Пример #1
1
  /**
   * Load the policies from the specified file. Also checks that the policies are correctly signed.
   */
  private static void loadPolicies(
      File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
      throws Exception {

    JarFile jf = new JarFile(jarPathName);

    Enumeration<JarEntry> entries = jf.entries();
    while (entries.hasMoreElements()) {
      JarEntry je = entries.nextElement();
      InputStream is = null;
      try {
        if (je.getName().startsWith("default_")) {
          is = jf.getInputStream(je);
          defaultPolicy.load(is);
        } else if (je.getName().startsWith("exempt_")) {
          is = jf.getInputStream(je);
          exemptPolicy.load(is);
        } else {
          continue;
        }
      } finally {
        if (is != null) {
          is.close();
        }
      }

      // Enforce the signer restraint, i.e. signer of JCE framework
      // jar should also be the signer of the two jurisdiction policy
      // jar files.
      JarVerifier.verifyPolicySigned(je.getCertificates());
    }
    // Close and nullify the JarFile reference to help GC.
    jf.close();
    jf = null;
  }
Пример #2
0
  private static void setupJurisdictionPolicies() throws Exception {
    String javaHomeDir = System.getProperty("java.home");
    String sep = File.separator;
    String pathToPolicyJar = javaHomeDir + sep + "lib" + sep + "security" + sep;

    File exportJar = new File(pathToPolicyJar, "US_export_policy.jar");
    File importJar = new File(pathToPolicyJar, "local_policy.jar");
    URL jceCipherURL = ClassLoader.getSystemResource("javax/crypto/Cipher.class");

    if ((jceCipherURL == null) || !exportJar.exists() || !importJar.exists()) {
      throw new SecurityException("Cannot locate policy or framework files!");
    }

    // Read jurisdiction policies.
    CryptoPermissions defaultExport = new CryptoPermissions();
    CryptoPermissions exemptExport = new CryptoPermissions();
    loadPolicies(exportJar, defaultExport, exemptExport);

    CryptoPermissions defaultImport = new CryptoPermissions();
    CryptoPermissions exemptImport = new CryptoPermissions();
    loadPolicies(importJar, defaultImport, exemptImport);

    // Merge the export and import policies for default applications.
    if (defaultExport.isEmpty() || defaultImport.isEmpty()) {
      throw new SecurityException("Missing mandatory jurisdiction " + "policy files");
    }
    defaultPolicy = defaultExport.getMinimum(defaultImport);

    // Merge the export and import policies for exempt applications.
    if (exemptExport.isEmpty()) {
      exemptPolicy = exemptImport.isEmpty() ? null : exemptImport;
    } else {
      exemptPolicy = exemptExport.getMinimum(exemptImport);
    }
  }
Пример #3
0
  static {
    try {
      AccessController.doPrivileged(
          new PrivilegedExceptionAction<Object>() {
            public Object run() throws Exception {
              setupJurisdictionPolicies();
              return null;
            }
          });

      isRestricted = defaultPolicy.implies(CryptoAllPermission.INSTANCE) ? false : true;
    } catch (Exception e) {
      throw new SecurityException("Can not initialize cryptographic mechanism", e);
    }
  }