[RFC] netx: throw errors when unsigned jnlp applications request permissions

Tue Jul 20 07:35:17 PDT 2010

* Omair Majid <omajid at redhat.com> [2010-07-19 13:54]:
> Hi,
> 
> The attached patch makes netx throw exceptions if JNLP applications
> have unsigned jars but request permissions. This causes netx fail
> early and loudly rather than assuming sandbox permissions and
> leading to transient failures. This is similar to what Sun/Oracle's
> Web Start implementation does.
> 
> Any comments?
> 

Looks good! Please commit.

Cheers,
Deepak

> Cheers,
> Omair

> diff -r bd443070a313 netx/net/sourceforge/jnlp/resources/Messages.properties
> --- a/netx/net/sourceforge/jnlp/resources/Messages.properties	Mon Jul 19 14:39:53 2010 +0200
> +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties	Mon Jul 19 13:41:25 2010 -0400
> @@ -50,6 +50,8 @@
>  LNotLaunchableInfo=File must be a JNLP application, applet, or installer type.
>  LCantDetermineMainClass=Unknown Main-Class.
>  LCantDetermineMainClassInfo=Could not determine the main class for this application.
> +LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars.
> +LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed.
>  
>  JNotApplet=File is not an applet.
>  JNotApplication=File is not an application.
> diff -r bd443070a313 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Mon Jul 19 14:39:53 2010 +0200
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Mon Jul 19 13:41:25 2010 -0400
> @@ -167,7 +167,7 @@
>  
>      }
>  
> -    private void setSecurity() {
> +    private void setSecurity() throws LaunchException {
>  		
>          URL codebase = null;
>  
> @@ -196,15 +196,22 @@
>              }
>          } else { //regular jnlp file
>  			
> -            /**
> -             * If the application is signed, then we set the SecurityDesc to the
> -             * <security> tag in the jnlp file. Note that if an application is
> -             * signed, but there is no <security> tag in the jnlp file, the
> -             * application will get sandbox permissions.
> -             * If the application is unsigned, we ignore the <security> tag and 
> -             * use a sandbox instead. 
> +            /*
> +             * Various combinations of the jars being signed and <security> tags being
> +             * present are possible. They are treated as follows
> +             * 
> +             * Jars          JNLP File         Result
> +             * 
> +             * Signed        <security>        Appropriate Permissions
> +             * Signed        no <security>     Sandbox
> +             * Unsigned      <security>        Error
> +             * Unsigned      no <security>     Sandbox
> +             * 
>               */
> -            if (signing == true) {
> +            if (! file.getSecurity().getSecurityType().equals(SecurityDesc.SANDBOX_PERMISSIONS) && !signing) {
> +                throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo"));
> +            }
> +            else if (signing == true) {
>                  this.security = file.getSecurity();
>              } else {
>                  this.security = new SecurityDesc(file, 