aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--NEWS1
-rw-r--r--netx/net/sourceforge/jnlp/tools/JarCertVerifier.java26
3 files changed, 15 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index fa96cb6..f2114e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2012-06-12 Adam Domurad <[email protected]>
+
+ Fixes PR722, javaws failing to run with unsigned content in META-INF/
+ * NEWS: Added entry: Fixes PR722
+ * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Changed
+ isSignatureRelated => isMetaInfFile. Now all files under META-INF/ are
+ disregarded in checking the jar signage.
+
2012-06-11 Jiri Vanek <[email protected]>
Implemented xml logging backend
diff --git a/NEWS b/NEWS
index f4bce17..a61688a 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,7 @@ New in release 1.3 (2012-XX-XX):
- PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
- PR861: Allow loading from non codebase hosts. Allow code to connect to hosting server
- PR518: NPString.utf8characters not guaranteed to be nul-terminated
+ - PR722: META-INF/ unsigned entries should be ignored in signing
* Common
- PR918: java applet windows uses a low resulution black/white icon
diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
index fa22675..f98241d 100644
--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
@@ -277,7 +277,7 @@ public class JarCertVerifier implements CertVerifier {
anySigned |= isSigned;
boolean shouldHaveSignature = !je.isDirectory()
- && !signatureRelated(name);
+ && !isMetaInfFile(name);
hasUnsignedEntry |= shouldHaveSignature && !isSigned;
@@ -438,32 +438,18 @@ public class JarCertVerifier implements CertVerifier {
}
/**
- * signature-related files include:
+ * Returns whether a file is in META-INF, and thus does not require signing.
+ *
+ * Signature-related files under META-INF include:
* . META-INF/MANIFEST.MF
* . META-INF/SIG-*
* . META-INF/*.SF
* . META-INF/*.DSA
* . META-INF/*.RSA
- *
- * Required for verifyJar()
*/
- private boolean signatureRelated(String name) {
+ static private boolean isMetaInfFile(String name) {
String ucName = name.toUpperCase();
- if (ucName.equals(JarFile.MANIFEST_NAME) ||
- ucName.equals(META_INF) ||
- (ucName.startsWith(SIG_PREFIX) &&
- ucName.indexOf("/") == ucName.lastIndexOf("/"))) {
- return true;
- }
-
- if (ucName.startsWith(META_INF) &&
- SignatureFileVerifier.isBlockOrSF(ucName)) {
- // .SF/.DSA/.RSA files in META-INF subdirs
- // are not considered signature-related
- return (ucName.indexOf("/") == ucName.lastIndexOf("/"));
- }
-
- return false;
+ return ucName.startsWith(META_INF);
}
/**
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 21:43:03 +0000