Mercurial > hg > icedtea9

changeset 2324:3918f39eab4d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Warn user if extended services are being used from unsigned code (even if the main application code is signed).
author Deepak Bhole <dbhole@redhat.com>
date Wed, 28 Jul 2010 15:38:26 -0400
parents 0165a4d30876
children 645e965b61e7
files ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java netx/net/sourceforge/jnlp/services/ServiceUtil.java
diffstat 3 files changed, 50 insertions(+), 26 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Jul 28 15:36:19 2010 -0400
+++ b/ChangeLog	Wed Jul 28 15:38:26 2010 -0400
@@ -1,3 +1,11 @@
+2010-07-28  Deepak Bhole <dbhole@redhat.com>
+
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
+	Collapse new loader paths into base loader.
+	* netx/net/sourceforge/jnlp/services/ServiceUtil.java (checkAccess): Check
+	if calling code is trusted all the way to the end. If it isn't, prompt
+	user.
+
 2010-07-28  Deepak Bhole <dbhole@redhat.com>
 
 	* netx/net/sourceforge/jnlp/resources/Messages.properties: Add new strings.
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Wed Jul 28 15:36:19 2010 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Wed Jul 28 15:38:26 2010 -0400
@@ -262,12 +262,10 @@
                 // loader is now current + ext. But we also need to think of
                 // the baseLoader
                         if (baseLoader != null && baseLoader != loader) {
-                    for (URL u : loader.getURLs())
-                        baseLoader.addURL(u);
-                    for (File nativeDirectory: loader.getNativeDirectories())
-                        baseLoader.addNativeDirectory(nativeDirectory);
-
-                    loader = baseLoader;
+                    for (URL u : baseLoader.getURLs())
+                        loader.addURL(u);
+                    for (File nativeDirectory: baseLoader.getNativeDirectories())
+                        loader.addNativeDirectory(nativeDirectory);
                 }
 
                     } else {
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java	Wed Jul 28 15:36:19 2010 -0400
+++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java	Wed Jul 28 15:38:26 2010 -0400
@@ -225,9 +225,9 @@
     }
 
     /**
-     * Returns whether the app requesting a service is signed. If the app is
-     * unsigned, the user is prompted with a dialog asking if the action
-     * should be allowed.
+     * Returns whether the app requesting a service has the right permissions.
+     * If it doesn't, user is prompted for permissions.
+     *
      * @param app the application which is requesting the check. If null, the current
      * application is used.
      * @param type the type of access being requested
@@ -239,12 +239,37 @@
             SecurityWarningDialog.AccessType type,
                 Object... extras) {
 
-        if (app == null) {
-            app = JNLPRuntime.getApplication();
+        if (app == null)
+                app = JNLPRuntime.getApplication();
+
+        boolean codeTrusted = true;
+
+        StackTraceElement[] stack =  Thread.currentThread().getStackTrace();
+
+        for (int i=0; i < stack.length; i++) {
+
+                Class c = null;
+
+                try {
+                        c = Class.forName(stack[i].getClassName());
+                } catch (Exception e1) {
+                        try {
+                                c = Class.forName(stack[i].getClassName(), false, app.getClassLoader());
+                        } catch (Exception e2) {
+                                System.err.println(e2.getMessage());
+                        }
+                }
+
+            // Everything up to the desired class/method must be trusted
+            if (c == null || // class not found
+                        ( c.getProtectionDomain().getCodeSource() != null && // class is not in bootclasspath
+                          c.getProtectionDomain().getCodeSource().getCodeSigners() == null) // class is trusted
+                        ) {
+                codeTrusted = false;
+            }
         }
 
-        if (app != null) {
-            if (!app.isSigned()) {
+        if (!codeTrusted) {
                 final SecurityWarningDialog.AccessType tmpType = type;
                 final Object[] tmpExtras = extras;
                 final ApplicationInstance tmpApp = app;
@@ -252,24 +277,17 @@
                 //We need to do this to allow proper icon loading for unsigned
                 //applets, otherwise permissions won't be granted to load icons
                 //from resources.jar.
-                Object o = AccessController.doPrivileged(new PrivilegedAction() {
-                    public Object run() {
+                Boolean b = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+                    public Boolean run() {
                         boolean b = SecurityWarningDialog.showAccessWarningDialog(tmpType,
                                 tmpApp.getJNLPFile(), tmpExtras);
-                        return (Object) new Boolean(b);
+                        return new Boolean(b);
                     }
                 });
 
-                return ((Boolean)o).booleanValue();
-
-            } else if (app.isSigned()) {
+                return b.booleanValue();
+        }
 
-                //just return true here regardless if the app
-                //has signing issues -- at this point the user would've
-                //already decided to run the app anyways.
-                return true;
-            }
-        }
-        return false; //deny
+        return true; //allow
     }
 }