/hg/icedtea6: Fix rhbz# 524387 (javax.net.ssl.SSLKeyException: R...
dbhole at icedtea.classpath.org
dbhole at icedtea.classpath.org
Thu May 6 14:35:43 PDT 2010
changeset 6d1e2fae468a in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=6d1e2fae468a
author: Deepak Bhole <dbhole at redhat.com>
date: Thu May 06 17:35:36 2010 -0400
Fix rhbz# 524387 (javax.net.ssl.SSLKeyException: RSA premaster
secret error)
diffstat:
2 files changed, 54 insertions(+)
ChangeLog | 8 ++
netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java | 46 ++++++++++++
diffs (78 lines):
diff -r 540dc0858c17 -r 6d1e2fae468a ChangeLog
--- a/ChangeLog Wed May 05 11:28:27 2010 +0100
+++ b/ChangeLog Thu May 06 17:35:36 2010 -0400
@@ -1,3 +1,11 @@ 2010-05-05 Gary Benson <gbenson at redhat
+2010-05-06 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+ (checkPermission): Allow Runtime and Security permission (for
+ putProvider.SunJCE) if initiated for an https connection.
+ (inTrustedCallChain): New method. Returns if given class/method is
+ in the call chain, and everything upto there is trusted.
+
2010-05-05 Gary Benson <gbenson at redhat.com>
PR icedtea/481
diff -r 540dc0858c17 -r 6d1e2fae468a netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Wed May 05 11:28:27 2010 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Thu May 06 17:35:36 2010 -0400
@@ -395,6 +395,24 @@ class JNLPSecurityManager extends Securi
// Everything else is denied
throw se;
+ } else if (perm instanceof SecurityPermission) {
+
+ // JCE's initialization requires putProviderProperty permission
+ if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
+ if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
+ return;
+ }
+ }
+
+ } else if (perm instanceof RuntimePermission) {
+
+ // KeyGenerator's init method requires internal spec access
+ if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
+ if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
+ return;
+ }
+ }
+
} else {
tmpPerm = perm;
}
@@ -419,6 +437,34 @@ class JNLPSecurityManager extends Securi
}
}
+ /**
+ * Returns weather the given class and method are in the current stack,
+ * and whether or not everything upto then is trusted
+ *
+ * @param className The name of the class to look for in the stack
+ * @param methodName The name of the method for the given class to look for in the stack
+ * @return Weather or not class::method() are in the chain, and everything upto there is trusted
+ */
+ private boolean inTrustedCallChain(String className, String methodName) {
+
+ StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+
+ for (int i=0; i < stack.length; i++) {
+
+ // Everything up to the desired class/method must be trusted
+ if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) {
+ return false;
+ }
+
+ if (stack[i].getClassName().equals(className) &&
+ stack[i].getMethodName().equals(methodName)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
/**
* Asks the user whether or not to grant permission.
* @param perm the permission to be granted
More information about the distro-pkg-dev
mailing list