/hg/release/icedtea6-1.7: netx: do not prompt user multiple time...

Mon Oct 18 09:52:27 PDT 2010

changeset fcc8fa217369 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=fcc8fa217369
author: Omair Majid <omajid at redhat.com>
date: Mon Oct 18 12:52:22 2010 -0400

	netx: do not prompt user multiple times for the same certificate

	2010-10-18 Omair Majid <omajid at redhat.com>

	 *
	rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
	Add temporarilyUntrusted. (checkServerTrusted): Only prompt user
	if the certificate was not untrusted. (temporarilyUntrust):
	New method. (isTemporarilyUntrusted): New method.


diffstat:

2 files changed, 42 insertions(+), 5 deletions(-)
ChangeLog                                                      |    9 ++
rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java |   38 ++++++++--

diffs (79 lines):

diff -r 902c6f336008 -r fcc8fa217369 ChangeLog

--- a/ChangeLog	Mon Oct 18 14:18:22 2010 +0100
+++ b/ChangeLog	Mon Oct 18 12:52:22 2010 -0400
@@ -1,3 +1,12 @@ 2010-10-15  Pavel Tisnovsky  <ptisnovs at r
+2010-10-18  Omair Majid  <omajid at redhat.com>
+
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
+	Add temporarilyUntrusted.
+	(checkServerTrusted): Only prompt user if the certificate was not
+	untrusted.
+	(temporarilyUntrust): New method.
+	(isTemporarilyUntrusted): New method.
+
 2010-10-15  Pavel Tisnovsky  <ptisnovs at redhat.com>
 
 	* patches/openjdk/6853592-BadWindow-warning-fix.patch:
diff -r 902c6f336008 -r fcc8fa217369 rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Mon Oct 18 14:18:22 2010 +0100
+++ b/rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Mon Oct 18 12:52:22 2010 -0400
@@ -66,7 +66,8 @@ public class VariableX509TrustManager ex
     X509TrustManager userTrustManager = null;
     X509TrustManager caTrustManager = null;
     
-    ArrayList<Certificate> temporarilyTrusted = new ArrayList();
+    ArrayList<Certificate> temporarilyTrusted = new ArrayList<Certificate>();
+    ArrayList<Certificate> temporarilyUntrusted = new ArrayList<Certificate>();
     
     static VariableX509TrustManager instance = null;
 
@@ -192,11 +193,14 @@ public class VariableX509TrustManager ex
             if (checkOnly) {
                 throw ce;
             } else {
+                if (!isTemporarilyUntrusted(chain[0])) {
+                    boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
 
-                boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
-
-                if (b) {
-                    temporarilyTrust(chain[0]);
+                    if (b) {
+                        temporarilyTrust(chain[0]);
+                    } else {
+                        temporarilyUntrust(chain[0]);
+                    }
                 }
 
                 checkAllManagers(chain, authType);
@@ -247,6 +251,30 @@ public class VariableX509TrustManager ex
     }
 
     /**
+     * Temporarily untrust the given cert - do not ask the user to trust this
+     * certificate again
+     *
+     * @param c The certificate to trust
+     */
+    private void temporarilyUntrust(Certificate c) {
+        temporarilyUntrusted.add(c);
+    }
+
+    /**
+     * Was this certificate explicitly untrusted by user?
+     *
+     * @param c the certificate
+     * @return true if the user was presented with this certificate and chose
+     * not to trust it
+     */
+    private boolean isTemporarilyUntrusted(Certificate c) {
+        if (temporarilyUntrusted.contains(c)) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
      * Temporarily trust the given cert (runtime)
      * 
      * @param c The certificate to trust

