/**
* Load the policies from the specified file. Also checks that the policies are correctly signed.
*/
private static void loadPolicies(
File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
throws Exception {
JarFile jf = new JarFile(jarPathName);
Enumeration<JarEntry> entries = jf.entries();
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
InputStream is = null;
try {
if (je.getName().startsWith("default_")) {
is = jf.getInputStream(je);
defaultPolicy.load(is);
} else if (je.getName().startsWith("exempt_")) {
is = jf.getInputStream(je);
exemptPolicy.load(is);
} else {
continue;
}
} finally {
if (is != null) {
is.close();
}
}
// Enforce the signer restraint, i.e. signer of JCE framework
// jar should also be the signer of the two jurisdiction policy
// jar files.
JarVerifier.verifyPolicySigned(je.getCertificates());
}
// Close and nullify the JarFile reference to help GC.
jf.close();
jf = null;
}
void expand(File jar, File dir) throws IOException {
JarFile jarFile = new JarFile(jar);
try {
Enumeration<JarEntry> entries = jarFile.entries();
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
if (!je.isDirectory()) {
copy(jarFile.getInputStream(je), new File(dir, je.getName()));
}
}
} finally {
jarFile.close();
}
}
public CodeSigner[] getCodeSigners(JarFile jar, JarEntry entry) {
String name = entry.getName();
if (eagerValidation && sigFileSigners.get(name) != null) {
/*
* Force a read of the entry data to generate the
* verification hash.
*/
try {
InputStream s = jar.getInputStream(entry);
byte[] buffer = new byte[1024];
int n = buffer.length;
while (n != -1) {
n = s.read(buffer, 0, buffer.length);
}
s.close();
} catch (IOException e) {
}
}
return getCodeSigners(name);
}
public byte[] getBytes(String className) {
try {
Tracer.mark();
String realName = className.replace(".", "/");
realName += ".class";
JarEntry je = jf.getJarEntry(realName);
InputStream is = jf.getInputStream(je);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] buff = new byte[4096];
while (is.available() > 0) {
int read = is.read(buff);
baos.write(buff, 0, read);
}
is.close();
return baos.toByteArray();
} catch (Exception e) {
} finally {
Tracer.unmark();
}
return null;
}
public String verify(JarFile jar, String... algorithms) throws IOException {
if (algorithms == null || algorithms.length == 0) algorithms = new String[] {"MD5", "SHA"};
else if (algorithms.length == 1 && algorithms[0].equals("-")) return null;
try {
Manifest m = jar.getManifest();
if (m.getEntries().isEmpty()) return "No name sections";
for (Enumeration<JarEntry> e = jar.entries(); e.hasMoreElements(); ) {
JarEntry je = e.nextElement();
if (MANIFEST_ENTRY.matcher(je.getName()).matches()) continue;
Attributes nameSection = m.getAttributes(je.getName());
if (nameSection == null) return "No name section for " + je.getName();
for (String algorithm : algorithms) {
try {
MessageDigest md = MessageDigest.getInstance(algorithm);
String expected = nameSection.getValue(algorithm + "-Digest");
if (expected != null) {
byte digest[] = Base64.decodeBase64(expected);
copy(jar.getInputStream(je), md);
if (!Arrays.equals(digest, md.digest()))
return "Invalid digest for "
+ je.getName()
+ ", "
+ expected
+ " != "
+ Base64.encodeBase64(md.digest());
} else reporter.error("could not find digest for " + algorithm + "-Digest");
} catch (NoSuchAlgorithmException nsae) {
return "Missing digest algorithm " + algorithm;
}
}
}
} catch (Exception e) {
return "Failed to verify due to exception: " + e.getMessage();
}
return null;
}
public Image getImage(String sImage) {
Image imReturn = null;
try {
if (jar == null) {
imReturn = this.toolkit.createImage(this.getClass().getClassLoader().getResource(sImage));
} else {
//
BufferedInputStream bis = new BufferedInputStream(jar.getInputStream(jar.getEntry(sImage)));
ByteArrayOutputStream buffer = new ByteArrayOutputStream(4096);
int b;
while ((b = bis.read()) != -1) {
buffer.write(b);
}
byte[] imageBuffer = buffer.toByteArray();
imReturn = this.toolkit.createImage(imageBuffer);
bis.close();
buffer.close();
}
} catch (IOException ex) {
}
return imReturn;
}
private InputStream getResourceStream(final File file, final String resourceName) {
try {
JarFile jarFile = this.jarFiles.get(file);
if (jarFile == null && file.isDirectory()) {
final File resource = new File(file, resourceName);
if (resource.exists()) {
return new FileInputStream(resource);
}
} else {
if (jarFile == null) {
if (!file.exists()) {
return null;
}
jarFile = new JarFile(file);
this.jarFiles.put(file, jarFile);
jarFile = this.jarFiles.get(file);
}
final JarEntry entry = jarFile.getJarEntry(resourceName);
if (entry != null) {
return jarFile.getInputStream(entry);
}
}
} catch (Exception e) {
this.log(
"Ignoring Exception "
+ e.getClass().getName()
+ ": "
+ e.getMessage()
+ " reading resource "
+ resourceName
+ " from "
+ file,
3);
}
return null;
}