Changeset 418 for trunk/icedtea-web/netx/net

trunk/icedtea-web

Property svn:mergeinfo set to
/branches/vendor/sourceforge/icedtea-web/1.3 merged eligible
/branches/vendor/sourceforge/icedtea-web/current merged eligible

trunk/icedtea-web/netx/net/sourceforge/jnlp/AppletDesc.java

-              r348
+              r418
  * @version $Revision: 1.8 $
  */
 public class AppletDesc {
+public class AppletDesc implements LaunchDesc {
     /** the applet name */
 …
     /**
      * Returns the main class name
+     * Returns the main class name in the dot-separated form (eg: foo.bar.Baz)
      */
+    @Override
     public String getMainClass() {
         return mainClass;

trunk/icedtea-web/netx/net/sourceforge/jnlp/ApplicationDesc.java

-              r348
+              r418
  * @version $Revision: 1.7 $
  */
 public class ApplicationDesc {
+public class ApplicationDesc implements LaunchDesc {
     /** the main class name and package */
 …
      * Returns the main class name
      */
+    @Override
     public String getMainClass() {
         return mainClass;

trunk/icedtea-web/netx/net/sourceforge/jnlp/DefaultLaunchHandler.java

-              r348
+              r418
 package net.sourceforge.jnlp;
+import java.io.PrintStream;
 import net.sourceforge.jnlp.runtime.*;
 …
  * @version $Revision: 1.1 $
  */
+public class DefaultLaunchHandler implements LaunchHandler {
+public class DefaultLaunchHandler extends AbstractLaunchHandler {
+    public DefaultLaunchHandler(PrintStream out) {
+        super(out);
+    }
     /**
 …
      * @return true to allow the application to continue, false to stop it.
      */
     public boolean validationError(LaunchException security) {
         printMessage(security);
+    public boolean validationError(LaunchException error) {
+        printMessage(error);
         return true;
+    }
 …
     public void launchCompleted(ApplicationInstance application) {
         //
+    }
-    /**
-     * Print a message to stdout.
-     */
-    protected static void printMessage(LaunchException ex) {
-        StringBuffer result = new StringBuffer();
-        result.append("netx: ");
-        result.append(ex.getCategory());
-        if (ex.getSummary() != null) {
-            result.append(": ");
-            result.append(ex.getSummary());
+        }
-        if (JNLPRuntime.isDebug()) {
-            if (ex.getCause() != null)
-                ex.getCause().printStackTrace();
-            else
-                ex.printStackTrace();
+        }
-        Throwable causes[] = ex.getCauses();
-        for (int i = 0; i < causes.length; i++) {
-            result.append(" (");
-            result.append(causes[i].getClass().getName());
-            result.append(" ");
-            result.append(causes[i].getMessage());
-            result.append(")");
+        }
+    }

trunk/icedtea-web/netx/net/sourceforge/jnlp/GuiLaunchHandler.java

-              r348
+              r418
 package net.sourceforge.jnlp;
+import java.io.PrintStream;
+import java.lang.reflect.InvocationTargetException;
 import java.net.URL;
 …
  * including splash screens and exception dialogs.
  */
 public class GuiLaunchHandler implements LaunchHandler {
+public class GuiLaunchHandler extends AbstractLaunchHandler {
     private JNLPSplashScreen splashScreen = null;
+    private final Object mutex = new Object();
     private UpdatePolicy policy = UpdatePolicy.ALWAYS;
+    public GuiLaunchHandler(PrintStream outputStream) {
+        super(outputStream);
+    }
     @Override
 …
             @Override
             public void run() {
+                closeSplashScreen();
                 BasicExceptionDialog.show(exception);
+            }
         });
+        printMessage(exception);
+    }
+    private void closeSplashScreen() {
+        synchronized(mutex) {
+            if (splashScreen != null) {
+                if (splashScreen.isSplashScreenValid()) {
+                    splashScreen.setVisible(false);
+                }
+                splashScreen.dispose();
+            }
+        }
+    }
 …
             @Override
             public void run() {
+                if (splashScreen != null) {
+                    if (splashScreen.isSplashScreenValid()) {
+                        splashScreen.setVisible(false);
+                    }
+                    splashScreen.dispose();
+                }
+                closeSplashScreen();
+            }
         });
 …
     @Override
     public void launchInitialized(final JNLPFile file) {
+        int preferredWidth = 500;
+        int preferredHeight = 400;
+        final URL splashImageURL = file.getInformation().getIconLocation(
+                IconDesc.SPLASH, preferredWidth, preferredHeight);
+        if (splashImageURL != null) {
+            final ResourceTracker resourceTracker = new ResourceTracker(true);
+            resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy);
+            synchronized(mutex) {
+                try {
+                    SwingUtilities.invokeAndWait(new Runnable() {
+                        @Override
+                        public void run() {
+                            splashScreen = new JNLPSplashScreen(resourceTracker, null, null);
+                        }
+                    });
+                } catch (InterruptedException ie) {
+                    // Wait till splash screen is created
+                    while (splashScreen == null);
+                } catch (InvocationTargetException ite) {
+                    ite.printStackTrace();
+                }
+                splashScreen.setSplashImageURL(splashImageURL);
+            }
+        }
         SwingUtilities.invokeLater(new Runnable() {
             @Override
             public void run() {
-                final int preferredWidth = 500;
-                final int preferredHeight = 400;
-                URL splashImageURL = file.getInformation().getIconLocation(
-                        IconDesc.SPLASH, preferredWidth, preferredHeight);
                 if (splashImageURL != null) {
+                    ResourceTracker resourceTracker = new ResourceTracker(true);
+                    resourceTracker.addResource(splashImageURL, file.getFileVersion(), null, policy);
+                    splashScreen = new JNLPSplashScreen(resourceTracker, null, null);
+                    splashScreen.setSplashImageURL(splashImageURL);
+                    if (splashScreen.isSplashScreenValid()) {
+                        splashScreen.setVisible(true);
+                    synchronized(mutex) {
+                        if (splashScreen.isSplashScreenValid()) {
+                            splashScreen.setVisible(true);
+                        }
+                    }
+                }
 …
     @Override
     public boolean launchWarning(LaunchException warning) {
         DefaultLaunchHandler.printMessage(warning);
+        printMessage(warning);
         return true;
+    }
     @Override
+    public boolean validationError(LaunchException security) {
+        DefaultLaunchHandler.printMessage(security);
+    public boolean validationError(LaunchException error) {
+        closeSplashScreen();
+        printMessage(error);
         return true;
+    }

trunk/icedtea-web/netx/net/sourceforge/jnlp/InstallerDesc.java

-              r348
+              r418
  * @version $Revision: 1.6 $
  */
 public class InstallerDesc {
+public class InstallerDesc implements LaunchDesc {
     /** the main class name and package. */
 …
      * Returns the main class name and package.
      */
+    @Override
     public String getMainClass() {
         return mainClass;

trunk/icedtea-web/netx/net/sourceforge/jnlp/JNLPFile.java

-              r348
+              r418
     /** the application description */
     protected Object launchType;
+    protected LaunchDesc launchType;
     /** the component description */
 …
     protected SecurityDesc security;
+    /** the default JVM locale */
+    protected Locale defaultLocale = null;
     /** the default OS */
     protected Locale defaultLocale = null;
+    protected String defaultOS = null;
     /** the default arch */
-    protected String defaultOS = null;
-    /** the default jvm */
     protected String defaultArch = null;
+    /** A signed JNLP file is missing from the main jar */
+    private boolean missingSignedJNLP = false;
+    /** JNLP file contains special properties */
+    private boolean containsSpecialProperties = false;
+    /**
+     * List of acceptable properties (not-special)
+     */
+    private String[] generalProperties = SecurityDesc.getJnlpRIAPermissions();
     { // initialize defaults if security allows
 …
+    }
+    static enum Match { LANG_COUNTRY_VARIANT, LANG_COUNTRY, LANG, GENERALIZED }
     /**
      * Empty stub, allowing child classes to override the constructor
 …
      */
     public JNLPFile(URL location, Version version, boolean strict, UpdatePolicy policy) throws IOException, ParseException {
+        this(location, version, strict, policy, null);
+    }
+    /**
+     * Create a JNLPFile from a URL and a version, checking for updates
+     * using the specified policy.
+     *
+     * @param location the location of the JNLP file
+     * @param version the version of the JNLP file
+     * @param strict whether to enforce the spec when
+     * @param policy the update policy
+     * @param forceCodebase codebase to use if not specified in JNLP file.
+     * @throws IOException if an IO exception occurred
+     * @throws ParseException if the JNLP file was invalid
+     */
+    protected JNLPFile(URL location, Version version, boolean strict, UpdatePolicy policy, URL forceCodebase) throws IOException, ParseException {
         Node root = Parser.getRootNode(openURL(location, version, policy));
         parse(root, strict, location);
+        parse(root, strict, location, forceCodebase);
         //Downloads the original jnlp file into the cache if possible
 …
         //originated from a website, then download the one from the website
         //into the cache).
         if (sourceLocation != null && location.getProtocol() == "file") {
+        if (sourceLocation != null && "file".equals(location.getProtocol())) {
             openURL(sourceLocation, version, policy);
+        }
 …
      */
     public JNLPFile(InputStream input, boolean strict) throws ParseException {
         parse(Parser.getRootNode(input), strict, null);
+        parse(Parser.getRootNode(input), strict, null, null);
+    }
 …
     /**
      * Returns the JNLP file's title.  This method returns the same
+     * Returns the JNLP file's best localized title. This method returns the same
      * value as InformationDesc.getTitle().
      */
 …
     /**
+     * Returns the JNLP file's best localized vendor. This method returns the same
+     * value as InformationDesc.getVendor().
+     */
+    public String getVendor() {
+        return getInformation().getVendor();
+    }
+    /**
      * Returns the JNLP file's network location as specified in the
      * JNLP file.
 …
     public InformationDesc getInformation(final Locale locale) {
         return new InformationDesc(this, new Locale[] { locale }) {
+            @Override
             protected List<Object> getItems(Object key) {
                 List<Object> result = new ArrayList<Object>();
+                for (int i = 0; i < info.size(); i++) {
+                    InformationDesc infoDesc = info.get(i);
+                    if (localMatches(locale, infoDesc.getLocales()))
+                        result.addAll(infoDesc.getItems(key));
+                for (Match precision : Match.values()) {
+                    for (InformationDesc infoDesc : JNLPFile.this.info) {
+                        if (localeMatches(locale, infoDesc.getLocales(), precision)) {
+                            result.addAll(infoDesc.getItems(key));
+                        }
+                    }
+                    if (result.size() > 0) {
+                        return result;
+                    }
+                }
                 return result;
+            }
+            @Override
+            public String getTitle() {
+                for (Match precision : Match.values()) {
+                    for (InformationDesc infoDesc : JNLPFile.this.info) {
+                        String title = infoDesc.getTitle();
+                        if (localeMatches(locale, infoDesc.getLocales(), precision)
+                                && title != null && !"".equals(title)) {
+                            return title;
+                        }
+                    }
+                }
+                return null;
+            }
+            @Override
+            public String getVendor() {
+                for (Match precision : Match.values()) {
+                    for (InformationDesc infoDesc : JNLPFile.this.info) {
+                        String vendor = infoDesc.getVendor();
+                        if (localeMatches(locale, infoDesc.getLocales(), precision)
+                                && vendor != null && !"".equals(vendor)) {
+                            return vendor;
+                        }
+                    }
+                }
+                return null;
+            }
         };
 …
     public ResourcesDesc getResources(final Locale locale, final String os, final String arch) {
         return new ResourcesDesc(this, new Locale[] { locale }, new String[] { os }, new String[] { arch }) {
+            @Override
             public <T> List<T> getResources(Class<T> launchType) {
                 List<T> result = new ArrayList<T>();
+                for (int i = 0; i < resources.size(); i++) {
+                    ResourcesDesc rescDesc = resources.get(i);
+                    if (localMatches(locale, rescDesc.getLocales())
+                for (ResourcesDesc rescDesc : resources) {
+                    boolean hasUsableLocale = false;
+                    for (Match match : Match.values()) {
+                        hasUsableLocale |= localeMatches(locale, rescDesc.getLocales(), match);
+                    }
+                    if (hasUsableLocale
                             && stringMatches(os, rescDesc.getOS())
                             && stringMatches(arch, rescDesc.getArch()))
 …
+            }
+            @Override
             public void addResource(Object resource) {
                 // todo: honor the current locale, os, arch values
 …
         List<ResourcesDesc> matchingResources = new ArrayList<ResourcesDesc>();
         for (ResourcesDesc rescDesc: resources) {
+            if (localMatches(locale, rescDesc.getLocales())
+            boolean hasUsableLocale = false;
+            for (Match match : Match.values()) {
+                hasUsableLocale |= localeMatches(locale, rescDesc.getLocales(), match);
+            }
+            if (hasUsableLocale
                     && stringMatches(os, rescDesc.getOS())
                     && stringMatches(arch, rescDesc.getArch())) {
 …
      * ApplicationDesc and InstallerDesc
      */
     public Object getLaunchInfo() {
+    public LaunchDesc getLaunchInfo() {
         return launchType;
+    }
 …
      * @param requested the local
      * @param available the available locales
+     * @param precision the depth with which to match locales. 1 checks only
+     * language, 2 checks language and country, 3 checks language, country and
+     * variant for matches. Passing 0 will always return true.
      * @return true if requested matches any of available, or if
      * available is empty or null.
      */
+    private boolean localMatches(Locale requested, Locale available[]) {
+        if (available == null || available.length == 0)
+            return true;
+        for (int i = 0; i < available.length; i++) {
+            String language = requested.getLanguage(); // "" but never null
+            String country = requested.getCountry();
+            String variant = requested.getVariant();
+            if (!"".equals(language) && !language.equalsIgnoreCase(available[i].getLanguage()))
+                continue;
+            if (!"".equals(country) && !country.equalsIgnoreCase(available[i].getCountry()))
+                continue;
+            if (!"".equals(variant) && !variant.equalsIgnoreCase(available[i].getVariant()))
+                continue;
+            return true;
+        }
+    public boolean localeMatches(Locale requested, Locale available[], Match matchLevel) {
+        if (matchLevel == Match.GENERALIZED)
+            return available == null || available.length == 0;
+        String language = requested.getLanguage(); // "" but never null
+        String country = requested.getCountry();
+        String variant = requested.getVariant();
+        for (Locale locale : available) {
+            switch (matchLevel) {
+                case LANG:
+                    if (!language.isEmpty()
+                            && language.equals(locale.getLanguage())
+                            && locale.getCountry().isEmpty()
+                            && locale.getVariant().isEmpty())
+                        return true;
+                    break;
+                case LANG_COUNTRY:
+                    if (!language.isEmpty()
+                            && language.equals(locale.getLanguage())
+                            && !country.isEmpty()
+                            && country.equals(locale.getCountry())
+                            && locale.getVariant().isEmpty())
+                        return true;
+                    break;
+                case LANG_COUNTRY_VARIANT:
+                    if (language.equals(locale.getLanguage())
+                            && country.equals(locale.getCountry())
+                            && variant.equals(locale.getVariant()))
+                        return true;
+                    break;
+                default:
+                    break;
+            }
+        }
         return false;
+    }
 …
      * @param location the file location or null
      */
     private void parse(Node root, boolean strict, URL location) throws ParseException {
+    private void parse(Node root, boolean strict, URL location, URL forceCodebase) throws ParseException {
         try {
             //if (location != null)
             //  location = new URL(location, "."); // remove filename
             Parser parser = new Parser(this, location, root, strict, true); // true == allow extensions
+            Parser parser = new Parser(this, location, root, strict, true, forceCodebase); // true == allow extensions
             // JNLP tag information
 …
             sourceLocation = parser.getFileLocation() != null ? parser.getFileLocation() : location;
             info = parser.getInfo(root);
+            parser.checkForInformation();
             update = parser.getUpdate(root);
             resources = parser.getResources(root, false); // false == not a j2se/java resources section
 …
             component = parser.getComponent(root);
             security = parser.getSecurity(root);
+            checkForSpecialProperties();
         } catch (ParseException ex) {
             throw ex;
 …
             throw new RuntimeException(ex.toString());
+        }
+    }
+    /**
+     * Inspects the JNLP file to check if it contains any special properties
+     */
+    private void checkForSpecialProperties() {
+        for (ResourcesDesc res : resources) {
+            for (PropertyDesc propertyDesc : res.getProperties()) {
+                for (int i = 0; i < generalProperties.length; i++) {
+                    String property = propertyDesc.getKey();
+                    if (property.equals(generalProperties[i])) {
+                        break;
+                    } else if (!property.equals(generalProperties[i])
+                            && i == generalProperties.length - 1) {
+                        containsSpecialProperties = true;
+                        return;
+                    }
+                }
+            }
+        }
+    }
 …
+    }
+    /**
+     * Returns a boolean after determining if a signed JNLP warning should be
+     * displayed in the 'More Information' panel.
+     *
+     * @return true if a warning should be displayed; otherwise false
+     */
+    public boolean requiresSignedJNLPWarning() {
+        return (missingSignedJNLP && containsSpecialProperties);
+    }
+    /**
+     * Informs that a signed JNLP file is missing in the main jar
+     */
+    public void setSignedJNLPAsMissing() {
+        missingSignedJNLP = true;
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/JNLPSplashScreen.java

-              r348
+              r418
 import javax.imageio.ImageIO;
 import javax.swing.JFrame;
+import javax.swing.JDialog;
 import net.sourceforge.jnlp.cache.ResourceTracker;
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.util.ImageResources;
 public class JNLPSplashScreen extends JFrame {
+public class JNLPSplashScreen extends JDialog {
     String applicationTitle;
 …
     public JNLPSplashScreen(ResourceTracker resourceTracker,
             String applicationTitle, String applicationVendor) {
+        setIconImages(ImageResources.INSTANCE.getApplicationImages());
         // If the JNLP file does not contain any icon images, the splash image

trunk/icedtea-web/netx/net/sourceforge/jnlp/LaunchException.java

-              r348
+              r418
 package net.sourceforge.jnlp;
-import java.io.*;
-import java.util.*;
-import net.sourceforge.jnlp.util.*;
 /**
  * Thrown when a JNLP application, applet, or installer could not
 …
 public class LaunchException extends Exception {
+    /** the original exception */
+    private Throwable cause = null;
+    private static final long serialVersionUID = 7283827853612357423L;
     /** the file being launched */
 …
      */
     public LaunchException(JNLPFile file, Exception cause, String severity, String category, String summary, String description) {
+        super(severity + ": " + category + ": " + summary);
+        super(severity + ": " + category + ": " + summary + " "
+                    + (description == null ? "" : description), cause);
         this.file = file;
 …
         this.description = description;
         this.severity = severity;
-        // replace with setCause when no longer 1.3 compatible
-        this.cause = cause;
+    }
 …
      */
     public LaunchException(Throwable cause) {
+        this(cause.getMessage());
+        // replace with setCause when no longer 1.3 compatible
+        this.cause = cause;
+        super(cause);
+    }
 …
      */
     public LaunchException(String message, Throwable cause) {
+        this(message + ": " + cause.getMessage());
+        // replace with setCause when no longer 1.3 compatible
+        this.cause = cause;
+        super(message, cause);
+    }
 …
+    }
-    /**
-     * Return the cause of the launch exception or null if there
-     * is no cause exception.
-     */
-    public Throwable getCause() {
-        return cause;
+    }
-    /**
-     * Returns the causes for this exception.  This method is
-     * useful on JRE 1.3 since getCause is not a standard method,
-     * and will be removed once netx no longer supports 1.3.
-     */
-    public Throwable[] getCauses() {
-        ArrayList<Throwable> result = new ArrayList<Throwable>();
-        Reflect r = new Reflect();
-        Throwable cause = this.cause;
-        while (cause != null) {
-            result.add(cause);
-            cause = (Throwable) r.invoke(cause, "getCause");
+        }
-        return result.toArray(new Throwable[0]);
+    }
-    /**
-     * Print the stack trace and the cause exception (1.3
-     * compatible)
-     */
-    public void printStackTrace(PrintStream stream) {
-        super.printStackTrace(stream);
-        if (cause != null) {
-            stream.println("Caused by: ");
-            cause.printStackTrace(stream);
+        }
+    }
-    /**
-     * Print the stack trace and the cause exception (1.3
-     * compatible)
-     */
-    public void printStackTrace(PrintWriter stream) {
-        super.printStackTrace(stream);
-        if (cause != null) {
-            stream.println("Caused by: ");
-            cause.printStackTrace(stream);
+        }
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/LaunchHandler.java

r348	r418
51	51	* @return true to allow the application to continue, false to stop it.
52	52	*/
53		public boolean validationError(LaunchException ~~security~~);
	53	public boolean validationError(LaunchException error);
54	54
55	55	// this method will probably be replaced when real security

trunk/icedtea-web/netx/net/sourceforge/jnlp/Launcher.java

-              r348
+              r418
 import java.net.URL;
 import java.net.UnknownHostException;
+import java.util.Arrays;
 import java.util.LinkedList;
 import java.util.List;
 …
 import net.sourceforge.jnlp.cache.CacheUtil;
 import net.sourceforge.jnlp.cache.UpdatePolicy;
-import net.sourceforge.jnlp.runtime.AppThreadGroup;
 import net.sourceforge.jnlp.runtime.AppletInstance;
 import net.sourceforge.jnlp.runtime.ApplicationInstance;
 …
             main.setAccessible(true);
+            if (JNLPRuntime.isDebug()) {
+                System.out.println("Invoking main() with args: " + Arrays.toString(args));
+            }
             main.invoke(null, new Object[] { args });
 …
+            }
+            AppThreadGroup group = (AppThreadGroup) Thread.currentThread().getThreadGroup();
+            ThreadGroup group = Thread.currentThread().getThreadGroup();
+            // appletInstance is needed by ServiceManager when looking up
+            // services. This could potentially be done in applet constructor
+            // so initialize appletInstance before creating applet.
+            AppletInstance appletInstance;
+            if (cont == null)
+                appletInstance = new AppletInstance(file, group, loader, null);
+            else
+                appletInstance = new AppletInstance(file, group, loader, null, cont);
+            loader.setApplication(appletInstance);
+            // Initialize applet now that ServiceManager has access to its
+            // appletInstance.
             String appletName = file.getApplet().getMainClass();
-            //Classloader chokes if there's '/' in the path to the main class.
-            //Must replace with '.' instead.
-            appletName = appletName.replace('/', '.');
             Class appletClass = loader.loadClass(appletName);
             Applet applet = (Applet) appletClass.newInstance();
+            AppletInstance appletInstance;
+            if (cont == null)
+                appletInstance = new AppletInstance(file, group, loader, applet);
+            else
+                appletInstance = new AppletInstance(file, group, loader, applet, cont);
+            group.setApplication(appletInstance);
+            loader.setApplication(appletInstance);
+            // Finish setting up appletInstance.
+            appletInstance.setApplet(applet);
+            appletInstance.getAppletEnvironment().setApplet(applet);
             setContextClassLoaderForAllThreads(appletInstance.getThreadGroup(), appletInstance.getClassLoader());
 …
             String appletName = file.getApplet().getMainClass();
-            //Classloader chokes if there's '/' in the path to the main class.
-            //Must replace with '.' instead.
-            appletName = appletName.replace('/', '.');
             Class appletClass = loader.loadClass(appletName);
             Applet applet = (Applet) appletClass.newInstance();
 …
         try {
             JNLPClassLoader loader = JNLPClassLoader.getInstance(file, updatePolicy);
             AppThreadGroup group = (AppThreadGroup) Thread.currentThread().getThreadGroup();
+            ThreadGroup group = Thread.currentThread().getThreadGroup();
             ApplicationInstance app = new ApplicationInstance(file, group, loader);
-            group.setApplication(app);
             loader.setApplication(app);
 …
      * ThreadGroup has to be created at an earlier point in the applet code.
      */
     protected AppThreadGroup createThreadGroup(JNLPFile file) {
         AppThreadGroup appThreadGroup = null;
+    protected ThreadGroup createThreadGroup(JNLPFile file) {
+        ThreadGroup tg = null;
         if (file instanceof PluginBridge) {
             appThreadGroup = (AppThreadGroup) Thread.currentThread().getThreadGroup();
+            tg = Thread.currentThread().getThreadGroup();
         } else {
             appThreadGroup = new AppThreadGroup(mainGroup, file.getTitle());
+        }
         return appThreadGroup;
+            tg = new ThreadGroup(mainGroup, file.getTitle());
+        }
+        return tg;
+    }

trunk/icedtea-web/netx/net/sourceforge/jnlp/NetxPanel.java

-              r348
+              r418
 import net.sourceforge.jnlp.AppletLog;
-import net.sourceforge.jnlp.runtime.AppThreadGroup;
 import net.sourceforge.jnlp.runtime.AppletInstance;
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
 import java.net.URL;
+import java.util.HashMap;
 import java.util.Hashtable;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
 import sun.applet.AppletViewerPanel;
 …
     private AppletInstance appInst = null;
     private boolean appletAlive;
+    private final String uKey;
+    // We use this so that we can create exactly one thread group
+    // for all panels with the same uKey.
+    private static final Map<String, ThreadGroup> uKeyToTG =
+        new HashMap<String, ThreadGroup>();
+    private static final Object TGMapMutex = new Object();
+    // This map is actually a set (unfortunately there is no ConcurrentSet
+    // in java.util.concurrent). If KEY is in this map, then we know that
+    // an app context has been created for the panel that has uKey.equals(KEY),
+    // so we avoid creating it a second time for panels with the same uKey.
+    // Because it's a set, only the keys matter. However, we can't insert
+    // null values in because if we did, we couldn't use null checks to see
+    // if a key was absent before a putIfAbsent.
+    private static final ConcurrentMap<String, Boolean> appContextCreated =
+        new ConcurrentHashMap<String, Boolean>();
     public NetxPanel(URL documentURL, Hashtable<String, String> atts) {
         super(documentURL, atts);
+        /* According to http://download.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/applet-compatibility.html,
+         * classloaders are shared iff these properties match:
+         * codebase, cache_archive, java_archive, archive
+         *
+         * To achieve this, we create the uniquekey based on those 4 values,
+         * always in the same order. The initial "<NAME>=" parts ensure a
+         * bad tag cannot trick the loader into getting shared with another.
+         */
+        // Firefox sometimes skips the codebase if it is default  -- ".",
+        // so set it that way if absent
+        String codebaseAttr =      atts.get("codebase") != null ?
+                                   atts.get("codebase") : ".";
+        String cache_archiveAttr = atts.get("cache_archive") != null ?
+                                   atts.get("cache_archive") : "";
+        String java_archiveAttr =  atts.get("java_archive") != null ?
+                                   atts.get("java_archive") : "";
+        String archiveAttr =       atts.get("archive") != null ?
+                                   atts.get("archive") : "";
+        this.uKey = "codebase=" + codebaseAttr +
+                    "cache_archive=" + cache_archiveAttr +
+                    "java_archive=" + java_archiveAttr +
+                    "archive=" +  archiveAttr;
+        // when this was being done (incorrectly) in Launcher, the call was
+        // new AppThreadGroup(mainGroup, file.getTitle());
+        synchronized(TGMapMutex) {
+            if (!uKeyToTG.containsKey(this.uKey)) {
+                ThreadGroup tg = new ThreadGroup(Launcher.mainGroup, this.documentURL.toString());
+                uKeyToTG.put(this.uKey, tg);
+            }
+        }
+    }
 …
         this.exitOnFailure = exitOnFailure;
         this.appletAlive = true;
+    }
-    @Override
-    public void run() {
-        /*
-         * create an AppContext for this thread associated with this particular
-         * plugin instance (which runs in a different thread group from the rest
-         * of the plugin).
-         */
-        SunToolkit.createNewAppContext();
-        super.run();
+    }
 …
         super.showAppletException(t);
+    }
     //Overriding to use Netx classloader. You might need to relax visibility
     //in sun.applet.AppletPanel for runLoader().
 …
                                 getWidth(),
                                 getHeight(),
                                 atts);
+                                atts, uKey);
             doInit = true;
 …
+        }
+        // when this was being done (incorrectly) in Launcher, the call was
+        // new AppThreadGroup(mainGroup, file.getTitle());
+        ThreadGroup tg = new AppThreadGroup(Launcher.mainGroup,
+                this.documentURL.toString());
+        handler = new Thread(tg, this);
+        handler = new Thread(getThreadGroup(), this);
         handler.start();
+    }
 …
         return handler != null && handler.isAlive() && this.appletAlive;
+    }
+    public ThreadGroup getThreadGroup() {
+        synchronized(TGMapMutex) {
+            return uKeyToTG.get(uKey);
+        }
+    }
+    public void createNewAppContext() {
+        if (Thread.currentThread().getThreadGroup() != getThreadGroup()) {
+            throw new RuntimeException("createNewAppContext called from the wrong thread.");
+        }
+        // only create a new context if one hasn't already been created for the
+        // applets with this unique key.
+        if (null == appContextCreated.putIfAbsent(uKey, Boolean.TRUE)) {
+            SunToolkit.createNewAppContext();
+        }
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/Node.java

-              r348
+              r418
     private Node next;
     private Node children[];
+    private List <String> attributeNames= null;
     Node(XMLElement xml) {
 …
         return children;
+    }
+    /**
+     * To retrieve all attribute names
+     * @return all attribute names of the Node in ArrayList<String>
+     */
+    List<String> getAttributeNames() {
+        if (attributeNames == null) {
+            attributeNames= new ArrayList<String>();
+            for (Enumeration e = xml.enumerateAttributeNames(); e.hasMoreElements();)
+                attributeNames.add(new String((String) e.nextElement()));
+        }
+        return attributeNames;
+    }
     String getAttribute(String name) {
 …
     private Node next;
     private Node children[];
+    private String attributeNames[];
     Node(ParsedXML tinyNode) {
 …
         return children;
+    }
     String getAttribute(String name) {
         return tinyNode.getAttribute(name);

trunk/icedtea-web/netx/net/sourceforge/jnlp/Parser.java

-              r348
+              r418
 // Copyright (C) 2001-2003 Jon A. Maxwell (JAM)
 // Copyright (C) 2009 Red Hat, Inc.
+// Copyright (C) 2012 Red Hat, Inc.
 //
 // This library is free software; you can redistribute it and/or
 …
 import net.sourceforge.jnlp.UpdateDesc.Check;
 import net.sourceforge.jnlp.UpdateDesc.Policy;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
 import net.sourceforge.nanoxml.*;
 …
      */
     public Parser(JNLPFile file, URL base, Node root, boolean strict, boolean allowExtensions) throws ParseException {
+        this(file, base, root, strict, allowExtensions, null);
+    }
+    /**
+     * Create a parser for the JNLP file.  If the location
+     * parameters is not null it is used as the default codebase
+     * (does not override value of jnlp element's href
+     * attribute).<p>
+     *
+     * The root node may be normalized as a side effect of this
+     * constructor.
+     *
+     * @param file the (uninitialized) file reference
+     * @param base if codebase is not specified, a default base for relative URLs
+     * @param root the root node
+     * @param strict whether to enforce strict compliance with the JNLP spec
+     * @param allowExtensions whether to allow extensions to the JNLP spec
+     * @param codebase codebase to use if we did not parse one from JNLP file.
+     * @throws ParseException if the JNLP file is invalid
+     */
+    public Parser(JNLPFile file, URL base, Node root, boolean strict, boolean allowExtensions, URL codebase) throws ParseException {
         this.file = file;
         this.root = root;
 …
         this.spec = getVersion(root, "spec", "1.0+");
         this.codebase = addSlash(getURL(root, "codebase", base));
+        this.base = (codebase != null) ? codebase : base; // if codebase not specified use default codebase
+        if (this.codebase == null) // We only override it if it is not specified.
+            this.codebase = codebase;
+        this.base = (this.codebase != null) ? this.codebase : base; // if codebase not specified use default codebase
         fileLocation = getURL(root, "href", this.base);
 …
     /**
+     * Make sure a title and vendor are present and nonempty and localized as
+     * best matching as possible for the JVM's current locale. Fallback to a
+     * generalized title and vendor otherwise. If none is found, throw an exception.
+     *
+     * Additionally prints homepage, description, title and vendor to stdout
+     * if in Debug mode.
+     * @throws RequiredElementException
+     */
+    void checkForInformation() throws RequiredElementException {
+        if (JNLPRuntime.isDebug()) {
+            System.out.println("Homepage: " + file.getInformation().getHomepage());
+            System.out.println("Description: " + file.getInformation().getDescription());
+        }
+        String title = file.getTitle();
+        String vendor = file.getVendor();
+        if (title == null || title.trim().isEmpty())
+            throw new MissingTitleException();
+        else if (JNLPRuntime.isDebug())
+            System.out.println("Acceptable title tag found, contains: " + title);
+        if (vendor == null || vendor.trim().isEmpty())
+            throw new MissingVendorException();
+        else if (JNLPRuntime.isDebug())
+            System.out.println("Acceptable vendor tag found, contains: " + vendor);
+    }
+    /**
      * Returns all of the information elements under the specified
      * node.
 …
         // ensure that there are at least one information section present
         if (info.length == 0)
             throw new ParseException(R("PNoInfoElement"));
+            throw new MissingInformationException();
         // create objects from the info sections
+        for (int i = 0; i < info.length; i++)
+            result.add(getInformationDesc(info[i]));
+        for (Node infoNode : info) {
+            result.add(getInformationDesc(infoNode));
+        }
         return result;
 …
      * @throws ParseException if the JNLP file is invalid
      */
     public Object getLauncher(Node parent) throws ParseException {
+    public LaunchDesc getLauncher(Node parent) throws ParseException {
         // check for other than one application type
         if (1 < getChildNodes(parent, "applet-desc").length
 …
         String language = localeStr.substring(0, 2);
         String country = (localeStr.length() < 5) ? "" : localeStr.substring(3, 5);
         String variant = (localeStr.length() < 7) ? "" : localeStr.substring(6, 8);
+        String variant = (localeStr.length() > 7) ? localeStr.substring(6) : "";
         // null is not allowed n locale but "" is

trunk/icedtea-web/netx/net/sourceforge/jnlp/PluginBridge.java

-              r348
+              r418
 /*
  * Copyright 2007 Red Hat, Inc.
+ * Copyright 2012 Red Hat, Inc.
  * This file is part of IcedTea, http://icedtea.classpath.org
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 …
 package net.sourceforge.jnlp;
+import java.io.File;
 import java.net.URL;
 import java.net.MalformedURLException;
 import java.util.Hashtable;
+import java.util.HashSet;
 import java.util.Locale;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Map;
+import java.util.Set;
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
+/**
+ * Allows reuse of code that expects a JNLPFile object,
+ * while overriding behaviour specific to applets.
+ */
 public class PluginBridge extends JNLPFile {
+    String name;
+    String[] jars = new String[0];
+    String[] cacheJars = new String[0];
+    String[] cacheExJars = new String[0];
+    Hashtable<String, String> atts;
+    private String name;
+    private Set<String> jars = new HashSet<String>();
+    //Folders can be added to the code-base through the archive tag
+    private List<String> codeBaseFolders = new ArrayList<String>();
+    private String[] cacheJars = new String[0];
+    private String[] cacheExJars = new String[0];
+    private Map<String, String> atts;
     private boolean usePack;
     private boolean useVersion;
     private boolean codeBaseLookup;
+    private boolean useJNLPHref;
+    /**
+     * Creates a new PluginBridge using a default JNLPCreator.
+     */
     public PluginBridge(URL codebase, URL documentBase, String jar, String main,
+                        int width, int height, Hashtable<String, String> atts)
+                        int width, int height, Map<String, String> atts,
+                        String uKey)
+            throws Exception {
+        this(codebase, documentBase, jar, main, width, height, atts, uKey, new JNLPCreator());
+    }
+    /**
+     * Handles archive tag entries, which may be folders or jar files
+     * @param archives the components of the archive tag
+     */
+    private void addArchiveEntries(String[] archives) {
+        for (String archiveEntry : archives){
+            // trim white spaces
+            archiveEntry = archiveEntry.trim();
+            /*Only '/' on linux, '/' or '\\' on windows*/
+            if (archiveEntry.endsWith("/") || archiveEntry.endsWith(File.pathSeparator)) {
+                this.codeBaseFolders.add(archiveEntry);
+            } else {
+                this.jars.add(archiveEntry);
+            }
+        }
+    }
+    public PluginBridge(URL codebase, URL documentBase, String archive, String main,
+                        int width, int height, Map<String, String> atts,
+                        String uKey, JNLPCreator jnlpCreator)
             throws Exception {
         specVersion = new Version("1.0");
 …
         this.codeBase = codebase;
         this.sourceLocation = documentBase;
+        this.atts = atts;
         if (atts.containsKey("jnlp_href")) {
+            useJNLPHref = true;
             try {
+                URL jnlp = new URL(codeBase.toExternalForm() + atts.get("jnlp_href"));
+                JNLPFile jnlpFile = new JNLPFile(jnlp);
+                // Use codeBase as the context for the URL. If jnlp_href's
+                // value is a complete URL, it will replace codeBase's context.
+                URL jnlp = new URL(codeBase, atts.get("jnlp_href"));
+                JNLPFile jnlpFile = jnlpCreator.create(jnlp, null, false, JNLPRuntime.getDefaultUpdatePolicy(), codeBase);
                 Map<String, String> jnlpParams = jnlpFile.getApplet().getParameters();
+                info = jnlpFile.info;
                 // Change the parameter name to lowercase to follow conventions.
                 for (Map.Entry<String, String> entry : jnlpParams.entrySet()) {
                     atts.put(entry.getKey().toLowerCase(), entry.getValue());
+                    this.atts.put(entry.getKey().toLowerCase(), entry.getValue());
+                }
+                JARDesc[] jarDescs = jnlpFile.getResources().getJARs();
+                for (JARDesc jarDesc : jarDescs) {
+                     String fileName = jarDesc.getLocation().toExternalForm();
+                     this.jars.add(fileName);
+                 }
             } catch (MalformedURLException e) {
                 // Don't fail because we cannot get the jnlp file. Parameters are optional not required.
                 // it is the site developer who should ensure that file exist.
+                System.err.println("Unable to get JNLP file at: " + codeBase.toExternalForm()
+                        + atts.get("jnlp_href"));
+            }
+                System.err.println("Unable to get JNLP file at: " + atts.get("jnlp_href")
+                        + " with context of URL as: " + codeBase.toExternalForm());
+            }
+        } else {
+            // Should we populate this list with applet attribute tags?
+            info = new ArrayList<InformationDesc>();
+            useJNLPHref = false;
+        }
 …
+        }
+        if (jar != null && jar.length() > 0) {
+            this.jars = jar.split(",");
+            // trim white spaces
+            for (int i = 0; i < this.jars.length; i++) {
+                this.jars[i] = this.jars[i].trim();
+            }
+        if (archive != null && archive.length() > 0) {
+            String[] archives = archive.split(",");
+            addArchiveEntries(archives);
             if (JNLPRuntime.isDebug()) {
+                System.err.println("Jar string: " + jar);
+                System.err.println("jars length: " + jars.length);
+            }
+        }
+        this.atts = atts;
+                System.err.println("Jar string: " + archive);
+                System.err.println("jars length: " + archives.length);
+            }
+        }
         name = atts.get("name");
 …
             main = main.substring(0, main.length() - 6);
+        launchType = new AppletDesc(name, main, documentBase, width,
+        // the class name should be of the form foo.bar.Baz not foo/bar/Baz
+        String mainClass = main.replace('/', '.');
+        launchType = new AppletDesc(name, mainClass, documentBase, width,
                                     height, atts);
 …
             security = null;
+        /* According to http://download.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/applet-compatibility.html,
+         * classloaders are shared iff these properties match:
+         * codebase, cache_archive, java_archive, archive
+         *
+         * To achieve this, we create the uniquekey based on those 4 values,
+         * always in the same order. The initial "<NAME>=" parts ensure a
+         * bad tag cannot trick the loader into getting shared with another.
+         */
+        // Firefox sometimes skips the codebase if it is default  -- ".",
+        // so set it that way if absent
+        String codebaseAttr =      atts.get("codebase") != null ?
+                                   atts.get("codebase") : ".";
+        String cache_archiveAttr = atts.get("cache_archive") != null ?
+                                   atts.get("cache_archive") : "";
+        String java_archiveAttr =  atts.get("java_archive") != null ?
+                                   atts.get("java_archive") : "";
+        String archiveAttr =       atts.get("archive") != null ?
+                                   atts.get("archive") : "";
+        this.uniqueKey = "codebase=" + codebaseAttr +
+                         "cache_archive=" + cache_archiveAttr +
+                         "java_archive=" + java_archiveAttr +
+                         "archive=" +  archiveAttr;
+        this.uniqueKey = uKey;
         usePack = false;
         useVersion = false;
 …
+    }
+    public boolean useJNLPHref() {
+        return useJNLPHref;
+    }
     /**
      * {@inheritdoc }
 …
     public String getTitle() {
         return name;
+    }
-    public InformationDesc getInformation(final Locale locale) {
-        return new InformationDesc(this, new Locale[] { locale }) {
-            protected List<Object> getItems(Object key) {
-                // Should we populate this list with applet attribute tags?
-                return new ArrayList<Object>();
+            }
-        };
+    }
 …
                         jarDescs.addAll(sharedResources.getResources(JARDesc.class));
                         for (int i = 0; i < jars.length; i++)
                             if (jars[i].length() > 0)
                                 jarDescs.add(new JARDesc(new URL(codeBase, jars[i]),
+                        for (String name : jars) {
+                            if (name.length() > 0)
+                                jarDescs.add(new JARDesc(new URL(codeBase, name),
                                         null, null, false, true, false, true));
+                        }
                         boolean cacheable = true;
 …
                             cacheable = false;
                         for (int i = 0; i < cacheJars.length; i++) {
                             String[] jarAndVer = cacheJars[i].split(";");
+                        for (String cacheJar : cacheJars) {
+                            String[] jarAndVer = cacheJar.split(";");
                             String jar = jarAndVer[0];
 …
+                        }
                         for (int i = 0; i < cacheExJars.length; i++) {
                             if (cacheExJars[i].length() == 0)
+                        for (String cacheExJar : cacheExJars) {
+                            if (cacheExJar.length() == 0)
                                 continue;
                             String[] jarInfo = cacheExJars[i].split(";");
+                            String[] jarInfo = cacheExJar.split(";");
                             String jar = jarInfo[0].trim();
 …
     /**
+     * Returns the list of folders to be added to the codebase
+     */
+    public List<String> getCodeBaseFolders() {
+        return new ArrayList<String>(codeBaseFolders);
+    }
+    /**
      * Returns the resources section of the JNLP file for the
      * specified locale, os, and arch.

trunk/icedtea-web/netx/net/sourceforge/jnlp/ResourcesDesc.java

-              r348
+              r418
         JARDesc jars[] = getJARs();
+        for (int i = 0; i < jars.length; i++)
+            if (jars[i].isMain())
+                return jars[i];
+        for (JARDesc jar : jars) {
+            if (jar.isMain())
+                return jar;
+        }
         if (jars.length > 0)
 …
         Map<String, String> properties = new HashMap<String, String>();
         List<PropertyDesc> resources = getResources(PropertyDesc.class);
+        for (int i = 0; i < resources.size(); i++) {
+            PropertyDesc prop = resources.get(i);
+        for (PropertyDesc prop : resources) {
             properties.put(prop.getKey(), prop.getValue());
+        }
 …
         List<T> result = new ArrayList<T>();
+        for (int i = 0; i < resources.size(); i++)
+            if (type.isAssignableFrom(resources.get(i).getClass()))
+                result.add(type.cast(resources.get(i)));
+        for (Object resource : resources) {
+            if (type.isAssignableFrom(resource.getClass()))
+                result.add(type.cast(resource));
+        }
         return result;

trunk/icedtea-web/netx/net/sourceforge/jnlp/SecurityDesc.java

-              r348
+              r418
         // discard sandbox, give all
         if (type == ALL_PERMISSIONS) {
+        if (ALL_PERMISSIONS.equals(type)) {
             permissions = new Permissions();
             if (customTrustedPolicy == null) {
 …
         // add j2ee to sandbox if needed
         if (type == J2EE_PERMISSIONS)
+        if (J2EE_PERMISSIONS.equals(type))
             for (int i = 0; i < j2eePermissions.length; i++)
                 permissions.add(j2eePermissions[i]);
 …
                 permissions.add(jnlpRIAPermissions[i]);
         if (downloadHost != null)
+        if (downloadHost != null && downloadHost.length() > 0)
             permissions.add(new SocketPermission(downloadHost,
                                                  "connect, accept"));
 …
         return permissions;
+    }
+    /**
+     * Returns all the names of the basic JNLP system properties accessible by RIAs
+     */
+    public static String[] getJnlpRIAPermissions() {
+        String[] jnlpPermissions = new String[jnlpRIAPermissions.length];
+        for (int i = 0; i < jnlpRIAPermissions.length; i++)
+            jnlpPermissions[i] = jnlpRIAPermissions[i].getName();
+        return jnlpPermissions;
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/Version.java

-              r348
+              r418
         // compare as integers
+        // for normalization key, compare exact object, not using .equals
         try {
             if (!(part1 == emptyString)) // compare to magic normalization key
 …
+        }
         if (part1 == emptyString)
+        if (part1 == emptyString) // compare to magic normalization key
             part1 = "";
         if (part2 == emptyString)
+        if (part2 == emptyString) // compare to magic normalization key
             part2 = "";

trunk/icedtea-web/netx/net/sourceforge/jnlp/cache/CacheLRUWrapper.java

-              r348
+              r418
 package net.sourceforge.jnlp.cache;
+import java.util.Set;
+import static  net.sourceforge.jnlp.runtime.Translator.R;
 import java.io.File;
 import java.io.IOException;
 …
 import java.util.Collections;
 import java.util.Comparator;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map.Entry;
 …
     /* location of cache directory */
     private final String cacheDir = new File(JNLPRuntime.getConfiguration()
             .getProperty(DeploymentConfiguration.KEY_USER_CACHE_DIR)).getPath();
+    private final String setCachePath = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_USER_CACHE_DIR);
+    private final String cacheDir = new File(setCachePath != null ? setCachePath : System.getProperty("java.io.tmpdir")).getPath();
     /*
 …
      */
     public synchronized void load() {
+        cacheOrder.load();
+        boolean loaded = cacheOrder.load();
+        /*
+         * clean up possibly corrupted entries
+         */
+        if (loaded && checkData()) {
+            if (JNLPRuntime.isDebug()) {
+                new LruCacheException().printStackTrace();
+            }
+            System.out.println(R("CFakeCache"));
+            store();
+            System.out.println(R("CFakedCache"));
+        }
+    }
+    /**
+     * check content of cacheOrder and remove invalid/corrupt entries
+     *
+     * @return true, if cache was corrupted and affected entry removed
+     */
+    private boolean checkData () {
+        boolean modified = false;
+        Set<Entry<Object, Object>> q = cacheOrder.entrySet();
+        for (Iterator<Entry<Object, Object>> it = q.iterator(); it.hasNext();) {
+            Entry<Object, Object> currentEntry = it.next();
+            final String key = (String) currentEntry.getKey();
+            final String path = (String) currentEntry.getValue();
+            // 1. check key format: "milliseconds,number"
+            try {
+                String sa[] = key.split(",");
+                Long l1 = Long.parseLong(sa[0]);
+                Long l2 = Long.parseLong(sa[1]);
+            } catch (Exception ex) {
+                it.remove();
+                modified = true;
+                continue;
+            }
+            // 2. check path format - does the path look correct?
+            if (path != null) {
+                if (path.indexOf(cacheDir) < 0) {
+                    it.remove();
+                    modified = true;
+                }
+            } else {
+                it.remove();
+                modified = true;
+            }
+        }
+        return modified;
+    }
 …
             @Override
             public int compare(Entry<String, String> e1, Entry<String, String> e2) {
+                try {
+                    Long t1 = Long.parseLong(e1.getKey().split(",")[0]);
+                    Long t2 = Long.parseLong(e2.getKey().split(",")[0]);
+                    int c = t1.compareTo(t2);
+                    return c < 0 ? 1 : (c > 0 ? -1 : 0);
+                } catch (NumberFormatException e) {
+                    // Perhaps an error is too harsh. Maybe just somehow turn
+                    // caching off if this is the case.
+                    throw new InternalError("Corrupt LRU file entries");
+                }
+                Long t1 = Long.parseLong(e1.getKey().split(",")[0]);
+                Long t2 = Long.parseLong(e2.getKey().split(",")[0]);
+                int c = t1.compareTo(t2);
+                return c < 0 ? 1 : (c > 0 ? -1 : 0);
+            }
         });
 …
         return System.currentTimeMillis() + "," + getIdForCacheFolder(path);
+    }
+    void clearLRUSortedEntries() {
+        cacheOrder.clear();
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/cache/CacheUtil.java

-              r382
+              r418
 public class CacheUtil {
     private static final String cacheDir = new File(JNLPRuntime.getConfiguration()
             .getProperty(DeploymentConfiguration.KEY_USER_CACHE_DIR)).getPath(); // Do this with file to standardize it.
+    private static final String setCacheDir = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_USER_CACHE_DIR);
+    private static final String cacheDir = new File(setCacheDir != null ? setCacheDir : System.getProperty("java.io.tmpdir")).getPath(); // Do this with file to standardize it.
     private static final CacheLRUWrapper lruHandler = CacheLRUWrapper.getInstance();
     private static final HashMap<String, FileLock> propertiesLockPool = new HashMap<String, FileLock>();
 …
      */
     public static boolean urlEquals(URL u1, URL u2) {
         if (u1 == u2)
+        if (u1 == u2) {
             return true;
+        if (u1 == null || u2 == null)
+            return false;
+        if (!compare(u1.getProtocol(), u2.getProtocol(), true) ||
+                !compare(u1.getHost(), u2.getHost(), true) ||
+                //u1.getDefaultPort() != u2.getDefaultPort() || // only in 1.4
+                !compare(u1.getPath(), u2.getPath(), false) ||
+                !compare(u1.getQuery(), u2.getQuery(), false) ||
+                !compare(u1.getRef(), u2.getRef(), false))
+            return false;
+        else
+        }
+        if (u1 == null || u2 == null) {
+            return false;
+        }
+        if (notNullUrlEquals(u1, u2)) {
             return true;
+    }
+        }
+        try {
+            URL nu1 = ResourceTracker.normalizeUrl(u1, false);
+            URL nu2 = ResourceTracker.normalizeUrl(u2, false);
+            if (notNullUrlEquals(nu1, nu2)) {
+                return true;
+            }
+        } catch (Exception ex) {
+            //keep silent here and return false
+        }
+        return false;
+    }
+    private static boolean notNullUrlEquals(URL u1, URL u2) {
+        if (!compare(u1.getProtocol(), u2.getProtocol(), true)
+                || !compare(u1.getHost(), u2.getHost(), true)
+                || //u1.getDefaultPort() != u2.getDefaultPort() || // only in 1.4
+                !compare(u1.getPath(), u2.getPath(), false)
+                || !compare(u1.getQuery(), u2.getQuery(), false)
+                || !compare(u1.getRef(), u2.getRef(), false)) {
+            return false;
+        } else {
+            return true;
+        }
+    }
     /**
      * Caches a resource and returns a URL for it in the cache;
 …
      * and we check for those by calling {@link #okToClearCache()}
      */
     public static void clearCache() {
+    public static boolean clearCache() {
         if (!okToClearCache()) {
             System.err.println(R("CCannotClearCache"));
             return;
+            return false;
+        }
         File cacheDir = new File(CacheUtil.cacheDir);
         if (!(cacheDir.isDirectory())) {
             return;
+            return false;
+        }
 …
             throw new RuntimeException(e);
+        }
+        return true;
+    }
 …
             if (cacheFile == null) { // We did not find a copy of it.
                 cacheFile = makeNewCacheFile(source, version);
+            }
             lruHandler.store();
+            } else
+                lruHandler.store();
             lruHandler.unlock();
+        }
 …
                 final String path = e.getValue();
+                if (path != null) {
+                    if (pathToURLPath(path).equals(urlPath.getPath())) { // Match found.
+                        cacheFile = new File(path);
+                        lruHandler.updateEntry(key);
+                        break; // Stop searching since we got newest one already.
+                    }
+                if (pathToURLPath(path).equals(urlPath.getPath())) { // Match found.
+                    cacheFile = new File(path);
+                    lruHandler.updateEntry(key);
+                    break; // Stop searching since we got newest one already.
+                }
+            }
 …
             // only resources not starting out downloaded are displayed
             List<URL> urlList = new ArrayList<URL>();
             for (int i = 0; i < resources.length; i++) {
                 if (!tracker.checkResource(resources[i]))
                     urlList.add(resources[i]);
+            for (URL url : resources) {
+                if (!tracker.checkResource(url))
+                    urlList.add(url);
+            }
             URL undownloaded[] = urlList.toArray(new URL[urlList.size()]);
 …
                 long total = 0;
                 for (int i = 0; i < undownloaded.length; i++) {
+                for (URL url : undownloaded) {
                     // add in any -1's; they're insignificant
                     total += tracker.getTotalSize(undownloaded[i]);
                     read += tracker.getAmountRead(undownloaded[i]);
+                    total += tracker.getTotalSize(url);
+                    read += tracker.getAmountRead(url);
+                }
                 int percent = (int) ((100 * read) / Math.max(1, total));
                 for (int i = 0; i < undownloaded.length; i++)
                     listener.progress(undownloaded[i], "version",
                                       tracker.getAmountRead(undownloaded[i]),
                                       tracker.getTotalSize(undownloaded[i]),
+                for (URL url : undownloaded) {
+                    listener.progress(url, "version",
+                                      tracker.getAmountRead(url),
+                                      tracker.getTotalSize(url),
                                       percent);
+                }
             } while (!tracker.waitForResources(resources, indicator.getUpdateRate()));
             // make sure they read 100% until indicator closes
             for (int i = 0; i < undownloaded.length; i++)
                 listener.progress(undownloaded[i], "version",
                                   tracker.getTotalSize(undownloaded[i]),
                                   tracker.getTotalSize(undownloaded[i]),
+            for (URL url : undownloaded) {
+                listener.progress(url, "version",
+                                  tracker.getTotalSize(url),
+                                  tracker.getTotalSize(url),
 );
+            }
         } catch (InterruptedException ex) {
             if (JNLPRuntime.isDebug())
 …
      */
     public static void cleanCache() {
         if (okToClearCache()) {
             // First we want to figure out which stuff we need to delete.
 …
                 // Check if the item is contained in cacheOrder.
                 final String key = e.getKey();
+                final String value = e.getValue();
+                if (value != null) {
+                    File file = new File(value);
+                    PropertiesFile pf = new PropertiesFile(new File(value + ".info"));
+                    boolean delete = Boolean.parseBoolean(pf.getProperty("delete"));
+                    /*
+                     * This will get me the root directory specific to this cache item.
+                     * Example:
+                     *  cacheDir = /home/user1/.icedtea/cache
+                     *  file.getPath() = /home/user1/.icedtea/cache/0/http/www.example.com/subdir/a.jar
+                     *  rStr first becomes: /0/http/www.example.com/subdir/a.jar
+                     *  then rstr becomes: /home/user1/.icedtea/cache/0
+                     */
+                    String rStr = file.getPath().substring(cacheDir.length());
+                    rStr = cacheDir + rStr.substring(0, rStr.indexOf(File.separatorChar, 1));
+                    long len = file.length();
+                    if (keep.contains(file.getPath().substring(rStr.length()))) {
+                        lruHandler.removeEntry(key);
+                        continue;
+                    }
+                    /*
+                     * we remove entries from our lru if any of the following condition is met.
+                     * Conditions:
+                     *  - delete: file has been marked for deletion.
+                     *  - !file.isFile(): if someone tampered with the directory, file doesn't exist.
+                     *  - maxSize >= 0 && curSize + len > maxSize: If a limit was set and the new size
+                     *  on disk would exceed the maximum size.
+                     */
+                    if (delete || !file.isFile() || (maxSize >= 0 && curSize + len > maxSize)) {
+                        lruHandler.removeEntry(key);
+                        remove.add(rStr);
+                    } else {
+                        curSize += len;
+                        keep.add(file.getPath().substring(rStr.length()));
+                        for (File f : file.getParentFile().listFiles()) {
+                            if (!(f.equals(file) || f.equals(pf.getStoreFile()))){
+                                try {
+                                    FileUtils.recursiveDelete(f, f);
+                                } catch (IOException e1) {
+                                    e1.printStackTrace();
+                                }
+                            }
+                final String path = e.getValue();
+                File file = new File(path);
+                PropertiesFile pf = new PropertiesFile(new File(path + ".info"));
+                boolean delete = Boolean.parseBoolean(pf.getProperty("delete"));
+                /*
+                 * This will get me the root directory specific to this cache item.
+                 * Example:
+                 *  cacheDir = /home/user1/.icedtea/cache
+                 *  file.getPath() = /home/user1/.icedtea/cache/0/http/www.example.com/subdir/a.jar
+                 *  rStr first becomes: /0/http/www.example.com/subdir/a.jar
+                 *  then rstr becomes: /home/user1/.icedtea/cache/0
+                 */
+                String rStr = file.getPath().substring(cacheDir.length());
+                rStr = cacheDir + rStr.substring(0, rStr.indexOf(File.separatorChar, 1));
+                long len = file.length();
+                if (keep.contains(file.getPath().substring(rStr.length()))) {
+                    lruHandler.removeEntry(key);
+                    continue;
+                }
+                /*
+                 * we remove entries from our lru if any of the following condition is met.
+                 * Conditions:
+                 *  - delete: file has been marked for deletion.
+                 *  - !file.isFile(): if someone tampered with the directory, file doesn't exist.
+                 *  - maxSize >= 0 && curSize + len > maxSize: If a limit was set and the new size
+                 *  on disk would exceed the maximum size.
+                 */
+                if (delete || !file.isFile() || (maxSize >= 0 && curSize + len > maxSize)) {
+                    lruHandler.removeEntry(key);
+                    remove.add(rStr);
+                    continue;
+                }
+                curSize += len;
+                keep.add(file.getPath().substring(rStr.length()));
+                for (File f : file.getParentFile().listFiles()) {
+                    if (!(f.equals(file) || f.equals(pf.getStoreFile()))) {
+                        try {
+                            FileUtils.recursiveDelete(f, f);
+                        } catch (IOException e1) {
+                            e1.printStackTrace();
+                        }
+                    }
+                } else {
+                    lruHandler.removeEntry(key);
+                }
+            }

trunk/icedtea-web/netx/net/sourceforge/jnlp/cache/DefaultDownloadIndicator.java

-              r348
+              r418
 import net.sourceforge.jnlp.runtime.*;
+import net.sourceforge.jnlp.util.ImageResources;
 /**
 …
     /** the display window */
     private static JFrame frame;
+    private static final Object frameMutex = new Object();
     /** shared constraint */
 …
         DownloadPanel result = new DownloadPanel(downloadName);
+        if (frame == null) {
+            frame = new JFrame(downloading + "...");
+            frame.getContentPane().setLayout(new GridBagLayout());
+        }
+        if (resources != null)
+            for (int i = 0; i < resources.length; i++)
+                result.addProgressPanel(resources[i], null);
+        frame.getContentPane().add(result, vertical);
+        frame.pack();
+        if (!frame.isVisible()) {
+            Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize();
+            Insets insets = Toolkit.getDefaultToolkit().getScreenInsets(frame.getGraphicsConfiguration());
+            Dimension screen = new Dimension(screenSize.width - insets.left,
+                    screenSize.height - insets.top);
+            frame.setLocation(screen.width - frame.getWidth(),
+                              screen.height - frame.getHeight());
+        }
+        frame.setVisible(true);
+        return result;
+        synchronized (frameMutex) {
+            if (frame == null) {
+                frame = new JFrame(downloading + "...");
+                frame.setIconImages(ImageResources.INSTANCE.getApplicationImages());
+                frame.getContentPane().setLayout(new GridBagLayout());
+            }
+            if (resources != null) {
+                for (URL url : resources) {
+                    result.addProgressPanel(url, null);
+                }
+            }
+            frame.getContentPane().add(result, vertical);
+            frame.pack();
+            if (!frame.isVisible()) {
+                Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize();
+                Insets insets = Toolkit.getDefaultToolkit().getScreenInsets(frame.getGraphicsConfiguration());
+                Dimension screen = new Dimension(screenSize.width - insets.left,
+                        screenSize.height - insets.top);
+                frame.setLocation(screen.width - frame.getWidth(),
+                        screen.height - frame.getHeight());
+            }
+            frame.setVisible(true);
+            return result;
+        }
+    }
 …
         ActionListener hider = new ActionListener() {
             public void actionPerformed(ActionEvent evt) {
+                if (frame.getContentPane().getComponentCount() == 1)
+                    frame.setVisible(false);
+                frame.getContentPane().remove((DownloadPanel) listener);
+                frame.pack();
+                synchronized(frameMutex) {
+                    frame.getContentPane().remove((DownloadPanel) listener);
+                    frame.pack();
+                    if (frame.getContentPane().getComponentCount() == 0) {
+                        frame.setVisible(false);
+                        frame.dispose();
+                        frame = null;
+                    }
+                }
+            }
         };
 …
                 add(panel, verticalIndent);
+                frame.pack();
+                synchronized (frameMutex) {
+                    frame.pack();
+                }
                 urls.add(url);

trunk/icedtea-web/netx/net/sourceforge/jnlp/cache/Resource.java

r348	r418
273	273	}
274	274
275		for (int i = 0; i < send.size(); i++) {
276		ResourceTracker rt = send.get(i);
	275	for (ResourceTracker rt : send) {
277	276	rt.fireDownloadEvent(this);
278	277	}

trunk/icedtea-web/netx/net/sourceforge/jnlp/cache/ResourceTracker.java

-              r348
+              r418
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLConnection;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 …
     private static final int STARTED = Resource.STARTED;
+    // normalization of url
+    private static final char PATH_DELIMITER_MARK = '/';
+    private static final String PATH_DELIMITER = "" + PATH_DELIMITER_MARK;
+    private static final char QUERY_DELIMITER_MARK = '&';
+    private static final String QUERY_DELIMITER = "" + QUERY_DELIMITER_MARK;
+    private static final char QUERY_MARK = '?';
+    private static final char HREF_MARK = '#';
+    private static final String UTF8 = "utf-8";
     /** max threads */
     private static final int maxThreads = 5;
 …
     public void addResource(URL location, Version version, DownloadOptions options, UpdatePolicy updatePolicy) {
         if (location == null)
+            throw new IllegalArgumentException("location==null");
+            throw new IllegalResourceDescriptorException("location==null");
+        try {
+            location = normalizeUrl(location, JNLPRuntime.isDebug());
+        } catch (Exception ex) {
+            System.err.println("Normalization of " + location.toString() + " have failed");
+            ex.printStackTrace();
+        }
         Resource resource = Resource.getResource(location, version, updatePolicy);
         boolean downloaded = false;
 …
      * collected.
+     *
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     public void removeResource(URL location) {
 …
         DownloadEvent event = new DownloadEvent(this, resource);
         for (int i = 0; i < l.length; i++) {
+        for (DownloadListener dl : l) {
             if (0 != ((ERROR | DOWNLOADED) & status))
                 l[i].downloadCompleted(event);
+                dl.downloadCompleted(event);
             else if (0 != (DOWNLOADING & status))
                 l[i].downloadStarted(event);
+                dl.downloadStarted(event);
             else if (0 != (CONNECTING & status))
                 l[i].updateStarted(event);
+                dl.updateStarted(event);
+        }
+    }
 …
      * @param location the resource location
      * @return the resource, or null if it could not be downloaded
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      * @see CacheUtil#isCacheable
      */
 …
      * @param location the resource location
      * @return a local file containing the resource, or null
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      * @see CacheUtil#isCacheable
      */
 …
+     *
      * @throws IOException if there was an error opening the stream
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     public InputStream getInputStream(URL location) throws IOException {
 …
      * @param timeout the time in ms to wait before returning, 0 for no timeout
      * @return whether the resources downloaded before the timeout
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     public boolean waitForResources(URL urls[], long timeout) throws InterruptedException {
 …
         synchronized (resources) {
             // keep the lock so getResource doesn't have to aquire it each time
             for (int i = 0; i < urls.length; i++)
+            for (int i = 0; i < urls.length; i++) {
                 resources[i] = getResource(urls[i]);
+            }
+        }
 …
      * @return whether the resource downloaded before the timeout
      * @throws InterruptedException if another thread interrupted the wait
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     public boolean waitForResource(URL location, long timeout) throws InterruptedException {
 …
      * @param location the resource location
      * @return the number of bytes transferred
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     public long getAmountRead(URL location) {
 …
      * accessed with the getCacheFile method).
+     *
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     public boolean checkResource(URL location) {
 …
+     *
      * @return true if the resource is already downloaded (or an error occurred)
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     public boolean startResource(URL location) {
 …
+     *
      * @return true if the resource is already downloaded (or an error occurred)
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     private boolean startResource(Resource resource) {
 …
      * @param location the resource location
      * @return the number of bytes, or -1
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     public long getTotalSize(URL location) {
 …
         synchronized (lock) {
             if (!resource.isSet(CONNECT | DOWNLOAD))
                 throw new IllegalArgumentException("Invalid resource state (resource: " + resource + ")");
+                throw new IllegalResourceDescriptorException("Invalid resource state (resource: " + resource + ")");
             queue.add(resource);
 …
+        }
         URL bestUrl = null;
+        for (int i = 0; i < urls.size(); i++) {
+            URL url = urls.get(i);
+        for (URL url : urls) {
             try {
                 URLConnection connection = url.openConnection();
 …
         int score = Integer.MAX_VALUE;
+        for (int i = 0; i < source.size(); i++) {
+            Resource resource = source.get(i);
+        for (Resource resource : source) {
             boolean selectable = false;
 …
                 int activeCount = 0;
                 for (int j = 0; j < active.size(); j++)
                     if (active.get(j) == resource.getTracker())
+                for (ResourceTracker rt : active) {
+                    if (rt == resource.getTracker())
                         activeCount++;
+                }
                 // try to spread out the downloads so that a slow host
 …
      * Return the resource matching the specified URL.
+     *
      * @throws IllegalArgumentException if the resource is not being tracked
+     * @throws IllegalResourceDescriptorException if the resource is not being tracked
      */
     private Resource getResource(URL location) {
         synchronized (resources) {
+            for (int i = 0; i < resources.size(); i++) {
+                Resource resource = resources.get(i);
+            for (Resource resource : resources) {
                 if (CacheUtil.urlEquals(resource.location, location))
                     return resource;
 …
+        }
         throw new IllegalArgumentException("Location does not specify a resource being tracked.");
+        throw new IllegalResourceDescriptorException("Location does not specify a resource being tracked.");
+    }
 …
         // start them downloading / connecting in background
+        for (int i = 0; i < resources.length; i++)
+            startResource(resources[i]);
+        for (Resource resource : resources) {
+            startResource(resource);
+        }
         // wait for completion
 …
             synchronized (lock) {
                 // check for completion
                 for (int i = 0; i < resources.length; i++) {
+                for (Resource resource : resources) {
                     //NetX Deadlocking may be solved by removing this
                     //synch block.
                     synchronized (resources[i]) {
                         if (!resources[i].isSet(DOWNLOADED | ERROR)) {
+                    synchronized (resource) {
+                        if (!resource.isSet(DOWNLOADED | ERROR)) {
                             finished = false;
                             break;
 …
     };
+    private static String normalizeChunk(String base, boolean debug) throws UnsupportedEncodingException {
+        if (base == null) {
+            return base;
+        }
+        if ("".equals(base)) {
+            return base;
+        }
+        String result = base;
+        String ssE = URLDecoder.decode(base, UTF8);
+        //            System.out.println("*" + base + "*");
+        //            System.out.println("-" + ssE + "-");
+        if (base.equals(ssE)) {
+            result = URLEncoder.encode(base, UTF8);
+            if (debug) {
+                System.out.println(base + " chunk needs to be encoded => " + result);
+            }
+        } else {
+            if (debug) {
+                System.out.println(base + " chunk already encoded");
+            }
+        }
+        return result;
+    }
+    public static URL normalizeUrl(URL u, boolean debug) throws MalformedURLException, UnsupportedEncodingException {
+        if (u == null) {
+            return null;
+        }
+        String protocol = u.getProtocol();
+        if (protocol == null || "file".equals(protocol)) {
+            return u;
+        }
+        String file = u.getPath();
+        if (file == null) {
+            return u;
+        }
+        String host = u.getHost();
+        String ref = u.getRef();
+        int port = u.getPort();
+        String query = u.getQuery();
+        String[] qq = {};
+        if (query != null) {
+            qq = query.split(QUERY_DELIMITER);
+        }
+        String[] ss = file.split(PATH_DELIMITER);
+        int normalized = 0;
+        if (debug) {
+            System.out.println("normalizing path " + file + " in " + u.toString());
+        }
+        for (int i = 0; i < ss.length; i++) {
+            String base = ss[i];
+            String r = normalizeChunk(base, debug);
+            if (!r.equals(ss[i])) {
+                normalized++;
+            }
+            ss[i] = r;
+        }
+        if (debug) {
+            System.out.println("normalizing query " + query + " in " + u.toString());
+        }
+        for (int i = 0; i < qq.length; i++) {
+            String base = qq[i];
+            String r = normalizeChunk(base, debug);
+            if (!r.equals(qq[i])) {
+                normalized++;
+            }
+            qq[i] = r;
+        }
+        if (normalized == 0) {
+            if (debug) {
+                System.out.println("Nothing was normalized in this url");
+            }
+            return u;
+        } else {
+            if (debug) {
+                System.out.println(normalized + " chunks normalized, rejoining url");
+            }
+        }
+        StringBuilder composed = new StringBuilder("");
+        for (int i = 0; i < ss.length; i++) {
+            String string = ss[i];
+            if (ss.length <= 1 || (string != null && !"".equals(string))) {
+                composed.append(PATH_DELIMITER_MARK).append(string);
+            }
+        }
+        String composed1 = composed.toString();
+        if (query != null && !query.trim().equals("")) {
+            composed.append(QUERY_MARK);
+            for (int i = 0; i < qq.length; i++) {
+                String string = qq[i];
+                if ((string != null && !"".equals(string))) {
+                    composed.append(string);
+                    if (i != qq.length - 1) {
+                        composed.append(QUERY_DELIMITER_MARK);
+                    }
+                }
+            }
+        }
+        String composed2 = composed.substring(composed1.length() - 1);
+        if (ref != null && !ref.trim().equals("")) {
+            composed.append(HREF_MARK).append(ref);
+        }
+        URL result = new URL(protocol, host, port, composed.toString());
+        if (debug) {
+            System.out.println("normalized `" + composed1 + "` and `" + composed2 + "` in " + result.toString());
+        }
+        return result;
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/controlpanel/AdvancedProxySettingsDialog.java

-              r348
+              r418
 import net.sourceforge.jnlp.config.DeploymentConfiguration;
 import net.sourceforge.jnlp.runtime.Translator;
+import net.sourceforge.jnlp.util.ImageResources;
 /**
 …
     public AdvancedProxySettingsDialog(DeploymentConfiguration config) {
         super((Frame) null, dialogTitle, true); // Don't need a parent.
+        setIconImages(ImageResources.INSTANCE.getApplicationImages());
         this.config = config;

trunk/icedtea-web/netx/net/sourceforge/jnlp/controlpanel/CacheViewer.java

-              r348
+              r418
 import net.sourceforge.jnlp.config.DeploymentConfiguration;
 import net.sourceforge.jnlp.runtime.Translator;
+import net.sourceforge.jnlp.util.ImageResources;
 /**
 …
     public CacheViewer(DeploymentConfiguration config) {
         super((Frame) null, dialogTitle, true); // Don't need a parent.
+        setIconImages(ImageResources.INSTANCE.getApplicationImages());
         this.config = config;

trunk/icedtea-web/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java

-              r348
+              r418
 import net.sourceforge.jnlp.security.KeyStores;
 import net.sourceforge.jnlp.security.viewer.CertificatePane;
+import net.sourceforge.jnlp.util.ImageResources;
 /**
 …
         super();
         setTitle(Translator.R("CPHead"));
+        setIconImages(ImageResources.INSTANCE.getApplicationImages());
         this.config = config;

trunk/icedtea-web/netx/net/sourceforge/jnlp/controlpanel/TemporaryInternetFilesPanel.java

-              r348
+              r418
 import java.awt.event.ItemEvent;
 import java.awt.event.ItemListener;
+import java.io.File;
 import javax.swing.JButton;
 …
 import javax.swing.JFileChooser;
 import javax.swing.JLabel;
+import javax.swing.JOptionPane;
 import javax.swing.JPanel;
 import javax.swing.JSlider;
 …
                 JFileChooser fileChooser = new JFileChooser();
                 fileChooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY);
+                fileChooser.setFileHidingEnabled(false);
                 if (fileChooser.showOpenDialog(null) == JFileChooser.APPROVE_OPTION) {
+                    // Check if we have permission to write to that location.
                     String result = fileChooser.getSelectedFile().getAbsolutePath();
+                    location.setText(result);
+                    config.setProperty(properties[1], result);
+                    File dirLocation = new File(result);
+                    boolean canWrite = dirLocation.canWrite();
+                    while (!canWrite && dirLocation != null){ // File does not exist, or no permission.
+                        if (dirLocation.exists()) {
+                            JOptionPane.showMessageDialog(null, "No permission to write to this location.");
+                            return;
+                        }
+                        dirLocation = dirLocation.getParentFile();
+                        canWrite = dirLocation.canWrite();
+                    }
+                    if (canWrite) {
+                        location.setText(result);
+                        config.setProperty(properties[1], result);
+                    }
+                }
+            }

trunk/icedtea-web/netx/net/sourceforge/jnlp/resources/Messages.properties

-              r372
+              r418
 LSignedAppJarUsingUnsignedJar=Signed application using unsigned jars.
 LSignedAppJarUsingUnsignedJarInfo=The main application jar is signed, but some of the jars it is using aren't.
+LSignedJNLPFileDidNotMatch=The signed JNLP file did not match the launching JNLP file.
+LNoSecInstance=Error: No security instance for {0}. The application may have trouble continuing
+LCertFoundIn={0} found in cacerts ({1})
 JNotApplet=File is not an applet.
 JNotApplication=File is not an application.
 …
 PTwoMains=Duplicate main JAR defined in a resources element (there can be only one)
 PNativeHasMain=Cannot specify main attribute on native JARs.
+PNoInfoElement=No information section defined
+PNoInfoElement=No information section defined.
+PMissingTitle=title
+PMissingVendor=vendor
+PMissingElement=The {0} section has not been defined for your locale nor does a default value exist in the JNLP file.
 PTwoDescriptions=Duplicate description of kind {0}
 PSharing=Element "sharing-allowed" is illegal in a standard JNLP file
 …
 PUrlNotInCodebase=Relative URL does not specify a subdirectory of the codebase. (node={0}, href={1}, base={2})
 PBadRelativeUrl=Invalid relative URL (node={0}, href={1}, base={2})
 PBadNonrelativeUrl=Invalid non-relative URL (node={0}, href={0}).
+PBadNonrelativeUrl=Invalid non-relative URL (node={0}, href={1})
 PNeedsAttribute=The {0} element must specify a {1} attribute.
 PBadXML=Invalid XML document syntax.
 …
 CChooseCacheDir=Cache directory
 CCannotClearCache=Can not clear cache at this time
+CFakeCache=Cache is corrupt. Fixing.
+CFakedCache=Cache is corrupt and has been fixed. It is strongly recommended that you run 'javaws -Xclearcache' and rerun your application as soon as possible.
 # Security
 …
 SSignatureError=The application's digital signature has an error. Do you want to run the application?
 SUntrustedSource=The digital signature could not be verified by a trusted source. Only run if you trust the origin of the application.
+SWarnFullPermissionsIgnorePolicy=The code executed will be given full permissions, ignoring any java policies you may have.
 STrustedSource=The digital signature has been validated by a trusted source.
 SClipboardReadAccess=The application has requested read-only access to the system clipboard. Do you want to allow this action?
 …
 SNetworkAccess=The application has requested permission to establish connections to {0}. Do you want to allow this action?
 SNoAssociatedCertificate=<no associated certificate>
+SUnverified=(unverified)
 SAlwaysTrustPublisher=Always trust content from this publisher
 SHttpsUnverified=The website's certificate cannot be verified.
+SHttpsUnverified=The website's HTTPS certificate cannot be verified.
 SNotAllSignedSummary=Only parts of this application code are signed.
 SNotAllSignedDetail=This application contains both signed and unsigned code. While signed code is safe if you trust the provider, unsigned code may imply code outside of the trusted provider's control.
 SNotAllSignedQuestion=Do you wish to proceed and run this application anyway?
 SAuthenticationPrompt=The {0} server at {1} is requesting authentication. It says "{2}"
+SJNLPFileIsNotSigned=This application contains a digital signature in which the launching JNLP file is not signed.
 # Security - used for the More Information dialog
 …
 CVDetails=Details
 CVExport=Export
+CVExportPasswordMessage=Enter password to protect key file:
 CVImport=Import
+CVImportPasswordMessage=Enter password to access file:
 CVIssuedBy=Issued By
 CVIssuedTo=Issued To
+CVPasswordTitle=Authentication Required
 CVRemove=Remove
 CVRemoveConfirmMessage=Are you sure you want to remove the selected certificate?

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java

-              r348
+              r418
         List<AppletAudioClip> clips = weakClips.hardList();
         for (int i = 0; i < clips.size(); i++) {
             clips.get(i).dispose();
+        for (AppletAudioClip clip : clips) {
+            clip.dispose();
+        }
+    }
 …
     /**
+     * Set the applet of this environment; can only be called once.
+     */
+    public void setApplet(Applet applet) {
+        if (this.applet != null) {
+            if (JNLPRuntime.isDebug()) {
+                Exception ex = new IllegalStateException("Applet can only be set once.");
+                ex.printStackTrace();
+            }
+            return;
+        }
+        this.applet = applet;
+    }
+    /**
      * Returns an enumeration that contains only the applet
      * from the JNLP file.

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/AppletInstance.java

-              r348
+              r418
         this.environment = new AppletEnvironment(file, this);
+    }
+    /**
+     * Set the applet of this launched application; can only be called once.
+     */
+    public void setApplet(Applet applet) {
+        if (this.applet != null) {
+            if (JNLPRuntime.isDebug()) {
+                Exception ex = new IllegalStateException("Applet can only be set once.");
+                ex.printStackTrace();
+            }
+            return;
+        }
+        this.applet = applet;
+    }

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java

-              r348
+              r418
         PrivilegedAction<Object> installProps = new PrivilegedAction<Object>() {
             public Object run() {
                 for (int i = 0; i < props.length; i++) {
                     System.setProperty(props[i].getKey(), props[i].getValue());
+                for (PropertyDesc propDesc : props) {
+                    System.setProperty(propDesc.getKey(), propDesc.getValue());
+                }
 …
         try {
             // destroy resources
+            for (int i = 0; i < weakWindows.size(); i++) {
+                Window w = weakWindows.get(i);
+            for (Window w : weakWindows) {
                 if (w != null)
                     w.dispose();

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/Boot.java

-              r348
+              r418
             JNLPRuntime.setForksAllowed(false);
+        }
+        if (null != getOption("-Xtrustall")) {
+            JNLPRuntime.setTrustAll(true);
+        }
         JNLPRuntime.setInitialArgments(Arrays.asList(argsIn));

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java

-              r348
+              r418
         if (UrlUtils.isLocalFile(localUrl)) {
             // if it is known to us, just return the cached file
+            return new JarFile(localUrl.getPath());
+            JarFile returnFile = new JarFile(localUrl.getPath());
+            try {
+                // Blank out the class-path because:
+                // 1) Web Start does not support it
+                // 2) For the plug-in, we want to cache files from class-path so we do it manually
+                returnFile.getManifest().getMainAttributes().putValue("Class-Path", "");
+                if (JNLPRuntime.isDebug()) {
+                    System.err.println("Class-Path attribute cleared for " + returnFile.getName());
+                }
+            } catch (NullPointerException npe) {
+                // Discard NPE here. Maybe there was no manifest, maybe there were no attributes, etc.
+            }
+            return returnFile;
         } else {
             // throw new IllegalStateException("a non-local file in cache");

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java

-              r348
+              r418
 import static net.sourceforge.jnlp.runtime.Translator.R;
+import java.io.Closeable;
 import java.io.File;
 import java.io.FileOutputStream;
+import java.io.FileReader;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.net.MalformedURLException;
+import java.net.SocketPermission;
 import java.net.URL;
 import java.net.URLClassLoader;
 import java.security.AccessControlContext;
+import java.security.AccessControlException;
 import java.security.AccessController;
 import java.security.AllPermission;
 …
 import java.security.Permissions;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 …
 import java.util.TreeSet;
 import java.util.Vector;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
 import java.util.jar.Manifest;
+import net.sourceforge.jnlp.AppletDesc;
+import net.sourceforge.jnlp.ApplicationDesc;
 import net.sourceforge.jnlp.DownloadOptions;
 import net.sourceforge.jnlp.ExtensionDesc;
 import net.sourceforge.jnlp.JARDesc;
 import net.sourceforge.jnlp.JNLPFile;
+import net.sourceforge.jnlp.JNLPMatcher;
+import net.sourceforge.jnlp.JNLPMatcherException;
+import net.sourceforge.jnlp.LaunchDesc;
 import net.sourceforge.jnlp.LaunchException;
 import net.sourceforge.jnlp.ParseException;
 …
 import net.sourceforge.jnlp.Version;
 import net.sourceforge.jnlp.cache.CacheUtil;
+import net.sourceforge.jnlp.cache.IllegalResourceDescriptorException;
 import net.sourceforge.jnlp.cache.ResourceTracker;
 import net.sourceforge.jnlp.cache.UpdatePolicy;
 import net.sourceforge.jnlp.security.SecurityDialogs;
 import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
 import net.sourceforge.jnlp.tools.JarSigner;
+import net.sourceforge.jnlp.tools.JarCertVerifier;
 import net.sourceforge.jnlp.util.FileUtils;
 import sun.misc.JarIndex;
 …
     // resources in an extension.
+    /** Signed JNLP File and Template */
+    final public static String TEMPLATE = "JNLP-INF/APPLICATION_TEMPLATE.JNLP";
+    final public static String APPLICATION = "JNLP-INF/APPLICATION.JNLP";
+    /** True if the application has a signed JNLP File */
+    private boolean isSignedJNLP = false;
     /** map from JNLPFile url to shared classloader */
     private static Map<String, JNLPClassLoader> urlToLoader =
 …
     private ArrayList<String> unverifiedJars = null;
     /** the jarsigner tool to verify our jars */
     private JarSigner js = null;
+    /** the jar cert verifier tool to verify our jars */
+    private JarCertVerifier jcv = null;
     private boolean signing = false;
 …
     private HashMap<URL, SecurityDesc> jarLocationSecurityMap =
             new HashMap<URL, SecurityDesc>();
+    /*Set to prevent once tried-to-get resources to be tried again*/
+    private Set<URL> alreadyTried = Collections.synchronizedSet(new HashSet<URL>());
     /** Loader for codebase (which is a path, rather than a file) */
     private CodeBaseClassLoader codeBaseLoader;
+    /** True if the jar with the main class has been found
+     * */
+    private boolean foundMainJar= false;
+    /** Name of the application's main class */
+    private String mainClass = null;
+    /**
+     * Variable to track how many times this loader is in use
+     */
+    private int useCount = 0;
     /**
 …
      */
     protected JNLPClassLoader(JNLPFile file, UpdatePolicy policy) throws LaunchException {
+        this(file,policy,null);
+    }
+    /**
+     * Create a new JNLPClassLoader from the specified file.
+     *
+     * @param file the JNLP file
+     * @param name of the application's main class
+     */
+    protected JNLPClassLoader(JNLPFile file, UpdatePolicy policy, String mainName) throws LaunchException {
         super(new URL[0], JNLPClassLoader.class.getClassLoader());
 …
         this.updatePolicy = policy;
         this.resources = file.getResources();
+        this.mainClass = mainName;
         // initialize extensions
 …
      */
     public static JNLPClassLoader getInstance(JNLPFile file, UpdatePolicy policy) throws LaunchException {
+        return getInstance(file, policy, null);
+    }
+    /**
+     * Returns a JNLP classloader for the specified JNLP file.
+     *
+     * @param file the file to load classes for
+     * @param policy the update policy to use when downloading resources
+     * @param mainName Overrides the main class name of the application
+     */
+    public static JNLPClassLoader getInstance(JNLPFile file, UpdatePolicy policy, String mainName) throws LaunchException {
         JNLPClassLoader baseLoader = null;
         JNLPClassLoader loader = null;
 …
                      !baseLoader.getJNLPFile().getFileLocation().equals(file.getFileLocation()))) {
                 loader = new JNLPClassLoader(file, policy);
+                loader = new JNLPClassLoader(file, policy, mainName);
                 // New loader init may have caused extentions to create a
 …
                     loader.merge(extLoader);
+                    extLoader.decrementLoaderUseCount(); // loader urls have been merged, ext loader is no longer used
+                }
 …
                 // the baseLoader
                 if (baseLoader != null && baseLoader != loader) {
                     loader.merge(baseLoader);
+                   loader.merge(baseLoader);
+                }
 …
                 if (!file.isApplication()) {
                     // If this is an applet, we do need to consider its loader
                     loader = new JNLPClassLoader(file, policy);
+                   loader = new JNLPClassLoader(file, policy, mainName);
                     if (baseLoader != null)
 …
         // loaders are mapped to a unique key. Only extensions and parent
         // share a key, so it is safe to always share based on it
+        urlToLoader.put(uniqueKey, loader);
+        loader.incrementLoaderUseCount();
+        synchronized(urlToLoader) {
+            urlToLoader.put(uniqueKey, loader);
+        }
         return loader;
 …
      * @param version the file's version
      * @param policy the update policy to use when downloading resources
+     */
+    public static JNLPClassLoader getInstance(URL location, String uniqueKey, Version version, UpdatePolicy policy)
+     * @param mainName Overrides the main class name of the application
+     */
+    public static JNLPClassLoader getInstance(URL location, String uniqueKey, Version version, UpdatePolicy policy, String mainName)
             throws IOException, ParseException, LaunchException {
         JNLPClassLoader loader = urlToLoader.get(uniqueKey);
+        if (loader == null || !location.equals(loader.getJNLPFile().getFileLocation()))
+            loader = getInstance(new JNLPFile(location, uniqueKey, version, false, policy), policy);
+        if (loader == null || !location.equals(loader.getJNLPFile().getFileLocation())) {
+            JNLPFile jnlpFile = new JNLPFile(location, uniqueKey, version, false, policy);
+            loader = getInstance(jnlpFile, policy, mainName);
+        }
         return loader;
 …
         loaderList.add(this);
+        if (mainClass == null) {
+            Object obj = file.getLaunchInfo();
+            if (obj instanceof ApplicationDesc) {
+                ApplicationDesc ad = (ApplicationDesc) file.getLaunchInfo();
+                mainClass = ad.getMainClass();
+            } else if (obj instanceof AppletDesc) {
+                AppletDesc ad = (AppletDesc) file.getLaunchInfo();
+                mainClass = ad.getMainClass();
+            }
+        }
         //if (ext != null) {
 …
             try {
                 String uniqueKey = this.getJNLPFile().getUniqueKey();
                 JNLPClassLoader loader = getInstance(ext[i].getLocation(), uniqueKey, ext[i].getVersion(), updatePolicy);
+                JNLPClassLoader loader = getInstance(ext[i].getLocation(), uniqueKey, ext[i].getVersion(), updatePolicy, mainClass);
                 loaderList.add(loader);
             } catch (Exception ex) {
 …
     /**
+     * Check if a described jar file is invalid
+     * @param jar the jar to check
+     * @return true if file exists AND is an invalid jar, false otherwise
+     */
+    private boolean isInvalidJar(JARDesc jar){
+        File cacheFile = tracker.getCacheFile(jar.getLocation());
+        if (cacheFile == null)
+            return false;//File cannot be retrieved, do not claim it is an invalid jar
+        boolean isInvalid = false;
+        try {
+            JarFile jarFile = new JarFile(cacheFile.getAbsolutePath());
+            jarFile.close();
+        } catch (IOException ioe){
+            //Catch a ZipException or any other read failure
+            isInvalid = true;
+        }
+        return isInvalid;
+    }
+    /**
+     * Determine how invalid jars should be handled
+     * @return whether to filter invalid jars, or error later on
+     */
+    private boolean shouldFilterInvalidJars(){
+        if (file instanceof PluginBridge){
+            PluginBridge pluginBridge = (PluginBridge)file;
+            /*Ignore on applet, ie !useJNLPHref*/
+            return !pluginBridge.useJNLPHref();
+        }
+        return false;//Error is default behaviour
+    }
+    /**
      * Load all of the JARs used in this JNLP file into the
      * ResourceTracker for downloading.
      */
     void initializeResources() throws LaunchException {
+        if (file instanceof PluginBridge){
+            PluginBridge bridge = (PluginBridge)file;
+            for (String codeBaseFolder : bridge.getCodeBaseFolders()){
+                try {
+                    addToCodeBaseLoader(new URL(file.getCodeBase(), codeBaseFolder));
+                } catch (MalformedURLException mfe) {
+                    System.err.println("Problem trying to add folder to code base:");
+                    System.err.println(mfe.getMessage());
+                }
+            }
+        }
         JARDesc jars[] = resources.getJARs();
+        if (jars == null || jars.length == 0)
+        if (jars == null || jars.length == 0) {
+            boolean allSigned = true;
+            for (int i = 1; i < loaders.length; i++) {
+                if (!loaders[i].getSigning()) {
+                    allSigned = false;
+                    break;
+                }
+            }
+            if(allSigned)
+                signing = true;
+            //Check if main jar is found within extensions
+            foundMainJar = foundMainJar || hasMainInExtensions();
             return;
+        }
         /*
         if (jars == null || jars.length == 0) {
 …
                                );
+        }
+        //If there are no eager jars, initialize the first jar
+        if(initialJars.size() == 0)
+            initialJars.add(jars[0]);
         if (strict)
             fillInPartJars(initialJars); // add in each initial part's lazy jars
+        waitForJars(initialJars); //download the jars first.
+        //A ZipException will propagate later on if the jar is invalid and not checked here
+        if (shouldFilterInvalidJars()){
+            //We filter any invalid jars
+            Iterator<JARDesc> iterator = initialJars.iterator();
+            while (iterator.hasNext()){
+                JARDesc jar = iterator.next();
+                if (isInvalidJar(jar)) {
+                    //Remove this jar as an available jar
+                    iterator.remove();
+                    tracker.removeResource(jar.getLocation());
+                    available.remove(jar);
+                }
+            }
+        }
         if (JNLPRuntime.isVerifying()) {
+            JarSigner js;
+            waitForJars(initialJars); //download the jars first.
+            JarCertVerifier jcv;
             try {
                 js = verifyJars(initialJars);
+                jcv = verifyJars(initialJars);
             } catch (Exception e) {
                 //we caught an Exception from the JarSigner class.
+                //we caught an Exception from the JarCertVerifier class.
                 //Note: one of these exceptions could be from not being able
                 //to read the cacerts or trusted.certs files.
 …
             //Case when at least one jar has some signing
             if (js.anyJarsSigned() && js.isFullySignedByASingleCert()) {
+            if (jcv.anyJarsSigned() && jcv.isFullySignedByASingleCert()) {
                 signing = true;
                 if (!js.allJarsSigned() &&
+                if (!jcv.allJarsSigned() &&
                                     !SecurityDialogs.showNotAllSignedWarningDialog(file))
                     throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
+                // Check for main class in the downloaded jars, and check/verify signed JNLP fill
+                checkForMain(initialJars);
+                // If jar with main class was not found, check available resources
+                while (!foundMainJar && available != null && available.size() != 0)
+                    addNextResource();
+                // If the jar with main class was not found, check extension
+                // jnlp's resources
+                foundMainJar = foundMainJar || hasMainInExtensions();
+                // If jar with main class was not found and there are no more
+                // available jars, throw a LaunchException
+                if (file.getLaunchInfo() != null) {
+                    if (!foundMainJar
+                            && (available == null || available.size() == 0))
+                        throw new LaunchException(file, null, R("LSFatal"),
+                                R("LCClient"), R("LCantDetermineMainClass"),
+                                R("LCantDetermineMainClassInfo"));
+                }
+                // If main jar was found, but a signed JNLP file was not located
+                if (!isSignedJNLP && foundMainJar)
+                    file.setSignedJNLPAsMissing();
                 //user does not trust this publisher
                 if (!js.getAlreadyTrustPublisher()) {
                     checkTrustWithUser(js);
+                if (!jcv.getAlreadyTrustPublisher()) {
+                    checkTrustWithUser(jcv);
                 } else {
                     /**
 …
         for (JARDesc jarDesc : file.getResources().getJARs()) {
             try {
+                File cachedFile = tracker.getCacheFile(jarDesc.getLocation());
+                File cachedFile;
+                try {
+                    cachedFile = tracker.getCacheFile(jarDesc.getLocation());
+                } catch (IllegalResourceDescriptorException irde){
+                    //Caused by ignored resource being removed due to not being valid
+                    System.err.println("JAR " + jarDesc.getLocation() + " is not a valid jar file. Continuing.");
+                    continue;
+                }
                 if (cachedFile == null) {
 …
+            }
+        }
         activateJars(initialJars);
+    }
+    private void checkTrustWithUser(JarSigner js) throws LaunchException {
+        if (!js.getRootInCacerts()) { //root cert is not in cacerts
+    /***
+     * Checks for the jar that contains the main class. If the main class was
+     * found, it checks to see if the jar is signed and whether it contains a
+     * signed JNLP file
+     *
+     * @param jars Jars that are checked to see if they contain the main class
+     * @throws LaunchException Thrown if the signed JNLP file, within the main jar, fails to be verified or does not match
+     */
+    private void checkForMain(List<JARDesc> jars) throws LaunchException {
+        // Check launch info
+        if (mainClass == null) {
+            LaunchDesc launchDesc = file.getLaunchInfo();
+            if (launchDesc == null) {
+                return;
+            }
+            mainClass = launchDesc.getMainClass();
+        }
+        // The main class may be specified in the manifest
+        // Check main jar
+        if (mainClass == null) {
+            JARDesc mainJarDesc = file.getResources().getMainJAR();
+            mainClass = getMainClassName(mainJarDesc.getLocation());
+        }
+        // Check first jar
+        if (mainClass == null) {
+            JARDesc firstJarDesc = jars.get(0);
+            mainClass = getMainClassName(firstJarDesc.getLocation());
+        }
+        // Still not found? Iterate and set if only 1 was found
+        if (mainClass == null) {
+            for (JARDesc jarDesc: jars) {
+                String mainClassInThisJar = getMainClassName(jarDesc.getLocation());
+                if (mainClassInThisJar != null) {
+                    if (mainClass == null) { // first main class
+                        mainClass = mainClassInThisJar;
+                    } else { // There is more than one main class. Set to null and break.
+                        mainClass = null;
+                        break;
+                    }
+                }
+            }
+        }
+        String desiredJarEntryName = mainClass + ".class";
+        for (int i = 0; i < jars.size(); i++) {
+            try {
+                File localFile = tracker
+                        .getCacheFile(jars.get(i).getLocation());
+                if (localFile == null) {
+                    System.err.println("JAR " + jars.get(i).getLocation() + " not found. Continuing.");
+                    continue; // JAR not found. Keep going.
+                }
+                JarFile jarFile = new JarFile(localFile);
+                Enumeration<JarEntry> entries = jarFile.entries();
+                JarEntry je;
+                while (entries.hasMoreElements()) {
+                    je = entries.nextElement();
+                    String jeName = je.getName().replaceAll("/", ".");
+                    if (jeName.equals(desiredJarEntryName)) {
+                        foundMainJar = true;
+                        verifySignedJNLP(jars.get(i), jarFile);
+                        break;
+                    }
+                }
+            } catch (IOException e) {
+                /*
+                 * After this exception is caught, it is escaped. This will skip
+                 * the jarFile that may have thrown this exception and move on
+                 * to the next jarFile (if there are any)
+                 */
+            }
+        }
+    }
+    /**
+     * Gets the name of the main method if specified in the manifest
+     *
+     * @param location The JAR location
+     * @return the main class name, null if there isn't one of if there was an error
+     */
+    private String getMainClassName(URL location) {
+        String mainClass = null;
+        File f = tracker.getCacheFile(location);
+        if( f != null) {
+            try {
+                JarFile mainJar = new JarFile(f);
+                mainClass = mainJar.getManifest().
+                        getMainAttributes().getValue("Main-Class");
+            } catch (IOException ioe) {
+                mainClass = null;
+            }
+        }
+        return mainClass;
+    }
+    /**
+     * Returns true if this loader has the main jar
+     */
+    public boolean hasMainJar() {
+        return this.foundMainJar;
+    }
+    /**
+     * Returns true if extension loaders have the main jar
+     */
+    private boolean hasMainInExtensions() {
+        boolean foundMain = false;
+        for (int i = 1; i < loaders.length && !foundMain; i++) {
+            foundMain = loaders[i].hasMainJar();
+        }
+        return foundMain;
+    }
+    /**
+     * Is called by checkForMain() to check if the jar file is signed and if it
+     * contains a signed JNLP file.
+     *
+     * @param jarDesc JARDesc of jar
+     * @param jarFile the jar file
+     * @throws LaunchException thrown if the signed JNLP file, within the main jar, fails to be verified or does not match
+     */
+    private void verifySignedJNLP(JARDesc jarDesc, JarFile jarFile)
+            throws LaunchException {
+        JarCertVerifier signer = new JarCertVerifier();
+        List<JARDesc> desc = new ArrayList<JARDesc>();
+        desc.add(jarDesc);
+        // Initialize streams
+        InputStream inStream = null;
+        InputStreamReader inputReader = null;
+        FileReader fr = null;
+        InputStreamReader jnlpReader = null;
+        try {
+            signer.verifyJars(desc, tracker);
+            if (signer.allJarsSigned()) { // If the jar is signed
+                Enumeration<JarEntry> entries = jarFile.entries();
+                JarEntry je;
+                while (entries.hasMoreElements()) {
+                    je = entries.nextElement();
+                    String jeName = je.getName().toUpperCase();
+                    if (jeName.equals(TEMPLATE) || jeName.equals(APPLICATION)) {
+                        if (JNLPRuntime.isDebug())
+                            System.err.println("Creating Jar InputStream from JarEntry");
+                        inStream = jarFile.getInputStream(je);
+                        inputReader = new InputStreamReader(inStream);
+                        if (JNLPRuntime.isDebug())
+                            System.err.println("Creating File InputStream from lauching JNLP file");
+                        JNLPFile jnlp = this.getJNLPFile();
+                        URL url = jnlp.getFileLocation();
+                        File jn = null;
+                        // If the file is on the local file system, use original path, otherwise find cached file
+                        if (url.getProtocol().toLowerCase().equals("file"))
+                            jn = new File(url.getPath());
+                        else
+                            jn = CacheUtil.getCacheFile(url, null);
+                        fr = new FileReader(jn);
+                        jnlpReader = fr;
+                        // Initialize JNLPMatcher class
+                        JNLPMatcher matcher;
+                        if (jeName.equals(APPLICATION)) { // If signed application was found
+                            if (JNLPRuntime.isDebug())
+                                System.err.println("APPLICATION.JNLP has been located within signed JAR. Starting verfication...");
+                            matcher = new JNLPMatcher(inputReader, jnlpReader, false);
+                        } else { // Otherwise template was found
+                            if (JNLPRuntime.isDebug())
+                                System.err.println("APPLICATION_TEMPLATE.JNLP has been located within signed JAR. Starting verfication...");
+                            matcher = new JNLPMatcher(inputReader, jnlpReader,
+                                    true);
+                        }
+                        // If signed JNLP file does not matches launching JNLP file, throw JNLPMatcherException
+                        if (!matcher.isMatch())
+                            throw new JNLPMatcherException("Signed Application did not match launching JNLP File");
+                        this.isSignedJNLP = true;
+                        if (JNLPRuntime.isDebug())
+                            System.err.println("Signed Application Verification Successful");
+                        break;
+                    }
+                }
+            }
+        } catch (JNLPMatcherException e) {
+            /*
+             * Throws LaunchException if signed JNLP file fails to be verified
+             * or fails to match the launching JNLP file
+             */
+            throw new LaunchException(file, null, R("LSFatal"), R("LCClient"),
+                    R("LSignedJNLPFileDidNotMatch"), R(e.getMessage()));
+            /*
+             * Throwing this exception will fail to initialize the application
+             * resulting in the termination of the application
+             */
+        } catch (Exception e) {
+            if (JNLPRuntime.isDebug())
+                e.printStackTrace(System.err);
+            /*
+             * After this exception is caught, it is escaped. If an exception is
+             * thrown while handling the jar file, (mainly for
+             * JarCertVerifier.verifyJars) it assumes the jar file is unsigned and
+             * skip the check for a signed JNLP file
+             */
+        } finally {
+            //Close all streams
+            closeStream(inStream);
+            closeStream(inputReader);
+            closeStream(fr);
+            closeStream(jnlpReader);
+        }
+        if (JNLPRuntime.isDebug())
+            System.err.println("Ending check for signed JNLP file...");
+    }
+    /***
+     * Closes a stream
+     *
+     * @param stream the stream that will be closed
+     */
+    private void closeStream (Closeable stream) {
+        if (stream != null)
+            try {
+                stream.close();
+            } catch (Exception e) {
+                e.printStackTrace(System.err);
+            }
+    }
+    private void checkTrustWithUser(JarCertVerifier jcv) throws LaunchException {
+        if (JNLPRuntime.isTrustAll()){
+            return;
+        }
+        if (!jcv.getRootInCacerts()) { //root cert is not in cacerts
             boolean b = SecurityDialogs.showCertWarningDialog(
                     AccessType.UNVERIFIED, file, js);
+                    AccessType.UNVERIFIED, file, jcv);
             if (!b)
                 throw new LaunchException(null, null, R("LSFatal"),
                         R("LCLaunching"), R("LNotVerified"), "");
         } else if (js.getRootInCacerts()) { //root cert is in cacerts
+        } else if (jcv.getRootInCacerts()) { //root cert is in cacerts
             boolean b = false;
             if (js.noSigningIssues())
+            if (jcv.noSigningIssues())
                 b = SecurityDialogs.showCertWarningDialog(
                         AccessType.VERIFIED, file, js);
             else if (!js.noSigningIssues())
+                        AccessType.VERIFIED, file, jcv);
+            else if (!jcv.noSigningIssues())
                 b = SecurityDialogs.showCertWarningDialog(
                         AccessType.SIGNING_ERROR, file, js);
+                        AccessType.SIGNING_ERROR, file, jcv);
             if (!b)
                 throw new LaunchException(null, null, R("LSFatal"),
 …
      */
     protected PermissionCollection getPermissions(CodeSource cs) {
+        Permissions result = new Permissions();
+        // should check for extensions or boot, automatically give all
+        // access w/o security dialog once we actually check certificates.
+        // copy security permissions from SecurityDesc element
+        if (security != null) {
+            // Security desc. is used only to track security settings for the
+            // application. However, an application may comprise of multiple
+            // jars, and as such, security must be evaluated on a per jar basis.
+            // set default perms
+            PermissionCollection permissions = security.getSandBoxPermissions();
+            // If more than default is needed:
+            // 1. Code must be signed
+            // 2. ALL or J2EE permissions must be requested (note: plugin requests ALL automatically)
+            if (cs.getCodeSigners() != null &&
+                    (getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) ||
+                     getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS))) {
+                permissions = getCodeSourceSecurity(cs.getLocation()).getPermissions(cs);
+            }
+            Enumeration<Permission> e = permissions.elements();
+            while (e.hasMoreElements())
+                result.add(e.nextElement());
+        }
+        // add in permission to read the cached JAR files
+        for (int i = 0; i < resourcePermissions.size(); i++)
+            result.add(resourcePermissions.get(i));
+        // add in the permissions that the user granted.
+        for (int i = 0; i < runtimePermissions.size(); i++)
+            result.add(runtimePermissions.get(i));
+        return result;
+        try {
+            Permissions result = new Permissions();
+            // should check for extensions or boot, automatically give all
+            // access w/o security dialog once we actually check certificates.
+            // copy security permissions from SecurityDesc element
+            if (security != null) {
+                // Security desc. is used only to track security settings for the
+                // application. However, an application may comprise of multiple
+                // jars, and as such, security must be evaluated on a per jar basis.
+                // set default perms
+                PermissionCollection permissions = security.getSandBoxPermissions();
+                // If more than default is needed:
+                // 1. Code must be signed
+                // 2. ALL or J2EE permissions must be requested (note: plugin requests ALL automatically)
+                if (cs == null) {
+                    throw new NullPointerException("Code source was null");
+                }
+                if (cs.getCodeSigners() != null) {
+                    if (cs.getLocation() == null) {
+                        throw new NullPointerException("Code source location was null");
+                    }
+                    if (getCodeSourceSecurity(cs.getLocation()) == null) {
+                        throw new NullPointerException("Code source security was null");
+                    }
+                    if (getCodeSourceSecurity(cs.getLocation()).getSecurityType() == null) {
+                        if (JNLPRuntime.isDebug()){
+                        new NullPointerException("Warning! Code source security type was null").printStackTrace();
+                        }
+                    }
+                    Object securityType = getCodeSourceSecurity(cs.getLocation()).getSecurityType();
+                    if (SecurityDesc.ALL_PERMISSIONS.equals(securityType)
+                            || SecurityDesc.J2EE_PERMISSIONS.equals(securityType)) {
+                        permissions = getCodeSourceSecurity(cs.getLocation()).getPermissions(cs);
+                    }
+                }
+                Enumeration<Permission> e = permissions.elements();
+                while (e.hasMoreElements()) {
+                    result.add(e.nextElement());
+                }
+            }
+            // add in permission to read the cached JAR files
+            for (int i = 0; i < resourcePermissions.size(); i++) {
+                result.add(resourcePermissions.get(i));
+            }
+            // add in the permissions that the user granted.
+            for (int i = 0; i < runtimePermissions.size(); i++) {
+                result.add(runtimePermissions.get(i));
+            }
+            // Class from host X should be allowed to connect to host X
+            if (cs.getLocation().getHost().length() > 0)
+                result.add(new SocketPermission(cs.getLocation().getHost(),
+                        "connect, accept"));
+            return result;
+        } catch (RuntimeException ex) {
+            if (JNLPRuntime.isDebug()) {
+                ex.printStackTrace();
+            }
+            throw ex;
+        }
+    }
 …
+                                    }
                                     JarSigner signer = new JarSigner();
+                                    JarCertVerifier signer = new JarCertVerifier();
                                     List<JARDesc> jars = new ArrayList<JARDesc>();
                                     JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
 …
                             JarFile jarFile = new JarFile(localFile.getAbsolutePath());
                             Manifest mf = jarFile.getManifest();
+                            classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath()));
+                            // Only check classpath if this is the plugin and there is no jnlp_href usage.
+                            // Note that this is different from proprietary plugin behaviour.
+                            // If jnlp_href is used, the app should be treated similarly to when
+                            // it is run from javaws as a webstart.
+                            if (file instanceof PluginBridge && !((PluginBridge) file).useJNLPHref()) {
+                                classpaths.addAll(getClassPathsFromManifest(mf, jar.getLocation().getPath()));
+                            }
                             JarIndex index = JarIndex.getJarIndex(jarFile, null);
                             if (index != null)
 …
          * @param jars the jars to be verified.
          */
     private JarSigner verifyJars(List<JARDesc> jars) throws Exception {
         js = new JarSigner();
         js.verifyJars(jars, tracker);
         return js;
+    private JarCertVerifier verifyJars(List<JARDesc> jars) throws Exception {
+        jcv = new JarCertVerifier();
+        jcv.verifyJars(jars, tracker);
+        return jcv;
+    }
 …
             Class result = null;
+            if (loaders[i] == this)
+                result = super.findLoadedClass(name);
+            else
+            if (loaders[i] == this) {
+                final String fName = name;
+                try {
+                    result = AccessController.doPrivileged(
+                            new PrivilegedExceptionAction<Class<?>>() {
+                                public Class<?> run() {
+                                    return JNLPClassLoader.super.findLoadedClass(fName);
+                                }
+                            }, getAccessControlContextForClassLoading());
+                } catch (PrivilegedActionException pae) {
+                    result = null;
+                }
+            } else {
                 result = loaders[i].findLoadedClassAll(name);
+            }
             if (result != null)
 …
      * @param desc the JARDesc for the new jar
      */
     private void addNewJar(JARDesc desc) {
+    private void addNewJar(final JARDesc desc) {
         available.add(desc);
 …
                 );
+        URL remoteURL = desc.getLocation();
+        URL cachedUrl = tracker.getCacheURL(remoteURL);
+        addURL(remoteURL);
+        CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl);
+        // Give read permissions to the cached jar file
+        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            public Void run() {
+                Permission p = CacheUtil.getReadPermission(desc.getLocation(),
+                        desc.getVersion());
+                resourcePermissions.add(p);
+                return null;
+            }
+        });
+        final URL remoteURL = desc.getLocation();
+        final URL cachedUrl = tracker.getCacheURL(remoteURL); // blocks till download
+        available.remove(desc); // Resource downloaded. Remove from available list.
+        try {
+            // Verify if needed
+            final JarCertVerifier signer = new JarCertVerifier();
+            final List<JARDesc> jars = new ArrayList<JARDesc>();
+            jars.add(desc);
+            // Decide what level of security this jar should have
+            // The verification and security setting functions rely on
+            // having AllPermissions as those actions normally happen
+            // during initialization. We therefore need to do those
+            // actions as privileged.
+            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
+                public Void run() throws Exception {
+                    signer.verifyJars(jars, tracker);
+                    if (signer.anyJarsSigned() && !signer.getAlreadyTrustPublisher()) {
+                        checkTrustWithUser(signer);
+                    }
+                    final SecurityDesc security;
+                    if (signer.anyJarsSigned()) {
+                        security = new SecurityDesc(file,
+                                SecurityDesc.ALL_PERMISSIONS,
+                                file.getCodeBase().getHost());
+                    } else {
+                        security = new SecurityDesc(file,
+                                SecurityDesc.SANDBOX_PERMISSIONS,
+                                file.getCodeBase().getHost());
+                    }
+                    jarLocationSecurityMap.put(remoteURL, security);
+                    return null;
+                }
+            });
+            addURL(remoteURL);
+            CachedJarFileCallback.getInstance().addMapping(remoteURL, cachedUrl);
+        } catch (Exception e) {
+            // Do nothing. This code is called by loadClass which cannot
+            // throw additional exceptions. So instead, just ignore it.
+            // Exception => jar will not get added to classpath, which will
+            // result in CNFE from loadClass.
+            e.printStackTrace();
+        }
+    }
 …
         for (int i = 0; i < loaders.length; i++) {
             try {
+                if (loaders[i] == this)
+                    return super.findClass(name);
+                else
+                if (loaders[i] == this) {
+                    final String fName = name;
+                    return AccessController.doPrivileged(
+                            new PrivilegedExceptionAction<Class<?>>() {
+                                public Class<?> run() throws ClassNotFoundException {
+                                    return JNLPClassLoader.super.findClass(fName);
+                                }
+                            }, getAccessControlContextForClassLoading());
+                } else {
                     return loaders[i].findClass(name);
+                }
             } catch (ClassNotFoundException ex) {
             } catch (ClassFormatError cfe) {
+            } catch (PrivilegedActionException pae) {
+            }
+        }
 …
         // Try codebase loader
         if (codeBaseLoader != null)
             return codeBaseLoader.findClass(name);
+            return codeBaseLoader.findClass(name, true);
         // All else failed. Throw CNFE
         throw new ClassNotFoundException(name);
 …
         // add resources until found
         while (true) {
+            JNLPClassLoader addedTo = addNextResource();
+            JNLPClassLoader addedTo = null;
+            try {
+                addedTo = addNextResource();
+            } catch (LaunchException e) {
+                /*
+                 * This method will never handle any search for the main class
+                 * [It is handled in initializeResources()]. Therefore, this
+                 * exception will never be thrown here and is escaped
+                 */
+                throw new IllegalStateException(e);
+            }
             if (addedTo == null)
 …
      * Finds the resource in this, the parent, or the extension
      * class loaders.
+     */
+    public URL getResource(String name) {
+        URL result = super.getResource(name);
+        for (int i = 1; i < loaders.length; i++)
+            if (result == null)
+                result = loaders[i].getResource(name);
+     *
+     * @return a <code>URL</code> for the resource, or <code>null</code>
+     * if the resource could not be found.
+     */
+    @Override
+    public URL findResource(String name) {
+        URL result = null;
+        try {
+            Enumeration<URL> e = findResources(name);
+            if (e.hasMoreElements()) {
+                result = e.nextElement();
+            }
+        } catch (IOException e) {
+            if (JNLPRuntime.isDebug()) {
+                e.printStackTrace();
+            }
+        }
         // If result is still null, look in the codebase loader
         if (result == null && codeBaseLoader != null)
             result = codeBaseLoader.getResource(name);
+            result = codeBaseLoader.findResource(name);
         return result;
 …
     /**
      * Finds the resource in this, the parent, or the extension
      * class loaders.
+     * Find the resources in this, the parent, or the extension
+     * class loaders. Load lazy resources if not found in current resources.
      */
     @Override
     public Enumeration<URL> findResources(String name) throws IOException {
+        Vector<URL> resources = new Vector<URL>();
+        Enumeration<URL> e;
+        Enumeration<URL> resources = findResourcesBySearching(name);
+        try {
+            // if not found, load all lazy resources; repeat search
+            while (!resources.hasMoreElements() && addNextResource() != null) {
+                resources = findResourcesBySearching(name);
+            }
+        } catch (LaunchException le) {
+            le.printStackTrace();
+        }
+        return resources;
+    }
+    /**
+     * Find the resources in this, the parent, or the extension
+     * class loaders.
+     */
+    private Enumeration<URL> findResourcesBySearching(String name) throws IOException {
+        List<URL> resources = new ArrayList<URL>();
+        Enumeration<URL> e = null;
         for (int i = 0; i < loaders.length; i++) {
+            if (loaders[i] == this)
+                e = super.findResources(name);
+            else
+            // TODO check if this will blow up or not
+            // if loaders[1].getResource() is called, wont it call getResource() on
+            // the original caller? infinite recursion?
+            if (loaders[i] == this) {
+                final String fName = name;
+                try {
+                    e = AccessController.doPrivileged(
+                            new PrivilegedExceptionAction<Enumeration<URL>>() {
+                                public Enumeration<URL> run() throws IOException {
+                                    return JNLPClassLoader.super.findResources(fName);
+                                }
+                            }, getAccessControlContextForClassLoading());
+                } catch (PrivilegedActionException pae) {
+                }
+            } else {
                 e = loaders[i].findResources(name);
+            while (e.hasMoreElements())
+                resources.add(e.nextElement());
+            }
+            final Enumeration<URL> fURLEnum = e;
+            try {
+                resources.addAll(AccessController.doPrivileged(
+                    new PrivilegedExceptionAction<Collection<URL>>() {
+                        public Collection<URL> run() {
+                            List<URL> resources = new ArrayList<URL>();
+                            while (fURLEnum != null && fURLEnum.hasMoreElements()) {
+                                resources.add(fURLEnum.nextElement());
+                            }
+                            return resources;
+                        }
+                    }, getAccessControlContextForClassLoading()));
+            } catch (PrivilegedActionException pae) {
+            }
+        }
 …
+        }
         return resources.elements();
+        return Collections.enumeration(resources);
+    }
 …
+     *
      * @return the classloader that resources were added to, or null
+     */
+    protected JNLPClassLoader addNextResource() {
+     * @throws LaunchException Thrown if the signed JNLP file, within the main jar, fails to be verified or does not match
+     */
+    protected JNLPClassLoader addNextResource() throws LaunchException {
         if (available.size() == 0) {
             for (int i = 1; i < loaders.length; i++) {
 …
         fillInPartJars(jars);
+        checkForMain(jars);
         activateJars(jars);
 …
     protected SecurityDesc getCodeSourceSecurity(URL source) {
+        return jarLocationSecurityMap.get(source);
+        SecurityDesc sec=jarLocationSecurityMap.get(source);
+        if (sec == null && !alreadyTried.contains(source)) {
+            alreadyTried.add(source);
+            //try to load the jar which is requesting the permissions, but was NOT downloaded by standard way
+            if (JNLPRuntime.isDebug()) {
+                System.out.println("Application is trying to get permissions for " + source.toString() + ", which was not added by standard way. Trying to download and verify!");
+            }
+            try {
+                JARDesc des = new JARDesc(source, null, null, false, false, false, false);
+                addNewJar(des);
+                sec = jarLocationSecurityMap.get(source);
+            } catch (Throwable t) {
+                if (JNLPRuntime.isDebug()) {
+                    t.printStackTrace();
+                }
+                sec = null;
+            }
+        }
+        if (sec == null){
+            System.out.println(Translator.R("LNoSecInstance",source.toString()));
+        }
+        return sec;
+    }
 …
      */
     private void addToCodeBaseLoader(URL u) {
+        if (u == null) {
+            return;
+        }
         // Only paths may be added
 …
         return result;
+    }
+    /**
+     * Increments loader use count by 1
+     *
+     * @throws SecurityException if caller is not trusted
+     */
+    private synchronized void incrementLoaderUseCount() {
+        // For use by trusted code only
+        if (System.getSecurityManager() != null)
+            System.getSecurityManager().checkPermission(new AllPermission());
+        useCount++;
+    }
+    /**
+     * Decrements loader use count by 1
+     *
+     * If count reaches 0, loader is removed from list of available loaders
+     *
+     * @throws SecurityException if caller is not trusted
+     */
+    public synchronized void decrementLoaderUseCount() {
+        // For use by trusted code only
+        if (System.getSecurityManager() != null)
+            System.getSecurityManager().checkPermission(new AllPermission());
+        useCount--;
+        if (useCount <= 0) {
+            synchronized(urlToLoader) {
+                urlToLoader.remove(file.getUniqueKey());
+            }
+        }
+    }
+    /**
+     * Returns an appropriate AccessControlContext for loading classes in
+     * the running instance.
+     *
+     * The default context during class-loading only allows connection to
+     * codebase. However applets are allowed to load jars from arbitrary
+     * locations and the codebase only access falls short if a class from
+     * one location needs a class from another.
+     *
+     * Given protected access since CodeBaseClassloader uses this function too.
+     *
+     * @return The appropriate AccessControlContext for loading classes for this instance
+     */
+    public AccessControlContext getAccessControlContextForClassLoading() {
+        AccessControlContext context = AccessController.getContext();
+        try {
+            context.checkPermission(new AllPermission());
+            return context; // If context already has all permissions, don't bother
+        } catch (AccessControlException ace) {
+            // continue below
+        } catch (ClassCircularityError cce) {
+            // continue below
+        }
+        // Since this is for class-loading, technically any class from one jar
+        // should be able to access a class from another, therefore making the
+        // original context code source irrelevant
+        PermissionCollection permissions = this.security.getSandBoxPermissions();
+        // Local cache access permissions
+        for (Permission resourcePermission : resourcePermissions) {
+            permissions.add(resourcePermission);
+        }
+        // Permissions for all remote hosting urls
+        for (URL u: jarLocationSecurityMap.keySet()) {
+            permissions.add(new SocketPermission(u.getHost(),
+                                                 "connect, accept"));
+        }
+        // Permissions for codebase urls (if there is a loader)
+        if (codeBaseLoader != null) {
+            for (URL u : codeBaseLoader.getURLs()) {
+                permissions.add(new SocketPermission(u.getHost(),
+                        "connect, accept"));
+            }
+        }
+        ProtectionDomain pd = new ProtectionDomain(null, permissions);
+        return new AccessControlContext(new ProtectionDomain[] { pd });
+    }
     /*
 …
         JNLPClassLoader parentJNLPClassLoader;
+        /**
+         * Classes that are not found, so that findClass can skip them next time
+         */
+        ConcurrentHashMap<String, URL[]> notFoundResources = new ConcurrentHashMap<String, URL[]>();
         public CodeBaseClassLoader(URL[] urls, JNLPClassLoader cl) {
             super(urls);
 …
         @Override
+        public Class<?> findClass(String name) throws ClassNotFoundException {
+            return super.findClass(name);
+        public Class<?> findClass(String name) throws ClassNotFoundException {
+            return findClass(name, false);
+        }
+        public Class<?> findClass(String name, boolean recursivelyInvoked) throws ClassNotFoundException {
+            if (!recursivelyInvoked) {
+                try {
+                    return parentJNLPClassLoader.findClass(name);
+                } catch (ClassNotFoundException cnfe) {
+                    // continue
+                }
+            }
+            // If we have searched this path before, don't try again
+            if (Arrays.equals(super.getURLs(), notFoundResources.get(name)))
+                throw new ClassNotFoundException(name);
+            try {
+                final String fName = name;
+                return AccessController.doPrivileged(
+                        new PrivilegedExceptionAction<Class<?>>() {
+                            public Class<?> run() throws ClassNotFoundException {
+                                return CodeBaseClassLoader.super.findClass(fName);
+                            }
+                        }, parentJNLPClassLoader.getAccessControlContextForClassLoading());
+            } catch (PrivilegedActionException pae) {
+                notFoundResources.put(name, super.getURLs());
+                throw new ClassNotFoundException("Could not find class " + name);
+            }
+        }
 …
         @Override
         public Enumeration<URL> findResources(String name) throws IOException {
+            // If we have searched this path before, don't try again
+            if (Arrays.equals(super.getURLs(), notFoundResources.get(name)))
+                return (new Vector<URL>(0)).elements();
             if (!name.startsWith("META-INF")) {
+                return super.findResources(name);
+            }
+                Enumeration<URL> urls = super.findResources(name);
+                if (!urls.hasMoreElements()) {
+                    notFoundResources.put(name, super.getURLs());
+                }
+                return urls;
+            }
             return (new Vector<URL>(0)).elements();
+        }
 …
         @Override
         public URL findResource(String name) {
+            // If we have searched this path before, don't try again
+            if (Arrays.equals(super.getURLs(), notFoundResources.get(name)))
+                return null;
+            URL url = null;
             if (!name.startsWith("META-INF")) {
+                return super.findResource(name);
+            }
+                try {
+                    final String fName = name;
+                    url = AccessController.doPrivileged(
+                            new PrivilegedExceptionAction<URL>() {
+                                public URL run() {
+                                    return CodeBaseClassLoader.super.findResource(fName);
+                                }
+                            }, parentJNLPClassLoader.getAccessControlContextForClassLoading());
+                } catch (PrivilegedActionException pae) {
+                }
+                if (url == null) {
+                    notFoundResources.put(name, super.getURLs());
+                }
+                return url;
+            }
             return null;
+        }

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java

-              r348
+              r418
 import javax.naming.ConfigurationException;
 import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 …
     private static UpdatePolicy updatePolicy = UpdatePolicy.ALWAYS;
-    /** netx window icon */
-    private static Image windowIcon = null;
     /** whether initialized */
     private static boolean initialized = false;
 …
     private static boolean forksAllowed = true;
+    /** all security dialogs will be consumed and pretented as beeing verified by user and allowed.*/
+    private static boolean trustAll=false;
     /** contains the arguments passed to the jnlp runtime */
     private static List<String> initialArguments;
 …
     public static final String STDERR_FILE = "java.stderr";
     public static final String STDOUT_FILE = "java.stdout";
     /**
 …
             checkHeadless();
-        if (!headless && windowIcon == null)
-            loadWindowIcon();
         if (!headless && indicator == null)
             indicator = new DefaultDownloadIndicator();
 …
         if (handler == null) {
             if (headless) {
                 handler = new DefaultLaunchHandler();
+                handler = new DefaultLaunchHandler(System.err);
             } else {
                 handler = new GuiLaunchHandler();
+                handler = new GuiLaunchHandler(System.err);
+            }
+        }
 …
             SSLSocketFactory sslSocketFactory;
             SSLContext context = SSLContext.getInstance("SSL");
+            KeyStore ks = KeyStores.getKeyStore(KeyStores.Level.USER, KeyStores.Type.CLIENT_CERTS);
+            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+            kmf.init(ks, KeyStores.getPassword());
             TrustManager[] trust = new TrustManager[] { VariableX509TrustManager.getInstance() };
             context.init(null, trust, null);
+            context.init(kmf.getKeyManagers(), trust, null);
             sslSocketFactory = context.getSocketFactory();
 …
     public static boolean isWebstartApplication() {
         return isWebstartApplication;
+    }
-    /**
-     * Returns the window icon.
-     */
-    public static Image getWindowIcon() {
-        return windowIcon;
+    }
-    /**
-     * Sets the window icon that is displayed in Java applications
-     * and applets instead of the default Java icon.
+     *
-     * @throws IllegalStateException if caller is not the exit class
-     */
-    public static void setWindowIcon(Image image) {
-        checkExitClass();
-        windowIcon = image;
+    }
 …
         } catch (Exception ex) {
             throw new IllegalStateException("Missing resource bundle in netx.jar:net/sourceforge/jnlp/resource/Messages.properties");
+        }
+    }
-    /**
-     * Load the window icon.
-     */
-    private static void loadWindowIcon() {
-        if (windowIcon != null)
-            return;
-        try {
-            windowIcon = new javax.swing.ImageIcon((new sun.misc.Launcher())
-                        .getClassLoader().getResource("net/sourceforge/jnlp/resources/netx-icon.png")).getImage();
-        } catch (Exception ex) {
-            if (JNLPRuntime.isDebug())
-                ex.printStackTrace();
+        }
+    }
 …
+    }
+    static void setTrustAll(boolean b) {
+        trustAll=b;
+    }
+    public static boolean isTrustAll() {
+        return trustAll;
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java

-              r348
+              r418
             //            }
+            try {
+                super.checkPermission(perm);
+            } catch (SecurityException se) {
+                //This section is a special case for dealing with SocketPermissions.
+                if (JNLPRuntime.isDebug())
+                    System.err.println("Requesting permission: " + perm.toString());
+                //Change this SocketPermission's action to connect and accept
+                //(and resolve). This is to avoid asking for connect permission
+                //on every address resolve.
+                Permission tmpPerm = null;
+                if (perm instanceof SocketPermission) {
+                    tmpPerm = new SocketPermission(perm.getName(),
+                                                        SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
+                    // before proceeding, check if we are trying to connect to same origin
+                    ApplicationInstance app = getApplication();
+                    JNLPFile file = app.getJNLPFile();
+                    String srcHost = file.getSourceLocation().getAuthority();
+                    String destHost = name;
+                    // host = abc.xyz.com or abc.xyz.com:<port>
+                    if (destHost.indexOf(':') >= 0)
+                        destHost = destHost.substring(0, destHost.indexOf(':'));
+                    // host = abc.xyz.com
+                    String[] hostComponents = destHost.split("\\.");
+                    int length = hostComponents.length;
+                    if (length >= 2) {
+                        // address is in xxx.xxx.xxx format
+                        destHost = hostComponents[length - 2] + "." + hostComponents[length - 1];
+                        // host = xyz.com i.e. origin
+                        boolean isDestHostName = false;
+                        // make sure that it is not an ip address
+                        try {
+                            Integer.parseInt(hostComponents[length - 1]);
+                        } catch (NumberFormatException e) {
+                            isDestHostName = true;
+                        }
+                        if (isDestHostName) {
+                            // okay, destination is hostname. Now figure out if it is a subset of origin
+                            if (srcHost.endsWith(destHost)) {
+                                addPermission(tmpPerm);
+                                return;
+                            }
+                        }
+                    }
+                } else {
+                    tmpPerm = perm;
+                }
+                if (tmpPerm != null) {
+                    //askPermission will only prompt the user on SocketPermission
+                    //meaning we're denying all other SecurityExceptions that may arise.
+                    if (askPermission(tmpPerm)) {
+                        addPermission(tmpPerm);
+                        //return quietly.
+                    } else {
+                        throw se;
+                    }
+                }
+            }
+            super.checkPermission(perm);
         } catch (SecurityException ex) {
             if (JNLPRuntime.isDebug()) {
 …
             app.addWindow(w);
+        }
-        // change coffee cup to netx for default icon
-        if (window instanceof Window)
-            for (Window w = (Window) window; w != null; w = w.getOwner())
-                if (window instanceof Frame)
-                    ((Frame) window).setIconImage(JNLPRuntime.getWindowIcon());
         // todo: set awt.appletWarning to custom message

trunk/icedtea-web/netx/net/sourceforge/jnlp/runtime/pac-funcs.js

-              r348
+              r418
  */
 function dateRange() {
+    // note: watch out for wrapping around of dates. date ranges, like
+    // month=9 to month=8, wrap around and cover the entire year. this
+    // makes everything more interesting
+    var gmt;
+        if (arguments.length > 1) {
+                if (arguments[arguments.length-1] === "GMT") {
+                        gmt = true;
+            arguments.splice(0,arguments.length-1);
+        }
+        }
+    switch (arguments.length) {
+       case 1: return isDateInRange_internallForIcedTeaWebTesting(new Date(),arguments[0]);
+       case 2: return isDateInRange_internallForIcedTeaWebTesting(new Date(),arguments[0],arguments[1]);
+       case 3: return isDateInRange_internallForIcedTeaWebTesting(new Date(),arguments[0],arguments[1],arguments[2]);
+       case 4: return isDateInRange_internallForIcedTeaWebTesting(new Date(),arguments[0],arguments[1],arguments[2],arguments[3]);
+       case 5: return isDateInRange_internallForIcedTeaWebTesting(new Date(),arguments[0],arguments[1],arguments[2],arguments[3],arguments[4]);
+       case 6: return isDateInRange_internallForIcedTeaWebTesting(new Date(),arguments[0],arguments[1],arguments[2],arguments[3],arguments[4],arguments[5]);
+       case 7: return isDateInRange_internallForIcedTeaWebTesting(new Date(),arguments[0],arguments[1],arguments[2],arguments[3],arguments[4],arguments[5],arguments[6]); //GMT
+       default:
+           return false;
+    }
+}
+function isDateInRange_internallForIcedTeaWebTesting() {
     function isDate(date) {
 …
     function inYearRange(today, year1, year2) {
         if (year1 <= today.getYear() && today.getYear() <= year2) {
+        if (year1 <= today.getFullYear() && today.getFullYear() <= year2) {
             return true;
         } else {
 …
     function inYearMonthRange(today, month1, year1, month2, year2) {
         if (year1 === year2) {
             if (today.getYear() === year1) {
+            if (today.getFullYear() === year1) {
                if (month1 <= today.getMonth() && today.getMonth() <= month2) {
                    return true;
 …
+        }
         if (year1 < year2) {
             if (year1 <= today.getYear() && today.getYear() <= year2) {
                 if (today.getYear() === year1) {
+            if (year1 <= today.getFullYear() && today.getFullYear() <= year2) {
+                if (today.getFullYear() === year1) {
                     if (today.getMonth() >= month1) {
                         return true;
 …
                         return false;
+                    }
                 } else if (today.getYear() === year2) {
+                } else if (today.getFullYear() === year2) {
                     if (today.getMonth() <= month2) {
                         return true;
 …
             return false;
+        }
+    }
     function inYearMonthDateRange(today, date1, month1, year1, date2, month2, year2) {
         if (year1 === year2) {
             if (year1 === today.getYear()) {
+            if (year1 === today.getFullYear()) {
                 if ((month1 <= today.getMonth()) && (today.getMonth() <= month2)) {
                     if (month1 === month2) {
 …
+            }
         } else if (year1 < year2) {
             if (year1 <= today.getYear() && today.getYear() <= year2) {
                 if (today.getYear() === year1) {
+            if (year1 <= today.getFullYear() && today.getFullYear() <= year2) {
+                if (today.getFullYear() === year1) {
                     if (today.getMonth() === month1) {
                         if (today.getDate() >= date1) {
 …
                         return false;
+                    }
+                } else if (today.getYear() === year2) {
+                    if (today.getMonth() <= month2) {
+                    } else {
+                        return true;
+                    }
+                } else {
+                    return true;
+                }
+            } else {
+                return false;
+            }
+        } else {
+            return false;
+        }
+    }
+                } else if (today.getFullYear() === year2) {
+                    if (today.getMonth() === month2) {
+                        if (today.getDate() <= date1) {
+                            return true;
+                        } else {
+                            return false;
+                        }
+                    } else if (today.getMonth() < month2) {
+                        return true;
+                    } else {
+                        return false;
+                    }
+                } else {
+                    return true;
+                }
+            } else {
+                return false;
+            }
+        } else {
+            return false;
+        }
+    }
+    // note: watch out for wrapping around of dates. date ranges, like
+    // month=9 to month=8, wrap around and cover the entire year. this
+    // makes everything more interesting
+    var gmt;
+        if (arguments.length > 2) {
+                if (arguments[arguments.length-1] === "GMT") {
+                        gmt = true;
+            arguments.splice(0,arguments.length-1);
+        }
+        }
     // TODO: change date to gmt, whatever
     var today = new Date();
+    var today = arguments[0]
     var arg1;
 …
     var arg6;
     switch (arguments.length) {
+    switch (arguments.length-1) {
         case 1:
             var arg = arguments[0];
+            var arg = arguments[1];
             if (isDate(arg)) {
                 if (today.getDate() === arg) {
 …
+                }
             } else { // year
                 if (today.getYear() === arg) {
+                if (today.getFullYear() === arg) {
                     return true;
                 } else {
 …
+            }
         case 2:
             arg1 = arguments[0];
             arg2 = arguments[1];
+            arg1 = arguments[1];
+            arg2 = arguments[2];
             if (isDate(arg1) && isDate(arg2)) {
                 var date1 = arg1;
 …
+            }
         case 4:
             arg1 = arguments[0];
             arg2 = arguments[1];
             arg3 = arguments[2];
             arg4 = arguments[3];
+            arg1 = arguments[1];
+            arg2 = arguments[2];
+            arg3 = arguments[3];
+            arg4 = arguments[4];
             if (isDate(arg1) && isMonth(arg2) && isDate(arg3) && isMonth(arg4)) {
 …
+            }
         case 6:
             arg1 = arguments[0];
             arg2 = arguments[1];
             arg3 = arguments[2];
             arg4 = arguments[3];
             arg5 = arguments[4];
             arg6 = arguments[5];
+            arg1 = arguments[1];
+            arg2 = arguments[2];
+            arg3 = arguments[3];
+            arg4 = arguments[4];
+            arg5 = arguments[5];
+            arg6 = arguments[6];
             if (isDate(arg1) && isMonth(arg2) && isYear(arg3) &&
                 isDate(arg4) && isMonth(arg5) && isYear(arg6)) {

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/AccessWarningPane.java

-              r348
+              r418
         try {
+            publisher = file.getInformation().getVendor() != null ? file.getInformation().getVendor() : R("SNoAssociatedCertificate");
+            publisher = file.getInformation().getVendor() != null ?
+                    file.getInformation().getVendor() + " " + R("SUnverified") :
+                    R("SNoAssociatedCertificate");
         } catch (Exception e) {
+        }
 …
+        }
         ImageIcon icon = new ImageIcon((new sun.misc.Launcher()).getClassLoader().getResource("net/sourceforge/jnlp/resources/warning.png"));
+        ImageIcon icon = new ImageIcon((new sun.misc.Launcher()).getClassLoader().getResource("net/sourceforge/jnlp/resources/question.png"));
         JLabel topLabel = new JLabel(htmlWrap(topLabelText), icon, SwingConstants.LEFT);
         topLabel.setFont(new Font(topLabel.getFont().toString(),

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/CertWarningPane.java

-              r348
+              r418
 /* CertWarningPane.java
    Copyright (C) 2008 Red Hat, Inc.
+   Copyright (C) 2012 Red Hat, Inc.
 This file is part of IcedTea.
 …
         AccessType type = parent.getAccessType();
         JNLPFile file = parent.getFile();
         Certificate c = parent.getJarSigner().getPublisher();
+        Certificate c = parent.getCertVerifier().getPublisher();
         String name = "";
 …
+        }
         //Top label
+        // Labels
         String topLabelText = "";
+        String bottomLabelText = parent.getCertVerifier().getRootInCacerts() ?
+                                 R("STrustedSource") : R("SUntrustedSource");
         String propertyName = "";
+        String iconLocation = "net/sourceforge/jnlp/resources/";
+        boolean alwaysTrustSelected = false;
         if (certVerifier instanceof HttpsCertVerifier) {
+            topLabelText = R("SHttpsUnverified") + " " +
+                                 R("Continue");
+            // HTTPS certs that are verified do not prompt for a dialog.
+            // @see VariableX509TrustManager#checkServerTrusted
+            topLabelText = R("SHttpsUnverified") + " " + R("Continue");
             propertyName = "OptionPane.warningIcon";
+            iconLocation += "warning.png";
         } else
             switch (type) {
 …
                     topLabelText = R("SSigVerified");
                     propertyName = "OptionPane.informationIcon";
+                    iconLocation += "question.png";
+                    alwaysTrustSelected = true;
                     break;
                 case UNVERIFIED:
                     topLabelText = R("SSigUnverified");
                     propertyName = "OptionPane.warningIcon";
+                    iconLocation += "warning.png";
+                    bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy");
                     break;
                 case SIGNING_ERROR:
                     topLabelText = R("SSignatureError");
                     propertyName = "OptionPane.warningIcon";
+                    iconLocation += "warning.png";
+                    bottomLabelText += " " + R("SWarnFullPermissionsIgnorePolicy");
                     break;
+            }
         ImageIcon icon = new ImageIcon((new sun.misc.Launcher())
                                 .getClassLoader().getResource("net/sourceforge/jnlp/resources/warning.png"));
+                                .getClassLoader().getResource(iconLocation));
         JLabel topLabel = new JLabel(htmlWrap(topLabelText), icon, SwingConstants.LEFT);
         topLabel.setFont(new Font(topLabel.getFont().toString(),
 …
         topPanel.setBackground(Color.WHITE);
         topPanel.add(topLabel, BorderLayout.CENTER);
         topPanel.setPreferredSize(new Dimension(400, 60));
+        topPanel.setPreferredSize(new Dimension(400, 75));
         topPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
 …
         alwaysTrust = new JCheckBox(R("SAlwaysTrustPublisher"));
         alwaysTrust.setEnabled(true);
+        alwaysTrust.setSelected(alwaysTrustSelected);
         JPanel infoPanel = new JPanel(new GridLayout(4, 1));
 …
         add(buttonPanel);
         JLabel bottomLabel;
+        JLabel bottomLabel = new JLabel(htmlWrap(bottomLabelText));;
         JButton moreInfo = new JButton(R("ButMoreInformation"));
         moreInfo.addActionListener(new MoreInfoButtonListener());
-        if (parent.getJarSigner().getRootInCacerts())
-            bottomLabel = new JLabel(htmlWrap(R("STrustedSource")));
-        else
-            bottomLabel = new JLabel(htmlWrap(R("SUntrustedSource")));
         JPanel bottomPanel = new JPanel();
 …
         bottomPanel.add(bottomLabel);
         bottomPanel.add(moreInfo);
         bottomPanel.setPreferredSize(new Dimension(500, 100));
+        bottomPanel.setPreferredSize(new Dimension(600, 100));
         bottomPanel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
         add(bottomPanel);
 …
     private class MoreInfoButtonListener implements ActionListener {
         public void actionPerformed(ActionEvent e) {
             SecurityDialog.showMoreInfoDialog(parent.getJarSigner(),
+            SecurityDialog.showMoreInfoDialog(parent.getCertVerifier(),
                                 parent);
+        }
 …
                 try {
                     KeyStore ks = KeyStores.getKeyStore(Level.USER, Type.CERTS);
                     X509Certificate c = (X509Certificate) parent.getJarSigner().getPublisher();
+                    X509Certificate c = (X509Certificate) parent.getCertVerifier().getPublisher();
                     CertificateUtils.addToKeyStore(c, ks);
                     File keyStoreFile = new File(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS));

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/CertificateUtils.java

-              r348
+              r418
 import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.PrintStream;
 import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.Enumeration;
 import java.util.Random;
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
 import sun.misc.BASE64Encoder;
+import net.sourceforge.jnlp.runtime.Translator;
+import net.sourceforge.jnlp.util.replacements.BASE64Encoder;
 import sun.security.provider.X509Factory;
 …
+    }
+    public static void addPKCS12ToKeyStore(File file, KeyStore ks, char[] password)
+            throws Exception {
+        BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file));
+        KeyStore keyStore = KeyStore.getInstance("PKCS12");
+        keyStore.load(bis, password);
+        Enumeration<String> aliasList = keyStore.aliases();
+        while (aliasList.hasMoreElements()) {
+            String alias = aliasList.nextElement();
+            Certificate[] certChain = keyStore.getCertificateChain(alias);
+            Key key = keyStore.getKey(alias, password);
+            addPKCS12ToKeyStore(certChain, key, ks);
+        }
+    }
+    public static void addPKCS12ToKeyStore(Certificate[] certChain, Key key, KeyStore ks)
+            throws KeyStoreException {
+        String alias = null;
+        // does this certificate already exist?
+        alias = ks.getCertificateAlias(certChain[0]);
+        if (alias != null) {
+            return;
+        }
+        // create a unique alias for this new certificate
+        Random random = new Random();
+        do {
+            alias = new BigInteger(20, random).toString();
+        } while (ks.getCertificate(alias) != null);
+        ks.setKeyEntry(alias, key, KeyStores.getPassword(), certChain);
+    }
     /**
      * Checks whether an X509Certificate is already in one of the keystores
 …
         for (int i = 0; i < keyStores.length; i++) {
             try {
+                if (keyStores[i].getCertificateAlias(c) != null) {
+                    if (JNLPRuntime.isDebug()) {
+                        System.out.println(c.getSubjectX500Principal().getName() + " found in cacerts");
+                    }
+                    return true;
+                // Check against all certs
+                Enumeration<String> aliases = keyStores[i].aliases();
+                while (aliases.hasMoreElements()) {
+                    // Verify against this entry
+                    String alias = aliases.nextElement();
+                    if (c.equals(keyStores[i].getCertificate(alias))) {
+                        if (JNLPRuntime.isDebug()) {
+                            System.out.println(Translator.R("LCertFoundIn", c.getSubjectX500Principal().getName(), KeyStores.getPathToKeystore(keyStores[i].hashCode())));
+                        }
+                        return true;
+                    } // else continue
+                }
             } catch (KeyStoreException e) {
                 e.printStackTrace();
 …
         out.println(X509Factory.END_CERT);
+    }
+    public static void dumpPKCS12(String alias, File file, KeyStore ks, char[] password)
+            throws Exception {
+        Certificate[] certChain = ks.getCertificateChain(alias);
+        Key key = ks.getKey(alias, KeyStores.getPassword());
+        BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file));
+        KeyStore keyStore = KeyStore.getInstance("PKCS12");
+        keyStore.load(null, null);
+        keyStore.setKeyEntry(alias, key, password, certChain);
+        keyStore.store(bos, password);
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/CertsInfoPane.java

r348	r418
85	85	*/
86	86	void buildTree() {
87		certPath = parent.get~~JarSign~~er().getCertPath();
	87	certPath = parent.getCertVerifier().getCertPath();
88	88	X509Certificate firstCert =
89	89	((X509Certificate) certPath.getCertificates().get(0));

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/KeyStores.java

-              r348
+              r418
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.StringTokenizer;
 …
+    }
+    public static final Map<Integer,String> keystoresPaths=new HashMap<Integer, String>();
     private static DeploymentConfiguration config = null;
 …
         try {
             ks = createKeyStoreFromFile(new File(location), create, DEFAULT_PASSWORD);
+            //hashcode is used instead of instance so when no references are left
+            //to keystore, then this will not be blocker for garbage collection
+            keystoresPaths.put(ks.hashCode(),location);
         } catch (Exception e) {
             e.printStackTrace();
+        }
         return ks;
+    }
+    public static String getPathToKeystore(int k) {
+        String s = keystoresPaths.get(k);
+        if (s == null) {
+            return "unknown keystore location";
+        }
+        return s;
+    }

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/MoreInfoPane.java

-              r348
+              r418
 public class MoreInfoPane extends SecurityDialogPanel {
+    private boolean showSignedJNLPWarning;
     public MoreInfoPane(SecurityDialog x, CertVerifier certVerifier) {
         super(x, certVerifier);
+        showSignedJNLPWarning= x.requiresSignedJNLPWarning();
         addComponents();
+    }
 …
         ArrayList<String> details = certVerifier.getDetails();
+        // Show signed JNLP warning if the signed main jar does not have a
+        // signed JNLP file and the launching JNLP file contains special properties
+        if(showSignedJNLPWarning)
+            details.add(R("SJNLPFileIsNotSigned"));
         int numLabels = details.size();
         JPanel errorPanel = new JPanel(new GridLayout(numLabels, 1));
 …
             errorPanel.add(new JLabel(htmlWrap(details.get(i)), icon, SwingConstants.LEFT));
+        }
+        // Removes signed JNLP warning after it has been used. This will avoid
+        // any alteration to certVerifier.
+        if(showSignedJNLPWarning)
+            details.remove(details.size()-1);
         JPanel buttonsPanel = new JPanel(new BorderLayout());
 …
     private class CertInfoButtonListener implements ActionListener {
         public void actionPerformed(ActionEvent e) {
             SecurityDialog.showCertInfoDialog(parent.getJarSigner(),
+            SecurityDialog.showCertInfoDialog(parent.getCertVerifier(),
                                 parent);
+        }

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/SecurityDialog.java

-              r348
+              r418
 import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
 import net.sourceforge.jnlp.security.SecurityDialogs.DialogType;
+import net.sourceforge.jnlp.util.ImageResources;
 import java.awt.*;
 …
     private Object value;
+    SecurityDialog(DialogType dialogType, AccessType accessType,
+                JNLPFile file, CertVerifier jarSigner, X509Certificate cert, Object[] extras) {
+    /** Should show signed JNLP file warning */
+    private boolean requiresSignedJNLPWarning;
+    SecurityDialog(DialogType dialogType, AccessType accessType,
+                JNLPFile file, CertVerifier JarCertVerifier, X509Certificate cert, Object[] extras) {
         super();
+        setIconImages(ImageResources.INSTANCE.getApplicationImages());
         this.dialogType = dialogType;
         this.accessType = accessType;
         this.file = file;
         this.certVerifier = jarSigner;
+        this.certVerifier = JarCertVerifier;
         this.cert = cert;
         this.extras = extras;
         initialized = true;
+        if(file != null)
+            requiresSignedJNLPWarning= file.requiresSignedJNLPWarning();
         initDialog();
+    }
 …
      */
     SecurityDialog(DialogType dialogType, AccessType accessType,
                         JNLPFile file, CertVerifier jarSigner) {
         this(dialogType, accessType, file, jarSigner, null, null);
+                        JNLPFile file, CertVerifier certVerifier) {
+        this(dialogType, accessType, file, certVerifier, null, null);
+    }
 …
      * Shows more information regarding jar code signing
+     *
      * @param jarSigner the JarSigner used to verify this application
+     * @param certVerifier the JarCertVerifier used to verify this application
      * @param parent the parent option pane
      */
     public static void showMoreInfoDialog(
+                CertVerifier jarSigner, SecurityDialog parent) {
+                CertVerifier certVerifier, SecurityDialog parent) {
+        JNLPFile file= parent.getFile();
         SecurityDialog dialog =
                         new SecurityDialog(DialogType.MORE_INFO, null, null,
                                 jarSigner);
+                        new SecurityDialog(DialogType.MORE_INFO, null, file,
+                                certVerifier);
         dialog.setModalityType(ModalityType.APPLICATION_MODAL);
         dialog.setVisible(true);
 …
      * Displays CertPath information in a readable table format.
+     *
      * @param jarSigner the JarSigner used to verify this application
+     * @param certVerifier the JarCertVerifier used to verify this application
      * @param parent the parent option pane
      */
     public static void showCertInfoDialog(CertVerifier jarSigner,
+    public static void showCertInfoDialog(CertVerifier certVerifier,
                 SecurityDialog parent) {
         SecurityDialog dialog = new SecurityDialog(DialogType.CERT_INFO,
                         null, null, jarSigner);
+                        null, null, certVerifier);
         dialog.setLocationRelativeTo(parent);
         dialog.setModalityType(ModalityType.APPLICATION_MODAL);
 …
         String dialogTitle = "";
+        if (dialogType == DialogType.CERT_WARNING)
+            dialogTitle = "Warning - Security";
+        else if (dialogType == DialogType.MORE_INFO)
+        if (dialogType == DialogType.CERT_WARNING) {
+            if (accessType == AccessType.VERIFIED)
+                dialogTitle = "Security Approval Required";
+            else
+                dialogTitle = "Security Warning";
+        } else if (dialogType == DialogType.MORE_INFO)
             dialogTitle = "More Information";
         else if (dialogType == DialogType.CERT_INFO)
 …
+    }
     public CertVerifier getJarSigner() {
+    public CertVerifier getCertVerifier() {
         return certVerifier;
+    }
 …
         listeners.add(listener);
+    }
+    public boolean requiresSignedJNLPWarning()
+    {
+        return requiresSignedJNLPWarning;
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/SecurityDialogs.java

-              r348
+              r418
      * @param accessType the type of warning dialog to show
      * @param file the JNLPFile associated with this warning
+     * @param jarSigner the JarSigner used to verify this application
+     * @param certVerifier the JarCertVerifier used to verify this application
+     *
+     * @return true if the user accepted the certificate
      */
     public static boolean showCertWarningDialog(AccessType accessType,
             JNLPFile file, CertVerifier jarSigner) {
+            JNLPFile file, CertVerifier certVerifier) {
         if (!shouldPromptUser()) {
 …
         message.accessType = accessType;
         message.file = file;
         message.certVerifier = jarSigner;
+        message.certVerifier = certVerifier;
         Object selectedValue = getUserResponse(message);

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java

-              r348
+              r418
 package net.sourceforge.jnlp.security;
+import java.security.AccessController;
 import java.security.KeyStore;
+import java.security.PrivilegedAction;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 …
 import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
 import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
 …
      * @return user's response
      */
+    private boolean askUser(X509Certificate[] chain, String authType,
+                            boolean isTrusted, boolean hostMatched,
+                            String hostName) {
+        return SecurityDialogs.showCertWarningDialog(
+    private boolean askUser(final X509Certificate[] chain, final String authType,
+                            final boolean isTrusted, final boolean hostMatched,
+                            final String hostName) {
+        if (JNLPRuntime.isTrustAll()){
+            return true;
+        }
+        final VariableX509TrustManager trustManager = this;
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+            @Override
+            public Boolean run() {
+                return SecurityDialogs.showCertWarningDialog(
                         AccessType.UNVERIFIED, null,
                         new HttpsCertVerifier(this, chain, authType,
+                        new HttpsCertVerifier(trustManager, chain, authType,
                                               isTrusted, hostMatched,
                                               hostName));
+            }
+        });
+    }

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java

-              r348
+              r418
 import javax.swing.JOptionPane;
 import javax.swing.JPanel;
+import javax.swing.JPasswordField;
 import javax.swing.JScrollPane;
 import javax.swing.JTabbedPane;
 …
             new CertificateType(KeyStores.Type.CERTS),
             new CertificateType(KeyStores.Type.JSSE_CERTS),
+            new CertificateType(KeyStores.Type.CLIENT_CERTS)
         };
 …
+    }
+    private char[] getPassword(final String label) {
+        JPasswordField jpf = new JPasswordField();
+        int result = JOptionPane.showConfirmDialog(parent,
+                                new Object[]{label, jpf},  R("CVPasswordTitle"),
+                                JOptionPane.OK_CANCEL_OPTION,
+                                JOptionPane.INFORMATION_MESSAGE);
+        if (result == JOptionPane.OK_OPTION)
+            return jpf.getPassword();
+        else
+            return null;
+    }
     /** Allows storing KeyStores.Types in a JComponent */
     private static class CertificateType {
 …
                 try {
                     KeyStore ks = keyStore;
+                    CertificateUtils.addToKeyStore(chooser.getSelectedFile(), ks);
+                    if (currentKeyStoreType == KeyStores.Type.CLIENT_CERTS) {
+                        char[] password = getPassword(R("CVImportPasswordMessage"));
+                        if (password != null) {
+                            CertificateUtils.addPKCS12ToKeyStore(
+                                       chooser.getSelectedFile(), ks, password);
+                        } else {
+                            return;
+                        }
+                    } else {
+                        CertificateUtils.addToKeyStore(chooser.getSelectedFile(), ks);
+                    }
                     File keyStoreFile = new File(KeyStores
                                         .getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
 …
                                                         .get(selectedRow));
                         if (alias != null) {
+                            Certificate c = keyStore.getCertificate(alias);
+                            PrintStream ps = new PrintStream(chooser.getSelectedFile().getAbsolutePath());
+                            CertificateUtils.dump(c, ps);
+                            if (currentKeyStoreType == KeyStores.Type.CLIENT_CERTS) {
+                                char[] password = getPassword(R("CVExportPasswordMessage"));
+                                if (password != null)
+                                    CertificateUtils.dumpPKCS12(alias, chooser.getSelectedFile(), keyStore, password);
+                            } else {
+                                Certificate c = keyStore.getCertificate(alias);
+                                PrintStream ps = new PrintStream(chooser.getSelectedFile().getAbsolutePath());
+                                CertificateUtils.dump(c, ps);
+                            }
                             repopulateTables();
+                        }

trunk/icedtea-web/netx/net/sourceforge/jnlp/security/viewer/CertificateViewer.java

-              r348
+              r418
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.util.ImageResources;
 public class CertificateViewer extends JDialog {
 …
     public CertificateViewer() {
         super((Frame) null, dialogTitle, true);
+        setIconImages(ImageResources.INSTANCE.getApplicationImages());
         Container contentPane = getContentPane();

trunk/icedtea-web/netx/net/sourceforge/jnlp/services/ServiceUtil.java

-              r348
+              r418
                 Object... extras) {
+        if (app == null)
+            app = JNLPRuntime.getApplication();
+        boolean codeTrusted = true;
+        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+        for (int i = 0; i < stack.length; i++) {
+            Class c = null;
+            try {
+                c = Class.forName(stack[i].getClassName());
+            } catch (Exception e1) {
+                try {
+                    c = Class.forName(stack[i].getClassName(), false, app.getClassLoader());
+                } catch (Exception e2) {
+                    System.err.println(e2.getMessage());
+                }
+            }
+            // Everything up to the desired class/method must be trusted
+            if (c == null || // class not found
+                    (c.getProtectionDomain().getCodeSource() != null && // class is not in bootclasspath
+                    c.getProtectionDomain().getCodeSource().getCodeSigners() == null) // class is trusted
+            ) {
+                codeTrusted = false;
+            }
+        }
+        if (!codeTrusted) {
+        boolean trusted = isSigned(app);
+        if (!trusted) {
             if (!shouldPromptUser()) {
                 return false;
+            }
+            if (app == null)
+                app = JNLPRuntime.getApplication();
             final AccessType tmpType = type;
 …
         });
+    }
+    /**
+     * Returns whether the app requesting a JNLP service is a trusted
+     * application
+     *
+     * @param app
+     *            the application which is requesting the check. If null, the
+     *            current application is used.
+     * @return true, if the app is a trusted application; false otherwise
+     */
+    public static boolean isSigned(ApplicationInstance app) {
+        if (app == null)
+            app = JNLPRuntime.getApplication();
+        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+        for (int i = 0; i < stack.length; i++) {
+            Class c = null;
+            try {
+                c = Class.forName(stack[i].getClassName());
+            } catch (Exception e1) {
+                try {
+                    c = Class.forName(stack[i].getClassName(), false,
+                            app.getClassLoader());
+                } catch (Exception e2) {
+                    System.err.println(e2.getMessage());
+                }
+            }
+            // Everything up to the desired class/method must be trusted
+            if (c == null || // class not found
+                    (c.getProtectionDomain().getCodeSource() != null && // class is not in bootclasspath
+                    c.getProtectionDomain().getCodeSource().getCodeSigners() == null) // class is trusted
+            ) {
+                return false;
+            }
+        }
+        return true;
+    }
+}

trunk/icedtea-web/netx/net/sourceforge/jnlp/services/XPersistenceService.java

-              r348
+              r418
         URL source = app.getJNLPFile().getCodeBase();
+        if (!source.getHost().equalsIgnoreCase(location.getHost())
+                && !ServiceUtil.isSigned(app)) // Allow trusted application to have access to data from a different host
+            throw new MalformedURLException(
+                    "Untrusted application cannot access data from a different host.");
-        if (!source.getHost().equalsIgnoreCase(location.getHost()))
-            throw new MalformedURLException("Cannot access data from a different host.");
         // test for above codebase, not perfect but works for now
 …
+        }
+        if (!source.getFile().startsWith(requestPath))
+            throw new MalformedURLException("Cannot access data below source URL path.");
+        if (!source.getFile().startsWith(requestPath)
+                && !ServiceUtil.isSigned(app)) // Allow trusted application to have access to data below source URL path
+            throw new MalformedURLException(
+                    "Cannot access data below source URL path.");
+    }
 …
         File file = toCacheFile(location);
         if (!file.exists())
+        if (!file.exists()) {
             throw new FileNotFoundException("Persistence store for "
                     + location.toString() + " is not found.");
+        }
         FileUtils.createParentDir(file, "Persistence store for "
                     + location.toString());

trunk/icedtea-web/netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java

r348	r418
34	34
35	35	// Class and methods marked as public so that they can be
36		// accessed by Jar~~Sign~~er, which although lies in a package
	36	// accessed by JarCertVerifier, which although lies in a package
37	37	// with the same name, but bundled in tools.jar and loaded
38	38	// by another class loader, hence in a different runtime

trunk/icedtea-web/netx/net/sourceforge/jnlp/util/BasicExceptionDialog.java

r348	r418
83	83	JOptionPane optionPane = new JOptionPane(mainPanel, JOptionPane.ERROR_MESSAGE);
84	84	final JDialog errorDialog = optionPane.createDialog(R("Error"));
	85	errorDialog.setIconImages(ImageResources.INSTANCE.getApplicationImages());
85	86
86	87	final JPanel quickInfoPanel = new JPanel();

trunk/icedtea-web/netx/net/sourceforge/jnlp/util/PropertiesFile.java

-              r348
+              r418
     /** the header string */
     String header = "netx file";
     /** lazy loaded on getProperty */
     boolean loaded = false;
+    /** time of last modification, lazy loaded on getProperty */
+    long lastStore;
     /**
 …
      */
     public String getProperty(String key) {
         if (!loaded)
+        if (lastStore == 0)
             load();
 …
      */
     public String getProperty(String key, String defaultValue) {
         if (!loaded)
+        if (lastStore == 0)
             load();
 …
      */
     public Object setProperty(String key, String value) {
         if (!loaded)
+        if (lastStore == 0)
             load();
 …
      * loaded; call this method before calling any method defined by
      * a superclass.
+     *
+     * @return true, if file was (re-)loaded
+     *         false, if file was still current
      */
+    public void load() {
+        loaded = true;
+    public boolean load() {
+        InputStream s = null;
+        try {
+            if (!file.exists())
+                return;
+        if (!file.exists()) {
+            return false;
+        }
+        long currentStore = file.lastModified();
+        long currentTime = System.currentTimeMillis();
+        /* (re)load file, if
+         *  - it wasn't loaded/stored, yet (lastStore == 0)
+         *  - current file modification timestamp has changed since last store (currentStore != lastStore) OR
+         *  - current file modification timestamp has not changed since last store AND current system time equals current file modification timestamp
+         *    This is necessary because some filesystems seems only to provide accuracy of the timestamp on the level of seconds!
+         */
+        if(lastStore == 0 || currentStore != lastStore || (currentStore == lastStore && currentStore / 1000 == currentTime / 1000)) {
+            InputStream s = null;
             try {
+                s = new FileInputStream(file);
+                load(s);
+            } finally {
+                if (s != null) s.close();
+                try {
+                    s = new FileInputStream(file);
+                    load(s);
+                } finally {
+                    if (s != null) {
+                        s.close();
+                        lastStore=currentStore;
+                        return true;
+                    }
+                }
+            } catch (IOException ex) {
+                ex.printStackTrace();
+            }
-        } catch (IOException ex) {
-            ex.printStackTrace();
+        }
+        return false;
+    }
 …
      */
     public void store() {
-        if (!loaded)
-            return; // nothing could have changed so save unnecessary load/save
         OutputStream s = null;
+        FileOutputStream s = null;
         try {
             try {
+                file.getParentFile().mkdirs();
                 s = new FileOutputStream(file);
                 store(s, header);
+                // fsync()
+                s.getChannel().force(true);
+                lastStore = file.lastModified();
             } finally {
                 if (s != null) s.close();

trunk/icedtea-web/netx/net/sourceforge/nanoxml/XMLElement.java

-              r348
+              r418
      *             xml file.
      */
     public void sanitizeInput(InputStreamReader isr, PipedOutputStream pout) {
+    public void sanitizeInput(Reader isr, OutputStream pout) {
         try {
             PrintStream out = new PrintStream(pout);
 …
                 this.sanitizeCharReadTooMuch = next;
                 // If the next char is a ? or !, then we've hit a special tag,
+                // If the next chars are !--, then we've hit a comment tag,
                 // and should skip it.
+                if (prev == '<' && (next == '!' || next == '?')) {
+                    this.skipSpecialTag(0);
+                    this.sanitizeCharReadTooMuch = '\0';
+                if (ch == '<' && sanitizeCharReadTooMuch == '!') {
+                    ch = (char) this.reader.read();
+                    if (ch == '-') {
+                        ch = (char) this.reader.read();
+                        if (ch == '-') {
+                            this.skipComment();
+                            this.sanitizeCharReadTooMuch = '\0';
+                        } else {
+                            out.print('<');
+                            out.print('!');
+                            out.print('-');
+                            this.sanitizeCharReadTooMuch = ch;
+                            if (JNLPRuntime.isDebug()) {
+                                System.out.print('<');
+                                System.out.print('!');
+                                System.out.print('-');
+                            }
+                        }
+                    } else {
+                        out.print('<');
+                        out.print('!');
+                        this.sanitizeCharReadTooMuch = ch;
+                        if (JNLPRuntime.isDebug()) {
+                            System.out.print('<');
+                            System.out.print('!');
+                        }
+                    }
+                }
                 // Otherwise we haven't hit a comment, and we should write ch.

/branches/vendor/sourceforge/icedtea-web/1.3	merged	eligible
/branches/vendor/sourceforge/icedtea-web/current	merged	eligible

Context Navigation

Legend:

Download in other formats: