diff options
author | Deepak Bhole <dbhole@redhat.com> | 2011-02-01 10:53:44 -0500 |
---|---|---|
committer | Deepak Bhole <dbhole@redhat.com> | 2011-02-01 10:53:44 -0500 |
commit | 1a96cc8537ee8a6e9aff7465568ba76b949b1535 (patch) | |
tree | 24c7eea3467d44d5c722509164318270b466ff83 /netx/net/sourceforge/jnlp/security | |
parent | f64c8bd3c5ad5b3e12c2f767008944df7a79eea0 (diff) |
RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
Fixes JAR signature handling so that multiply/partially signed jars
are correctly handled.
Diffstat (limited to 'netx/net/sourceforge/jnlp/security')
-rw-r--r-- | netx/net/sourceforge/jnlp/security/CertVerifier.java | 3 | ||||
-rw-r--r-- | netx/net/sourceforge/jnlp/security/CertsInfoPane.java | 19 | ||||
-rw-r--r-- | netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java | 4 |
3 files changed, 12 insertions, 14 deletions
diff --git a/netx/net/sourceforge/jnlp/security/CertVerifier.java b/netx/net/sourceforge/jnlp/security/CertVerifier.java index cef69c3..842a865 100644 --- a/netx/net/sourceforge/jnlp/security/CertVerifier.java +++ b/netx/net/sourceforge/jnlp/security/CertVerifier.java @@ -76,7 +76,7 @@ public interface CertVerifier { * Return a valid certificate path to this certificate(s) being verified * @return The CertPath */ - public ArrayList<CertPath> getCerts(); + public CertPath getCertPath(); /** * Returns the application's publisher's certificate. @@ -89,4 +89,5 @@ public interface CertVerifier { * the event that the application is self signed. */ public abstract Certificate getRoot(); + } diff --git a/netx/net/sourceforge/jnlp/security/CertsInfoPane.java b/netx/net/sourceforge/jnlp/security/CertsInfoPane.java index 4571b4e..ebf8b3f 100644 --- a/netx/net/sourceforge/jnlp/security/CertsInfoPane.java +++ b/netx/net/sourceforge/jnlp/security/CertsInfoPane.java @@ -64,7 +64,7 @@ import javax.swing.tree.TreeSelectionModel; */ public class CertsInfoPane extends SecurityDialogPanel { - private ArrayList<CertPath> certs; + private CertPath certPath; private JList list; protected JTree tree; private JTable table; @@ -84,12 +84,9 @@ public class CertsInfoPane extends SecurityDialogPanel { * Builds the JTree out of CertPaths. */ void buildTree() { - certs = parent.getJarSigner().getCerts(); - //for now, we're only going to display the first signer, even though - //jars can be signed by multiple people. - CertPath firstPath = certs.get(0); + certPath = parent.getJarSigner().getCertPath(); X509Certificate firstCert = - ((X509Certificate) firstPath.getCertificates().get(0)); + ((X509Certificate) certPath.getCertificates().get(0)); String subjectString = SecurityUtil.getCN(firstCert.getSubjectX500Principal().getName()); String issuerString = @@ -101,9 +98,9 @@ public class CertsInfoPane extends SecurityDialogPanel { //not self signed if (!firstCert.getSubjectDN().equals(firstCert.getIssuerDN()) - && (firstPath.getCertificates().size() > 1)) { + && (certPath.getCertificates().size() > 1)) { X509Certificate secondCert = - ((X509Certificate) firstPath.getCertificates().get(1)); + ((X509Certificate) certPath.getCertificates().get(1)); subjectString = SecurityUtil.getCN(secondCert.getSubjectX500Principal().getName()); issuerString = @@ -122,12 +119,12 @@ public class CertsInfoPane extends SecurityDialogPanel { * Fills in certsNames, certsData with data from the certificates. */ protected void populateTable() { - certNames = new String[certs.get(0).getCertificates().size()]; + certNames = new String[certPath.getCertificates().size()]; certsData = new ArrayList<String[][]>(); - for (int i = 0; i < certs.get(0).getCertificates().size(); i++) { + for (int i = 0; i < certPath.getCertificates().size(); i++) { - X509Certificate c = (X509Certificate) certs.get(0).getCertificates().get(i); + X509Certificate c = (X509Certificate) certPath.getCertificates().get(i); certsData.add(parseCert(c)); certNames[i] = SecurityUtil.getCN(c.getSubjectX500Principal().getName()) + " (" + SecurityUtil.getCN(c.getIssuerX500Principal().getName()) + ")"; diff --git a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java index 3593291..a7787d2 100644 --- a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java +++ b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java @@ -83,7 +83,7 @@ public class HttpsCertVerifier implements CertVerifier { return isTrusted; } - public ArrayList<CertPath> getCerts() { + public CertPath getCertPath() { ArrayList<X509Certificate> list = new ArrayList<X509Certificate>(); for (int i = 0; i < chain.length; i++) @@ -99,7 +99,7 @@ public class HttpsCertVerifier implements CertVerifier { // carry on } - return certPaths; + return certPaths.get(0); } public ArrayList<String> getDetails() { |