[icedtea-web] RFC: show more information about certificates when verifying nested jars
Deepak Bhole
dbhole at redhat.com
Tue Feb 1 17:08:44 PST 2011
* Omair Majid <omajid at redhat.com> [2011-02-01 20:02]:
> Hi,
>
> The attached patch fixes a bug in icedtea-web where clicking on the
> "more information" button on a security prompt involving nested
> jars, throws an exception.
>
> Ok to commit?
>
Yep, looks good to me. Okay for HEAD, 1.0, icedtea6-1.7, icedtea6-1.8
and icedtea6-1.9 (which are also affected).
Thanks,
Deepak
> Cheers,
> Omair
> diff -r 97f40ebebbdf netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Feb 01 10:53:44 2011 -0500
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Feb 01 19:54:11 2011 -0500
> @@ -693,7 +693,11 @@
> }
>
> JarSigner signer = new JarSigner();
> - signer.verifyJar(extractedJarLocation);
> + List<JARDesc> jars = new ArrayList<JARDesc>();
> + JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
> + jars.add(jarDesc);
> + tracker.addResource(new File(extractedJarLocation).toURL(), null, null);
> + signer.verifyJars(jars, tracker);
>
> if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> checkTrustWithUser(signer);
> diff -r 97f40ebebbdf netx/net/sourceforge/jnlp/tools/JarSigner.java
> --- a/netx/net/sourceforge/jnlp/tools/JarSigner.java Tue Feb 01 10:53:44 2011 -0500
> +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java Tue Feb 01 19:54:11 2011 -0500
> @@ -232,7 +232,7 @@
>
> }
>
> - public verifyResult verifyJar(String jarName) throws Exception {
> + private verifyResult verifyJar(String jarName) throws Exception {
> boolean anySigned = false;
> boolean hasUnsignedEntry = false;
> JarFile jarFile = null;
More information about the distro-pkg-dev
mailing list