Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8030813: Signed applet fails to load when CRLs are stored in an LDAP directory
authormullan
Tue, 24 Dec 2013 08:40:40 -0500
changeset 22089 ba496138fa35
parent 22086 866b0a7d0127
child 22090 658d6e464dd5
8030813: Signed applet fails to load when CRLs are stored in an LDAP directory Summary: Skip JNDI application resource lookup to avoid recursive JAR validation Reviewed-by: vinnie, herrick
jdk/src/share/classes/com/sun/naming/internal/ResourceManager.java file | annotate | diff | comparison | revisions
jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/com/sun/naming/internal/ResourceManager.java	Sun Dec 22 11:20:07 2013 +0100
+++ b/jdk/src/share/classes/com/sun/naming/internal/ResourceManager.java	Tue Dec 24 08:40:40 2013 -0500
@@ -67,6 +67,14 @@
     private static final String JRELIB_PROPERTY_FILE_NAME = "jndi.properties";
 
     /*
+     * Internal environment property, that when set to "true", disables
+     * application resource files lookup to prevent recursion issues
+     * when validating signed JARs.
+     */
+    private static final String DISABLE_APP_RESOURCE_FILES =
+        "com.sun.naming.disable.app.resource.files";
+
+    /*
      * The standard JNDI properties that specify colon-separated lists.
      */
     private static final String[] listProperties = {
@@ -224,6 +232,13 @@
             }
         }
 
+        // Return without merging if application resource files lookup
+        // is disabled.
+        String disableAppRes = (String)env.get(DISABLE_APP_RESOURCE_FILES);
+        if (disableAppRes != null && disableAppRes.equalsIgnoreCase("true")) {
+            return env;
+        }
+
         // Merge the above with the values read from all application
         // resource files.  Colon-separated lists are concatenated.
         mergeTables((Hashtable<Object, Object>)env, getApplicationResources());
--- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java	Sun Dec 22 11:20:07 2013 +0100
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java	Tue Dec 24 08:40:40 2013 -0500
@@ -50,6 +50,7 @@
 import sun.security.util.Cache;
 import sun.security.util.Debug;
 import sun.security.x509.X500Name;
+import sun.security.action.GetBooleanAction;
 import sun.security.action.GetPropertyAction;
 
 /**
@@ -135,6 +136,14 @@
     private final static String PROP_LIFETIME =
                             "sun.security.certpath.ldap.cache.lifetime";
 
+    /*
+     * Internal system property, that when set to "true", disables the
+     * JNDI application resource files lookup to prevent recursion issues
+     * when validating signed JARs with LDAP URLs in certificates.
+     */
+    private final static String PROP_DISABLE_APP_RESOURCE_FILES =
+        "sun.security.certpath.ldap.disable.app.resource.files";
+
     static {
         String s = AccessController.doPrivileged(
                                 new GetPropertyAction(PROP_LIFETIME));
@@ -237,6 +246,17 @@
         env.put(Context.INITIAL_CONTEXT_FACTORY,
                 "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, url);
+
+        // If property is set to true, disable application resource file lookup.
+        boolean disableAppResourceFiles = AccessController.doPrivileged(
+            new GetBooleanAction(PROP_DISABLE_APP_RESOURCE_FILES));
+        if (disableAppResourceFiles) {
+            if (debug != null) {
+                debug.println("LDAPCertStore disabling app resource files");
+            }
+            env.put("com.sun.naming.disable.app.resource.files", "true");
+        }
+
         try {
             ctx = new InitialDirContext(env);
             /*
jdk-sandbox