[rfc] [icedtea-web] providing little bit more debug outputs for few methods
Deepak Bhole
dbhole at redhat.com
Fri Apr 27 08:29:23 PDT 2012
* Jiri Vanek <jvanek at redhat.com> [2012-04-27 07:30]:
> When I was looking to
> https://bugzilla.redhat.com/show_bug.cgi?id=816592 , I found few
> information missing in debug outputs (especially one consumed
> exception:-/)
>
> This patch is adding this debug information, and I would like to push it to head and 1.2
>
>
This patch is increasing verbosity and changing behavior (throwing a
different type of exception in getPermissions.
IMO it should be split..
Cheers,
Deepak
> Best regards, J.
>
> changelog:
> 2012-04-27 Jiri Vanek <jvanek at redhat.com>
>
> Added more debuging outputs
> * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (getPermissions):
> Any exception from this method is consumed somewhere. I have catched exception,
> reprint it in debug mode and rethrow (to be lost). Main condition in this
> method had several possible NullPointer exceptions. Separated and thrown before
> this condition.
> (getCodeSourceSecurity): added output messsage when no SecurityDesc is found
> for some url/resource
> * netx/net/sourceforge/jnlp/security/KeyStores.java: (getPathToKeystore):
> new method, able to search for file used for creating of KeyStore if possible
> * netx/net/sourceforge/jnlp/security/CertificateUtils.java: (inKeyStores)
> using getPathToKeystore for debug output.
> diff -r 82e908d46d70 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Apr 24 14:43:34 2012 -0400
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Fri Apr 27 13:10:49 2012 +0200
> @@ -895,6 +895,7 @@
> * Returns the permissions for the CodeSource.
> */
> protected PermissionCollection getPermissions(CodeSource cs) {
> + try{
> Permissions result = new Permissions();
>
> // should check for extensions or boot, automatically give all
> @@ -912,6 +913,10 @@
> // If more than default is needed:
> // 1. Code must be signed
> // 2. ALL or J2EE permissions must be requested (note: plugin requests ALL automatically)
> + if (cs==null) throw new Exception("cs!=null but was");
> + if (cs.getLocation()==null) throw new Exception("cs.getLocation!=null but was");
> + if (getCodeSourceSecurity(cs.getLocation())==null) throw new Exception("getCodeSourceSecurity(cs.getLocation())!=null but was");
> + if (getCodeSourceSecurity(cs.getLocation()).getSecurityType()==null) throw new Exception("getCodeSourceSecurity(cs.getLocation()).getSecurityType()!=null but was");
> if (cs.getCodeSigners() != null &&
> (getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) ||
> getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS))) {
> @@ -933,6 +938,12 @@
> result.add(runtimePermissions.get(i));
>
> return result;
> + }catch(Exception ex){
> + if (JNLPRuntime.isDebug()){
> + ex.printStackTrace();
> + }
> + throw new Error(ex);
> + }
> }
>
> protected void addPermission(Permission p) {
> @@ -1732,7 +1743,12 @@
> */
>
> protected SecurityDesc getCodeSourceSecurity(URL source) {
> - return jarLocationSecurityMap.get(source);
> + SecurityDesc sec=jarLocationSecurityMap.get(source);
> + if (sec==null){
> + System.out.println("Error! No security instance for signed "+source.toString()+" This source was loaded outside of netx, and application will have troubles to continue");
> + }
> + return sec;
> +
> }
>
> /**
> diff -r 82e908d46d70 netx/net/sourceforge/jnlp/security/CertificateUtils.java
> --- a/netx/net/sourceforge/jnlp/security/CertificateUtils.java Tue Apr 24 14:43:34 2012 -0400
> +++ b/netx/net/sourceforge/jnlp/security/CertificateUtils.java Fri Apr 27 13:10:49 2012 +0200
> @@ -173,7 +173,7 @@
>
> if (c.equals(keyStores[i].getCertificate(alias))) {
> if (JNLPRuntime.isDebug()) {
> - System.out.println(c.getSubjectX500Principal().getName() + " found in cacerts");
> + System.out.println(c.getSubjectX500Principal().getName() + " found in cacerts ("+KeyStores.getPathToKeystore(keyStores[i].hashCode())+")");
> }
>
> return true;
> diff -r 82e908d46d70 netx/net/sourceforge/jnlp/security/KeyStores.java
> --- a/netx/net/sourceforge/jnlp/security/KeyStores.java Tue Apr 24 14:43:34 2012 -0400
> +++ b/netx/net/sourceforge/jnlp/security/KeyStores.java Fri Apr 27 13:10:49 2012 +0200
> @@ -47,7 +47,9 @@
> import java.security.NoSuchAlgorithmException;
> import java.security.cert.CertificateException;
> import java.util.ArrayList;
> +import java.util.HashMap;
> import java.util.List;
> +import java.util.Map;
> import java.util.StringTokenizer;
>
> import net.sourceforge.jnlp.config.DeploymentConfiguration;
> @@ -75,6 +77,8 @@
> CLIENT_CERTS,
> }
>
> + public static final Map<Integer,String> keystoresPaths=new HashMap<Integer, String>();
> +
> private static DeploymentConfiguration config = null;
>
> private static final String KEYSTORE_TYPE = "JKS";
> @@ -133,12 +137,23 @@
> KeyStore ks = null;
> try {
> ks = createKeyStoreFromFile(new File(location), create, DEFAULT_PASSWORD);
> + //hascode is used instead of instance so when no references are left
> + //to keystore, then this will not be blocker for garbage collection
> + keystoresPaths.put(ks.hashCode(),location);
> } catch (Exception e) {
> e.printStackTrace();
> }
> return ks;
> }
>
> + public static String getPathToKeystore(int k) {
> + String s = keystoresPaths.get(k);
> + if (s == null) {
> + return "unknown keystore location";
> + }
> + return s;
> + }
> +
> /**
> * Returns an array of KeyStore that contain certificates that are trusted.
> * The KeyStores contain certificates from different sources.
More information about the distro-pkg-dev
mailing list