[RFC][IcedTea-Web]: Change #4 (PersistenceService) of new JNLP specification (v7.0)

Wed Jun 8 14:19:03 PDT 2011

* Saad Mohammad <smohammad at redhat.com> [2011-06-08 17:10]:
> I have attached an updated copy of my patch which removes the
> duplicate code and the nested if statement from my previous patch. I
> am still looking into which method may be a better solution to check
> if the application has a signature and is a trusted application.
> 
> -- 
> Cheers,
> Saad Mohammad
> 

> diff -r 2cfa903b7216 netx/net/sourceforge/jnlp/services/ServiceUtil.java
> --- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java	Wed Jun 08 14:38:52 2011 -0400
> +++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java	Wed Jun 08 16:57:20 2011 -0400
> @@ -235,37 +235,12 @@
>      public static boolean checkAccess(ApplicationInstance app, AccessType type,
>                  Object... extras) {
>  
> -        if (app == null)
> -            app = JNLPRuntime.getApplication();
> -
> -        boolean codeTrusted = true;
> -
> -        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
> -
> -        for (int i = 0; i < stack.length; i++) {
> -
> -            Class c = null;
> -
> -            try {
> -                c = Class.forName(stack[i].getClassName());
> -            } catch (Exception e1) {
> -                try {
> -                    c = Class.forName(stack[i].getClassName(), false, app.getClassLoader());
> -                } catch (Exception e2) {
> -                    System.err.println(e2.getMessage());
> -                }
> -            }
> -
> -            // Everything up to the desired class/method must be trusted
> -            if (c == null || // class not found
> -                    (c.getProtectionDomain().getCodeSource() != null && // class is not in bootclasspath
> -                    c.getProtectionDomain().getCodeSource().getCodeSigners() == null) // class is trusted
> -            ) {
> -                codeTrusted = false;
> -            }
> -        }
> -
> -        if (!codeTrusted) {
> +    	boolean trusted= checkSigned(app);
> +    	
> +    	if (app == null)
> +              app = JNLPRuntime.getApplication();
> +    	
> +        if (!trusted) {
>  
>              if (!shouldPromptUser()) {
>                  return false;
> @@ -307,5 +282,51 @@
>              }
>          });
>      }
> +    
> +    /**
> +     * 
> +     * Returns whether the app requesting a JNLP service has the right permissions.
> +     * @author <a href="mailto:smohammad at redhat.com">Saad Mohammad </a>
> +     *

Hi Saad,

I will let Omair review, but please remove the @author tags .. we don't
use them for functions anywhere :) The right way is to have your name
added to the AUTHORS file. If it is not already there, feel free to
include that in your patch.

Cheers,
Deepak

> +     * @param app the application which is requesting the check. If null, the
> +     *            current application is used.
> +     * @return a boolean is returned after checking if the current application
> +     *         has the right permission
> +     */
> +    
> +    public static boolean checkSigned(ApplicationInstance app){
> +
> +        if (app == null)
> +            app = JNLPRuntime.getApplication();
> +
> +        boolean codeTrusted = true;
> +
> +        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
> +
> +        for (int i = 0; i < stack.length; i++) {
> +
> +            Class c = null;
> +
> +            try {
> +                c = Class.forName(stack[i].getClassName());
> +            } catch (Exception e1) {
> +                try {
> +                    c = Class.forName(stack[i].getClassName(), false, app.getClassLoader());
> +                } catch (Exception e2) {
> +                    System.err.println(e2.getMessage());
> +                }
> +            }
> +
> +            // Everything up to the desired class/method must be trusted
> +            if (c == null || // class not found
> +                    (c.getProtectionDomain().getCodeSource() != null && // class is not in bootclasspath
> +                    c.getProtectionDomain().getCodeSource().getCodeSigners() == null) // class is trusted
> +            ) {
> +                codeTrusted = false;
> +                break; //If codeTrusted == false, break for loop and return false
> +            }
> +        }
> +		return codeTrusted;
> +    }
>  
>  }
> diff -r 2cfa903b7216 netx/net/sourceforge/jnlp/services/XPersistenceService.java
> --- a/netx/net/sourceforge/jnlp/services/XPersistenceService.java	Wed Jun 08 14:38:52 2011 -0400
> +++ b/netx/net/sourceforge/jnlp/services/XPersistenceService.java	Wed Jun 08 16:57:20 2011 -0400
> @@ -53,8 +53,9 @@
>  
>          URL source = app.getJNLPFile().getCodeBase();
>  
> -        if (!source.getHost().equalsIgnoreCase(location.getHost()))
> -            throw new MalformedURLException("Cannot access data from a different host.");
> +        if (!source.getHost().equalsIgnoreCase(location.getHost()) && !ServiceUtil.checkSigned(app)) // Allow trusted application to access data from a different host
> +        	throw new MalformedURLException("Untrusted application cannot access data from a different host."); 
> +
>  
>          // test for above codebase, not perfect but works for now
>  
> @@ -69,7 +70,7 @@
>              System.out.println("request path: " + requestPath);
>          }
>  
> -        if (!source.getFile().startsWith(requestPath))
> +        if (!source.getFile().startsWith(requestPath) && !ServiceUtil.checkSigned(app)) // Allow trusted application to access data below source URL path 
>              throw new MalformedURLException("Cannot access data below source URL path.");
>      }
>  