stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8030813: Signed applet fails to load when CRLs are stored in an LDAP directory

Browse Source 
Skip JNDI application resource lookup to avoid recursive JAR validation

Reviewed-by: vinnie, herrick
This commit is contained in:
Sean Mullan 2013-12-24 08:40:40 -05:00
parent 39db63b1df
commit 8e04ecdca9
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
jdk/src/share/classes/com/sun/naming/internal/ResourceManager.java
View File

@ -66,6 +66,14 @@ public final class ResourceManager {
*/ */
private static final String JRELIB_PROPERTY_FILE_NAME = "jndi.properties"; private static final String JRELIB_PROPERTY_FILE_NAME = "jndi.properties";
/*
* Internal environment property, that when set to "true", disables
* application resource files lookup to prevent recursion issues
* when validating signed JARs.
*/
private static final String DISABLE_APP_RESOURCE_FILES =
"com.sun.naming.disable.app.resource.files";
/* /*
* The standard JNDI properties that specify colon-separated lists. * The standard JNDI properties that specify colon-separated lists.
*/ */
@ -224,6 +232,13 @@ public final class ResourceManager {
} }
} }
// Return without merging if application resource files lookup
// is disabled.
String disableAppRes = (String)env.get(DISABLE_APP_RESOURCE_FILES);
if (disableAppRes != null && disableAppRes.equalsIgnoreCase("true")) {
return env;
}
// Merge the above with the values read from all application // Merge the above with the values read from all application
// resource files. Colon-separated lists are concatenated. // resource files. Colon-separated lists are concatenated.
mergeTables((Hashtable<Object, Object>)env, getApplicationResources()); mergeTables((Hashtable<Object, Object>)env, getApplicationResources());

20
jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
View File

@ -50,6 +50,7 @@ import sun.security.provider.certpath.X509CertificatePair;
import sun.security.util.Cache; import sun.security.util.Cache;
import sun.security.util.Debug; import sun.security.util.Debug;
import sun.security.x509.X500Name; import sun.security.x509.X500Name;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction; import sun.security.action.GetPropertyAction;
/** /**
@ -135,6 +136,14 @@ public final class LDAPCertStore extends CertStoreSpi {
private final static String PROP_LIFETIME = private final static String PROP_LIFETIME =
"sun.security.certpath.ldap.cache.lifetime"; "sun.security.certpath.ldap.cache.lifetime";
/*
* Internal system property, that when set to "true", disables the
* JNDI application resource files lookup to prevent recursion issues
* when validating signed JARs with LDAP URLs in certificates.
*/
private final static String PROP_DISABLE_APP_RESOURCE_FILES =
"sun.security.certpath.ldap.disable.app.resource.files";
static { static {
String s = AccessController.doPrivileged( String s = AccessController.doPrivileged(
new GetPropertyAction(PROP_LIFETIME)); new GetPropertyAction(PROP_LIFETIME));
@ -237,6 +246,17 @@ public final class LDAPCertStore extends CertStoreSpi {
env.put(Context.INITIAL_CONTEXT_FACTORY, env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory"); "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url); env.put(Context.PROVIDER_URL, url);
// If property is set to true, disable application resource file lookup.
boolean disableAppResourceFiles = AccessController.doPrivileged(
new GetBooleanAction(PROP_DISABLE_APP_RESOURCE_FILES));
if (disableAppResourceFiles) {
if (debug != null) {
debug.println("LDAPCertStore disabling app resource files");
}
env.put("com.sun.naming.disable.app.resource.files", "true");
}
try { try {
ctx = new InitialDirContext(env); ctx = new InitialDirContext(env);
/* /*