diff options
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java | 19 | ||||
-rw-r--r-- | netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 79 |
4 files changed, 103 insertions, 7 deletions
@@ -1,3 +1,14 @@ +2011-09-28 Deepak Bhole <[email protected]> + + PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path + element in the manifest. + * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java + (retrieve): Blank out the Class-Path elements in manifest. + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java + (activateJars): Only load Class-Path elements if this is an applet. + (addNewJar): Add the right permissions for the cached jar file and verify + signatures. + 2011-09-26 Lars Herschke <[email protected]> * netx/net/sourceforge/jnlp/resources/Messages.properties: Add @@ -25,6 +25,7 @@ Common - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted. - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7 - PR789: typo in jrunscript.sh + - PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path element in the manifest - RH734081: Javaws cannot use proxy settings from Firefox - RH738814: Access denied at ssl handshake - Support for authenticating using client certificates diff --git a/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java b/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java index ca3f4be..48364df 100644 --- a/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java +++ b/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java @@ -94,7 +94,24 @@ final class CachedJarFileCallback implements URLJarFileCallBack { if (UrlUtils.isLocalFile(localUrl)) { // if it is known to us, just return the cached file - return new JarFile(localUrl.getPath()); + JarFile returnFile = new JarFile(localUrl.getPath()); + + try { + + // Blank out the class-path because: + // 1) Web Start does not support it + // 2) For the plug-in, we want to cache files from class-path so we do it manually + returnFile.getManifest().getMainAttributes().putValue("Class-Path", ""); + + if (JNLPRuntime.isDebug()) { + System.err.println("Class-Path attribute cleared for " + returnFile.getName()); + } + + } catch (NullPointerException npe) { + // Discard NPE here. Maybe there was no manifest, maybe there were no attributes, etc. + } + + return returnFile; } else { // throw new IllegalStateException("a non-local file in cache"); return null; diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java index 1706076..03e3763 100644 --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java @@ -35,6 +35,7 @@ import java.security.Permission; import java.security.PermissionCollection; import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; @@ -1019,7 +1020,11 @@ public class JNLPClassLoader extends URLClassLoader { JarFile jarFile = new JarFile(localFile.getAbsolutePath()); Manifest mf = jarFile.getManifest(); - classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath())); + + if (file instanceof PluginBridge) { + classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath())); + } + JarIndex index = JarIndex.getJarIndex(jarFile, null); if (index != null) jarIndexes.add(index); @@ -1334,7 +1339,7 @@ public class JNLPClassLoader extends URLClassLoader { * is downloaded. * @param desc the JARDesc for the new jar */ - private void addNewJar(JARDesc desc) { + private void addNewJar(final JARDesc desc) { available.add(desc); @@ -1344,10 +1349,72 @@ public class JNLPClassLoader extends URLClassLoader { JNLPRuntime.getDefaultUpdatePolicy() ); - URL remoteURL = desc.getLocation(); - URL cachedUrl = tracker.getCacheURL(remoteURL); - addURL(remoteURL); - CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl); + // Give read permissions to the cached jar file + AccessController.doPrivileged(new PrivilegedAction<Void>() { + public Void run() { + Permission p = CacheUtil.getReadPermission(desc.getLocation(), + desc.getVersion()); + + resourcePermissions.add(p); + + return null; + } + }); + + final URL remoteURL = desc.getLocation(); + final URL cachedUrl = tracker.getCacheURL(remoteURL); // blocks till download + + available.remove(desc); // Resource downloaded. Remove from available list. + + try { + + // Verify if needed + + final JarSigner signer = new JarSigner(); + final List<JARDesc> jars = new ArrayList<JARDesc>(); + jars.add(desc); + + // Decide what level of security this jar should have + // The verification and security setting functions rely on + // having AllPermissions as those actions normally happen + // during initialization. We therefore need to do those + // actions as privileged. + + AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { + public Void run() throws Exception { + signer.verifyJars(jars, tracker); + + if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) { + checkTrustWithUser(signer); + } + + final SecurityDesc security; + if (signer.anyJarsSigned()) { + security = new SecurityDesc(file, + SecurityDesc.ALL_PERMISSIONS, + file.getCodeBase().getHost()); + } else { + security = new SecurityDesc(file, + SecurityDesc.SANDBOX_PERMISSIONS, + file.getCodeBase().getHost()); + } + + jarLocationSecurityMap.put(remoteURL, security); + + return null; + } + }); + + addURL(remoteURL); + CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl); + + } catch (Exception e) { + // Do nothing. This code is called by loadClass which cannot + // throw additional exceptions. So instead, just ignore it. + // Exception => jar will not get added to classpath, which will + // result in CNFE from loadClass. + e.printStackTrace(); + } } /** |