/**
* Looks up providers, and returns the property (and its associated provider) mapping the key, if
* any. The order in which the providers are looked up is the provider-preference order, as
* specificed in the security properties file.
*/
private static ProviderProperty getProviderProperty(String key) {
ProviderProperty entry = null;
List providers = Providers.getProviderList().providers();
for (int i = 0; i < providers.size(); i++) {
String matchKey = null;
Provider prov = (Provider) providers.get(i);
String prop = prov.getProperty(key);
if (prop == null) {
// Is there a match if we do a case-insensitive property name
// comparison? Let's try ...
for (Enumeration e = prov.keys(); e.hasMoreElements() && prop == null; ) {
matchKey = (String) e.nextElement();
if (key.equalsIgnoreCase(matchKey)) {
prop = prov.getProperty(matchKey);
break;
}
}
}
if (prop != null) {
ProviderProperty newEntry = new ProviderProperty();
newEntry.className = prop;
newEntry.provider = prov;
return newEntry;
}
}
return entry;
}
/** Returns the property (if any) mapping the key for the given provider. */
private static String getProviderProperty(String key, Provider provider) {
String prop = provider.getProperty(key);
if (prop == null) {
// Is there a match if we do a case-insensitive property name
// comparison? Let's try ...
for (Enumeration e = provider.keys(); e.hasMoreElements() && prop == null; ) {
String matchKey = (String) e.nextElement();
if (key.equalsIgnoreCase(matchKey)) {
prop = provider.getProperty(matchKey);
break;
}
}
}
return prop;
}
/*
* Verify that the provider JAR files are signed properly, which
* means the signer's certificate can be traced back to a
* JCE trusted CA.
* Return null if ok, failure Exception if verification failed.
*/
static synchronized Exception getVerificationResult(Provider p) {
Object o = verificationResults.get(p);
if (o == PROVIDER_VERIFIED) {
return null;
} else if (o != null) {
return (Exception) o;
}
if (verifyingProviders.get(p) != null) {
// this method is static synchronized, must be recursion
// return failure now but do not save the result
return new NoSuchProviderException("Recursion during verification");
}
try {
verifyingProviders.put(p, Boolean.FALSE);
URL providerURL = getCodeBase(p.getClass());
verifyProviderJar(providerURL);
// Verified ok, cache result
verificationResults.put(p, PROVIDER_VERIFIED);
return null;
} catch (Exception e) {
verificationResults.put(p, e);
return e;
} finally {
verifyingProviders.remove(p);
}
}
static Instance getInstance(String type, Class<?> clazz, String algorithm, Provider provider)
throws NoSuchAlgorithmException {
Service s = GetInstance.getService(type, algorithm, provider);
Exception ve = JceSecurity.getVerificationResult(provider);
if (ve != null) {
String msg = "JCE cannot authenticate the provider " + provider.getName();
throw new SecurityException(msg, ve);
}
return GetInstance.getInstance(s, clazz);
}
/**
* Adds a new provider, at a specified position. The position is the preference order in which
* providers are searched for requested algorithms. Note that it is not guaranteed that this
* preference will be respected. The position is 1-based, that is, 1 is most preferred, followed
* by 2, and so on.
*
* <p>If the given provider is installed at the requested position, the provider that used to be
* at that position, and all providers with a position greater than <code>position</code>, are
* shifted up one position (towards the end of the list of installed providers).
*
* <p>A provider cannot be added if it is already installed.
*
* <p>First, if there is a security manager, its <code>checkSecurityAccess</code> method is called
* with the string <code>"insertProvider."+provider.getName()</code> to see if it's ok to add a
* new provider. If the default implementation of <code>checkSecurityAccess</code> is used (i.e.,
* that method is not overriden), then this will result in a call to the security manager's <code>
* checkPermission</code> method with a <code>
* SecurityPermission("insertProvider."+provider.getName())</code> permission.
*
* @param provider the provider to be added.
* @param position the preference position that the caller would like for this provider.
* @return the actual preference position in which the provider was added, or -1 if the provider
* was not added because it is already installed.
* @throws NullPointerException if provider is null
* @throws SecurityException if a security manager exists and its <code>{@link
* java.lang.SecurityManager#checkSecurityAccess}</code> method denies access to add a
* new provider
* @see #getProvider
* @see #removeProvider
* @see java.security.SecurityPermission
*/
public static synchronized int insertProviderAt(Provider provider, int position) {
String providerName = provider.getName();
check("insertProvider." + providerName);
ProviderList list = Providers.getFullProviderList();
ProviderList newList = ProviderList.insertAt(list, provider, position - 1);
if (list == newList) {
return -1;
}
Providers.setProviderList(newList);
return newList.getIndex(providerName) + 1;
}
