[rfc][icedtea-web] Ignore invalid .jar files specified for plugin

Adam Domurad adomurad at redhat.com
Mon Jun 18 14:35:39 PDT 2012 

2012-06-18  Adam Domurad <adomurad at redhat.com>

	* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java 
	(verifyJar): two for loops made into for-each loops

Changed patch attached. TY.

On Mon, 2012-06-18 at 17:11 -0400, Danesh Dadachanji wrote:
> On 28/05/12 10:11 AM, Adam Domurad wrote:
> > [Replying to list this time]
> > Thanks for the informative reply & discussion !
> >
> 
> My pleasure!
> 
> > If still relevant with your changes to JCV in the works, here's just the
> > refactoring attached.
> >
> 
> Could you add a new ChangeLog entry please? The old one just refers to the original intent of this patch
> 
> [snip]
> 
> >
> > refactoring-only.patch
> >
> >
> > diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> > --- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> > +++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> > @@ -39,6 +39,7 @@ import sun.security.util.*;
> >
> >   import net.sourceforge.jnlp.*;
> >   import net.sourceforge.jnlp.cache.*;
> > +import net.sourceforge.jnlp.runtime.JNLPRuntime;
> >   import net.sourceforge.jnlp.security.*;
> >
> >   /**
> > @@ -183,9 +184,7 @@ public class JarCertVerifier implements
> >           verifiedJars = new ArrayList<String>();
> >           unverifiedJars = new ArrayList<String>();
> >
> > -        for (int i = 0; i < jars.size(); i++) {
> > -
> > -            JARDesc jar = jars.get(i);
> > +        for (JARDesc jar : jars) {
> >
> >               try {
> >
> > @@ -232,6 +231,7 @@ public class JarCertVerifier implements
> >
> >       }
> >
> > +
> 
> Unnecessary newline. =)
> 
> >       private verifyResult verifyJar(String jarName) throws Exception {
> >           boolean anySigned = false;
> >           boolean hasUnsignedEntry = false;
> > @@ -242,10 +242,9 @@ public class JarCertVerifier implements
> >               Vector<JarEntry> entriesVec = new Vector<JarEntry>();
> >               byte[] buffer = new byte[8192];
> >
> > -            JarEntry je;
> >               Enumeration<JarEntry> entries = jarFile.entries();
> >               while (entries.hasMoreElements()) {
> > -                je = entries.nextElement();
> > +                JarEntry je = entries.nextElement();
> 
> Why not change this into a for each loop too? With your changes below, the JarEntry declaration is unnecessary since it's no longer 
> used after this block.
> 
> >                   entriesVec.addElement(je);
> >
> >                   InputStream is = jarFile.getInputStream(je);
> > @@ -265,12 +264,10 @@ public class JarCertVerifier implements
> >               if (jarFile.getManifest() != null) {
> >                   if (verbose)
> >                       System.out.println();
> > -                Enumeration<JarEntry> e = entriesVec.elements();
> >
> >                   long now = System.currentTimeMillis();
> >
> > -                while (e.hasMoreElements()) {
> > -                    je = e.nextElement();
> > +                for (JarEntry je : entriesVec) {
> >                       String name = je.getName();
> >                       CodeSigner[] signers = je.getCodeSigners();
> >                       boolean isSigned = (signers != null);
> > @@ -352,7 +349,6 @@ public class JarCertVerifier implements
> >                           addToDetails(R("SNotYetValidCert"));
> >                   }
> >               }
> > -
> >           } catch (Exception e) {
> >               e.printStackTrace();
> >               throw e;
> > @@ -363,8 +359,8 @@ public class JarCertVerifier implements
> >           }
> >
> >           //anySigned does not guarantee that all files were signed.
> > -        return (anySigned && !(hasUnsignedEntry || hasExpiredCert
> > -                              || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || notYetValidCert)) ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK;
> > +        boolean allFilesSigned = anySigned && !hasUnsignedEntry && !hasSigningIssues();
> 
> Even if all files are signed, this boolean can be false. Can you change this to allFilesSignedWithoutIssues or skip it and directly use 
> the conditional in the return? It's not that important because I've removed this in my large JCV update anyway. =)
> 
> > +        return allFilesSigned ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK;
> >       }
> >
> >       /**
> >
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: refactoring-only.patch
Type: text/x-patch
Size: 1947 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120618/39d756da/refactoring-only.patch

More information about the distro-pkg-dev mailing list