(error No jars found in $(JDK_OUTPUTDIR)/jce/unsigned/) -endif - -SIGNED_JARS := $(patsubst $(JDK_OUTPUTDIR)/jce/unsigned/%,$(JDK_OUTPUTDIR)/jce/signed/%, \ - $(UNSIGNED_JARS)) - -$(SIGNED_JARS): check-keystore - -$(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt: \ - $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt - $(install-file) - -all: $(SIGNED_JARS) $(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt - @$(PRINTF) "\n*** The jar files built by the 'sign-jars' target are developer ***" - @$(PRINTF) "\n*** builds only and *MUST NOT* be checked into the closed workspace. ***" - @$(PRINTF) "\n*** ***" - @$(PRINTF) "\n*** Please consult with Release Engineering: they will generate ***" - @$(PRINTF) "\n*** the proper binaries for the closed workspace. ***" - @$(PRINTF) "\n" - @$(PRINTF) $(README-MAKEFILE_WARNING) - -endif # !OPENJDK diff --git a/make/profile-includes.txt b/make/profile-includes.txt --- a/make/profile-includes.txt +++ b/make/profile-includes.txt @@ -77,6 +77,9 @@ security/java.security \ security/local_policy.jar \ security/trusted.libraries \ + security/unlimited_policy/README.txt \ + security/unlimited_policy/US_export_policy.jar \ + security/unlimited_policy/local_policy.jar \ tzdb.dat PROFILE_1_JRE_OTHER_FILES := \ @@ -97,8 +100,9 @@ resources.jar \ rt.jar \ security/US_export_policy.jar \ - security/local_policy.jar - + security/local_policy.jar \ + security/unlimited_policy/US_export_policy.jar \ + security/unlimited_policy/local_policy.jar PROFILE_2_JRE_BIN_FILES := \ rmid$(EXE_SUFFIX) \ diff --git a/src/java.base/share/classes/javax/crypto/Cipher.java b/src/java.base/share/classes/javax/crypto/Cipher.java --- a/src/java.base/share/classes/javax/crypto/Cipher.java +++ b/src/java.base/share/classes/javax/crypto/Cipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -260,7 +260,7 @@ // See bug 4341369 & 4334690 for more info. // If the caller is trusted, then okey. // Otherwise throw a NullPointerException. - if (!JceSecurityManager.INSTANCE.isCallerTrusted()) { + if (!JceSecurityManager.INSTANCE.isCallerTrusted(provider)) { throw new NullPointerException(); } this.spi = cipherSpi; diff --git a/src/java.base/share/classes/javax/crypto/JceSecurity.java b/src/java.base/share/classes/javax/crypto/JceSecurity.java --- a/src/java.base/share/classes/javax/crypto/JceSecurity.java +++ b/src/java.base/share/classes/javax/crypto/JceSecurity.java @@ -76,12 +76,10 @@ static { try { AccessController.doPrivileged( - new PrivilegedExceptionAction() { - public Object run() throws Exception { - setupJurisdictionPolicies(); - return null; - } - }); + (PrivilegedExceptionAction) () -> { + setupJurisdictionPolicies(); + return null; + }); isRestricted = defaultPolicy.implies( CryptoAllPermission.INSTANCE) ? false : true; @@ -143,7 +141,7 @@ * @throws Exception on error */ static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception { - JarVerifier jv = new JarVerifier(codeBase, true); + URLVerifier jv = new URLVerifier(codeBase, true); jv.verify(); return jv.getPermissions(); } @@ -153,11 +151,11 @@ * * @throws Exception on error */ - static void verifyProviderJar(URL codeBase) throws Exception { + static void verifyProviderJar(URL codeBase, Provider p) throws Exception { // Verify the provider JAR file and all // supporting JAR files if there are any. - JarVerifier jv = new JarVerifier(codeBase, false); - jv.verify(); + URLVerifier uv = new URLVerifier(codeBase, p, false); + uv.verify(); } private final static Object PROVIDER_VERIFIED = Boolean.TRUE; @@ -183,7 +181,7 @@ try { verifyingProviders.put(p, Boolean.FALSE); URL providerURL = getCodeBase(p.getClass()); - verifyProviderJar(providerURL); + verifyProviderJar(providerURL, p); // Verified ok, cache result verificationResults.put(p, PROVIDER_VERIFIED); return null; @@ -222,17 +220,16 @@ synchronized (codeBaseCacheRef) { URL url = codeBaseCacheRef.get(clazz); if (url == null) { - url = AccessController.doPrivileged(new PrivilegedAction() { - public URL run() { - ProtectionDomain pd = clazz.getProtectionDomain(); - if (pd != null) { - CodeSource cs = pd.getCodeSource(); - if (cs != null) { - return cs.getLocation(); - } + url = AccessController.doPrivileged( + (PrivilegedAction) () -> { + ProtectionDomain pd = clazz.getProtectionDomain(); + if (pd != null) { + CodeSource cs = pd.getCodeSource(); + if (cs != null) { + return cs.getLocation(); } - return NULL_URL; } + return NULL_URL; }); codeBaseCacheRef.put(clazz, url); } @@ -315,7 +312,7 @@ // Enforce the signer restraint, i.e. signer of JCE framework // jar should also be the signer of the two jurisdiction policy // jar files. - JarVerifier.verifyPolicySigned(je.getCertificates()); + URLVerifier.verifyPolicySigned(je.getCertificates()); } // Close and nullify the JarFile reference to help GC. jf.close(); diff --git a/src/java.base/share/classes/javax/crypto/JceSecurityManager.java b/src/java.base/share/classes/javax/crypto/JceSecurityManager.java --- a/src/java.base/share/classes/javax/crypto/JceSecurityManager.java +++ b/src/java.base/share/classes/javax/crypto/JceSecurityManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -228,7 +228,7 @@ } // See bug 4341369 & 4334690 for more info. - boolean isCallerTrusted() { + boolean isCallerTrusted(Provider provider) { // Get the caller and its codebase. Class[] context = getClassContext(); URL callerCodeBase = null; @@ -249,7 +249,7 @@ } // Check whether the caller is a trusted provider. try { - JceSecurity.verifyProviderJar(callerCodeBase); + JceSecurity.verifyProviderJar(callerCodeBase, provider); } catch (Exception e2) { return false; } diff --git a/src/java.base/share/classes/javax/crypto/KeyGenerator.java b/src/java.base/share/classes/javax/crypto/KeyGenerator.java --- a/src/java.base/share/classes/javax/crypto/KeyGenerator.java +++ b/src/java.base/share/classes/javax/crypto/KeyGenerator.java @@ -304,7 +304,7 @@ /** * Update the active spi of this class and return the next - * implementation for failover. If no more implemenations are + * implementation for failover. If no more implementations are * available, this method returns null. However, the active spi of * this class is never set to null. */ diff --git a/src/java.base/share/classes/javax/crypto/JarVerifier.java b/src/java.base/share/classes/javax/crypto/URLVerifier.java rename from src/java.base/share/classes/javax/crypto/JarVerifier.java rename to src/java.base/share/classes/javax/crypto/URLVerifier.java --- a/src/java.base/share/classes/javax/crypto/JarVerifier.java +++ b/src/java.base/share/classes/javax/crypto/URLVerifier.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,8 +31,9 @@ import java.util.jar.*; /** - * This class verifies JAR files (and any supporting JAR files), and - * determines whether they may be used in this implementation. + * This class verifies resources found at a URL (currently only JAR + * files and any supporting JAR files), and determines whether they may + * be used in this implementation. * * The JCE in OpenJDK has an open cryptographic interface, meaning it * does not restrict which providers can be used. Compliance with @@ -42,22 +43,36 @@ * * @since 1.7 */ -final class JarVerifier { +final class URLVerifier { // The URL for the JAR file we want to verify. private URL jarURL; + private Provider provider; private boolean savePerms; private CryptoPermissions appPerms = null; /** - * Creates a JarVerifier object to verify the given URL. + * Creates a URLVerifier object to verify the given URL. * * @param jarURL the JAR file to be verified. * @param savePerms if true, save the permissions allowed by the * exemption mechanism */ - JarVerifier(URL jarURL, boolean savePerms) { + URLVerifier(URL jarURL, boolean savePerms) { + this(jarURL, null, savePerms); + } + + /** + * Creates a URLVerifier object to verify the given URL. + * + * @param jarURL the JAR file to be verified + * @param provider the corresponding provider. + * @param savePerms if true, save the permissions allowed by the + * exemption mechanism + */ + URLVerifier(URL jarURL, Provider provider, boolean savePerms) { this.jarURL = jarURL; + this.provider = provider; this.savePerms = savePerms; } @@ -98,7 +113,8 @@ } }); } catch (java.security.PrivilegedActionException pae) { - throw new SecurityException("Cannot load " + url.toString(), pae); + throw new SecurityException("Cannot load " + url.toString(), + pae); } if (jf != null) { @@ -144,7 +160,7 @@ * Returns the permissions which are bundled with the JAR file, * aka the "cryptoperms" file. * - * NOTE: if this JarVerifier instance is constructed with "savePerms" + * NOTE: if this URLVerifier instance is constructed with "savePerms" * equal to false, then this method would always return null. */ CryptoPermissions getPermissions() {