/hg/release/icedtea-web-1.0: Verify nested jars just like main jars

Tue Feb 1 18:11:27 PST 2011

changeset 4b7fe3bb41fa in /hg/release/icedtea-web-1.0
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=4b7fe3bb41fa
author: Omair Majid <omajid at redhat.com>
date: Tue Feb 01 21:11:11 2011 -0500

	Verify nested jars just like main jars

	Fix an exception that occurs when More Information is clicked in the
	Certificate warning dialog when dealing with signed nested jars.

	2011-02-01 Omair Majid <omajid at redhat.com>

	 * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
	(activateJars): Add the nested jar to ResourceTracker. Use
	JarSigner.verifyJars instead of JarSigner.verifyJar.
	    * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): Make
	private to indicate nothing should be using this directly.


diffstat:

3 files changed, 15 insertions(+), 2 deletions(-)
ChangeLog                                              |    9 +++++++++
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java |    6 +++++-
netx/net/sourceforge/jnlp/tools/JarSigner.java         |    2 +-

diffs (44 lines):

diff -r 8e02f38c3b6a -r 4b7fe3bb41fa ChangeLog

--- a/ChangeLog	Tue Feb 01 23:24:46 2011 +0000
+++ b/ChangeLog	Tue Feb 01 21:11:11 2011 -0500
@@ -1,3 +1,12 @@ 2010-02-01  Andrew John Hughes  <ahughes
+2011-02-01  Omair Majid  <omajid at redhat.com>
+
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+	(activateJars): Add the nested jar to ResourceTracker. Use
+	JarSigner.verifyJars instead of JarSigner.verifyJar.
+	* netx/net/sourceforge/jnlp/tools/JarSigner.java
+	(verifyJar): Make private to indicate nothing should be using this
+	directly.
+
 2010-02-01  Andrew John Hughes  <ahughes at redhat.com>
 
 	Fix issues with use of DESTDIR pointing
diff -r 8e02f38c3b6a -r 4b7fe3bb41fa netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Tue Feb 01 23:24:46 2011 +0000
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Tue Feb 01 21:11:11 2011 -0500
@@ -693,7 +693,11 @@ public class JNLPClassLoader extends URL
                                     }
 
                                     JarSigner signer = new JarSigner();
-                                    signer.verifyJar(extractedJarLocation);
+                                    List<JARDesc> jars = new ArrayList<JARDesc>();
+                                    JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
+                                    jars.add(jarDesc);
+                                    tracker.addResource(new File(extractedJarLocation).toURL(), null, null);
+                                    signer.verifyJars(jars, tracker);
 
                                     if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
                                         checkTrustWithUser(signer);
diff -r 8e02f38c3b6a -r 4b7fe3bb41fa netx/net/sourceforge/jnlp/tools/JarSigner.java
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java	Tue Feb 01 23:24:46 2011 +0000
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java	Tue Feb 01 21:11:11 2011 -0500
@@ -274,7 +274,7 @@ public class JarSigner implements CertVe
 
     }
 
-    public verifyResult verifyJar(String jarName) throws Exception {
+    private verifyResult verifyJar(String jarName) throws Exception {
         boolean anySigned = false;
         boolean hasUnsignedEntry = false;
         JarFile jarFile = null;

