/**
* Load the policies from the specified file. Also checks that the policies are correctly signed.
*/
private static void loadPolicies(
File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
throws Exception {
JarFile jf = new JarFile(jarPathName);
Enumeration<JarEntry> entries = jf.entries();
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
InputStream is = null;
try {
if (je.getName().startsWith("default_")) {
is = jf.getInputStream(je);
defaultPolicy.load(is);
} else if (je.getName().startsWith("exempt_")) {
is = jf.getInputStream(je);
exemptPolicy.load(is);
} else {
continue;
}
} finally {
if (is != null) {
is.close();
}
}
// Enforce the signer restraint, i.e. signer of JCE framework
// jar should also be the signer of the two jurisdiction policy
// jar files.
JarVerifier.verifyPolicySigned(je.getCertificates());
}
// Close and nullify the JarFile reference to help GC.
jf.close();
jf = null;
}
private static void setupJurisdictionPolicies() throws Exception {
String javaHomeDir = System.getProperty("java.home");
String sep = File.separator;
String pathToPolicyJar = javaHomeDir + sep + "lib" + sep + "security" + sep;
File exportJar = new File(pathToPolicyJar, "US_export_policy.jar");
File importJar = new File(pathToPolicyJar, "local_policy.jar");
URL jceCipherURL = ClassLoader.getSystemResource("javax/crypto/Cipher.class");
if ((jceCipherURL == null) || !exportJar.exists() || !importJar.exists()) {
throw new SecurityException("Cannot locate policy or framework files!");
}
// Read jurisdiction policies.
CryptoPermissions defaultExport = new CryptoPermissions();
CryptoPermissions exemptExport = new CryptoPermissions();
loadPolicies(exportJar, defaultExport, exemptExport);
CryptoPermissions defaultImport = new CryptoPermissions();
CryptoPermissions exemptImport = new CryptoPermissions();
loadPolicies(importJar, defaultImport, exemptImport);
// Merge the export and import policies for default applications.
if (defaultExport.isEmpty() || defaultImport.isEmpty()) {
throw new SecurityException("Missing mandatory jurisdiction " + "policy files");
}
defaultPolicy = defaultExport.getMinimum(defaultImport);
// Merge the export and import policies for exempt applications.
if (exemptExport.isEmpty()) {
exemptPolicy = exemptImport.isEmpty() ? null : exemptImport;
} else {
exemptPolicy = exemptExport.getMinimum(exemptImport);
}
}
static {
try {
AccessController.doPrivileged(
new PrivilegedExceptionAction<Object>() {
public Object run() throws Exception {
setupJurisdictionPolicies();
return null;
}
});
isRestricted = defaultPolicy.implies(CryptoAllPermission.INSTANCE) ? false : true;
} catch (Exception e) {
throw new SecurityException("Can not initialize cryptographic mechanism", e);
}
}