/hg/release/icedtea6-1.9: netx: do not prompt user multiple time...

Mon Oct 18 09:37:19 PDT 2010

changeset 69b7e0c0a5c3 in /hg/release/icedtea6-1.9
details: http://icedtea.classpath.org/hg/release/icedtea6-1.9?cmd=changeset;node=69b7e0c0a5c3
author: Omair Majid <omajid at redhat.com>
date: Mon Oct 18 12:36:39 2010 -0400

	netx: do not prompt user multiple times for the same certificate

	2010-10-18 Omair Majid <omajid at redhat.com>

	 *
	netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
	Add temporarilyUntrusted. (checkServerTrusted): Only prompt user
	if the certificate was not untrusted. (temporarilyUntrust):
	New method. (isTemporarilyUntrusted): New method.


diffstat:

2 files changed, 42 insertions(+), 5 deletions(-)
ChangeLog                                                        |    9 ++
netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java |   38 ++++++++--

diffs (79 lines):

diff -r c1a198d6dec9 -r 69b7e0c0a5c3 ChangeLog

--- a/ChangeLog	Mon Oct 18 14:43:14 2010 +0200
+++ b/ChangeLog	Mon Oct 18 12:36:39 2010 -0400
@@ -1,3 +1,12 @@ 2010-10-18  Pavel Tisnovsky  <ptisnovs at r
+2010-10-18  Omair Majid  <omajid at redhat.com>
+
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
+	Add temporarilyUntrusted.
+	(checkServerTrusted): Only prompt user if the certificate was not
+	untrusted.
+	(temporarilyUntrust): New method.
+	(isTemporarilyUntrusted): New method.
+
 2010-10-18  Pavel Tisnovsky  <ptisnovs at redhat.com>
 
 	* Makefile.am:
diff -r c1a198d6dec9 -r 69b7e0c0a5c3 netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Mon Oct 18 14:43:14 2010 +0200
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Mon Oct 18 12:36:39 2010 -0400
@@ -66,7 +66,8 @@ public class VariableX509TrustManager ex
     X509TrustManager userTrustManager = null;
     X509TrustManager caTrustManager = null;
 
-    ArrayList<Certificate> temporarilyTrusted = new ArrayList();
+    ArrayList<Certificate> temporarilyTrusted = new ArrayList<Certificate>();
+    ArrayList<Certificate> temporarilyUntrusted = new ArrayList<Certificate>();
 
     static VariableX509TrustManager instance = null;
 
@@ -192,11 +193,14 @@ public class VariableX509TrustManager ex
             if (checkOnly) {
                 throw ce;
             } else {
+                if (!isTemporarilyUntrusted(chain[0])) {
+                    boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
 
-                boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
-
-                if (b) {
-                    temporarilyTrust(chain[0]);
+                    if (b) {
+                        temporarilyTrust(chain[0]);
+                    } else {
+                        temporarilyUntrust(chain[0]);
+                    }
                 }
 
                 checkAllManagers(chain, authType);
@@ -247,6 +251,30 @@ public class VariableX509TrustManager ex
     }
 
     /**
+     * Temporarily untrust the given cert - do not ask the user to trust this
+     * certificate again
+     *
+     * @param c The certificate to trust
+     */
+    private void temporarilyUntrust(Certificate c) {
+        temporarilyUntrusted.add(c);
+    }
+
+    /**
+     * Was this certificate explicitly untrusted by user?
+     *
+     * @param c the certificate
+     * @return true if the user was presented with this certificate and chose
+     * not to trust it
+     */
+    private boolean isTemporarilyUntrusted(Certificate c) {
+        if (temporarilyUntrusted.contains(c)) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
      * Temporarily trust the given cert (runtime)
      *
      * @param c The certificate to trust

