Mercurial > hg > openjdk > jdk8 > jdk
changeset 8997:aef6c726810e
8030813: Signed applet fails to load when CRLs are stored in an LDAP directory
Summary: Skip JNDI application resource lookup to avoid recursive JAR validation
Reviewed-by: vinnie, herrick
author | mullan |
---|---|
date | Mon, 23 Dec 2013 14:03:25 -0500 |
parents | 8e133b86b9f8 |
children | f3c714eeef6c |
files | src/share/classes/com/sun/naming/internal/ResourceManager.java src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java |
diffstat | 2 files changed, 35 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/naming/internal/ResourceManager.java Tue Dec 17 09:36:59 2013 -0800 +++ b/src/share/classes/com/sun/naming/internal/ResourceManager.java Mon Dec 23 14:03:25 2013 -0500 @@ -67,6 +67,14 @@ private static final String JRELIB_PROPERTY_FILE_NAME = "jndi.properties"; /* + * Internal environment property, that when set to "true", disables + * application resource files lookup to prevent recursion issues + * when validating signed JARs. + */ + private static final String DISABLE_APP_RESOURCE_FILES = + "com.sun.naming.disable.app.resource.files"; + + /* * The standard JNDI properties that specify colon-separated lists. */ private static final String[] listProperties = { @@ -224,6 +232,13 @@ } } + // Return without merging if application resource files lookup + // is disabled. + String disableAppRes = (String)env.get(DISABLE_APP_RESOURCE_FILES); + if (disableAppRes != null && disableAppRes.equalsIgnoreCase("true")) { + return env; + } + // Merge the above with the values read from all application // resource files. Colon-separated lists are concatenated. mergeTables((Hashtable<Object, Object>)env, getApplicationResources());
--- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Tue Dec 17 09:36:59 2013 -0800 +++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Mon Dec 23 14:03:25 2013 -0500 @@ -50,6 +50,7 @@ import sun.security.util.Cache; import sun.security.util.Debug; import sun.security.x509.X500Name; +import sun.security.action.GetBooleanAction; import sun.security.action.GetPropertyAction; /** @@ -135,6 +136,14 @@ private final static String PROP_LIFETIME = "sun.security.certpath.ldap.cache.lifetime"; + /* + * Internal system property, that when set to "true", disables the + * JNDI application resource files lookup to prevent recursion issues + * when validating signed JARs with LDAP URLs in certificates. + */ + private final static String PROP_DISABLE_APP_RESOURCE_FILES = + "sun.security.certpath.ldap.disable.app.resource.files"; + static { String s = AccessController.doPrivileged( new GetPropertyAction(PROP_LIFETIME)); @@ -237,6 +246,17 @@ env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, url); + + // If property is set to true, disable application resource file lookup. + boolean disableAppResourceFiles = AccessController.doPrivileged( + new GetBooleanAction(PROP_DISABLE_APP_RESOURCE_FILES)); + if (disableAppResourceFiles) { + if (debug != null) { + debug.println("LDAPCertStore disabling app resource files"); + } + env.put("com.sun.naming.disable.app.resource.files", "true"); + } + try { ctx = new InitialDirContext(env); /*