[RFC[PATCH]: Updated Patch for validating signedJNLP file at launch

Omair Majid omajid at redhat.com
Mon Aug 22 05:43:03 PDT 2011 

On 08/19/2011 05:07 PM, Saad Mohammad wrote:
> I have attached the updated patch.

Concerns noted below. The patch is starting to look quite good.

> diff -r 61e08e67b176 netx/net/sourceforge/jnlp/JNLPFile.java
> --- a/netx/net/sourceforge/jnlp/JNLPFile.java	Wed Aug 17 12:01:19 2011 -0400
> +++ b/netx/net/sourceforge/jnlp/JNLPFile.java	Fri Aug 19 17:06:31 2011 -0400
> @@ -107,6 +107,37 @@
>
>       /** the default jvm */
>       protected String defaultArch = null;
> +
> +    /** A signed JNLP file is missing from the main jar */
> +    private boolean missingSignedJNLP = false;
> +
> +    /** JNLP file contains special properties */
> +    private boolean containsSpecialProperties = false;
> +
> +    /** List of acceptable properties (not-special)
> +     * Usinghttp://download.oracle.com/javase/tutorial/deployment/doingMoreWithRIA/properties.html
> +     */
> +
> +    private String[] generalProperties = {
> +            "awt.useSystemAAFontSettings",
> +            "http.agent",
> +            "http.keepAlive",
> +            "java.awt.syncLWRequests",
> +            "java.awt.Window.locationByPlatform",
> +            "javaws.cfg.jauthenticator",
> +            "javax.swing.defaultlf",
> +            "sun.awt.noerasebackground",
> +            "sun.awt.erasebackgroundonresize",
> +            "sun.java2d.d3d",
> +            "sun.java2d.dpiaware",
> +            "sun.java2d.noddraw",
> +            "sun.java2d.opengl",
> +            "swing.boldMetal",
> +            "swing.metalTheme",
> +            "swing.noxp",
> +            "swing.useSystemFontSettings",
> +            };
> +
>

Take a look at SecurityDesc. It contains most of these properties. You 
might be able to make use of that instead of duplicating it here.

On that note, it seems to me like signed JNLP files is addressing the 
same problem that we try to address in 
ApplicationInstance.installEnvironment(). Once this change is merged in, 
we might want to remove that.

> +        } finally {
> +
> +            //Close all streams
> +            closeStream((Closeable) inStream);
> +            closeStream((Closeable) inputReader);
> +            closeStream((Closeable) fr);
> +            closeStream((Closeable) jnlpReader);
> +        }

Are these casts needed? If not, please remove them.

> diff -r 61e08e67b176 netx/net/sourceforge/jnlp/security/MoreInfoPane.java
> --- a/netx/net/sourceforge/jnlp/security/MoreInfoPane.java	Wed Aug 17 12:01:19 2011 -0400
> +++ b/netx/net/sourceforge/jnlp/security/MoreInfoPane.java	Fri Aug 19 17:06:31 2011 -0400
> @@ -60,9 +60,12 @@
>    * @author<a href="mailto:jsumali at redhat.com">Joshua Sumali</a>
>    */
>   public class MoreInfoPane extends SecurityDialogPanel {
> +
> + boolean showSignedJNLPWarning;
>

Private please.

> diff -r 61e08e67b176 netx/net/sourceforge/jnlp/security/SecurityDialog.java
> --- a/netx/net/sourceforge/jnlp/security/SecurityDialog.java	Wed Aug 17 12:01:19 2011 -0400
> +++ b/netx/net/sourceforge/jnlp/security/SecurityDialog.java	Fri Aug 19 17:06:31 2011 -0400
> @@ -91,6 +91,9 @@
>        * null = Window closed.
>        */
>       private Object value;
> +
> +    /** Should show signed JNLP file warning */
> +    boolean requiresSignedJNLPWarning;
>

Private please.

Everything else looks fine to me.

Cheers,
Omair

More information about the distro-pkg-dev mailing list