/hg/icedtea-web: Fixes PR722: Now ignores unsigned content in ME...
Jiri Vanek
jvanek at redhat.com
Wed Jun 13 00:33:26 PDT 2012
On 06/12/2012 09:25 PM, adomurad at icedtea.classpath.org wrote:
> changeset 40776f2e940f in /hg/icedtea-web
> details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=40776f2e940f
> author: Adam Domurad<adomurad at redhat.com>
> date: Tue Jun 12 15:25:44 2012 -0400
>
> Fixes PR722: Now ignores unsigned content in META-INF/ during signing process
Hi Adam, please add reproducer for this stuff definietly before another fix.
It is rule of icedtea web to commit reproducers together with fixes[1]. Also in this case the static
private boolean isMetaInfFile(String name) { is worthy of unit-tests
1] http://icedtea.classpath.org/wiki/CommitPolicy#OpenJDK_Patches "IcedTea-Web code changes/new
feature should be accompanied with appropriate tests (JUnit class and/or reproducer). If no tests
are added/modified, changes should be accompanied with an explanation as to why. "
Sorry for inconvenience:(
J.
>
>
> diffstat:
>
> ChangeLog | 8 ++++++
> NEWS | 1 +
> netx/net/sourceforge/jnlp/tools/JarCertVerifier.java | 26 ++++---------------
> 3 files changed, 15 insertions(+), 20 deletions(-)
>
> diffs (76 lines):
>
> diff -r bf792a768ad2 -r 40776f2e940f ChangeLog
> --- a/ChangeLog Tue Jun 12 10:21:05 2012 +0200
> +++ b/ChangeLog Tue Jun 12 15:25:44 2012 -0400
> @@ -1,3 +1,11 @@
> +2012-06-12 Adam Domurad<adomurad at redhat.com>
> +
> + Fixes PR722, javaws failing to run with unsigned content in META-INF/
> + * NEWS: Added entry: Fixes PR722
> + * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Changed
> + isSignatureRelated => isMetaInfFile. Now all files under META-INF/ are
> + disregarded in checking the jar signage.
> +
> 2012-06-11 Jiri Vanek<jvanek at redhat.com>
>
> Implemented xml logging backend
> diff -r bf792a768ad2 -r 40776f2e940f NEWS
> --- a/NEWS Tue Jun 12 10:21:05 2012 +0200
> +++ b/NEWS Tue Jun 12 15:25:44 2012 -0400
> @@ -18,6 +18,7 @@
> - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
> - PR861: Allow loading from non codebase hosts. Allow code to connect to hosting server
> - PR518: NPString.utf8characters not guaranteed to be nul-terminated
> + - PR722: META-INF/ unsigned entries should be ignored in signing
> * Common
> - PR918: java applet windows uses a low resulution black/white icon
>
> diff -r bf792a768ad2 -r 40776f2e940f netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
> --- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java Tue Jun 12 10:21:05 2012 +0200
> +++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java Tue Jun 12 15:25:44 2012 -0400
> @@ -277,7 +277,7 @@
> anySigned |= isSigned;
>
> boolean shouldHaveSignature = !je.isDirectory()
> -&& !signatureRelated(name);
> +&& !isMetaInfFile(name);
>
> hasUnsignedEntry |= shouldHaveSignature&& !isSigned;
>
> @@ -438,32 +438,18 @@
> }
>
> /**
> - * signature-related files include:
> + * Returns whether a file is in META-INF, and thus does not require signing.
> + *
> + * Signature-related files under META-INF include:
> * . META-INF/MANIFEST.MF
> * . META-INF/SIG-*
> * . META-INF/*.SF
> * . META-INF/*.DSA
> * . META-INF/*.RSA
> - *
> - * Required for verifyJar()
> */
> - private boolean signatureRelated(String name) {
> + static private boolean isMetaInfFile(String name) {
> String ucName = name.toUpperCase();
> - if (ucName.equals(JarFile.MANIFEST_NAME) ||
> - ucName.equals(META_INF) ||
> - (ucName.startsWith(SIG_PREFIX)&&
> - ucName.indexOf("/") == ucName.lastIndexOf("/"))) {
> - return true;
> - }
> -
> - if (ucName.startsWith(META_INF)&&
> - SignatureFileVerifier.isBlockOrSF(ucName)) {
> - // .SF/.DSA/.RSA files in META-INF subdirs
> - // are not considered signature-related
> - return (ucName.indexOf("/") == ucName.lastIndexOf("/"));
> - }
> -
> - return false;
> + return ucName.startsWith(META_INF);
> }
>
> /**
More information about the distro-pkg-dev
mailing list