/**
* Load the policies from the specified file. Also checks that the policies are correctly signed.
*/
private static void loadPolicies(
File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
throws Exception {
JarFile jf = new JarFile(jarPathName);
Enumeration<JarEntry> entries = jf.entries();
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
InputStream is = null;
try {
if (je.getName().startsWith("default_")) {
is = jf.getInputStream(je);
defaultPolicy.load(is);
} else if (je.getName().startsWith("exempt_")) {
is = jf.getInputStream(je);
exemptPolicy.load(is);
} else {
continue;
}
} finally {
if (is != null) {
is.close();
}
}
// Enforce the signer restraint, i.e. signer of JCE framework
// jar should also be the signer of the two jurisdiction policy
// jar files.
JarVerifier.verifyPolicySigned(je.getCertificates());
}
// Close and nullify the JarFile reference to help GC.
jf.close();
jf = null;
}
/**
* Verify if the JAR at URL codeBase is a signed provider JAR file.
*
* @throws Exception on error
*/
static void verifyProviderJar(URL codeBase) throws Exception {
// Verify the provider JAR file and all
// supporting JAR files if there are any.
JarVerifier jv = new JarVerifier(codeBase, false);
jv.verify();
}
/**
* Verify if the JAR at URL codeBase is a signed exempt application JAR file and returns the
* permissions bundled with the JAR.
*
* @throws Exception on error
*/
static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
JarVerifier jv = new JarVerifier(codeBase, true);
jv.verify();
return jv.getPermissions();
}