Mercurial > hg > release > icedtea-web-1.0
changeset 92:4b7fe3bb41fa
Verify nested jars just like main jars
Fix an exception that occurs when More Information is clicked in the
Certificate warning dialog when dealing with signed nested jars.
2011-02-01 Omair Majid <omajid@redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(activateJars): Add the nested jar to ResourceTracker. Use
JarSigner.verifyJars instead of JarSigner.verifyJar.
* netx/net/sourceforge/jnlp/tools/JarSigner.java
(verifyJar): Make private to indicate nothing should be using this
directly.
| author | Omair Majid <omajid@redhat.com> |
|---|---|
| date | Tue, 01 Feb 2011 21:11:11 -0500 |
| parents | 8e02f38c3b6a |
| children | b305521c43c7 |
| files | ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java netx/net/sourceforge/jnlp/tools/JarSigner.java |
| diffstat | 3 files changed, 15 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Feb 01 23:24:46 2011 +0000 +++ b/ChangeLog Tue Feb 01 21:11:11 2011 -0500 @@ -1,3 +1,12 @@ +2011-02-01 Omair Majid <omajid@redhat.com> + + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java + (activateJars): Add the nested jar to ResourceTracker. Use + JarSigner.verifyJars instead of JarSigner.verifyJar. + * netx/net/sourceforge/jnlp/tools/JarSigner.java + (verifyJar): Make private to indicate nothing should be using this + directly. + 2010-02-01 Andrew John Hughes <ahughes@redhat.com> Fix issues with use of DESTDIR pointing
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Feb 01 23:24:46 2011 +0000 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Feb 01 21:11:11 2011 -0500 @@ -693,7 +693,11 @@ } JarSigner signer = new JarSigner(); - signer.verifyJar(extractedJarLocation); + List<JARDesc> jars = new ArrayList<JARDesc>(); + JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false); + jars.add(jarDesc); + tracker.addResource(new File(extractedJarLocation).toURL(), null, null); + signer.verifyJars(jars, tracker); if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) { checkTrustWithUser(signer);
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java Tue Feb 01 23:24:46 2011 +0000 +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java Tue Feb 01 21:11:11 2011 -0500 @@ -274,7 +274,7 @@ } - public verifyResult verifyJar(String jarName) throws Exception { + private verifyResult verifyJar(String jarName) throws Exception { boolean anySigned = false; boolean hasUnsignedEntry = false; JarFile jarFile = null;