diff options
| author | Omair Majid <[email protected]> | 2010-11-11 11:43:13 -0500 |
|---|---|---|
| committer | Omair Majid <[email protected]> | 2010-11-11 11:43:13 -0500 |
| commit | 4b48fb654279154b6126c86d5998e02d74d125fb (patch) | |
| tree | 7f037a171f123564b80f5c1d237d26161ce7e8e4 /netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java | |
| parent | ec49901d9f4844acd69a51ebc0c7fa548be70ff3 (diff) | |
integrate support for multiple KeyStores into the various validators
2010-11-11 Omair Majid <[email protected]>
* netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust
manager initialization code into JNLPRuntime.initialize.
* plugin/icedteanp/java/sun/applet/PluginMain.java
(init): Likewise.
* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
Set the default SSL TrustManager here.
* netx/net/sourceforge/jnlp/security/CertWarningPane.java
(CheckBoxListener.actionPerformed): Add this certificate into
user's trusted certificate store.
* netx/net/sourceforge/jnlp/tools/KeyTool.java
(addToKeyStore(File,KeyStore)): Move to CertificateUtils.
(addToKeyStore(X509Certificate,KeyStore)): Likewise.
(dumpCert): Likewise.
* netx/net/sourceforge/jnlp/security/CertificateUtils.java: New
class.
(addToKeyStore(File,KeyStore)): Moved from KeyTool.
(addToKeyStore(X509Certificate,KeyStore)): Likewise.
(dumpCert): Likewise.
(inKeyStores): New method.
* netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
(getRootInCacerts): Check all available CA store to check if
root is in CA certificates.
* netx/net/sourceforge/jnlp/security/KeyStores.java
(getKeyStore(Level,Type,boolean)): Add security check.
(getClientKeyStores): New method.
* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
(VariableX509TrustManager): Initialize multiple CA, certificate and
client trust managers.
(checkClientTrusted): Check all the client TrustManagers if
certificate is trusted.
(checkAllManagers): Check multiple CA certificates and trusted
certificates to determine if the certificate chain can be trusted.
(isExplicitlyTrusted): Check with multiple TrustManagers.
(getAcceptedIssuers): Gather results from multiple TrustManagers.
* netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
(ImportButtonListener): Use CertificateUtils instead of KeyTool.
* netx/net/sourceforge/jnlp/tools/JarSigner.java
(checkTrustedCerts): Use multiple key stores to check if certificate
is directly trusted and if the root is trusted.
Diffstat (limited to 'netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java')
| -rw-r--r-- | netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java index 6cf7c9d..966023b 100644 --- a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java +++ b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java @@ -40,6 +40,7 @@ package net.sourceforge.jnlp.security; import static net.sourceforge.jnlp.runtime.Translator.R; import java.io.IOException; +import java.security.KeyStore; import java.security.cert.CertPath; import java.security.cert.Certificate; import java.security.cert.CertificateException; @@ -52,7 +53,6 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; -import net.sourceforge.jnlp.tools.KeyTool; import sun.security.util.DerValue; import sun.security.util.HostnameChecker; import sun.security.x509.X500Name; @@ -213,8 +213,8 @@ public class HttpsCertVerifier implements CertVerifier { public boolean getRootInCacerts() { try { - KeyTool kt = new KeyTool(); - return kt.checkCacertsForCertificate(getRoot()); + KeyStore[] caCertsKeyStores = KeyStores.getCAKeyStores(); + return CertificateUtils.inKeyStores((X509Certificate)getRoot(), caCertsKeyStores); } catch (Exception e) { } return false; |