/**
   * Load the policies from the specified file. Also checks that the policies are correctly signed.
   */
  private static void loadPolicies(
      File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
      throws Exception {

    JarFile jf = new JarFile(jarPathName);

    Enumeration<JarEntry> entries = jf.entries();
    while (entries.hasMoreElements()) {
      JarEntry je = entries.nextElement();
      InputStream is = null;
      try {
        if (je.getName().startsWith("default_")) {
          is = jf.getInputStream(je);
          defaultPolicy.load(is);
        } else if (je.getName().startsWith("exempt_")) {
          is = jf.getInputStream(je);
          exemptPolicy.load(is);
        } else {
          continue;
        }
      } finally {
        if (is != null) {
          is.close();
        }
      }

      // Enforce the signer restraint, i.e. signer of JCE framework
      // jar should also be the signer of the two jurisdiction policy
      // jar files.
      JarVerifier.verifyPolicySigned(je.getCertificates());
    }
    // Close and nullify the JarFile reference to help GC.
    jf.close();
    jf = null;
  }
 /**
  * Verify if the JAR at URL codeBase is a signed provider JAR file.
  *
  * @throws Exception on error
  */
 static void verifyProviderJar(URL codeBase) throws Exception {
   // Verify the provider JAR file and all
   // supporting JAR files if there are any.
   JarVerifier jv = new JarVerifier(codeBase, false);
   jv.verify();
 }
 /**
  * Verify if the JAR at URL codeBase is a signed exempt application JAR file and returns the
  * permissions bundled with the JAR.
  *
  * @throws Exception on error
  */
 static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
   JarVerifier jv = new JarVerifier(codeBase, true);
   jv.verify();
   return jv.getPermissions();
 }