[RFC[PATCH]: Updated Patch for validating signedJNLP file at launch
Saad Mohammad
smohamma at redhat.com
Fri Aug 12 13:18:40 PDT 2011
This is the updated patch that validates a signed JNLP file when an application is launched. If the signed JNLP file is invalid, it stop the launch of the application.
ChangeLog:
2011-07-06 Saad Mohammad <smohammad at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties:
Added LSignedJNLPFileDidNotMatch and SJNLPFileIsNotSigned.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
(initializeResources): Locates the jar file that contains the main class
and verifies if a signed JNLP file is also located in that jar. This also
checks 'lazy' jars if the the main class was not found in 'eager' jars.
If the main jar was not found, a LaunchException is thrown which terminates
the launch of the application.
(checkForMain): A method that goes through each jar and checks to see
if it has the main class. If the main class was found, it calls
verifySignedJNLP() to verify if a valid signed JNLP file is also found in
the jar.
(verifySignedJNLP): A method that checks if the jar file contains a valid
signed JNLP file.
(closeInputStream): Closes an InputStream.
(closeInputReader): Closes an InputStreamReader
(showSignedJNLPWarning): Returns true if a signed JNLP warning should be
shown in the security dialog. A signed JNLP warning should be displayed
only if the main jar is signed but does not contain a signed JNLP file.
(loadClassExt): Added a try/catch block when addNextResource() is called.
(addNextResource): If the main jar has not been found, checkForMain() is
called to check if the jar contains the main class, and verifies if a signed
JNLP file is also located.
* netx/net/sourceforge/jnlp/security/MoreInfoPane.java:
(addComponents): Displays the signed JNLP warning message if necessary.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 08-12-406
Type: text/x-patch
Size: 16431 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20110812/46b26f98/08-12-406.bin
More information about the distro-pkg-dev
mailing list