/**
   * Load the policies from the specified file. Also checks that the policies are correctly signed.
   */
  private static void loadPolicies(
      File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
      throws Exception {

    JarFile jf = new JarFile(jarPathName);

    Enumeration<JarEntry> entries = jf.entries();
    while (entries.hasMoreElements()) {
      JarEntry je = entries.nextElement();
      InputStream is = null;
      try {
        if (je.getName().startsWith("default_")) {
          is = jf.getInputStream(je);
          defaultPolicy.load(is);
        } else if (je.getName().startsWith("exempt_")) {
          is = jf.getInputStream(je);
          exemptPolicy.load(is);
        } else {
          continue;
        }
      } finally {
        if (is != null) {
          is.close();
        }
      }

      // Enforce the signer restraint, i.e. signer of JCE framework
      // jar should also be the signer of the two jurisdiction policy
      // jar files.
      JarVerifier.verifyPolicySigned(je.getCertificates());
    }
    // Close and nullify the JarFile reference to help GC.
    jf.close();
    jf = null;
  }
Beispiel #2
0
 void expand(File jar, File dir) throws IOException {
   JarFile jarFile = new JarFile(jar);
   try {
     Enumeration<JarEntry> entries = jarFile.entries();
     while (entries.hasMoreElements()) {
       JarEntry je = entries.nextElement();
       if (!je.isDirectory()) {
         copy(jarFile.getInputStream(je), new File(dir, je.getName()));
       }
     }
   } finally {
     jarFile.close();
   }
 }
 public CodeSigner[] getCodeSigners(JarFile jar, JarEntry entry) {
   String name = entry.getName();
   if (eagerValidation && sigFileSigners.get(name) != null) {
     /*
      * Force a read of the entry data to generate the
      * verification hash.
      */
     try {
       InputStream s = jar.getInputStream(entry);
       byte[] buffer = new byte[1024];
       int n = buffer.length;
       while (n != -1) {
         n = s.read(buffer, 0, buffer.length);
       }
       s.close();
     } catch (IOException e) {
     }
   }
   return getCodeSigners(name);
 }
Beispiel #4
0
 public byte[] getBytes(String className) {
   try {
     Tracer.mark();
     String realName = className.replace(".", "/");
     realName += ".class";
     JarEntry je = jf.getJarEntry(realName);
     InputStream is = jf.getInputStream(je);
     ByteArrayOutputStream baos = new ByteArrayOutputStream();
     byte[] buff = new byte[4096];
     while (is.available() > 0) {
       int read = is.read(buff);
       baos.write(buff, 0, read);
     }
     is.close();
     return baos.toByteArray();
   } catch (Exception e) {
   } finally {
     Tracer.unmark();
   }
   return null;
 }
  public String verify(JarFile jar, String... algorithms) throws IOException {
    if (algorithms == null || algorithms.length == 0) algorithms = new String[] {"MD5", "SHA"};
    else if (algorithms.length == 1 && algorithms[0].equals("-")) return null;

    try {
      Manifest m = jar.getManifest();
      if (m.getEntries().isEmpty()) return "No name sections";

      for (Enumeration<JarEntry> e = jar.entries(); e.hasMoreElements(); ) {
        JarEntry je = e.nextElement();
        if (MANIFEST_ENTRY.matcher(je.getName()).matches()) continue;

        Attributes nameSection = m.getAttributes(je.getName());
        if (nameSection == null) return "No name section for " + je.getName();

        for (String algorithm : algorithms) {
          try {
            MessageDigest md = MessageDigest.getInstance(algorithm);
            String expected = nameSection.getValue(algorithm + "-Digest");
            if (expected != null) {
              byte digest[] = Base64.decodeBase64(expected);
              copy(jar.getInputStream(je), md);
              if (!Arrays.equals(digest, md.digest()))
                return "Invalid digest for "
                    + je.getName()
                    + ", "
                    + expected
                    + " != "
                    + Base64.encodeBase64(md.digest());
            } else reporter.error("could not find digest for " + algorithm + "-Digest");
          } catch (NoSuchAlgorithmException nsae) {
            return "Missing digest algorithm " + algorithm;
          }
        }
      }
    } catch (Exception e) {
      return "Failed to verify due to exception: " + e.getMessage();
    }
    return null;
  }
Beispiel #6
0
  public Image getImage(String sImage) {
    Image imReturn = null;
    try {
      if (jar == null) {
        imReturn = this.toolkit.createImage(this.getClass().getClassLoader().getResource(sImage));
      } else {
        //
        BufferedInputStream bis = new BufferedInputStream(jar.getInputStream(jar.getEntry(sImage)));
        ByteArrayOutputStream buffer = new ByteArrayOutputStream(4096);
        int b;
        while ((b = bis.read()) != -1) {
          buffer.write(b);
        }
        byte[] imageBuffer = buffer.toByteArray();
        imReturn = this.toolkit.createImage(imageBuffer);
        bis.close();
        buffer.close();
      }
    } catch (IOException ex) {

    }
    return imReturn;
  }
 private InputStream getResourceStream(final File file, final String resourceName) {
   try {
     JarFile jarFile = this.jarFiles.get(file);
     if (jarFile == null && file.isDirectory()) {
       final File resource = new File(file, resourceName);
       if (resource.exists()) {
         return new FileInputStream(resource);
       }
     } else {
       if (jarFile == null) {
         if (!file.exists()) {
           return null;
         }
         jarFile = new JarFile(file);
         this.jarFiles.put(file, jarFile);
         jarFile = this.jarFiles.get(file);
       }
       final JarEntry entry = jarFile.getJarEntry(resourceName);
       if (entry != null) {
         return jarFile.getInputStream(entry);
       }
     }
   } catch (Exception e) {
     this.log(
         "Ignoring Exception "
             + e.getClass().getName()
             + ": "
             + e.getMessage()
             + " reading resource "
             + resourceName
             + " from "
             + file,
         3);
   }
   return null;
 }