RH677772: NoSuchAlgorithmException using SSL/TLS in javaws

Grant AllPermission to CodeSource originating from jre/lib/ext, and let Java's
security model work. The cryptography code already does a doPrivilegedAction
when initialzing cryptography providers which takes care of everything.

2011-02-23  Omair Majid  <[email protected]>

    RH677772: NoSuchAlgorithmException using SSL/TLS in javaws
    * NEWS: Update with bugfix.
    * netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java: Add new field
    jreExtDir.
    (JNLPPolicy): Initialize jreExtDir.
    (getPermissions): Grant AllPermissions if the CodeSourse is a system jar.
    (isSystemJar): New method.
    * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
    (checkPermission): Remove special casing of
    SecurityPermission("putProviderProperty.SunJCE") and
    SecurityPermission("accessClassInPackage.sun.security.internal.spec").
    (inTrustedCallChain): Remove.

1 files changed, 0 insertions, 49 deletions

diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
index 8807c58..b5b23ca 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
@@ -306,27 +306,6 @@ class JNLPSecurityManager extends AWTSecurityManager {
                             }
                         }
                     }
-
-                } else if (perm instanceof SecurityPermission) {
-                    tmpPerm = perm;
-
-                    // JCE's initialization requires putProviderProperty permission
-                    if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
-                        if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
-                            return;
-                        }
-                    }
-
-                } else if (perm instanceof RuntimePermission) {
-                    tmpPerm = perm;
-
-                    // KeyGenerator's init method requires internal spec access
-                    if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
-                        if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
-                            return;
-                        }
-                    }
-
                 } else {
                     tmpPerm = perm;
                 }
@@ -351,34 +330,6 @@ class JNLPSecurityManager extends AWTSecurityManager {
     }
 
     /**
-     * Returns weather the given class and method are in the current stack,
-     * and whether or not everything upto then is trusted
-     *
-     * @param className The name of the class to look for in the stack
-     * @param methodName The name of the method for the given class to look for in the stack
-     * @return Weather or not class::method() are in the chain, and everything upto there is trusted
-     */
-    private boolean inTrustedCallChain(String className, String methodName) {
-
-        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
-
-        for (int i = 0; i < stack.length; i++) {
-
-            // Everything up to the desired class/method must be trusted
-            if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) {
-                return false;
-            }
-
-            if (stack[i].getClassName().equals(className) &&
-                    stack[i].getMethodName().equals(methodName)) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
      * Asks the user whether or not to grant permission.
      * @param perm the permission to be granted
      * @return true if the permission was granted, false otherwise.