package info.junius.apps.crypto.api.impl;
import java.lang.reflect.Field;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.util.Map;
import javax.crypto.Cipher;
import info.junius.apps.crypto.api.PolicyUtil;
public class DefaultPolicyUtil implements PolicyUtil {
/** Every implementation of the Java platform is required to support the following standard Cipher transformations */
private static final String[] TRANSFORMATIONS = new String[] { "AES/CBC/NoPadding",
"AES/CBC/PKCS5Padding",
"AES/ECB/NoPadding",
"AES/ECB/PKCS5Padding",
"DES/CBC/NoPadding",
"DES/CBC/PKCS5Padding",
"DES/ECB/NoPadding",
"DES/ECB/PKCS5Padding",
"DESede/CBC/NoPadding",
"DESede/CBC/PKCS5Padding",
"DESede/ECB/NoPadding",
"DESede/ECB/PKCS5Padding",
"RSA/ECB/PKCS1Padding",
"RSA/ECB/OAEPWithSHA-1AndMGF1Padding",
"RSA/ECB/OAEPWithSHA-256AndMGF1Padding" };
/**
* {@inheritDoc}
*/
@Override
public boolean isRestricted () {
boolean restricted = false;
for (String algo : TRANSFORMATIONS) {
// If JCE unlimited strength jurisdiction policy files are installed, Integer.MAX_VALUE will be returned
try {
if (Cipher.getMaxAllowedKeyLength(algo) < Integer.MAX_VALUE) {
restricted = true;
}
} catch (NullPointerException | NoSuchAlgorithmException e) {
// do nothing if one might have missed
}
}
return restricted;
}
/**
* {@inheritDoc}
*/
@Override
public boolean removeRestriction () {
boolean success = false;
// Sets these values
// JceSecurity.isRestricted = false;
// JceSecurity.defaultPolicy.perms.clear();
// JceSecurity.defaultPolicy.add(CryptoAllPermission.INSTANCE);
try {
// get class objects
Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity");
Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions");
Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission");
// restricted field
Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted");
boolean RestrictedFieldAccessible = isRestrictedField.isAccessible();
isRestrictedField.setAccessible(true);
isRestrictedField.set(jceSecurity, false);
// clear default policy permissions
Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy");
boolean defaultPolicyFieldAccessible = defaultPolicyField.isAccessible();
defaultPolicyField.setAccessible(true);
PermissionCollection defaultPolicy = (PermissionCollection)defaultPolicyField.get(jceSecurity);
Field perms = cryptoPermissions.getDeclaredField("perms");
boolean permsAccessible = perms.isAccessible();
perms.setAccessible(true);
((Map<?, ?>)perms.get(defaultPolicy)).clear();
Field instance = cryptoAllPermission.getDeclaredField("INSTANCE");
boolean instanceAccessible = instance.isAccessible();
instance.setAccessible(true);
defaultPolicy.add((Permission)instance.get(cryptoAllPermission));
// restore default values
isRestrictedField.setAccessible(RestrictedFieldAccessible);
defaultPolicyField.setAccessible(defaultPolicyFieldAccessible);
perms.setAccessible(permsAccessible);
instance.setAccessible(instanceAccessible);
// if we are here, it worked
success = true;
} catch (ClassNotFoundException | NoSuchFieldException | SecurityException | IllegalArgumentException
| IllegalAccessException e) {
// nothing to do, it simply didn't work and the user has to install the required files
}
return success;
}
}
