/**
   * Load the policies from the specified file. Also checks that the policies are correctly signed.
   */
  private static void loadPolicies(
      File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
      throws Exception {

    JarFile jf = new JarFile(jarPathName);

    Enumeration<JarEntry> entries = jf.entries();
    while (entries.hasMoreElements()) {
      JarEntry je = entries.nextElement();
      InputStream is = null;
      try {
        if (je.getName().startsWith("default_")) {
          is = jf.getInputStream(je);
          defaultPolicy.load(is);
        } else if (je.getName().startsWith("exempt_")) {
          is = jf.getInputStream(je);
          exemptPolicy.load(is);
        } else {
          continue;
        }
      } finally {
        if (is != null) {
          is.close();
        }
      }

      // Enforce the signer restraint, i.e. signer of JCE framework
      // jar should also be the signer of the two jurisdiction policy
      // jar files.
      JarVerifier.verifyPolicySigned(je.getCertificates());
    }
    // Close and nullify the JarFile reference to help GC.
    jf.close();
    jf = null;
  }
 public int read() throws IOException {
   if (numLeft > 0) {
     int b = is.read();
     jv.update(b, mev);
     numLeft--;
     if (numLeft == 0) jv.update(-1, mev);
     return b;
   } else {
     return -1;
   }
 }
    public int read(byte b[], int off, int len) throws IOException {
      if ((numLeft > 0) && (numLeft < len)) {
        len = (int) numLeft;
      }

      if (numLeft > 0) {
        int n = is.read(b, off, len);
        jv.update(n, b, off, len, mev);
        numLeft -= n;
        if (numLeft == 0) jv.update(-1, b, off, len, mev);
        return n;
      } else {
        return -1;
      }
    }
 /**
  * Verify if the JAR at URL codeBase is a signed provider JAR file.
  *
  * @throws Exception on error
  */
 static void verifyProviderJar(URL codeBase) throws Exception {
   // Verify the provider JAR file and all
   // supporting JAR files if there are any.
   JarVerifier jv = new JarVerifier(codeBase, false);
   jv.verify();
 }
 /**
  * Verify if the JAR at URL codeBase is a signed exempt application JAR file and returns the
  * permissions bundled with the JAR.
  *
  * @throws Exception on error
  */
 static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
   JarVerifier jv = new JarVerifier(codeBase, true);
   jv.verify();
   return jv.getPermissions();
 }