From 3bfea67a9dcf5d964588a40a71f014a60e14916f Mon Sep 17 00:00:00 2001 From: Bradford Wetmore Date: Fri, 26 Sep 2014 17:05:05 -0700 Subject: [PATCH] 8058845: Update JCE environment for build improvements Reviewed-by: mullan, alanb, erikj, mchung, katleman --- jdk/make/CreateJars.gmk | 13 +- jdk/make/CreatePolicyJars.gmk | 103 +++++++++----- jdk/make/CreateSecurityJars.gmk | 72 +++------- jdk/make/SignJars.gmk | 126 ------------------ jdk/make/profile-includes.txt | 8 +- .../share/classes/javax/crypto/Cipher.java | 4 +- .../classes/javax/crypto/JceSecurity.java | 46 ++++--- .../javax/crypto/JceSecurityManager.java | 6 +- .../classes/javax/crypto/KeyGenerator.java | 2 +- ...JarVerifier.java => ProviderVerifier.java} | 32 +++-- 10 files changed, 154 insertions(+), 258 deletions(-) delete mode 100644 jdk/make/SignJars.gmk rename jdk/src/java.base/share/classes/javax/crypto/{JarVerifier.java => ProviderVerifier.java} (84%) diff --git a/jdk/make/CreateJars.gmk b/jdk/make/CreateJars.gmk index e3d2ac42de9..15232bdc298 100644 --- a/jdk/make/CreateJars.gmk +++ b/jdk/make/CreateJars.gmk @@ -709,7 +709,18 @@ $(IMAGES_OUTPUTDIR)/lib/sa-jdi.jar: $(HOTSPOT_DIST)/lib/sa-jdi.jar # $(eval $(call SetupZipArchive,BUILD_SEC_BIN_ZIP, \ SRC := $(JDK_OUTPUTDIR), \ - INCLUDES := modules/java.base/javax/net \ + INCLUDES := \ + modules/java.base/javax/crypto \ + modules/java.base/javax/crypto/spec \ + modules/java.base/sun/security/internal/interfaces \ + modules/java.base/sun/security/internal/spec \ + modules/java.base/com/sun/crypto/provider \ + modules/jdk.crypto.ec/sun/security/ec \ + modules/jdk.crypto.mscapi/sun/security/mscapi \ + modules/jdk.crypto.pkcs11/sun/security/pkcs11 \ + modules/jdk.crypto.pkcs11/sun/security/pkcs11/wrapper \ + modules/jdk.crypto.ucrypto/com/oracle/security/ucrypto \ + modules/java.base/javax/net \ modules/java.base/javax/security/cert \ modules/java.base/com/sun/net/ssl \ modules/java.base/com/sun/security/cert \ diff --git a/jdk/make/CreatePolicyJars.gmk b/jdk/make/CreatePolicyJars.gmk index 1e29acdf0e9..f0910db0382 100644 --- a/jdk/make/CreatePolicyJars.gmk +++ b/jdk/make/CreatePolicyJars.gmk @@ -1,5 +1,5 @@ # -# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -41,52 +41,73 @@ ifneq ($(BUILD_CRYPTO), no) US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED := \ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/US_export_policy.jar + ifndef OPENJDK + # + # In past releases, Oracle JDK has had a separately downloadable set of + # policy files which has been a nightmare for deployment. + # + # Now if we're closed and limited (default for Oracle JDK), create + # an "unlimited_policy" directory that contains the unlimited policy + # files. It will be up to the user/deployer to make an informed choice + # as to whether they are legally entitled to use the unlimited policy + # file in their environment. Users/deployers simply need to overwrite + # the files. Consult README.txt (below) for more info. + # + UNLIMITED_POLICY_DIR := $(JDK_OUTPUTDIR)/lib/security/unlimited_policy + endif + # # TODO fix so that SetupArchive does not write files into SRCS # then we don't need this extra copying # # NOTE: We currently do not place restrictions on our limited export # policy. This was not a typo. This means we are shipping the same file - # for both limimted and unlimited US_export_policy.jar. + # for both limited and unlimited US_export_policy.jar. Only the local + # policy file currently has restrictions. # - US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited + US_EXPORT_POLICY_JAR_SRC_DIR := \ + $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited US_EXPORT_POLICY_JAR_TMP := \ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/US_export_policy_jar.tmp $(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/% $(install-file) - US_EXPORT_POLICY_JAR_DEPS := $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy + US_EXPORT_POLICY_JAR_DEPS := \ + $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy - $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, $(US_EXPORT_POLICY_JAR_DEPS), \ + $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, \ + $(US_EXPORT_POLICY_JAR_DEPS), \ SRCS := $(US_EXPORT_POLICY_JAR_TMP), \ SUFFIXES := .policy, \ JAR := $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED), \ EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ SKIP_METAINF := true)) - $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED): $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) - $(ECHO) $(LOG_INFO) Copying unlimited $(patsubst $(OUTPUT_ROOT)/%,%,$@) - $(install-file) + $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED): \ + $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) + $(ECHO) $(LOG_INFO) \ + Copying unlimited $(patsubst $(OUTPUT_ROOT)/%,%,$@) + $(install-file) TARGETS += $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED) \ $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) endif -ifndef OPENJDK - ifeq ($(UNLIMITED_CRYPTO), true) - $(error No prebuilt unlimited crypto jars available) - endif - $(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar - $(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +ifeq ($(UNLIMITED_CRYPTO), true) + $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) $(install-file) else - ifeq ($(UNLIMITED_CRYPTO), true) - $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) - $(install-file) - else - $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED) + $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED) $(install-file) +endif + +ifndef OPENJDK + ifneq ($(UNLIMITED_CRYPTO), true) + $(UNLIMITED_POLICY_DIR)/US_export_policy.jar: \ + $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED) + $(install-file) + TARGETS += $(UNLIMITED_POLICY_DIR)/US_export_policy.jar endif endif @@ -112,11 +133,13 @@ ifneq ($(BUILD_CRYPTO), no) LOCAL_POLICY_JAR_UNLIMITED_TMP := \ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/local_policy_jar.tmp - $(LOCAL_POLICY_JAR_LIMITED_TMP)/%: $(JDK_TOPDIR)/make/data/cryptopolicy/limited/% - $(install-file) + $(LOCAL_POLICY_JAR_LIMITED_TMP)/%: \ + $(JDK_TOPDIR)/make/data/cryptopolicy/limited/% + $(install-file) - $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/%: $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited/% - $(install-file) + $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/%: \ + $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited/% + $(install-file) $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_LIMITED, \ $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \ @@ -135,28 +158,34 @@ ifneq ($(BUILD_CRYPTO), no) EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ SKIP_METAINF := true)) - TARGETS += $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) + TARGETS += $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) \ + $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) ifndef OPENJDK - $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt: \ - $(JDK_TOPDIR)/make/closed/javax/crypto/doc/README.txt + ifneq ($(UNLIMITED_CRYPTO), true) + $(UNLIMITED_POLICY_DIR)/README.txt: \ + $(JDK_TOPDIR)/make/closed/data/cryptopolicy/README.txt $(install-file) - TARGETS += $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt + TARGETS += $(UNLIMITED_POLICY_DIR)/README.txt + endif endif endif +ifeq ($(UNLIMITED_CRYPTO), true) + $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) + $(install-file) +else + $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) + $(install-file) +endif + ifndef OPENJDK - $(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar - $(ECHO) $(LOG_INFO) Copying prebuilt $(@F) - $(install-file) -else - ifeq ($(UNLIMITED_CRYPTO), true) - $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) - $(install-file) - else - $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) - $(install-file) + ifneq ($(UNLIMITED_CRYPTO), true) + $(UNLIMITED_POLICY_DIR)/local_policy.jar: \ + $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED) + $(install-file) + TARGETS += $(UNLIMITED_POLICY_DIR)/local_policy.jar endif endif diff --git a/jdk/make/CreateSecurityJars.gmk b/jdk/make/CreateSecurityJars.gmk index 097ac813821..87184c8204d 100644 --- a/jdk/make/CreateSecurityJars.gmk +++ b/jdk/make/CreateSecurityJars.gmk @@ -1,5 +1,5 @@ # -# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -29,16 +29,13 @@ include $(SPEC) include MakeBase.gmk include JavaCompilation.gmk -# The jars created in this file are required for the exploded jdk image to function and -# cannot wait to be built in the images target. - ########################################################################################## # Create manifest for security jars # # Include these extra attributes for now, should probably take out. # MAINMANIFEST := $(JDK_TOPDIR)/make/data/mainmanifest/manifest.mf -JCE_MANIFEST := $(JDK_OUTPUTDIR)/lib/_the.security.manifest.mf +JCE_MANIFEST := $(JDK_OUTPUTDIR)/jce/unsigned/_the.security.manifest.mf $(JCE_MANIFEST): $(MAINMANIFEST) $(MKDIR) -p $(@D) @@ -48,18 +45,15 @@ $(JCE_MANIFEST): $(MAINMANIFEST) $(MAINMANIFEST) >> $@.tmp $(ECHO) "Extension-Name: javax.crypto" >> $@.tmp $(ECHO) "Implementation-Vendor-Id: com.sun" >> $@.tmp + $(ECHO) "Release-Version: $(RELEASE)" >> $@.tmp $(MV) $@.tmp $@ ########################################################################################## -# For security and crypto jars, always build the jar, but for closed, install the prebuilt -# signed version instead of the newly built jar. Unsigned jars are treated as intermediate -# targets and explicitly added to the TARGETS list. For open, signing is not needed. See -# SignJars.gmk for more information. +# For crypto jars, always build the jar. # -# The source for the crypto jars is not available for all licensees. The BUILD_CRYPTO -# variable is set to no if these jars can't be built to skip that step of the build. -# Note that for OPENJDK, the build will fail if BUILD_CRYPTO=no since then there is no -# other way to get the jars than to build them. +# The source for the crypto jars is not available for all licensees. +# The BUILD_CRYPTO variable is set to no if these jars can't be built +# to skip that step of the build. SUNPKCS11_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunpkcs11.jar SUNPKCS11_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/sunpkcs11.jar @@ -74,15 +68,8 @@ $(eval $(call SetupArchive,BUILD_SUNPKCS11_JAR, , \ $(SUNPKCS11_JAR_UNSIGNED): $(JCE_MANIFEST) -ifndef OPENJDK - SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar - $(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +$(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED) $(install-file) -else - $(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED) - $(install-file) -endif TARGETS += $(SUNPKCS11_JAR_UNSIGNED) $(SUNPKCS11_JAR_DST) @@ -101,22 +88,16 @@ $(eval $(call SetupArchive,BUILD_SUNEC_JAR, , \ $(SUNEC_JAR_UNSIGNED): $(JCE_MANIFEST) -ifndef OPENJDK - SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar - $(SUNEC_JAR_DST): $(SUNEC_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +$(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED) $(install-file) -else - $(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED) - $(install-file) -endif TARGETS += $(SUNEC_JAR_UNSIGNED) $(SUNEC_JAR_DST) ########################################################################################## SUNJCE_PROVIDER_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunjce_provider.jar -SUNJCE_PROVIDER_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/sunjce_provider.jar +SUNJCE_PROVIDER_JAR_UNSIGNED := \ + $(JDK_OUTPUTDIR)/jce/unsigned/sunjce_provider.jar ifneq ($(BUILD_CRYPTO), no) $(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR, , \ @@ -132,15 +113,8 @@ ifneq ($(BUILD_CRYPTO), no) TARGETS += $(SUNJCE_PROVIDER_JAR_UNSIGNED) endif -ifndef OPENJDK - SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar - $(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +$(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED) $(install-file) -else - $(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED) - $(install-file) -endif TARGETS += $(SUNJCE_PROVIDER_JAR_DST) @@ -163,15 +137,8 @@ ifneq ($(BUILD_CRYPTO), no) TARGETS += $(JCE_JAR_UNSIGNED) endif -ifndef OPENJDK - JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar - $(JCE_JAR_DST): $(JCE_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) +$(JCE_JAR_DST): $(JCE_JAR_UNSIGNED) $(install-file) -else - $(JCE_JAR_DST): $(JCE_JAR_UNSIGNED) - $(install-file) -endif TARGETS += $(JCE_JAR_DST) @@ -192,15 +159,8 @@ ifeq ($(OPENJDK_TARGET_OS), windows) $(SUNMSCAPI_JAR_UNSIGNED): $(JCE_MANIFEST) - ifndef OPENJDK - SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar - $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) + $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED) $(install-file) - else - $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED) - $(install-file) - endif TARGETS += $(SUNMSCAPI_JAR_UNSIGNED) $(SUNMSCAPI_JAR_DST) @@ -213,7 +173,6 @@ ifeq ($(OPENJDK_TARGET_OS), solaris) UCRYPTO_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/ucrypto.jar UCRYPTO_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/ucrypto.jar - UCRYPTO_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ucrypto/ucrypto.jar $(eval $(call SetupArchive,BUILD_UCRYPTO_JAR, , \ SRCS := $(JDK_OUTPUTDIR)/modules/jdk.crypto.ucrypto, \ @@ -225,8 +184,7 @@ ifeq ($(OPENJDK_TARGET_OS), solaris) $(UCRYPTO_JAR_UNSIGNED): $(JCE_MANIFEST) - $(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_SRC) - @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F) + $(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_UNSIGNED) $(install-file) TARGETS += $(UCRYPTO_JAR_UNSIGNED) $(UCRYPTO_JAR_DST) diff --git a/jdk/make/SignJars.gmk b/jdk/make/SignJars.gmk deleted file mode 100644 index 21647889201..00000000000 --- a/jdk/make/SignJars.gmk +++ /dev/null @@ -1,126 +0,0 @@ -# -# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. Oracle designates this -# particular file as subject to the "Classpath" exception as provided -# by Oracle in the LICENSE file that accompanied this code. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -include $(SPEC) -include MakeBase.gmk - -# (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Oracle JDK -# builds respectively.) -# -# JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE -# jar files do not require signing, but those for JDK do. If an unsigned -# jar file is installed into JDK, things will break when the crypto -# routines are called. -# -# All jars are created in CreateJars.gmk. This Makefile does the signing -# of the jars for JDK. -# -# For JDK, the binaries use pre-built/pre-signed binary files stored in -# the closed workspace that are not shipped in the OpenJDK workspaces. -# We still build the JDK files to verify the files compile, and in -# preparation for possible signing. Developers working on JCE in JDK -# must sign the JCE files before testing. The JCE signing key is kept -# separate from the JDK workspace to prevent its disclosure. -# -# SPECIAL NOTE TO JCE/JDK developers: The source files must eventually -# be built, signed, and then the resulting jar files MUST BE CHECKED -# INTO THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT -# BE FORGOTTEN*, otherwise a bug fixed in the source code will not be -# reflected in the shipped binaries. -# -# Please consult with Release Engineering, which is responsible for -# creating the final JCE builds suitable for checkin. -# - -# Default target -all: - -ifndef OPENJDK - -README-MAKEFILE_WARNING := \ - "\nPlease read jdk/make/SignJars.gmk for further build instructions.\n" - -# -# Location for JCE codesigning key. -# -SIGNING_KEY_DIR := /security/ws/JCE-signing/src -SIGNING_KEYSTORE := $(SIGNING_KEY_DIR)/KeyStore.jks -SIGNING_PASSPHRASE := $(SIGNING_KEY_DIR)/passphrase.txt -SIGNING_ALIAS := oracle_jce_rsa - -# -# Defines for signing the various jar files. -# -check-keystore: - @if [ ! -f $(SIGNING_KEYSTORE) -o ! -f $(SIGNING_PASSPHRASE) ]; then \ - $(PRINTF) "\n$(SIGNING_KEYSTORE): Signing mechanism *NOT* available..."; \ - $(PRINTF) $(README-MAKEFILE_WARNING); \ - exit 2; \ - fi - -$(JDK_OUTPUTDIR)/jce/signed/%: $(JDK_OUTPUTDIR)/jce/unsigned/% - $(call install-file) - $(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \ - $@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE) - @$(PRINTF) "\nJar codesigning finished.\n" - -JAR_LIST := \ - jce.jar \ - policy/limited/local_policy.jar \ - policy/limited/US_export_policy.jar \ - policy/unlimited/local_policy.jar \ - policy/unlimited/US_export_policy.jar \ - sunec.jar \ - sunjce_provider.jar \ - sunpkcs11.jar \ - sunmscapi.jar \ - ucrypto.jar \ - # - -UNSIGNED_JARS := $(wildcard $(addprefix $(JDK_OUTPUTDIR)/jce/unsigned/, $(JAR_LIST))) - -ifeq ($(UNSIGNED_JARS), ) - $(error No jars found in $(JDK_OUTPUTDIR)/jce/unsigned/) -endif - -SIGNED_JARS := $(patsubst $(JDK_OUTPUTDIR)/jce/unsigned/%,$(JDK_OUTPUTDIR)/jce/signed/%, \ - $(UNSIGNED_JARS)) - -$(SIGNED_JARS): check-keystore - -$(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt: \ - $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt - $(install-file) - -all: $(SIGNED_JARS) $(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt - @$(PRINTF) "\n*** The jar files built by the 'sign-jars' target are developer ***" - @$(PRINTF) "\n*** builds only and *MUST NOT* be checked into the closed workspace. ***" - @$(PRINTF) "\n*** ***" - @$(PRINTF) "\n*** Please consult with Release Engineering: they will generate ***" - @$(PRINTF) "\n*** the proper binaries for the closed workspace. ***" - @$(PRINTF) "\n" - @$(PRINTF) $(README-MAKEFILE_WARNING) - -endif # !OPENJDK diff --git a/jdk/make/profile-includes.txt b/jdk/make/profile-includes.txt index d93a8b23936..7a9882d3555 100644 --- a/jdk/make/profile-includes.txt +++ b/jdk/make/profile-includes.txt @@ -77,6 +77,9 @@ PROFILE_1_JRE_LIB_FILES := \ security/java.security \ security/local_policy.jar \ security/trusted.libraries \ + security/unlimited_policy/README.txt \ + security/unlimited_policy/US_export_policy.jar \ + security/unlimited_policy/local_policy.jar \ tzdb.dat PROFILE_1_JRE_OTHER_FILES := \ @@ -97,8 +100,9 @@ PROFILE_1_JRE_JAR_FILES := \ resources.jar \ rt.jar \ security/US_export_policy.jar \ - security/local_policy.jar - + security/local_policy.jar \ + security/unlimited_policy/US_export_policy.jar \ + security/unlimited_policy/local_policy.jar PROFILE_2_JRE_BIN_FILES := \ rmid$(EXE_SUFFIX) \ diff --git a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java index 95935402483..49a071ec95a 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java +++ b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java @@ -263,9 +263,9 @@ public class Cipher { Provider provider, String transformation) { // See bug 4341369 & 4334690 for more info. - // If the caller is trusted, then okey. + // If the caller is trusted, then okay. // Otherwise throw a NullPointerException. - if (!JceSecurityManager.INSTANCE.isCallerTrusted()) { + if (!JceSecurityManager.INSTANCE.isCallerTrusted(provider)) { throw new NullPointerException(); } this.spi = cipherSpi; diff --git a/jdk/src/java.base/share/classes/javax/crypto/JceSecurity.java b/jdk/src/java.base/share/classes/javax/crypto/JceSecurity.java index fb7052d244d..2aaff7217ec 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/JceSecurity.java +++ b/jdk/src/java.base/share/classes/javax/crypto/JceSecurity.java @@ -76,12 +76,14 @@ final class JceSecurity { static { try { AccessController.doPrivileged( - new PrivilegedExceptionAction() { - public Object run() throws Exception { + new PrivilegedExceptionAction () { + @Override + public Void run() throws Exception { setupJurisdictionPolicies(); return null; } - }); + } + ); isRestricted = defaultPolicy.implies( CryptoAllPermission.INSTANCE) ? false : true; @@ -143,9 +145,9 @@ final class JceSecurity { * @throws Exception on error */ static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception { - JarVerifier jv = new JarVerifier(codeBase, true); - jv.verify(); - return jv.getPermissions(); + ProviderVerifier pv = new ProviderVerifier(codeBase, true); + pv.verify(); + return pv.getPermissions(); } /** @@ -153,11 +155,11 @@ final class JceSecurity { * * @throws Exception on error */ - static void verifyProviderJar(URL codeBase) throws Exception { + static void verifyProvider(URL codeBase, Provider p) throws Exception { // Verify the provider JAR file and all // supporting JAR files if there are any. - JarVerifier jv = new JarVerifier(codeBase, false); - jv.verify(); + ProviderVerifier pv = new ProviderVerifier(codeBase, p, false); + pv.verify(); } private final static Object PROVIDER_VERIFIED = Boolean.TRUE; @@ -183,7 +185,7 @@ final class JceSecurity { try { verifyingProviders.put(p, Boolean.FALSE); URL providerURL = getCodeBase(p.getClass()); - verifyProviderJar(providerURL); + verifyProvider(providerURL, p); // Verified ok, cache result verificationResults.put(p, PROVIDER_VERIFIED); return null; @@ -222,18 +224,20 @@ final class JceSecurity { synchronized (codeBaseCacheRef) { URL url = codeBaseCacheRef.get(clazz); if (url == null) { - url = AccessController.doPrivileged(new PrivilegedAction() { - public URL run() { - ProtectionDomain pd = clazz.getProtectionDomain(); - if (pd != null) { - CodeSource cs = pd.getCodeSource(); - if (cs != null) { - return cs.getLocation(); + url = AccessController.doPrivileged( + new PrivilegedAction() { + @Override + public URL run() { + ProtectionDomain pd = clazz.getProtectionDomain(); + if (pd != null) { + CodeSource cs = pd.getCodeSource(); + if (cs != null) { + return cs.getLocation(); + } } + return NULL_URL; } - return NULL_URL; - } - }); + }); codeBaseCacheRef.put(clazz, url); } return (url == NULL_URL) ? null : url; @@ -315,7 +319,7 @@ final class JceSecurity { // Enforce the signer restraint, i.e. signer of JCE framework // jar should also be the signer of the two jurisdiction policy // jar files. - JarVerifier.verifyPolicySigned(je.getCertificates()); + ProviderVerifier.verifyPolicySigned(je.getCertificates()); } // Close and nullify the JarFile reference to help GC. jf.close(); diff --git a/jdk/src/java.base/share/classes/javax/crypto/JceSecurityManager.java b/jdk/src/java.base/share/classes/javax/crypto/JceSecurityManager.java index b3d7ce706e7..0d1773c5df4 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/JceSecurityManager.java +++ b/jdk/src/java.base/share/classes/javax/crypto/JceSecurityManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -228,7 +228,7 @@ final class JceSecurityManager extends SecurityManager { } // See bug 4341369 & 4334690 for more info. - boolean isCallerTrusted() { + boolean isCallerTrusted(Provider provider) { // Get the caller and its codebase. Class[] context = getClassContext(); URL callerCodeBase = null; @@ -249,7 +249,7 @@ final class JceSecurityManager extends SecurityManager { } // Check whether the caller is a trusted provider. try { - JceSecurity.verifyProviderJar(callerCodeBase); + JceSecurity.verifyProvider(callerCodeBase, provider); } catch (Exception e2) { return false; } diff --git a/jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java b/jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java index 9da64e967cb..6363ec424af 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java +++ b/jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java @@ -320,7 +320,7 @@ public class KeyGenerator { /** * Update the active spi of this class and return the next - * implementation for failover. If no more implemenations are + * implementation for failover. If no more implementations are * available, this method returns null. However, the active spi of * this class is never set to null. */ diff --git a/jdk/src/java.base/share/classes/javax/crypto/JarVerifier.java b/jdk/src/java.base/share/classes/javax/crypto/ProviderVerifier.java similarity index 84% rename from jdk/src/java.base/share/classes/javax/crypto/JarVerifier.java rename to jdk/src/java.base/share/classes/javax/crypto/ProviderVerifier.java index c56a0d19621..67b0286d67f 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/JarVerifier.java +++ b/jdk/src/java.base/share/classes/javax/crypto/ProviderVerifier.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,7 +31,8 @@ import java.security.*; import java.util.jar.*; /** - * This class verifies JAR files (and any supporting JAR files), and + * This class verifies Provider/Policy resources found at a URL + * (currently only JAR files and any supporting JAR files), and * determines whether they may be used in this implementation. * * The JCE in OpenJDK has an open cryptographic interface, meaning it @@ -42,22 +43,36 @@ import java.util.jar.*; * * @since 1.7 */ -final class JarVerifier { +final class ProviderVerifier { // The URL for the JAR file we want to verify. private URL jarURL; + private Provider provider; private boolean savePerms; private CryptoPermissions appPerms = null; /** - * Creates a JarVerifier object to verify the given URL. + * Creates a ProviderVerifier object to verify the given URL. * * @param jarURL the JAR file to be verified. * @param savePerms if true, save the permissions allowed by the * exemption mechanism */ - JarVerifier(URL jarURL, boolean savePerms) { + ProviderVerifier(URL jarURL, boolean savePerms) { + this(jarURL, null, savePerms); + } + + /** + * Creates a ProviderVerifier object to verify the given URL. + * + * @param jarURL the JAR file to be verified + * @param provider the corresponding provider. + * @param savePerms if true, save the permissions allowed by the + * exemption mechanism + */ + ProviderVerifier(URL jarURL, Provider provider, boolean savePerms) { this.jarURL = jarURL; + this.provider = provider; this.savePerms = savePerms; } @@ -68,7 +83,7 @@ final class JarVerifier { * In OpenJDK, we just need to examine the "cryptoperms" file to see * if any permissions were bundled together with this jar file. */ - void verify() throws JarException, IOException { + void verify() throws IOException { // Short-circuit. If we weren't asked to save any, we're done. if (!savePerms) { @@ -98,7 +113,8 @@ final class JarVerifier { } }); } catch (java.security.PrivilegedActionException pae) { - throw new SecurityException("Cannot load " + url.toString(), pae); + throw new SecurityException("Cannot load " + url.toString(), + pae.getCause()); } if (jf != null) { @@ -144,7 +160,7 @@ final class JarVerifier { * Returns the permissions which are bundled with the JAR file, * aka the "cryptoperms" file. * - * NOTE: if this JarVerifier instance is constructed with "savePerms" + * NOTE: if this ProviderVerifier instance is constructed with "savePerms" * equal to false, then this method would always return null. */ CryptoPermissions getPermissions() {