Mercurial > hg > release > icedtea-web-1.2

changeset 288:b56fd9cb2dfc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added XrustAll option
author Jiri Vanek <jvanek@redhat.com>
date Thu, 22 Sep 2011 17:41:51 +0200
parents e9a9792ee189
children 2ad1f3bbb0b5
files ChangeLog netx/net/sourceforge/jnlp/runtime/Boot.java netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
diffstat 5 files changed, 34 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Sep 15 15:27:40 2011 +0200
+++ b/ChangeLog	Thu Sep 22 17:41:51 2011 +0200
@@ -1,3 +1,14 @@
+2011-09-22  Jiri Vanek <jvanek@redhat.com>
+
+	* netx/net/sourceforge/jnlp/runtime/Boot.java: (main): added logic to 
+	handle -Xtrustall option
+	* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: declared private static boolean
+	trustAll=false; with public getter and pkg.private  setter
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (checkTrustWithUser): modified,
+	when XtrustAll declared, then user is not asked and certificate is trusted
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:  (askUser): modified,
+	when XtrustAll declared, then user is not asked and certificate is trusted
+
 2011-09-15  Jiri Vanek <jvanek@redhat.com>
 
 	* tests/jnlp_tests/: all current reproducers (AccessClassInPackage
@@ -17,6 +28,7 @@
 	* ChangeLog: Fixed formatting issues in previous entry.
 
 2011-09-01 Jiri Vanek<jvanek@redhat.com>
+
 	Added functionality to allow icedtea web to be buildable with
 	rhel5 libraries.
 	* configure.ac: added IT_CHECK_GLIB_VERSION check.
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java	Thu Sep 15 15:27:40 2011 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java	Thu Sep 22 17:41:51 2011 +0200
@@ -156,6 +156,9 @@
         if (null != getOption("-Xnofork")) {
             JNLPRuntime.setForksAllowed(false);
         }
+        if (null != getOption("-Xtrustall")) {
+            JNLPRuntime.setTrustAll(true);
+        }
 
         JNLPRuntime.setInitialArgments(Arrays.asList(argsIn));
 
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Thu Sep 15 15:27:40 2011 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Thu Sep 22 17:41:51 2011 +0200
@@ -755,6 +755,9 @@
     }
     
     private void checkTrustWithUser(JarSigner js) throws LaunchException {
+        if (JNLPRuntime.isTrustAll()){
+            return;
+        }
         if (!js.getRootInCacerts()) { //root cert is not in cacerts
             boolean b = SecurityDialogs.showCertWarningDialog(
                     AccessType.UNVERIFIED, file, js);
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java	Thu Sep 15 15:27:40 2011 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java	Thu Sep 22 17:41:51 2011 +0200
@@ -123,6 +123,9 @@
     /** set to false to indicate another JVM should not be spawned, even if necessary */
     private static boolean forksAllowed = true;
 
+    /** all security dialogs will be consumed and pretented as beeing verified by user and allowed.*/
+    private static boolean trustAll=false;
+
     /** contains the arguments passed to the jnlp runtime */
     private static List<String> initialArguments;
 
@@ -132,6 +135,7 @@
     public static final String STDERR_FILE = "java.stderr";
     public static final String STDOUT_FILE = "java.stdout";
 
+
     /**
      * Returns whether the JNLP runtime environment has been
      * initialized.  Once initialized, some properties such as the
@@ -732,4 +736,12 @@
         }
     }
 
+    static void setTrustAll(boolean b) {
+        trustAll=b;
+    }
+
+    public static boolean isTrustAll() {
+        return trustAll;
+    }
+
 }
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Thu Sep 15 15:27:40 2011 +0200
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Thu Sep 22 17:41:51 2011 +0200
@@ -53,6 +53,7 @@
 import sun.security.validator.ValidatorException;
 
 import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
 
 import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
 
@@ -382,6 +383,9 @@
     private boolean askUser(X509Certificate[] chain, String authType,
                             boolean isTrusted, boolean hostMatched,
                             String hostName) {
+        if (JNLPRuntime.isTrustAll()){
+            return true;
+        }
         return SecurityDialogs.showCertWarningDialog(
                         AccessType.UNVERIFIED, null,
                         new HttpsCertVerifier(this, chain, authType,