Revision: 4704
http://sourceforge.net/p/vexi/code/4704
Author: mkpg2
Date: 2014-06-25 15:51:16 +0000 (Wed, 25 Jun 2014)
Log Message:
-----------
Remove/commented out url checking. It has since become a requirement of signed
applets that they only run from certain urls, so this is more or less redundant.
Modified Paths:
--------------
trunk/org.vexi-launcher/src/main/java/org/vexi/launcher/Launcher.java
trunk/org.vexi-launcher/src/main/java/org/vexi/launcher/LauncherApplet.java
trunk/org.vexi-launcher/src/test/java/org/vexi/launcher/TestLauncher.java
trunk/org.vexi-library.crypto/src/main/java/org/vexi/security/VerifySigned.java
Modified: trunk/org.vexi-launcher/src/main/java/org/vexi/launcher/Launcher.java
===================================================================
--- trunk/org.vexi-launcher/src/main/java/org/vexi/launcher/Launcher.java
2014-06-18 19:24:28 UTC (rev 4703)
+++ trunk/org.vexi-launcher/src/main/java/org/vexi/launcher/Launcher.java
2014-06-25 15:51:16 UTC (rev 4704)
@@ -52,7 +52,7 @@
abstract public Color getBorderColor();
abstract public Color getBarColor();
abstract public URL getSplashImageResource();
- abstract public String[] getPermittedDomains();
+// abstract public String[] getPermittedDomains();
abstract public Map loadCerts() throws IOException;
abstract public String getVersion();
@@ -249,44 +249,48 @@
};
}
+
+ // functionality now exists in launcher signing ...
/** check if a url falls within the permitted domains
* @param url a string of an absolute url, must start with 'http://' or
'file://'
* @return true iff url is permitted */
- protected boolean checkUrl(String url) {
- if (url.startsWith("file")) {
- return true;
- }
- if (url.startsWith("http")) {
- // remove the protocol
- url = url.substring(url.indexOf("//")+2);
- while (true) {
- String[] permittedDomains = getPermittedDomains();
- for (int i=0; i<permittedDomains.length; i++) {
- if (url.startsWith(permittedDomains[i])) {
- return true;
- }
- }
- // if we are a subdomain remove leading part and recheck
- if (url.indexOf('.')==-1) {
- break;
- }
- url = url.substring(url.indexOf('.')+1);
- }
- }
- return false;
- }
+// protected boolean checkUrl(String url) {
+// if (url.startsWith("file")) {
+// return true;
+// }
+// if (url.startsWith("http")) {
+// return true;
+//
+//// // remove the protocol
+//// url = url.substring(url.indexOf("//")+2);
+//// while (true) {
+//// String[] permittedDomains = getPermittedDomains();
+//// for (int i=0; i<permittedDomains.length; i++) {
+//// if (url.startsWith(permittedDomains[i])) {
+//// return true;
+//// }
+//// }
+//// // if we are a subdomain remove leading part and recheck
+//// if (url.indexOf('.')==-1) {
+//// break;
+//// }
+//// url = url.substring(url.indexOf('.')+1);
+//// }
+// }
+// return false;
+// }
+//
+// static private String join(String[] ss) {
+// String r = "";
+// for (int i=0; i<ss.length; i++) {
+// if (i>0) {
+// r += ",";
+// }
+// r += ss[i];
+// }
+// return r;
+// }
- static private String join(String[] ss) {
- String r = "";
- for (int i=0; i<ss.length; i++) {
- if (i>0) {
- r += ",";
- }
- r += ss[i];
- }
- return r;
- }
-
/** fetches a file from the distribution site, writing it to the
appropriate place */
public File fetch(String url) throws IOException {
File localfile = dotvexi.getLocalFile(url);
@@ -550,9 +554,9 @@
//////////////
// Permission
- void permitAlternativeURL(String url) throws Problem {
- throw new Problem("Applet can not be run from unknown domain " + url +
"\nPermitted domains: " + join(getPermittedDomains()));
- }
+// void permitAlternativeURL(String url) throws Problem {
+// throw new Problem("Applet can not be run from unknown domain " + url
+ "\nPermitted domains: " + join(getPermittedDomains()));
+// }
void permitUnsignedCore(String file) throws Problem {
throw new Problem("Applet will not run unsigned core file: "+ file);
}
Modified:
trunk/org.vexi-launcher/src/main/java/org/vexi/launcher/LauncherApplet.java
===================================================================
--- trunk/org.vexi-launcher/src/main/java/org/vexi/launcher/LauncherApplet.java
2014-06-18 19:24:28 UTC (rev 4703)
+++ trunk/org.vexi-launcher/src/main/java/org/vexi/launcher/LauncherApplet.java
2014-06-25 15:51:16 UTC (rev 4704)
@@ -61,10 +61,10 @@
String codebase = getCodeBase()+"";
log.status(""+codebase);
//log("Codebase is "+url);
-
- if (!launcher.checkUrl(codebase)) {
- launcher.permitAlternativeURL(codebase);
- }
+//
+// if (!launcher.checkUrl(codebase)) {
+// launcher.permitAlternativeURL(codebase);
+// }
}
///////////////////////
Modified:
trunk/org.vexi-launcher/src/test/java/org/vexi/launcher/TestLauncher.java
===================================================================
--- trunk/org.vexi-launcher/src/test/java/org/vexi/launcher/TestLauncher.java
2014-06-18 19:24:28 UTC (rev 4703)
+++ trunk/org.vexi-launcher/src/test/java/org/vexi/launcher/TestLauncher.java
2014-06-25 15:51:16 UTC (rev 4704)
@@ -1,43 +1,39 @@
package org.vexi.launcher;
-import java.awt.Color;
-import java.net.URL;
-import java.util.Map;
+import junit.framework.TestCase;
-import junit.framework.*;
-
public class TestLauncher extends TestCase{
- public void testCheckUrls(){
- Launcher l = new Launcher(null){
- public Color getTextColor() { return null; }
- public Color getBorderColor() { return null; }
- public Color getBarColor() { return null; }
- public URL getSplashImageResource() { return null; }
- public String[] getPermittedDomains() { return new
String[]{"localhost"}; }
- public Map loadCerts() { return null; }
- public String getVersion() { return null; }
- };
- boolean ok = l.checkUrl("http://localhost:7070/";);
- Assert.assertTrue(ok);
- }
+// public void testCheckUrls(){
+// Launcher l = new Launcher(null){
+// public Color getTextColor() { return null; }
+// public Color getBorderColor() { return null; }
+// public Color getBarColor() { return null; }
+// public URL getSplashImageResource() { return null; }
+// public String[] getPermittedDomains() { return new
String[]{"localhost"}; }
+// public Map loadCerts() { return null; }
+// public String getVersion() { return null; }
+// };
+//// boolean ok = l.checkUrl("http://localhost:7070/";);
+//// Assert.assertTrue(ok);
+// }
- public void testCheckUrlsSubdomain(){
- Launcher l = new Launcher(null){
- public Color getTextColor() { return null; }
- public Color getBorderColor() { return null; }
- public Color getBarColor() { return null; }
- public URL getSplashImageResource() { return null; }
- public String[] getPermittedDomains() { return new
String[]{"emanate5.com"}; }
- public Map loadCerts() { return null; }
- public String getVersion() { return null; }
- };
- boolean ok = l.checkUrl("http://blah.emanate5.com/foo/x";);
- Assert.assertTrue(ok);
-
- ok = l.checkUrl("http://nicetryemanate5.com/foo/x";);
- Assert.assertFalse(ok);
- }
+// public void testCheckUrlsSubdomain(){
+// Launcher l = new Launcher(null){
+// public Color getTextColor() { return null; }
+// public Color getBorderColor() { return null; }
+// public Color getBarColor() { return null; }
+// public URL getSplashImageResource() { return null; }
+// public String[] getPermittedDomains() { return new
String[]{"emanate5.com"}; }
+// public Map loadCerts() { return null; }
+// public String getVersion() { return null; }
+// };
+//// boolean ok = l.checkUrl("http://blah.emanate5.com/foo/x";);
+//// Assert.assertTrue(ok);
+////
+//// ok = l.checkUrl("http://nicetryemanate5.com/foo/x";);
+//// Assert.assertFalse(ok);
+// }
}
Modified:
trunk/org.vexi-library.crypto/src/main/java/org/vexi/security/VerifySigned.java
===================================================================
---
trunk/org.vexi-library.crypto/src/main/java/org/vexi/security/VerifySigned.java
2014-06-18 19:24:28 UTC (rev 4703)
+++
trunk/org.vexi-library.crypto/src/main/java/org/vexi/security/VerifySigned.java
2014-06-25 15:51:16 UTC (rev 4704)
@@ -49,7 +49,7 @@
// CALCULATE HASH
byte[] calculatedHash;
{
- int length = 0;
+// int length = 0;
byte[] buf = new byte[1024*128];
SHA1 sha1 = new SHA1();
for(;;) {
@@ -58,7 +58,7 @@
//out.write(buf,0,n);
sha1.update(buf,0,n);
if(os!=null) os.write(buf,0,n);
- length+=n;
+// length+=n;
}
is.close();
if(os!=null) os.close();
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Vexi-svn mailing list
Vexi-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vexi-svn
