changeset 8343:10ada39be190 8u40-b12

RT-39018: [PACKAGER] Remove cachecertificates from fx:permissions Summary: hard wire the cachecertificates option to false, and remove all dead code from that hard wiring. This causes jfx:details elements inside the security element to never be generated, so all assocaited dead code was removed as well.
author shemnon
date Sun, 26 Oct 2014 18:51:17 -0600
parents c23787b40872
children ee5b9dda302a 9f7015c6f28e 48363560f82c
files modules/fxpackager/src/main/java/com/sun/javafx/tools/ant/DeployFXTask.java modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/DeployParams.java modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/Main.java modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/PackagerLib.java
diffstat 4 files changed, 10 insertions(+), 99 deletions(-) [+]
line wrap: on
line diff
--- a/modules/fxpackager/src/main/java/com/sun/javafx/tools/ant/DeployFXTask.java	Sun Oct 26 02:00:27 2014 -0700
+++ b/modules/fxpackager/src/main/java/com/sun/javafx/tools/ant/DeployFXTask.java	Sun Oct 26 18:51:17 2014 -0600
@@ -163,7 +163,6 @@
 
         deployParams.setEmbedJNLP(embedJNLP);
         if (perms != null) {
-           deployParams.setEmbedCertifcates(perms.embed);
            deployParams.setAllPermissions(perms.elevated);
         }
 
@@ -551,7 +550,7 @@
      * @ant.type name="Permissions" category="javafx"
      */
     public static class Permissions extends DataType {
-        boolean embed = false;
+        @Deprecated final boolean embed = false;
         boolean elevated = true;
 
         /**
@@ -573,7 +572,9 @@
          * @ant.not-required By default is false.
          */
         public void setCacheCertificates(boolean v) {
-            embed = v;
+            if (v) {
+                Log.info("JavaFX Ant Tasks no longer support caching certificates in JNLP.  Setting ignored.");
+            }
         }
     }
 
--- a/modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/DeployParams.java	Sun Oct 26 02:00:27 2014 -0700
+++ b/modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/DeployParams.java	Sun Oct 26 18:51:17 2014 -0600
@@ -78,7 +78,7 @@
     String codebase;
 
     boolean embedJNLP = true;
-    boolean embedCertificates = false;
+    @Deprecated final boolean embedCertificates = false;
     boolean allPermissions = false;
     String updateMode = "background";
     boolean isExtension = false;
@@ -241,7 +241,9 @@
     }
 
     public void setEmbedCertifcates(boolean v) {
-        embedCertificates = v;
+        if (v) {
+            System.out.println("JavaFX Packager no longer supports embedding certificates in JNLP files.  Setting will be ignored.");
+        }
     }
 
     public void setPlaceholder(String p) {
--- a/modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/Main.java	Sun Oct 26 02:00:27 2014 -0700
+++ b/modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/Main.java	Sun Oct 26 18:51:17 2014 -0600
@@ -301,7 +301,7 @@
                         } else if (arg.equalsIgnoreCase("-embedJNLP")) {
                             deployParams.setEmbedJNLP(true);
                         } else if (arg.equalsIgnoreCase("-embedCertificates")) {
-                            deployParams.setEmbedCertifcates(true);
+                            System.out.println("-embedCertificates is deprecated");
                         } else if (arg.equalsIgnoreCase("-allpermissions")) {
                             deployParams.setAllPermissions(true);
                         } else if (arg.equalsIgnoreCase("-updatemode")) {
--- a/modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/PackagerLib.java	Sun Oct 26 02:00:27 2014 -0700
+++ b/modules/fxpackager/src/main/java/com/sun/javafx/tools/packager/PackagerLib.java	Sun Oct 26 18:51:17 2014 -0600
@@ -30,7 +30,6 @@
 import com.oracle.tools.packager.Log;
 import com.oracle.tools.packager.RelativeFileSet;
 import com.oracle.tools.packager.UnsupportedPlatformException;
-import com.sun.javafx.tools.ant.Utils;
 import com.sun.javafx.tools.packager.DeployParams.Icon;
 import com.sun.javafx.tools.packager.JarSignature.InputStreamSource;
 import com.sun.javafx.tools.packager.bundlers.*;
@@ -56,7 +55,6 @@
 import java.net.URLClassLoader;
 import java.nio.file.Files;
 import java.nio.file.StandardCopyOption;
-import java.security.CodeSigner;
 import java.security.InvalidKeyException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -64,7 +62,6 @@
 import java.security.PrivateKey;
 import java.security.SignatureException;
 import java.security.UnrecoverableKeyException;
-import java.security.cert.CertPath;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
@@ -72,7 +69,6 @@
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Base64;
-import java.util.Collection;
 import java.util.EnumMap;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -110,7 +106,6 @@
     private DeployParams deployParams;
     private CreateBSSParams createBssParams;
     private File bssTmpDir;
-    private boolean isSignedJNLP;
 
 
     private enum Filter {ALL, CLASSES_ONLY, RESOURCES}
@@ -143,7 +138,7 @@
                 return null;
             }
             try (JarFile jf = new JarFile(f)) {
-                Manifest m = jf.getManifest(); //try to read manifest to validate it is jar
+                jf.getManifest(); //try to read manifest to validate it is jar
                 return f;
             } catch (Exception e) {
                 //treat any exception as "not a special case" scenario
@@ -987,7 +982,6 @@
         if (deployParams.allPermissions) {
             out.println("<security>");
             out.println("  <all-permissions/>");
-            processEmbeddedCertificates(out);
             out.println("</security>");
         }
 
@@ -1141,10 +1135,6 @@
         }
         out.println("  " + includeDtString);
 
-        String webstartError = "System is not setup to launch JavaFX applications. " +
-                "Make sure that you have a recent Java runtime, then install JavaFX Runtime 2.0 "+
-                "and check that JavaFX is enabled in the Java Control Panel.";
-
         List<String> w_app = new ArrayList<>();
         List<String> w_platform = new ArrayList<>();
         List<String> w_callback = new ArrayList<>();
@@ -1666,86 +1656,4 @@
         return dir.delete();
     }
 
-    private void processEmbeddedCertificates(PrintStream out)
-            throws CertificateEncodingException, IOException {
-        if (deployParams.embedCertificates) {
-            Set<CertPath> certPaths = collectCertPaths();
-            String signed = isSignedJNLP ? " signedjnlp=\"true\">" : ">";
-            if (certPaths != null && !certPaths.isEmpty()) {
-                out.println("  <jfx:details" + signed);
-                for (CertPath cp : certPaths) {
-                    String base64 = Utils.getBase64Encoded(cp);
-                    out.println("     <jfx:certificate-path>" + base64 +
-                            "</jfx:certificate-path>");
-                }
-                out.println("  </jfx:details>");
-            }
-        }
-    }
-
-    private Set<CertPath> collectCertPaths() throws IOException {
-        Set<CertPath> result = new HashSet<>();
-        for (DeployResource resource: deployParams.resources) {
-            final File srcFile = resource.getFile();
-            if (srcFile.exists() && srcFile.isFile() &&
-                srcFile.getName().toLowerCase().endsWith("jar")) {
-                result.addAll(extractCertPaths(srcFile));
-            }
-        }
-        return result;
-    }
-
-    private Set<CertPath> extractCertPaths(File jar) throws IOException {
-        Set<CertPath> result = new HashSet<>();
-        JarFile jf = new JarFile(jar);
-
-        // need to fully read jar file to build up internal signer info map
-        Utils.readAllFully(jf);
-
-        boolean blobSigned = false;
-        Enumeration<JarEntry> entries = jf.entries();
-        while (entries.hasMoreElements()) {
-            JarEntry je = entries.nextElement();
-            String entryName = je.getName();
-
-            CodeSigner[] signers;
-            if (entryName.equalsIgnoreCase(JarSignature.BLOB_SIGNATURE)) {
-                byte[] raw = Utils.getBytes(jf.getInputStream(je));
-                try {
-                    JarSignature js = JarSignature.load(raw);
-                    blobSigned = true;
-                    signers = js.getCodeSigners();
-                } catch(Exception ex) {
-                    throw new IOException(ex);
-                }
-            } else {
-                signers = je.getCodeSigners();
-            }
-            result.addAll(extractCertPaths(signers));
-
-            if (entryName.equalsIgnoreCase("JNLP-INF/APPLICATION.JNLP")) {
-                isSignedJNLP = true;
-            }
-
-            // if blob and also know signed JNLP, no need to continue
-            if (blobSigned && isSignedJNLP) {
-                break;
-            }
-
-        }
-        return result;
-    }
-
-    private static Collection<CertPath> extractCertPaths(CodeSigner[] signers) {
-        Collection<CertPath> result = new ArrayList<>();
-        if (signers != null) {
-            for (CodeSigner cs : signers) {
-                CertPath cp = cs.getSignerCertPath();
-                if (cp != null) {
-                    result.add(cp);
-                }
-            }
-        }
-        return result;
-    }
 }