RFC: Patch to handle nested jars with the plugin
Deepak Bhole
dbhole at redhat.com
Tue Apr 21 11:34:42 PDT 2009
Hi,
Attached patch adds handling for nested jars (including signed nested
jars). Applets with nested jars are used in various places on the Government
of Canada websites e.g.:
https://blrscr3.egs-seg.gc.ca/cic/mycic/prod/public/portal/start?lang=e
(After the check applet completes, hitting "Continue" on the following
page without the attached patch will cause the plugin to hang).
The patch also makes a small, but important fix that fixes security
policy enforcement which was previously causing denied permissions
when it shouldn't have.
Patch is not 80-char wrapped to make it look neat along with the rest
of the files.
ChangeLog:
* rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Handle nested
jars.
* rt/net/sourceforge/jnlp/runtime/JNLPPolicy.java: Use site address when
checking for policy against CodeSource.
* rt/net/sourceforge/jnlp/tools/JarSigner.java: Handle nested
jars.
Deepak
-------------- next part --------------
diff -r 7408dba85141 rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Fri Apr 17 09:57:01 2009 -0400
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Apr 21 14:05:59 2009 -0400
@@ -20,6 +20,7 @@
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
@@ -344,24 +345,7 @@
//user does not trust this publisher
if (!js.getAlreadyTrustPublisher()) {
- if (!js.getRootInCacerts()) { //root cert is not in cacerts
- boolean b = SecurityWarningDialog.showCertWarningDialog(
- SecurityWarningDialog.AccessType.UNVERIFIED, file, js);
- if (!b)
- throw new LaunchException(null, null, R("LSFatal"),
- R("LCLaunching"), R("LNotVerified"), "");
- } else if (js.getRootInCacerts()) { //root cert is in cacerts
- boolean b = false;
- if (js.noSigningIssues())
- b = SecurityWarningDialog.showCertWarningDialog(
- SecurityWarningDialog.AccessType.VERIFIED, file, js);
- else if (!js.noSigningIssues())
- b = SecurityWarningDialog.showCertWarningDialog(
- SecurityWarningDialog.AccessType.SIGNING_ERROR, file, js);
- if (!b)
- throw new LaunchException(null, null, R("LSFatal"),
- R("LCLaunching"), R("LCancelOnUserRequest"), "");
- }
+ checkTrustWithUser(js);
} else {
/**
* If the user trusts this publisher (i.e. the publisher's certificate
@@ -377,6 +361,27 @@
}
activateJars(initialJars);
+ }
+
+ private void checkTrustWithUser(JarSigner js) throws LaunchException {
+ if (!js.getRootInCacerts()) { //root cert is not in cacerts
+ boolean b = SecurityWarningDialog.showCertWarningDialog(
+ SecurityWarningDialog.AccessType.UNVERIFIED, file, js);
+ if (!b)
+ throw new LaunchException(null, null, R("LSFatal"),
+ R("LCLaunching"), R("LNotVerified"), "");
+ } else if (js.getRootInCacerts()) { //root cert is in cacerts
+ boolean b = false;
+ if (js.noSigningIssues())
+ b = SecurityWarningDialog.showCertWarningDialog(
+ SecurityWarningDialog.AccessType.VERIFIED, file, js);
+ else if (!js.noSigningIssues())
+ b = SecurityWarningDialog.showCertWarningDialog(
+ SecurityWarningDialog.AccessType.SIGNING_ERROR, file, js);
+ if (!b)
+ throw new LaunchException(null, null, R("LSFatal"),
+ R("LCLaunching"), R("LCancelOnUserRequest"), "");
+ }
}
/**
@@ -505,8 +510,49 @@
JarFile jarFile = new JarFile(localFile);
Enumeration e = jarFile.entries();
- while (e.hasMoreElements())
- jarEntries.add(((JarEntry) e.nextElement()).getName());
+ while (e.hasMoreElements()) {
+
+ JarEntry je = (JarEntry) e.nextElement();
+
+ // another jar in my jar? it is more likely than you think
+ if (je.getName().endsWith(".jar")) {
+ // We need to extract that jar so that it can be loaded
+ // (inline loading with "jar:..!/..." path will not work
+ // with standard classloader methods)
+
+ String extractedJarLocation = localFile.getParent() + "/" + je.getName();
+ FileOutputStream extractedJar = new FileOutputStream(extractedJarLocation);
+ InputStream is = jarFile.getInputStream(je);
+
+ byte[] bytes = new byte[1024];
+ int read = is.read(bytes);
+ while (read > 0) {
+ extractedJar.write(bytes, 0, read);
+ read = is.read(bytes);
+ }
+
+ is.close();
+ extractedJar.close();
+
+ JarSigner signer = new JarSigner();
+ signer.verifyJar(extractedJarLocation);
+
+ if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
+ checkTrustWithUser(signer);
+ }
+
+ try {
+ addURL(new URL("file://" + extractedJarLocation));
+ } catch (MalformedURLException mfue) {
+ if (JNLPRuntime.isDebug())
+ System.err.println("Unable to add extracted nested jar to classpath");
+
+ mfue.printStackTrace();
+ }
+ }
+
+ jarEntries.add(je.getName());
+ }
}
diff -r 7408dba85141 rt/net/sourceforge/jnlp/runtime/JNLPPolicy.java
--- a/rt/net/sourceforge/jnlp/runtime/JNLPPolicy.java Fri Apr 17 09:57:01 2009 -0400
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPPolicy.java Tue Apr 21 14:05:59 2009 -0400
@@ -65,7 +65,8 @@
PermissionCollection clPermissions = cl.getPermissions(source);
// systempolicy permissions need to be accounted for as well
- Enumeration e = systemPolicy.getPermissions(source).elements();
+ CodeSource appletCS = new CodeSource(JNLPRuntime.getApplication().getJNLPFile().getSourceLocation(), (java.security.cert.Certificate[]) null);
+ Enumeration e = systemPolicy.getPermissions(appletCS).elements();
while (e.hasMoreElements())
clPermissions.add((Permission) e.nextElement());
diff -r 7408dba85141 rt/net/sourceforge/jnlp/tools/JarSigner.java
--- a/rt/net/sourceforge/jnlp/tools/JarSigner.java Fri Apr 17 09:57:01 2009 -0400
+++ b/rt/net/sourceforge/jnlp/tools/JarSigner.java Tue Apr 21 14:05:59 2009 -0400
@@ -218,7 +218,6 @@
String localFile = jarFile.getAbsolutePath();
boolean result = verifyJar(localFile);
- checkTrustedCerts();
if (!result) {
//allVerified is true until we encounter a problem
@@ -241,6 +240,10 @@
boolean hasUnsignedEntry = false;
JarInputStream jis = null;
+ // certs could be uninitialized if one calls this method directly
+ if (certs == null)
+ certs = new ArrayList<CertPath>();
+
try {
jis = new JarInputStream(new FileInputStream(jarName), true);
Vector<JarEntry> entriesVec = new Vector<JarEntry>();
@@ -352,6 +355,9 @@
}
}
+ // check if the certs added above are in the trusted path
+ checkTrustedCerts();
+
//anySigned does not guarantee that all files were signed.
return anySigned && !(hasUnsignedEntry || hasExpiredCert
|| badKeyUsage || badExtendedKeyUsage || badNetscapeCertType
More information about the distro-pkg-dev
mailing list