From f4ac27e177f6deb444280d3b375e7d343e38bd08 Mon Sep 17 00:00:00 2001 From: Sven Gothel Date: Tue, 13 Mar 2012 19:56:54 +0100 Subject: SecurityUtil: Generalize cert validation and AccessControlContext query; PropertyAccess: Fix security code, grant access to common 'trusted' properties - SecurityUtil - Generalize cert validation for JAR and property access - Grant access to common AccessControlContext for 'same' cert - PropertyAccess: - Fix security code: Passing the current AccessControlContext from the caller didn't include priviledges. - Grant access to common 'trusted' properties, which removes the need of passing the AccessControlContext for general properties like 'jnlp.', 'jogamp.' .. - Enable registering 'trusted' properties, when caller's cert is 'same' --- .../com/jogamp/common/jvm/JNILibLoaderBase.java | 96 +++++++++++----------- 1 file changed, 50 insertions(+), 46 deletions(-) (limited to 'src/java/com/jogamp/common/jvm') diff --git a/src/java/com/jogamp/common/jvm/JNILibLoaderBase.java b/src/java/com/jogamp/common/jvm/JNILibLoaderBase.java index a5c68e7..8d6e428 100644 --- a/src/java/com/jogamp/common/jvm/JNILibLoaderBase.java +++ b/src/java/com/jogamp/common/jvm/JNILibLoaderBase.java @@ -43,19 +43,19 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.net.URL; import java.security.AccessController; -import java.security.AccessControlContext; +import java.security.PrivilegedAction; import java.util.HashSet; import com.jogamp.common.os.Platform; import com.jogamp.common.util.JarUtil; +import com.jogamp.common.util.PropertyAccess; +import com.jogamp.common.util.SecurityUtil; import com.jogamp.common.util.cache.TempJarCache; import jogamp.common.Debug; -import jogamp.common.PropertyAccess; public class JNILibLoaderBase { - public static final boolean DEBUG = Debug.debug("JNILibLoader"); - private static final AccessControlContext localACC = AccessController.getContext(); + public static final boolean DEBUG = Debug.debug("JNILibLoader"); public interface LoaderAction { /** @@ -230,53 +230,57 @@ public class JNILibLoaderBase { static { final String sunAppletLauncherProperty = "sun.jnlp.applet.launcher"; final String sunAppletLauncherClassName = "org.jdesktop.applet.util.JNLPAppletLauncher"; - final boolean usingJNLPAppletLauncher = PropertyAccess.getBooleanProperty(sunAppletLauncherProperty, true, AccessController.getContext()); - Class launcherClass = null; - Method loadLibraryMethod = null; - - if (usingJNLPAppletLauncher) { - try { - launcherClass = Class.forName(sunAppletLauncherClassName); - } catch (ClassNotFoundException cnfe) { - // oops .. look like JNLPAppletLauncher doesn't exist, despite property - // this may happen if a previous applet was using JNLPAppletLauncher in the same JVM - System.err.println("JNILibLoaderBase: <"+sunAppletLauncherClassName+"> not found, despite enabled property <"+sunAppletLauncherProperty+">, JNLPAppletLauncher was probably used before"); - System.setProperty(sunAppletLauncherProperty, Boolean.FALSE.toString()); - } catch (LinkageError le) { - throw le; - } - if(null != launcherClass) { - try { - loadLibraryMethod = launcherClass.getDeclaredMethod("loadLibrary", new Class[] { String.class }); - } catch (NoSuchMethodException ex) { - if(DEBUG) { - ex.printStackTrace(); - } - launcherClass = null; - } - } - } + final Method loadLibraryMethod = AccessController.doPrivileged(new PrivilegedAction() { + public Method run() { + final boolean usingJNLPAppletLauncher = Debug.getBooleanProperty(sunAppletLauncherProperty, true); - if(null==launcherClass) { - String launcherClassName = Debug.getProperty("jnlp.launcher.class", false, localACC); - if(null!=launcherClassName) { - try { - launcherClass = Class.forName(launcherClassName); - loadLibraryMethod = launcherClass.getDeclaredMethod("loadLibrary", new Class[] { String.class }); - } catch (ClassNotFoundException ex) { - if(DEBUG) { - ex.printStackTrace(); + Class launcherClass = null; + Method loadLibraryMethod = null; + + if (usingJNLPAppletLauncher) { + try { + launcherClass = Class.forName(sunAppletLauncherClassName); + } catch (ClassNotFoundException cnfe) { + // oops .. look like JNLPAppletLauncher doesn't exist, despite property + // this may happen if a previous applet was using JNLPAppletLauncher in the same JVM + System.err.println("JNILibLoaderBase: <"+sunAppletLauncherClassName+"> not found, despite enabled property <"+sunAppletLauncherProperty+">, JNLPAppletLauncher was probably used before"); + System.setProperty(sunAppletLauncherProperty, Boolean.FALSE.toString()); + } catch (LinkageError le) { + throw le; + } + if(null != launcherClass) { + try { + loadLibraryMethod = launcherClass.getDeclaredMethod("loadLibrary", new Class[] { String.class }); + } catch (NoSuchMethodException ex) { + if(DEBUG) { + ex.printStackTrace(); + } + launcherClass = null; + } } - } catch (NoSuchMethodException ex) { - if(DEBUG) { - ex.printStackTrace(); + } + + if(null==launcherClass) { + String launcherClassName = PropertyAccess.getProperty("jnlp.launcher.class", false, null); + if(null!=launcherClassName) { + try { + launcherClass = Class.forName(launcherClassName); + loadLibraryMethod = launcherClass.getDeclaredMethod("loadLibrary", new Class[] { String.class }); + } catch (ClassNotFoundException ex) { + if(DEBUG) { + ex.printStackTrace(); + } + } catch (NoSuchMethodException ex) { + if(DEBUG) { + ex.printStackTrace(); + } + launcherClass = null; + } } - launcherClass = null; } - } - } - // customLauncherClass = launcherClass; + return loadLibraryMethod; + } } ); customLoadLibraryMethod = loadLibraryMethod; } -- cgit v1.2.3