From 4b48fb654279154b6126c86d5998e02d74d125fb Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Thu, 11 Nov 2010 11:43:13 -0500 Subject: integrate support for multiple KeyStores into the various validators 2010-11-11 Omair Majid * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust manager initialization code into JNLPRuntime.initialize. * plugin/icedteanp/java/sun/applet/PluginMain.java (init): Likewise. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize): Set the default SSL TrustManager here. * netx/net/sourceforge/jnlp/security/CertWarningPane.java (CheckBoxListener.actionPerformed): Add this certificate into user's trusted certificate store. * netx/net/sourceforge/jnlp/tools/KeyTool.java (addToKeyStore(File,KeyStore)): Move to CertificateUtils. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New class. (addToKeyStore(File,KeyStore)): Moved from KeyTool. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. (inKeyStores): New method. * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java (getRootInCacerts): Check all available CA store to check if root is in CA certificates. * netx/net/sourceforge/jnlp/security/KeyStores.java (getKeyStore(Level,Type,boolean)): Add security check. (getClientKeyStores): New method. * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java (VariableX509TrustManager): Initialize multiple CA, certificate and client trust managers. (checkClientTrusted): Check all the client TrustManagers if certificate is trusted. (checkAllManagers): Check multiple CA certificates and trusted certificates to determine if the certificate chain can be trusted. (isExplicitlyTrusted): Check with multiple TrustManagers. (getAcceptedIssuers): Gather results from multiple TrustManagers. * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java (ImportButtonListener): Use CertificateUtils instead of KeyTool. * netx/net/sourceforge/jnlp/tools/JarSigner.java (checkTrustedCerts): Use multiple key stores to check if certificate is directly trusted and if the root is trusted. --- netx/net/sourceforge/jnlp/tools/KeyTool.java | 63 ---------------------------- 1 file changed, 63 deletions(-) (limited to 'netx/net/sourceforge/jnlp/tools/KeyTool.java') diff --git a/netx/net/sourceforge/jnlp/tools/KeyTool.java b/netx/net/sourceforge/jnlp/tools/KeyTool.java index 2e4a0a1..7e7d4e7 100644 --- a/netx/net/sourceforge/jnlp/tools/KeyTool.java +++ b/netx/net/sourceforge/jnlp/tools/KeyTool.java @@ -29,12 +29,8 @@ import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; import java.io.PrintStream; -import java.math.BigInteger; import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.MessageDigest; import java.security.PublicKey; import java.security.cert.Certificate; @@ -49,9 +45,6 @@ import java.util.Vector; import net.sourceforge.jnlp.security.SecurityUtil; -import sun.misc.BASE64Encoder; -import sun.security.provider.X509Factory; - /** * This tool manages the user's trusted certificates * @@ -76,11 +69,6 @@ public class KeyTool { */ private boolean trustcacerts = true; - /** - * Whether we print certificates in rfc, base64 encoding. - */ - private boolean rfc = true; - private final char[] password = "changeit".toCharArray(); /** @@ -119,43 +107,6 @@ public class KeyTool { return importCert((Certificate)cert); } - /** - * Adds the X509Certficate in the file to the KeyStore - */ - public final void addToKeyStore(File file, KeyStore ks) throws CertificateException, - IOException, KeyStoreException { - BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file)); - CertificateFactory cf = CertificateFactory.getInstance("X509"); - X509Certificate cert = null; - - try { - cert = (X509Certificate) cf.generateCertificate(bis); - } catch (ClassCastException cce) { - throw new CertificateException("Input file is not an X509 Certificate", cce); - } - - addToKeyStore(cert, ks); - - } - - /** - * Adds an X509Certificate to the KeyStore - */ - public final void addToKeyStore(X509Certificate cert, KeyStore ks) throws KeyStoreException { - String alias = null; - Random random = new Random(); - alias = ks.getCertificateAlias(cert); - // already in keystore; done - if (alias != null) { - return; - } - - do { - alias = new BigInteger(20, random).toString(); - } while (ks.getCertificate(alias) != null); - ks.setCertificateEntry(alias, cert); - } - /** * Adds a trusted certificate to the user's keystore. * @return true if the add was successful, false otherwise. @@ -479,20 +430,6 @@ public class KeyTool { return false; } - public static void dumpCert(Certificate cert, PrintStream out) - throws IOException, CertificateException { - - boolean printRfc = true; - if (printRfc) { - BASE64Encoder encoder = new BASE64Encoder(); - out.println(X509Factory.BEGIN_CERT); - encoder.encodeBuffer(cert.getEncoded(), out); - out.println(X509Factory.END_CERT); - } else { - out.write(cert.getEncoded()); // binary - } - } - public static void main(String[] args) throws Exception { KeyTool kt = new KeyTool(); kt.doPrintEntries(System.out); -- cgit v1.2.3