diff options
| author | Sven Gothel <[email protected]> | 2012-03-13 19:56:54 +0100 |
|---|---|---|
| committer | Sven Gothel <[email protected]> | 2012-03-13 19:56:54 +0100 |
| commit | f4ac27e177f6deb444280d3b375e7d343e38bd08 (patch) | |
| tree | 5dc8835bd3fb47475219d71e278d622ef5742420 /src/java/com/jogamp/common/util/JarUtil.java | |
| parent | bab77b637e7cdd327de5f66989fcbfc0298b9b88 (diff) | |
SecurityUtil: Generalize cert validation and AccessControlContext query; PropertyAccess: Fix security code, grant access to common 'trusted' properties
- SecurityUtil
- Generalize cert validation for JAR and property access
- Grant access to common AccessControlContext for 'same' cert
- PropertyAccess:
- Fix security code: Passing the current AccessControlContext from the caller
didn't include priviledges.
- Grant access to common 'trusted' properties,
which removes the need of passing the AccessControlContext for general properties
like 'jnlp.', 'jogamp.' ..
- Enable registering 'trusted' properties, when caller's cert is 'same'
Diffstat (limited to 'src/java/com/jogamp/common/util/JarUtil.java')
| -rw-r--r-- | src/java/com/jogamp/common/util/JarUtil.java | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/src/java/com/jogamp/common/util/JarUtil.java b/src/java/com/jogamp/common/util/JarUtil.java index bd63a56..85a10ce 100644 --- a/src/java/com/jogamp/common/util/JarUtil.java +++ b/src/java/com/jogamp/common/util/JarUtil.java @@ -539,26 +539,20 @@ public class JarUtil { // InputStream in order to be able to get its certificates InputStream is = jar.getInputStream(entry); - while (is.read(buf) > 0) { } - is.close(); + try { + while (is.read(buf) > 0) { } + } finally { + is.close(); + } // Get the certificates for the JAR entry - Certificate[] nativeCerts = entry.getCertificates(); + final Certificate[] nativeCerts = entry.getCertificates(); if (nativeCerts == null || nativeCerts.length == 0) { throw new SecurityException("no certificate for " + entry.getName() + " in " + jar.getName()); } - int checked = 0; - for (int i = 0; i < rootCerts.length; i++) { - for (int j = 0; j < nativeCerts.length; j++) { - if (nativeCerts[j].equals(rootCerts[i])){ - checked++; - break; - } - } - } - if( checked != rootCerts.length ) { - throw new SecurityException("not all certificates match, only "+checked+" out of "+rootCerts.length+" for " + entry.getName() + " in " + jar.getName()); + if( !SecurityUtil.equals(rootCerts, nativeCerts) ) { + throw new SecurityException("certificates not equal for " + entry.getName() + " in " + jar.getName()); } } } |