[RFC][icedtea-web] Use global JarCertVerifier in JNLPClassLoader
Deepak Bhole
dbhole at redhat.com
Thu May 17 08:54:19 PDT 2012
* Deepak Bhole <dbhole at redhat.com> [2012-05-17 11:38]:
> * Danesh Dadachanji <ddadacha at redhat.com> [2012-05-16 18:33]:
> > Hi,
> >
> > The attached patches make JNLPClassLoader use a global JCV to ensure
> > we can actually check the app is signed entirely by at least one
> > common signer. Currently, the classloader does not maintain
> > verification of jars loaded upon main initialization vs jars loaded
> > at runtime. Therefore, we are not actually able to enforce an
> > application to be signed entirely by one signer.
> >
> > The application may initially be signed entirely (i.e. all
> > resources/archives specified have a common signer) but then as
> > classes are loaded at runtime (e.g. via manifest classpath), these
> > are not verified along with the original jars. A new JarCertVerifier
> > is used to verify each set.
> >
> > I used an instance var per JNLPClassLoader to keep track of all the
> > jars verified thus far. Each JNLPClassLoader keeps track of its own
> > app's jars so when JNLP extensions are specified, a new
> > JNLPClassLoader is created. This ensures there can be separate
> > signers between different JNLPs.
> >
> > The current method to determine if a jar is signed completely was to
> > check against JarCertVerifier#anyJarSigned. This method is somewhat
> > flawed. If any single entry is signed then this method returns true.
> > However, if one entry of a jar is signed and another unsigned, then
> > the jar is considered unsigned, as is the app as a whole. Therefore,
> > I have included JarCertVerifier#isFullySigned in the conditional as
> > well to ensure the app is in fact fully signed.
> >
> > Another change is the removal of permission checking of nested jars.
> > If the entry of the nested jar is signed, then we should assume that
> > the person signing the jar trusts it to do whatever it must. The
> > nested jar is given the same security context as its parent jar.
> >
> > I've extensively tested this against a combination of
> > singed/unsigned entries in
> > resource/archive-specified/nested/manifest-classpath/extension jars
> > using JNLPs, the applet tag, javaws and jnlp_href, as well as many
> > duplicate jars. I have also run through all the regression tests for
> > HEAD, 1.2 and 1.1, everything ran fine.
> >
> > I propose the following patches to HEAD, 1.2 and 1.1.
>
> I see nothing immediately wrong. However this patch will now allow
s/now/not
> applets to have different signers -- I take it that is expected and that
> this patch only removes individual verifiers and collapses them to 1 per
> loader?
>
> Cheers,
> Deepak
>
> >
> > ChangeLog: (s/JarCertVerifier/JarSigner/g for release branches)
> > +2012-05-16 Danesh Dadachanji <ddadacha at redhat.com>
> > +
> > + Use a global JarCertVerifier in the classloader to keep track of every
> > + jar that has been verified.
> > + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > + (addNewJar), (initializeResources), (verifySignedJNLP):
> > + Replaced use of local JarCertVerifier variable with the instance variable.
> > + Added calls to isFullySigned wherever signer verification is done.
> > + (activateJars): No longer verifies nested jars. These receive the same
> > + security permissions as their parent jar, regardless of the nested
> > + jar's signing.
> > + (verifyJars): Removed.
> > + * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java:
> > + (add): New public method that resets some instance vars and
> > + calls verifyJars.
> > + (verifyJars): Modifier changed to private, above method should be used.
> > + (isFullySignedByASingleCert): renamed to isFullySigned.
> > +
> >
> > A note for 1.1, it does not have the changeset that brought in
> > verification of a signed JNLP as a jar entry so those 2 hunks are
> > removed. Also, 1.1 and 1.2 are still using JarSigner instead of
> > JarCertVerifier so I have accounted for that. Apart from these, the
> > patches are identical in logic. All three patches attached.
> >
> > Any and all comments much appreciated! Please especially ask of a testcase if you have one in mind.
> >
> > Cheers,
> > Danesh
>
> > diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > @@ -151,7 +151,7 @@ public class JNLPClassLoader extends URL
> > private ArrayList<String> unverifiedJars = null;
> >
> > /** the jar cert verifier tool to verify our jars */
> > - private JarCertVerifier jcv = null;
> > + private final JarCertVerifier jcv = new JarCertVerifier();
> >
> > private boolean signing = false;
> >
> > @@ -469,11 +469,10 @@ public class JNLPClassLoader extends URL
> >
> > if (JNLPRuntime.isVerifying()) {
> >
> > - JarCertVerifier jcv;
> > waitForJars(initialJars); //download the jars first.
> >
> > try {
> > - jcv = verifyJars(initialJars);
> > + jcv.add(initialJars, tracker);
> > } catch (Exception e) {
> > //we caught an Exception from the JarCertVerifier class.
> > //Note: one of these exceptions could be from not being able
> > @@ -484,7 +483,7 @@ public class JNLPClassLoader extends URL
> > }
> >
> > //Case when at least one jar has some signing
> > - if (jcv.anyJarsSigned() && jcv.isFullySignedByASingleCert()) {
> > + if (jcv.anyJarsSigned() && jcv.isFullySigned()) {
> > signing = true;
> >
> > if (!jcv.allJarsSigned() &&
> > @@ -700,7 +699,6 @@ public class JNLPClassLoader extends URL
> > private void verifySignedJNLP(JARDesc jarDesc, JarFile jarFile)
> > throws LaunchException {
> >
> > - JarCertVerifier signer = new JarCertVerifier();
> > List<JARDesc> desc = new ArrayList<JARDesc>();
> > desc.add(jarDesc);
> >
> > @@ -711,9 +709,7 @@ public class JNLPClassLoader extends URL
> > InputStreamReader jnlpReader = null;
> >
> > try {
> > - signer.verifyJars(desc, tracker);
> > -
> > - if (signer.allJarsSigned()) { // If the jar is signed
> > + if (jcv.isFullySigned()) { // If the jar is signed
> >
> > Enumeration<JarEntry> entries = jarFile.entries();
> > JarEntry je;
> > @@ -1031,15 +1027,25 @@ public class JNLPClassLoader extends URL
> > continue;
> > }
> >
> > - JarCertVerifier signer = new JarCertVerifier();
> > - List<JARDesc> jars = new ArrayList<JARDesc>();
> > - JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
> > - jars.add(jarDesc);
> > tracker.addResource(new File(extractedJarLocation).toURL(), null, null, null);
> > - signer.verifyJars(jars, tracker);
> >
> > - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> > - checkTrustWithUser(signer);
> > + URL codebase = file.getCodeBase();
> > + if (codebase == null) {
> > + //FIXME: codebase should be the codebase of the Main Jar not
> > + //the location. Although, it still works in the current state.
> > + codebase = file.getResources().getMainJAR().getLocation();
> > + }
> > +
> > + SecurityDesc jarSecurity = null;
> > + if (jcv.isFullySigned()) {
> > + // Already trust application, nested jar should be given
> > + jarSecurity = new SecurityDesc(file,
> > + SecurityDesc.ALL_PERMISSIONS,
> > + codebase.getHost());
> > + } else {
> > + jarSecurity = new SecurityDesc(file,
> > + SecurityDesc.SANDBOX_PERMISSIONS,
> > + codebase.getHost());
> > }
> >
> > try {
> > @@ -1049,25 +1055,6 @@ public class JNLPClassLoader extends URL
> > CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL);
> > addURL(fakeRemote);
> >
> > - SecurityDesc jarSecurity = file.getSecurity();
> > -
> > - if (file instanceof PluginBridge) {
> > -
> > - URL codebase = null;
> > -
> > - if (file.getCodeBase() != null) {
> > - codebase = file.getCodeBase();
> > - } else {
> > - //Fixme: codebase should be the codebase of the Main Jar not
> > - //the location. Although, it still works in the current state.
> > - codebase = file.getResources().getMainJAR().getLocation();
> > - }
> > -
> > - jarSecurity = new SecurityDesc(file,
> > - SecurityDesc.ALL_PERMISSIONS,
> > - codebase.getHost());
> > - }
> > -
> > jarLocationSecurityMap.put(fakeRemote, jarSecurity);
> >
> > } catch (MalformedURLException mfue) {
> > @@ -1276,18 +1263,6 @@ public class JNLPClassLoader extends URL
> > }
> >
> > /**
> > - * Verifies code signing of jars to be used.
> > - *
> > - * @param jars the jars to be verified.
> > - */
> > - private JarCertVerifier verifyJars(List<JARDesc> jars) throws Exception {
> > -
> > - jcv = new JarCertVerifier();
> > - jcv.verifyJars(jars, tracker);
> > - return jcv;
> > - }
> > -
> > - /**
> > * Find the loaded class in this loader or any of its extension loaders.
> > */
> > protected Class findLoadedClassAll(String name) {
> > @@ -1442,7 +1417,6 @@ public class JNLPClassLoader extends URL
> >
> > // Verify if needed
> >
> > - final JarCertVerifier signer = new JarCertVerifier();
> > final List<JARDesc> jars = new ArrayList<JARDesc>();
> > jars.add(desc);
> >
> > @@ -1454,14 +1428,14 @@ public class JNLPClassLoader extends URL
> >
> > AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
> > public Void run() throws Exception {
> > - signer.verifyJars(jars, tracker);
> > + jcv.add(jars, tracker);
> >
> > - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> > - checkTrustWithUser(signer);
> > + if (jcv.anyJarsSigned() && jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) {
> > + checkTrustWithUser(jcv);
> > }
> >
> > final SecurityDesc security;
> > - if (signer.anyJarsSigned()) {
> > + if (jcv.anyJarsSigned() && jcv.isFullySigned()) {
> > security = new SecurityDesc(file,
> > SecurityDesc.ALL_PERMISSIONS,
> > file.getCodeBase().getHost());
> > diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> > --- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> > +++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> > @@ -90,10 +90,10 @@ public class JarCertVerifier implements
> > private boolean anyJarsSigned = false;
> >
> > /** all of the jar files that were verified */
> > - private ArrayList<String> verifiedJars = null;
> > + private ArrayList<String> verifiedJars = new ArrayList<String>();
> >
> > /** all of the jar files that were not verified */
> > - private ArrayList<String> unverifiedJars = null;
> > + private ArrayList<String> unverifiedJars = new ArrayList<String>();
> >
> > /** the certificates used for jar verification */
> > private HashMap<CertPath, Integer> certs = new HashMap<CertPath, Integer>();
> > @@ -165,7 +165,7 @@ public class JarCertVerifier implements
> > *
> > * @return Whether or not all entries have a common signer
> > */
> > - public boolean isFullySignedByASingleCert() {
> > + public boolean isFullySigned() {
> >
> > for (CertPath cPath : certs.keySet()) {
> > // If this cert has signed everything, return true
> > @@ -177,11 +177,27 @@ public class JarCertVerifier implements
> > return false;
> > }
> >
> > - public void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> > + /**
> > + * Update the verifier to consider new jars when verifying.
> > + * @param jars List of new jars to be verified.
> > + * @param tracker Resource tracker used to obtain the the jars from cache
> > + * @throws Exception Caused by issues with obtaining the jars' entries or
> > + * interacting with the tracker.
> > + */
> > + public void add(List<JARDesc> jars, ResourceTracker tracker)
> > throws Exception {
> > + // Reset the vars that need to be updated again during verification.
> > + certPath = null;
> > + alreadyTrustPublisher = false;
> > + rootInCacerts = false;
> > + details.remove(R("SUntrustedCertificate"));
> > + details.remove(R("STrustedCertificate"));
> >
> > - verifiedJars = new ArrayList<String>();
> > - unverifiedJars = new ArrayList<String>();
> > + verifyJars(jars, tracker);
> > + }
> > +
> > + private void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> > + throws Exception {
> >
> > for (int i = 0; i < jars.size(); i++) {
> >
>
> > diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > @@ -137,7 +137,7 @@ public class JNLPClassLoader extends URL
> > private ArrayList<String> unverifiedJars = null;
> >
> > /** the jarsigner tool to verify our jars */
> > - private JarSigner js = null;
> > + private final JarSigner js = new JarSigner();
> >
> > private boolean signing = false;
> >
> > @@ -437,11 +437,10 @@ public class JNLPClassLoader extends URL
> >
> > if (JNLPRuntime.isVerifying()) {
> >
> > - JarSigner js;
> > waitForJars(initialJars); //download the jars first.
> >
> > try {
> > - js = verifyJars(initialJars);
> > + js.add(initialJars, tracker);
> > } catch (Exception e) {
> > //we caught an Exception from the JarSigner class.
> > //Note: one of these exceptions could be from not being able
> > @@ -452,7 +451,7 @@ public class JNLPClassLoader extends URL
> > }
> >
> > //Case when at least one jar has some signing
> > - if (js.anyJarsSigned() && js.isFullySignedByASingleCert()) {
> > + if (js.anyJarsSigned() && js.isFullySigned()) {
> > signing = true;
> >
> > if (!js.allJarsSigned() &&
> > @@ -721,15 +720,25 @@ public class JNLPClassLoader extends URL
> > continue;
> > }
> >
> > - JarSigner signer = new JarSigner();
> > - List<JARDesc> jars = new ArrayList<JARDesc>();
> > - JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
> > - jars.add(jarDesc);
> > tracker.addResource(new File(extractedJarLocation).toURL(), null, null, null);
> > - signer.verifyJars(jars, tracker);
> >
> > - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> > - checkTrustWithUser(signer);
> > + URL codebase = file.getCodeBase();
> > + if (codebase == null) {
> > + //FIXME: codebase should be the codebase of the Main Jar not
> > + //the location. Although, it still works in the current state.
> > + codebase = file.getResources().getMainJAR().getLocation();
> > + }
> > +
> > + SecurityDesc jarSecurity = null;
> > + if (js.isFullySigned()) {
> > + // Already trust application, nested jar should be given
> > + jarSecurity = new SecurityDesc(file,
> > + SecurityDesc.ALL_PERMISSIONS,
> > + codebase.getHost());
> > + } else {
> > + jarSecurity = new SecurityDesc(file,
> > + SecurityDesc.SANDBOX_PERMISSIONS,
> > + codebase.getHost());
> > }
> >
> > try {
> > @@ -739,25 +748,6 @@ public class JNLPClassLoader extends URL
> > CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL);
> > addURL(fakeRemote);
> >
> > - SecurityDesc jarSecurity = file.getSecurity();
> > -
> > - if (file instanceof PluginBridge) {
> > -
> > - URL codebase = null;
> > -
> > - if (file.getCodeBase() != null) {
> > - codebase = file.getCodeBase();
> > - } else {
> > - //Fixme: codebase should be the codebase of the Main Jar not
> > - //the location. Although, it still works in the current state.
> > - codebase = file.getResources().getMainJAR().getLocation();
> > - }
> > -
> > - jarSecurity = new SecurityDesc(file,
> > - SecurityDesc.ALL_PERMISSIONS,
> > - codebase.getHost());
> > - }
> > -
> > jarLocationSecurityMap.put(fakeRemote, jarSecurity);
> >
> > } catch (MalformedURLException mfue) {
> > @@ -966,18 +956,6 @@ public class JNLPClassLoader extends URL
> > }
> >
> > /**
> > - * Verifies code signing of jars to be used.
> > - *
> > - * @param jars the jars to be verified.
> > - */
> > - private JarSigner verifyJars(List<JARDesc> jars) throws Exception {
> > -
> > - js = new JarSigner();
> > - js.verifyJars(jars, tracker);
> > - return js;
> > - }
> > -
> > - /**
> > * Find the loaded class in this loader or any of its extension loaders.
> > */
> > protected Class findLoadedClassAll(String name) {
> > @@ -1132,7 +1110,6 @@ public class JNLPClassLoader extends URL
> >
> > // Verify if needed
> >
> > - final JarSigner signer = new JarSigner();
> > final List<JARDesc> jars = new ArrayList<JARDesc>();
> > jars.add(desc);
> >
> > @@ -1144,14 +1121,14 @@ public class JNLPClassLoader extends URL
> >
> > AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
> > public Void run() throws Exception {
> > - signer.verifyJars(jars, tracker);
> > + js.add(jars, tracker);
> >
> > - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> > - checkTrustWithUser(signer);
> > + if (js.anyJarsSigned() && js.isFullySigned() && !js.getAlreadyTrustPublisher()) {
> > + checkTrustWithUser(js);
> > }
> >
> > final SecurityDesc security;
> > - if (signer.anyJarsSigned()) {
> > + if (js.anyJarsSigned() && js.isFullySigned()) {
> > security = new SecurityDesc(file,
> > SecurityDesc.ALL_PERMISSIONS,
> > file.getCodeBase().getHost());
> > diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java
> > --- a/netx/net/sourceforge/jnlp/tools/JarSigner.java
> > +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java
> > @@ -90,10 +90,10 @@ public class JarSigner implements CertVe
> > private boolean anyJarsSigned = false;
> >
> > /** all of the jar files that were verified */
> > - private ArrayList<String> verifiedJars = null;
> > + private ArrayList<String> verifiedJars = new ArrayList<String>();
> >
> > /** all of the jar files that were not verified */
> > - private ArrayList<String> unverifiedJars = null;
> > + private ArrayList<String> unverifiedJars = new ArrayList<String>();
> >
> > /** the certificates used for jar verification */
> > private HashMap<CertPath, Integer> certs = new HashMap<CertPath, Integer>();
> > @@ -165,7 +165,7 @@ public class JarSigner implements CertVe
> > *
> > * @return Whether or not all entries have a common signer
> > */
> > - public boolean isFullySignedByASingleCert() {
> > + public boolean isFullySigned() {
> >
> > for (CertPath cPath : certs.keySet()) {
> > // If this cert has signed everything, return true
> > @@ -177,11 +177,27 @@ public class JarSigner implements CertVe
> > return false;
> > }
> >
> > - public void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> > + /**
> > + * Update the verifier to consider new jars when verifying.
> > + * @param jars List of new jars to be verified.
> > + * @param tracker Resource tracker used to obtain the the jars from cache
> > + * @throws Exception Caused by issues with obtaining the jars' entries or
> > + * interacting with the tracker.
> > + */
> > + public void add(List<JARDesc> jars, ResourceTracker tracker)
> > throws Exception {
> > + // Reset the vars that need to be updated again during verification.
> > + certPath = null;
> > + alreadyTrustPublisher = false;
> > + rootInCacerts = false;
> > + details.remove(R("SUntrustedCertificate"));
> > + details.remove(R("STrustedCertificate"));
> >
> > - verifiedJars = new ArrayList<String>();
> > - unverifiedJars = new ArrayList<String>();
> > + verifyJars(jars, tracker);
> > + }
> > +
> > + private void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> > + throws Exception {
> >
> > for (int i = 0; i < jars.size(); i++) {
> >
>
> > diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> > @@ -137,7 +137,7 @@ public class JNLPClassLoader extends URL
> > private ArrayList<String> unverifiedJars = null;
> >
> > /** the jarsigner tool to verify our jars */
> > - private JarSigner js = null;
> > + private final JarSigner js = new JarSigner();
> >
> > private boolean signing = false;
> >
> > @@ -437,11 +437,10 @@ public class JNLPClassLoader extends URL
> >
> > if (JNLPRuntime.isVerifying()) {
> >
> > - JarSigner js;
> > waitForJars(initialJars); //download the jars first.
> >
> > try {
> > - js = verifyJars(initialJars);
> > + js.add(initialJars, tracker);
> > } catch (Exception e) {
> > //we caught an Exception from the JarSigner class.
> > //Note: one of these exceptions could be from not being able
> > @@ -452,7 +451,7 @@ public class JNLPClassLoader extends URL
> > }
> >
> > //Case when at least one jar has some signing
> > - if (js.anyJarsSigned() && js.isFullySignedByASingleCert()) {
> > + if (js.anyJarsSigned() && js.isFullySigned()) {
> > signing = true;
> >
> > if (!js.allJarsSigned() &&
> > @@ -721,15 +720,25 @@ public class JNLPClassLoader extends URL
> > continue;
> > }
> >
> > - JarSigner signer = new JarSigner();
> > - List<JARDesc> jars = new ArrayList<JARDesc>();
> > - JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
> > - jars.add(jarDesc);
> > tracker.addResource(new File(extractedJarLocation).toURL(), null, null, null);
> > - signer.verifyJars(jars, tracker);
> >
> > - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> > - checkTrustWithUser(signer);
> > + URL codebase = file.getCodeBase();
> > + if (codebase == null) {
> > + //FIXME: codebase should be the codebase of the Main Jar not
> > + //the location. Although, it still works in the current state.
> > + codebase = file.getResources().getMainJAR().getLocation();
> > + }
> > +
> > + SecurityDesc jarSecurity = null;
> > + if (js.isFullySigned()) {
> > + // Already trust application, nested jar should be given
> > + jarSecurity = new SecurityDesc(file,
> > + SecurityDesc.ALL_PERMISSIONS,
> > + codebase.getHost());
> > + } else {
> > + jarSecurity = new SecurityDesc(file,
> > + SecurityDesc.SANDBOX_PERMISSIONS,
> > + codebase.getHost());
> > }
> >
> > try {
> > @@ -739,25 +748,6 @@ public class JNLPClassLoader extends URL
> > CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL);
> > addURL(fakeRemote);
> >
> > - SecurityDesc jarSecurity = file.getSecurity();
> > -
> > - if (file instanceof PluginBridge) {
> > -
> > - URL codebase = null;
> > -
> > - if (file.getCodeBase() != null) {
> > - codebase = file.getCodeBase();
> > - } else {
> > - //Fixme: codebase should be the codebase of the Main Jar not
> > - //the location. Although, it still works in the current state.
> > - codebase = file.getResources().getMainJAR().getLocation();
> > - }
> > -
> > - jarSecurity = new SecurityDesc(file,
> > - SecurityDesc.ALL_PERMISSIONS,
> > - codebase.getHost());
> > - }
> > -
> > jarLocationSecurityMap.put(fakeRemote, jarSecurity);
> >
> > } catch (MalformedURLException mfue) {
> > @@ -966,18 +956,6 @@ public class JNLPClassLoader extends URL
> > }
> >
> > /**
> > - * Verifies code signing of jars to be used.
> > - *
> > - * @param jars the jars to be verified.
> > - */
> > - private JarSigner verifyJars(List<JARDesc> jars) throws Exception {
> > -
> > - js = new JarSigner();
> > - js.verifyJars(jars, tracker);
> > - return js;
> > - }
> > -
> > - /**
> > * Find the loaded class in this loader or any of its extension loaders.
> > */
> > protected Class findLoadedClassAll(String name) {
> > @@ -1132,7 +1110,6 @@ public class JNLPClassLoader extends URL
> >
> > // Verify if needed
> >
> > - final JarSigner signer = new JarSigner();
> > final List<JARDesc> jars = new ArrayList<JARDesc>();
> > jars.add(desc);
> >
> > @@ -1144,14 +1121,14 @@ public class JNLPClassLoader extends URL
> >
> > AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
> > public Void run() throws Exception {
> > - signer.verifyJars(jars, tracker);
> > + js.add(jars, tracker);
> >
> > - if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
> > - checkTrustWithUser(signer);
> > + if (js.anyJarsSigned() && js.isFullySigned() && !js.getAlreadyTrustPublisher()) {
> > + checkTrustWithUser(js);
> > }
> >
> > final SecurityDesc security;
> > - if (signer.anyJarsSigned()) {
> > + if (js.anyJarsSigned() && js.isFullySigned()) {
> > security = new SecurityDesc(file,
> > SecurityDesc.ALL_PERMISSIONS,
> > file.getCodeBase().getHost());
> > diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java
> > --- a/netx/net/sourceforge/jnlp/tools/JarSigner.java
> > +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java
> > @@ -90,10 +90,10 @@ public class JarSigner implements CertVe
> > private boolean anyJarsSigned = false;
> >
> > /** all of the jar files that were verified */
> > - private ArrayList<String> verifiedJars = null;
> > + private ArrayList<String> verifiedJars = new ArrayList<String>();
> >
> > /** all of the jar files that were not verified */
> > - private ArrayList<String> unverifiedJars = null;
> > + private ArrayList<String> unverifiedJars = new ArrayList<String>();
> >
> > /** the certificates used for jar verification */
> > private HashMap<CertPath, Integer> certs = new HashMap<CertPath, Integer>();
> > @@ -165,7 +165,7 @@ public class JarSigner implements CertVe
> > *
> > * @return Whether or not all entries have a common signer
> > */
> > - public boolean isFullySignedByASingleCert() {
> > + public boolean isFullySigned() {
> >
> > for (CertPath cPath : certs.keySet()) {
> > // If this cert has signed everything, return true
> > @@ -177,11 +177,27 @@ public class JarSigner implements CertVe
> > return false;
> > }
> >
> > - public void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> > + /**
> > + * Update the verifier to consider new jars when verifying.
> > + * @param jars List of new jars to be verified.
> > + * @param tracker Resource tracker used to obtain the the jars from cache
> > + * @throws Exception Caused by issues with obtaining the jars' entries or
> > + * interacting with the tracker.
> > + */
> > + public void add(List<JARDesc> jars, ResourceTracker tracker)
> > throws Exception {
> > + // Reset the vars that need to be updated again during verification.
> > + certPath = null;
> > + alreadyTrustPublisher = false;
> > + rootInCacerts = false;
> > + details.remove(R("SUntrustedCertificate"));
> > + details.remove(R("STrustedCertificate"));
> >
> > - verifiedJars = new ArrayList<String>();
> > - unverifiedJars = new ArrayList<String>();
> > + verifyJars(jars, tracker);
> > + }
> > +
> > + private void verifyJars(List<JARDesc> jars, ResourceTracker tracker)
> > + throws Exception {
> >
> > for (int i = 0; i < jars.size(); i++) {
> >
>
More information about the distro-pkg-dev
mailing list