[RFC][icedtea-web]: PR1049 fix - extension jnlp with empty jars
Saad Mohammad
smohammad at redhat.com
Mon Jul 9 09:54:47 PDT 2012
Hi,
The following patch fixes PR1049 and accepts extension loaders
containing only empty jars (jars with no content or only META-INF/*).
The handling of empty jars behaves much like the proprietary plugin, it
will not pop up any security dialog even if the content of META-INF/* is
signed. Changelog and reproducers are also attached.
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1049
[More information]
Presently, JarCertVerifier verifies empty jars with the result as
verifyResult.SIGNED_OK and causes problems when
JarCertVerifier.isFullySignedByASingleCert() is called because the list
of certificates is empty (certificates arenot added from empty jars if
found). This patch resolves this issue by keeping track
ofJarCertVerifier with allempty jars.
[Changelog]
2012-07-09 Saad Mohammad <smohammad at redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
(initializeResources): Removes the display of the security dialog for
loaders with only empty jars.
* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java:
(JarCertVerifier): Tracks whether all jars verified are empty jars.
(hasAllEmptyJars): Returns true if all jars verified are empty jars.
(verifyJars): Checks whether signable entries and certificates are
found and
decides if all jars are empty jars.
(isFullySignedByASingleCert): If all jars are emptyJars, returns true.
*
tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJar.jnlp:
Launching jnlp with the resource of a the main jar and an extension
jnlp.
*
tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarExtension.jnlp:
Extension jnlp containing only an empty jar.
*
tests/reproducers/signed/EmptySignedJar/testcases/EmptySignedJarTest.java:
Testcase that tests jnlp files with empty jars.
*
tests/reproducers/signed/SignedJarResource/resources/SignedJarResource.jnlp:
Launches SignedJarResource class directly.
--
Cheers,
Saad Mohammad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: changelog_entry.patch
Type: text/x-patch
Size: 1342 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120709/52fb9097/changelog_entry.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PR1049.patch
Type: text/x-patch
Size: 2309 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120709/52fb9097/PR1049.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reproducers.patch
Type: text/x-patch
Size: 11605 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120709/52fb9097/reproducers.patch
More information about the distro-pkg-dev
mailing list