[RFC][icedtea-web]: PR1049 fix - extension jnlp with empty jars

Saad Mohammad smohammad at redhat.com
Mon Jul 9 09:54:47 PDT 2012 

Hi,

The following patch fixes PR1049 and accepts extension loaders 
containing only empty jars (jars with no content or only META-INF/*). 
The handling of empty jars behaves much like the proprietary plugin, it 
will not pop up any security dialog even if the content of META-INF/* is 
signed. Changelog and reproducers are also attached.

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1049

[More information]
Presently, JarCertVerifier verifies empty jars with the result as 
verifyResult.SIGNED_OK and causes problems when 
JarCertVerifier.isFullySignedByASingleCert() is called because the list 
of certificates is empty (certificates arenot added from empty jars if 
found). This patch resolves this issue by keeping track 
ofJarCertVerifier with allempty jars.

[Changelog]

2012-07-09  Saad Mohammad  <smohammad at redhat.com>

     * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
     (initializeResources): Removes the display of the security dialog for
     loaders with only empty jars.
     * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java:
     (JarCertVerifier): Tracks whether all jars verified are empty jars.
     (hasAllEmptyJars): Returns true if all jars verified are empty jars.
     (verifyJars): Checks whether signable entries and certificates are 
found and
     decides if all jars are empty jars.
     (isFullySignedByASingleCert): If all jars are emptyJars, returns true.
     * 
tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJar.jnlp:
     Launching jnlp with the resource of a the main jar and an extension 
jnlp.
     * 
tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarExtension.jnlp:
     Extension jnlp containing only an empty jar.
     * 
tests/reproducers/signed/EmptySignedJar/testcases/EmptySignedJarTest.java:
     Testcase that tests jnlp files with empty jars.
     * 
tests/reproducers/signed/SignedJarResource/resources/SignedJarResource.jnlp:
     Launches SignedJarResource class directly.

-- 
Cheers,
Saad Mohammad

-------------- next part --------------
A non-text attachment was scrubbed...
Name: changelog_entry.patch
Type: text/x-patch
Size: 1342 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120709/52fb9097/changelog_entry.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PR1049.patch
Type: text/x-patch
Size: 2309 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120709/52fb9097/PR1049.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reproducers.patch
Type: text/x-patch
Size: 11605 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120709/52fb9097/reproducers.patch

More information about the distro-pkg-dev mailing list