Mercurial > hg > release > icedtea-web-1.0
changeset 110:a5e96f8affa6
Backport patch for RH677772: NoSuchAlgorithmException using SSL/TLS in javaws
| author | Deepak Bhole <dbhole@redhat.com> |
|---|---|
| date | Sat, 02 Apr 2011 17:59:32 -0400 |
| parents | 04a9055a491d |
| children | c16a09791e54 |
| files | ChangeLog NEWS netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java |
| diffstat | 4 files changed, 43 insertions(+), 49 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Mar 29 15:14:13 2011 +0100 +++ b/ChangeLog Sat Apr 02 17:59:32 2011 -0400 @@ -1,3 +1,18 @@ +2011-02-23 Omair Majid <omajid@redhat.com> + + RH677772: NoSuchAlgorithmException using SSL/TLS in javaws + * NEWS: Update with bugfix. + * netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java: Add new field + jreExtDir. + (JNLPPolicy): Initialize jreExtDir. + (getPermissions): Grant AllPermissions if the CodeSourse is a system jar. + (isSystemJar): New method. + * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java + (checkPermission): Remove special casing of + SecurityPermission("putProviderProperty.SunJCE") and + SecurityPermission("accessClassInPackage.sun.security.internal.spec"). + (inTrustedCallChain): Remove. + 2010-03-29 Andrew John Hughes <ahughes@redhat.com> * NEWS: Updated.
--- a/NEWS Tue Mar 29 15:14:13 2011 +0100 +++ b/NEWS Sat Apr 02 17:59:32 2011 -0400 @@ -11,6 +11,7 @@ New in release 1.0.2 (2011-XX-XX): * Common Fixes and Improvements - PR638: JNLPClassLoader.loadClass(String name) can return null + - RH677772: NoSuchAlgorithmException using SSL/TLS in javaws * Plugin - PR612: NetDania application ends on java.security.AccessControlException: access denied (java.util.PropertyPermission browser read) - Replace binary PDF documentation with editable HTML version.
--- a/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java Tue Mar 29 15:14:13 2011 +0100 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java Sat Apr 02 17:59:32 2011 -0400 @@ -16,6 +16,7 @@ package net.sourceforge.jnlp.runtime; +import java.io.File; import java.security.*; import java.util.Enumeration; @@ -40,10 +41,15 @@ /** the previous policy */ private static Policy systemPolicy; + private final String jreExtDir; + protected JNLPPolicy() { shellSource = JNLPPolicy.class.getProtectionDomain().getCodeSource(); systemSource = Policy.class.getProtectionDomain().getCodeSource(); systemPolicy = Policy.getPolicy(); + + String jre = System.getProperty("java.home"); + jreExtDir = jre + File.separator + "lib" + File.separator + "ext"; } /** @@ -54,6 +60,10 @@ if (source.equals(systemSource) || source.equals(shellSource)) return getAllPermissions(); + if (isSystemJar(source)) { + return getAllPermissions(); + } + // if we check the SecurityDesc here then keep in mind that // code can add properties at runtime to the ResourcesDesc! if (JNLPRuntime.getApplication() != null) { @@ -76,6 +86,23 @@ return systemPolicy.getPermissions(source); } + + /** + * Returns true if the CodeSource corresponds to a system jar. That is, + * it's part of the JRE. + */ + private boolean isSystemJar(CodeSource source) { + // anything in JRE/lib/ext is a system jar and has full permissions + String sourceProtocol = source.getLocation().getProtocol(); + String sourcePath = source.getLocation().getPath(); + if (sourceProtocol.toUpperCase().equals("FILE") && + sourcePath.startsWith(jreExtDir)) { + return true; + } + + return false; + } + /** * Refresh. */
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Tue Mar 29 15:14:13 2011 +0100 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Sat Apr 02 17:59:32 2011 -0400 @@ -311,27 +311,6 @@ } } } - - } else if (perm instanceof SecurityPermission) { - tmpPerm = perm; - - // JCE's initialization requires putProviderProperty permission - if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) { - if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) { - return; - } - } - - } else if (perm instanceof RuntimePermission) { - tmpPerm = perm; - - // KeyGenerator's init method requires internal spec access - if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) { - if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) { - return; - } - } - } else { tmpPerm = perm; } @@ -356,34 +335,6 @@ } /** - * Returns weather the given class and method are in the current stack, - * and whether or not everything upto then is trusted - * - * @param className The name of the class to look for in the stack - * @param methodName The name of the method for the given class to look for in the stack - * @return Weather or not class::method() are in the chain, and everything upto there is trusted - */ - private boolean inTrustedCallChain(String className, String methodName) { - - StackTraceElement[] stack = Thread.currentThread().getStackTrace(); - - for (int i = 0; i < stack.length; i++) { - - // Everything up to the desired class/method must be trusted - if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) { - return false; - } - - if (stack[i].getClassName().equals(className) && - stack[i].getMethodName().equals(methodName)) { - return true; - } - } - - return false; - } - - /** * Asks the user whether or not to grant permission. * @param perm the permission to be granted * @return true if the permission was granted, false otherwise.