/** * Load the policies from the specified file. Also checks that the policies are correctly signed. */ private static void loadPolicies( File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy) throws Exception { JarFile jf = new JarFile(jarPathName); Enumeration<JarEntry> entries = jf.entries(); while (entries.hasMoreElements()) { JarEntry je = entries.nextElement(); InputStream is = null; try { if (je.getName().startsWith("default_")) { is = jf.getInputStream(je); defaultPolicy.load(is); } else if (je.getName().startsWith("exempt_")) { is = jf.getInputStream(je); exemptPolicy.load(is); } else { continue; } } finally { if (is != null) { is.close(); } } // Enforce the signer restraint, i.e. signer of JCE framework // jar should also be the signer of the two jurisdiction policy // jar files. JarVerifier.verifyPolicySigned(je.getCertificates()); } // Close and nullify the JarFile reference to help GC. jf.close(); jf = null; }
/** * Verify if the JAR at URL codeBase is a signed provider JAR file. * * @throws Exception on error */ static void verifyProviderJar(URL codeBase) throws Exception { // Verify the provider JAR file and all // supporting JAR files if there are any. JarVerifier jv = new JarVerifier(codeBase, false); jv.verify(); }
/** * Verify if the JAR at URL codeBase is a signed exempt application JAR file and returns the * permissions bundled with the JAR. * * @throws Exception on error */ static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception { JarVerifier jv = new JarVerifier(codeBase, true); jv.verify(); return jv.getPermissions(); }