integrate support for multiple KeyStores into the various validators

2010-11-11  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust
    manager initialization code into JNLPRuntime.initialize.
    * plugin/icedteanp/java/sun/applet/PluginMain.java
    (init): Likewise.
    * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
    Set the default SSL TrustManager here.
    * netx/net/sourceforge/jnlp/security/CertWarningPane.java
    (CheckBoxListener.actionPerformed): Add this certificate into
    user's trusted certificate store.
    * netx/net/sourceforge/jnlp/tools/KeyTool.java
    (addToKeyStore(File,KeyStore)): Move to CertificateUtils.
    (addToKeyStore(X509Certificate,KeyStore)): Likewise.
    (dumpCert): Likewise.
    * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New
    class.
    (addToKeyStore(File,KeyStore)): Moved from KeyTool.
    (addToKeyStore(X509Certificate,KeyStore)): Likewise.
    (dumpCert): Likewise.
    (inKeyStores): New method.
    * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
    (getRootInCacerts): Check all available CA store to check if
    root is in CA certificates.
    * netx/net/sourceforge/jnlp/security/KeyStores.java
    (getKeyStore(Level,Type,boolean)): Add security check.
    (getClientKeyStores): New method.
    * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
    (VariableX509TrustManager): Initialize multiple CA, certificate and
    client trust managers.
    (checkClientTrusted): Check all the client TrustManagers if
    certificate is trusted.
    (checkAllManagers): Check multiple CA certificates and trusted
    certificates to determine if the certificate chain can be trusted.
    (isExplicitlyTrusted): Check with multiple TrustManagers.
    (getAcceptedIssuers): Gather results from multiple TrustManagers.
    * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
    (ImportButtonListener): Use CertificateUtils instead of KeyTool.
    * netx/net/sourceforge/jnlp/tools/JarSigner.java
    (checkTrustedCerts): Use multiple key stores to check if certificate
    is directly trusted and if the root is trusted.

1 files changed, 0 insertions, 20 deletions

diff --git a/plugin/icedteanp/java/sun/applet/PluginMain.java b/plugin/icedteanp/java/sun/applet/PluginMain.java
index a561f87..8834643 100644
--- a/plugin/icedteanp/java/sun/applet/PluginMain.java
+++ b/plugin/icedteanp/java/sun/applet/PluginMain.java
@@ -75,14 +75,8 @@ import java.net.ProxySelector;
 import java.util.Enumeration;
 import java.util.Properties;
 
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-
 import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
-import net.sourceforge.jnlp.security.VariableX509TrustManager;
 
 /**
  * The main entry point into PluginAppletViewer.
@@ -215,20 +209,6 @@ public class PluginMain
 		// INSTALL THE PROPERTY LIST
 		System.setProperties(avProps);
 
-
-		try {
-		    SSLSocketFactory sslSocketFactory;
-		    SSLContext context = SSLContext.getInstance("SSL");
-		    TrustManager[] trust = new TrustManager[] { VariableX509TrustManager.getInstance() };
-		    context.init(null, trust, null);
-		    sslSocketFactory = context.getSocketFactory();
-		    
-		    HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
-		} catch (Exception e) {
-		    System.err.println("Unable to set SSLSocketfactory (may _prevent_ access to sites that should be trusted)! Continuing anyway...");
-		    e.printStackTrace();
-		}
-
 		// plug in a custom authenticator and proxy selector
         Authenticator.setDefault(new CustomAuthenticator());
         ProxySelector.setDefault(new PluginProxySelector());