diff options
| author | Deepak Bhole <[email protected]> | 2011-08-09 17:29:45 -0400 |
|---|---|---|
| committer | Deepak Bhole <[email protected]> | 2011-08-09 17:29:45 -0400 |
| commit | 53c420f675bd366ea8ea4386858c08c518de8830 (patch) | |
| tree | 1e7dd5fe892821b7c18d85eaa5242df4dbbba326 /netx/net/sourceforge/jnlp | |
| parent | 3dd40327ead5eabb47b3632b66dc1ebf64279034 (diff) | |
PR771: IcedTea-Web certificate verification code does not use the right API
Diffstat (limited to 'netx/net/sourceforge/jnlp')
| -rw-r--r-- | netx/net/sourceforge/jnlp/security/CertificateUtils.java | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/netx/net/sourceforge/jnlp/security/CertificateUtils.java b/netx/net/sourceforge/jnlp/security/CertificateUtils.java index af48a1e..fb7ecef 100644 --- a/netx/net/sourceforge/jnlp/security/CertificateUtils.java +++ b/netx/net/sourceforge/jnlp/security/CertificateUtils.java @@ -43,16 +43,20 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.PrintStream; import java.math.BigInteger; +import java.security.InvalidKeyException; import java.security.KeyStore; import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SignatureException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.util.Enumeration; import java.util.Random; import net.sourceforge.jnlp.runtime.JNLPRuntime; - import sun.misc.BASE64Encoder; import sun.security.provider.X509Factory; @@ -122,11 +126,36 @@ public class CertificateUtils { public static final boolean inKeyStores(X509Certificate c, KeyStore[] keyStores) { for (int i = 0; i < keyStores.length; i++) { try { - if (keyStores[i].getCertificateAlias(c) != null) { - if (JNLPRuntime.isDebug()) { - System.out.println(c.getSubjectX500Principal().getName() + " found in cacerts"); + // Check against all certs + Enumeration<String> aliases = keyStores[i].aliases(); + while (aliases.hasMoreElements()) { + String alias = aliases.nextElement(); + try { + // Verify against this entry + c.verify(keyStores[i].getCertificate(alias).getPublicKey()); + + if (JNLPRuntime.isDebug()) { + System.out.println(c.getSubjectX500Principal().getName() + " found in cacerts"); + } + + // If we got here, it means verification succeeded. Return true. + return true; + } catch (NoSuchAlgorithmException nsae) { + // Unsupported signature algorithm + // Consider non-match and keep going + } catch (InvalidKeyException ike) { + // Incorrect/corrupt key + // Consider non-match and keep going + } catch (NoSuchProviderException nspe) { + // No default provider + // Consider non-match and keep going + } catch (SignatureException se) { + // Signature error + // Consider non-match and keep going + } catch (CertificateException ce) { + // Encoding error + // Consider non-match and keep going } - return true; } } catch (KeyStoreException e) { e.printStackTrace(); |