aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net/sourceforge/jnlp/security/CertWarningPane.java
diff options
context:
space:
mode:
authorOmair Majid <[email protected]>2010-11-11 11:43:13 -0500
committerOmair Majid <[email protected]>2010-11-11 11:43:13 -0500
commit4b48fb654279154b6126c86d5998e02d74d125fb (patch)
tree7f037a171f123564b80f5c1d237d26161ce7e8e4 /netx/net/sourceforge/jnlp/security/CertWarningPane.java
parentec49901d9f4844acd69a51ebc0c7fa548be70ff3 (diff)
integrate support for multiple KeyStores into the various validators
2010-11-11 Omair Majid <[email protected]> * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust manager initialization code into JNLPRuntime.initialize. * plugin/icedteanp/java/sun/applet/PluginMain.java (init): Likewise. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize): Set the default SSL TrustManager here. * netx/net/sourceforge/jnlp/security/CertWarningPane.java (CheckBoxListener.actionPerformed): Add this certificate into user's trusted certificate store. * netx/net/sourceforge/jnlp/tools/KeyTool.java (addToKeyStore(File,KeyStore)): Move to CertificateUtils. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New class. (addToKeyStore(File,KeyStore)): Moved from KeyTool. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. (inKeyStores): New method. * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java (getRootInCacerts): Check all available CA store to check if root is in CA certificates. * netx/net/sourceforge/jnlp/security/KeyStores.java (getKeyStore(Level,Type,boolean)): Add security check. (getClientKeyStores): New method. * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java (VariableX509TrustManager): Initialize multiple CA, certificate and client trust managers. (checkClientTrusted): Check all the client TrustManagers if certificate is trusted. (checkAllManagers): Check multiple CA certificates and trusted certificates to determine if the certificate chain can be trusted. (isExplicitlyTrusted): Check with multiple TrustManagers. (getAcceptedIssuers): Gather results from multiple TrustManagers. * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java (ImportButtonListener): Use CertificateUtils instead of KeyTool. * netx/net/sourceforge/jnlp/tools/JarSigner.java (checkTrustedCerts): Use multiple key stores to check if certificate is directly trusted and if the root is trusted.
Diffstat (limited to 'netx/net/sourceforge/jnlp/security/CertWarningPane.java')
-rw-r--r--netx/net/sourceforge/jnlp/security/CertWarningPane.java45
1 files changed, 26 insertions, 19 deletions
diff --git a/netx/net/sourceforge/jnlp/security/CertWarningPane.java b/netx/net/sourceforge/jnlp/security/CertWarningPane.java
index bad2337..e1ebecb 100644
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java
@@ -47,6 +47,9 @@ import java.awt.Font;
import java.awt.GridLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@@ -62,8 +65,9 @@ import javax.swing.SwingConstants;
import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.PluginBridge;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.security.KeyStores.Level;
+import net.sourceforge.jnlp.security.KeyStores.Type;
import net.sourceforge.jnlp.security.SecurityWarning.AccessType;
-import net.sourceforge.jnlp.tools.KeyTool;
/**
* Provides the panel for using inside a SecurityWarningDialog. These dialogs are
@@ -232,25 +236,28 @@ public class CertWarningPane extends SecurityDialogPanel {
}
}
- /**
- * Updates the user's KeyStore of trusted Certificates.
- */
- private class CheckBoxListener implements ActionListener {
- public void actionPerformed(ActionEvent e) {
- if (alwaysTrust != null && alwaysTrust.isSelected()) {
- try {
- KeyTool kt = new KeyTool();
- Certificate c = parent.getJarSigner().getPublisher();
- kt.importCert(c);
- if (JNLPRuntime.isDebug()) {
- System.out.println("certificate is now permanently trusted");
- }
- } catch (Exception ex) {
- //TODO: Let NetX show a dialog here notifying user
- //about being unable to add cert to keystore
- }
- }
+ /**
+ * Updates the user's KeyStore of trusted Certificates.
+ */
+ private class CheckBoxListener implements ActionListener {
+ public void actionPerformed(ActionEvent e) {
+ if (alwaysTrust != null && alwaysTrust.isSelected()) {
+ try {
+ KeyStore ks = KeyStores.getKeyStore(Level.USER, Type.CERTS);
+ X509Certificate c = (X509Certificate) parent.getJarSigner().getPublisher();
+ CertificateUtils.addToKeyStore(c, ks);
+ OutputStream os = new FileOutputStream(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS));
+ ks.store(os, KeyStores.getPassword());
+ if (JNLPRuntime.isDebug()) {
+ System.out.println("certificate is now permanently trusted");
+ }
+ } catch (Exception ex) {
+ // TODO: Let NetX show a dialog here notifying user
+ // about being unable to add cert to keystore
+ ex.printStackTrace();
}
+ }
}
+ }
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-20 13:41:57 +0000