integrate support for multiple KeyStores into the various validators

2010-11-11  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust
    manager initialization code into JNLPRuntime.initialize.
    * plugin/icedteanp/java/sun/applet/PluginMain.java
    (init): Likewise.
    * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
    Set the default SSL TrustManager here.
    * netx/net/sourceforge/jnlp/security/CertWarningPane.java
    (CheckBoxListener.actionPerformed): Add this certificate into
    user's trusted certificate store.
    * netx/net/sourceforge/jnlp/tools/KeyTool.java
    (addToKeyStore(File,KeyStore)): Move to CertificateUtils.
    (addToKeyStore(X509Certificate,KeyStore)): Likewise.
    (dumpCert): Likewise.
    * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New
    class.
    (addToKeyStore(File,KeyStore)): Moved from KeyTool.
    (addToKeyStore(X509Certificate,KeyStore)): Likewise.
    (dumpCert): Likewise.
    (inKeyStores): New method.
    * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
    (getRootInCacerts): Check all available CA store to check if
    root is in CA certificates.
    * netx/net/sourceforge/jnlp/security/KeyStores.java
    (getKeyStore(Level,Type,boolean)): Add security check.
    (getClientKeyStores): New method.
    * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
    (VariableX509TrustManager): Initialize multiple CA, certificate and
    client trust managers.
    (checkClientTrusted): Check all the client TrustManagers if
    certificate is trusted.
    (checkAllManagers): Check multiple CA certificates and trusted
    certificates to determine if the certificate chain can be trusted.
    (isExplicitlyTrusted): Check with multiple TrustManagers.
    (getAcceptedIssuers): Gather results from multiple TrustManagers.
    * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
    (ImportButtonListener): Use CertificateUtils instead of KeyTool.
    * netx/net/sourceforge/jnlp/tools/JarSigner.java
    (checkTrustedCerts): Use multiple key stores to check if certificate
    is directly trusted and if the root is trusted.

1 files changed, 30 insertions, 0 deletions

diff --git a/netx/net/sourceforge/jnlp/security/KeyStores.java b/netx/net/sourceforge/jnlp/security/KeyStores.java
index 94ea56e..05bc150 100644
--- a/netx/net/sourceforge/jnlp/security/KeyStores.java
+++ b/netx/net/sourceforge/jnlp/security/KeyStores.java
@@ -41,6 +41,7 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.security.AllPermission;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -111,6 +112,11 @@ public final class KeyStores {
      * @return a KeyStore containing certificates from the appropriate
      */
     public static final KeyStore getKeyStore(Level level, Type type, boolean create) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(new AllPermission());
+        }
+
         String location = getKeyStoreLocation(level, type);
         KeyStore ks = null;
         try {
@@ -189,6 +195,29 @@ public final class KeyStores {
     }
 
     /**
+     * Returns KeyStores containing trusted client certificates
+     *
+     * @return an array of KeyStore objects that can be used to check client
+     * authentication certificates
+     */
+    public static KeyStore[] getClientKeyStores() {
+        List<KeyStore> result = new ArrayList<KeyStore>();
+        KeyStore ks = null;
+
+        ks = getKeyStore(Level.SYSTEM, Type.CLIENT_CERTS);
+        if (ks != null) {
+            result.add(ks);
+        }
+
+        ks = getKeyStore(Level.USER, Type.CLIENT_CERTS);
+        if (ks != null) {
+            result.add(ks);
+        }
+
+        return result.toArray(new KeyStore[result.size()]);
+    }
+
+    /**
      * Returns the location of a KeyStore corresponding to the given level and type.
      * @param level
      * @param type
@@ -336,4 +365,5 @@ public final class KeyStores {
         return ks;
     }
 
+
 }