RH738814: Access denied at ssl handshake

It turns out that TrustManager.checkTrusted() could be called by untrusted
code. In such a case, we should still show a warning to the user, and not
throw a SecurityException instead.

2011-09-23  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/security/SecurityDialogs.java
    (showCertWarningDialog): Add a javadoc comment.
    * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
    (askUser): Wrap the call to showCertWarningDialog in a doPrivileged
    block.

2 files changed, 15 insertions, 5 deletions

diff --git a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
index 9b93a73..d13aef9 100644
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
@@ -181,6 +181,8 @@ public class SecurityDialogs {
      * @param accessType the type of warning dialog to show
      * @param file the JNLPFile associated with this warning
      * @param jarSigner the JarSigner used to verify this application
+     *
+     * @return true if the user accepted the certificate
      */
     public static boolean showCertWarningDialog(AccessType accessType,
             JNLPFile file, CertVerifier jarSigner) {
diff --git a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
index b6f1377..b90bb1b 100644
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
@@ -37,7 +37,9 @@ exception statement from your version.
 
 package net.sourceforge.jnlp.security;
 
+import java.security.AccessController;
 import java.security.KeyStore;
+import java.security.PrivilegedAction;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -380,17 +382,23 @@ final public class VariableX509TrustManager extends X509ExtendedTrustManager {
      * @param authType The authentication algorithm
      * @return user's response
      */
-    private boolean askUser(X509Certificate[] chain, String authType,
-                            boolean isTrusted, boolean hostMatched,
-                            String hostName) {
+    private boolean askUser(final X509Certificate[] chain, final String authType,
+                            final boolean isTrusted, final boolean hostMatched,
+                            final String hostName) {
         if (JNLPRuntime.isTrustAll()){
             return true;
         }
-        return SecurityDialogs.showCertWarningDialog(
+        final VariableX509TrustManager trustManager = this;
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+            @Override
+            public Boolean run() {
+                return SecurityDialogs.showCertWarningDialog(
                         AccessType.UNVERIFIED, null,
-                        new HttpsCertVerifier(this, chain, authType,
+                        new HttpsCertVerifier(trustManager, chain, authType,
                                               isTrusted, hostMatched,
                                               hostName));
+            }
+        });
     }
 
     /**