Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/javax/crypto/JarVerifier.java
38829 views
/*1* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package javax.crypto;2627import java.io.*;28import java.net.*;29import java.security.*;30import java.util.jar.*;3132/**33* This class verifies JAR files (and any supporting JAR files), and34* determines whether they may be used in this implementation.35*36* The JCE in OpenJDK has an open cryptographic interface, meaning it37* does not restrict which providers can be used. Compliance with38* United States export controls and with local law governing the39* import/export of products incorporating the JCE in the OpenJDK is40* the responsibility of the licensee.41*42* @since 1.743*/44final class JarVerifier {4546// The URL for the JAR file we want to verify.47private URL jarURL;48private boolean savePerms;49private CryptoPermissions appPerms = null;5051/**52* Creates a JarVerifier object to verify the given URL.53*54* @param jarURL the JAR file to be verified.55* @param savePerms if true, save the permissions allowed by the56* exemption mechanism57*/58JarVerifier(URL jarURL, boolean savePerms) {59this.jarURL = jarURL;60this.savePerms = savePerms;61}6263/**64* Verify the JAR file is signed by an entity which has a certificate65* issued by a trusted CA.66*67* In OpenJDK, we just need to examine the "cryptoperms" file to see68* if any permissions were bundled together with this jar file.69*/70void verify() throws JarException, IOException {7172// Short-circuit. If we weren't asked to save any, we're done.73if (!savePerms) {74return;75}7677// If the protocol of jarURL isn't "jar", we should78// construct a JAR URL so we can open a JarURLConnection79// for verifying this provider.80final URL url = jarURL.getProtocol().equalsIgnoreCase("jar")?81jarURL : new URL("jar:" + jarURL.toString() + "!/");8283JarFile jf = null;84try {8586// Get a link to the Jarfile to search.87try {88jf = AccessController.doPrivileged(89new PrivilegedExceptionAction<JarFile>() {90public JarFile run() throws Exception {91JarURLConnection conn =92(JarURLConnection) url.openConnection();93// You could do some caching here as94// an optimization.95conn.setUseCaches(false);96return conn.getJarFile();97}98});99} catch (java.security.PrivilegedActionException pae) {100throw new SecurityException("Cannot load " + url.toString(), pae);101}102103if (jf != null) {104JarEntry je = jf.getJarEntry("cryptoPerms");105if (je == null) {106throw new JarException(107"Can not find cryptoPerms");108}109try {110appPerms = new CryptoPermissions();111appPerms.load(jf.getInputStream(je));112} catch (Exception ex) {113JarException jex =114new JarException("Cannot load/parse" +115jarURL.toString());116jex.initCause(ex);117throw jex;118}119}120} finally {121// Only call close() when caching is not enabled.122// Otherwise, exceptions will be thrown for all123// subsequent accesses of this cached jar.124if (jf != null) {125jf.close();126}127}128}129130/**131* Verify that the provided certs include the132* framework signing certificate.133*134* @param certs the list of certs to be checked.135* @throws Exception if the list of certs did not contain136* the framework signing certificate137*/138static void verifyPolicySigned(java.security.cert.Certificate[] certs)139throws Exception {140}141142/**143* Returns the permissions which are bundled with the JAR file,144* aka the "cryptoperms" file.145*146* NOTE: if this JarVerifier instance is constructed with "savePerms"147* equal to false, then this method would always return null.148*/149CryptoPermissions getPermissions() {150return appPerms;151}152}153154155