Verify nested jars just like main jars

Fix an exception that occurs when More Information is clicked in the
Certificate warning dialog when dealing with signed nested jars.

2011-02-01  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
    (activateJars): Add the nested jar to ResourceTracker. Use
    JarSigner.verifyJars instead of JarSigner.verifyJar.
    * netx/net/sourceforge/jnlp/tools/JarSigner.java
    (verifyJar): Make private to indicate nothing should be using this
    directly.

1 files changed, 5 insertions, 1 deletions

diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index acadde0..30f1af2 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -693,7 +693,11 @@ public class JNLPClassLoader extends URLClassLoader {
                                     }
 
                                     JarSigner signer = new JarSigner();
-                                    signer.verifyJar(extractedJarLocation);
+                                    List<JARDesc> jars = new ArrayList<JARDesc>();
+                                    JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
+                                    jars.add(jarDesc);
+                                    tracker.addResource(new File(extractedJarLocation).toURL(), null, null);
+                                    signer.verifyJars(jars, tracker);
 
                                     if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
                                         checkTrustWithUser(signer);