RFC: Netx - Dont prompt the user multiple times for the same https certificate

Fri Jul 17 10:24:37 PDT 2009

* Omair Majid <omajid at redhat.com> [2009-07-16 16:47]:
> Hi,
>
> Currently Netx can prompt the user multiple times to accept a single  
> https certificate.
>
> You can see the behaviour by running javaws (without cacerts) and going  
> to https://substance.dev.java.net/webstart/Issue447.jnlp. You will get 2 
> dialogs that ask you to confirm the https certificate (and one that asks 
> you to confirm the jar certificate).
>
> The attached patch makes it so that the user is only prompted once to  
> confirm the https certificate.
>
> ChangeLog:
> 2009-07-16  Omair Majid  <omajid at redhat.com>
>
>   * rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java
>   add singleUserPromptLock.
>   (checkServerTrusted): Synchronize on singleUserPromptLock.
>
> Any comments?
>

Can't you just synchronize the function instead of doing it on an object
lock? All contents appear to be inside the syn. block anyway..

Deepak

> Cheers,
> Omair

> diff -r 914f2022b402 rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java
> --- a/rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Wed Jul 15 17:54:49 2009 +0200
> +++ b/rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Thu Jul 16 14:10:41 2009 -0400
> @@ -65,6 +65,9 @@
>      
>      ArrayList<Certificate> temporarilyTrusted = new ArrayList();
>      
> +    /** lock to ensure we only present one prompt to the user at a time */
> +    private Object singleUserPromptLock = new Object();
> +    
>      static VariableX509TrustManager instance = null;
>  
>      /**
> @@ -144,21 +147,23 @@
>       * @param checkOnly Whether to "check only" i.e. no user prompt, or to prompt for permission 
>       */
>      public void checkServerTrusted(X509Certificate[] chain, String authType, boolean checkOnly) throws CertificateException {
> -        try {
> -            checkAllManagers(chain, authType);
> -        } catch (CertificateException ce) {
> -            
> -            if (checkOnly) {
> -                throw ce;
> -            } else {
> -
> -                boolean b = askUser(chain,authType);
> -            
> -                if (b) {
> -                    temporarilyTrust(chain[0]);
> +        synchronized (singleUserPromptLock) {
> +            try {
> +                checkAllManagers(chain, authType);
> +            } catch (CertificateException ce) {
> +                
> +                if (checkOnly) {
> +                    throw ce;
> +                } else {
> +    
> +                    boolean b = askUser(chain,authType);
> +                
> +                    if (b) {
> +                        temporarilyTrust(chain[0]);
> +                    }
> +    
> +                    checkAllManagers(chain, authType);
>                  }
> -
> -                checkAllManagers(chain, authType);
>              }
>          }
>      }