/hg/release/icedtea6-1.8: netx: do not prompt user multiple time...
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Mon Oct 18 09:47:41 PDT 2010
changeset 78de2d8168d8 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=78de2d8168d8
author: Omair Majid <omajid at redhat.com>
date: Mon Oct 18 12:47:36 2010 -0400
netx: do not prompt user multiple times for the same certificate
2010-10-18 Omair Majid <omajid at redhat.com>
*
netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
Add temporarilyUntrusted. (checkServerTrusted): Only prompt user
if the certificate was not untrusted. (temporarilyUntrust):
New method. (isTemporarilyUntrusted): New method.
diffstat:
2 files changed, 42 insertions(+), 5 deletions(-)
ChangeLog | 9 ++
netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java | 38 ++++++++--
diffs (79 lines):
diff -r 666f6453befc -r 78de2d8168d8 ChangeLog
--- a/ChangeLog Mon Oct 18 11:54:21 2010 +0200
+++ b/ChangeLog Mon Oct 18 12:47:36 2010 -0400
@@ -1,3 +1,12 @@ 2010-10-15 Pavel Tisnovsky <ptisnovs at r
+2010-10-18 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
+ Add temporarilyUntrusted.
+ (checkServerTrusted): Only prompt user if the certificate was not
+ untrusted.
+ (temporarilyUntrust): New method.
+ (isTemporarilyUntrusted): New method.
+
2010-10-15 Pavel Tisnovsky <ptisnovs at redhat.com>
* patches/openjdk/6853592-BadWindow-warning-fix.patch:
diff -r 666f6453befc -r 78de2d8168d8 netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Mon Oct 18 11:54:21 2010 +0200
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Mon Oct 18 12:47:36 2010 -0400
@@ -66,7 +66,8 @@ public class VariableX509TrustManager ex
X509TrustManager userTrustManager = null;
X509TrustManager caTrustManager = null;
- ArrayList<Certificate> temporarilyTrusted = new ArrayList();
+ ArrayList<Certificate> temporarilyTrusted = new ArrayList<Certificate>();
+ ArrayList<Certificate> temporarilyUntrusted = new ArrayList<Certificate>();
static VariableX509TrustManager instance = null;
@@ -192,11 +193,14 @@ public class VariableX509TrustManager ex
if (checkOnly) {
throw ce;
} else {
+ if (!isTemporarilyUntrusted(chain[0])) {
+ boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
- boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
-
- if (b) {
- temporarilyTrust(chain[0]);
+ if (b) {
+ temporarilyTrust(chain[0]);
+ } else {
+ temporarilyUntrust(chain[0]);
+ }
}
checkAllManagers(chain, authType);
@@ -247,6 +251,30 @@ public class VariableX509TrustManager ex
}
/**
+ * Temporarily untrust the given cert - do not ask the user to trust this
+ * certificate again
+ *
+ * @param c The certificate to trust
+ */
+ private void temporarilyUntrust(Certificate c) {
+ temporarilyUntrusted.add(c);
+ }
+
+ /**
+ * Was this certificate explicitly untrusted by user?
+ *
+ * @param c the certificate
+ * @return true if the user was presented with this certificate and chose
+ * not to trust it
+ */
+ private boolean isTemporarilyUntrusted(Certificate c) {
+ if (temporarilyUntrusted.contains(c)) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
* Temporarily trust the given cert (runtime)
*
* @param c The certificate to trust
More information about the distro-pkg-dev
mailing list