integrate support for multiple KeyStores into the various validators

2010-11-11  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust
    manager initialization code into JNLPRuntime.initialize.
    * plugin/icedteanp/java/sun/applet/PluginMain.java
    (init): Likewise.
    * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
    Set the default SSL TrustManager here.
    * netx/net/sourceforge/jnlp/security/CertWarningPane.java
    (CheckBoxListener.actionPerformed): Add this certificate into
    user's trusted certificate store.
    * netx/net/sourceforge/jnlp/tools/KeyTool.java
    (addToKeyStore(File,KeyStore)): Move to CertificateUtils.
    (addToKeyStore(X509Certificate,KeyStore)): Likewise.
    (dumpCert): Likewise.
    * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New
    class.
    (addToKeyStore(File,KeyStore)): Moved from KeyTool.
    (addToKeyStore(X509Certificate,KeyStore)): Likewise.
    (dumpCert): Likewise.
    (inKeyStores): New method.
    * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
    (getRootInCacerts): Check all available CA store to check if
    root is in CA certificates.
    * netx/net/sourceforge/jnlp/security/KeyStores.java
    (getKeyStore(Level,Type,boolean)): Add security check.
    (getClientKeyStores): New method.
    * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
    (VariableX509TrustManager): Initialize multiple CA, certificate and
    client trust managers.
    (checkClientTrusted): Check all the client TrustManagers if
    certificate is trusted.
    (checkAllManagers): Check multiple CA certificates and trusted
    certificates to determine if the certificate chain can be trusted.
    (isExplicitlyTrusted): Check with multiple TrustManagers.
    (getAcceptedIssuers): Gather results from multiple TrustManagers.
    * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
    (ImportButtonListener): Use CertificateUtils instead of KeyTool.
    * netx/net/sourceforge/jnlp/tools/JarSigner.java
    (checkTrustedCerts): Use multiple key stores to check if certificate
    is directly trusted and if the root is trusted.

1 files changed, 6 insertions, 3 deletions

diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java
index 020fcab..f841fc7 100644
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java
@@ -371,9 +371,12 @@ public class JarSigner implements CertVerifier {
     private void checkTrustedCerts() throws Exception {
         if (certPath != null) {
                 try {
-                        KeyTool kt = new KeyTool();
-                        alreadyTrustPublisher = kt.isTrusted(getPublisher());
-                                rootInCacerts = kt.checkCacertsForCertificate(getRoot());
+                        X509Certificate publisher = (X509Certificate) getPublisher();
+                        KeyStore[] certKeyStores = KeyStores.getCertKeyStores();
+                        alreadyTrustPublisher = CertificateUtils.inKeyStores(publisher, certKeyStores);
+                        X509Certificate root = (X509Certificate) getRoot();
+                        KeyStore[] caKeyStores = KeyStores.getCAKeyStores();
+                        rootInCacerts = CertificateUtils.inKeyStores(root, caKeyStores);
                 } catch (Exception e) {
                         // TODO: Warn user about not being able to
                         // look through their cacerts/trusted.certs