Hi,
On Thu, 2008-08-28 at 15:44 +0200, Mark Wielaard wrote:
> There is still a lot of cruft in the codebase for preventing the usage
> of certain crypto algorithms or key-sizes. And we were actually shipping
> restricted policies preventing people from using unlimted crypto. Oops.
>
> So if you saw: "java.securityInvalidKeyException: Illegal key size or
> default parameters" that was caused by wrongly installed security policy
> files. The code was actually there, just not properly activated.
>
> This patch cleans up the crypto code so it doesn't go out of its way to
> prevent usage of "restricted crypto" and makes sure no restricted crypto
> security policies are installed.
I cleaned it up a bit more. It now removes all the unneeded classes like
JarVerifier (that didn't actually do anything) and JceSecurityManager
(that did all the unnecessary tricky class loader stack walking stuff)
and reduces the JceSecurity class to just the method getInstance() and
the static field RANDOM for the shared SecureRandom instance.
For now I also kept the canUseProvider() method, that can now just
return true. This last one was kept because the SecretKeyFactory,
KeyGenerator, Mac and KeyAgreement classes still call it. It could be
removed completely but I wanted to keep something that in principle
could be easily used for some closed proprietary version that still
insists on this "restricted crypto" thing.
I believe this version is pretty clean. And it should be simple to
verify that it works correctly now since all unnecessary code is just
thrown out. Of course I threw all the crypto and security tests at it
that I could find and all happily passed. I did alter the TestUtil class
so that it always checks all algorithms and full keys.
It would be nice to push this in OpenJDK proper so there is less
divergence and so the GPLed version always has full crypto support
enabled.
If you still want to support a ClosedJDK with restricted crypto support
then all you have to do it provide your own Cipher and JceSecurity
class, plus any of the now removed auxiliary classes JarVerfifier and
JceSecurityManager. Everything else can be the same between the free
openjdk and proprietary closedjdk.
Please let me know if you would need any help integrating this.
I did already push it into icedtea6.
Thanks,
Mark
diff -r 4aebfff4f8a2 jdk/make/javax/crypto/Makefile
--- openjdk.orig/jdk/make/javax/crypto/Makefile Mon Sep 15 11:38:34 2008 +0200
+++ openjdk/jdk/make/javax/crypto/Makefile Thu Sep 25 17:45:37 2008 +0200
@@ -155,7 +155,8 @@
#
ifdef OPENJDK
-all: build-jar install-jar build-policy install-limited
+# We don't need any policy files.
+all: build-jar install-jar
else # OPENJDK
ifeq ($(strip $(FILES_java)),)
all:
diff -r 4aebfff4f8a2 jdk/src/share/classes/javax/crypto/Cipher.java
--- openjdk.orig/jdk/src/share/classes/javax/crypto/Cipher.java Mon Sep 15 11:38:34 2008 +0200
+++ openjdk/jdk/src/share/classes/javax/crypto/Cipher.java Thu Sep 25 17:45:37 2008 +0200
@@ -144,12 +144,6 @@
// The transformation
private String transformation;
- // Crypto permission representing the maximum allowable cryptographic
- // strength that this Cipher object can be used for. (The cryptographic
- // strength is a function of the keysize and algorithm parameters encoded
- // in the crypto permission.)
- private CryptoPermission cryptoPerm;
-
// The exemption mechanism that needs to be enforced
private ExemptionMechanism exmech;
@@ -190,16 +184,9 @@
protected Cipher(CipherSpi cipherSpi,
Provider provider,
String transformation) {
- // See bug 4341369 & 4334690 for more info.
- // If the caller is trusted, then okey.
- // Otherwise throw a NullPointerException.
- if (!JceSecurityManager.INSTANCE.isCallerTrusted()) {
- throw new NullPointerException();
- }
this.spi = cipherSpi;
this.provider = provider;
this.transformation = transformation;
- this.cryptoPerm = CryptoAllPermission.INSTANCE;
this.lock = null;
}
@@ -212,7 +199,6 @@
Cipher(CipherSpi cipherSpi, String transformation) {
this.spi = cipherSpi;
this.transformation = transformation;
- this.cryptoPerm = CryptoAllPermission.INSTANCE;
this.lock = null;
}
@@ -442,9 +428,6 @@
Exception failure = null;
while (t.hasNext()) {
Service s = (Service)t.next();
- if (JceSecurity.canUseProvider(s.getProvider()) == false) {
- continue;
- }
Transform tr = getTransform(s, transforms);
if (tr == null) {
// should never happen
@@ -570,26 +553,12 @@
}
Exception failure = null;
List transforms = getTransforms(transformation);
- boolean providerChecked = false;
String paddingError = null;
for (Iterator t = transforms.iterator(); t.hasNext();) {
Transform tr = (Transform)t.next();
Service s = provider.getService("Cipher", tr.transform);
if (s == null) {
continue;
- }
- if (providerChecked == false) {
- // for compatibility, first do the lookup and then verify
- // the provider. this makes the difference between a NSAE
- // and a SecurityException if the
- // provider does not support the algorithm.
- Exception ve = JceSecurity.getVerificationResult(provider);
- if (ve != null) {
- String msg = "JCE cannot authenticate the provider "
- + provider.getName();
- throw new SecurityException(msg, ve);
- }
- providerChecked = true;
}
if (tr.supportsMode(s) == S_NO) {
continue;
@@ -603,7 +572,6 @@
tr.setModePadding(spi);
Cipher cipher = new Cipher(spi, transformation);
cipher.provider = s.getProvider();
- cipher.initCryptoPermission();
return cipher;
} catch (Exception e) {
failure = e;
@@ -620,22 +588,6 @@
}
throw new NoSuchAlgorithmException
("No such algorithm: " + transformation, failure);
- }
-
- // If the requested crypto service is export-controlled,
- // determine the maximum allowable keysize.
- private void initCryptoPermission() throws NoSuchAlgorithmException {
- if (JceSecurity.isRestricted() == false) {
- cryptoPerm = CryptoAllPermission.INSTANCE;
- exmech = null;
- return;
- }
- cryptoPerm = getConfiguredPermission(transformation);
- // Instantiate the exemption mechanism (if required)
- String exmechName = cryptoPerm.getExemptionMechanism();
- if (exmechName != null) {
- exmech = ExemptionMechanism.getInstance(exmechName);
- }
}
// max number of debug warnings to print from chooseFirstProvider()
@@ -679,9 +631,6 @@
s = (Service)serviceIterator.next();
thisSpi = null;
}
- if (JceSecurity.canUseProvider(s.getProvider()) == false) {
- continue;
- }
Transform tr = getTransform(s, transforms);
if (tr == null) {
// should never happen
@@ -699,7 +648,6 @@
thisSpi = (CipherSpi)obj;
}
tr.setModePadding(thisSpi);
- initCryptoPermission();
spi = thisSpi;
provider = s.getProvider();
// not needed any more
@@ -731,19 +679,15 @@
InvalidAlgorithmParameterException {
switch (type) {
case I_KEY:
- checkCryptoPerm(thisSpi, key);
thisSpi.engineInit(opmode, key, random);
break;
case I_PARAMSPEC:
- checkCryptoPerm(thisSpi, key, paramSpec);
thisSpi.engineInit(opmode, key, paramSpec, random);
break;
case I_PARAMS:
- checkCryptoPerm(thisSpi, key, params);
thisSpi.engineInit(opmode, key, params, random);
break;
case I_CERT:
- checkCryptoPerm(thisSpi, key);
thisSpi.engineInit(opmode, key, random);
break;
default:
@@ -777,9 +721,6 @@
if (s.supportsParameter(key) == false) {
continue;
}
- if (JceSecurity.canUseProvider(s.getProvider()) == false) {
- continue;
- }
Transform tr = getTransform(s, transforms);
if (tr == null) {
// should never happen
@@ -793,7 +734,6 @@
thisSpi = (CipherSpi)s.newInstance(null);
}
tr.setModePadding(thisSpi);
- initCryptoPermission();
implInit(thisSpi, initType, opmode, key, paramSpec,
params, random);
provider = s.getProvider();
@@ -939,107 +879,6 @@
return exmech;
}
- //
- // Crypto permission check code below
- //
- private void checkCryptoPerm(CipherSpi checkSpi, Key key)
- throws InvalidKeyException {
- if (cryptoPerm == CryptoAllPermission.INSTANCE) {
- return;
- }
- // Check if key size and default parameters are within legal limits
- AlgorithmParameterSpec params;
- try {
- params = getAlgorithmParameterSpec(checkSpi.engineGetParameters());
- } catch (InvalidParameterSpecException ipse) {
- throw new InvalidKeyException
- ("Unsupported default algorithm parameters");
- }
- if (!passCryptoPermCheck(checkSpi, key, params)) {
- throw new InvalidKeyException(
- "Illegal key size or default parameters");
- }
- }
-
- private void checkCryptoPerm(CipherSpi checkSpi, Key key,
- AlgorithmParameterSpec params) throws InvalidKeyException,
- InvalidAlgorithmParameterException {
- if (cryptoPerm == CryptoAllPermission.INSTANCE) {
- return;
- }
- // Determine keysize and check if it is within legal limits
- if (!passCryptoPermCheck(checkSpi, key, null)) {
- throw new InvalidKeyException("Illegal key size");
- }
- if ((params != null) && (!passCryptoPermCheck(checkSpi, key, params))) {
- throw new InvalidAlgorithmParameterException("Illegal parameters");
- }
- }
-
- private void checkCryptoPerm(CipherSpi checkSpi, Key key,
- AlgorithmParameters params)
- throws InvalidKeyException, InvalidAlgorithmParameterException {
- if (cryptoPerm == CryptoAllPermission.INSTANCE) {
- return;
- }
- // Convert the specified parameters into specs and then delegate.
- AlgorithmParameterSpec pSpec;
- try {
- pSpec = getAlgorithmParameterSpec(params);
- } catch (InvalidParameterSpecException ipse) {
- throw new InvalidAlgorithmParameterException
- ("Failed to retrieve algorithm parameter specification");
- }
- checkCryptoPerm(checkSpi, key, pSpec);
- }
-
- private boolean passCryptoPermCheck(CipherSpi checkSpi, Key key,
- AlgorithmParameterSpec params)
- throws InvalidKeyException {
- String em = cryptoPerm.getExemptionMechanism();
- int keySize = checkSpi.engineGetKeySize(key);
- // Use the "algorithm" component of the cipher
- // transformation so that the perm check would
- // work when the key has the "aliased" algo.
- String algComponent;
- int index = transformation.indexOf('/');
- if (index != -1) {
- algComponent = transformation.substring(0, index);
- } else {
- algComponent = transformation;
- }
- CryptoPermission checkPerm =
- new CryptoPermission(algComponent, keySize, params, em);
-
- if (!cryptoPerm.implies(checkPerm)) {
- if (debug != null) {
- debug.println("Crypto Permission check failed");
- debug.println("granted: " + cryptoPerm);
- debug.println("requesting: " + checkPerm);
- }
- return false;
- }
- if (exmech == null) {
- return true;
- }
- try {
- if (!exmech.isCryptoAllowed(key)) {
- if (debug != null) {
- debug.println(exmech.getName() + " isn't enforced");
- }
- return false;
- }
- } catch (ExemptionMechanismException eme) {
- if (debug != null) {
- debug.println("Cannot determine whether "+
- exmech.getName() + " has been enforced");
- eme.printStackTrace();
- }
- return false;
- }
- return true;
- }
-
// check if opmode is one of the defined constants
// throw InvalidParameterExeption if not
private static void checkOpmode(int opmode) {
@@ -1144,7 +983,6 @@
checkOpmode(opmode);
if (spi != null) {
- checkCryptoPerm(spi, key);
spi.engineInit(opmode, key, random);
} else {
try {
@@ -1270,7 +1108,6 @@
checkOpmode(opmode);
if (spi != null) {
- checkCryptoPerm(spi, key, params);
spi.engineInit(opmode, key, params, random);
} else {
chooseProvider(I_PARAMSPEC, opmode, key, params, null, random);
@@ -1391,7 +1228,6 @@
checkOpmode(opmode);
if (spi != null) {
- checkCryptoPerm(spi, key, params);
spi.engineInit(opmode, key, params, random);
} else {
chooseProvider(I_PARAMS, opmode, key, null, params, random);
@@ -1555,7 +1391,6 @@
(certificate==null? null:certificate.getPublicKey());
if (spi != null) {
- checkCryptoPerm(spi, publicKey);
spi.engineInit(opmode, publicKey, random);
} else {
try {
@@ -2361,12 +2196,15 @@
return null;
}
+ // Used by getMaxAllowedKeyLength and getMaxAllowedParameterSpec
+ // always returns CryptoAllPermission. Old stuff from bad old days.
private static CryptoPermission getConfiguredPermission(
String transformation) throws NullPointerException,
NoSuchAlgorithmException {
if (transformation == null) throw new NullPointerException();
- String[] parts = tokenizeTransformation(transformation);
- return JceSecurityManager.INSTANCE.getCryptoPermission(parts[0]);
+ // Called to make sure it is a valid transformation.
+ tokenizeTransformation(transformation);
+ return CryptoAllPermission.INSTANCE;
}
/**
diff -r 4aebfff4f8a2 jdk/src/share/classes/javax/crypto/JarVerifier.java
--- openjdk/jdk/src/share/classes/javax/crypto/JarVerifier.java Mon Sep 15 11:38:34 2008 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,170 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package javax.crypto;
-
-import java.io.*;
-import java.net.*;
-import java.security.*;
-import java.util.*;
-import java.util.jar.*;
-import javax.crypto.CryptoPolicyParser.ParsingException;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used. Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
- // The URL for the JAR file we want to verify.
- private URL jarURL;
- private boolean savePerms;
- private CryptoPermissions appPerms = null;
-
- /**
- * Creates a JarVerifier object to verify the given URL.
- *
- * @param jarURL the JAR file to be verified.
- * @param savePerms if true, save the permissions allowed by the
- * exemption mechanism
- */
- JarVerifier(URL jarURL, boolean savePerms) {
- this.jarURL = jarURL;
- this.savePerms = savePerms;
- }
-
- /**
- * Verify the JAR file is signed by an entity which has a certificate
- * issued by a trusted CA.
- *
- * In OpenJDK, we just need to examine the "cryptoperms" file to see
- * if any permissions were bundled together with this jar file.
- */
- void verify() throws JarException, IOException {
-
- // Short-circuit. If we weren't asked to save any, we're done.
- if (!savePerms) {
- return;
- }
-
- // If the protocol of jarURL isn't "jar", we should
- // construct a JAR URL so we can open a JarURLConnection
- // for verifying this provider.
- final URL url = jarURL.getProtocol().equalsIgnoreCase("jar")?
- jarURL : new URL("jar:" + jarURL.toString() + "!/");
-
- JarFile jf = null;
- try {
-
- // Get a link to the Jarfile to search.
- try {
- jf = (JarFile)
- AccessController.doPrivileged(
- new PrivilegedExceptionAction() {
- public Object run() throws Exception {
- JarURLConnection conn =
- (JarURLConnection) url.openConnection();
- // You could do some caching here as
- // an optimization.
- conn.setUseCaches(false);
- return conn.getJarFile();
- }
- });
- } catch (java.security.PrivilegedActionException pae) {
- SecurityException se = new SecurityException(
- "Cannot load " + url.toString());
- se.initCause(pae);
- throw se;
- }
-
- if (jf != null) {
- JarEntry je = jf.getJarEntry("cryptoPerms");
- if (je == null) {
- throw new JarException(
- "Can not find cryptoPerms");
- }
- try {
- appPerms = new CryptoPermissions();
- appPerms.load(jf.getInputStream(je));
- } catch (Exception ex) {
- JarException jex =
- new JarException("Cannot load/parse" +
- jarURL.toString());
- jex.initCause(ex);
- throw jex;
- }
- }
- } finally {
- // Only call close() when caching is not enabled.
- // Otherwise, exceptions will be thrown for all
- // subsequent accesses of this cached jar.
- if (jf != null) {
- jf.close();
- }
- }
- }
-
- /**
- * Verify that the provided JarEntry was indeed signed by the
- * framework signing certificate.
- *
- * @param je the URL of the jar entry to be checked.
- * @throws Exception if the jar entry was not signed by
- * the proper certificate
- */
- static void verifyFrameworkSigned(URL je) throws Exception {
- }
-
- /**
- * Verify that the provided certs include the
- * framework signing certificate.
- *
- * @param certs the list of certs to be checked.
- * @throws Exception if the list of certs did not contain
- * the framework signing certificate
- */
- static void verifyPolicySigned(java.security.cert.Certificate[] certs)
- throws Exception {
- }
-
- /**
- * Returns the permissions which are bundled with the JAR file,
- * aka the "cryptoperms" file.
- *
- * NOTE: if this JarVerifier instance is constructed with "savePerms"
- * equal to false, then this method would always return null.
- */
- CryptoPermissions getPermissions() {
- return appPerms;
- }
-}
diff -r 4aebfff4f8a2 jdk/src/share/classes/javax/crypto/JceSecurity.java
--- openjdk.orig/jdk/src/share/classes/javax/crypto/JceSecurity.java Mon Sep 15 11:38:34 2008 +0200
+++ openjdk/jdk/src/share/classes/javax/crypto/JceSecurity.java Thu Sep 25 17:45:37 2008 +0200
@@ -25,11 +25,7 @@
package javax.crypto;
-import java.lang.ref.*;
import java.util.*;
-import java.util.jar.*;
-import java.io.*;
-import java.net.URL;
import java.security.*;
import java.security.Provider.Service;
@@ -48,23 +44,8 @@
final class JceSecurity {
+ // Used in KeyGenerator, Cipher and KeyAgreement.
static final SecureRandom RANDOM = new SecureRandom();
-
- // The defaultPolicy and exemptPolicy will be set up
- // in the static initializer.
- private static CryptoPermissions defaultPolicy = null;
- private static CryptoPermissions exemptPolicy = null;
-
- // Map<Provider,?> of the providers we already have verified
- // value == PROVIDER_VERIFIED is successfully verified
- // value is failure cause Exception in error case
- private final static Map verificationResults = new IdentityHashMap();
-
- // Map<Provider,?> of the providers currently being verified
- private final static Map verifyingProviders = new IdentityHashMap();
-
- // Set the default value. May be changed in the static initializer.
- private static boolean isRestricted = true;
/*
* Don't let anyone instantiate this.
@@ -72,48 +53,16 @@
private JceSecurity() {
}
- static {
- try {
- AccessController.doPrivileged(new PrivilegedExceptionAction() {
- public Object run() throws Exception {
- setupJurisdictionPolicies();
- return null;
- }
- });
-
- isRestricted = defaultPolicy.implies(
- CryptoAllPermission.INSTANCE) ? false : true;
- } catch (Exception e) {
- SecurityException se =
- new SecurityException(
- "Can not initialize cryptographic mechanism");
- se.initCause(e);
- throw se;
- }
- }
-
static Instance getInstance(String type, Class clazz, String algorithm,
String provider) throws NoSuchAlgorithmException,
NoSuchProviderException {
Service s = GetInstance.getService(type, algorithm, provider);
- Exception ve = getVerificationResult(s.getProvider());
- if (ve != null) {
- String msg = "JCE cannot authenticate the provider " + provider;
- throw (NoSuchProviderException)
- new NoSuchProviderException(msg).initCause(ve);
- }
return GetInstance.getInstance(s, clazz);
}
static Instance getInstance(String type, Class clazz, String algorithm,
Provider provider) throws NoSuchAlgorithmException {
Service s = GetInstance.getService(type, algorithm, provider);
- Exception ve = JceSecurity.getVerificationResult(provider);
- if (ve != null) {
- String msg = "JCE cannot authenticate the provider "
- + provider.getName();
- throw new SecurityException(msg, ve);
- }
return GetInstance.getInstance(s, clazz);
}
@@ -123,10 +72,6 @@
NoSuchAlgorithmException failure = null;
for (Iterator t = services.iterator(); t.hasNext(); ) {
Service s = (Service)t.next();
- if (canUseProvider(s.getProvider()) == false) {
- // allow only signed providers
- continue;
- }
try {
Instance instance = GetInstance.getInstance(s, clazz);
return instance;
@@ -138,203 +83,10 @@
+ " not available", failure);
}
- /**
- * Verify if the JAR at URL codeBase is a signed exempt application
- * JAR file and returns the permissions bundled with the JAR.
- *
- * @throws Exception on error
- */
- static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
- JarVerifier jv = new JarVerifier(codeBase, true);
- jv.verify();
- return jv.getPermissions();
- }
-
- /**
- * Verify if the JAR at URL codeBase is a signed provider JAR file.
- *
- * @throws Exception on error
- */
- static void verifyProviderJar(URL codeBase) throws Exception {
- // Verify the provider JAR file and all
- // supporting JAR files if there are any.
- JarVerifier jv = new JarVerifier(codeBase, false);
- jv.verify();
- }
-
- private final static Object PROVIDER_VERIFIED = Boolean.TRUE;
-
- /*
- * Verify that the provider JAR files are signed properly, which
- * means the signer's certificate can be traced back to a
- * JCE trusted CA.
- * Return null if ok, failure Exception if verification failed.
- */
- static synchronized Exception getVerificationResult(Provider p) {
- Object o = verificationResults.get(p);
- if (o == PROVIDER_VERIFIED) {
- return null;
- } else if (o != null) {
- return (Exception)o;
- }
- if (verifyingProviders.get(p) != null) {
- // this method is static synchronized, must be recursion
- // return failure now but do not save the result
- return new NoSuchProviderException("Recursion during verification");
- }
- try {
- verifyingProviders.put(p, Boolean.FALSE);
- URL providerURL = getCodeBase(p.getClass());
- verifyProviderJar(providerURL);
- // Verified ok, cache result
- verificationResults.put(p, PROVIDER_VERIFIED);
- return null;
- } catch (Exception e) {
- verificationResults.put(p, e);
- return e;
- } finally {
- verifyingProviders.remove(p);
- }
- }
-
- // return whether this provider is properly signed and can be used by JCE
+ // Used to return whether this provider is properly signed and
+ // can be used by JCE. These days just returns true. Still used
+ // in SecretKeyFactory, KeyGenerator, Mac and KeyAgreement.
static boolean canUseProvider(Provider p) {
- return getVerificationResult(p) == null;
- }
-
- // dummy object to represent null
- private static final URL NULL_URL;
-
- static {
- try {
- NULL_URL = new URL("http://null.sun.com/";);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- // reference to a Map we use as a cache for codebases
- private static final Map codeBaseCacheRef = new WeakHashMap();
-
- /*
- * Retuns the CodeBase for the given class.
- */
- static URL getCodeBase(final Class clazz) {
- URL url = (URL)codeBaseCacheRef.get(clazz);
- if (url == null) {
- url = (URL)AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
- ProtectionDomain pd = clazz.getProtectionDomain();
- if (pd != null) {
- CodeSource cs = pd.getCodeSource();
- if (cs != null) {
- return cs.getLocation();
- }
- }
- return NULL_URL;
- }
- });
- codeBaseCacheRef.put(clazz, url);
- }
- return (url == NULL_URL) ? null : url;
- }
-
- private static void setupJurisdictionPolicies() throws Exception {
- String javaHomeDir = System.getProperty("java.home");
- String sep = File.separator;
- String pathToPolicyJar = javaHomeDir + sep + "lib" + sep +
- "security" + sep;
-
- File exportJar = new File(pathToPolicyJar, "US_export_policy.jar");
- File importJar = new File(pathToPolicyJar, "local_policy.jar");
- URL jceCipherURL = ClassLoader.getSystemResource
- ("javax/crypto/Cipher.class");
-
- if ((jceCipherURL == null) ||
- !exportJar.exists() || !importJar.exists()) {
- throw new SecurityException
- ("Cannot locate policy or framework files!");
- }
-
- // Enforce the signer restraint, i.e. signer of JCE framework
- // jar should also be the signer of the two jurisdiction policy
- // jar files.
- JarVerifier.verifyFrameworkSigned(jceCipherURL);
-
- // Read jurisdiction policies.
- CryptoPermissions defaultExport = new CryptoPermissions();
- CryptoPermissions exemptExport = new CryptoPermissions();
- loadPolicies(exportJar, defaultExport, exemptExport);
-
- CryptoPermissions defaultImport = new CryptoPermissions();
- CryptoPermissions exemptImport = new CryptoPermissions();
- loadPolicies(importJar, defaultImport, exemptImport);
-
- // Merge the export and import policies for default applications.
- if (defaultExport.isEmpty() || defaultImport.isEmpty()) {
- throw new SecurityException("Missing mandatory jurisdiction " +
- "policy files");
- }
- defaultPolicy = defaultExport.getMinimum(defaultImport);
-
- // Merge the export and import policies for exempt applications.
- if (exemptExport.isEmpty()) {
- exemptPolicy = exemptImport.isEmpty() ? null : exemptImport;
- } else {
- exemptPolicy = exemptExport.getMinimum(exemptImport);
- }
- }
-
- /**
- * Load the policies from the specified file. Also checks that the
- * policies are correctly signed.
- */
- private static void loadPolicies(File jarPathName,
- CryptoPermissions defaultPolicy,
- CryptoPermissions exemptPolicy)
- throws Exception {
-
- JarFile jf = new JarFile(jarPathName);
-
- Enumeration entries = jf.entries();
- while (entries.hasMoreElements()) {
- JarEntry je = (JarEntry)entries.nextElement();
- InputStream is = null;
- try {
- if (je.getName().startsWith("default_")) {
- is = jf.getInputStream(je);
- defaultPolicy.load(is);
- } else if (je.getName().startsWith("exempt_")) {
- is = jf.getInputStream(je);
- exemptPolicy.load(is);
- } else {
- continue;
- }
- } finally {
- if (is != null) {
- is.close();
- }
- }
-
- // Enforce the signer restraint, i.e. signer of JCE framework
- // jar should also be the signer of the two jurisdiction policy
- // jar files.
- JarVerifier.verifyPolicySigned(je.getCertificates());
- }
- // Close and nullify the JarFile reference to help GC.
- jf.close();
- jf = null;
- }
-
- static CryptoPermissions getDefaultPolicy() {
- return defaultPolicy;
- }
-
- static CryptoPermissions getExemptPolicy() {
- return exemptPolicy;
- }
-
- static boolean isRestricted() {
- return isRestricted;
+ return true;
}
}
diff -r 4aebfff4f8a2 jdk/src/share/classes/javax/crypto/JceSecurityManager.java
--- openjdk/jdk/src/share/classes/javax/crypto/JceSecurityManager.java Mon Sep 15 11:38:34 2008 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,252 +0,0 @@
-/*
- * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package javax.crypto;
-
-import java.security.*;
-import java.net.*;
-import java.util.*;
-import java.util.jar.*;
-
-/**
- * The JCE security manager.
- *
- * <p>The JCE security manager is responsible for determining the maximum
- * allowable cryptographic strength for a given applet/application, for a given
- * algorithm, by consulting the configured jurisdiction policy files and
- * the cryptographic permissions bundled with the applet/application.
- *
- * <p>Note that this security manager is never installed, only instantiated.
- *
- * @author Jan Luehe
- *
- * @since 1.4
- */
-
-final class JceSecurityManager extends SecurityManager {
-
- private static final CryptoPermissions defaultPolicy;
- private static final CryptoPermissions exemptPolicy;
- private static final CryptoAllPermission allPerm;
- private static final Vector TrustedCallersCache = new Vector(2);
- private static final Map exemptCache = new HashMap();
-
- // singleton instance
- static final JceSecurityManager INSTANCE;
-
- static {
- defaultPolicy = JceSecurity.getDefaultPolicy();
- exemptPolicy = JceSecurity.getExemptPolicy();
- allPerm = CryptoAllPermission.INSTANCE;
- INSTANCE = (JceSecurityManager)
- AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
- return new JceSecurityManager();
- }
- });
- }
-
- private JceSecurityManager() {
- // empty
- }
-
- /**
- * Returns the maximum allowable crypto strength for the given
- * applet/application, for the given algorithm.
- */
- CryptoPermission getCryptoPermission(String alg) {
- // Need to convert to uppercase since the crypto perm
- // lookup is case sensitive.
- alg = alg.toUpperCase(Locale.ENGLISH);
-
- // If CryptoAllPermission is granted by default, we return that.
- // Otherwise, this will be the permission we return if anything goes
- // wrong.
- CryptoPermission defaultPerm = getDefaultPermission(alg);
- if (defaultPerm == CryptoAllPermission.INSTANCE) {
- return defaultPerm;
- }
-
- // Determine the codebase of the caller of the JCE API.
- // This is the codebase of the first class which is not in
- // javax.crypto.* packages.
- // NOTE: javax.crypto.* package maybe subject to package
- // insertion, so need to check its classloader as well.
- Class[] context = getClassContext();
- URL callerCodeBase = null;
- int i;
- for (i=0; i<context.length; i++) {
- Class cls = context[i];
- callerCodeBase = JceSecurity.getCodeBase(cls);
- if (callerCodeBase != null) {
- break;
- } else {
- if (cls.getName().startsWith("javax.crypto.")) {
- // skip jce classes since they aren't the callers
- continue;
- }
- // use default permission when the caller is system classes
- return defaultPerm;
- }
- }
-
- if (i == context.length) {
- return defaultPerm;
- }
-
- CryptoPermissions appPerms;
- synchronized (this.getClass()) {
- if (exemptCache.containsKey(callerCodeBase)) {
- appPerms = (CryptoPermissions)exemptCache.get(callerCodeBase);
- } else {
- appPerms = getAppPermissions(callerCodeBase);
- exemptCache.put(callerCodeBase, appPerms);
- }
- }
-
- if (appPerms == null) {
- return defaultPerm;
- }
-
- // If the app was granted the special CryptoAllPermission, return that.
- if (appPerms.implies(allPerm)) {
- return allPerm;
- }
-
- // Check if the crypto permissions granted to the app contain a
- // crypto permission for the requested algorithm that does not require
- // any exemption mechanism to be enforced.
- // Return that permission, if present.
- PermissionCollection appPc = appPerms.getPermissionCollection(alg);
- if (appPc == null) {
- return defaultPerm;
- }
- Enumeration enum_ = appPc.elements();
- while (enum_.hasMoreElements()) {
- CryptoPermission cp = (CryptoPermission)enum_.nextElement();
- if (cp.getExemptionMechanism() == null) {
- return cp;
- }
- }
-
- // Check if the jurisdiction file for exempt applications contains
- // any entries for the requested algorithm.
- // If not, return the default permission.
- PermissionCollection exemptPc =
- exemptPolicy.getPermissionCollection(alg);
- if (exemptPc == null) {
- return defaultPerm;
- }
-
- // In the jurisdiction file for exempt applications, go through the
- // list of CryptoPermission entries for the requested algorithm, and
- // stop at the first entry:
- // - that is implied by the collection of crypto permissions granted
- // to the app, and
- // - whose exemption mechanism is available from one of the
- // registered CSPs
- enum_ = exemptPc.elements();
- while (enum_.hasMoreElements()) {
- CryptoPermission cp = (CryptoPermission)enum_.nextElement();
- try {
- ExemptionMechanism.getInstance(cp.getExemptionMechanism());
- if (cp.getAlgorithm().equals(
- CryptoPermission.ALG_NAME_WILDCARD)) {
- CryptoPermission newCp;
- if (cp.getCheckParam()) {
- newCp = new CryptoPermission(
- alg, cp.getMaxKeySize(),
- cp.getAlgorithmParameterSpec(),
- cp.getExemptionMechanism());
- } else {
- newCp = new CryptoPermission(
- alg, cp.getMaxKeySize(),
- cp.getExemptionMechanism());
- }
- if (appPerms.implies(newCp)) {
- return newCp;
- }
- }
-
- if (appPerms.implies(cp)) {
- return cp;
- }
- } catch (Exception e) {
- continue;
- }
- }
- return defaultPerm;
- }
-
- private static CryptoPermissions getAppPermissions(URL callerCodeBase) {
- // Check if app is exempt, and retrieve the permissions bundled with it
- try {
- return JceSecurity.verifyExemptJar(callerCodeBase);
- } catch (Exception e) {
- // Jar verification fails
- return null;
- }
-
- }
-
- /**
- * Returns the default permission for the given algorithm.
- */
- private CryptoPermission getDefaultPermission(String alg) {
- Enumeration enum_ =
- defaultPolicy.getPermissionCollection(alg).elements();
- return (CryptoPermission)enum_.nextElement();
- }
-
- // See bug 4341369 & 4334690 for more info.
- boolean isCallerTrusted() {
- // Get the caller and its codebase.
- Class[] context = getClassContext();
- URL callerCodeBase = null;
- int i;
- for (i=0; i<context.length; i++) {
- callerCodeBase = JceSecurity.getCodeBase(context[i]);
- if (callerCodeBase != null) {
- break;
- }
- }
- // The caller is in the JCE framework.
- if (i == context.length) {
- return true;
- }
- //The caller has been verified.
- if (TrustedCallersCache.contains(context[i])) {
- return true;
- }
- // Check whether the caller is a trusted provider.
- try {
- JceSecurity.verifyProviderJar(callerCodeBase);
- } catch (Exception e2) {
- return false;
- }
- TrustedCallersCache.addElement(context[i]);
- return true;
- }
-}
diff -r 4aebfff4f8a2 jdk/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java
--- openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java Mon Sep 15 11:38:34 2008 +0200
+++ openjdk/jdk/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java Thu Sep 25 17:45:37 2008 +0200
@@ -44,18 +44,9 @@
}
}
- private static boolean isUnlimitedPolicy() throws IOException {
+ private static boolean isUnlimitedPolicy() {
if (instance == null) {
- String jreDir = System.getProperty("java.home");
- String localPolicyPath = jreDir + File.separator + "lib" +
- File.separator + "security" + File.separator +
- "local_policy.jar";
- JarFile localPolicy = new JarFile(localPolicyPath);
- if (localPolicy.getEntry("exempt_local.policy") == null) {
- return true;
- } else {
- return false;
- }
+ return true;
} else {
return instance.isUnlimited;
}
