From 4b48fb654279154b6126c86d5998e02d74d125fb Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Thu, 11 Nov 2010 11:43:13 -0500 Subject: integrate support for multiple KeyStores into the various validators 2010-11-11 Omair Majid * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust manager initialization code into JNLPRuntime.initialize. * plugin/icedteanp/java/sun/applet/PluginMain.java (init): Likewise. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize): Set the default SSL TrustManager here. * netx/net/sourceforge/jnlp/security/CertWarningPane.java (CheckBoxListener.actionPerformed): Add this certificate into user's trusted certificate store. * netx/net/sourceforge/jnlp/tools/KeyTool.java (addToKeyStore(File,KeyStore)): Move to CertificateUtils. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New class. (addToKeyStore(File,KeyStore)): Moved from KeyTool. (addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert): Likewise. (inKeyStores): New method. * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java (getRootInCacerts): Check all available CA store to check if root is in CA certificates. * netx/net/sourceforge/jnlp/security/KeyStores.java (getKeyStore(Level,Type,boolean)): Add security check. (getClientKeyStores): New method. * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java (VariableX509TrustManager): Initialize multiple CA, certificate and client trust managers. (checkClientTrusted): Check all the client TrustManagers if certificate is trusted. (checkAllManagers): Check multiple CA certificates and trusted certificates to determine if the certificate chain can be trusted. (isExplicitlyTrusted): Check with multiple TrustManagers. (getAcceptedIssuers): Gather results from multiple TrustManagers. * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java (ImportButtonListener): Use CertificateUtils instead of KeyTool. * netx/net/sourceforge/jnlp/tools/JarSigner.java (checkTrustedCerts): Use multiple key stores to check if certificate is directly trusted and if the root is trusted. --- netx/net/sourceforge/jnlp/security/KeyStores.java | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'netx/net/sourceforge/jnlp/security/KeyStores.java') diff --git a/netx/net/sourceforge/jnlp/security/KeyStores.java b/netx/net/sourceforge/jnlp/security/KeyStores.java index 94ea56e..05bc150 100644 --- a/netx/net/sourceforge/jnlp/security/KeyStores.java +++ b/netx/net/sourceforge/jnlp/security/KeyStores.java @@ -41,6 +41,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; +import java.security.AllPermission; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -111,6 +112,11 @@ public final class KeyStores { * @return a KeyStore containing certificates from the appropriate */ public static final KeyStore getKeyStore(Level level, Type type, boolean create) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(new AllPermission()); + } + String location = getKeyStoreLocation(level, type); KeyStore ks = null; try { @@ -188,6 +194,29 @@ public final class KeyStores { return result.toArray(new KeyStore[result.size()]); } + /** + * Returns KeyStores containing trusted client certificates + * + * @return an array of KeyStore objects that can be used to check client + * authentication certificates + */ + public static KeyStore[] getClientKeyStores() { + List result = new ArrayList(); + KeyStore ks = null; + + ks = getKeyStore(Level.SYSTEM, Type.CLIENT_CERTS); + if (ks != null) { + result.add(ks); + } + + ks = getKeyStore(Level.USER, Type.CLIENT_CERTS); + if (ks != null) { + result.add(ks); + } + + return result.toArray(new KeyStore[result.size()]); + } + /** * Returns the location of a KeyStore corresponding to the given level and type. * @param level @@ -336,4 +365,5 @@ public final class KeyStores { return ks; } + } -- cgit v1.2.3