diff --git a/core/pom.xml b/core/pom.xml index ee59ec671..a9b803a06 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -49,40 +49,6 @@ js 1.7R1 - - - - org.glassfish.jaxb - jaxb-runtime - 2.3.1 - - - - javax.activation - activation - 1.1 - - - javax.xml.bind - jaxb-api - 2.3.1 - - - - commons-io - commons-io - 2.5 - - - - - - org.eclipse.persistence - eclipselink - 2.5.0 - - - ${project.groupId} diff --git a/core/src/main/java/net/adoptopenjdk/icedteaweb/resources/ResourceHandler.java b/core/src/main/java/net/adoptopenjdk/icedteaweb/resources/ResourceHandler.java index 3850a02b8..a7985a927 100644 --- a/core/src/main/java/net/adoptopenjdk/icedteaweb/resources/ResourceHandler.java +++ b/core/src/main/java/net/adoptopenjdk/icedteaweb/resources/ResourceHandler.java @@ -24,10 +24,7 @@ import static net.adoptopenjdk.icedteaweb.resources.Resource.Status.ERROR; import static net.sourceforge.jnlp.util.UrlUtils.FILE_PROTOCOL; import static net.sourceforge.jnlp.util.UrlUtils.decodeUrlQuietly; -/* - * Modified class to add DeploymentRuleSet - * DJ -03-02-2021 - */ + class ResourceHandler { private static final Logger LOG = LoggerFactory.getLogger(ResourceHandler.class); @@ -46,7 +43,7 @@ Future putIntoCache(final Executor downloadExecutor) { // threads will return this future and ensure a resource is only processed by a single thread synchronized (resource) { final Future future = resource.getFutureForDownloaded(); - if(future == null) { + if (future == null) { LOG.debug("Download for {} has not been started until now", resource.getSimpleName()); final Future futureResource = getDownloadStateAndStartUnstartedDownload(downloadExecutor); resource.startProcessing(futureResource); @@ -121,54 +118,22 @@ private Resource downloadResource() { return resource; } - /** Original method private void validateWithWhitelist() { final URL url = resource.getLocation(); Assert.requireNonNull(url, "url"); - // Validate with whitelist specified in deployment.properties. localhost is considered valid. - final boolean found = UrlWhiteListUtils.isUrlInApplicationUrlWhitelist(url); - if (!found) { - BasicExceptionDialog.show(new SecurityException(Translator.R("SWPInvalidURL") + ": " + url)); - LOG.error("Resource URL not In Whitelist: {}", resource.getLocation()); - JNLPRuntime.exit(-1); - } - } - */ - private void validateWithWhitelist() { - final URL url = resource.getLocation(); - Assert.requireNonNull(url, "url"); - - // Validate with whitelist specified in deployment.properties. localhost is considered valid. - //commented out by DJ -final key word so that URL can be checked against whitelist as well as deploymentRuleset. - /*final*/ boolean found = UrlWhiteListUtils.isUrlInApplicationUrlWhitelist(url); - //If not found in the serverWhitelisting , check in DeploymentRuleSet.jar file. - LOG.debug("Resource URL not In Whitelist: {} found before calling Deployment rule set", found); - if (!found) { - LOG.debug("----------------------BEGIN DEPLOYMENT RULESET CALL------------------------------------------", found); - LOG.debug("Resource URL call inside (!found) before calling found=validateWithDeploymentRuleSet()", found); - found=validateWithDeploymentRuleSet() ; - LOG.debug("Resource URL call inside (!found) after calling found=validateWithDeploymentRuleSet()", found); + if (UrlWhiteListUtils.isUrlInApplicationUrlWhitelist(url)) { + return; } - LOG.debug("Resource URL not In Whitelist: {} found after calling Deployment rule set", found); - if (!found) { - BasicExceptionDialog.show(new SecurityException(Translator.R("SWPInvalidURL") + ": " + url)); - LOG.error("Resource URL not In Whitelist: {}", resource.getLocation()); - JNLPRuntime.exit(-1); - } - } - - /** - * @author DJ 03-02-2021 - * Validates the resource URL with the deploymentRuleSet jar file - */ - private boolean validateWithDeploymentRuleSet() { - final URL url = resource.getLocation(); - Assert.requireNonNull(url, "url"); // Validate with whitelist specified in DeploymentRuleSet.jar localhost is considered valid. - final boolean found = UrlDeploymentRulesSetUtils.isUrlInDeploymentRuleSetlist(url); - return found; + if (UrlDeploymentRulesSetUtils.isUrlInDeploymentRuleSet(url)) { + return; + } + + BasicExceptionDialog.show(new SecurityException(Translator.R("SWPInvalidURL") + ": " + url)); + LOG.error("Resource URL not In Whitelist: {}", resource.getLocation()); + JNLPRuntime.exit(-1); } } diff --git a/core/src/main/java/net/sourceforge/jnlp/config/ConfigurationConstants.java b/core/src/main/java/net/sourceforge/jnlp/config/ConfigurationConstants.java index 3421f878a..7a9f51ef6 100644 --- a/core/src/main/java/net/sourceforge/jnlp/config/ConfigurationConstants.java +++ b/core/src/main/java/net/sourceforge/jnlp/config/ConfigurationConstants.java @@ -300,7 +300,7 @@ public interface ConfigurationConstants { String KEY_HTTPCONNECTION_CONNECT_TIMEOUT = "deployment.connection.connectTimeout"; String KEY_HTTPCONNECTION_READ_TIMEOUT = "deployment.connection.readTimeout"; - /*DJ -adding deloymentruleset properties*/ + /* deployment ruleset properties*/ String KEY_DEPLOYMENT_RULE_SET = "deployment.deploymentruleset.jar"; } diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Action.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Action.java deleted file mode 100644 index f8f4b276e..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Action.java +++ /dev/null @@ -1,33 +0,0 @@ -package net.sourceforge.jnlp.deploymentrules; -/** - * Action object of Rule from the rulset file - * Stores the attributes value from id tag - * permission and version. - * If permission is run, then location which is the url whitelisted is permitted to be accessible. - */ -public class Action { - -private String permission; -private String version; -public String getVersion() { - return version; -} -public void setVersion(String version) { - this.version = version; -} -public String getPermission() { - return permission; -} -public void setPermission(String permission) { - this.permission = permission; -} - -private String message; -public String getMessage() { - return message; -} -public void setMessage(String message) { - this.message = message; -} - -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Certificate.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Certificate.java deleted file mode 100644 index 1424cabf3..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Certificate.java +++ /dev/null @@ -1,21 +0,0 @@ -package net.sourceforge.jnlp.deploymentrules; -/** - * Certificate object of Rule from the rulset file - * Stores the attributes value from action tag - * hash. - * This is class is rarely used yet and can be extended when a - * UI component to display the entire rulset.xml file and edit it will be enhanced - */ -public class Certificate { - -private String hash; - - -public String getHash() { - return hash; -} - -public void setHash(String hash) { - this.hash = hash; -} -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentJarLoader.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentJarLoader.java deleted file mode 100644 index 44b4fe5f0..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentJarLoader.java +++ /dev/null @@ -1,16 +0,0 @@ -package net.sourceforge.jnlp.deploymentrules; - -import net.sourceforge.jnlp.security.AppVerifier; -import net.sourceforge.jnlp.security.JNLPAppVerifier; -import net.sourceforge.jnlp.tools.JarCertVerifier; - -public class DeploymentJarLoader { - - final AppVerifier verifier = new DeploymentRuleSetJarVerifier(); - - JarCertVerifier jcv = new JarCertVerifier(verifier); - - public boolean isJarSignedFully() { - return jcv.isFullySigned(); - } -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRule.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRule.java deleted file mode 100644 index 85611d45f..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRule.java +++ /dev/null @@ -1,71 +0,0 @@ -package net.sourceforge.jnlp.deploymentrules; - - -/* - * This class copies all the deployment Rule set to a class. - * - - - - - - - - - - - - - - - - Blocked by corporate. Contact J. Smith, smith@host.example.com, if you need to run this app. - - - - - - - - * */ - - -public class DeploymentRule { - -private Rule rule; - -public Rule getRule() { - return rule; -} - -public String getTitle() { - return title; -} -public void setTitle(String title) { - this.title = title; -} - - -private Action action; - -public Action getAction() { - return action; -} -public void setAction(Action action) { - this.action = action; -} - -private String version; - - -public String getVersion() { - return version; -} -public void setVersion(String version) { - this.version = version; -} - -private String title; - - -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRuleSetJarVerifier.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRuleSetJarVerifier.java deleted file mode 100644 index 49bcfd1b5..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRuleSetJarVerifier.java +++ /dev/null @@ -1,65 +0,0 @@ -package net.sourceforge.jnlp.deploymentrules; - -import java.security.cert.CertPath; -import java.util.Map; - -import net.sourceforge.jnlp.JNLPFile; -import net.sourceforge.jnlp.LaunchException; -import net.sourceforge.jnlp.runtime.classloader.SecurityDelegate; -import net.sourceforge.jnlp.security.AppVerifier; -import net.sourceforge.jnlp.tools.CertInformation; -import net.sourceforge.jnlp.tools.JarCertVerifier; -/** - * DeploymentRuleSetJarVerifier object for accessing jar file. - * - * This is class is rarely used yet and can be extended when a - * UI component to display the entire rulset.xml file and edit it will be enhanced - */ -public class DeploymentRuleSetJarVerifier implements AppVerifier { - - @Override - public boolean hasAlreadyTrustedPublisher(Map certs, Map signedJars) { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean hasRootInCacerts(Map certs, Map signedJars) { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean isFullySigned(Map certs, Map signedJars) { - - int sumOfSignableEntries = JarCertVerifier.getTotalJarEntries(signedJars); - for (CertPath cPath : certs.keySet()) { - // If this cert has signed everything, return true - if (hasCompletelySignedApp(certs.get(cPath), sumOfSignableEntries)) { - return true; - } - } - - // No cert found that signed all entries. Return false. - return false; - - } - - /** - * Find out if the CertPath with the given info has fully signed the app. - * @param info The information regarding the CertPath in question - * @param sumOfSignableEntries The total number of signable entries in the app. - * @return True if the signer has fully signed this app. - */ - public boolean hasCompletelySignedApp(CertInformation info, int sumOfSignableEntries) { - return JarCertVerifier.getTotalJarEntries(info.getSignedJars()) == sumOfSignableEntries; - } - - @Override - public void checkTrustWithUser(SecurityDelegate securityDelegate, JarCertVerifier jcv, JNLPFile file) - throws LaunchException { - // TODO Auto-generated method stub - - } - -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRuleSetParser.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRuleSetParser.java index a13b4c111..c3bf8eac0 100644 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRuleSetParser.java +++ b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRuleSetParser.java @@ -1,214 +1,110 @@ package net.sourceforge.jnlp.deploymentrules; -import net.adoptopenjdk.icedteaweb.Assert; -import net.adoptopenjdk.icedteaweb.IcedTeaWebConstants; -import net.adoptopenjdk.icedteaweb.JavaSystemProperties; -import net.adoptopenjdk.icedteaweb.i18n.Translator; -import net.adoptopenjdk.icedteaweb.jnlp.element.EntryPoint; - -import net.adoptopenjdk.icedteaweb.jvm.JvmUtils; -import net.adoptopenjdk.icedteaweb.logging.Logger; -import net.adoptopenjdk.icedteaweb.logging.LoggerFactory; -import net.adoptopenjdk.icedteaweb.ui.swing.ScreenFinder; import net.adoptopenjdk.icedteaweb.xmlparser.ParseException; -import net.adoptopenjdk.icedteaweb.xmlparser.XMLParser; import net.adoptopenjdk.icedteaweb.xmlparser.XmlNode; - -import javax.swing.JOptionPane; -import java.awt.Rectangle; -import java.net.MalformedURLException; -import java.net.URL; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; -import java.util.Locale; -import java.util.Map; -import java.util.StringTokenizer; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import static java.lang.Boolean.*; -import static java.util.Arrays.asList; import static net.adoptopenjdk.icedteaweb.xmlparser.NodeUtils.getAttribute; -import static net.adoptopenjdk.icedteaweb.xmlparser.NodeUtils.getChildNode; import static net.adoptopenjdk.icedteaweb.xmlparser.NodeUtils.getChildNodes; -import static net.adoptopenjdk.icedteaweb.xmlparser.NodeUtils.getRequiredAttribute; -import static net.adoptopenjdk.icedteaweb.xmlparser.NodeUtils.getRequiredURL; -import static net.adoptopenjdk.icedteaweb.xmlparser.NodeUtils.getSpanText; -import static net.adoptopenjdk.icedteaweb.xmlparser.NodeUtils.getURL; /** -* Contains methods to parse an XML document into a DeploymentRuleSetFile. Implements JNLP -* specification version 1.0. -* -* @author Dhiren Joshi -* (JAM) - initial author -* @version $Revision: 1.13 $ -*/ -public final class DeploymentRuleSetParser { - - private static final Logger LOG = LoggerFactory.getLogger(DeploymentRuleSetParser.class); - - - - /** - * the file reference - */ - private DeploymentRulesSet file=null; // do not use (uninitialized) - - /** - * the root node - */ - private final XmlNode root; - /** - * whether to throw errors on non-fatal errors. - */ - private final boolean strict; // if strict==true parses a file with no error then strict==false should also - - /** - * whether to allow extensions to the JNLP specification - */ - private final boolean allowExtensions; - - - - /** - * Create a parser for the Deployment rule set file - * Reads the jar and ruleset.xml file is read and parsed. Adds a deploymentRuleSet tag to cover the legalities - * If any with using a Oracle ruleset.xml. - * - * * @throws ParseException if the DeploymentRuleSet string is invalid - */ - /** - * @param ruleSet the object created from the parsed ruleset.xml - * @param root , the root XmlNode - * @param settings , the parser settings - * @throws ParseException - */ -public DeploymentRuleSetParser(final DeploymentRulesSet ruleSet, final XmlNode root, final ParserSettings settings) throws ParseException { - this.file = file; - this.root = root; - this.strict = settings.isStrict(); - this.allowExtensions = settings.isExtensionAllowed(); - - // ensure it's a DeploymentRuleSet node - if (root == null || !root.getNodeName().equals(DeploymentRulesSet.DEPLOYMENTRULE_SET_ROOT_ELEMENT)) { - throw new ParseException("Root element is not a DeploymentRuleset element."); - } - processXmlParsingOfRuleSet(ruleSet,root); - - } - - - -/** - * Returns the rule attributes populated - * @param rule - * @param root - * @return rule object populated with attributes values - */ -public Rule getRuleIdAttributeValues(Rule rule, XmlNode root) { - //certificate element - final String hash = getAttribute(root, DeploymentRulesSet.HASH_ATTRIBUTE, null); - //id element - Certificate certs= new Certificate(); - certs.setHash(hash); - final String location = getAttribute(root, DeploymentRulesSet.LOCATION_ATTRIBUTE, null); - rule.setcertificate(certs); - rule.setLocation(location); - return rule; - } - - /** - * - * @param action - * @param root - * @return Action attributes sets - */ -public Action getActionAttributes(Action action, XmlNode root) { - //action element - final String permission = getAttribute(root, DeploymentRulesSet.PERMISSION_ATTRIBUTE, null); - String version = getAttribute(root, DeploymentRulesSet.VERSION_ATTRIBUTE, null); - action.setPermission(permission); - action.setVersion(version); - return action; - } - -/** - * @param ruleSet - * @param parent - * @throws ParseException - */ -public void processXmlParsingOfRuleSet(DeploymentRulesSet ruleSet, final XmlNode parent) throws ParseException { - Rule rule = null; - List rules= new ArrayList(); - XmlNode child = parent.getFirstChild(); - XmlNode childRuleSet =null; - if (child.getNodeName().equals(DeploymentRulesSet.RULE_SET_ELEMENT)) { - final XmlNode node = child; - if (!child.getNodeName().equals(DeploymentRulesSet.RULE_SET_ELEMENT)) { - throw new ParseException("Invalid Deployment rule set tag is missing"); - }else { - - rules = getRules(child); - } - - } - ruleSet.setRuleSet(rules); - - } - - - /** - * @param parent - * @return List list of Rules from deplyoment rule set - * @throws ParseException - */ -public List getRules(final XmlNode parent) - throws ParseException { - final List result = new ArrayList(); - final XmlNode rules[] = getChildNodes(parent, DeploymentRulesSet.RULE_ELEMENT); - - // ensure that there are at least one information section present - if (rules.length == 0 ) { - throw new ParseException("No rule element specified."); - } - for (final XmlNode rule : rules) { - result.add(getRule(rule)); - } - return result; - } - -/** - * @return the Rule element at the specified node. - * @param node - * @return - * @throws ParseException if the Rule eement does not exist + * Contains methods to parse an XML document into a DeploymentRuleSetFile. + * Implements JNLP specification version 1.0. */ -private Rule getRule(final XmlNode node) throws ParseException { - - // create rules - Rule rule=new Rule(); - - // step through the elements - //first populate the id tag attribute - XmlNode child = node.getFirstChild(); - final String name = child.getNodeName(); - if (name.equals(DeploymentRulesSet.ID_ELEMENT)) { - getRuleIdAttributeValues(rule, child); - } - //next populate the action tag attribute. - child = child.getNextSibling(); - if (child.getNodeName().equals(DeploymentRulesSet.ACTION_ELEMENT)) { - Action action= new Action(); - rule.setAction(action); - getActionAttributes(action, child); - } - return rule; - } - +class DeploymentRuleSetParser { + + private static final String DEPLOYMENT_RULESET_ROOT_ELEMENT = "deploymentRulesSet"; + private static final String ID_ELEMENT = "id"; + private static final String RULE_SET_ELEMENT = "ruleset"; + + //From rule starts the actual list of rule and locations stored. + private static final String RULE_ELEMENT = "rule"; + private static final String ACTION_ELEMENT = "action"; + //id element + private static final String LOCATION_ATTRIBUTE = "location"; + //certificate element + private static final String HASH_ATTRIBUTE = "hash"; + //action element + private static final String VERSION_ATTRIBUTE = "version"; + private static final String PERMISSION_ATTRIBUTE = "permission"; + + /** + * Create a parser for the Deployment rule set file + * Reads the jar and ruleset.xml file is read and parsed. Adds a deploymentRuleSet tag to cover the legalities + * If any with using a Oracle ruleset.xml. + *

+ * + * @param root the root XmlNode + * @throws ParseException if the DeploymentRuleSet string is invalid + */ + public List getRules(final XmlNode root) throws ParseException { + // ensure it's a DeploymentRuleSet node + if (root == null || !root.getNodeName().equals(DEPLOYMENT_RULESET_ROOT_ELEMENT)) { + throw new ParseException("Root element is not a DeploymentRuleset element."); + } + return processXmlParsingOfRuleSet(root); + } + + private List processXmlParsingOfRuleSet(final XmlNode parent) throws ParseException { + final XmlNode child = parent.getFirstChild(); + final boolean isRuleSetElement = child.getNodeName().equals(RULE_SET_ELEMENT); + if (isRuleSetElement) { + return getRulesFromRuleset(child); + } else { + return new ArrayList<>(); + } + } + + private List getRulesFromRuleset(final XmlNode parent) throws ParseException { + final List result = new ArrayList<>(); + final XmlNode[] rules = getChildNodes(parent, RULE_ELEMENT); + + // ensure that there are at least one information section present + if (rules.length == 0) { + throw new ParseException("No rule element specified."); + } + for (final XmlNode rule : rules) { + result.add(getRule(rule)); + } + return result; + } + + private XmlRule getRule(final XmlNode node) { + + // create rules + final XmlRule rule = new XmlRule(); + + // step through the elements + // first populate the id tag attribute + final XmlNode potentialIdPart = node.getFirstChild(); + if (potentialIdPart.getNodeName().equals(ID_ELEMENT)) { + //certificate element + final String hash = getAttribute(potentialIdPart, HASH_ATTRIBUTE, null); + //id element + final XmlCertificate certs = new XmlCertificate(); + certs.setHash(hash); + + final String location = getAttribute(potentialIdPart, LOCATION_ATTRIBUTE, null); + rule.setCertificate(certs); + rule.setLocation(location); + } + + // next populate the action tag attribute. + final XmlNode potentialActionPart = potentialIdPart.getNextSibling(); + if (potentialActionPart.getNodeName().equals(ACTION_ELEMENT)) { + final XmlAction action = new XmlAction(); + //action element + final String permission = getAttribute(potentialActionPart, PERMISSION_ATTRIBUTE, null); + final String version = getAttribute(potentialActionPart, VERSION_ATTRIBUTE, null); + action.setPermission(permission); + action.setVersion(version); + rule.setAction(action); + } + + return rule; + } } diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRulesSet.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRulesSet.java deleted file mode 100644 index 08d533453..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRulesSet.java +++ /dev/null @@ -1,154 +0,0 @@ -package net.sourceforge.jnlp.deploymentrules; -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.FileReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.Reader; -import java.io.StringReader; -import java.net.URL; -import java.nio.charset.Charset; -import java.nio.charset.StandardCharsets; -import java.util.ArrayList; -import java.util.List; -import java.util.jar.JarEntry; -import java.util.jar.JarFile; - -//import javax.xml.bind.JAXBContext; -//import javax.xml.bind.JAXBException; -//import javax.xml.bind.Marshaller; -//import javax.xml.bind.Unmarshaller; -//import javax.xml.bind.annotation.*; - -import net.adoptopenjdk.icedteaweb.xmlparser.ParseException; -import net.adoptopenjdk.icedteaweb.xmlparser.XMLParser; -import net.adoptopenjdk.icedteaweb.xmlparser.XmlNode; -import net.adoptopenjdk.icedteaweb.xmlparser.XmlParserFactory; -public class DeploymentRulesSet { - public static final String DEPLOYMENTRULE_SET_ROOT_ELEMENT = "deploymentRulesSet"; - public static final String RULE_SET_ELEMENT="ruleset"; - //From rule starts the actual list of rule and locations stored. - public static final String RULE_ELEMENT="rule"; - public static final String ID_ELEMENT="id"; - public static final String CERTIFICATE_ELEMENT="certificate"; - public static final String ACTION_ELEMENT="action"; - public static final String MESSAGE_ELEMENT="message"; - //id element - public static final String LOCATION_ATTRIBUTE = "location"; - //certificate element - public static final String HASH_ATTRIBUTE = "hash"; - //action element - public static final String VERSION_ATTRIBUTE = "version"; - public static final String PERMISSION_ATTRIBUTE = "permission"; - - - private List list; - private List vettedUrls = new ArrayList();; - private ParserSettings parserSettings; - - public List getVettedUrls() { - return vettedUrls; - } - - private ArrayList ruleSet; - public List getRuleSet() { - return ruleSet; - } - public void setRuleSet(List rules) { - this.ruleSet = (ArrayList) rules; - } - - private String version; - public String getVersion() { - return version; - } - public void setVersion(String version) { - this.version = version; - } - private static final String RULESET_XML = "./ruleset-jaxb.xml"; - -public static void main(String[] args) { - //For testing - DeploymentRulesSet ruleSet= new DeploymentRulesSet(); - try { - ruleSet.parseDeploymentRuleSet("C:\\\\softwares\\\\icedtea-web\\\\DeploymentRuleSet.jar"); - } catch (ParseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - -} - -/** - * @param jarFilePath - * @throws ParseException - */ -public void parseDeploymentRuleSet(String jarFilePath) throws ParseException{ - JarFile file; - JarEntry entry = null; - InputStream in=null; - String appendedXML=null; - if (new File(jarFilePath).exists()) { - try { - - file = new JarFile(new File(jarFilePath)); - entry = file.getJarEntry("ruleset.xml"); - if (entry!=null) { - in= file.getInputStream(entry); - - StringBuilder textBuilder = new StringBuilder(); - try (Reader reader = new BufferedReader(new InputStreamReader - (in, Charset.forName(StandardCharsets.UTF_8.name())))) { - int c = 0; - while ((c = reader.read()) != -1) { - textBuilder.append((char) c); - } - } - String content= textBuilder.toString(); - int insertCount=content.indexOf(""+fullXml+""; - } - System.out.println(appendedXML); - } catch (IOException e1) { - // TODO Auto-generated catch block - new ParseException("file IO exception accessing the ruleset or some network issues" + e1.getMessage()); - } - - - parserSettings = new ParserSettings(true, false,true); - final XMLParser xmlParser = XmlParserFactory.getParser(parserSettings.getParserType()); - InputStream is = new ByteArrayInputStream(appendedXML.getBytes(StandardCharsets.UTF_8)); - XmlNode root=null; - try { - root = xmlParser.getRootNode(is); - } catch (ParseException e) { - new ParseException("Could not parser the root Node" +e.getMessage()); - } - - DeploymentRulesSet ruleSetDescriptor = new DeploymentRulesSet(); - try { - DeploymentRuleSetParser parser= new DeploymentRuleSetParser(ruleSetDescriptor, root, parserSettings); - } catch (ParseException e) { - new ParseException("Could not intialize the DeploymentRuleSetParser" +e.getMessage()); - - } - list = ruleSetDescriptor.getRuleSet(); - parseDeploymentRuleSet(); - } -} - -private void parseDeploymentRuleSet() { - for (Rule rules: list) { - //Questions.. Do we also accept Urls to be vetted if DEFAULT permissions - if (rules.getAction().getPermission().matches(PermissionsConstant.RUN)) { - vettedUrls.add(rules.getLocation()); - } - } -} - -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRulesSetFile.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRulesSetFile.java new file mode 100644 index 000000000..dc9569c08 --- /dev/null +++ b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/DeploymentRulesSetFile.java @@ -0,0 +1,94 @@ +package net.sourceforge.jnlp.deploymentrules; + +import net.adoptopenjdk.icedteaweb.io.IOUtils; +import net.adoptopenjdk.icedteaweb.xmlparser.ParseException; +import net.adoptopenjdk.icedteaweb.xmlparser.XMLParser; +import net.adoptopenjdk.icedteaweb.xmlparser.XmlNode; +import net.adoptopenjdk.icedteaweb.xmlparser.XmlParserFactory; + +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; +import java.util.stream.Collectors; + +import static net.adoptopenjdk.icedteaweb.xmlparser.ParserType.MALFORMED; + +class DeploymentRulesSetFile { + + private static final String RULESET_XML = "ruleset.xml"; + private static final String RUN = "run"; + + private final String rulesetPath; + + public DeploymentRulesSetFile(String rulesetPath) { + this.rulesetPath = rulesetPath; + } + + public List parseDeploymentRuleSet() throws ParseException { + final File rulesetJarFile = new File(rulesetPath); + if (rulesetJarFile.exists()) { + final String rawContent = getRulesetXmlContent(rulesetJarFile); + final String content = wrapInArtificialRoot(rawContent); + final XmlNode root = parseXml(content); + final List rules = extractRules(root); + + return rules.stream() + .filter(rule -> Objects.equals(rule.getAction().getPermission(), RUN)) + .map(XmlRule::getLocation) + .collect(Collectors.toList()); + } + return Collections.emptyList(); + } + + private String getRulesetXmlContent(File rulesetJarFile) throws ParseException { + try { + final JarFile file = new JarFile(rulesetJarFile); + final JarEntry entry = file.getJarEntry(RULESET_XML); + if (entry == null) { + throw new ParseException("could not find a " + RULESET_XML + " in the jar " + rulesetJarFile); + } + + try (final InputStream in = file.getInputStream(entry)) { + return IOUtils.readContentAsUtf8String(in); + } + } catch (IOException e) { + throw new ParseException("file IO exception accessing the ruleset or some network issues", e); + } + } + + private String wrapInArtificialRoot(String content) throws ParseException { + final int idx = content.indexOf(""); + } + final String prefix = content.substring(0, idx); + final String fullXml = content.substring(idx); + return prefix + "" + fullXml + ""; + } + + private XmlNode parseXml(String content) throws ParseException { + try { + final InputStream is = new ByteArrayInputStream(content.getBytes(StandardCharsets.UTF_8)); + final XMLParser xmlParser = XmlParserFactory.getParser(MALFORMED); + return xmlParser.getRootNode(is); + } catch (ParseException e) { + throw new ParseException("Could not parser the root Node" + e.getMessage()); + } + } + + private List extractRules(XmlNode root) throws ParseException { + try { + return new DeploymentRuleSetParser().getRules(root); + } catch (ParseException e) { + throw new ParseException("Could not initialize the DeploymentRuleSetParser" + e.getMessage()); + } + } + +} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/ParserSettings.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/ParserSettings.java deleted file mode 100644 index 4bd368be9..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/ParserSettings.java +++ /dev/null @@ -1,83 +0,0 @@ -/* ParserSettings.java - Copyright (C) 2011 Red Hat, Inc. - -This file is part of IcedTea. - -IcedTea is free software; you can redistribute it and/or modify it under the -terms of the GNU General Public License as published by the Free Software -Foundation, version 2. - -IcedTea is distributed in the hope that it will be useful, but WITHOUT ANY -WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along with -IcedTea; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. - -Linking this library statically or dynamically with other modules is making a -combined work based on this library. Thus, the terms and conditions of the GNU -General Public License cover the whole combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent modules, and -to copy and distribute the resulting executable under terms of your choice, -provided that you also meet, for each linked independent module, the terms and -conditions of the license of that module. An independent module is a module -which is not derived from or based on this library. If you modify this library, -you may extend this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this exception -statement from your version. -*/ - -package net.sourceforge.jnlp.deploymentrules; - -import net.adoptopenjdk.icedteaweb.xmlparser.ParserType; - -import static net.adoptopenjdk.icedteaweb.xmlparser.ParserType.MALFORMED; -import static net.adoptopenjdk.icedteaweb.xmlparser.ParserType.NORMAL; - -/** - * Contains settings to be used by the Parser while parsing files. - * - * Immutable and therefore thread-safe. - */ -public class ParserSettings { - - private final boolean isStrict; - private final boolean extensionAllowed; - private final boolean malformedXmlAllowed; - - /** Create a new ParserSettings with the default parser settings */ - public ParserSettings() { - this(false, true, true); - } - - /** Create a new ParserSettings object - * @param strict true if parser should be strict - * @param extensionAllowed true if extensions are allowed - * @param malformedXmlAllowed true if xml sanitizer should be used - */ - public ParserSettings(boolean strict, boolean extensionAllowed, boolean malformedXmlAllowed) { - this.isStrict = strict; - this.extensionAllowed = extensionAllowed; - this.malformedXmlAllowed = malformedXmlAllowed; - } - - /** @return true if extensions to the spec are allowed */ - boolean isExtensionAllowed() { - return extensionAllowed; - } - - /** @return true if parsing malformed xml is allowed */ - ParserType getParserType() { - return malformedXmlAllowed ? MALFORMED : NORMAL; - } - - /** @return true if strict parsing mode is to be used */ - boolean isStrict() { - return isStrict; - } -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/PermissionsConstant.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/PermissionsConstant.java deleted file mode 100644 index 6bdfe563a..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/PermissionsConstant.java +++ /dev/null @@ -1,7 +0,0 @@ -package net.sourceforge.jnlp.deploymentrules; - -public interface PermissionsConstant { - public static final String RUN="run"; - public static final String BLOCK="block"; - public static final String DEFAULT="default"; -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Rule.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Rule.java deleted file mode 100644 index 0c7f30d4c..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/Rule.java +++ /dev/null @@ -1,39 +0,0 @@ -package net.sourceforge.jnlp.deploymentrules; - - -/* - * - - - - */ -public class Rule { - private String location; - - private Certificate certificate; - public Certificate getCertificate() { - return certificate; - } - public void setcertificate(Certificate certificate) { - this.certificate = certificate; - } - - private Action action; - - - - public Action getAction() { - return action; - } - public void setAction(Action action) { - this.action = action; - } - public String getLocation() { - return location; - } - public void setLocation(String location) { - this.location = location; - } - - -} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/UrlDeploymentRulesSetUtils.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/UrlDeploymentRulesSetUtils.java index 1098697fe..68ebf4020 100644 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/UrlDeploymentRulesSetUtils.java +++ b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/UrlDeploymentRulesSetUtils.java @@ -1,133 +1,50 @@ package net.sourceforge.jnlp.deploymentrules; import net.adoptopenjdk.icedteaweb.Assert; -import net.adoptopenjdk.icedteaweb.StringUtils; import net.adoptopenjdk.icedteaweb.logging.Logger; import net.adoptopenjdk.icedteaweb.logging.LoggerFactory; import net.adoptopenjdk.icedteaweb.xmlparser.ParseException; import net.sourceforge.jnlp.runtime.JNLPRuntime; -import net.sourceforge.jnlp.util.IpUtil; -import net.sourceforge.jnlp.deploymentrules.DeploymentRule; -import net.sourceforge.jnlp.deploymentrules.DeploymentRulesSet; -//import net.sourceforge.jnlp.util.whitelist.UrlWhiteListUtils; import java.net.URL; +import java.util.Collections; import java.util.List; -import java.util.stream.Collectors; -/* - * Added DeploymentRuleSet white listing checks - * Added method call :isUrlInDeploymentRuleSetUrl - * This method will do the checks of the DeploymentRuleSet.jar file of ruleset.xml - * DJ- 3/02/2021 - * - */ + import static net.sourceforge.jnlp.config.ConfigurationConstants.KEY_DEPLOYMENT_RULE_SET; -/* - * @author DJ - * @date 03/02/2021 - * This class is implementing the DeplyomentRuleSet checks for the jar - * Added DeploymentRuleSet white listing checks - * Added method call :isUrlInDeploymentRuleSetUrl - * * - */ -public class UrlDeploymentRulesSetUtils { - private static List applicationUrlDeploymentRuleSetList; - private static List applicationDeploymentRuleSetList; - private final static DeploymentRulesSet rulesSet= new DeploymentRulesSet(); - private static boolean isRuleSetInitialized=false; +public class UrlDeploymentRulesSetUtils { + private static final Logger LOG = LoggerFactory.getLogger(UrlDeploymentRulesSetUtils.class); + private static List applicationDeploymentRuleSetList; - public static List getApplicationUrlDeploymentRuleSetList() { - if (applicationUrlDeploymentRuleSetList == null) { - applicationUrlDeploymentRuleSetList = loadDeploymentRuleSetFromConfiguration(KEY_DEPLOYMENT_RULE_SET); - } - return applicationUrlDeploymentRuleSetList; - } - - public static List getApplicationLinkDeploymentRuleSetList() { - if (applicationUrlDeploymentRuleSetList == null) { - applicationDeploymentRuleSetList = loadDeploymentRuleSetLinksFromConfiguration(KEY_DEPLOYMENT_RULE_SET); + private static List getApplicationLinkDeploymentRuleSetList() { + if (applicationDeploymentRuleSetList == null) { + applicationDeploymentRuleSetList = loadDeploymentRuleSetLinksFromConfiguration(); } return applicationDeploymentRuleSetList; } - /** - * @author-DJ - * @date 03/02/21 - * Added for deploymentRuleSet checks - * @param deploymentRuleSetJarPath - * @return - */ - public static List loadDeploymentRuleSetLinksFromConfiguration(final String deploymentRuleSetPropertyName) { - initRulesSet(deploymentRuleSetPropertyName); - return rulesSet.getVettedUrls(); - } - - private static void initRulesSet(final String deploymentRuleSetPropertyName) { - try { - rulesSet.parseDeploymentRuleSet(deploymentRuleSetPropertyName); - isRuleSetInitialized=true; - } catch (ParseException e) { - LOG.error("Please Check property name . This should point to a valid DeploymentRuleSet jar file"+deploymentRuleSetPropertyName); - //absorb the Error and send error message for trouble shooting. - e.printStackTrace(); - } - - } - - public static List loadRuleSetFromConfiguration(final String deploymentRuleSetJarPath) { - List rulesSetList=null; - if (!isRuleSetInitialized) { - initRulesSet(deploymentRuleSetJarPath); - }else { - rulesSetList=rulesSet.getRuleSet(); - } - return rulesSetList; - } - - /** - * @author-DJ - * @date 03/02/21 - * Added for deploymentRuleSet checks - * @param deploymentRuleSetJarPath - * @return - */ - public static List loadDeploymentRuleSetFromConfiguration(final String deploymentRuleSetJarPath) { - //Implement the DeplymentRuleSet parser here. DJ and create the DeploymentRuleSet. - return loadRuleSetFromConfiguration(deploymentRuleSetJarPath); - } - /** - * - * Adding by DJ 3/2/2021 to add DeploymentRuleSet functionality - * @param url - * @return - */ - public static boolean isUrlInDeploymentRuleSetlist(final URL url) { - return isUrlInDeploymentRuleSetUrl(url, getApplicationLinkDeploymentRuleSetList()); + private static List loadDeploymentRuleSetLinksFromConfiguration() { + try { + final String rulesetPath = JNLPRuntime.getConfiguration().getProperty(KEY_DEPLOYMENT_RULE_SET); + final DeploymentRulesSetFile rulesSetFile = new DeploymentRulesSetFile(rulesetPath); + return rulesSetFile.parseDeploymentRuleSet(); + } catch (ParseException e) { + LOG.error("Please Check config property " + KEY_DEPLOYMENT_RULE_SET + ". This should point to a valid DeploymentRuleSet jar file: ", e); + return Collections.emptyList(); + } } - - /** - * isUrlInDeploymentRuleSetUrl - * Adding by DJ 3/2/2021 to add DeploymentRuleSet functionality - * @param url - * @param whiteList - * @return - */ - public static boolean isUrlInDeploymentRuleSetUrl(final URL url, final List deploymentRuleSetList) { + public static boolean isUrlInDeploymentRuleSet(final URL url) { Assert.requireNonNull(url, "url"); - Assert.requireNonNull(deploymentRuleSetList, "whiteList"); + return isUrlInDeploymentRuleSetUrl(url, getApplicationLinkDeploymentRuleSetList()); + } + private static boolean isUrlInDeploymentRuleSetUrl(final URL url, final List deploymentRuleSetList) { if (deploymentRuleSetList.isEmpty()) { return false; // empty deploymentRuleSetList == allow none. Nothing is whitelisted } - - - return deploymentRuleSetList.stream().anyMatch(wlEntry -> wlEntry.matches(url.getHost())); } - - } diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlAction.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlAction.java new file mode 100644 index 000000000..01bd81e9f --- /dev/null +++ b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlAction.java @@ -0,0 +1,37 @@ +package net.sourceforge.jnlp.deploymentrules; + +/** + * Action object of Rule from the ruleset file + * Stores the attributes value from id tag permission and version. + * If permission is run, then location which is the url whitelisted is permitted to be accessible. + */ +class XmlAction { + + private String permission; + private String version; + private String message; + + public String getPermission() { + return permission; + } + + public void setPermission(final String permission) { + this.permission = permission; + } + + public String getVersion() { + return version; + } + + public void setVersion(final String version) { + this.version = version; + } + + public String getMessage() { + return message; + } + + public void setMessage(final String message) { + this.message = message; + } +} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlCertificate.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlCertificate.java new file mode 100644 index 000000000..9609c79ad --- /dev/null +++ b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlCertificate.java @@ -0,0 +1,20 @@ +package net.sourceforge.jnlp.deploymentrules; + +/** + * Certificate object of Rule from the ruleset file + * Stores the attributes value from action tag hash. + * This is class is rarely used yet and can be extended when a + * UI component to display the entire ruleset.xml file and edit it will be enhanced + */ +class XmlCertificate { + + private String hash; + + public String getHash() { + return hash; + } + + public void setHash(String hash) { + this.hash = hash; + } +} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlRule.java b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlRule.java new file mode 100644 index 000000000..9125bd0c2 --- /dev/null +++ b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/XmlRule.java @@ -0,0 +1,31 @@ +package net.sourceforge.jnlp.deploymentrules; + +class XmlRule { + private String location; + private XmlCertificate certificate; + private XmlAction action; + + public String getLocation() { + return location; + } + + public void setLocation(final String location) { + this.location = location; + } + + public XmlCertificate getCertificate() { + return certificate; + } + + public void setCertificate(final XmlCertificate certificate) { + this.certificate = certificate; + } + + public XmlAction getAction() { + return action; + } + + public void setAction(final XmlAction action) { + this.action = action; + } +} diff --git a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/jaxb.properties b/core/src/main/java/net/sourceforge/jnlp/deploymentrules/jaxb.properties deleted file mode 100644 index 5837a4c25..000000000 --- a/core/src/main/java/net/sourceforge/jnlp/deploymentrules/jaxb.properties +++ /dev/null @@ -1 +0,0 @@ -javax.xml.bind.context.factory=org.eclipse.persistence.jaxb.JAXBContextFactory \ No newline at end of file