Mercurial > hg > release > icedtea6-1.8

changeset 2033:8598039e2a62

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix rhbz# 524387 (javax.net.ssl.SSLKeyException: RSA premaster secret error) 2010-05-06 Deepak Bhole <dbhole@redhat.com> * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java (checkPermission): Allow Runtime and Security permission (for putProvider.SunJCE) if initiated for an https connection. (inTrustedCallChain): New method. Returns if given class/method is in the call chain, and everything upto there is trusted.
author Deepak Bhole <dbhole@redhat.com>
date Thu, 06 May 2010 17:35:36 -0400
parents ecef93c7fbb6
children c73b1bd761e0
files ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
diffstat 2 files changed, 54 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed May 05 11:28:27 2010 +0100
+++ b/ChangeLog	Thu May 06 17:35:36 2010 -0400
@@ -1,3 +1,11 @@
+2010-05-06  Deepak Bhole <dbhole@redhat.com>
+
+	* rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+	(checkPermission): Allow Runtime and Security permission (for
+	putProvider.SunJCE) if initiated for an https connection.
+	(inTrustedCallChain): New method. Returns if given class/method is
+	in the call chain, and everything upto there is trusted.
+
 2010-05-05  Gary Benson  <gbenson@redhat.com>
 
 	PR icedtea/481
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Wed May 05 11:28:27 2010 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Thu May 06 17:35:36 2010 -0400
@@ -395,6 +395,24 @@
 				    // Everything else is denied
 				    throw se;
 
+				} else if (perm instanceof SecurityPermission) {
+
+				    // JCE's initialization requires putProviderProperty permission
+				    if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
+				        if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
+				            return;
+				        }
+				    }
+
+				} else if (perm instanceof RuntimePermission) {
+
+				    // KeyGenerator's init method requires internal spec access
+				    if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
+				        if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
+				            return;
+				        }
+				    }
+
 				} else {
 				    tmpPerm = perm;
 				}
@@ -419,6 +437,34 @@
         }
     }
 
+    /** 
+     * Returns weather the given class and method are in the current stack, 
+     * and whether or not everything upto then is trusted
+     * 
+     * @param className The name of the class to look for in the stack
+     * @param methodName The name of the method for the given class to look for in the stack
+     * @return Weather or not class::method() are in the chain, and everything upto there is trusted
+     */
+    private boolean inTrustedCallChain(String className, String methodName) {
+        
+        StackTraceElement[] stack =  Thread.currentThread().getStackTrace();
+        
+        for (int i=0; i < stack.length; i++) {
+
+            // Everything up to the desired class/method must be trusted
+            if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) {
+                return false;
+            }
+
+            if (stack[i].getClassName().equals(className) &&
+                stack[i].getMethodName().equals(methodName)) {
+                return true;
+            }
+        }
+        
+        return false;
+    }
+    
     /**
      * Asks the user whether or not to grant permission.
      * @param perm the permission to be granted