[RFC[PATCH]: Patch fix for algorithm that verifies signed JNLP file s
smohamma at redhat.com
Tue Aug 2 14:06:32 PDT 2011
I have read all the comments and reviews on my previous patch that added the algorithm of checking signed JNLP files. I want to thank you all for your input, it was a big help to me.
Since I have committed one of the patches, I have attached a new patch that addresses the issues we had with the previous patch.
2011-08-02 Saad Mohammad <smohammad at redhat.com>
(JNLPMatcher): Removed NullPointerException from being thrown, caught and
then thrown again via JNLPMatcherException. This was replaced by throwing
a checked exception [JNLPMatcherException] directly.
(JNLPMatcher): Removed unused code [getters]
(JNLPMatcher): Closed Input/Output streams that were opened.
(isMatch): Removed caching of return value
(closeInputStream): Added this method to close input streams
(closeOutputStream): Added this method to close output streama
Removed getAttributeNames() method from the commented section
I have not attached the implementation of verifying signed JNLP file when launching the application
(Patch 2 from previous emails with subject: [RFC][PATCH][icedtea-web]: Added support for signed JNLP file- Updated Patch]).
I have discovered some new changes that should be implemented:
- The main jar file is ONLY checked for a signed JNLP file (It should not check other jar resource; just the jar with the main class)
- As Omair pointed out, we have to handle "lazy" jars differently. At the moment, there is a bug that I will need to fix before I can continue: all 'lazy' jars are automatically considered unsigned by
IcedTea-Web (even ones with valid signatures)
- Applications with a valid signed JNLP file have special security privileges and also allows special arguments to be passed though using "java-vm-args" attribute within the js2e element. I have also read
that special properties can be used with a signed JNLP file application. I am uncertain if there are any properties or vm arguments that IcedTea-Web has restricted unless the application has certain
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6093 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20110802/514d06a5/Patch1d.patch
More information about the distro-pkg-dev