Mercurial > hg > icedtea7-forest-aarch64 > jdk
changeset 7566:3dbb06a924cd jdk7u45-b35
8030813: Signed applet fails to load when CRLs are stored in an LDAP directory
Summary: Skip JNDI application resource lookup to avoid recursive JAR validation
Reviewed-by: vinnie, herrick
author | mullan |
---|---|
date | Mon, 23 Dec 2013 14:03:25 -0500 |
parents | 0cf7bf25b314 |
children | 8df5084cad1b |
files | src/share/classes/com/sun/naming/internal/ResourceManager.java src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java |
diffstat | 2 files changed, 35 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/naming/internal/ResourceManager.java Fri Dec 06 13:07:39 2013 -0800 +++ b/src/share/classes/com/sun/naming/internal/ResourceManager.java Mon Dec 23 14:03:25 2013 -0500 @@ -69,6 +69,14 @@ private static final String JRELIB_PROPERTY_FILE_NAME = "jndi.properties"; /* + * Internal environment property, that when set to "true", disables + * application resource files lookup to prevent recursion issues + * when validating signed JARs. + */ + private static final String DISABLE_APP_RESOURCE_FILES = + "com.sun.naming.disable.app.resource.files"; + + /* * The standard JNDI properties that specify colon-separated lists. */ private static final String[] listProperties = { @@ -218,6 +226,13 @@ } } + // Return without merging if application resource files lookup + // is disabled. + String disableAppRes = (String)env.get(DISABLE_APP_RESOURCE_FILES); + if (disableAppRes != null && disableAppRes.equalsIgnoreCase("true")) { + return env; + } + // Merge the above with the values read from all application // resource files. Colon-separated lists are concatenated. mergeTables(env, getApplicationResources());
--- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Fri Dec 06 13:07:39 2013 -0800 +++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Mon Dec 23 14:03:25 2013 -0500 @@ -50,6 +50,7 @@ import sun.security.util.Cache; import sun.security.util.Debug; import sun.security.x509.X500Name; +import sun.security.action.GetBooleanAction; import sun.security.action.GetPropertyAction; /** @@ -135,6 +136,14 @@ private final static String PROP_LIFETIME = "sun.security.certpath.ldap.cache.lifetime"; + /* + * Internal system property, that when set to "true", disables the + * JNDI application resource files lookup to prevent recursion issues + * when validating signed JARs with LDAP URLs in certificates. + */ + private final static String PROP_DISABLE_APP_RESOURCE_FILES = + "sun.security.certpath.ldap.disable.app.resource.files"; + static { String s = AccessController.doPrivileged( new GetPropertyAction(PROP_LIFETIME)); @@ -236,6 +245,17 @@ env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, url); + + // If property is set to true, disable application resource file lookup. + boolean disableAppResourceFiles = AccessController.doPrivileged( + new GetBooleanAction(PROP_DISABLE_APP_RESOURCE_FILES)); + if (disableAppResourceFiles) { + if (debug != null) { + debug.println("LDAPCertStore disabling app resource files"); + } + env.put("com.sun.naming.disable.app.resource.files", "true"); + } + try { ctx = new InitialDirContext(env); /*