/hg/icedtea-web: integrate support for multiple KeyStores into t...
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Thu Nov 11 08:43:32 PST 2010
changeset e82455c47f08 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=e82455c47f08
author: Omair Majid <omajid at redhat.com>
date: Thu Nov 11 11:43:13 2010 -0500
integrate support for multiple KeyStores into the various validators
2010-11-11 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust
manager initialization code into JNLPRuntime.initialize.
* plugin/icedteanp/java/sun/applet/PluginMain.java (init):
Likewise.
* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
Set the default SSL TrustManager here.
* netx/net/sourceforge/jnlp/security/CertWarningPane.java
(CheckBoxListener.actionPerformed): Add this certificate into
user's trusted certificate store.
* netx/net/sourceforge/jnlp/tools/KeyTool.java
(addToKeyStore(File,KeyStore)): Move to CertificateUtils.
(addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert):
Likewise.
* netx/net/sourceforge/jnlp/security/CertificateUtils.java: New
class. (addToKeyStore(File,KeyStore)): Moved from KeyTool.
(addToKeyStore(X509Certificate,KeyStore)): Likewise. (dumpCert):
Likewise. (inKeyStores): New method.
* netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
(getRootInCacerts): Check all available CA store to check if
root is in CA certificates.
* netx/net/sourceforge/jnlp/security/KeyStores.java
(getKeyStore(Level,Type,boolean)): Add security check.
(getClientKeyStores): New method.
* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
(VariableX509TrustManager): Initialize multiple CA, certificate and
client trust managers. (checkClientTrusted): Check all the
client TrustManagers if certificate is trusted.
(checkAllManagers): Check multiple CA certificates and trusted
certificates to determine if the certificate chain can be trusted.
(isExplicitlyTrusted): Check with multiple TrustManagers.
(getAcceptedIssuers): Gather results from multiple TrustManagers.
* netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
(ImportButtonListener): Use CertificateUtils instead of KeyTool.
* netx/net/sourceforge/jnlp/tools/JarSigner.java
(checkTrustedCerts): Use multiple key stores to check if certificate
is directly trusted and if the root is trusted.
diffstat:
12 files changed, 417 insertions(+), 186 deletions(-)
ChangeLog | 42 ++
netx/net/sourceforge/jnlp/runtime/Boot.java | 20 -
netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java | 19
netx/net/sourceforge/jnlp/security/CertWarningPane.java | 45 +-
netx/net/sourceforge/jnlp/security/CertificateUtils.java | 151 +++++++
netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java | 6
netx/net/sourceforge/jnlp/security/KeyStores.java | 30 +
netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java | 191 +++++++---
netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java | 7
netx/net/sourceforge/jnlp/tools/JarSigner.java | 9
netx/net/sourceforge/jnlp/tools/KeyTool.java | 63 ---
plugin/icedteanp/java/sun/applet/PluginMain.java | 20 -
diffs (truncated from 915 to 500 lines):
diff -r 44d47c366e5f -r e82455c47f08 ChangeLog
--- a/ChangeLog Wed Nov 10 16:24:53 2010 -0500
+++ b/ChangeLog Thu Nov 11 11:43:13 2010 -0500
@@ -1,3 +1,45 @@ 2010-11-09 Omair Majid <omajid at redhat.
+2010-11-11 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/Boot.java (main): Move trust
+ manager initialization code into JNLPRuntime.initialize.
+ * plugin/icedteanp/java/sun/applet/PluginMain.java
+ (init): Likewise.
+ * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
+ Set the default SSL TrustManager here.
+ * netx/net/sourceforge/jnlp/security/CertWarningPane.java
+ (CheckBoxListener.actionPerformed): Add this certificate into
+ user's trusted certificate store.
+ * netx/net/sourceforge/jnlp/tools/KeyTool.java
+ (addToKeyStore(File,KeyStore)): Move to CertificateUtils.
+ (addToKeyStore(X509Certificate,KeyStore)): Likewise.
+ (dumpCert): Likewise.
+ * netx/net/sourceforge/jnlp/security/CertificateUtils.java: New
+ class.
+ (addToKeyStore(File,KeyStore)): Moved from KeyTool.
+ (addToKeyStore(X509Certificate,KeyStore)): Likewise.
+ (dumpCert): Likewise.
+ (inKeyStores): New method.
+ * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
+ (getRootInCacerts): Check all available CA store to check if
+ root is in CA certificates.
+ * netx/net/sourceforge/jnlp/security/KeyStores.java
+ (getKeyStore(Level,Type,boolean)): Add security check.
+ (getClientKeyStores): New method.
+ * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
+ (VariableX509TrustManager): Initialize multiple CA, certificate and
+ client trust managers.
+ (checkClientTrusted): Check all the client TrustManagers if
+ certificate is trusted.
+ (checkAllManagers): Check multiple CA certificates and trusted
+ certificates to determine if the certificate chain can be trusted.
+ (isExplicitlyTrusted): Check with multiple TrustManagers.
+ (getAcceptedIssuers): Gather results from multiple TrustManagers.
+ * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
+ (ImportButtonListener): Use CertificateUtils instead of KeyTool.
+ * netx/net/sourceforge/jnlp/tools/JarSigner.java
+ (checkTrustedCerts): Use multiple key stores to check if certificate
+ is directly trusted and if the root is trusted.
+
2010-11-09 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties: Add
diff -r 44d47c366e5f -r e82455c47f08 netx/net/sourceforge/jnlp/runtime/Boot.java
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java Wed Nov 10 16:24:53 2010 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java Thu Nov 11 11:43:13 2010 -0500
@@ -29,11 +29,6 @@ import java.util.Arrays;
import java.util.Arrays;
import java.util.List;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-
import net.sourceforge.jnlp.AppletDesc;
import net.sourceforge.jnlp.ApplicationDesc;
import net.sourceforge.jnlp.JNLPFile;
@@ -44,7 +39,6 @@ import net.sourceforge.jnlp.ResourcesDes
import net.sourceforge.jnlp.ResourcesDesc;
import net.sourceforge.jnlp.cache.CacheUtil;
import net.sourceforge.jnlp.cache.UpdatePolicy;
-import net.sourceforge.jnlp.security.VariableX509TrustManager;
import net.sourceforge.jnlp.security.viewer.CertificateViewer;
import net.sourceforge.jnlp.services.ServiceUtil;
@@ -170,20 +164,6 @@ public final class Boot implements Privi
if (null != getOption("-Xnofork")) {
JNLPRuntime.setForksAllowed(false);
- }
-
- // wire in custom authenticator
- try {
- SSLSocketFactory sslSocketFactory;
- SSLContext context = SSLContext.getInstance("SSL");
- TrustManager[] trust = new TrustManager[] { VariableX509TrustManager.getInstance() };
- context.init(null, trust, null);
- sslSocketFactory = context.getSocketFactory();
-
- HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
- } catch (Exception e) {
- System.err.println("Unable to set SSLSocketfactory (may _prevent_ access to sites that should be trusted)! Continuing anyway...");
- e.printStackTrace();
}
JNLPRuntime.setInitialArgments(Arrays.asList(argsIn));
diff -r 44d47c366e5f -r e82455c47f08 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Wed Nov 10 16:24:53 2010 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Thu Nov 11 11:43:13 2010 -0500
@@ -26,12 +26,17 @@ import java.security.*;
import java.security.*;
import javax.jnlp.*;
import javax.naming.ConfigurationException;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
import javax.swing.UIManager;
import javax.swing.text.html.parser.ParserDelegator;
import net.sourceforge.jnlp.*;
import net.sourceforge.jnlp.cache.*;
import net.sourceforge.jnlp.security.SecurityDialogMessageHandler;
+import net.sourceforge.jnlp.security.VariableX509TrustManager;
import net.sourceforge.jnlp.services.*;
import net.sourceforge.jnlp.util.*;
@@ -222,6 +227,20 @@ public class JNLPRuntime {
}
securityDialogMessageHandler = startSecurityThreads();
+
+ // wire in custom authenticator for SSL connections
+ try {
+ SSLSocketFactory sslSocketFactory;
+ SSLContext context = SSLContext.getInstance("SSL");
+ TrustManager[] trust = new TrustManager[] { VariableX509TrustManager.getInstance() };
+ context.init(null, trust, null);
+ sslSocketFactory = context.getSocketFactory();
+
+ HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
+ } catch (Exception e) {
+ System.err.println("Unable to set SSLSocketfactory (may _prevent_ access to sites that should be trusted)! Continuing anyway...");
+ e.printStackTrace();
+ }
initialized = true;
diff -r 44d47c366e5f -r e82455c47f08 netx/net/sourceforge/jnlp/security/CertWarningPane.java
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java Wed Nov 10 16:24:53 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java Thu Nov 11 11:43:13 2010 -0500
@@ -47,6 +47,9 @@ import java.awt.GridLayout;
import java.awt.GridLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@@ -62,8 +65,9 @@ import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.PluginBridge;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.security.KeyStores.Level;
+import net.sourceforge.jnlp.security.KeyStores.Type;
import net.sourceforge.jnlp.security.SecurityWarning.AccessType;
-import net.sourceforge.jnlp.tools.KeyTool;
/**
* Provides the panel for using inside a SecurityWarningDialog. These dialogs are
@@ -232,25 +236,28 @@ public class CertWarningPane extends Sec
}
}
- /**
- * Updates the user's KeyStore of trusted Certificates.
- */
- private class CheckBoxListener implements ActionListener {
- public void actionPerformed(ActionEvent e) {
- if (alwaysTrust != null && alwaysTrust.isSelected()) {
- try {
- KeyTool kt = new KeyTool();
- Certificate c = parent.getJarSigner().getPublisher();
- kt.importCert(c);
- if (JNLPRuntime.isDebug()) {
- System.out.println("certificate is now permanently trusted");
- }
- } catch (Exception ex) {
- //TODO: Let NetX show a dialog here notifying user
- //about being unable to add cert to keystore
- }
- }
+ /**
+ * Updates the user's KeyStore of trusted Certificates.
+ */
+ private class CheckBoxListener implements ActionListener {
+ public void actionPerformed(ActionEvent e) {
+ if (alwaysTrust != null && alwaysTrust.isSelected()) {
+ try {
+ KeyStore ks = KeyStores.getKeyStore(Level.USER, Type.CERTS);
+ X509Certificate c = (X509Certificate) parent.getJarSigner().getPublisher();
+ CertificateUtils.addToKeyStore(c, ks);
+ OutputStream os = new FileOutputStream(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS));
+ ks.store(os, KeyStores.getPassword());
+ if (JNLPRuntime.isDebug()) {
+ System.out.println("certificate is now permanently trusted");
+ }
+ } catch (Exception ex) {
+ // TODO: Let NetX show a dialog here notifying user
+ // about being unable to add cert to keystore
+ ex.printStackTrace();
}
+ }
}
+ }
}
diff -r 44d47c366e5f -r e82455c47f08 netx/net/sourceforge/jnlp/security/CertificateUtils.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/security/CertificateUtils.java Thu Nov 11 11:43:13 2010 -0500
@@ -0,0 +1,151 @@
+/* CertificateUtils.java
+ Copyright (C) 2010 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+*/
+
+package net.sourceforge.jnlp.security;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.math.BigInteger;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Random;
+
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+
+import sun.misc.BASE64Encoder;
+import sun.security.provider.X509Factory;
+
+/**
+ * Common utilities to manipulate certificates. Provides methods to add
+ * Certificates to a KeyStores, check if certificates already exist in a
+ * KeyStore and printing certificates.
+ */
+public class CertificateUtils {
+
+ /**
+ * Adds the X509Certficate in the file to the KeyStore. Note that it does
+ * not update the copy of the KeyStore on disk.
+ */
+ public static final void addToKeyStore(File file, KeyStore ks) throws CertificateException,
+ IOException, KeyStoreException {
+ if (JNLPRuntime.isDebug()) {
+ System.out.println("Importing certificate from " + file + " into " + ks);
+ }
+
+ BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file));
+ CertificateFactory cf = CertificateFactory.getInstance("X509");
+ X509Certificate cert = null;
+
+ try {
+ cert = (X509Certificate) cf.generateCertificate(bis);
+ } catch (ClassCastException cce) {
+ throw new CertificateException("Input file is not an X509 Certificate", cce);
+ }
+
+ addToKeyStore(cert, ks);
+ }
+
+ /**
+ * Adds an X509Certificate to the KeyStore. Note that it does not update the
+ * copy of the KeyStore on disk.
+ */
+ public static final void addToKeyStore(X509Certificate cert, KeyStore ks)
+ throws KeyStoreException {
+ if (JNLPRuntime.isDebug()) {
+ System.out.println("Importing " + cert.getSubjectX500Principal().getName());
+ }
+
+ String alias = null;
+
+ // does this certificate already exist?
+ alias = ks.getCertificateAlias(cert);
+ if (alias != null) {
+ return;
+ }
+
+ // create a unique alias for this new certificate
+ Random random = new Random();
+ do {
+ alias = new BigInteger(20, random).toString();
+ } while (ks.getCertificate(alias) != null);
+
+ ks.setCertificateEntry(alias, cert);
+ }
+
+ /**
+ * Checks whether an X509Certificate is already in one of the keystores
+ * @param c the certificate
+ * @param keyStores the KeyStores to check in
+ * @return true if the certificate is present in one of the keystores, false otherwise
+ */
+ public static final boolean inKeyStores(X509Certificate c, KeyStore[] keyStores) {
+ for (int i = 0; i < keyStores.length; i++) {
+ try {
+ if (keyStores[i].getCertificateAlias(c) != null) {
+ if (JNLPRuntime.isDebug()) {
+ System.out.println(c.getSubjectX500Principal().getName() + " found in cacerts");
+ }
+ return true;
+ }
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ // continue
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Writes the certificate in base64 encoded from to the print stream.
+ * See http://tools.ietf.org/html/rfc4945#section-6.1 for more information
+ */
+ public static void dump(Certificate cert, PrintStream out) throws IOException,
+ CertificateException {
+
+ BASE64Encoder encoder = new BASE64Encoder();
+ out.println(X509Factory.BEGIN_CERT);
+ encoder.encodeBuffer(cert.getEncoded(), out);
+ out.println(X509Factory.END_CERT);
+ }
+}
diff -r 44d47c366e5f -r e82455c47f08 netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java
--- a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java Wed Nov 10 16:24:53 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java Thu Nov 11 11:43:13 2010 -0500
@@ -40,6 +40,7 @@ import static net.sourceforge.jnlp.runti
import static net.sourceforge.jnlp.runtime.Translator.R;
import java.io.IOException;
+import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
@@ -52,7 +53,6 @@ import java.util.Collection;
import java.util.Collection;
import java.util.List;
-import net.sourceforge.jnlp.tools.KeyTool;
import sun.security.util.DerValue;
import sun.security.util.HostnameChecker;
import sun.security.x509.X500Name;
@@ -213,8 +213,8 @@ public class HttpsCertVerifier implement
public boolean getRootInCacerts() {
try {
- KeyTool kt = new KeyTool();
- return kt.checkCacertsForCertificate(getRoot());
+ KeyStore[] caCertsKeyStores = KeyStores.getCAKeyStores();
+ return CertificateUtils.inKeyStores((X509Certificate)getRoot(), caCertsKeyStores);
} catch (Exception e) {
}
return false;
diff -r 44d47c366e5f -r e82455c47f08 netx/net/sourceforge/jnlp/security/KeyStores.java
--- a/netx/net/sourceforge/jnlp/security/KeyStores.java Wed Nov 10 16:24:53 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/KeyStores.java Thu Nov 11 11:43:13 2010 -0500
@@ -41,6 +41,7 @@ import java.io.FileInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
+import java.security.AllPermission;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -111,6 +112,11 @@ public final class KeyStores {
* @return a KeyStore containing certificates from the appropriate
*/
public static final KeyStore getKeyStore(Level level, Type type, boolean create) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(new AllPermission());
+ }
+
String location = getKeyStoreLocation(level, type);
KeyStore ks = null;
try {
@@ -181,6 +187,29 @@ public final class KeyStores {
}
/* User-level CA certificates */
ks = getKeyStore(Level.USER, Type.CA_CERTS);
+ if (ks != null) {
+ result.add(ks);
+ }
+
+ return result.toArray(new KeyStore[result.size()]);
+ }
+
+ /**
+ * Returns KeyStores containing trusted client certificates
+ *
+ * @return an array of KeyStore objects that can be used to check client
+ * authentication certificates
+ */
+ public static KeyStore[] getClientKeyStores() {
+ List<KeyStore> result = new ArrayList<KeyStore>();
+ KeyStore ks = null;
+
+ ks = getKeyStore(Level.SYSTEM, Type.CLIENT_CERTS);
+ if (ks != null) {
+ result.add(ks);
+ }
+
+ ks = getKeyStore(Level.USER, Type.CLIENT_CERTS);
if (ks != null) {
result.add(ks);
}
@@ -336,4 +365,5 @@ public final class KeyStores {
return ks;
}
+
}
diff -r 44d47c366e5f -r e82455c47f08 netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Wed Nov 10 16:24:53 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Thu Nov 11 11:43:13 2010 -0500
@@ -42,6 +42,8 @@ import java.security.cert.CertificateExc
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -60,59 +62,98 @@ import net.sourceforge.jnlp.security.Sec
* different certificates that are not in the keystore.
*/
-public class VariableX509TrustManager extends X509ExtendedTrustManager {
+final public class VariableX509TrustManager extends X509ExtendedTrustManager {
- KeyStore userKeyStore = null;
- KeyStore caKeyStore = null;
+ /** TrustManagers containing trusted CAs */
+ private X509TrustManager[] caTrustManagers = null;
- X509TrustManager userTrustManager = null;
- X509TrustManager caTrustManager = null;
+ /** TrustManagers containing trusted certificates */
+ private X509TrustManager[] certTrustManagers = null;
- ArrayList<Certificate> temporarilyTrusted = new ArrayList<Certificate>();
- ArrayList<Certificate> temporarilyUntrusted = new ArrayList<Certificate>();
+ /** TrustManagers containing trusted client certificates */
+ private X509TrustManager[] clientTrustManagers = null;
- static VariableX509TrustManager instance = null;
+ private ArrayList<Certificate> temporarilyTrusted = new ArrayList<Certificate>();
+ private ArrayList<Certificate> temporarilyUntrusted = new ArrayList<Certificate>();
+
+ private static VariableX509TrustManager instance = null;
/**
* Constructor initializes the system, user and custom stores
*/
public VariableX509TrustManager() {
+ /*
+ * Load TrustManagers for trusted certificates
+ */
try {
- userKeyStore = SecurityUtil.getUserKeyStore();
More information about the distro-pkg-dev
mailing list