/hg/icedtea-web: 6 new changesets
adomurad at icedtea.classpath.org
adomurad at icedtea.classpath.org
Mon Oct 22 08:52:40 PDT 2012
changeset 274ff243ba73 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=274ff243ba73
author: Danesh Dadachanji <ddadacha at redhat.com>
date: Mon Oct 22 11:02:38 2012 -0400
Major rework of JarCertVerifier certificate management.
This is a long-planned rework of JarCertVerifier, allowing it to handle
multiple certificates. The algorithms used to verify jars with multiple
certificates vary between JNLPs and Applets.
changeset 09c91b85a1a7 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=09c91b85a1a7
author: Adam Domurad <adomurad at redhat.com>
date: Fri Oct 19 14:34:16 2012 -0400
Use interface types in JCV classes where applicable
changeset 8eb44f9dc27c in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=8eb44f9dc27c
author: Adam Domurad <adomurad at redhat.com>
date: Fri Oct 19 15:08:40 2012 -0400
Fix regression with trivially signed (eg, just META-INF/) jars
changeset d076dbf927b8 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=d076dbf927b8
author: Adam Domurad <adomurad at redhat.com>
date: Fri Oct 19 15:14:09 2012 -0400
New message for when JNLP is fully signed by different certs
changeset 5b4a8c846308 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=5b4a8c846308
author: Adam Domurad <adomurad at redhat.com>
date: Mon Oct 22 11:15:48 2012 -0400
Reproducer for PR822
changeset 9413fbdc5e3d in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=9413fbdc5e3d
author: Adam Domurad <adomurad at redhat.com>
date: Mon Oct 22 11:44:07 2012 -0400
Revise MultipleSignaturesTest to demonstrate PR822
diffstat:
ChangeLog | 149 ++
NEWS | 1 +
netx-dist-tests-whitelist | 2 +-
netx/net/sourceforge/jnlp/resources/Messages.properties | 5 +-
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 141 +-
netx/net/sourceforge/jnlp/security/AppVerifier.java | 91 +
netx/net/sourceforge/jnlp/security/CertVerifier.java | 30 +-
netx/net/sourceforge/jnlp/security/CertWarningPane.java | 4 +-
netx/net/sourceforge/jnlp/security/CertsInfoPane.java | 2 +-
netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java | 28 +-
netx/net/sourceforge/jnlp/security/JNLPAppVerifier.java | 142 ++
netx/net/sourceforge/jnlp/security/MoreInfoPane.java | 4 +-
netx/net/sourceforge/jnlp/security/PluginAppVerifier.java | 225 +++
netx/net/sourceforge/jnlp/tools/CertInformation.java | 292 ++++
netx/net/sourceforge/jnlp/tools/JarCertVerifier.java | 671 +++++----
tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java | 470 ++++++-
tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.html | 46 +
tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.jnlp | 57 +
tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.html | 46 +
tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.jnlp | 57 +
tests/reproducers/custom/MultipleSignaturesPerJar/srcs/Makefile | 56 +
tests/reproducers/custom/MultipleSignaturesPerJar/srcs/somecrazytestpackage/MultipleSignaturesPerJarMain.java | 90 +
tests/reproducers/custom/MultipleSignaturesPerJar/testcases/MultipleSignaturesPerJarTests.java | 129 +
tests/reproducers/signed/ReadPropertiesSigned/README | 2 +
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html | 3 +-
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp | 1 +
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp | 1 +
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp | 1 +
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTestUsesPermissions.html | 43 +
tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java | 18 +-
tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java | 35 +-
tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java | 14 +-
tests/test-extensions/net/sourceforge/jnlp/tools/CodeSignerCreator.java | 145 ++
33 files changed, 2548 insertions(+), 453 deletions(-)
diffs (truncated from 3695 to 500 lines):
diff -r cdc7637779f4 -r 9413fbdc5e3d ChangeLog
--- a/ChangeLog Mon Oct 22 10:39:35 2012 -0400
+++ b/ChangeLog Mon Oct 22 11:44:07 2012 -0400
@@ -28,6 +28,155 @@
* tests/reproducers/custom/AppletFolderInArchiveTag/srcs/Makefile: and
* tests/reproducers/custom/UnsignedContentInMETAINF/srcs/Makefile: following above renaming
+2012-10-19 Adam Domurad <adomurad at redhat.com>
+
+ Revised multiple signatures test to check for new message. Added more
+ accurate reproducer for PR822.
+ * tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java:
+ Made class take a classname parameter so different out-of-package
+ classes could be executed.
+ * tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html:
+ Added main-class parameter.
+ * tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp:
+ Same.
+ * tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp:
+ Same.
+ * tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp:
+ Same.
+ * tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java
+ (multipleSignaturesTestHtmlAppletUsesPermissions): New, tests if fully
+ signed HTML applets with varied signers can (as they should) execute
+ with full permissions. Reproduces PR822.
+ (multipleSignaturesTestJnlpApplicationRequesting): Check for
+ mismatching signers JNLP failure message. Remove known-to-fail &
+ inaccurate bug annotation.
+ * tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java
+ (multipleSignaturesTestSamePackageJnlpApplicationRequesting): Check for
+ mismatching signers JNLP failure message. Remove known-to-fail &
+ inaccurate bug annotation.
+
+2012-10-19 Adam Domurad <adomurad at redhat.com>
+
+ Reproduces PR822: Applets fail to load if jars have different signers.
+ Tests for applets & JNLPs with multiple signers per jar.
+ * tests/reproducers/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java:
+ Modified to end with standard applet finish message.
+ * tests/reproducers/simple/ReadProperties/srcs/ReadProperties.java:
+ * tests/reproducers/custom/MultipleSignaturesPerJar/README: Explains
+ dependence on ReadPropertiesSigned.
+ * tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.html:
+ HTML applet test with a common signer.
+ * tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.jnlp:
+ JNLP test with a common signer.
+ * tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.html:
+ HTML applet test without a common signer.
+ * tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.jnlp:
+ JNLP test without a common signer.
+ * tests/reproducers/custom/MultipleSignaturesPerJar/srcs/Makefile:
+ Custom makefile used to sign a jar with multiple signers.
+ * tests/reproducers/custom/MultipleSignaturesPerJar/srcs/somecrazytestpackage/MultipleSignaturesPerJarMain.java:
+ Accesses ReadPropertiesSigned from another package with different
+ signers.
+ * tests/reproducers/custom/MultipleSignaturesPerJar/testcases/MultipleSignaturesPerJarTests.java:
+ Test driver.
+
+2012-10-19 Adam Domurad <adomurad at redhat.com>
+
+ New message for signer mismatch in JNLP applications.
+ * netx/net/sourceforge/jnlp/resources/Messages.properties: Added
+ message 'The JNLP application is not fully signed by a single cert.'
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Message
+ thrown when JNLP's jcv.allJarsSigned() is true but not
+ jcv.isFullySigned();
+
+2012-10-19 Adam Domurad <adomurad at redhat.com>
+
+ Fixes JCV#isTriviallySigned(). Reproducer 'EmptySignedJar' passes
+ again.
+ * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Remove
+ problematic 'triviallySigned' variable and instead determine
+ whether triviallySigned on the fly. Consider jars with 0 signable
+ entries as SIGNED_OK.
+ * tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java:
+ Update no-signers unit test.
+
+2012-10-19 Adam Domurad <adomurad at redhat.com>
+
+ * netx/net/sourceforge/jnlp/security/AppVerifier.java: Use interface
+ types for declared types where applicable.
+ * netx/net/sourceforge/jnlp/security/PluginAppVerifier.java: Same.
+ * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Same.
+
+2012-10-19 Adam Domurad <adomurad at redhat.com>
+
+ * netx/net/sourceforge/jnlp/security/AppVerifier.java: Use interface
+ types for declared types where applicable.
+ * netx/net/sourceforge/jnlp/security/PluginAppVerifier.java: Same.
+ * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Same.
+
+2012-10-19 Danesh Dadachanji <ddadacha at redhat.com>
+
+ Rework JarCertVerifier certificate management to handle multiple
+ certificates and use different algorithms to verify JNLPs and Applets.
+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
+ Removed SHasUnsignedEntry.
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
+ Set JCV instance to final but uninitialized.
+ (JNLPClassLoader): Initialized JCV with runtime dependent verifier.
+ (addNewJar), (initializeResources), (verifySignedJNLP):
+ Replaced use of local JarCertVerifier variable with the instance variable.
+ Added calls to isFullySigned wherever signer verification is done.
+ (activateJars): No longer verifies nested jars. These receive the same
+ security permissions as their parent jar, regardless of the nested
+ jar's signing.
+ (checkTrustWithUser): Removed JCV param, reimplemented to wrap around
+ JCV's checkTrustWithUser method.
+ (verifyJars): Removed.
+ * netx/net/sourceforge/jnlp/security/AppVerifier.java:
+ New strategy pattern interface that specifies verification methods
+ required regardless of the runtime.
+ * netx/net/sourceforge/jnlp/security/JNLPAppVerifier.java:
+ * netx/net/sourceforge/jnlp/security/PluginAppVerifier.java:
+ New strategy pattern classes used to determine which algorithms to use
+ depending on the runtime.
+ * netx/net/sourceforge/jnlp/security/CertVerifier.java:
+ Added CertPath param to all the methods.
+ (noSigningIssues): Removed.
+ * netx/net/sourceforge/jnlp/security/CertWarningPane.java:
+ * netx/net/sourceforge/jnlp/security/CertsInfoPane.java:
+ * netx/net/sourceforge/jnlp/security/MoreInfoPane.java:
+ Updated calls to the verifier's methods with the new CertPath param. All
+ are set to null so far.
+ * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java:
+ Added CertPath param to all the methods. It's mostly ignored though.
+ * netx/net/sourceforge/jnlp/tools/CertInformation.java:
+ New class to represent all the information about a signer with
+ with respect to all of the entries it has signed for the app.
+ * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java:
+ Completely reworked to use CertInformation and AppVerifier functionality.
+ (getCertPath), (getCertInformation), (checkTrustWithUser),
+ (getJarSignableEntries), (getTotalJarEntries): New method.
+ (noSigningIssues), (anyJarsSigned): Removed.
+ (verifyResult): Renamed enum to VerifyResult
+ (JarCertVerifier): New constructor used to set AppVerifier instance.
+ (getAlreadyTrustPublisher), (getRootInCacerts): Now uses strategy pattern.
+ (hasSigningIssues), (getDetails), (checkTrustedCerts), (checkCertUsage):
+ Now uses cert info class.
+ (getCerts): Renamed to getCertsList.
+ (isFullySignedByASingleCert): renamed to isFullySigned and to use
+ the strategy pattern.
+ (add): New public method that resets some instance vars and
+ calls verifyJars.
+ (verifyJars): Modifier changed to private, above method should be used.
+ Also skips jars that have been verified before.
+ (verifyJar): Removed actual verification code, only reads jars into the JVM.
+ (verifyJarEntryCerts): New method. Does actual verification of jars.
+ (getPublisher), (getRoot): Use hacky currentlyUsed variable as the signer.
+ * tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java:
+ Unit test JCV's verifyJarEntryCerts method.
+ * tests/test-extensions/net/sourceforge/jnlp/tools/CodeSignerCreator.java:
+ Unit test helper that creates CodeSigner instances.
+
2012-10-16 Adam Domurad <adomurad at redhat.com>
* tests/reproducers/simple/AppletTakesLastParam/srcs/AppletTakesLastParam.java:
diff -r cdc7637779f4 -r 9413fbdc5e3d NEWS
--- a/NEWS Mon Oct 22 10:39:35 2012 -0400
+++ b/NEWS Mon Oct 22 11:44:07 2012 -0400
@@ -19,6 +19,7 @@
- PR955: regression: SweetHome3D fails to run
- PR1145: IcedTea-Web can cause ClassCircularityError
- PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
+ - PR822: Applets fail to load if jars have different signers
New in release 1.3 (2012-XX-XX):
* NetX
diff -r cdc7637779f4 -r 9413fbdc5e3d netx-dist-tests-whitelist
--- a/netx-dist-tests-whitelist Mon Oct 22 10:39:35 2012 -0400
+++ b/netx-dist-tests-whitelist Mon Oct 22 11:44:07 2012 -0400
@@ -1,1 +1,1 @@
-.*
+MultipleSignaturesTest
diff -r cdc7637779f4 -r 9413fbdc5e3d netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Oct 22 10:39:35 2012 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Oct 22 11:44:07 2012 -0400
@@ -78,11 +78,13 @@
LCantDetermineMainClassInfo=Could not determine the main class for this application.
LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars.
LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed.
+LSignedJNLPAppDifferentCerts=The JNLP application is not fully signed by a single cert.
+LSignedJNLPAppDifferentCertsInfo=The JNLP application has its components individually signed, however there must be a common signer to all entries.
LSignedAppJarUsingUnsignedJar=Signed application using unsigned jars.
LSignedAppJarUsingUnsignedJarInfo=The main application jar is signed, but some of the jars it is using aren't.
LSignedJNLPFileDidNotMatch=The signed JNLP file did not match the launching JNLP file.
LNoSecInstance=Error: No security instance for {0}. The application may have trouble continuing
-LCertFoundIn={0} found in cacerts ({1})
+LCertFoundIn={0} found in cacerts ({1})
LSingleInstanceExists=Another instance of this applet already exists and only one may be run at the same time.
JNotApplet=File is not an applet.
@@ -227,7 +229,6 @@
SBadKeyUsage=Resources contain entries whose signer certificate's KeyUsage extension doesn't allow code signing.
SBadExtendedKeyUsage=Resources contain entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing.
SBadNetscapeCertType=Resources contain entries whose signer certificate's NetscapeCertType extension doesn't allow code signing.
-SHasUnsignedEntry=Resources contain unsigned entries which have not been integrity-checked.
SHasExpiredCert=The digital signature has expired.
SHasExpiringCert=Resources contain entries whose signer certificate will expire within six months.
SNotYetValidCert=Resources contain entries whose signer certificate is not yet valid.
diff -r cdc7637779f4 -r 9413fbdc5e3d netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Mon Oct 22 10:39:35 2012 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Mon Oct 22 11:44:07 2012 -0400
@@ -79,8 +79,10 @@
import net.sourceforge.jnlp.cache.IllegalResourceDescriptorException;
import net.sourceforge.jnlp.cache.ResourceTracker;
import net.sourceforge.jnlp.cache.UpdatePolicy;
+import net.sourceforge.jnlp.security.AppVerifier;
+import net.sourceforge.jnlp.security.JNLPAppVerifier;
+import net.sourceforge.jnlp.security.PluginAppVerifier;
import net.sourceforge.jnlp.security.SecurityDialogs;
-import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
import net.sourceforge.jnlp.tools.JarCertVerifier;
import net.sourceforge.jnlp.util.FileUtils;
import sun.misc.JarIndex;
@@ -153,14 +155,8 @@
/** all jars not yet part of classloader or active */
private List<JARDesc> available = new ArrayList<JARDesc>();
- /** all of the jar files that were verified */
- private ArrayList<String> verifiedJars = null;
-
- /** all of the jar files that were not verified */
- private ArrayList<String> unverifiedJars = null;
-
/** the jar cert verifier tool to verify our jars */
- private JarCertVerifier jcv = null;
+ private final JarCertVerifier jcv;
private boolean signing = false;
@@ -223,6 +219,16 @@
this.mainClass = mainName;
+ AppVerifier verifier;
+
+ if (file instanceof PluginBridge && !((PluginBridge)file).useJNLPHref()) {
+ verifier = new PluginAppVerifier();
+ } else {
+ verifier = new JNLPAppVerifier();
+ }
+
+ jcv = new JarCertVerifier(verifier);
+
// initialize extensions
initializeExtensions();
@@ -311,7 +317,11 @@
*
*/
if (!file.getSecurity().getSecurityType().equals(SecurityDesc.SANDBOX_PERMISSIONS) && !signing) {
- throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo"));
+ if (jcv.allJarsSigned()) {
+ throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedJNLPAppDifferentCerts"), R("LSignedJNLPAppDifferentCertsInfo"));
+ } else {
+ throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo"));
+ }
} else if (signing == true) {
this.security = file.getSecurity();
} else {
@@ -604,10 +614,8 @@
if (JNLPRuntime.isVerifying()) {
- JarCertVerifier jcv;
-
try {
- jcv = verifyJars(initialJars);
+ jcv.add(initialJars, tracker);
} catch (Exception e) {
//we caught an Exception from the JarCertVerifier class.
//Note: one of these exceptions could be from not being able
@@ -618,7 +626,7 @@
}
//Case when at least one jar has some signing
- if (jcv.anyJarsSigned() && jcv.isFullySignedByASingleCert()) {
+ if (jcv.isFullySigned()) {
signing = true;
if (!jcv.allJarsSigned() &&
@@ -650,10 +658,10 @@
// If main jar was found, but a signed JNLP file was not located
if (!isSignedJNLP && foundMainJar)
file.setSignedJNLPAsMissing();
-
+
//user does not trust this publisher
- if (!jcv.getAlreadyTrustPublisher() && !jcv.isTriviallySigned()) {
- checkTrustWithUser(jcv);
+ if (!jcv.isTriviallySigned()) {
+ checkTrustWithUser();
} else {
/**
* If the user trusts this publisher (i.e. the publisher's certificate
@@ -864,7 +872,6 @@
private void verifySignedJNLP(JARDesc jarDesc, JarFile jarFile)
throws LaunchException {
- JarCertVerifier signer = new JarCertVerifier();
List<JARDesc> desc = new ArrayList<JARDesc>();
desc.add(jarDesc);
@@ -875,9 +882,9 @@
InputStreamReader jnlpReader = null;
try {
- signer.verifyJars(desc, tracker);
-
- if (signer.allJarsSigned()) { // If the jar is signed
+ // NOTE: verification should have happened by now. In other words,
+ // calling jcv.verifyJars(desc, tracker) here should have no affect.
+ if (jcv.isFullySigned()) {
Enumeration<JarEntry> entries = jarFile.entries();
JarEntry je;
@@ -961,7 +968,7 @@
/*
* After this exception is caught, it is escaped. If an exception is
* thrown while handling the jar file, (mainly for
- * JarCertVerifier.verifyJars) it assumes the jar file is unsigned and
+ * JarCertVerifier.add) it assumes the jar file is unsigned and
* skip the check for a signed JNLP file
*/
@@ -991,28 +998,18 @@
e.printStackTrace(System.err);
}
}
-
- private void checkTrustWithUser(JarCertVerifier jcv) throws LaunchException {
+
+ /**
+ * Prompt the user for trust on all the signers that require approval.
+ * @throws LaunchException if the user does not approve every dialog prompt.
+ */
+ private void checkTrustWithUser() throws LaunchException {
if (JNLPRuntime.isTrustAll()){
return;
}
- if (!jcv.getRootInCacerts()) { //root cert is not in cacerts
- boolean b = SecurityDialogs.showCertWarningDialog(
- AccessType.UNVERIFIED, file, jcv);
- if (!b)
- throw new LaunchException(null, null, R("LSFatal"),
- R("LCLaunching"), R("LNotVerified"), "");
- } else if (jcv.getRootInCacerts()) { //root cert is in cacerts
- boolean b = false;
- if (jcv.noSigningIssues())
- b = SecurityDialogs.showCertWarningDialog(
- AccessType.VERIFIED, file, jcv);
- else if (!jcv.noSigningIssues())
- b = SecurityDialogs.showCertWarningDialog(
- AccessType.SIGNING_ERROR, file, jcv);
- if (!b)
- throw new LaunchException(null, null, R("LSFatal"),
- R("LCLaunching"), R("LCancelOnUserRequest"), "");
+
+ if (jcv.isFullySigned() && !jcv.getAlreadyTrustPublisher()) {
+ jcv.checkTrustWithUser(file);
}
}
@@ -1226,15 +1223,25 @@
continue;
}
- JarCertVerifier signer = new JarCertVerifier();
- List<JARDesc> jars = new ArrayList<JARDesc>();
- JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
- jars.add(jarDesc);
tracker.addResource(new File(extractedJarLocation).toURL(), null, null, null);
- signer.verifyJars(jars, tracker);
- if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
- checkTrustWithUser(signer);
+ URL codebase = file.getCodeBase();
+ if (codebase == null) {
+ //FIXME: codebase should be the codebase of the Main Jar not
+ //the location. Although, it still works in the current state.
+ codebase = file.getResources().getMainJAR().getLocation();
+ }
+
+ SecurityDesc jarSecurity = null;
+ if (jcv.isFullySigned()) {
+ // Already trust application, nested jar should be given
+ jarSecurity = new SecurityDesc(file,
+ SecurityDesc.ALL_PERMISSIONS,
+ codebase.getHost());
+ } else {
+ jarSecurity = new SecurityDesc(file,
+ SecurityDesc.SANDBOX_PERMISSIONS,
+ codebase.getHost());
}
try {
@@ -1244,25 +1251,6 @@
CachedJarFileCallback.getInstance().addMapping(fakeRemote, fileURL);
addURL(fakeRemote);
- SecurityDesc jarSecurity = file.getSecurity();
-
- if (file instanceof PluginBridge) {
-
- URL codebase = null;
-
- if (file.getCodeBase() != null) {
- codebase = file.getCodeBase();
- } else {
- //Fixme: codebase should be the codebase of the Main Jar not
- //the location. Although, it still works in the current state.
- codebase = file.getResources().getMainJAR().getLocation();
- }
-
- jarSecurity = new SecurityDesc(file,
- SecurityDesc.ALL_PERMISSIONS,
- codebase.getHost());
- }
-
jarLocationSecurityMap.put(fakeRemote, jarSecurity);
} catch (MalformedURLException mfue) {
@@ -1475,18 +1463,6 @@
}
/**
- * Verifies code signing of jars to be used.
- *
- * @param jars the jars to be verified.
- */
- private JarCertVerifier verifyJars(List<JARDesc> jars) throws Exception {
-
- jcv = new JarCertVerifier();
- jcv.verifyJars(jars, tracker);
- return jcv;
- }
-
- /**
* Find the loaded class in this loader or any of its extension loaders.
*/
protected Class findLoadedClassAll(String name) {
@@ -1642,7 +1618,6 @@
// Verify if needed
- final JarCertVerifier signer = new JarCertVerifier();
final List<JARDesc> jars = new ArrayList<JARDesc>();
jars.add(desc);
@@ -1654,14 +1629,12 @@
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
- signer.verifyJars(jars, tracker);
+ jcv.add(jars, tracker);
- if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
- checkTrustWithUser(signer);
- }
+ checkTrustWithUser();
final SecurityDesc security;
- if (signer.anyJarsSigned()) {
+ if (jcv.isFullySigned()) {
security = new SecurityDesc(file,
SecurityDesc.ALL_PERMISSIONS,
file.getCodeBase().getHost());
diff -r cdc7637779f4 -r 9413fbdc5e3d netx/net/sourceforge/jnlp/security/AppVerifier.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/security/AppVerifier.java Mon Oct 22 11:44:07 2012 -0400
@@ -0,0 +1,91 @@
+/* AppVerifier.java
+ Copyright (C) 2012 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
More information about the distro-pkg-dev
mailing list