/hg/release/icedtea-web-1.2: Change CertificateUtils.inKeyStores...

dbhole at icedtea.classpath.org dbhole at icedtea.classpath.org
Wed Feb 29 10:57:37 PST 2012 

changeset c93ef2cc3535 in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=c93ef2cc3535
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Feb 29 13:56:57 2012 -0500

	Change CertificateUtils.inKeyStores() to only check for certificate
	equality


diffstat:

 ChangeLog                                                |   5 ++
 netx/net/sourceforge/jnlp/security/CertificateUtils.java |  27 +++------------
 2 files changed, 11 insertions(+), 21 deletions(-)

diffs (56 lines):

diff -r e21f13506c3c -r c93ef2cc3535 ChangeLog
--- a/ChangeLog	Tue Feb 28 11:35:41 2012 -0500
+++ b/ChangeLog	Wed Feb 29 13:56:57 2012 -0500
@@ -1,3 +1,8 @@
+2012-02-29  Deepak Bhole <dbhole at redhat.com>
+
+	* netx/net/sourceforge/jnlp/security/CertificateUtils.java
+	(inKeyStores): Only check for certificate equality.
+
 2012-02-28  Deepak Bhole <dbhole at redhat.com>
 
 	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
diff -r e21f13506c3c -r c93ef2cc3535 netx/net/sourceforge/jnlp/security/CertificateUtils.java
--- a/netx/net/sourceforge/jnlp/security/CertificateUtils.java	Tue Feb 28 11:35:41 2012 -0500
+++ b/netx/net/sourceforge/jnlp/security/CertificateUtils.java	Wed Feb 29 13:56:57 2012 -0500
@@ -167,34 +167,19 @@
                 // Check against all certs
                 Enumeration<String> aliases = keyStores[i].aliases();
                 while (aliases.hasMoreElements()) {
+
+                    // Verify against this entry
                     String alias = aliases.nextElement();
-                    try {
-                        // Verify against this entry
-                        c.verify(keyStores[i].getCertificate(alias).getPublicKey());
 
+                    if (c.equals(keyStores[i].getCertificate(alias))) {
                         if (JNLPRuntime.isDebug()) {
                             System.out.println(c.getSubjectX500Principal().getName() + " found in cacerts");
                         }
-                        
-                        // If we got here, it means verification succeeded. Return true.
+
                         return true;
-                    } catch (NoSuchAlgorithmException nsae) {
-                        // Unsupported signature algorithm 
-                        // Consider non-match and keep going
-                    } catch (InvalidKeyException ike) {
-                        // Incorrect/corrupt key
-                        // Consider non-match and keep going                     
-                    } catch (NoSuchProviderException nspe) {
-                        // No default provider 
-                        // Consider non-match and keep going
-                    } catch (SignatureException se) {
-                        // Signature error
-                        // Consider non-match and keep going
-                    } catch (CertificateException ce) {
-                        // Encoding error
-                        // Consider non-match and keep going
-                    }
+                    } // else continue
                 }
+
             } catch (KeyStoreException e) {
                 e.printStackTrace();
                 // continue

More information about the distro-pkg-dev mailing list