From 4b48fb654279154b6126c86d5998e02d74d125fb Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Thu, 11 Nov 2010 11:43:13 -0500 Subject: integrate support for multiple KeyStores into the various validators 2010-11-11 Omair Majid * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust manager initialization code into JNLPRuntime.initialize. * plugin/icedteanp/java/sun/applet/PluginMain.java (init): Likewise. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize): Set the default SSL TrustManager here. * netx/net/sourceforge/jnlp/security/CertWarningPane.java (CheckBoxListener.actionPerformed): Add this certificate into user's trusted certificate store. * netx/net/sourceforge/jnlp/tools/KeyTool.java (addToKeyStore(File,KeyStore)): Move to CertificateUtils. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New class. (addToKeyStore(File,KeyStore)): Moved from KeyTool. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. (inKeyStores): New method. * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java (getRootInCacerts): Check all available CA store to check if root is in CA certificates. * netx/net/sourceforge/jnlp/security/KeyStores.java (getKeyStore(Level,Type,boolean)): Add security check. (getClientKeyStores): New method. * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java (VariableX509TrustManager): Initialize multiple CA, certificate and client trust managers. (checkClientTrusted): Check all the client TrustManagers if certificate is trusted. (checkAllManagers): Check multiple CA certificates and trusted certificates to determine if the certificate chain can be trusted. (isExplicitlyTrusted): Check with multiple TrustManagers. (getAcceptedIssuers): Gather results from multiple TrustManagers. * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java (ImportButtonListener): Use CertificateUtils instead of KeyTool. * netx/net/sourceforge/jnlp/tools/JarSigner.java (checkTrustedCerts): Use multiple key stores to check if certificate is directly trusted and if the root is trusted. --- netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java') diff --git a/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java b/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java index d0ac050..d07e741 100644 --- a/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java +++ b/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java @@ -71,11 +71,11 @@ import javax.swing.event.ChangeEvent; import javax.swing.event.ChangeListener; import javax.swing.table.DefaultTableModel; +import net.sourceforge.jnlp.security.CertificateUtils; import net.sourceforge.jnlp.security.KeyStores; import net.sourceforge.jnlp.security.SecurityUtil; import net.sourceforge.jnlp.security.SecurityWarningDialog; import net.sourceforge.jnlp.security.KeyStores.Level; -import net.sourceforge.jnlp.tools.KeyTool; public class CertificatePane extends JPanel { @@ -359,9 +359,8 @@ public class CertificatePane extends JPanel { int returnVal = chooser.showOpenDialog(parent); if(returnVal == JFileChooser.APPROVE_OPTION) { try { - KeyTool kt = new KeyTool(); KeyStore ks = keyStore; - kt.addToKeyStore(chooser.getSelectedFile(), ks); + CertificateUtils.addToKeyStore(chooser.getSelectedFile(), ks); OutputStream os = new FileOutputStream( KeyStores.getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType)); ks.store(os, KeyStores.getPassword()); @@ -399,7 +398,7 @@ public class CertificatePane extends JPanel { if (alias != null) { Certificate c = keyStore.getCertificate(alias); PrintStream ps = new PrintStream(chooser.getSelectedFile().getAbsolutePath()); - KeyTool.dumpCert(c, ps); + CertificateUtils.dump(c, ps); repopulateTables(); } } -- cgit v1.2.3