/** Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.** This code is free software; you can redistribute it and/or modify it* under the terms of the GNU General Public License version 2 only, as* published by the Free Software Foundation. Oracle designates this* particular file as subject to the "Classpath" exception as provided* by Oracle in the LICENSE file that accompanied this code.** This code is distributed in the hope that it will be useful, but WITHOUT* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License* version 2 for more details (a copy is included in the LICENSE file that* accompanied this code).** You should have received a copy of the GNU General Public License version* 2 along with this work; if not, write to the Free Software Foundation,* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.** Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA* or visit www.oracle.com if you need additional information or have any* questions.*//** README README README README README README README README README** This file is the template for generating the JceSecurity.java source* file.** In the current jdk builds, this file is first preprocessed to replace* @@JCE_DEFAULT_POLICY@ [sic] with "limited" or "unlimited" which is* determined by the $(UNLIMTED_CRYPTO) make variable. This variable is* set by top-level configure script, using either* --disable-unlimited-crypto or --enable-unlimited-crypto [default].** Since this file is a generated source, incremental changes to* this file require regenerating the source. Compilation options:** (fewer dependencies/"faster" ones first)** 1. make JDK_FILTER=javax/crypto java.base-gensrc-only java.base-java-only* 2. make java.base-gensrc-only java.base-java-only* 3. make java.base-gensrc-only java.base-only* 4. make java.base-only* 5. make*/package javax.crypto;import java.util.*;import java.io.*;import java.net.URL;import java.nio.file.*;import java.security.*;import java.security.Provider.Service;import jdk.internal.util.StaticProperty;import sun.security.jca.*;import sun.security.jca.GetInstance.Instance;import sun.security.util.Debug;/*** This class instantiates implementations of JCE engine classes from* providers registered with the java.security.Security object.** @author Jan Luehe* @author Sharon Liu* @since 1.4*/final class JceSecurity {private static final Debug debug = Debug.getInstance("jca");static final SecureRandom RANDOM = new SecureRandom();// The defaultPolicy and exemptPolicy will be set up// in the static initializer.private static CryptoPermissions defaultPolicy = null;private static CryptoPermissions exemptPolicy = null;// Map<Provider,?> of the providers we already have verified// value == PROVIDER_VERIFIED is successfully verified// value is failure cause Exception in error caseprivate static final Map<Provider, Object> verificationResults =new IdentityHashMap<>();// Map<Provider,?> of the providers currently being verifiedprivate static final Map<Provider, Object> verifyingProviders =new IdentityHashMap<>();private static final boolean isRestricted;/** Don't let anyone instantiate this.*/private JceSecurity() {}static {try {AccessController.doPrivileged(new PrivilegedExceptionAction<> () {@Overridepublic Void run() throws Exception {setupJurisdictionPolicies();return null;}});isRestricted = defaultPolicy.implies(CryptoAllPermission.INSTANCE) ? false : true;} catch (Exception e) {throw new SecurityException("Can not initialize cryptographic mechanism", e);}}static Instance getInstance(String type, Class<?> clazz, String algorithm,String provider) throws NoSuchAlgorithmException,NoSuchProviderException {Service s = GetInstance.getService(type, algorithm, provider);Exception ve = getVerificationResult(s.getProvider());if (ve != null) {String msg = "JCE cannot authenticate the provider " + provider;throw (NoSuchProviderException)new NoSuchProviderException(msg).initCause(ve);}return GetInstance.getInstance(s, clazz);}static Instance getInstance(String type, Class<?> clazz, String algorithm,Provider provider) throws NoSuchAlgorithmException {Service s = GetInstance.getService(type, algorithm, provider);Exception ve = JceSecurity.getVerificationResult(provider);if (ve != null) {String msg = "JCE cannot authenticate the provider "+ provider.getName();throw new SecurityException(msg, ve);}return GetInstance.getInstance(s, clazz);}static Instance getInstance(String type, Class<?> clazz, String algorithm)throws NoSuchAlgorithmException {List<Service> services = GetInstance.getServices(type, algorithm);NoSuchAlgorithmException failure = null;for (Service s : services) {if (canUseProvider(s.getProvider()) == false) {// allow only signed providerscontinue;}try {Instance instance = GetInstance.getInstance(s, clazz);return instance;} catch (NoSuchAlgorithmException e) {failure = e;}}throw new NoSuchAlgorithmException("Algorithm " + algorithm+ " not available", failure);}/*** Verify if the JAR at URL codeBase is a signed exempt application* JAR file and returns the permissions bundled with the JAR.** @throws Exception on error*/static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {ProviderVerifier pv = new ProviderVerifier(codeBase, true);pv.verify();return pv.getPermissions();}/*** Verify if the JAR at URL codeBase is a signed provider JAR file.** @throws Exception on error*/static void verifyProvider(URL codeBase, Provider p) throws Exception {// Verify the provider JAR file and all// supporting JAR files if there are any.ProviderVerifier pv = new ProviderVerifier(codeBase, p, false);pv.verify();}private static final Object PROVIDER_VERIFIED = Boolean.TRUE;/** Verify that the provider JAR files are signed properly, which* means the signer's certificate can be traced back to a* JCE trusted CA.* Return null if ok, failure Exception if verification failed.*/static synchronized Exception getVerificationResult(Provider p) {Object o = verificationResults.get(p);if (o == PROVIDER_VERIFIED) {return null;} else if (o != null) {return (Exception)o;}if (verifyingProviders.get(p) != null) {// this method is static synchronized, must be recursion// return failure now but do not save the resultreturn new NoSuchProviderException("Recursion during verification");}try {verifyingProviders.put(p, Boolean.FALSE);URL providerURL = getCodeBase(p.getClass());verifyProvider(providerURL, p);// Verified ok, cache resultverificationResults.put(p, PROVIDER_VERIFIED);return null;} catch (Exception e) {verificationResults.put(p, e);return e;} finally {verifyingProviders.remove(p);}}// return whether this provider is properly signed and can be used by JCEstatic boolean canUseProvider(Provider p) {return getVerificationResult(p) == null;}// dummy object to represent nullprivate static final URL NULL_URL;static {try {NULL_URL = new URL("http://null.oracle.com/");} catch (Exception e) {throw new RuntimeException(e);}}// reference to a Map we use as a cache for codebasesprivate static final Map<Class<?>, URL> codeBaseCacheRef =new WeakHashMap<>();/** Returns the CodeBase for the given class.*/static URL getCodeBase(final Class<?> clazz) {synchronized (codeBaseCacheRef) {URL url = codeBaseCacheRef.get(clazz);if (url == null) {url = AccessController.doPrivileged(new PrivilegedAction<>() {@Overridepublic URL run() {ProtectionDomain pd = clazz.getProtectionDomain();if (pd != null) {CodeSource cs = pd.getCodeSource();if (cs != null) {return cs.getLocation();}}return NULL_URL;}});codeBaseCacheRef.put(clazz, url);}return (url == NULL_URL) ? null : url;}}// This is called from within an doPrivileged block.private static void setupJurisdictionPolicies() throws Exception {// Sanity check the crypto.policy Security property. Single// directory entry, no pseudo-directories (".", "..", leading/trailing// path separators). normalize()/getParent() will help later.String cryptoPolicyProperty = Security.getProperty("crypto.policy");/** In case no property is present, rather than fail catastrophically,* we at least try for a "sane" value, which is what we were* built with. We first preprocess this file to plug in that* value, then compile the result gensrc.** Log the warning first.*/if (cryptoPolicyProperty == null) {cryptoPolicyProperty = "unlimited";if (debug != null) {debug.println("Security Property 'crypto.policy' not found: "+ "using '" + cryptoPolicyProperty + "' as fallback");}}Path cpPath = Paths.get(cryptoPolicyProperty);if ((cpPath.getNameCount() != 1) ||(cpPath.compareTo(cpPath.getFileName()) != 0)) {throw new SecurityException("Invalid policy directory name format: " +cryptoPolicyProperty);}// Prepend java.home to get the full path. normalize() in// case an extra "." or ".." snuck in somehow.String javaHomeProperty = StaticProperty.javaHome();Path javaHomePolicyPath = Paths.get(javaHomeProperty, "conf","security", "policy").normalize();Path cryptoPolicyPath = Paths.get(javaHomeProperty, "conf", "security","policy", cryptoPolicyProperty).normalize();if (cryptoPolicyPath.getParent().compareTo(javaHomePolicyPath) != 0) {throw new SecurityException("Invalid cryptographic jurisdiction policy directory path: " +cryptoPolicyProperty);}if (!Files.isDirectory(cryptoPolicyPath)|| !Files.isReadable(cryptoPolicyPath)) {throw new SecurityException("Can't read cryptographic policy directory: " +cryptoPolicyProperty);}try (DirectoryStream<Path> stream = Files.newDirectoryStream(cryptoPolicyPath, "{default,exempt}_*.policy")) {for (Path entry : stream) {try (InputStream is = new BufferedInputStream(Files.newInputStream(entry))) {String filename = entry.getFileName().toString();CryptoPermissions tmpPerms = new CryptoPermissions();tmpPerms.load(is);if (filename.startsWith("default_")) {// Did we find a default perms?defaultPolicy = ((defaultPolicy == null) ? tmpPerms :defaultPolicy.getMinimum(tmpPerms));} else if (filename.startsWith("exempt_")) {// Did we find a exempt perms?exemptPolicy = ((exemptPolicy == null) ? tmpPerms :exemptPolicy.getMinimum(tmpPerms));} else {// This should never happen. newDirectoryStream// should only throw return "{default,exempt}_*.policy"throw new SecurityException("Unexpected jurisdiction policy files in : " +cryptoPolicyProperty);}} catch (Exception e) {throw new SecurityException("Couldn't parse jurisdiction policy files in: " +cryptoPolicyProperty);}}} catch (DirectoryIteratorException ex) {// I/O error encountered during the iteration,// the cause is an IOExceptionthrow new SecurityException("Couldn't iterate through the jurisdiction policy files: " +cryptoPolicyProperty);}// Must have a default policyif ((defaultPolicy == null) || defaultPolicy.isEmpty()) {throw new SecurityException("Missing mandatory jurisdiction policy files: " +cryptoPolicyProperty);}// If there was an empty exempt policy file, ignore it.if ((exemptPolicy != null) && exemptPolicy.isEmpty()) {exemptPolicy = null;}}static CryptoPermissions getDefaultPolicy() {return defaultPolicy;}static CryptoPermissions getExemptPolicy() {return exemptPolicy;}static boolean isRestricted() {return isRestricted;}}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。