src/java.base/share/classes/javax/crypto/JceSecurity.java
Print this page
rev 10700 : 8058845: Update JCE environment for build improvements
Reviewed-by: mullan, alanb, erikj, mchung, katleman
*** 74,88 ****
}
static {
try {
AccessController.doPrivileged(
! new PrivilegedExceptionAction<Object>() {
! public Object run() throws Exception {
setupJurisdictionPolicies();
return null;
- }
});
isRestricted = defaultPolicy.implies(
CryptoAllPermission.INSTANCE) ? false : true;
} catch (Exception e) {
--- 74,86 ----
}
static {
try {
AccessController.doPrivileged(
! (PrivilegedExceptionAction<Object>) () -> {
setupJurisdictionPolicies();
return null;
});
isRestricted = defaultPolicy.implies(
CryptoAllPermission.INSTANCE) ? false : true;
} catch (Exception e) {
*** 141,165 ****
* JAR file and returns the permissions bundled with the JAR.
*
* @throws Exception on error
*/
static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
! JarVerifier jv = new JarVerifier(codeBase, true);
jv.verify();
return jv.getPermissions();
}
/**
* Verify if the JAR at URL codeBase is a signed provider JAR file.
*
* @throws Exception on error
*/
! static void verifyProviderJar(URL codeBase) throws Exception {
// Verify the provider JAR file and all
// supporting JAR files if there are any.
! JarVerifier jv = new JarVerifier(codeBase, false);
! jv.verify();
}
private final static Object PROVIDER_VERIFIED = Boolean.TRUE;
/*
--- 139,163 ----
* JAR file and returns the permissions bundled with the JAR.
*
* @throws Exception on error
*/
static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
! URLVerifier jv = new URLVerifier(codeBase, true);
jv.verify();
return jv.getPermissions();
}
/**
* Verify if the JAR at URL codeBase is a signed provider JAR file.
*
* @throws Exception on error
*/
! static void verifyProviderJar(URL codeBase, Provider p) throws Exception {
// Verify the provider JAR file and all
// supporting JAR files if there are any.
! URLVerifier uv = new URLVerifier(codeBase, p, false);
! uv.verify();
}
private final static Object PROVIDER_VERIFIED = Boolean.TRUE;
/*
*** 181,191 ****
return new NoSuchProviderException("Recursion during verification");
}
try {
verifyingProviders.put(p, Boolean.FALSE);
URL providerURL = getCodeBase(p.getClass());
! verifyProviderJar(providerURL);
// Verified ok, cache result
verificationResults.put(p, PROVIDER_VERIFIED);
return null;
} catch (Exception e) {
verificationResults.put(p, e);
--- 179,189 ----
return new NoSuchProviderException("Recursion during verification");
}
try {
verifyingProviders.put(p, Boolean.FALSE);
URL providerURL = getCodeBase(p.getClass());
! verifyProviderJar(providerURL, p);
// Verified ok, cache result
verificationResults.put(p, PROVIDER_VERIFIED);
return null;
} catch (Exception e) {
verificationResults.put(p, e);
*** 220,240 ****
*/
static URL getCodeBase(final Class<?> clazz) {
synchronized (codeBaseCacheRef) {
URL url = codeBaseCacheRef.get(clazz);
if (url == null) {
! url = AccessController.doPrivileged(new PrivilegedAction<URL>() {
! public URL run() {
ProtectionDomain pd = clazz.getProtectionDomain();
if (pd != null) {
CodeSource cs = pd.getCodeSource();
if (cs != null) {
return cs.getLocation();
}
}
return NULL_URL;
- }
});
codeBaseCacheRef.put(clazz, url);
}
return (url == NULL_URL) ? null : url;
}
--- 218,237 ----
*/
static URL getCodeBase(final Class<?> clazz) {
synchronized (codeBaseCacheRef) {
URL url = codeBaseCacheRef.get(clazz);
if (url == null) {
! url = AccessController.doPrivileged(
! (PrivilegedAction<URL>) () -> {
ProtectionDomain pd = clazz.getProtectionDomain();
if (pd != null) {
CodeSource cs = pd.getCodeSource();
if (cs != null) {
return cs.getLocation();
}
}
return NULL_URL;
});
codeBaseCacheRef.put(clazz, url);
}
return (url == NULL_URL) ? null : url;
}
*** 313,323 ****
}
// Enforce the signer restraint, i.e. signer of JCE framework
// jar should also be the signer of the two jurisdiction policy
// jar files.
! JarVerifier.verifyPolicySigned(je.getCertificates());
}
// Close and nullify the JarFile reference to help GC.
jf.close();
jf = null;
}
--- 310,320 ----
}
// Enforce the signer restraint, i.e. signer of JCE framework
// jar should also be the signer of the two jurisdiction policy
// jar files.
! URLVerifier.verifyPolicySigned(je.getCertificates());
}
// Close and nullify the JarFile reference to help GC.
jf.close();
jf = null;
}