diff options
| author | Omair Majid <[email protected]> | 2010-11-11 11:43:13 -0500 |
|---|---|---|
| committer | Omair Majid <[email protected]> | 2010-11-11 11:43:13 -0500 |
| commit | 4b48fb654279154b6126c86d5998e02d74d125fb (patch) | |
| tree | 7f037a171f123564b80f5c1d237d26161ce7e8e4 /netx/net/sourceforge/jnlp/tools/KeyTool.java | |
| parent | ec49901d9f4844acd69a51ebc0c7fa548be70ff3 (diff) | |
integrate support for multiple KeyStores into the various validators
2010-11-11 Omair Majid <[email protected]>
* netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust
manager initialization code into JNLPRuntime.initialize.
* plugin/icedteanp/java/sun/applet/PluginMain.java
(init): Likewise.
* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
Set the default SSL TrustManager here.
* netx/net/sourceforge/jnlp/security/CertWarningPane.java
(CheckBoxListener.actionPerformed): Add this certificate into
user's trusted certificate store.
* netx/net/sourceforge/jnlp/tools/KeyTool.java
(addToKeyStore(File,KeyStore)): Move to CertificateUtils.
(addToKeyStore(X509Certificate,KeyStore)): Likewise.
(dumpCert): Likewise.
* netx/net/sourceforge/jnlp/security/CertificateUtils.java: New
class.
(addToKeyStore(File,KeyStore)): Moved from KeyTool.
(addToKeyStore(X509Certificate,KeyStore)): Likewise.
(dumpCert): Likewise.
(inKeyStores): New method.
* netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
(getRootInCacerts): Check all available CA store to check if
root is in CA certificates.
* netx/net/sourceforge/jnlp/security/KeyStores.java
(getKeyStore(Level,Type,boolean)): Add security check.
(getClientKeyStores): New method.
* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
(VariableX509TrustManager): Initialize multiple CA, certificate and
client trust managers.
(checkClientTrusted): Check all the client TrustManagers if
certificate is trusted.
(checkAllManagers): Check multiple CA certificates and trusted
certificates to determine if the certificate chain can be trusted.
(isExplicitlyTrusted): Check with multiple TrustManagers.
(getAcceptedIssuers): Gather results from multiple TrustManagers.
* netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
(ImportButtonListener): Use CertificateUtils instead of KeyTool.
* netx/net/sourceforge/jnlp/tools/JarSigner.java
(checkTrustedCerts): Use multiple key stores to check if certificate
is directly trusted and if the root is trusted.
Diffstat (limited to 'netx/net/sourceforge/jnlp/tools/KeyTool.java')
| -rw-r--r-- | netx/net/sourceforge/jnlp/tools/KeyTool.java | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/netx/net/sourceforge/jnlp/tools/KeyTool.java b/netx/net/sourceforge/jnlp/tools/KeyTool.java index 2e4a0a1..7e7d4e7 100644 --- a/netx/net/sourceforge/jnlp/tools/KeyTool.java +++ b/netx/net/sourceforge/jnlp/tools/KeyTool.java @@ -29,12 +29,8 @@ import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; import java.io.PrintStream; -import java.math.BigInteger; import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.MessageDigest; import java.security.PublicKey; import java.security.cert.Certificate; @@ -49,9 +45,6 @@ import java.util.Vector; import net.sourceforge.jnlp.security.SecurityUtil; -import sun.misc.BASE64Encoder; -import sun.security.provider.X509Factory; - /** * This tool manages the user's trusted certificates * @@ -76,11 +69,6 @@ public class KeyTool { */ private boolean trustcacerts = true; - /** - * Whether we print certificates in rfc, base64 encoding. - */ - private boolean rfc = true; - private final char[] password = "changeit".toCharArray(); /** @@ -119,43 +107,6 @@ public class KeyTool { return importCert((Certificate)cert); } - /** - * Adds the X509Certficate in the file to the KeyStore - */ - public final void addToKeyStore(File file, KeyStore ks) throws CertificateException, - IOException, KeyStoreException { - BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file)); - CertificateFactory cf = CertificateFactory.getInstance("X509"); - X509Certificate cert = null; - - try { - cert = (X509Certificate) cf.generateCertificate(bis); - } catch (ClassCastException cce) { - throw new CertificateException("Input file is not an X509 Certificate", cce); - } - - addToKeyStore(cert, ks); - - } - - /** - * Adds an X509Certificate to the KeyStore - */ - public final void addToKeyStore(X509Certificate cert, KeyStore ks) throws KeyStoreException { - String alias = null; - Random random = new Random(); - alias = ks.getCertificateAlias(cert); - // already in keystore; done - if (alias != null) { - return; - } - - do { - alias = new BigInteger(20, random).toString(); - } while (ks.getCertificate(alias) != null); - ks.setCertificateEntry(alias, cert); - } - /** * Adds a trusted certificate to the user's keystore. * @return true if the add was successful, false otherwise. @@ -479,20 +430,6 @@ public class KeyTool { return false; } - public static void dumpCert(Certificate cert, PrintStream out) - throws IOException, CertificateException { - - boolean printRfc = true; - if (printRfc) { - BASE64Encoder encoder = new BASE64Encoder(); - out.println(X509Factory.BEGIN_CERT); - encoder.encodeBuffer(cert.getEncoded(), out); - out.println(X509Factory.END_CERT); - } else { - out.write(cert.getEncoded()); // binary - } - } - public static void main(String[] args) throws Exception { KeyTool kt = new KeyTool(); kt.doPrintEntries(System.out); |