/**
   * Load the policies from the specified file. Also checks that the policies are correctly signed.
   */
  private static void loadPolicies(
      File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
      throws Exception {

    JarFile jf = new JarFile(jarPathName);

    Enumeration<JarEntry> entries = jf.entries();
    while (entries.hasMoreElements()) {
      JarEntry je = entries.nextElement();
      InputStream is = null;
      try {
        if (je.getName().startsWith("default_")) {
          is = jf.getInputStream(je);
          defaultPolicy.load(is);
        } else if (je.getName().startsWith("exempt_")) {
          is = jf.getInputStream(je);
          exemptPolicy.load(is);
        } else {
          continue;
        }
      } finally {
        if (is != null) {
          is.close();
        }
      }

      // Enforce the signer restraint, i.e. signer of JCE framework
      // jar should also be the signer of the two jurisdiction policy
      // jar files.
      JarVerifier.verifyPolicySigned(je.getCertificates());
    }
    // Close and nullify the JarFile reference to help GC.
    jf.close();
    jf = null;
  }
Exemple #2
0
  /**
   * Loads the keystore from the Keychain.
   *
   * @param stream Ignored - here for API compatibility.
   * @param password Ignored - if user needs to unlock keychain Security framework will post any
   *     dialogs.
   * @exception IOException if there is an I/O or format problem with the keystore data
   * @exception NoSuchAlgorithmException if the algorithm used to check the integrity of the
   *     keystore cannot be found
   * @exception CertificateException if any of the certificates in the keystore could not be loaded
   */
  public void engineLoad(InputStream stream, char[] password)
      throws IOException, NoSuchAlgorithmException, CertificateException {
    permissionCheck();

    // Release any stray keychain references before clearing out the entries.
    synchronized (entries) {
      for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
        String alias = e.nextElement();
        Object entry = entries.get(alias);
        if (entry instanceof TrustedCertEntry) {
          if (((TrustedCertEntry) entry).certRef != 0) {
            _releaseKeychainItemRef(((TrustedCertEntry) entry).certRef);
          }
        } else {
          KeyEntry keyEntry = (KeyEntry) entry;

          if (keyEntry.chain != null) {
            for (int i = 0; i < keyEntry.chain.length; i++) {
              if (keyEntry.chainRefs[i] != 0) {
                _releaseKeychainItemRef(keyEntry.chainRefs[i]);
              }
            }

            if (keyEntry.keyRef != 0) {
              _releaseKeychainItemRef(keyEntry.keyRef);
            }
          }
        }
      }

      entries.clear();
      _scanKeychain();
    }
  }
  protected PermissionCollection getPermissions(CodeSource codeSource) {
    PermissionCollection perms;
    try {
      try {
        perms = super.getPermissions(codeSource);
      } catch (SecurityException e) {
        // We lied about our CodeSource and that makes URLClassLoader unhappy.
        perms = new Permissions();
      }

      ProtectionDomain myDomain =
          AccessController.doPrivileged(
              new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                  return getClass().getProtectionDomain();
                }
              });
      PermissionCollection myPerms = myDomain.getPermissions();
      if (myPerms != null) {
        for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements(); ) {
          perms.add(elements.nextElement());
        }
      }
    } catch (Throwable e) {
      // We lied about our CodeSource and that makes URLClassLoader unhappy.
      perms = new Permissions();
    }
    perms.setReadOnly();
    return perms;
  }
 public URL getResource(final String name) {
   URL url = null;
   if (this.isParentFirst(name)) {
     url = ((this.parent == null) ? super.getResource(name) : this.parent.getResource(name));
   }
   if (url != null) {
     this.log("Resource " + name + " loaded from parent loader", 4);
   } else {
     final Enumeration<File> e = this.pathComponents.elements();
     while (e.hasMoreElements() && url == null) {
       final File pathComponent = e.nextElement();
       url = this.getResourceURL(pathComponent, name);
       if (url != null) {
         this.log("Resource " + name + " loaded from ant loader", 4);
       }
     }
   }
   if (url == null && !this.isParentFirst(name)) {
     if (this.ignoreBase) {
       url = ((this.getRootLoader() == null) ? null : this.getRootLoader().getResource(name));
     } else {
       url = ((this.parent == null) ? super.getResource(name) : this.parent.getResource(name));
     }
     if (url != null) {
       this.log("Resource " + name + " loaded from parent loader", 4);
     }
   }
   if (url == null) {
     this.log("Couldn't load Resource " + name, 4);
   }
   return url;
 }
 private Class<?> findClassInComponents(final String name) throws ClassNotFoundException {
   final String classFilename = this.getClassFilename(name);
   final Enumeration<File> e = this.pathComponents.elements();
   while (e.hasMoreElements()) {
     final File pathComponent = e.nextElement();
     InputStream stream = null;
     try {
       stream = this.getResourceStream(pathComponent, classFilename);
       if (stream != null) {
         this.log("Loaded from " + pathComponent + " " + classFilename, 4);
         return this.getClassFromStream(stream, name, pathComponent);
       }
       continue;
     } catch (SecurityException se) {
       throw se;
     } catch (IOException ioe) {
       this.log(
           "Exception reading component " + pathComponent + " (reason: " + ioe.getMessage() + ")",
           3);
     } finally {
       FileUtils.close(stream);
     }
   }
   throw new ClassNotFoundException(name);
 }
 public void addJavaLibraries() {
   final Vector<String> packages = JavaEnvUtils.getJrePackages();
   final Enumeration<String> e = packages.elements();
   while (e.hasMoreElements()) {
     final String packageName = e.nextElement();
     this.addSystemPackageRoot(packageName);
   }
 }
 private InputStream loadResource(final String name) {
   InputStream stream = null;
   File pathComponent;
   for (Enumeration<File> e = this.pathComponents.elements();
       e.hasMoreElements() && stream == null;
       stream = this.getResourceStream(pathComponent, name)) {
     pathComponent = e.nextElement();
   }
   return stream;
 }
 private boolean isParentFirst(final String resourceName) {
   boolean useParentFirst = this.parentFirst;
   Enumeration<String> e = this.systemPackages.elements();
   while (e.hasMoreElements()) {
     final String packageName = e.nextElement();
     if (resourceName.startsWith(packageName)) {
       useParentFirst = true;
       break;
     }
   }
   e = this.loaderPackages.elements();
   while (e.hasMoreElements()) {
     final String packageName = e.nextElement();
     if (resourceName.startsWith(packageName)) {
       useParentFirst = false;
       break;
     }
   }
   return useParentFirst;
 }
Exemple #9
0
    /**
     * Check and see if this set of permissions implies the permissions expressed in "permission".
     *
     * @param p the Permission object to compare
     * @return true if "permission" is a proper subset of a permission in the set, false if not.
     */
    public boolean implies(Permission permission) {
      if (!(permission instanceof ExecPermission)) return false;

      Enumeration e = permissions.elements();

      while (e.hasMoreElements()) {
        ExecPermission x = (ExecPermission) e.nextElement();
        if (x.implies(permission)) {
          return true;
        }
      }
      return false;
    }
 protected void initResourceBundle(UIDefaults table) {
   // The following line of code does not work, when Quaqua has been loaded with
   // a custom class loader. That's why, we have to inject the labels
   // by ourselves:
   // table.addResourceBundle( "ch.randelshofer.quaqua.Labels" );
   ResourceBundle bundle =
       ResourceBundle.getBundle(
           "ch.randelshofer.quaqua.Labels", Locale.getDefault(), getClass().getClassLoader());
   for (Enumeration i = bundle.getKeys(); i.hasMoreElements(); ) {
     String key = (String) i.nextElement();
     table.put(key, bundle.getObject(key));
   }
 }
 public String getClasspath() {
   final StringBuilder sb = new StringBuilder();
   boolean firstPass = true;
   final Enumeration<File> componentEnum = this.pathComponents.elements();
   while (componentEnum.hasMoreElements()) {
     if (!firstPass) {
       sb.append(System.getProperty("path.separator"));
     } else {
       firstPass = false;
     }
     sb.append(componentEnum.nextElement().getAbsolutePath());
   }
   return sb.toString();
 }
 /**
  * Returns the n-th token name or alias
  *
  * @param nIdx index of token
  * @return alias
  */
 private String getTokenName(int nIdx) {
   try {
     if (m_keyStore != null) {
       Enumeration eAliases = m_keyStore.aliases();
       for (int i = 0; eAliases.hasMoreElements(); i++) {
         String alias = (String) eAliases.nextElement();
         if (i == nIdx) return alias;
       }
     }
   } catch (Exception ex) {
     m_logger.error("Error reading store aliases: " + ex);
   }
   return null;
 }
 /**
  * Reset the logging configuration.
  *
  * <p>For all named loggers, the reset operation removes and closes all Handlers and (except for
  * the root logger) sets the level to null. The root logger's level is set to Level.INFO.
  *
  * @exception SecurityException if a security manager exists and if the caller does not have
  *     LoggingPermission("control").
  */
 public void reset() throws SecurityException {
   checkPermission();
   synchronized (this) {
     props = new Properties();
     // Since we are doing a reset we no longer want to initialize
     // the global handlers, if they haven't been initialized yet.
     initializedGlobalHandlers = true;
   }
   Enumeration enum_ = getLoggerNames();
   while (enum_.hasMoreElements()) {
     String name = (String) enum_.nextElement();
     resetLogger(name);
   }
 }
Exemple #14
0
  public static String[] getZipList(String zipFile) throws ZipException, IOException {
    File file = new File(zipFile);
    ZipFile zip = new ZipFile(file);
    Enumeration<? extends ZipEntry> zipFileEntries = zip.entries();
    ArrayList<String> files = new ArrayList<String>();

    // Process each entry
    while (zipFileEntries.hasMoreElements()) {
      // grab a zip file entry
      ZipEntry entry = (ZipEntry) zipFileEntries.nextElement();
      String currentEntry = entry.getName();
      files.add(currentEntry);
    }
    return files.toArray(new String[files.size()]);
  }
 public synchronized void cleanup() {
   final Enumeration<JarFile> e = this.jarFiles.elements();
   while (e.hasMoreElements()) {
     final JarFile jarFile = e.nextElement();
     try {
       jarFile.close();
     } catch (IOException ex) {
     }
   }
   this.jarFiles = new Hashtable<File, JarFile>();
   if (this.project != null) {
     this.project.removeBuildListener(this);
   }
   this.project = null;
 }
 /**
  * Method returns an array of strings representing the list of available token names.
  *
  * @return an array of available token names.
  * @throws DigiDocException if reading the token information fails.
  */
 public String[] getAvailableTokenNames() throws DigiDocException {
   Vector vec = new Vector();
   try {
     if (m_keyStore != null) {
       Enumeration eAliases = m_keyStore.aliases();
       while (eAliases.hasMoreElements()) {
         String alias = (String) eAliases.nextElement();
         vec.add(alias);
       }
     }
   } catch (Exception ex) {
     m_logger.error("Error reading store aliases: " + ex);
   }
   String[] arr = new String[vec.size()];
   for (int i = 0; (vec != null) && (i < vec.size()); i++) arr[i] = (String) vec.elementAt(i);
   return arr;
 }
Exemple #17
0
  public static void extract(String zipFile, String newPath, boolean overwrite)
      throws ZipException, IOException {
    File file = new File(zipFile);

    ZipFile zip = new ZipFile(file);

    new File(newPath).mkdir();
    Enumeration<? extends ZipEntry> zipFileEntries = zip.entries();

    // Process each entry
    while (zipFileEntries.hasMoreElements()) {
      // grab a zip file entry
      ZipEntry entry = (ZipEntry) zipFileEntries.nextElement();
      String currentEntry = entry.getName();
      File destFile = new File(newPath, currentEntry);
      // destFile = new File(newPath, destFile.getName());
      File destinationParent = destFile.getParentFile();

      // create the parent directory structure if needed
      destinationParent.mkdirs();

      if (!entry.isDirectory()) {
        if (!overwrite && destFile.exists()) continue;
        BufferedInputStream is = new BufferedInputStream(zip.getInputStream(entry));
        int currentByte;
        // establish buffer for writing file
        byte data[] = new byte[BUFFER];

        // write the current file to disk
        FileOutputStream fos = new FileOutputStream(destFile);
        BufferedOutputStream dest = new BufferedOutputStream(fos, BUFFER);

        // read and write until last byte is encountered
        while ((currentByte = is.read(data, 0, BUFFER)) != -1) {
          dest.write(data, 0, currentByte);
        }
        close(dest);
        close(is);
      }
    }
  }
  public String verify(JarFile jar, String... algorithms) throws IOException {
    if (algorithms == null || algorithms.length == 0) algorithms = new String[] {"MD5", "SHA"};
    else if (algorithms.length == 1 && algorithms[0].equals("-")) return null;

    try {
      Manifest m = jar.getManifest();
      if (m.getEntries().isEmpty()) return "No name sections";

      for (Enumeration<JarEntry> e = jar.entries(); e.hasMoreElements(); ) {
        JarEntry je = e.nextElement();
        if (MANIFEST_ENTRY.matcher(je.getName()).matches()) continue;

        Attributes nameSection = m.getAttributes(je.getName());
        if (nameSection == null) return "No name section for " + je.getName();

        for (String algorithm : algorithms) {
          try {
            MessageDigest md = MessageDigest.getInstance(algorithm);
            String expected = nameSection.getValue(algorithm + "-Digest");
            if (expected != null) {
              byte digest[] = Base64.decodeBase64(expected);
              copy(jar.getInputStream(je), md);
              if (!Arrays.equals(digest, md.digest()))
                return "Invalid digest for "
                    + je.getName()
                    + ", "
                    + expected
                    + " != "
                    + Base64.encodeBase64(md.digest());
            } else reporter.error("could not find digest for " + algorithm + "-Digest");
          } catch (NoSuchAlgorithmException nsae) {
            return "Missing digest algorithm " + algorithm;
          }
        }
      }
    } catch (Exception e) {
      return "Failed to verify due to exception: " + e.getMessage();
    }
    return null;
  }
 // Private method to be called when the configuration has
 // changed to apply any level settings to any pre-existing loggers.
 private synchronized void setLevelsOnExistingLoggers() {
   Enumeration enum_ = props.propertyNames();
   while (enum_.hasMoreElements()) {
     String key = (String) enum_.nextElement();
     if (!key.endsWith(".level")) {
       // Not a level definition.
       continue;
     }
     int ix = key.length() - 6;
     String name = key.substring(0, ix);
     Level level = getLevelProperty(key, null);
     if (level == null) {
       System.err.println("Bad level value for property: " + key);
       continue;
     }
     Logger l = getLogger(name);
     if (l == null) {
       continue;
     }
     l.setLevel(level);
   }
 }
 @Override
 public Enumeration<URL> getResources(String name) throws IOException {
   try {
     equinoxContainer.checkAdminPermission(this, AdminPermission.RESOURCE);
   } catch (SecurityException e) {
     return null;
   }
   checkValid();
   if (isFragment()) {
     return null;
   }
   ModuleClassLoader classLoader = getModuleClassLoader(false);
   Enumeration<URL> result = null;
   if (classLoader != null) {
     result = classLoader.getResources(name);
   } else {
     result =
         new ClasspathManager((Generation) module.getCurrentRevision().getRevisionInfo(), null)
             .findLocalResources(name);
   }
   return result != null && result.hasMoreElements() ? result : null;
 }
Exemple #21
0
  /**
   * Returns the (alias) name of the first keystore entry whose certificate matches the given
   * certificate.
   *
   * <p>This method attempts to match the given certificate with each keystore entry. If the entry
   * being considered is a <i>trusted certificate entry</i>, the given certificate is compared to
   * that entry's certificate. If the entry being considered is a <i>key entry</i>, the given
   * certificate is compared to the first element of that entry's certificate chain (if a chain
   * exists).
   *
   * @param cert the certificate to match with.
   * @return the (alias) name of the first entry with matching certificate, or null if no such entry
   *     exists in this keystore.
   */
  public String engineGetCertificateAlias(Certificate cert) {
    permissionCheck();
    Certificate certElem;

    for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
      String alias = e.nextElement();
      Object entry = entries.get(alias);
      if (entry instanceof TrustedCertEntry) {
        certElem = ((TrustedCertEntry) entry).cert;
      } else {
        KeyEntry ke = (KeyEntry) entry;
        if (ke.chain == null || ke.chain.length == 0) {
          continue;
        }
        certElem = ke.chain[0];
      }
      if (certElem.equals(cert)) {
        return alias;
      }
    }
    return null;
  }
  public void main(Provider p) throws Exception {

    /*
     * Use Solaris SPARC 11.2 or later to avoid an intermittent failure
     * when running SunPKCS11-Solaris (8044554)
     */
    if (p.getName().equals("SunPKCS11-Solaris")
        && System.getProperty("os.name").equals("SunOS")
        && System.getProperty("os.arch").equals("sparcv9")
        && System.getProperty("os.version").compareTo("5.11") <= 0
        && getDistro().compareTo("11.2") < 0) {

      System.out.println(
          "SunPKCS11-Solaris provider requires " + "Solaris SPARC 11.2 or later, skipping");
      return;
    }

    long start = System.currentTimeMillis();
    provider = p;
    data = new byte[2048];
    new Random().nextBytes(data);
    KeyStore ks = getKeyStore();
    KeyFactory kf = KeyFactory.getInstance("RSA", provider);
    for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
      String alias = (String) e.nextElement();
      if (ks.isKeyEntry(alias)) {
        System.out.println("* Key " + alias + "...");
        PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password);
        PublicKey publicKey = ks.getCertificate(alias).getPublicKey();
        privateKey = (PrivateKey) kf.translateKey(privateKey);
        publicKey = (PublicKey) kf.translateKey(publicKey);
        test(privateKey, publicKey);
      }
    }
    long stop = System.currentTimeMillis();
    System.out.println("All tests passed (" + (stop - start) + " ms).");
  }
Exemple #23
0
  /**
   * Stores this keystore to the given output stream, and protects its integrity with the given
   * password.
   *
   * @param stream Ignored. the output stream to which this keystore is written.
   * @param password the password to generate the keystore integrity check
   * @exception IOException if there was an I/O problem with data
   * @exception NoSuchAlgorithmException if the appropriate data integrity algorithm could not be
   *     found
   * @exception CertificateException if any of the certificates included in the keystore data could
   *     not be stored
   */
  public void engineStore(OutputStream stream, char[] password)
      throws IOException, NoSuchAlgorithmException, CertificateException {
    permissionCheck();

    // Delete items that do have a keychain item ref.
    for (Enumeration<String> e = deletedEntries.keys(); e.hasMoreElements(); ) {
      String alias = e.nextElement();
      Object entry = deletedEntries.get(alias);
      if (entry instanceof TrustedCertEntry) {
        if (((TrustedCertEntry) entry).certRef != 0) {
          _removeItemFromKeychain(((TrustedCertEntry) entry).certRef);
          _releaseKeychainItemRef(((TrustedCertEntry) entry).certRef);
        }
      } else {
        Certificate certElem;
        KeyEntry keyEntry = (KeyEntry) entry;

        if (keyEntry.chain != null) {
          for (int i = 0; i < keyEntry.chain.length; i++) {
            if (keyEntry.chainRefs[i] != 0) {
              _removeItemFromKeychain(keyEntry.chainRefs[i]);
              _releaseKeychainItemRef(keyEntry.chainRefs[i]);
            }
          }

          if (keyEntry.keyRef != 0) {
            _removeItemFromKeychain(keyEntry.keyRef);
            _releaseKeychainItemRef(keyEntry.keyRef);
          }
        }
      }
    }

    // Add all of the certs or keys in the added entries.
    // No need to check for 0 refs, as they are in the added list.
    for (Enumeration<String> e = addedEntries.keys(); e.hasMoreElements(); ) {
      String alias = e.nextElement();
      Object entry = addedEntries.get(alias);
      if (entry instanceof TrustedCertEntry) {
        TrustedCertEntry tce = (TrustedCertEntry) entry;
        Certificate certElem;
        certElem = tce.cert;
        tce.certRef = addCertificateToKeychain(alias, certElem);
      } else {
        KeyEntry keyEntry = (KeyEntry) entry;

        if (keyEntry.chain != null) {
          for (int i = 0; i < keyEntry.chain.length; i++) {
            keyEntry.chainRefs[i] = addCertificateToKeychain(alias, keyEntry.chain[i]);
          }

          keyEntry.keyRef =
              _addItemToKeychain(alias, false, keyEntry.protectedPrivKey, keyEntry.password);
        }
      }
    }

    // Clear the added and deletedEntries hashtables here, now that we're done with the updates.
    // For the deleted entries, we freed up the native references above.
    deletedEntries.clear();
    addedEntries.clear();
  }