/**
   * Load the policies from the specified file. Also checks that the policies are correctly signed.
   */
  private static void loadPolicies(
      File jarPathName, CryptoPermissions defaultPolicy, CryptoPermissions exemptPolicy)
      throws Exception {

    JarFile jf = new JarFile(jarPathName);

    Enumeration<JarEntry> entries = jf.entries();
    while (entries.hasMoreElements()) {
      JarEntry je = entries.nextElement();
      InputStream is = null;
      try {
        if (je.getName().startsWith("default_")) {
          is = jf.getInputStream(je);
          defaultPolicy.load(is);
        } else if (je.getName().startsWith("exempt_")) {
          is = jf.getInputStream(je);
          exemptPolicy.load(is);
        } else {
          continue;
        }
      } finally {
        if (is != null) {
          is.close();
        }
      }

      // Enforce the signer restraint, i.e. signer of JCE framework
      // jar should also be the signer of the two jurisdiction policy
      // jar files.
      JarVerifier.verifyPolicySigned(je.getCertificates());
    }
    // Close and nullify the JarFile reference to help GC.
    jf.close();
    jf = null;
  }
 public int read() throws IOException {
   if (numLeft > 0) {
     int b = is.read();
     jv.update(b, mev);
     numLeft--;
     if (numLeft == 0) jv.update(-1, mev);
     return b;
   } else {
     return -1;
   }
 }
    public int read(byte b[], int off, int len) throws IOException {
      if ((numLeft > 0) && (numLeft < len)) {
        len = (int) numLeft;
      }

      if (numLeft > 0) {
        int n = is.read(b, off, len);
        jv.update(n, b, off, len, mev);
        numLeft -= n;
        if (numLeft == 0) jv.update(-1, b, off, len, mev);
        return n;
      } else {
        return -1;
      }
    }
示例#4
0
 /**
  * Returns the {@code Manifest} object associated with this {@code JarFile} or {@code null} if no
  * MANIFEST entry exists.
  *
  * @return the MANIFEST.
  * @throws IOException if an error occurs reading the MANIFEST file.
  * @throws IllegalStateException if the jar file is closed.
  * @see Manifest
  */
 public Manifest getManifest() throws IOException {
   if (closed) {
     // archive.35=JarFile has been closed
     throw new IllegalStateException(Messages.getString("archive.35")); // $NON-NLS-1$
   }
   if (manifest != null) {
     return manifest;
   }
   try {
     InputStream is = super.getInputStream(manifestEntry);
     if (verifier != null) {
       verifier.addMetaEntry(manifestEntry.getName(), getAllBytesFromStreamAndClose(is));
       is = super.getInputStream(manifestEntry);
     }
     try {
       manifest = new Manifest(is, verifier != null);
     } finally {
       is.close();
     }
     manifestEntry = null; // Can discard the entry now.
   } catch (NullPointerException e) {
     manifestEntry = null;
   }
   return manifest;
 }
示例#5
0
 /**
  * Return an {@code InputStream} for reading the decompressed contents of ZIP entry.
  *
  * @param ze the ZIP entry to be read.
  * @return the input stream to read from.
  * @throws IOException if an error occurred while creating the input stream.
  */
 @Override
 public InputStream getInputStream(ZipEntry ze) throws IOException {
   if (manifestEntry != null) {
     getManifest();
   }
   if (verifier != null) {
     verifier.setManifest(getManifest());
     if (manifest != null) {
       verifier.mainAttributesEnd = manifest.getMainAttributesEnd();
     }
     if (verifier.readCertificates()) {
       verifier.removeMetaEntries();
       if (manifest != null) {
         manifest.removeChunks();
       }
       if (!verifier.isSignedJar()) {
         verifier = null;
       }
     }
   }
   InputStream in = super.getInputStream(ze);
   if (in == null) {
     return null;
   }
   if (verifier == null || ze.getSize() == -1) {
     return in;
   }
   JarVerifier.VerifierEntry entry = verifier.initEntry(ze.getName());
   if (entry == null) {
     return in;
   }
   return new JarFileInputStream(in, ze, entry);
 }
示例#6
0
  /**
   * Called by the JarFile constructors, this method reads the contents of the file's META-INF/
   * directory and picks out the MANIFEST.MF file and verifier signature files if they exist. Any
   * signature files found are registered with the verifier.
   *
   * @throws IOException if there is a problem reading the jar file entries.
   */
  private void readMetaEntries() throws IOException {
    // Get all meta directory entries
    ZipEntry[] metaEntries = getMetaEntriesImpl();
    if (metaEntries == null) {
      verifier = null;
      return;
    }

    boolean signed = false;

    for (ZipEntry entry : metaEntries) {
      String entryName = entry.getName();
      // Is this the entry for META-INF/MANIFEST.MF ?
      if (manifestEntry == null && Util.asciiEqualsIgnoreCase(MANIFEST_NAME, entryName)) {
        manifestEntry = entry;
        // If there is no verifier then we don't need to look any further.
        if (verifier == null) {
          break;
        }
      } else {
        // Is this an entry that the verifier needs?
        if (verifier != null
            && (Util.asciiEndsWithIgnoreCase(entryName, ".SF")
                || Util.asciiEndsWithIgnoreCase(entryName, ".DSA")
                || Util.asciiEndsWithIgnoreCase(entryName, ".RSA"))) {
          signed = true;
          InputStream is = super.getInputStream(entry);
          byte[] buf = getAllBytesFromStreamAndClose(is);
          verifier.addMetaEntry(entryName, buf);
        }
      }
    }

    // If there were no signature files, then no verifier work to do.
    if (!signed) {
      verifier = null;
    }
  }
 /**
  * Verify if the JAR at URL codeBase is a signed provider JAR file.
  *
  * @throws Exception on error
  */
 static void verifyProviderJar(URL codeBase) throws Exception {
   // Verify the provider JAR file and all
   // supporting JAR files if there are any.
   JarVerifier jv = new JarVerifier(codeBase, false);
   jv.verify();
 }
 /**
  * Verify if the JAR at URL codeBase is a signed exempt application JAR file and returns the
  * permissions bundled with the JAR.
  *
  * @throws Exception on error
  */
 static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
   JarVerifier jv = new JarVerifier(codeBase, true);
   jv.verify();
   return jv.getPermissions();
 }