SecurityUtil: Generalize cert validation and AccessControlContext query; PropertyAccess: Fix security code, grant access to common 'trusted' properties

- SecurityUtil
  - Generalize cert validation for JAR and property access
  - Grant access to common AccessControlContext for 'same' cert

- PropertyAccess:
  - Fix security code: Passing the current AccessControlContext from the caller
    didn't include priviledges.

  - Grant access to common 'trusted' properties,
    which removes the need of passing the AccessControlContext for general properties
    like 'jnlp.', 'jogamp.' ..

  - Enable registering 'trusted' properties, when caller's cert is 'same'

2 files changed, 10 insertions, 6 deletions

diff --git a/src/java/com/jogamp/common/util/cache/TempFileCache.java b/src/java/com/jogamp/common/util/cache/TempFileCache.java
index c3b24aa..51c698e 100644
--- a/src/java/com/jogamp/common/util/cache/TempFileCache.java
+++ b/src/java/com/jogamp/common/util/cache/TempFileCache.java
@@ -33,8 +33,10 @@ import java.io.FilenameFilter;
 import java.io.IOException;
 import java.nio.channels.FileChannel;
 import java.nio.channels.FileLock;
+import java.security.AccessControlContext;
 
 import com.jogamp.common.util.IOUtil;
+import com.jogamp.common.util.SecurityUtil;
 
 import jogamp.common.Debug;
 
@@ -70,14 +72,16 @@ public class TempFileCache {
     private File individualTmpDir;
 
     static {
+        final AccessControlContext acc = SecurityUtil.getCommonAccessControlContext(TempFileCache.class);
+        
         // Global Lock !
-        synchronized (System.out) {
+        synchronized (System.out) {           
             // Create / initialize the temp root directory, starting the Reaper
             // thread to reclaim old installations if necessary. If we get an
             // exception, set an error code.
             File _tmpBaseDir = null;
-            try {            
-                _tmpBaseDir = IOUtil.getTempDir(tmpDirPrefix); // Retrieve the tmpbase directory.            
+            try {           
+                _tmpBaseDir = IOUtil.getTempDir(tmpDirPrefix, acc); // Retrieve the tmpbase directory.            
             } catch (Exception ex) {
                 System.err.println("Warning: Catched Exception while retrieving temp base directory:");
                 ex.printStackTrace();
diff --git a/src/java/com/jogamp/common/util/cache/TempJarCache.java b/src/java/com/jogamp/common/util/cache/TempJarCache.java
index 162b151..96e68df 100644
--- a/src/java/com/jogamp/common/util/cache/TempJarCache.java
+++ b/src/java/com/jogamp/common/util/cache/TempJarCache.java
@@ -50,6 +50,7 @@ import jogamp.common.Debug;
 import com.jogamp.common.os.NativeLibrary;
 import com.jogamp.common.util.IOUtil;
 import com.jogamp.common.util.JarUtil;
+import com.jogamp.common.util.SecurityUtil;
 
 public class TempJarCache {
     private static final boolean DEBUG = Debug.debug("TempJarCache");
@@ -391,9 +392,8 @@ public class TempJarCache {
         if(null == certClass) {
             throw new IllegalArgumentException("certClass is null");
         }
-        final Certificate[] rootCerts = 
-                certClass.getProtectionDomain().getCodeSource().getCertificates();
-        if( null != rootCerts && rootCerts.length>0 ) {
+        final Certificate[] rootCerts = SecurityUtil.getCerts(certClass);
+        if( null != rootCerts ) {
             // Only validate the jarFile's certs with ours, if we have any.
             // Otherwise we may run uncertified JARs (application).
             // In case one tries to run uncertified JARs, the wrapping applet/JNLP