diff options
author | Omair Majid <[email protected]> | 2010-11-11 11:43:13 -0500 |
---|---|---|
committer | Omair Majid <[email protected]> | 2010-11-11 11:43:13 -0500 |
commit | 4b48fb654279154b6126c86d5998e02d74d125fb (patch) | |
tree | 7f037a171f123564b80f5c1d237d26161ce7e8e4 /netx/net/sourceforge/jnlp/runtime/Boot.java | |
parent | ec49901d9f4844acd69a51ebc0c7fa548be70ff3 (diff) |
integrate support for multiple KeyStores into the various validators
2010-11-11 Omair Majid <[email protected]>
* netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust
manager initialization code into JNLPRuntime.initialize.
* plugin/icedteanp/java/sun/applet/PluginMain.java
(init): Likewise.
* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
Set the default SSL TrustManager here.
* netx/net/sourceforge/jnlp/security/CertWarningPane.java
(CheckBoxListener.actionPerformed): Add this certificate into
user's trusted certificate store.
* netx/net/sourceforge/jnlp/tools/KeyTool.java
(addToKeyStore(File,KeyStore)): Move to CertificateUtils.
(addToKeyStore(X509Certificate,KeyStore)): Likewise.
(dumpCert): Likewise.
* netx/net/sourceforge/jnlp/security/CertificateUtils.java: New
class.
(addToKeyStore(File,KeyStore)): Moved from KeyTool.
(addToKeyStore(X509Certificate,KeyStore)): Likewise.
(dumpCert): Likewise.
(inKeyStores): New method.
* netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
(getRootInCacerts): Check all available CA store to check if
root is in CA certificates.
* netx/net/sourceforge/jnlp/security/KeyStores.java
(getKeyStore(Level,Type,boolean)): Add security check.
(getClientKeyStores): New method.
* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
(VariableX509TrustManager): Initialize multiple CA, certificate and
client trust managers.
(checkClientTrusted): Check all the client TrustManagers if
certificate is trusted.
(checkAllManagers): Check multiple CA certificates and trusted
certificates to determine if the certificate chain can be trusted.
(isExplicitlyTrusted): Check with multiple TrustManagers.
(getAcceptedIssuers): Gather results from multiple TrustManagers.
* netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
(ImportButtonListener): Use CertificateUtils instead of KeyTool.
* netx/net/sourceforge/jnlp/tools/JarSigner.java
(checkTrustedCerts): Use multiple key stores to check if certificate
is directly trusted and if the root is trusted.
Diffstat (limited to 'netx/net/sourceforge/jnlp/runtime/Boot.java')
-rw-r--r-- | netx/net/sourceforge/jnlp/runtime/Boot.java | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/Boot.java b/netx/net/sourceforge/jnlp/runtime/Boot.java index 195c55b..69704bb 100644 --- a/netx/net/sourceforge/jnlp/runtime/Boot.java +++ b/netx/net/sourceforge/jnlp/runtime/Boot.java @@ -29,11 +29,6 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; - import net.sourceforge.jnlp.AppletDesc; import net.sourceforge.jnlp.ApplicationDesc; import net.sourceforge.jnlp.JNLPFile; @@ -44,7 +39,6 @@ import net.sourceforge.jnlp.PropertyDesc; import net.sourceforge.jnlp.ResourcesDesc; import net.sourceforge.jnlp.cache.CacheUtil; import net.sourceforge.jnlp.cache.UpdatePolicy; -import net.sourceforge.jnlp.security.VariableX509TrustManager; import net.sourceforge.jnlp.security.viewer.CertificateViewer; import net.sourceforge.jnlp.services.ServiceUtil; @@ -172,20 +166,6 @@ public final class Boot implements PrivilegedAction<Void> { JNLPRuntime.setForksAllowed(false); } - // wire in custom authenticator - try { - SSLSocketFactory sslSocketFactory; - SSLContext context = SSLContext.getInstance("SSL"); - TrustManager[] trust = new TrustManager[] { VariableX509TrustManager.getInstance() }; - context.init(null, trust, null); - sslSocketFactory = context.getSocketFactory(); - - HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory); - } catch (Exception e) { - System.err.println("Unable to set SSLSocketfactory (may _prevent_ access to sites that should be trusted)! Continuing anyway..."); - e.printStackTrace(); - } - JNLPRuntime.setInitialArgments(Arrays.asList(argsIn)); // do in a privileged action to clear the security context of |