aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net/sourceforge/jnlp/runtime/Boot.java
diff options
context:
space:
mode:
authorOmair Majid <[email protected]>2010-11-11 11:43:13 -0500
committerOmair Majid <[email protected]>2010-11-11 11:43:13 -0500
commit4b48fb654279154b6126c86d5998e02d74d125fb (patch)
tree7f037a171f123564b80f5c1d237d26161ce7e8e4 /netx/net/sourceforge/jnlp/runtime/Boot.java
parentec49901d9f4844acd69a51ebc0c7fa548be70ff3 (diff)
integrate support for multiple KeyStores into the various validators
2010-11-11 Omair Majid <[email protected]> * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust manager initialization code into JNLPRuntime.initialize. * plugin/icedteanp/java/sun/applet/PluginMain.java (init): Likewise. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize): Set the default SSL TrustManager here. * netx/net/sourceforge/jnlp/security/CertWarningPane.java (CheckBoxListener.actionPerformed): Add this certificate into user's trusted certificate store. * netx/net/sourceforge/jnlp/tools/KeyTool.java (addToKeyStore(File,KeyStore)): Move to CertificateUtils. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New class. (addToKeyStore(File,KeyStore)): Moved from KeyTool. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. (inKeyStores): New method. * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java (getRootInCacerts): Check all available CA store to check if root is in CA certificates. * netx/net/sourceforge/jnlp/security/KeyStores.java (getKeyStore(Level,Type,boolean)): Add security check. (getClientKeyStores): New method. * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java (VariableX509TrustManager): Initialize multiple CA, certificate and client trust managers. (checkClientTrusted): Check all the client TrustManagers if certificate is trusted. (checkAllManagers): Check multiple CA certificates and trusted certificates to determine if the certificate chain can be trusted. (isExplicitlyTrusted): Check with multiple TrustManagers. (getAcceptedIssuers): Gather results from multiple TrustManagers. * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java (ImportButtonListener): Use CertificateUtils instead of KeyTool. * netx/net/sourceforge/jnlp/tools/JarSigner.java (checkTrustedCerts): Use multiple key stores to check if certificate is directly trusted and if the root is trusted.
Diffstat (limited to 'netx/net/sourceforge/jnlp/runtime/Boot.java')
-rw-r--r--netx/net/sourceforge/jnlp/runtime/Boot.java20
1 files changed, 0 insertions, 20 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/Boot.java b/netx/net/sourceforge/jnlp/runtime/Boot.java
index 195c55b..69704bb 100644
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java
@@ -29,11 +29,6 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-
import net.sourceforge.jnlp.AppletDesc;
import net.sourceforge.jnlp.ApplicationDesc;
import net.sourceforge.jnlp.JNLPFile;
@@ -44,7 +39,6 @@ import net.sourceforge.jnlp.PropertyDesc;
import net.sourceforge.jnlp.ResourcesDesc;
import net.sourceforge.jnlp.cache.CacheUtil;
import net.sourceforge.jnlp.cache.UpdatePolicy;
-import net.sourceforge.jnlp.security.VariableX509TrustManager;
import net.sourceforge.jnlp.security.viewer.CertificateViewer;
import net.sourceforge.jnlp.services.ServiceUtil;
@@ -172,20 +166,6 @@ public final class Boot implements PrivilegedAction<Void> {
JNLPRuntime.setForksAllowed(false);
}
- // wire in custom authenticator
- try {
- SSLSocketFactory sslSocketFactory;
- SSLContext context = SSLContext.getInstance("SSL");
- TrustManager[] trust = new TrustManager[] { VariableX509TrustManager.getInstance() };
- context.init(null, trust, null);
- sslSocketFactory = context.getSocketFactory();
-
- HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
- } catch (Exception e) {
- System.err.println("Unable to set SSLSocketfactory (may _prevent_ access to sites that should be trusted)! Continuing anyway...");
- e.printStackTrace();
- }
-
JNLPRuntime.setInitialArgments(Arrays.asList(argsIn));
// do in a privileged action to clear the security context of