From f4ac27e177f6deb444280d3b375e7d343e38bd08 Mon Sep 17 00:00:00 2001
From: Sven Gothel <sgothel@jausoft.com>
Date: Tue, 13 Mar 2012 19:56:54 +0100
Subject: SecurityUtil: Generalize cert validation and AccessControlContext
 query; PropertyAccess: Fix security code, grant access to common 'trusted'
 properties

- SecurityUtil
  - Generalize cert validation for JAR and property access
  - Grant access to common AccessControlContext for 'same' cert

- PropertyAccess:
  - Fix security code: Passing the current AccessControlContext from the caller
    didn't include priviledges.

  - Grant access to common 'trusted' properties,
    which removes the need of passing the AccessControlContext for general properties
    like 'jnlp.', 'jogamp.' ..

  - Enable registering 'trusted' properties, when caller's cert is 'same'
---
 src/java/com/jogamp/common/util/JarUtil.java | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

(limited to 'src/java/com/jogamp/common/util/JarUtil.java')

diff --git a/src/java/com/jogamp/common/util/JarUtil.java b/src/java/com/jogamp/common/util/JarUtil.java
index bd63a56..85a10ce 100644
--- a/src/java/com/jogamp/common/util/JarUtil.java
+++ b/src/java/com/jogamp/common/util/JarUtil.java
@@ -539,26 +539,20 @@ public class JarUtil {
         // InputStream in order to be able to get its certificates
 
         InputStream is = jar.getInputStream(entry);
-        while (is.read(buf) > 0) { }
-        is.close();
+        try {
+            while (is.read(buf) > 0) { }
+        } finally {
+            is.close();
+        }
 
         // Get the certificates for the JAR entry
-        Certificate[] nativeCerts = entry.getCertificates();
+        final Certificate[] nativeCerts = entry.getCertificates();
         if (nativeCerts == null || nativeCerts.length == 0) {
             throw new SecurityException("no certificate for " + entry.getName() + " in " + jar.getName());
         }
 
-        int checked = 0;
-        for (int i = 0; i < rootCerts.length; i++) {
-            for (int j = 0; j < nativeCerts.length; j++) {
-                if (nativeCerts[j].equals(rootCerts[i])){
-                    checked++;
-                    break;
-                }
-            }
-        }
-        if( checked != rootCerts.length ) {
-            throw new SecurityException("not all certificates match, only "+checked+" out of "+rootCerts.length+" for " + entry.getName() + " in " + jar.getName());
+        if( !SecurityUtil.equals(rootCerts, nativeCerts) ) {
+            throw new SecurityException("certificates not equal for " + entry.getName() + " in " + jar.getName());
         }
     }
 }
-- 
cgit v1.2.3