/hg/icedtea6: 2 new changesets

omajid at icedtea.classpath.org omajid at icedtea.classpath.org
Tue Jul 20 10:40:17 PDT 2010 

changeset c551fe50f731 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=c551fe50f731
author: Omair Majid <omajid at redhat.com>
date: Tue Jul 20 13:30:49 2010 -0400

	netx: error out when unsigned jnlp applications request permissions

	2010-07-20 Omair Majid <omajid at redhat.com>

	 * netx/net/sourceforge/jnlp/resources/Messages.properties:
	Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo.
	       * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
	(setSecurity): Can now throw a LaunchException if the JNLP file
	requests permissions but the jars are unsigned.


changeset b110028e95cc in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=b110028e95cc
author: Omair Majid <omajid at redhat.com>
date: Tue Jul 20 13:39:49 2010 -0400

	PR icedtea/491 pass java_{code,codebase,archive} paramters to java
	side

	2010-07-20 Omair Majid <omajid at redhat.com>

	 PR icedtea/491
	       * plugin/icedteanp/IcedTeaNPPlugin.cc
	(plugin_create_applet_tag): Accept and pass on
	java_{code,codebase,archive} tags to the java side of the plugin.


diffstat:

4 files changed, 54 insertions(+), 9 deletions(-)
ChangeLog                                               |   15 +++++++++
netx/net/sourceforge/jnlp/resources/Messages.properties |    2 +
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java  |   25 +++++++++------
plugin/icedteanp/IcedTeaNPPlugin.cc                     |   21 ++++++++++++

diffs (121 lines):

diff -r 16b019555725 -r b110028e95cc ChangeLog
--- a/ChangeLog	Tue Jul 20 09:35:12 2010 -0400
+++ b/ChangeLog	Tue Jul 20 13:39:49 2010 -0400
@@ -1,3 +1,18 @@ 2010-07-19  Omair Majid  <omajid at redhat.
+2010-07-20  Omair Majid  <omajid at redhat.com>
+
+	PR icedtea/491
+	* plugin/icedteanp/IcedTeaNPPlugin.cc
+	(plugin_create_applet_tag): Accept and pass on
+	java_{code,codebase,archive} tags to the java side of the plugin.
+
+2010-07-20  Omair Majid  <omajid at redhat.com>
+
+	* netx/net/sourceforge/jnlp/resources/Messages.properties:
+	Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo.
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+	(setSecurity): Can now throw a LaunchException if the JNLP file requests
+	permissions but the jars are unsigned.
+
 2010-07-19  Omair Majid  <omajid at redhat.com>
 
 	PR icedtea/372
diff -r 16b019555725 -r b110028e95cc netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties	Tue Jul 20 09:35:12 2010 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties	Tue Jul 20 13:39:49 2010 -0400
@@ -50,6 +50,8 @@ LNotLaunchableInfo=File must be a JNLP a
 LNotLaunchableInfo=File must be a JNLP application, applet, or installer type.
 LCantDetermineMainClass=Unknown Main-Class.
 LCantDetermineMainClassInfo=Could not determine the main class for this application.
+LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars.
+LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed.
 
 JNotApplet=File is not an applet.
 JNotApplication=File is not an application.
diff -r 16b019555725 -r b110028e95cc netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Tue Jul 20 09:35:12 2010 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Tue Jul 20 13:39:49 2010 -0400
@@ -167,7 +167,7 @@ public class JNLPClassLoader extends URL
 
     }
 
-    private void setSecurity() {
+    private void setSecurity() throws LaunchException {
 		
         URL codebase = null;
 
@@ -196,15 +196,22 @@ public class JNLPClassLoader extends URL
             }
         } else { //regular jnlp file
 			
-            /**
-             * If the application is signed, then we set the SecurityDesc to the
-             * <security> tag in the jnlp file. Note that if an application is
-             * signed, but there is no <security> tag in the jnlp file, the
-             * application will get sandbox permissions.
-             * If the application is unsigned, we ignore the <security> tag and 
-             * use a sandbox instead. 
+            /*
+             * Various combinations of the jars being signed and <security> tags being
+             * present are possible. They are treated as follows
+             * 
+             * Jars          JNLP File         Result
+             * 
+             * Signed        <security>        Appropriate Permissions
+             * Signed        no <security>     Sandbox
+             * Unsigned      <security>        Error
+             * Unsigned      no <security>     Sandbox
+             * 
              */
-            if (signing == true) {
+            if (!file.getSecurity().getSecurityType().equals(SecurityDesc.SANDBOX_PERMISSIONS) && !signing) {
+                throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo"));
+            }
+            else if (signing == true) {
                 this.security = file.getSecurity();
             } else {
                 this.security = new SecurityDesc(file, 
diff -r 16b019555725 -r b110028e95cc plugin/icedteanp/IcedTeaNPPlugin.cc
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc	Tue Jul 20 09:35:12 2010 -0400
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc	Tue Jul 20 13:39:49 2010 -0400
@@ -1625,12 +1625,26 @@ plugin_create_applet_tag (int16_t argc, 
           g_free (code);
           code = NULL;
     }
+      else if (!g_ascii_strcasecmp (argn[i], "java_code"))
+    {
+          gchar* java_code = g_strdup_printf ("JAVA_CODE=\"%s\" ", argv[i]);
+          applet_tag = g_strconcat (applet_tag, java_code, NULL);
+          g_free (java_code);
+          java_code = NULL;
+    }
       else if (!g_ascii_strcasecmp (argn[i], "codebase"))
     {
           gchar* codebase = g_strdup_printf ("CODEBASE=\"%s\" ", argv[i]);
           applet_tag = g_strconcat (applet_tag, codebase, NULL);
           g_free (codebase);
           codebase = NULL;
+    }
+      else if (!g_ascii_strcasecmp (argn[i], "java_codebase"))
+    {
+          gchar* java_codebase = g_strdup_printf ("JAVA_CODEBASE=\"%s\" ", argv[i]);
+          applet_tag = g_strconcat (applet_tag, java_codebase, NULL);
+          g_free (java_codebase);
+          java_codebase = NULL;
     }
       else if (!g_ascii_strcasecmp (argn[i], "classid"))
     {
@@ -1645,6 +1659,13 @@ plugin_create_applet_tag (int16_t argc, 
           applet_tag = g_strconcat (applet_tag, archive, NULL);
           g_free (archive);
           archive = NULL;
+    }
+      else if (!g_ascii_strcasecmp (argn[i], "java_archive"))
+    {
+          gchar* java_archive = g_strdup_printf ("JAVA_ARCHIVE=\"%s\" ", argv[i]);
+          applet_tag = g_strconcat (applet_tag, java_archive, NULL);
+          g_free (java_archive);
+          java_archive = NULL;
     }
       else if (!g_ascii_strcasecmp (argn[i], "width"))
     {

More information about the distro-pkg-dev mailing list