Mercurial > hg > release > icedtea7-2.6
changeset 2008:175529fae103
Synchronise netx sources with IcedTea6 copy.
2009-10-08 Andrew John Hughes <ahughes@redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
Synchronise whitespace with IcedTea6 copy.
* netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java:
Fix find/replace error with cert being changed to cenetx.
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Wed, 07 Oct 2009 09:48:00 +0100 |
| parents | 5e20e6468dd1 |
| children | 19ad2af4b4e3 |
| files | ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java |
| diffstat | 3 files changed, 182 insertions(+), 173 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Sep 15 12:47:59 2009 -0400 +++ b/ChangeLog Wed Oct 07 09:48:00 2009 +0100 @@ -1,3 +1,10 @@ +2009-10-08 Andrew John Hughes <ahughes@redhat.com> + + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: + Synchronise whitespace with IcedTea6 copy. + * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java: + Fix find/replace error with cert being changed to cenetx. + 2009-09-15 Deepak Bhole <dbhole@redhat.com> * plugin/icedteanp/IcedTeaJavaRequestProcessor.cc
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Sep 15 12:47:59 2009 -0400 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Oct 07 09:48:00 2009 +0100 @@ -1,15 +1,15 @@ -// +// // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 2.1 of the License, or (at your option) any later version. -// +// // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. -// +// // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. @@ -66,7 +66,7 @@ * security context when the classloader was created. * * @author <a href="mailto:jmaxwell@users.sourceforge.net">Jon A. Maxwell (JAM)</a> - initial author - * @version $Revision: 1.20 $ + * @version $Revision: 1.20 $ */ public class JNLPClassLoader extends URLClassLoader { @@ -115,29 +115,29 @@ /** the security section */ private SecurityDesc security; - + /** Permissions granted by the user during runtime. */ private ArrayList<Permission> runtimePermissions = new ArrayList<Permission>(); /** all jars not yet part of classloader or active */ private List available = new ArrayList(); - /** all of the jar files that were verified */ - private ArrayList<String> verifiedJars = null; + /** all of the jar files that were verified */ + private ArrayList<String> verifiedJars = null; - /** all of the jar files that were not verified */ - private ArrayList<String> unverifiedJars = null; + /** all of the jar files that were not verified */ + private ArrayList<String> unverifiedJars = null; - /** the jarsigner tool to verify our jars */ - private JarSigner js = null; - - private boolean signing = false; + /** the jarsigner tool to verify our jars */ + private JarSigner js = null; - /** ArrayList containing jar indexes for various jars available to this classloader */ - private ArrayList<JarIndex> jarIndexes = new ArrayList<JarIndex>(); - - /** File entries in the jar files available to this classloader */ - private TreeSet jarEntries = new TreeSet(); + private boolean signing = false; + + /** ArrayList containing jar indexes for various jars available to this classloader */ + private ArrayList<JarIndex> jarIndexes = new ArrayList<JarIndex>(); + + /** File entries in the jar files available to this classloader */ + private TreeSet jarEntries = new TreeSet(); /** * Create a new JNLPClassLoader from the specified file. @@ -167,41 +167,41 @@ } private void setSecurity() { - /** - * When we're trying to load an applet, file.getSecurity() will return - * null since there is no jnlp file to specify permissions. We - * determine security settings here, after trying to verify jars. - */ - if (file instanceof PluginBridge) { - if (signing == true) { - this.security = new SecurityDesc(file, - SecurityDesc.ALL_PERMISSIONS, - file.getCodeBase().getHost()); - } else { - this.security = new SecurityDesc(file, - SecurityDesc.SANDBOX_PERMISSIONS, - file.getCodeBase().getHost()); - } - } else { //regular jnlp file - - /** - * If the application is signed, then we set the SecurityDesc to the - * <security> tag in the jnlp file. Note that if an application is - * signed, but there is no <security> tag in the jnlp file, the - * application will get sandbox permissions. - * If the application is unsigned, we ignore the <security> tag and - * use a sandbox instead. - */ - if (signing == true) { - this.security = file.getSecurity(); - } else { - this.security = new SecurityDesc(file, - SecurityDesc.SANDBOX_PERMISSIONS, - file.getCodeBase().getHost()); - } - } + /** + * When we're trying to load an applet, file.getSecurity() will return + * null since there is no jnlp file to specify permissions. We + * determine security settings here, after trying to verify jars. + */ + if (file instanceof PluginBridge) { + if (signing == true) { + this.security = new SecurityDesc(file, + SecurityDesc.ALL_PERMISSIONS, + file.getCodeBase().getHost()); + } else { + this.security = new SecurityDesc(file, + SecurityDesc.SANDBOX_PERMISSIONS, + file.getCodeBase().getHost()); + } + } else { //regular jnlp file + + /** + * If the application is signed, then we set the SecurityDesc to the + * <security> tag in the jnlp file. Note that if an application is + * signed, but there is no <security> tag in the jnlp file, the + * application will get sandbox permissions. + * If the application is unsigned, we ignore the <security> tag and + * use a sandbox instead. + */ + if (signing == true) { + this.security = file.getSecurity(); + } else { + this.security = new SecurityDesc(file, + SecurityDesc.SANDBOX_PERMISSIONS, + file.getCodeBase().getHost()); + } + } } - + /** * Returns a JNLP classloader for the specified JNLP file. * @@ -213,18 +213,20 @@ JNLPClassLoader loader = null; String uniqueKey = file.getUniqueKey(); - if (uniqueKey != null) - baseLoader = (JNLPClassLoader) urlToLoader.get(uniqueKey); + if (uniqueKey != null) + baseLoader = (JNLPClassLoader) urlToLoader.get(uniqueKey); - try { - - // If base loader is null, or the baseloader's file and this - // file is different, initialize a new loader - if (baseLoader == null || - !baseLoader.getJNLPFile().getFileLocation().equals(file.getFileLocation())) { + try { + + // If base loader is null, or the baseloader's file and this + // file is different, initialize a new loader + if (baseLoader == null || + !baseLoader.getJNLPFile().getFileLocation().equals(file.getFileLocation())) { + loader = new JNLPClassLoader(file, policy); + // New loader init may have caused extentions to create a - // loader for this unique key. Check. + // loader for this unique key. Check. JNLPClassLoader extLoader = (JNLPClassLoader) urlToLoader.get(uniqueKey); if (extLoader != null) { @@ -248,19 +250,20 @@ loader = baseLoader; } - } catch (LaunchException e) { - throw e; - } + } catch (LaunchException e) { + throw e; + } - if (file.getInformation().isSharingAllowed()) - urlToLoader.put(location, loader); + // loaders are mapped to a unique key. Only extensions and parent + // share a key, so it is safe to always share based on it + urlToLoader.put(uniqueKey, loader); return loader; } /** * Returns a JNLP classloader for the JNLP file at the specified - * location. + * location. * * @param location the file's location * @param version the file's version @@ -286,17 +289,18 @@ loaderList.add(this); - //if (ext != null) { - for (int i=0; i < ext.length; i++) { - try { - JNLPClassLoader loader = getInstance(ext[i].getLocation(), ext[i].getVersion(), updatePolicy); - loaderList.add(loader); - } - catch (Exception ex) { - ex.printStackTrace(); - } - } - //} + //if (ext != null) { + for (int i=0; i < ext.length; i++) { + try { + String uniqueKey = this.getJNLPFile().getUniqueKey(); + JNLPClassLoader loader = getInstance(ext[i].getLocation(), uniqueKey, ext[i].getVersion(), updatePolicy); + loaderList.add(loader); + } + catch (Exception ex) { + ex.printStackTrace(); + } + } + //} loaders = (JNLPClassLoader[]) loaderList.toArray(new JNLPClassLoader[ loaderList.size()]); } @@ -313,10 +317,10 @@ jars[i].getVersion()); if (JNLPRuntime.isDebug()) { - if (p == null) - System.out.println("Unable to add permission for " + jars[i].getLocation()); - else - System.out.println("Permission added: " + p.toString()); + if (p == null) + System.out.println("Unable to add permission for " + jars[i].getLocation()); + else + System.out.println("Permission added: " + p.toString()); } if (p != null) resourcePermissions.add(p); @@ -329,14 +333,14 @@ */ void initializeResources() throws LaunchException { JARDesc jars[] = resources.getJARs(); - if (jars == null || jars.length == 0) - return; - /* - if (jars == null || jars.length == 0) { - throw new LaunchException(null, null, R("LSFatal"), - R("LCInit"), R("LFatalVerification"), "No jars!"); - } - */ + if (jars == null || jars.length == 0) + return; + /* + if (jars == null || jars.length == 0) { + throw new LaunchException(null, null, R("LSFatal"), + R("LCInit"), R("LFatalVerification"), "No jars!"); + } + */ List initialJars = new ArrayList(); for (int i=0; i < jars.length; i++) { @@ -347,7 +351,7 @@ initialJars.add(jars[i]); // regardless of part tracker.addResource(jars[i].getLocation(), - jars[i].getVersion(), + jars[i].getVersion(), jars[i].isCacheable() ? JNLPRuntime.getDefaultUpdatePolicy() : UpdatePolicy.FORCE ); } @@ -355,42 +359,42 @@ if (strict) fillInPartJars(initialJars); // add in each initial part's lazy jars - if (JNLPRuntime.isVerifying()) { + if (JNLPRuntime.isVerifying()) { - JarSigner js; - waitForJars(initialJars); //download the jars first. + JarSigner js; + waitForJars(initialJars); //download the jars first. - try { - js = verifyJars(initialJars); - } catch (Exception e) { - //we caught an Exception from the JarSigner class. - //Note: one of these exceptions could be from not being able - //to read the cacerts or trusted.certs files. - e.printStackTrace(); - throw new LaunchException(null, null, R("LSFatal"), - R("LCInit"), R("LFatalVerification"), R("LFatalVerificationInfo")); - } + try { + js = verifyJars(initialJars); + } catch (Exception e) { + //we caught an Exception from the JarSigner class. + //Note: one of these exceptions could be from not being able + //to read the cacerts or trusted.certs files. + e.printStackTrace(); + throw new LaunchException(null, null, R("LSFatal"), + R("LCInit"), R("LFatalVerification"), R("LFatalVerificationInfo")); + } - //Case when at least one jar has some signing - if (js.anyJarsSigned()){ - signing = true; + //Case when at least one jar has some signing + if (js.anyJarsSigned()){ + signing = true; - //user does not trust this publisher - if (!js.getAlreadyTrustPublisher()) { - checkTrustWithUser(js); - } else { - /** - * If the user trusts this publisher (i.e. the publisher's certificate - * is in the user's trusted.certs file), we do not show any dialogs. - */ - } - } else { + //user does not trust this publisher + if (!js.getAlreadyTrustPublisher()) { + checkTrustWithUser(js); + } else { + /** + * If the user trusts this publisher (i.e. the publisher's certificate + * is in the user's trusted.certs file), we do not show any dialogs. + */ + } + } else { - signing = false; - //otherwise this jar is simply unsigned -- make sure to ask - //for permission on certain actions - } - } + signing = false; + //otherwise this jar is simply unsigned -- make sure to ask + //for permission on certain actions + } + } activateJars(initialJars); } @@ -400,7 +404,7 @@ boolean b = SecurityWarningDialog.showCertWarningDialog( SecurityWarningDialog.AccessType.UNVERIFIED, file, js); if (!b) - throw new LaunchException(null, null, R("LSFatal"), + throw new LaunchException(null, null, R("LSFatal"), R("LCLaunching"), R("LNotVerified"), ""); } else if (js.getRootInCacerts()) { //root cert is in cacerts boolean b = false; @@ -465,19 +469,19 @@ // access w/o security dialog once we actually check certificates. // copy security permissions from SecurityDesc element - if (security != null) { + if (security != null) { // Security desc. is used only to track security settings for the // application. However, an application may comprise of multiple // jars, and as such, security must be evaluated on a per jar basis. - + // set default perms PermissionCollection permissions = security.getSandBoxPermissions(); - + // If more than default is needed, evaluate based on codesource if (security.getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) || security.getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS)) { - if (cs.getCodeSigners() != null) { + if (cs.getCodeSigners() != null) { permissions = security.getPermissions(); } } @@ -487,23 +491,21 @@ result.add(e.nextElement()); } - - // add in permission to read the cached JAR files for (int i=0; i < resourcePermissions.size(); i++) result.add((Permission) resourcePermissions.get(i)); // add in the permissions that the user granted. for (int i=0; i < runtimePermissions.size(); i++) - result.add(runtimePermissions.get(i)); + result.add(runtimePermissions.get(i)); return result; } protected void addPermission(Permission p) { - runtimePermissions.add(p); + runtimePermissions.add(p); } - + /** * Adds to the specified list of JARS any other JARs that need * to be loaded at the same time as the JARs specified (ie, are @@ -549,25 +551,25 @@ URL location = jar.getLocation(); // non-cacheable, use source location if (localFile != null) { location = localFile.toURL(); // cached file - - // This is really not the best way.. but we need some way for - // PluginAppletViewer::getCachedImageRef() to check if the image - // is available locally, and it cannot use getResources() because - // that prefetches the resource, which confuses MediaTracker.waitForAll() - // which does a wait(), waiting for notification (presumably + + // This is really not the best way.. but we need some way for + // PluginAppletViewer::getCachedImageRef() to check if the image + // is available locally, and it cannot use getResources() because + // that prefetches the resource, which confuses MediaTracker.waitForAll() + // which does a wait(), waiting for notification (presumably // thrown after a resource is fetched). This bug manifests itself // particularly when using The FileManager applet from Webmin. - + JarFile jarFile = new JarFile(localFile); Enumeration e = jarFile.entries(); while (e.hasMoreElements()) { - + JarEntry je = (JarEntry) e.nextElement(); - - // another jar in my jar? it is more likely than you think + + // another jar in my jar? it is more likely than you think if (je.getName().endsWith(".jar")) { - // We need to extract that jar so that it can be loaded - // (inline loading with "jar:..!/..." path will not work + // We need to extract that jar so that it can be loaded + // (inline loading with "jar:..!/..." path will not work // with standard classloader methods) String extractedJarLocation = localFile.getParent() + "/" + je.getName(); @@ -612,7 +614,7 @@ addURL(location); - // there is currently no mechanism to cache files per + // there is currently no mechanism to cache files per // instance.. so only index cached files if (localFile != null) { JarIndex index = JarIndex.getJarIndex(new JarFile(localFile.getAbsolutePath()), null); @@ -684,11 +686,11 @@ * calls. */ protected File getNativeDir() { - nativeDir = new File(System.getProperty("java.io.tmpdir") - + File.separator + "netx-native-" + nativeDir = new File(System.getProperty("java.io.tmpdir") + + File.separator + "netx-native-" + (new Random().nextInt() & 0xFFFF)); - if (!nativeDir.mkdirs()) + if (!nativeDir.mkdirs()) return null; else return nativeDir; @@ -751,16 +753,16 @@ } /** - * Verifies code signing of jars to be used. - * - * @param jars the jars to be verified. - */ - private JarSigner verifyJars(List<JARDesc> jars) throws Exception { - - js = new JarSigner(); - js.verifyJars(jars, tracker); - return js; - } + * Verifies code signing of jars to be used. + * + * @param jars the jars to be verified. + */ + private JarSigner verifyJars(List<JARDesc> jars) throws Exception { + + js = new JarSigner(); + js.verifyJars(jars, tracker); + return js; + } /** * Find the loaded class in this loader or any of its extension loaders. @@ -813,7 +815,7 @@ // Not found in external loader either. As a last resort, look in any available indexes - // Currently this loads jars directly from the site. We cannot cache it because this + // Currently this loads jars directly from the site. We cannot cache it because this // call is initiated from within the applet, which does not have disk read/write permissions for (JarIndex index: jarIndexes) { LinkedList<String> jarList = index.get(name.replace('.', '/')); @@ -831,7 +833,7 @@ available.add(desc); tracker.addResource(desc.getLocation(), - desc.getVersion(), + desc.getVersion(), JNLPRuntime.getDefaultUpdatePolicy() ); @@ -855,7 +857,7 @@ } - // If it still fails, let it error out + // If it still fails, let it error out result = loadClassExt(name); } } @@ -939,7 +941,7 @@ if (loaders[i] == this) e = super.findResources(name); - else + else e = loaders[i].findResources(name); while (e.hasMoreElements()) @@ -948,10 +950,10 @@ return resources.elements(); } - + /** * Returns if the specified resource is available locally from a cached jar - * + * * @param s The name of the resource * @return Whether or not the resource is available locally */ @@ -997,8 +999,8 @@ fillInPartJars(jars); - - activateJars(jars); + + activateJars(jars); return this; } @@ -1027,13 +1029,13 @@ return file.getFileLocation().toString(); } - public boolean getSigning() { - return signing; - } + public boolean getSigning() { + return signing; + } - protected SecurityDesc getSecurity() { - return security; - } + protected SecurityDesc getSecurity() { + return security; + } }
--- a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java Tue Sep 15 12:47:59 2009 -0400 +++ b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java Wed Oct 07 09:48:00 2009 +0100 @@ -159,7 +159,7 @@ // We use the specification from - // http://java.sun.com/j2se/1.5.0/docs/api/java/security/cenetx/X509Certificate.html#getSubjectAlternativeNames() + // http://java.sun.com/j2se/1.5.0/docs/api/java/security/cert/X509Certificate.html#getSubjectAlternativeNames() // to determine the type of address int ALTNAME_DNS = 2; int ALTNAME_IP = 7;