Mercurial > hg > release > icedtea7-forest-2.0 > jdk
changeset 4553:39d4113a023c
Remove unnecessary crypto restrictions.
Contributed by: Mark Wielaard <mjw@klomp.org>
| author | andrew |
|---|---|
| date | Thu, 22 Sep 2011 01:11:21 +0100 |
| parents | 92e3d0e5b85a |
| children | 2a3693537ec8 |
| files | make/javax/crypto/Makefile src/share/classes/javax/crypto/Cipher.java src/share/classes/javax/crypto/JarVerifier.java src/share/classes/javax/crypto/JceSecurity.java src/share/classes/javax/crypto/JceSecurityManager.java test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java |
| diffstat | 6 files changed, 14 insertions(+), 834 deletions(-) [+] |
line wrap: on
line diff
--- a/make/javax/crypto/Makefile Thu Sep 22 01:07:11 2011 +0100 +++ b/make/javax/crypto/Makefile Thu Sep 22 01:11:21 2011 +0100 @@ -156,7 +156,8 @@ # ifdef OPENJDK -all: build-jar install-jar build-policy install-limited +# We don't need any policy files. +all: build-jar install-jar else # OPENJDK ifeq ($(strip $(FILES_java)),) all:
--- a/src/share/classes/javax/crypto/Cipher.java Thu Sep 22 01:07:11 2011 +0100 +++ b/src/share/classes/javax/crypto/Cipher.java Thu Sep 22 01:11:21 2011 +0100 @@ -198,12 +198,6 @@ // The transformation private String transformation; - // Crypto permission representing the maximum allowable cryptographic - // strength that this Cipher object can be used for. (The cryptographic - // strength is a function of the keysize and algorithm parameters encoded - // in the crypto permission.) - private CryptoPermission cryptoPerm; - // The exemption mechanism that needs to be enforced private ExemptionMechanism exmech; @@ -244,16 +238,9 @@ protected Cipher(CipherSpi cipherSpi, Provider provider, String transformation) { - // See bug 4341369 & 4334690 for more info. - // If the caller is trusted, then okey. - // Otherwise throw a NullPointerException. - if (!JceSecurityManager.INSTANCE.isCallerTrusted()) { - throw new NullPointerException(); - } this.spi = cipherSpi; this.provider = provider; this.transformation = transformation; - this.cryptoPerm = CryptoAllPermission.INSTANCE; this.lock = null; } @@ -266,7 +253,6 @@ Cipher(CipherSpi cipherSpi, String transformation) { this.spi = cipherSpi; this.transformation = transformation; - this.cryptoPerm = CryptoAllPermission.INSTANCE; this.lock = null; } @@ -495,9 +481,6 @@ Exception failure = null; while (t.hasNext()) { Service s = (Service)t.next(); - if (JceSecurity.canUseProvider(s.getProvider()) == false) { - continue; - } Transform tr = getTransform(s, transforms); if (tr == null) { // should never happen @@ -621,7 +604,6 @@ } Exception failure = null; List transforms = getTransforms(transformation); - boolean providerChecked = false; String paddingError = null; for (Iterator t = transforms.iterator(); t.hasNext();) { Transform tr = (Transform)t.next(); @@ -629,19 +611,6 @@ if (s == null) { continue; } - if (providerChecked == false) { - // for compatibility, first do the lookup and then verify - // the provider. this makes the difference between a NSAE - // and a SecurityException if the - // provider does not support the algorithm. - Exception ve = JceSecurity.getVerificationResult(provider); - if (ve != null) { - String msg = "JCE cannot authenticate the provider " - + provider.getName(); - throw new SecurityException(msg, ve); - } - providerChecked = true; - } if (tr.supportsMode(s) == S_NO) { continue; } @@ -654,7 +623,6 @@ tr.setModePadding(spi); Cipher cipher = new Cipher(spi, transformation); cipher.provider = s.getProvider(); - cipher.initCryptoPermission(); return cipher; } catch (Exception e) { failure = e; @@ -673,22 +641,6 @@ ("No such algorithm: " + transformation, failure); } - // If the requested crypto service is export-controlled, - // determine the maximum allowable keysize. - private void initCryptoPermission() throws NoSuchAlgorithmException { - if (JceSecurity.isRestricted() == false) { - cryptoPerm = CryptoAllPermission.INSTANCE; - exmech = null; - return; - } - cryptoPerm = getConfiguredPermission(transformation); - // Instantiate the exemption mechanism (if required) - String exmechName = cryptoPerm.getExemptionMechanism(); - if (exmechName != null) { - exmech = ExemptionMechanism.getInstance(exmechName); - } - } - // max number of debug warnings to print from chooseFirstProvider() private static int warnCount = 10; @@ -730,9 +682,6 @@ s = (Service)serviceIterator.next(); thisSpi = null; } - if (JceSecurity.canUseProvider(s.getProvider()) == false) { - continue; - } Transform tr = getTransform(s, transforms); if (tr == null) { // should never happen @@ -750,7 +699,6 @@ thisSpi = (CipherSpi)obj; } tr.setModePadding(thisSpi); - initCryptoPermission(); spi = thisSpi; provider = s.getProvider(); // not needed any more @@ -782,19 +730,15 @@ InvalidAlgorithmParameterException { switch (type) { case I_KEY: - checkCryptoPerm(thisSpi, key); thisSpi.engineInit(opmode, key, random); break; case I_PARAMSPEC: - checkCryptoPerm(thisSpi, key, paramSpec); thisSpi.engineInit(opmode, key, paramSpec, random); break; case I_PARAMS: - checkCryptoPerm(thisSpi, key, params); thisSpi.engineInit(opmode, key, params, random); break; case I_CERT: - checkCryptoPerm(thisSpi, key); thisSpi.engineInit(opmode, key, random); break; default: @@ -828,9 +772,6 @@ if (s.supportsParameter(key) == false) { continue; } - if (JceSecurity.canUseProvider(s.getProvider()) == false) { - continue; - } Transform tr = getTransform(s, transforms); if (tr == null) { // should never happen @@ -844,7 +785,6 @@ thisSpi = (CipherSpi)s.newInstance(null); } tr.setModePadding(thisSpi); - initCryptoPermission(); implInit(thisSpi, initType, opmode, key, paramSpec, params, random); provider = s.getProvider(); @@ -990,107 +930,6 @@ return exmech; } - // - // Crypto permission check code below - // - private void checkCryptoPerm(CipherSpi checkSpi, Key key) - throws InvalidKeyException { - if (cryptoPerm == CryptoAllPermission.INSTANCE) { - return; - } - // Check if key size and default parameters are within legal limits - AlgorithmParameterSpec params; - try { - params = getAlgorithmParameterSpec(checkSpi.engineGetParameters()); - } catch (InvalidParameterSpecException ipse) { - throw new InvalidKeyException - ("Unsupported default algorithm parameters"); - } - if (!passCryptoPermCheck(checkSpi, key, params)) { - throw new InvalidKeyException( - "Illegal key size or default parameters"); - } - } - - private void checkCryptoPerm(CipherSpi checkSpi, Key key, - AlgorithmParameterSpec params) throws InvalidKeyException, - InvalidAlgorithmParameterException { - if (cryptoPerm == CryptoAllPermission.INSTANCE) { - return; - } - // Determine keysize and check if it is within legal limits - if (!passCryptoPermCheck(checkSpi, key, null)) { - throw new InvalidKeyException("Illegal key size"); - } - if ((params != null) && (!passCryptoPermCheck(checkSpi, key, params))) { - throw new InvalidAlgorithmParameterException("Illegal parameters"); - } - } - - private void checkCryptoPerm(CipherSpi checkSpi, Key key, - AlgorithmParameters params) - throws InvalidKeyException, InvalidAlgorithmParameterException { - if (cryptoPerm == CryptoAllPermission.INSTANCE) { - return; - } - // Convert the specified parameters into specs and then delegate. - AlgorithmParameterSpec pSpec; - try { - pSpec = getAlgorithmParameterSpec(params); - } catch (InvalidParameterSpecException ipse) { - throw new InvalidAlgorithmParameterException - ("Failed to retrieve algorithm parameter specification"); - } - checkCryptoPerm(checkSpi, key, pSpec); - } - - private boolean passCryptoPermCheck(CipherSpi checkSpi, Key key, - AlgorithmParameterSpec params) - throws InvalidKeyException { - String em = cryptoPerm.getExemptionMechanism(); - int keySize = checkSpi.engineGetKeySize(key); - // Use the "algorithm" component of the cipher - // transformation so that the perm check would - // work when the key has the "aliased" algo. - String algComponent; - int index = transformation.indexOf('/'); - if (index != -1) { - algComponent = transformation.substring(0, index); - } else { - algComponent = transformation; - } - CryptoPermission checkPerm = - new CryptoPermission(algComponent, keySize, params, em); - - if (!cryptoPerm.implies(checkPerm)) { - if (debug != null) { - debug.println("Crypto Permission check failed"); - debug.println("granted: " + cryptoPerm); - debug.println("requesting: " + checkPerm); - } - return false; - } - if (exmech == null) { - return true; - } - try { - if (!exmech.isCryptoAllowed(key)) { - if (debug != null) { - debug.println(exmech.getName() + " isn't enforced"); - } - return false; - } - } catch (ExemptionMechanismException eme) { - if (debug != null) { - debug.println("Cannot determine whether "+ - exmech.getName() + " has been enforced"); - eme.printStackTrace(); - } - return false; - } - return true; - } - // check if opmode is one of the defined constants // throw InvalidParameterExeption if not private static void checkOpmode(int opmode) { @@ -1205,7 +1044,6 @@ checkOpmode(opmode); if (spi != null) { - checkCryptoPerm(spi, key); spi.engineInit(opmode, key, random); } else { try { @@ -1341,7 +1179,6 @@ checkOpmode(opmode); if (spi != null) { - checkCryptoPerm(spi, key, params); spi.engineInit(opmode, key, params, random); } else { chooseProvider(I_PARAMSPEC, opmode, key, params, null, random); @@ -1472,7 +1309,6 @@ checkOpmode(opmode); if (spi != null) { - checkCryptoPerm(spi, key, params); spi.engineInit(opmode, key, params, random); } else { chooseProvider(I_PARAMS, opmode, key, null, params, random); @@ -1645,7 +1481,6 @@ (certificate==null? null:certificate.getPublicKey()); if (spi != null) { - checkCryptoPerm(spi, publicKey); spi.engineInit(opmode, publicKey, random); } else { try { @@ -2494,12 +2329,15 @@ return null; } + // Used by getMaxAllowedKeyLength and getMaxAllowedParameterSpec + // always returns CryptoAllPermission. Old stuff from bad old days. private static CryptoPermission getConfiguredPermission( String transformation) throws NullPointerException, NoSuchAlgorithmException { if (transformation == null) throw new NullPointerException(); - String[] parts = tokenizeTransformation(transformation); - return JceSecurityManager.INSTANCE.getCryptoPermission(parts[0]); + // Called to make sure it is a valid transformation. + tokenizeTransformation(transformation); + return CryptoAllPermission.INSTANCE; } /**
--- a/src/share/classes/javax/crypto/JarVerifier.java Thu Sep 22 01:07:11 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,157 +0,0 @@ -/* - * Copyright (c) 2007, 2009, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package javax.crypto; - -import java.io.*; -import java.net.*; -import java.security.*; -import java.util.jar.*; - -/** - * This class verifies JAR files (and any supporting JAR files), and - * determines whether they may be used in this implementation. - * - * The JCE in OpenJDK has an open cryptographic interface, meaning it - * does not restrict which providers can be used. Compliance with - * United States export controls and with local law governing the - * import/export of products incorporating the JCE in the OpenJDK is - * the responsibility of the licensee. - * - * @since 1.7 - */ -final class JarVerifier { - - // The URL for the JAR file we want to verify. - private URL jarURL; - private boolean savePerms; - private CryptoPermissions appPerms = null; - - /** - * Creates a JarVerifier object to verify the given URL. - * - * @param jarURL the JAR file to be verified. - * @param savePerms if true, save the permissions allowed by the - * exemption mechanism - */ - JarVerifier(URL jarURL, boolean savePerms) { - this.jarURL = jarURL; - this.savePerms = savePerms; - } - - /** - * Verify the JAR file is signed by an entity which has a certificate - * issued by a trusted CA. - * - * In OpenJDK, we just need to examine the "cryptoperms" file to see - * if any permissions were bundled together with this jar file. - */ - void verify() throws JarException, IOException { - - // Short-circuit. If we weren't asked to save any, we're done. - if (!savePerms) { - return; - } - - // If the protocol of jarURL isn't "jar", we should - // construct a JAR URL so we can open a JarURLConnection - // for verifying this provider. - final URL url = jarURL.getProtocol().equalsIgnoreCase("jar")? - jarURL : new URL("jar:" + jarURL.toString() + "!/"); - - JarFile jf = null; - try { - - // Get a link to the Jarfile to search. - try { - jf = (JarFile) - AccessController.doPrivileged( - new PrivilegedExceptionAction() { - public Object run() throws Exception { - JarURLConnection conn = - (JarURLConnection) url.openConnection(); - // You could do some caching here as - // an optimization. - conn.setUseCaches(false); - return conn.getJarFile(); - } - }); - } catch (java.security.PrivilegedActionException pae) { - SecurityException se = new SecurityException( - "Cannot load " + url.toString()); - se.initCause(pae); - throw se; - } - - if (jf != null) { - JarEntry je = jf.getJarEntry("cryptoPerms"); - if (je == null) { - throw new JarException( - "Can not find cryptoPerms"); - } - try { - appPerms = new CryptoPermissions(); - appPerms.load(jf.getInputStream(je)); - } catch (Exception ex) { - JarException jex = - new JarException("Cannot load/parse" + - jarURL.toString()); - jex.initCause(ex); - throw jex; - } - } - } finally { - // Only call close() when caching is not enabled. - // Otherwise, exceptions will be thrown for all - // subsequent accesses of this cached jar. - if (jf != null) { - jf.close(); - } - } - } - - /** - * Verify that the provided certs include the - * framework signing certificate. - * - * @param certs the list of certs to be checked. - * @throws Exception if the list of certs did not contain - * the framework signing certificate - */ - static void verifyPolicySigned(java.security.cert.Certificate[] certs) - throws Exception { - } - - /** - * Returns the permissions which are bundled with the JAR file, - * aka the "cryptoperms" file. - * - * NOTE: if this JarVerifier instance is constructed with "savePerms" - * equal to false, then this method would always return null. - */ - CryptoPermissions getPermissions() { - return appPerms; - } -}
--- a/src/share/classes/javax/crypto/JceSecurity.java Thu Sep 22 01:07:11 2011 +0100 +++ b/src/share/classes/javax/crypto/JceSecurity.java Thu Sep 22 01:11:21 2011 +0100 @@ -27,8 +27,6 @@ import java.util.*; import java.util.jar.*; -import java.io.*; -import java.net.URL; import java.security.*; import java.security.Provider.Service; @@ -47,72 +45,25 @@ final class JceSecurity { + // Used in KeyGenerator, Cipher and KeyAgreement. static final SecureRandom RANDOM = new SecureRandom(); - // The defaultPolicy and exemptPolicy will be set up - // in the static initializer. - private static CryptoPermissions defaultPolicy = null; - private static CryptoPermissions exemptPolicy = null; - - // Map<Provider,?> of the providers we already have verified - // value == PROVIDER_VERIFIED is successfully verified - // value is failure cause Exception in error case - private final static Map verificationResults = new IdentityHashMap(); - - // Map<Provider,?> of the providers currently being verified - private final static Map verifyingProviders = new IdentityHashMap(); - - // Set the default value. May be changed in the static initializer. - private static boolean isRestricted = true; - /* * Don't let anyone instantiate this. */ private JceSecurity() { } - static { - try { - AccessController.doPrivileged(new PrivilegedExceptionAction() { - public Object run() throws Exception { - setupJurisdictionPolicies(); - return null; - } - }); - - isRestricted = defaultPolicy.implies( - CryptoAllPermission.INSTANCE) ? false : true; - } catch (Exception e) { - SecurityException se = - new SecurityException( - "Can not initialize cryptographic mechanism"); - se.initCause(e); - throw se; - } - } - static Instance getInstance(String type, Class clazz, String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException { Service s = GetInstance.getService(type, algorithm, provider); - Exception ve = getVerificationResult(s.getProvider()); - if (ve != null) { - String msg = "JCE cannot authenticate the provider " + provider; - throw (NoSuchProviderException) - new NoSuchProviderException(msg).initCause(ve); - } return GetInstance.getInstance(s, clazz); } static Instance getInstance(String type, Class clazz, String algorithm, Provider provider) throws NoSuchAlgorithmException { Service s = GetInstance.getService(type, algorithm, provider); - Exception ve = JceSecurity.getVerificationResult(provider); - if (ve != null) { - String msg = "JCE cannot authenticate the provider " - + provider.getName(); - throw new SecurityException(msg, ve); - } return GetInstance.getInstance(s, clazz); } @@ -122,10 +73,6 @@ NoSuchAlgorithmException failure = null; for (Iterator t = services.iterator(); t.hasNext(); ) { Service s = (Service)t.next(); - if (canUseProvider(s.getProvider()) == false) { - // allow only signed providers - continue; - } try { Instance instance = GetInstance.getInstance(s, clazz); return instance; @@ -137,198 +84,10 @@ + " not available", failure); } - /** - * Verify if the JAR at URL codeBase is a signed exempt application - * JAR file and returns the permissions bundled with the JAR. - * - * @throws Exception on error - */ - static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception { - JarVerifier jv = new JarVerifier(codeBase, true); - jv.verify(); - return jv.getPermissions(); - } - - /** - * Verify if the JAR at URL codeBase is a signed provider JAR file. - * - * @throws Exception on error - */ - static void verifyProviderJar(URL codeBase) throws Exception { - // Verify the provider JAR file and all - // supporting JAR files if there are any. - JarVerifier jv = new JarVerifier(codeBase, false); - jv.verify(); - } - - private final static Object PROVIDER_VERIFIED = Boolean.TRUE; - - /* - * Verify that the provider JAR files are signed properly, which - * means the signer's certificate can be traced back to a - * JCE trusted CA. - * Return null if ok, failure Exception if verification failed. - */ - static synchronized Exception getVerificationResult(Provider p) { - Object o = verificationResults.get(p); - if (o == PROVIDER_VERIFIED) { - return null; - } else if (o != null) { - return (Exception)o; - } - if (verifyingProviders.get(p) != null) { - // this method is static synchronized, must be recursion - // return failure now but do not save the result - return new NoSuchProviderException("Recursion during verification"); - } - try { - verifyingProviders.put(p, Boolean.FALSE); - URL providerURL = getCodeBase(p.getClass()); - verifyProviderJar(providerURL); - // Verified ok, cache result - verificationResults.put(p, PROVIDER_VERIFIED); - return null; - } catch (Exception e) { - verificationResults.put(p, e); - return e; - } finally { - verifyingProviders.remove(p); - } - } - - // return whether this provider is properly signed and can be used by JCE + // Used to return whether this provider is properly signed and + // can be used by JCE. These days just returns true. Still used + // in SecretKeyFactory, KeyGenerator, Mac and KeyAgreement. static boolean canUseProvider(Provider p) { - return getVerificationResult(p) == null; - } - - // dummy object to represent null - private static final URL NULL_URL; - - static { - try { - NULL_URL = new URL("http://null.sun.com/"); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - - // reference to a Map we use as a cache for codebases - private static final Map codeBaseCacheRef = new WeakHashMap(); - - /* - * Retuns the CodeBase for the given class. - */ - static URL getCodeBase(final Class clazz) { - URL url = (URL)codeBaseCacheRef.get(clazz); - if (url == null) { - url = (URL)AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - ProtectionDomain pd = clazz.getProtectionDomain(); - if (pd != null) { - CodeSource cs = pd.getCodeSource(); - if (cs != null) { - return cs.getLocation(); - } - } - return NULL_URL; - } - }); - codeBaseCacheRef.put(clazz, url); - } - return (url == NULL_URL) ? null : url; - } - - private static void setupJurisdictionPolicies() throws Exception { - String javaHomeDir = System.getProperty("java.home"); - String sep = File.separator; - String pathToPolicyJar = javaHomeDir + sep + "lib" + sep + - "security" + sep; - - File exportJar = new File(pathToPolicyJar, "US_export_policy.jar"); - File importJar = new File(pathToPolicyJar, "local_policy.jar"); - URL jceCipherURL = ClassLoader.getSystemResource - ("javax/crypto/Cipher.class"); - - if ((jceCipherURL == null) || - !exportJar.exists() || !importJar.exists()) { - throw new SecurityException - ("Cannot locate policy or framework files!"); - } - - // Read jurisdiction policies. - CryptoPermissions defaultExport = new CryptoPermissions(); - CryptoPermissions exemptExport = new CryptoPermissions(); - loadPolicies(exportJar, defaultExport, exemptExport); - - CryptoPermissions defaultImport = new CryptoPermissions(); - CryptoPermissions exemptImport = new CryptoPermissions(); - loadPolicies(importJar, defaultImport, exemptImport); - - // Merge the export and import policies for default applications. - if (defaultExport.isEmpty() || defaultImport.isEmpty()) { - throw new SecurityException("Missing mandatory jurisdiction " + - "policy files"); - } - defaultPolicy = defaultExport.getMinimum(defaultImport); - - // Merge the export and import policies for exempt applications. - if (exemptExport.isEmpty()) { - exemptPolicy = exemptImport.isEmpty() ? null : exemptImport; - } else { - exemptPolicy = exemptExport.getMinimum(exemptImport); - } - } - - /** - * Load the policies from the specified file. Also checks that the - * policies are correctly signed. - */ - private static void loadPolicies(File jarPathName, - CryptoPermissions defaultPolicy, - CryptoPermissions exemptPolicy) - throws Exception { - - JarFile jf = new JarFile(jarPathName); - - Enumeration entries = jf.entries(); - while (entries.hasMoreElements()) { - JarEntry je = (JarEntry)entries.nextElement(); - InputStream is = null; - try { - if (je.getName().startsWith("default_")) { - is = jf.getInputStream(je); - defaultPolicy.load(is); - } else if (je.getName().startsWith("exempt_")) { - is = jf.getInputStream(je); - exemptPolicy.load(is); - } else { - continue; - } - } finally { - if (is != null) { - is.close(); - } - } - - // Enforce the signer restraint, i.e. signer of JCE framework - // jar should also be the signer of the two jurisdiction policy - // jar files. - JarVerifier.verifyPolicySigned(je.getCertificates()); - } - // Close and nullify the JarFile reference to help GC. - jf.close(); - jf = null; - } - - static CryptoPermissions getDefaultPolicy() { - return defaultPolicy; - } - - static CryptoPermissions getExemptPolicy() { - return exemptPolicy; - } - - static boolean isRestricted() { - return isRestricted; + return true; } }
--- a/src/share/classes/javax/crypto/JceSecurityManager.java Thu Sep 22 01:07:11 2011 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,252 +0,0 @@ -/* - * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package javax.crypto; - -import java.security.*; -import java.net.*; -import java.util.*; -import java.util.jar.*; - -/** - * The JCE security manager. - * - * <p>The JCE security manager is responsible for determining the maximum - * allowable cryptographic strength for a given applet/application, for a given - * algorithm, by consulting the configured jurisdiction policy files and - * the cryptographic permissions bundled with the applet/application. - * - * <p>Note that this security manager is never installed, only instantiated. - * - * @author Jan Luehe - * - * @since 1.4 - */ - -final class JceSecurityManager extends SecurityManager { - - private static final CryptoPermissions defaultPolicy; - private static final CryptoPermissions exemptPolicy; - private static final CryptoAllPermission allPerm; - private static final Vector TrustedCallersCache = new Vector(2); - private static final Map exemptCache = new HashMap(); - - // singleton instance - static final JceSecurityManager INSTANCE; - - static { - defaultPolicy = JceSecurity.getDefaultPolicy(); - exemptPolicy = JceSecurity.getExemptPolicy(); - allPerm = CryptoAllPermission.INSTANCE; - INSTANCE = (JceSecurityManager) - AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - return new JceSecurityManager(); - } - }); - } - - private JceSecurityManager() { - // empty - } - - /** - * Returns the maximum allowable crypto strength for the given - * applet/application, for the given algorithm. - */ - CryptoPermission getCryptoPermission(String alg) { - // Need to convert to uppercase since the crypto perm - // lookup is case sensitive. - alg = alg.toUpperCase(Locale.ENGLISH); - - // If CryptoAllPermission is granted by default, we return that. - // Otherwise, this will be the permission we return if anything goes - // wrong. - CryptoPermission defaultPerm = getDefaultPermission(alg); - if (defaultPerm == CryptoAllPermission.INSTANCE) { - return defaultPerm; - } - - // Determine the codebase of the caller of the JCE API. - // This is the codebase of the first class which is not in - // javax.crypto.* packages. - // NOTE: javax.crypto.* package maybe subject to package - // insertion, so need to check its classloader as well. - Class[] context = getClassContext(); - URL callerCodeBase = null; - int i; - for (i=0; i<context.length; i++) { - Class cls = context[i]; - callerCodeBase = JceSecurity.getCodeBase(cls); - if (callerCodeBase != null) { - break; - } else { - if (cls.getName().startsWith("javax.crypto.")) { - // skip jce classes since they aren't the callers - continue; - } - // use default permission when the caller is system classes - return defaultPerm; - } - } - - if (i == context.length) { - return defaultPerm; - } - - CryptoPermissions appPerms; - synchronized (this.getClass()) { - if (exemptCache.containsKey(callerCodeBase)) { - appPerms = (CryptoPermissions)exemptCache.get(callerCodeBase); - } else { - appPerms = getAppPermissions(callerCodeBase); - exemptCache.put(callerCodeBase, appPerms); - } - } - - if (appPerms == null) { - return defaultPerm; - } - - // If the app was granted the special CryptoAllPermission, return that. - if (appPerms.implies(allPerm)) { - return allPerm; - } - - // Check if the crypto permissions granted to the app contain a - // crypto permission for the requested algorithm that does not require - // any exemption mechanism to be enforced. - // Return that permission, if present. - PermissionCollection appPc = appPerms.getPermissionCollection(alg); - if (appPc == null) { - return defaultPerm; - } - Enumeration enum_ = appPc.elements(); - while (enum_.hasMoreElements()) { - CryptoPermission cp = (CryptoPermission)enum_.nextElement(); - if (cp.getExemptionMechanism() == null) { - return cp; - } - } - - // Check if the jurisdiction file for exempt applications contains - // any entries for the requested algorithm. - // If not, return the default permission. - PermissionCollection exemptPc = - exemptPolicy.getPermissionCollection(alg); - if (exemptPc == null) { - return defaultPerm; - } - - // In the jurisdiction file for exempt applications, go through the - // list of CryptoPermission entries for the requested algorithm, and - // stop at the first entry: - // - that is implied by the collection of crypto permissions granted - // to the app, and - // - whose exemption mechanism is available from one of the - // registered CSPs - enum_ = exemptPc.elements(); - while (enum_.hasMoreElements()) { - CryptoPermission cp = (CryptoPermission)enum_.nextElement(); - try { - ExemptionMechanism.getInstance(cp.getExemptionMechanism()); - if (cp.getAlgorithm().equals( - CryptoPermission.ALG_NAME_WILDCARD)) { - CryptoPermission newCp; - if (cp.getCheckParam()) { - newCp = new CryptoPermission( - alg, cp.getMaxKeySize(), - cp.getAlgorithmParameterSpec(), - cp.getExemptionMechanism()); - } else { - newCp = new CryptoPermission( - alg, cp.getMaxKeySize(), - cp.getExemptionMechanism()); - } - if (appPerms.implies(newCp)) { - return newCp; - } - } - - if (appPerms.implies(cp)) { - return cp; - } - } catch (Exception e) { - continue; - } - } - return defaultPerm; - } - - private static CryptoPermissions getAppPermissions(URL callerCodeBase) { - // Check if app is exempt, and retrieve the permissions bundled with it - try { - return JceSecurity.verifyExemptJar(callerCodeBase); - } catch (Exception e) { - // Jar verification fails - return null; - } - - } - - /** - * Returns the default permission for the given algorithm. - */ - private CryptoPermission getDefaultPermission(String alg) { - Enumeration enum_ = - defaultPolicy.getPermissionCollection(alg).elements(); - return (CryptoPermission)enum_.nextElement(); - } - - // See bug 4341369 & 4334690 for more info. - boolean isCallerTrusted() { - // Get the caller and its codebase. - Class[] context = getClassContext(); - URL callerCodeBase = null; - int i; - for (i=0; i<context.length; i++) { - callerCodeBase = JceSecurity.getCodeBase(context[i]); - if (callerCodeBase != null) { - break; - } - } - // The caller is in the JCE framework. - if (i == context.length) { - return true; - } - //The caller has been verified. - if (TrustedCallersCache.contains(context[i])) { - return true; - } - // Check whether the caller is a trusted provider. - try { - JceSecurity.verifyProviderJar(callerCodeBase); - } catch (Exception e2) { - return false; - } - TrustedCallersCache.addElement(context[i]); - return true; - } -}
--- a/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java Thu Sep 22 01:07:11 2011 +0100 +++ b/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java Thu Sep 22 01:11:21 2011 +0100 @@ -44,18 +44,9 @@ } } - private static boolean isUnlimitedPolicy() throws IOException { + private static boolean isUnlimitedPolicy() { if (instance == null) { - String jreDir = System.getProperty("java.home"); - String localPolicyPath = jreDir + File.separator + "lib" + - File.separator + "security" + File.separator + - "local_policy.jar"; - JarFile localPolicy = new JarFile(localPolicyPath); - if (localPolicy.getEntry("exempt_local.policy") == null) { - return true; - } else { - return false; - } + return true; } else { return instance.isUnlimited; }