Mercurial > hg > release > icedtea6-1.8
changeset 2033:8598039e2a62
Fix rhbz# 524387 (javax.net.ssl.SSLKeyException: RSA premaster secret error)
2010-05-06 Deepak Bhole <dbhole@redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
(checkPermission): Allow Runtime and Security permission (for
putProvider.SunJCE) if initiated for an https connection.
(inTrustedCallChain): New method. Returns if given class/method is
in the call chain, and everything upto there is trusted.
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Thu, 06 May 2010 17:35:36 -0400 |
parents | ecef93c7fbb6 |
children | c73b1bd761e0 |
files | ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java |
diffstat | 2 files changed, 54 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed May 05 11:28:27 2010 +0100 +++ b/ChangeLog Thu May 06 17:35:36 2010 -0400 @@ -1,3 +1,11 @@ +2010-05-06 Deepak Bhole <dbhole@redhat.com> + + * rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java + (checkPermission): Allow Runtime and Security permission (for + putProvider.SunJCE) if initiated for an https connection. + (inTrustedCallChain): New method. Returns if given class/method is + in the call chain, and everything upto there is trusted. + 2010-05-05 Gary Benson <gbenson@redhat.com> PR icedtea/481
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Wed May 05 11:28:27 2010 +0100 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Thu May 06 17:35:36 2010 -0400 @@ -395,6 +395,24 @@ // Everything else is denied throw se; + } else if (perm instanceof SecurityPermission) { + + // JCE's initialization requires putProviderProperty permission + if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) { + if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) { + return; + } + } + + } else if (perm instanceof RuntimePermission) { + + // KeyGenerator's init method requires internal spec access + if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) { + if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) { + return; + } + } + } else { tmpPerm = perm; } @@ -419,6 +437,34 @@ } } + /** + * Returns weather the given class and method are in the current stack, + * and whether or not everything upto then is trusted + * + * @param className The name of the class to look for in the stack + * @param methodName The name of the method for the given class to look for in the stack + * @return Weather or not class::method() are in the chain, and everything upto there is trusted + */ + private boolean inTrustedCallChain(String className, String methodName) { + + StackTraceElement[] stack = Thread.currentThread().getStackTrace(); + + for (int i=0; i < stack.length; i++) { + + // Everything up to the desired class/method must be trusted + if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) { + return false; + } + + if (stack[i].getClassName().equals(className) && + stack[i].getMethodName().equals(methodName)) { + return true; + } + } + + return false; + } + /** * Asks the user whether or not to grant permission. * @param perm the permission to be granted