RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass

Fixes JAR signature handling so that multiply/partially signed jars are correctly handled.
author: Deepak Bhole <dbhole@redhat.com> 2011-02-01 10:53:44 -0500
committer: Deepak Bhole <dbhole@redhat.com> 2011-02-01 10:53:44 -0500
commit: 1a96cc8537ee8a6e9aff7465568ba76b949b1535 (patch)
tree: 24c7eea3467d44d5c722509164318270b466ff83 /netx/net/sourceforge/jnlp/security
parent: f64c8bd3c5ad5b3e12c2f767008944df7a79eea0 (diff)
3 files changed, 12 insertions, 14 deletions
diff --git a/netx/net/sourceforge/jnlp/security/CertVerifier.java b/netx/net/sourceforge/jnlp/security/CertVerifier.java
index cef69c3..842a865 100644
--- a/netx/net/sourceforge/jnlp/security/CertVerifier.java
+++ b/netx/net/sourceforge/jnlp/security/CertVerifier.java
@@ -76,7 +76,7 @@ public interface CertVerifier {
      * Return a valid certificate path to this certificate(s) being verified
      * @return The CertPath
      */
-    public ArrayList<CertPath> getCerts();
+    public CertPath getCertPath();
 
     /**
      * Returns the application's publisher's certificate.
@@ -89,4 +89,5 @@ public interface CertVerifier {
      * the event that the application is self signed.
      */
     public abstract Certificate getRoot();
+
 }
diff --git a/netx/net/sourceforge/jnlp/security/CertsInfoPane.java b/netx/net/sourceforge/jnlp/security/CertsInfoPane.java
index 4571b4e..ebf8b3f 100644
--- a/netx/net/sourceforge/jnlp/security/CertsInfoPane.java
+++ b/netx/net/sourceforge/jnlp/security/CertsInfoPane.java
@@ -64,7 +64,7 @@ import javax.swing.tree.TreeSelectionModel;
  */
 public class CertsInfoPane extends SecurityDialogPanel {
 
-    private ArrayList<CertPath> certs;
+    private CertPath certPath;
     private JList list;
     protected JTree tree;
     private JTable table;
@@ -84,12 +84,9 @@ public class CertsInfoPane extends SecurityDialogPanel {
      * Builds the JTree out of CertPaths.
      */
     void buildTree() {
-        certs = parent.getJarSigner().getCerts();
-        //for now, we're only going to display the first signer, even though
-        //jars can be signed by multiple people.
-        CertPath firstPath = certs.get(0);
+        certPath = parent.getJarSigner().getCertPath();
         X509Certificate firstCert =
-                        ((X509Certificate) firstPath.getCertificates().get(0));
+                        ((X509Certificate) certPath.getCertificates().get(0));
         String subjectString =
                         SecurityUtil.getCN(firstCert.getSubjectX500Principal().getName());
         String issuerString =
@@ -101,9 +98,9 @@ public class CertsInfoPane extends SecurityDialogPanel {
 
         //not self signed
         if (!firstCert.getSubjectDN().equals(firstCert.getIssuerDN())
-                        && (firstPath.getCertificates().size() > 1)) {
+                        && (certPath.getCertificates().size() > 1)) {
             X509Certificate secondCert =
-                                ((X509Certificate) firstPath.getCertificates().get(1));
+                                ((X509Certificate) certPath.getCertificates().get(1));
             subjectString =
                                 SecurityUtil.getCN(secondCert.getSubjectX500Principal().getName());
             issuerString =
@@ -122,12 +119,12 @@ public class CertsInfoPane extends SecurityDialogPanel {
      * Fills in certsNames, certsData with data from the certificates.
      */
     protected void populateTable() {
-        certNames = new String[certs.get(0).getCertificates().size()];
+        certNames = new String[certPath.getCertificates().size()];
         certsData = new ArrayList<String[][]>();
 
-        for (int i = 0; i < certs.get(0).getCertificates().size(); i++) {
+        for (int i = 0; i < certPath.getCertificates().size(); i++) {
 
-            X509Certificate c = (X509Certificate) certs.get(0).getCertificates().get(i);
+            X509Certificate c = (X509Certificate) certPath.getCertificates().get(i);
             certsData.add(parseCert(c));
             certNames[i] = SecurityUtil.getCN(c.getSubjectX500Principal().getName())
                                 + " (" + SecurityUtil.getCN(c.getIssuerX500Principal().getName()) + ")";
diff --git a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
index 3593291..a7787d2 100644
--- a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
+++ b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
@@ -83,7 +83,7 @@ public class HttpsCertVerifier implements CertVerifier {
         return isTrusted;
     }
 
-    public ArrayList<CertPath> getCerts() {
+    public CertPath getCertPath() {
 
         ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
         for (int i = 0; i < chain.length; i++)
@@ -99,7 +99,7 @@ public class HttpsCertVerifier implements CertVerifier {
             // carry on
         }
 
-        return certPaths;
+        return certPaths.get(0);
     }
 
     public ArrayList<String> getDetails() {
author	Deepak Bhole <dbhole@redhat.com>	2011-02-01 10:53:44 -0500
committer	Deepak Bhole <dbhole@redhat.com>	2011-02-01 10:53:44 -0500
commit	1a96cc8537ee8a6e9aff7465568ba76b949b1535 (patch)
tree	24c7eea3467d44d5c722509164318270b466ff83 /netx/net/sourceforge/jnlp/security
parent	f64c8bd3c5ad5b3e12c2f767008944df7a79eea0 (diff)