[RFC][icedtea-web] Use global JarCertVerifier in JNLPClassLoader
Deepak Bhole
dbhole at redhat.com
Thu May 17 08:38:26 PDT 2012
* Danesh Dadachanji <ddadacha at redhat.com> [2012-05-16 18:33]:
> Hi,
>
> The attached patches make JNLPClassLoader use a global JCV to ensure
> we can actually check the app is signed entirely by at least one
> common signer. Currently, the classloader does not maintain
> verification of jars loaded upon main initialization vs jars loaded
> at runtime. Therefore, we are not actually able to enforce an
> application to be signed entirely by one signer.
>
> The application may initially be signed entirely (i.e. all
> resources/archives specified have a common signer) but then as
> classes are loaded at runtime (e.g. via manifest classpath), these
> are not verified along with the original jars. A new JarCertVerifier
> is used to verify each set.
>
> I used an instance var per JNLPClassLoader to keep track of all the
> jars verified thus far. Each JNLPClassLoader keeps track of its own
> app's jars so when JNLP extensions are specified, a new
> JNLPClassLoader is created. This ensures there can be separate
> signers between different JNLPs.
>
> The current method to determine if a jar is signed completely was to
> check against JarCertVerifier#anyJarSigned. This method is somewhat
> flawed. If any single entry is signed then this method returns true.
> However, if one entry of a jar is signed and another unsigned, then
> the jar is considered unsigned, as is the app as a whole. Therefore,
> I have included JarCertVerifier#isFullySigned in the conditional as
> well to ensure the app is in fact fully signed.
>
> Another change is the removal of permission checking of nested jars.
> If the entry of the nested jar is signed, then we should assume that
> the person signing the jar trusts it to do whatever it must. The
> nested jar is given the same security context as its parent jar.
>
> I've extensively tested this against a combination of
> singed/unsigned entries in
> resource/archive-specified/nested/manifest-classpath/extension jars
> using JNLPs, the applet tag, javaws and jnlp_href, as well as many
> duplicate jars. I have also run through all the regression tests for
> HEAD, 1.2 and 1.1, everything ran fine.
>
> I propose the following patches to HEAD, 1.2 and 1.1.
I see nothing immediately wrong. However this patch will now allow
applets to have different signers -- I take it that is expected and that
this patch only removes individual verifiers and collapses them to 1 per
loader?
Cheers,
Deepak
>
> ChangeLog: (s/JarCertVerifier/JarSigner/g for release branches)
> +2012-05-16 Danesh Dadachanji <ddadacha at redhat.com>
> +
> + Use a global JarCertVerifier in the classloader to keep track of every
> + jar that has been verified.
> + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> + (addNewJar), (initializeResources), (verifySignedJNLP):
> + Replaced use of local JarCertVerifier variable with the instance variable.
> + Added calls to isFullySigned wherever signer verification is done.
> + (activateJars): No longer verifies nested jars. These receive the same
> + security permissions as their parent jar, regardless of the nested
> + jar's signing.
> + (verifyJars): Removed.
> + * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java:
> + (add): New public method that resets some instance vars and
> + calls verifyJars.
> + (verifyJars): Modifier changed to private, above method should be used.
> + (isFullySignedByASingleCert): renamed to isFullySigned.
> +
>
> A note for 1.1, it does not have the changeset that brought in
> verification of a signed JNLP as a jar entry so those 2 hunks are
> removed. Also, 1.1 and 1.2 are still using JarSigner instead of
> JarCertVerifier so I have accounted for that. Apart from these, the
> patches are identical in logic. All three patches attached.
>
> Any and all comments much appreciated! Please especially ask of a testcase if you have one in mind.
>
> Cheers,
> Danesh
> diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> @@ -151,7 +151,7 @@ public class JNLPClassLoader extends URL
> private ArrayList<String> unverifiedJars = null;
>
> /** the jar cert verifier tool to verify our jars */
> - private JarCertVerifier jcv = null;
> + private final JarCertVerifier jcv = new JarCertVerifier();
>
> private boolean signing = false;
>
> @@ -469,11 +469,10 @@ public class JNLPClassLoader extends URL
>
> if (JNLPRuntime.isVerifying()) {
>
> - JarCertVerifier jcv;
> waitForJars(initialJars); //download the jars first.
>
> try {
> - jcv = verifyJars(initialJars);
> + jcv.add(initialJars, tracker);
> } catch (Exception e) {
> //we caught an Exception from the JarCertVerifier class.
> //Note: one of these exceptions could be from not being able
> @@ -484,7 +483,7 @@ public class JNLPClassLoader extends URL
> }
>
> //Case when at least one jar has some signing
> - if (jcv.anyJarsSigned() && jcv.isFullySignedByASingleCert()) {
> + if (jcv.anyJarsSigned() && jcv.isFullySigned()) {
> signing = true;
>
> if (!jcv.allJarsSigned() &&
> @@ -700,7 +699,6 @@ public class JNLPClassLoader extends URL
> private void verifySignedJNLP(JARDesc jarDesc, JarFile jarFile)
> throws LaunchException {
>
> - JarCertVerifier signer = new JarCertVerifier();
> List<JARDesc> desc = new ArrayList<JARDesc>();
> desc.add(jarDesc);
>
> @@ -711,9 +709,7 @@ public class JNLPClassLoader extends URL
> InputStreamReader jnlpReader = null;
>
> try {
> - signer.verifyJars(desc, tracker);
> -
> - if (signer.allJarsSigned()) { // If the jar is signed
> + if (jcv.isFullySigned()) { // If the jar is signed
>
> Enumeration<JarEntry> entries = jarFile.entries();
> JarEntry je;
> @@ -1031,15 +1027,25 @@ public class JNLPClassLoader extends URL
> continue;
> }
>
> - JarCertVerifier signer = new JarCertVerifier();
> - List<JARDesc> jars = new ArrayList<JARDesc>();
> - JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
> - jars.add(jarDesc);
> tracker.addResource(new File(extractedJarLocation).toURL(), null, null, null);
> - signer.verifyJars(jars, tracker);
>
> - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> - checkTrustWithUser(signer);
> + URL codebase = file.getCodeBase();
> + if (codebase == null) {
> + //FIXME: codebase should be the codebase of the Main Jar not
> + //the location. Although, it still works in the current state.
> + codebase = file.getResources().getMainJAR().getLocation();
> + }
> +
> + SecurityDesc jarSecurity = null;
> + if (jcv.isFullySigned()) {
> + // Already trust application, nested jar should be given
> + jarSecurity = new SecurityDesc(file,
> + SecurityDesc.ALL_PERMISSIONS,
> + codebase.getHost());
> + } else {
> + jarSecurity = new SecurityDesc(file,
> + SecurityDesc.SANDBOX_PERMISSIONS,
> + codebase.getHost());
> }
>
> try {
> @@ -1049,25 +1055,6 @@ public class JNLPClassLoader extends URL
> CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL);
> addURL(fakeRemote);
>
> - SecurityDesc jarSecurity = file.getSecurity();
> -
> - if (file instanceof PluginBridge) {
> -
> - URL codebase = null;
> -
> - if (file.getCodeBase() != null) {
> - codebase = file.getCodeBase();
> - } else {
> - //Fixme: codebase should be the codebase of the Main Jar not
> - //the location. Although, it still works in the current state.
> - codebase = file.getResources().getMainJAR().getLocation();
> - }
> -
> - jarSecurity = new SecurityDesc(file,
> - SecurityDesc.ALL_PERMISSIONS,
> - codebase.getHost());
> - }
> -
> jarLocationSecurityMap.put(fakeRemote, jarSecurity);
>
> } catch (MalformedURLException mfue) {
> @@ -1276,18 +1263,6 @@ public class JNLPClassLoader extends URL
> }
>
> /**
> - * Verifies code signing of jars to be used.
> - *
> - * @param jars the jars to be verified.
> - */
> - private JarCertVerifier verifyJars(List<JARDesc> jars) throws Exception {
> -
> - jcv = new JarCertVerifier();
> - jcv.verifyJars(jars, tracker);
> - return jcv;
> - }
> -
> - /**
> * Find the loaded class in this loader or any of its extension loaders.
> */
> protected Class findLoadedClassAll(String name) {
> @@ -1442,7 +1417,6 @@ public class JNLPClassLoader extends URL
>
> // Verify if needed
>
> - final JarCertVerifier signer = new JarCertVerifier();
> final List<JARDesc> jars = new ArrayList<JARDesc>();
> jars.add(desc);
>
> @@ -1454,14 +1428,14 @@ public class JNLPClassLoader extends URL
>
> AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
> public Void run() throws Exception {
> - signer.verifyJars(jars, tracker);
> + jcv.add(jars, tracker);
>
> - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> - checkTrustWithUser(signer);
> + if (jcv.anyJarsSigned() && jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) {
> + checkTrustWithUser(jcv);
> }
>
> final SecurityDesc security;
> - if (signer.anyJarsSigned()) {
> + if (jcv.anyJarsSigned() && jcv.isFullySigned()) {
> security = new SecurityDesc(file,
> SecurityDesc.ALL_PERMISSIONS,
> file.getCodeBase().getHost());
> diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> --- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> +++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> @@ -90,10 +90,10 @@ public class JarCertVerifier implements
> private boolean anyJarsSigned = false;
>
> /** all of the jar files that were verified */
> - private ArrayList<String> verifiedJars = null;
> + private ArrayList<String> verifiedJars = new ArrayList<String>();
>
> /** all of the jar files that were not verified */
> - private ArrayList<String> unverifiedJars = null;
> + private ArrayList<String> unverifiedJars = new ArrayList<String>();
>
> /** the certificates used for jar verification */
> private HashMap<CertPath, Integer> certs = new HashMap<CertPath, Integer>();
> @@ -165,7 +165,7 @@ public class JarCertVerifier implements
> *
> * @return Whether or not all entries have a common signer
> */
> - public boolean isFullySignedByASingleCert() {
> + public boolean isFullySigned() {
>
> for (CertPath cPath : certs.keySet()) {
> // If this cert has signed everything, return true
> @@ -177,11 +177,27 @@ public class JarCertVerifier implements
> return false;
> }
>
> - public void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> + /**
> + * Update the verifier to consider new jars when verifying.
> + * @param jars List of new jars to be verified.
> + * @param tracker Resource tracker used to obtain the the jars from cache
> + * @throws Exception Caused by issues with obtaining the jars' entries or
> + * interacting with the tracker.
> + */
> + public void add(List<JARDesc> jars, ResourceTracker tracker)
> throws Exception {
> + // Reset the vars that need to be updated again during verification.
> + certPath = null;
> + alreadyTrustPublisher = false;
> + rootInCacerts = false;
> + details.remove(R("SUntrustedCertificate"));
> + details.remove(R("STrustedCertificate"));
>
> - verifiedJars = new ArrayList<String>();
> - unverifiedJars = new ArrayList<String>();
> + verifyJars(jars, tracker);
> + }
> +
> + private void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> + throws Exception {
>
> for (int i = 0; i < jars.size(); i++) {
>
> diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> @@ -137,7 +137,7 @@ public class JNLPClassLoader extends URL
> private ArrayList<String> unverifiedJars = null;
>
> /** the jarsigner tool to verify our jars */
> - private JarSigner js = null;
> + private final JarSigner js = new JarSigner();
>
> private boolean signing = false;
>
> @@ -437,11 +437,10 @@ public class JNLPClassLoader extends URL
>
> if (JNLPRuntime.isVerifying()) {
>
> - JarSigner js;
> waitForJars(initialJars); //download the jars first.
>
> try {
> - js = verifyJars(initialJars);
> + js.add(initialJars, tracker);
> } catch (Exception e) {
> //we caught an Exception from the JarSigner class.
> //Note: one of these exceptions could be from not being able
> @@ -452,7 +451,7 @@ public class JNLPClassLoader extends URL
> }
>
> //Case when at least one jar has some signing
> - if (js.anyJarsSigned() && js.isFullySignedByASingleCert()) {
> + if (js.anyJarsSigned() && js.isFullySigned()) {
> signing = true;
>
> if (!js.allJarsSigned() &&
> @@ -721,15 +720,25 @@ public class JNLPClassLoader extends URL
> continue;
> }
>
> - JarSigner signer = new JarSigner();
> - List<JARDesc> jars = new ArrayList<JARDesc>();
> - JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
> - jars.add(jarDesc);
> tracker.addResource(new File(extractedJarLocation).toURL(), null, null, null);
> - signer.verifyJars(jars, tracker);
>
> - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> - checkTrustWithUser(signer);
> + URL codebase = file.getCodeBase();
> + if (codebase == null) {
> + //FIXME: codebase should be the codebase of the Main Jar not
> + //the location. Although, it still works in the current state.
> + codebase = file.getResources().getMainJAR().getLocation();
> + }
> +
> + SecurityDesc jarSecurity = null;
> + if (js.isFullySigned()) {
> + // Already trust application, nested jar should be given
> + jarSecurity = new SecurityDesc(file,
> + SecurityDesc.ALL_PERMISSIONS,
> + codebase.getHost());
> + } else {
> + jarSecurity = new SecurityDesc(file,
> + SecurityDesc.SANDBOX_PERMISSIONS,
> + codebase.getHost());
> }
>
> try {
> @@ -739,25 +748,6 @@ public class JNLPClassLoader extends URL
> CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL);
> addURL(fakeRemote);
>
> - SecurityDesc jarSecurity = file.getSecurity();
> -
> - if (file instanceof PluginBridge) {
> -
> - URL codebase = null;
> -
> - if (file.getCodeBase() != null) {
> - codebase = file.getCodeBase();
> - } else {
> - //Fixme: codebase should be the codebase of the Main Jar not
> - //the location. Although, it still works in the current state.
> - codebase = file.getResources().getMainJAR().getLocation();
> - }
> -
> - jarSecurity = new SecurityDesc(file,
> - SecurityDesc.ALL_PERMISSIONS,
> - codebase.getHost());
> - }
> -
> jarLocationSecurityMap.put(fakeRemote, jarSecurity);
>
> } catch (MalformedURLException mfue) {
> @@ -966,18 +956,6 @@ public class JNLPClassLoader extends URL
> }
>
> /**
> - * Verifies code signing of jars to be used.
> - *
> - * @param jars the jars to be verified.
> - */
> - private JarSigner verifyJars(List<JARDesc> jars) throws Exception {
> -
> - js = new JarSigner();
> - js.verifyJars(jars, tracker);
> - return js;
> - }
> -
> - /**
> * Find the loaded class in this loader or any of its extension loaders.
> */
> protected Class findLoadedClassAll(String name) {
> @@ -1132,7 +1110,6 @@ public class JNLPClassLoader extends URL
>
> // Verify if needed
>
> - final JarSigner signer = new JarSigner();
> final List<JARDesc> jars = new ArrayList<JARDesc>();
> jars.add(desc);
>
> @@ -1144,14 +1121,14 @@ public class JNLPClassLoader extends URL
>
> AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
> public Void run() throws Exception {
> - signer.verifyJars(jars, tracker);
> + js.add(jars, tracker);
>
> - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> - checkTrustWithUser(signer);
> + if (js.anyJarsSigned() && js.isFullySigned() && !js.getAlreadyTrustPublisher()) {
> + checkTrustWithUser(js);
> }
>
> final SecurityDesc security;
> - if (signer.anyJarsSigned()) {
> + if (js.anyJarsSigned() && js.isFullySigned()) {
> security = new SecurityDesc(file,
> SecurityDesc.ALL_PERMISSIONS,
> file.getCodeBase().getHost());
> diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java
> --- a/netx/net/sourceforge/jnlp/tools/JarSigner.java
> +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java
> @@ -90,10 +90,10 @@ public class JarSigner implements CertVe
> private boolean anyJarsSigned = false;
>
> /** all of the jar files that were verified */
> - private ArrayList<String> verifiedJars = null;
> + private ArrayList<String> verifiedJars = new ArrayList<String>();
>
> /** all of the jar files that were not verified */
> - private ArrayList<String> unverifiedJars = null;
> + private ArrayList<String> unverifiedJars = new ArrayList<String>();
>
> /** the certificates used for jar verification */
> private HashMap<CertPath, Integer> certs = new HashMap<CertPath, Integer>();
> @@ -165,7 +165,7 @@ public class JarSigner implements CertVe
> *
> * @return Whether or not all entries have a common signer
> */
> - public boolean isFullySignedByASingleCert() {
> + public boolean isFullySigned() {
>
> for (CertPath cPath : certs.keySet()) {
> // If this cert has signed everything, return true
> @@ -177,11 +177,27 @@ public class JarSigner implements CertVe
> return false;
> }
>
> - public void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> + /**
> + * Update the verifier to consider new jars when verifying.
> + * @param jars List of new jars to be verified.
> + * @param tracker Resource tracker used to obtain the the jars from cache
> + * @throws Exception Caused by issues with obtaining the jars' entries or
> + * interacting with the tracker.
> + */
> + public void add(List<JARDesc> jars, ResourceTracker tracker)
> throws Exception {
> + // Reset the vars that need to be updated again during verification.
> + certPath = null;
> + alreadyTrustPublisher = false;
> + rootInCacerts = false;
> + details.remove(R("SUntrustedCertificate"));
> + details.remove(R("STrustedCertificate"));
>
> - verifiedJars = new ArrayList<String>();
> - unverifiedJars = new ArrayList<String>();
> + verifyJars(jars, tracker);
> + }
> +
> + private void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> + throws Exception {
>
> for (int i = 0; i < jars.size(); i++) {
>
> diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> @@ -137,7 +137,7 @@ public class JNLPClassLoader extends URL
> private ArrayList<String> unverifiedJars = null;
>
> /** the jarsigner tool to verify our jars */
> - private JarSigner js = null;
> + private final JarSigner js = new JarSigner();
>
> private boolean signing = false;
>
> @@ -437,11 +437,10 @@ public class JNLPClassLoader extends URL
>
> if (JNLPRuntime.isVerifying()) {
>
> - JarSigner js;
> waitForJars(initialJars); //download the jars first.
>
> try {
> - js = verifyJars(initialJars);
> + js.add(initialJars, tracker);
> } catch (Exception e) {
> //we caught an Exception from the JarSigner class.
> //Note: one of these exceptions could be from not being able
> @@ -452,7 +451,7 @@ public class JNLPClassLoader extends URL
> }
>
> //Case when at least one jar has some signing
> - if (js.anyJarsSigned() && js.isFullySignedByASingleCert()) {
> + if (js.anyJarsSigned() && js.isFullySigned()) {
> signing = true;
>
> if (!js.allJarsSigned() &&
> @@ -721,15 +720,25 @@ public class JNLPClassLoader extends URL
> continue;
> }
>
> - JarSigner signer = new JarSigner();
> - List<JARDesc> jars = new ArrayList<JARDesc>();
> - JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
> - jars.add(jarDesc);
> tracker.addResource(new File(extractedJarLocation).toURL(), null, null, null);
> - signer.verifyJars(jars, tracker);
>
> - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> - checkTrustWithUser(signer);
> + URL codebase = file.getCodeBase();
> + if (codebase == null) {
> + //FIXME: codebase should be the codebase of the Main Jar not
> + //the location. Although, it still works in the current state.
> + codebase = file.getResources().getMainJAR().getLocation();
> + }
> +
> + SecurityDesc jarSecurity = null;
> + if (js.isFullySigned()) {
> + // Already trust application, nested jar should be given
> + jarSecurity = new SecurityDesc(file,
> + SecurityDesc.ALL_PERMISSIONS,
> + codebase.getHost());
> + } else {
> + jarSecurity = new SecurityDesc(file,
> + SecurityDesc.SANDBOX_PERMISSIONS,
> + codebase.getHost());
> }
>
> try {
> @@ -739,25 +748,6 @@ public class JNLPClassLoader extends URL
> CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL);
> addURL(fakeRemote);
>
> - SecurityDesc jarSecurity = file.getSecurity();
> -
> - if (file instanceof PluginBridge) {
> -
> - URL codebase = null;
> -
> - if (file.getCodeBase() != null) {
> - codebase = file.getCodeBase();
> - } else {
> - //Fixme: codebase should be the codebase of the Main Jar not
> - //the location. Although, it still works in the current state.
> - codebase = file.getResources().getMainJAR().getLocation();
> - }
> -
> - jarSecurity = new SecurityDesc(file,
> - SecurityDesc.ALL_PERMISSIONS,
> - codebase.getHost());
> - }
> -
> jarLocationSecurityMap.put(fakeRemote, jarSecurity);
>
> } catch (MalformedURLException mfue) {
> @@ -966,18 +956,6 @@ public class JNLPClassLoader extends URL
> }
>
> /**
> - * Verifies code signing of jars to be used.
> - *
> - * @param jars the jars to be verified.
> - */
> - private JarSigner verifyJars(List<JARDesc> jars) throws Exception {
> -
> - js = new JarSigner();
> - js.verifyJars(jars, tracker);
> - return js;
> - }
> -
> - /**
> * Find the loaded class in this loader or any of its extension loaders.
> */
> protected Class findLoadedClassAll(String name) {
> @@ -1132,7 +1110,6 @@ public class JNLPClassLoader extends URL
>
> // Verify if needed
>
> - final JarSigner signer = new JarSigner();
> final List<JARDesc> jars = new ArrayList<JARDesc>();
> jars.add(desc);
>
> @@ -1144,14 +1121,14 @@ public class JNLPClassLoader extends URL
>
> AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
> public Void run() throws Exception {
> - signer.verifyJars(jars, tracker);
> + js.add(jars, tracker);
>
> - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> - checkTrustWithUser(signer);
> + if (js.anyJarsSigned() && js.isFullySigned() && !js.getAlreadyTrustPublisher()) {
> + checkTrustWithUser(js);
> }
>
> final SecurityDesc security;
> - if (signer.anyJarsSigned()) {
> + if (js.anyJarsSigned() && js.isFullySigned()) {
> security = new SecurityDesc(file,
> SecurityDesc.ALL_PERMISSIONS,
> file.getCodeBase().getHost());
> diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java
> --- a/netx/net/sourceforge/jnlp/tools/JarSigner.java
> +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java
> @@ -90,10 +90,10 @@ public class JarSigner implements CertVe
> private boolean anyJarsSigned = false;
>
> /** all of the jar files that were verified */
> - private ArrayList<String> verifiedJars = null;
> + private ArrayList<String> verifiedJars = new ArrayList<String>();
>
> /** all of the jar files that were not verified */
> - private ArrayList<String> unverifiedJars = null;
> + private ArrayList<String> unverifiedJars = new ArrayList<String>();
>
> /** the certificates used for jar verification */
> private HashMap<CertPath, Integer> certs = new HashMap<CertPath, Integer>();
> @@ -165,7 +165,7 @@ public class JarSigner implements CertVe
> *
> * @return Whether or not all entries have a common signer
> */
> - public boolean isFullySignedByASingleCert() {
> + public boolean isFullySigned() {
>
> for (CertPath cPath : certs.keySet()) {
> // If this cert has signed everything, return true
> @@ -177,11 +177,27 @@ public class JarSigner implements CertVe
> return false;
> }
>
> - public void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> + /**
> + * Update the verifier to consider new jars when verifying.
> + * @param jars List of new jars to be verified.
> + * @param tracker Resource tracker used to obtain the the jars from cache
> + * @throws Exception Caused by issues with obtaining the jars' entries or
> + * interacting with the tracker.
> + */
> + public void add(List<JARDesc> jars, ResourceTracker tracker)
> throws Exception {
> + // Reset the vars that need to be updated again during verification.
> + certPath = null;
> + alreadyTrustPublisher = false;
> + rootInCacerts = false;
> + details.remove(R("SUntrustedCertificate"));
> + details.remove(R("STrustedCertificate"));
>
> - verifiedJars = new ArrayList<String>();
> - unverifiedJars = new ArrayList<String>();
> + verifyJars(jars, tracker);
> + }
> +
> + private void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> + throws Exception {
>
> for (int i = 0; i < jars.size(); i++) {
>
More information about the distro-pkg-dev
mailing list