changeset 7025:ff1c173f8810

Merge
author asaha
date Thu, 09 Jan 2014 07:58:13 -0800
parents 87efaa6ab6c5 e9143dc3dc2a
children a6ec20a1aa89
files .hgtags
diffstat 3 files changed, 36 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Mon Jan 06 17:02:35 2014 -0800
+++ b/.hgtags	Thu Jan 09 07:58:13 2014 -0800
@@ -367,6 +367,7 @@
 8c343a783777b8728cb819938f387db0acf7f3ac jdk7u45-b31
 402d54c7d8ce95f3945cc3d698e528e4adec7b9b jdk7u45-b33
 34e8f9f26ae612ebac36357eecbe70ea20e0233c jdk7u45-b34
+3dbb06a924cdf73d39b8543824ec88ae501ba5c6 jdk7u45-b35
 3c9a6d9eafd31be44b0ade0354e60f5078b417a4 jdk7u51-b00
 d76613074ff357d0664b97b4aaf99fbb65dcec47 jdk7u51-b01
 fb057871f094ebe4906ad6856326768b01a62c45 jdk7u51-b02
--- a/src/share/classes/com/sun/naming/internal/ResourceManager.java	Mon Jan 06 17:02:35 2014 -0800
+++ b/src/share/classes/com/sun/naming/internal/ResourceManager.java	Thu Jan 09 07:58:13 2014 -0800
@@ -69,6 +69,14 @@
     private static final String JRELIB_PROPERTY_FILE_NAME = "jndi.properties";
 
     /*
+     * Internal environment property, that when set to "true", disables
+     * application resource files lookup to prevent recursion issues
+     * when validating signed JARs.
+     */
+    private static final String DISABLE_APP_RESOURCE_FILES =
+        "com.sun.naming.disable.app.resource.files";
+
+    /*
      * The standard JNDI properties that specify colon-separated lists.
      */
     private static final String[] listProperties = {
@@ -218,6 +226,13 @@
             }
         }
 
+        // Return without merging if application resource files lookup
+        // is disabled.
+        String disableAppRes = (String)env.get(DISABLE_APP_RESOURCE_FILES);
+        if (disableAppRes != null && disableAppRes.equalsIgnoreCase("true")) {
+            return env;
+        }
+
         // Merge the above with the values read from all application
         // resource files.  Colon-separated lists are concatenated.
         mergeTables(env, getApplicationResources());
--- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java	Mon Jan 06 17:02:35 2014 -0800
+++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java	Thu Jan 09 07:58:13 2014 -0800
@@ -50,6 +50,7 @@
 import sun.security.util.Cache;
 import sun.security.util.Debug;
 import sun.security.x509.X500Name;
+import sun.security.action.GetBooleanAction;
 import sun.security.action.GetPropertyAction;
 
 /**
@@ -135,6 +136,14 @@
     private final static String PROP_LIFETIME =
                             "sun.security.certpath.ldap.cache.lifetime";
 
+    /*
+     * Internal system property, that when set to "true", disables the
+     * JNDI application resource files lookup to prevent recursion issues
+     * when validating signed JARs with LDAP URLs in certificates.
+     */
+    private final static String PROP_DISABLE_APP_RESOURCE_FILES =
+        "sun.security.certpath.ldap.disable.app.resource.files";
+
     static {
         String s = AccessController.doPrivileged(
                                 new GetPropertyAction(PROP_LIFETIME));
@@ -236,6 +245,17 @@
         env.put(Context.INITIAL_CONTEXT_FACTORY,
                 "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, url);
+
+        // If property is set to true, disable application resource file lookup.
+        boolean disableAppResourceFiles = AccessController.doPrivileged(
+            new GetBooleanAction(PROP_DISABLE_APP_RESOURCE_FILES));
+        if (disableAppResourceFiles) {
+            if (debug != null) {
+                debug.println("LDAPCertStore disabling app resource files");
+            }
+            env.put("com.sun.naming.disable.app.resource.files", "true");
+        }
+
         try {
             ctx = new InitialDirContext(env);
             /*