/** * Load the policies from the specified file. Also checks that the policies are correctly signed. */ private static void loadPolicies( File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy) throws Exception { JarFile jf = new JarFile(jarPathName); Enumeration<JarEntry> entries = jf.entries(); while (entries.hasMoreElements()) { JarEntry je = entries.nextElement(); InputStream is = null; try { if (je.getName().startsWith("default_")) { is = jf.getInputStream(je); defaultPolicy.load(is); } else if (je.getName().startsWith("exempt_")) { is = jf.getInputStream(je); exemptPolicy.load(is); } else { continue; } } finally { if (is != null) { is.close(); } } // Enforce the signer restraint, i.e. signer of JCE framework // jar should also be the signer of the two jurisdiction policy // jar files. JarVerifier.verifyPolicySigned(je.getCertificates()); } // Close and nullify the JarFile reference to help GC. jf.close(); jf = null; }
/** * Loads the keystore from the Keychain. * * @param stream Ignored - here for API compatibility. * @param password Ignored - if user needs to unlock keychain Security framework will post any * dialogs. * @exception IOException if there is an I/O or format problem with the keystore data * @exception NoSuchAlgorithmException if the algorithm used to check the integrity of the * keystore cannot be found * @exception CertificateException if any of the certificates in the keystore could not be loaded */ public void engineLoad(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException { permissionCheck(); // Release any stray keychain references before clearing out the entries. synchronized (entries) { for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) { String alias = e.nextElement(); Object entry = entries.get(alias); if (entry instanceof TrustedCertEntry) { if (((TrustedCertEntry) entry).certRef != 0) { _releaseKeychainItemRef(((TrustedCertEntry) entry).certRef); } } else { KeyEntry keyEntry = (KeyEntry) entry; if (keyEntry.chain != null) { for (int i = 0; i < keyEntry.chain.length; i++) { if (keyEntry.chainRefs[i] != 0) { _releaseKeychainItemRef(keyEntry.chainRefs[i]); } } if (keyEntry.keyRef != 0) { _releaseKeychainItemRef(keyEntry.keyRef); } } } } entries.clear(); _scanKeychain(); } }
protected PermissionCollection getPermissions(CodeSource codeSource) { PermissionCollection perms; try { try { perms = super.getPermissions(codeSource); } catch (SecurityException e) { // We lied about our CodeSource and that makes URLClassLoader unhappy. perms = new Permissions(); } ProtectionDomain myDomain = AccessController.doPrivileged( new PrivilegedAction<ProtectionDomain>() { public ProtectionDomain run() { return getClass().getProtectionDomain(); } }); PermissionCollection myPerms = myDomain.getPermissions(); if (myPerms != null) { for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements(); ) { perms.add(elements.nextElement()); } } } catch (Throwable e) { // We lied about our CodeSource and that makes URLClassLoader unhappy. perms = new Permissions(); } perms.setReadOnly(); return perms; }
public URL getResource(final String name) { URL url = null; if (this.isParentFirst(name)) { url = ((this.parent == null) ? super.getResource(name) : this.parent.getResource(name)); } if (url != null) { this.log("Resource " + name + " loaded from parent loader", 4); } else { final Enumeration<File> e = this.pathComponents.elements(); while (e.hasMoreElements() && url == null) { final File pathComponent = e.nextElement(); url = this.getResourceURL(pathComponent, name); if (url != null) { this.log("Resource " + name + " loaded from ant loader", 4); } } } if (url == null && !this.isParentFirst(name)) { if (this.ignoreBase) { url = ((this.getRootLoader() == null) ? null : this.getRootLoader().getResource(name)); } else { url = ((this.parent == null) ? super.getResource(name) : this.parent.getResource(name)); } if (url != null) { this.log("Resource " + name + " loaded from parent loader", 4); } } if (url == null) { this.log("Couldn't load Resource " + name, 4); } return url; }
private Class<?> findClassInComponents(final String name) throws ClassNotFoundException { final String classFilename = this.getClassFilename(name); final Enumeration<File> e = this.pathComponents.elements(); while (e.hasMoreElements()) { final File pathComponent = e.nextElement(); InputStream stream = null; try { stream = this.getResourceStream(pathComponent, classFilename); if (stream != null) { this.log("Loaded from " + pathComponent + " " + classFilename, 4); return this.getClassFromStream(stream, name, pathComponent); } continue; } catch (SecurityException se) { throw se; } catch (IOException ioe) { this.log( "Exception reading component " + pathComponent + " (reason: " + ioe.getMessage() + ")", 3); } finally { FileUtils.close(stream); } } throw new ClassNotFoundException(name); }
public void addJavaLibraries() { final Vector<String> packages = JavaEnvUtils.getJrePackages(); final Enumeration<String> e = packages.elements(); while (e.hasMoreElements()) { final String packageName = e.nextElement(); this.addSystemPackageRoot(packageName); } }
private InputStream loadResource(final String name) { InputStream stream = null; File pathComponent; for (Enumeration<File> e = this.pathComponents.elements(); e.hasMoreElements() && stream == null; stream = this.getResourceStream(pathComponent, name)) { pathComponent = e.nextElement(); } return stream; }
private boolean isParentFirst(final String resourceName) { boolean useParentFirst = this.parentFirst; Enumeration<String> e = this.systemPackages.elements(); while (e.hasMoreElements()) { final String packageName = e.nextElement(); if (resourceName.startsWith(packageName)) { useParentFirst = true; break; } } e = this.loaderPackages.elements(); while (e.hasMoreElements()) { final String packageName = e.nextElement(); if (resourceName.startsWith(packageName)) { useParentFirst = false; break; } } return useParentFirst; }
/** * Check and see if this set of permissions implies the permissions expressed in "permission". * * @param p the Permission object to compare * @return true if "permission" is a proper subset of a permission in the set, false if not. */ public boolean implies(Permission permission) { if (!(permission instanceof ExecPermission)) return false; Enumeration e = permissions.elements(); while (e.hasMoreElements()) { ExecPermission x = (ExecPermission) e.nextElement(); if (x.implies(permission)) { return true; } } return false; }
protected void initResourceBundle(UIDefaults table) { // The following line of code does not work, when Quaqua has been loaded with // a custom class loader. That's why, we have to inject the labels // by ourselves: // table.addResourceBundle( "ch.randelshofer.quaqua.Labels" ); ResourceBundle bundle = ResourceBundle.getBundle( "ch.randelshofer.quaqua.Labels", Locale.getDefault(), getClass().getClassLoader()); for (Enumeration i = bundle.getKeys(); i.hasMoreElements(); ) { String key = (String) i.nextElement(); table.put(key, bundle.getObject(key)); } }
public String getClasspath() { final StringBuilder sb = new StringBuilder(); boolean firstPass = true; final Enumeration<File> componentEnum = this.pathComponents.elements(); while (componentEnum.hasMoreElements()) { if (!firstPass) { sb.append(System.getProperty("path.separator")); } else { firstPass = false; } sb.append(componentEnum.nextElement().getAbsolutePath()); } return sb.toString(); }
/** * Returns the n-th token name or alias * * @param nIdx index of token * @return alias */ private String getTokenName(int nIdx) { try { if (m_keyStore != null) { Enumeration eAliases = m_keyStore.aliases(); for (int i = 0; eAliases.hasMoreElements(); i++) { String alias = (String) eAliases.nextElement(); if (i == nIdx) return alias; } } } catch (Exception ex) { m_logger.error("Error reading store aliases: " + ex); } return null; }
/** * Reset the logging configuration. * * <p>For all named loggers, the reset operation removes and closes all Handlers and (except for * the root logger) sets the level to null. The root logger's level is set to Level.INFO. * * @exception SecurityException if a security manager exists and if the caller does not have * LoggingPermission("control"). */ public void reset() throws SecurityException { checkPermission(); synchronized (this) { props = new Properties(); // Since we are doing a reset we no longer want to initialize // the global handlers, if they haven't been initialized yet. initializedGlobalHandlers = true; } Enumeration enum_ = getLoggerNames(); while (enum_.hasMoreElements()) { String name = (String) enum_.nextElement(); resetLogger(name); } }
public static String[] getZipList(String zipFile) throws ZipException, IOException { File file = new File(zipFile); ZipFile zip = new ZipFile(file); Enumeration<? extends ZipEntry> zipFileEntries = zip.entries(); ArrayList<String> files = new ArrayList<String>(); // Process each entry while (zipFileEntries.hasMoreElements()) { // grab a zip file entry ZipEntry entry = (ZipEntry) zipFileEntries.nextElement(); String currentEntry = entry.getName(); files.add(currentEntry); } return files.toArray(new String[files.size()]); }
public synchronized void cleanup() { final Enumeration<JarFile> e = this.jarFiles.elements(); while (e.hasMoreElements()) { final JarFile jarFile = e.nextElement(); try { jarFile.close(); } catch (IOException ex) { } } this.jarFiles = new Hashtable<File, JarFile>(); if (this.project != null) { this.project.removeBuildListener(this); } this.project = null; }
/** * Method returns an array of strings representing the list of available token names. * * @return an array of available token names. * @throws DigiDocException if reading the token information fails. */ public String[] getAvailableTokenNames() throws DigiDocException { Vector vec = new Vector(); try { if (m_keyStore != null) { Enumeration eAliases = m_keyStore.aliases(); while (eAliases.hasMoreElements()) { String alias = (String) eAliases.nextElement(); vec.add(alias); } } } catch (Exception ex) { m_logger.error("Error reading store aliases: " + ex); } String[] arr = new String[vec.size()]; for (int i = 0; (vec != null) && (i < vec.size()); i++) arr[i] = (String) vec.elementAt(i); return arr; }
public static void extract(String zipFile, String newPath, boolean overwrite) throws ZipException, IOException { File file = new File(zipFile); ZipFile zip = new ZipFile(file); new File(newPath).mkdir(); Enumeration<? extends ZipEntry> zipFileEntries = zip.entries(); // Process each entry while (zipFileEntries.hasMoreElements()) { // grab a zip file entry ZipEntry entry = (ZipEntry) zipFileEntries.nextElement(); String currentEntry = entry.getName(); File destFile = new File(newPath, currentEntry); // destFile = new File(newPath, destFile.getName()); File destinationParent = destFile.getParentFile(); // create the parent directory structure if needed destinationParent.mkdirs(); if (!entry.isDirectory()) { if (!overwrite && destFile.exists()) continue; BufferedInputStream is = new BufferedInputStream(zip.getInputStream(entry)); int currentByte; // establish buffer for writing file byte data[] = new byte[BUFFER]; // write the current file to disk FileOutputStream fos = new FileOutputStream(destFile); BufferedOutputStream dest = new BufferedOutputStream(fos, BUFFER); // read and write until last byte is encountered while ((currentByte = is.read(data, 0, BUFFER)) != -1) { dest.write(data, 0, currentByte); } close(dest); close(is); } } }
public String verify(JarFile jar, String... algorithms) throws IOException { if (algorithms == null || algorithms.length == 0) algorithms = new String[] {"MD5", "SHA"}; else if (algorithms.length == 1 && algorithms[0].equals("-")) return null; try { Manifest m = jar.getManifest(); if (m.getEntries().isEmpty()) return "No name sections"; for (Enumeration<JarEntry> e = jar.entries(); e.hasMoreElements(); ) { JarEntry je = e.nextElement(); if (MANIFEST_ENTRY.matcher(je.getName()).matches()) continue; Attributes nameSection = m.getAttributes(je.getName()); if (nameSection == null) return "No name section for " + je.getName(); for (String algorithm : algorithms) { try { MessageDigest md = MessageDigest.getInstance(algorithm); String expected = nameSection.getValue(algorithm + "-Digest"); if (expected != null) { byte digest[] = Base64.decodeBase64(expected); copy(jar.getInputStream(je), md); if (!Arrays.equals(digest, md.digest())) return "Invalid digest for " + je.getName() + ", " + expected + " != " + Base64.encodeBase64(md.digest()); } else reporter.error("could not find digest for " + algorithm + "-Digest"); } catch (NoSuchAlgorithmException nsae) { return "Missing digest algorithm " + algorithm; } } } } catch (Exception e) { return "Failed to verify due to exception: " + e.getMessage(); } return null; }
/** * Returns the (alias) name of the first keystore entry whose certificate matches the given * certificate. * * <p>This method attempts to match the given certificate with each keystore entry. If the entry * being considered is a <i>trusted certificate entry</i>, the given certificate is compared to * that entry's certificate. If the entry being considered is a <i>key entry</i>, the given * certificate is compared to the first element of that entry's certificate chain (if a chain * exists). * * @param cert the certificate to match with. * @return the (alias) name of the first entry with matching certificate, or null if no such entry * exists in this keystore. */ public String engineGetCertificateAlias(Certificate cert) { permissionCheck(); Certificate certElem; for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) { String alias = e.nextElement(); Object entry = entries.get(alias); if (entry instanceof TrustedCertEntry) { certElem = ((TrustedCertEntry) entry).cert; } else { KeyEntry ke = (KeyEntry) entry; if (ke.chain == null || ke.chain.length == 0) { continue; } certElem = ke.chain[0]; } if (certElem.equals(cert)) { return alias; } } return null; }
// Private method to be called when the configuration has // changed to apply any level settings to any pre-existing loggers. private synchronized void setLevelsOnExistingLoggers() { Enumeration enum_ = props.propertyNames(); while (enum_.hasMoreElements()) { String key = (String) enum_.nextElement(); if (!key.endsWith(".level")) { // Not a level definition. continue; } int ix = key.length() - 6; String name = key.substring(0, ix); Level level = getLevelProperty(key, null); if (level == null) { System.err.println("Bad level value for property: " + key); continue; } Logger l = getLogger(name); if (l == null) { continue; } l.setLevel(level); } }
public void main(Provider p) throws Exception { /* * Use Solaris SPARC 11.2 or later to avoid an intermittent failure * when running SunPKCS11-Solaris (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && System.getProperty("os.name").equals("SunOS") && System.getProperty("os.arch").equals("sparcv9") && System.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println( "SunPKCS11-Solaris provider requires " + "Solaris SPARC 11.2 or later, skipping"); return; } long start = System.currentTimeMillis(); provider = p; data = new byte[2048]; new Random().nextBytes(data); KeyStore ks = getKeyStore(); KeyFactory kf = KeyFactory.getInstance("RSA", provider); for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) { String alias = (String) e.nextElement(); if (ks.isKeyEntry(alias)) { System.out.println("* Key " + alias + "..."); PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password); PublicKey publicKey = ks.getCertificate(alias).getPublicKey(); privateKey = (PrivateKey) kf.translateKey(privateKey); publicKey = (PublicKey) kf.translateKey(publicKey); test(privateKey, publicKey); } } long stop = System.currentTimeMillis(); System.out.println("All tests passed (" + (stop - start) + " ms)."); }
/** * Stores this keystore to the given output stream, and protects its integrity with the given * password. * * @param stream Ignored. the output stream to which this keystore is written. * @param password the password to generate the keystore integrity check * @exception IOException if there was an I/O problem with data * @exception NoSuchAlgorithmException if the appropriate data integrity algorithm could not be * found * @exception CertificateException if any of the certificates included in the keystore data could * not be stored */ public void engineStore(OutputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException { permissionCheck(); // Delete items that do have a keychain item ref. for (Enumeration<String> e = deletedEntries.keys(); e.hasMoreElements(); ) { String alias = e.nextElement(); Object entry = deletedEntries.get(alias); if (entry instanceof TrustedCertEntry) { if (((TrustedCertEntry) entry).certRef != 0) { _removeItemFromKeychain(((TrustedCertEntry) entry).certRef); _releaseKeychainItemRef(((TrustedCertEntry) entry).certRef); } } else { Certificate certElem; KeyEntry keyEntry = (KeyEntry) entry; if (keyEntry.chain != null) { for (int i = 0; i < keyEntry.chain.length; i++) { if (keyEntry.chainRefs[i] != 0) { _removeItemFromKeychain(keyEntry.chainRefs[i]); _releaseKeychainItemRef(keyEntry.chainRefs[i]); } } if (keyEntry.keyRef != 0) { _removeItemFromKeychain(keyEntry.keyRef); _releaseKeychainItemRef(keyEntry.keyRef); } } } } // Add all of the certs or keys in the added entries. // No need to check for 0 refs, as they are in the added list. for (Enumeration<String> e = addedEntries.keys(); e.hasMoreElements(); ) { String alias = e.nextElement(); Object entry = addedEntries.get(alias); if (entry instanceof TrustedCertEntry) { TrustedCertEntry tce = (TrustedCertEntry) entry; Certificate certElem; certElem = tce.cert; tce.certRef = addCertificateToKeychain(alias, certElem); } else { KeyEntry keyEntry = (KeyEntry) entry; if (keyEntry.chain != null) { for (int i = 0; i < keyEntry.chain.length; i++) { keyEntry.chainRefs[i] = addCertificateToKeychain(alias, keyEntry.chain[i]); } keyEntry.keyRef = _addItemToKeychain(alias, false, keyEntry.protectedPrivKey, keyEntry.password); } } } // Clear the added and deletedEntries hashtables here, now that we're done with the updates. // For the deleted entries, we freed up the native references above. deletedEntries.clear(); addedEntries.clear(); }