/hg/icedtea-web: Change CertificateUtils.inKeyStores() to only c...
dbhole at icedtea.classpath.org
dbhole at icedtea.classpath.org
Wed Feb 29 10:57:25 PST 2012
changeset 152760c30b5d in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=152760c30b5d
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Feb 29 13:56:57 2012 -0500
Change CertificateUtils.inKeyStores() to only check for certificate
equality
diffstat:
ChangeLog | 5 ++
netx/net/sourceforge/jnlp/security/CertificateUtils.java | 27 +++------------
2 files changed, 11 insertions(+), 21 deletions(-)
diffs (56 lines):
diff -r b1984bb670f0 -r 152760c30b5d ChangeLog
--- a/ChangeLog Tue Feb 28 11:35:41 2012 -0500
+++ b/ChangeLog Wed Feb 29 13:56:57 2012 -0500
@@ -1,3 +1,8 @@
+2012-02-29 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/security/CertificateUtils.java
+ (inKeyStores): Only check for certificate equality.
+
2012-02-28 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
diff -r b1984bb670f0 -r 152760c30b5d netx/net/sourceforge/jnlp/security/CertificateUtils.java
--- a/netx/net/sourceforge/jnlp/security/CertificateUtils.java Tue Feb 28 11:35:41 2012 -0500
+++ b/netx/net/sourceforge/jnlp/security/CertificateUtils.java Wed Feb 29 13:56:57 2012 -0500
@@ -167,34 +167,19 @@
// Check against all certs
Enumeration<String> aliases = keyStores[i].aliases();
while (aliases.hasMoreElements()) {
+
+ // Verify against this entry
String alias = aliases.nextElement();
- try {
- // Verify against this entry
- c.verify(keyStores[i].getCertificate(alias).getPublicKey());
+ if (c.equals(keyStores[i].getCertificate(alias))) {
if (JNLPRuntime.isDebug()) {
System.out.println(c.getSubjectX500Principal().getName() + " found in cacerts");
}
-
- // If we got here, it means verification succeeded. Return true.
+
return true;
- } catch (NoSuchAlgorithmException nsae) {
- // Unsupported signature algorithm
- // Consider non-match and keep going
- } catch (InvalidKeyException ike) {
- // Incorrect/corrupt key
- // Consider non-match and keep going
- } catch (NoSuchProviderException nspe) {
- // No default provider
- // Consider non-match and keep going
- } catch (SignatureException se) {
- // Signature error
- // Consider non-match and keep going
- } catch (CertificateException ce) {
- // Encoding error
- // Consider non-match and keep going
- }
+ } // else continue
}
+
} catch (KeyStoreException e) {
e.printStackTrace();
// continue
More information about the distro-pkg-dev
mailing list