JAR 存档可以解压缩,实际的策略文件是文本可读的,因此您可以评估实际的策略本身(或与上面推荐的 Abhishek 的已知哈希值进行比较)。
示例(无限制)default_local.policy:
$ more default_local.policy
// Country-specific policy file for countries with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};
示例(受限)default_local.policy:
$ more default_local.policy
// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", "javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};
由于EAR rules 的当前状态,出口限制不太可能在未来发生变化,因此您相当只需为CryptoAllPermission 与@ 执行grep 就可以了987654328@。