[rfc][icedtea-web] Ignore invalid .jar files specified for plugin
Danesh Dadachanji
ddadacha at redhat.com
Mon Jun 18 14:11:07 PDT 2012
On 28/05/12 10:11 AM, Adam Domurad wrote:
> [Replying to list this time]
> Thanks for the informative reply & discussion !
>
My pleasure!
> If still relevant with your changes to JCV in the works, here's just the
> refactoring attached.
>
Could you add a new ChangeLog entry please? The old one just refers to the original intent of this patch
[snip]
>
> refactoring-only.patch
>
>
> diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> --- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> +++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> @@ -39,6 +39,7 @@ import sun.security.util.*;
>
> import net.sourceforge.jnlp.*;
> import net.sourceforge.jnlp.cache.*;
> +import net.sourceforge.jnlp.runtime.JNLPRuntime;
> import net.sourceforge.jnlp.security.*;
>
> /**
> @@ -183,9 +184,7 @@ public class JarCertVerifier implements
> verifiedJars = new ArrayList<String>();
> unverifiedJars = new ArrayList<String>();
>
> - for (int i = 0; i < jars.size(); i++) {
> -
> - JARDesc jar = jars.get(i);
> + for (JARDesc jar : jars) {
>
> try {
>
> @@ -232,6 +231,7 @@ public class JarCertVerifier implements
>
> }
>
> +
Unnecessary newline. =)
> private verifyResult verifyJar(String jarName) throws Exception {
> boolean anySigned = false;
> boolean hasUnsignedEntry = false;
> @@ -242,10 +242,9 @@ public class JarCertVerifier implements
> Vector<JarEntry> entriesVec = new Vector<JarEntry>();
> byte[] buffer = new byte[8192];
>
> - JarEntry je;
> Enumeration<JarEntry> entries = jarFile.entries();
> while (entries.hasMoreElements()) {
> - je = entries.nextElement();
> + JarEntry je = entries.nextElement();
Why not change this into a for each loop too? With your changes below, the JarEntry declaration is unnecessary since it's no longer
used after this block.
> entriesVec.addElement(je);
>
> InputStream is = jarFile.getInputStream(je);
> @@ -265,12 +264,10 @@ public class JarCertVerifier implements
> if (jarFile.getManifest() != null) {
> if (verbose)
> System.out.println();
> - Enumeration<JarEntry> e = entriesVec.elements();
>
> long now = System.currentTimeMillis();
>
> - while (e.hasMoreElements()) {
> - je = e.nextElement();
> + for (JarEntry je : entriesVec) {
> String name = je.getName();
> CodeSigner[] signers = je.getCodeSigners();
> boolean isSigned = (signers != null);
> @@ -352,7 +349,6 @@ public class JarCertVerifier implements
> addToDetails(R("SNotYetValidCert"));
> }
> }
> -
> } catch (Exception e) {
> e.printStackTrace();
> throw e;
> @@ -363,8 +359,8 @@ public class JarCertVerifier implements
> }
>
> //anySigned does not guarantee that all files were signed.
> - return (anySigned && !(hasUnsignedEntry || hasExpiredCert
> - || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || notYetValidCert)) ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK;
> + boolean allFilesSigned = anySigned && !hasUnsignedEntry && !hasSigningIssues();
Even if all files are signed, this boolean can be false. Can you change this to allFilesSignedWithoutIssues or skip it and directly use
the conditional in the return? It's not that important because I've removed this in my large JCV update anyway. =)
> + return allFilesSigned ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK;
> }
>
> /**
>
More information about the distro-pkg-dev
mailing list