Mercurial > hg > release > icedtea-web-1.6
changeset 1203:ebcd2aaa59c7
set single place for keystore operations
author | Jiri Vanek <jvanek@redhat.com> |
---|---|
date | Mon, 13 Apr 2015 14:59:38 +0200 |
parents | 6c166ac38f89 |
children | a5e268a5b6dd |
files | ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java netx/net/sourceforge/jnlp/security/CertificateUtils.java netx/net/sourceforge/jnlp/security/KeyStores.java netx/net/sourceforge/jnlp/security/SecurityUtil.java netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java |
diffstat | 7 files changed, 58 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Apr 13 14:37:56 2015 +0200 +++ b/ChangeLog Mon Apr 13 14:59:38 2015 +0200 @@ -1,3 +1,15 @@ +2015-04-13 Jiri Vanek <jvanek@redhat.com> + + set single place for keystore operations + */netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: usage of keystore moved + to utility method + */netx/net/sourceforge/jnlp/security/CertificateUtils.java: same + */netx/net/sourceforge/jnlp/security/KeyStores.java: same + */netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java: same + */netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java: same + */netx/net/sourceforge/jnlp/security/SecurityUtil.java: added five new methods + wrapping work on keystores + 2015-04-13 Jiri Vanek <jvanek@redhat.com> Removed redundant occurrence of default keystore password
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon Apr 13 14:37:56 2015 +0200 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon Apr 13 14:59:38 2015 +0200 @@ -270,7 +270,7 @@ SSLContext context = SSLContext.getInstance("SSL"); KeyStore ks = KeyStores.getKeyStore(KeyStores.Level.USER, KeyStores.Type.CLIENT_CERTS); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, SecurityUtil.getTrustedCertsPassword()); + SecurityUtil.initKeyManagerFactory(kmf, ks); TrustManager[] trust = new TrustManager[] { getSSLSocketTrustManager() }; context.init(kmf.getKeyManagers(), trust, null); sslSocketFactory = context.getSocketFactory();
--- a/netx/net/sourceforge/jnlp/security/CertificateUtils.java Mon Apr 13 14:37:56 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/CertificateUtils.java Mon Apr 13 14:59:38 2015 +0200 @@ -147,7 +147,7 @@ alias = new BigInteger(20, random).toString(); } while (ks.getCertificate(alias) != null); - ks.setKeyEntry(alias, key, SecurityUtil.getTrustedCertsPassword(), certChain); + SecurityUtil.setKeyEntry(ks, alias, key, certChain); } /** @@ -196,7 +196,7 @@ public static void dumpPKCS12(String alias, File file, KeyStore ks, char[] password) throws Exception { Certificate[] certChain = ks.getCertificateChain(alias); - Key key = ks.getKey(alias, SecurityUtil.getTrustedCertsPassword()); + Key key = SecurityUtil.getKey(ks, alias); BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file)); KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(null, null);
--- a/netx/net/sourceforge/jnlp/security/KeyStores.java Mon Apr 13 14:37:56 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/KeyStores.java Mon Apr 13 14:59:38 2015 +0200 @@ -339,9 +339,9 @@ FileUtils.createRestrictedFile(file, true); ks = KeyStore.getInstance(KEYSTORE_TYPE); - ks.load(null, SecurityUtil.getTrustedCertsPassword()); + SecurityUtil.loadKeyStore(ks, null); FileOutputStream fos = new FileOutputStream(file); - ks.store(fos,SecurityUtil.getTrustedCertsPassword()); + SecurityUtil.keyStoreStore(ks, fos); fos.close(); } @@ -350,10 +350,10 @@ if (file.exists()) { fis = new FileInputStream(file); ks = KeyStore.getInstance(KEYSTORE_TYPE); - ks.load(fis, SecurityUtil.getTrustedCertsPassword()); + SecurityUtil.loadKeyStore(ks, fis); } else { ks = KeyStore.getInstance(KEYSTORE_TYPE); - ks.load(null, SecurityUtil.getTrustedCertsPassword()); + SecurityUtil.loadKeyStore(ks, null); } } finally { if (fis != null) {
--- a/netx/net/sourceforge/jnlp/security/SecurityUtil.java Mon Apr 13 14:37:56 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/SecurityUtil.java Mon Apr 13 14:59:38 2015 +0200 @@ -40,7 +40,17 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.Key; import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import javax.net.ssl.KeyManagerFactory; import net.sourceforge.jnlp.security.KeyStores.Level; import net.sourceforge.jnlp.security.KeyStores.Type; @@ -54,7 +64,7 @@ return KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS).getFullPath(); } - public static char[] getTrustedCertsPassword() { + private static char[] getTrustedCertsPassword() { return DEFAULT_PASSWORD; } @@ -179,9 +189,9 @@ //made directory, or directory exists if (madeDir || dir.isDirectory()) { KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null, getTrustedCertsPassword()); + loadKeyStore(ks, null); FileOutputStream fos = new FileOutputStream(certFile); - ks.store(fos, getTrustedCertsPassword()); + keyStoreStore(ks, fos); fos.close(); return true; } else { @@ -208,7 +218,7 @@ if (file.exists()) { fis = new FileInputStream(file); ks = KeyStore.getInstance("JKS"); - ks.load(fis, getTrustedCertsPassword()); + loadKeyStore(ks, fis); } } catch (Exception e) { OutputController.getLogger().log(OutputController.Level.ERROR_ALL, e); @@ -277,4 +287,26 @@ return caks; } + + + public static void initKeyManagerFactory(KeyManagerFactory kmf, KeyStore ks) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { + kmf.init(ks, SecurityUtil.getTrustedCertsPassword()); + + } + + public static void setKeyEntry(KeyStore ks, String alias, Key key, Certificate[] certChain) throws KeyStoreException { + ks.setKeyEntry(alias, key, SecurityUtil.getTrustedCertsPassword(), certChain); + } + + public static Key getKey(KeyStore ks, String alias) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { + return ks.getKey(alias, getTrustedCertsPassword()); + } + + public static void loadKeyStore(KeyStore ks, InputStream is) throws IOException, NoSuchAlgorithmException, CertificateException { + ks.load(is, SecurityUtil.getTrustedCertsPassword()); + } + + public static void keyStoreStore(KeyStore ks, OutputStream fos) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { + ks.store(fos,SecurityUtil.getTrustedCertsPassword()); + } }
--- a/netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java Mon Apr 13 14:37:56 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java Mon Apr 13 14:59:38 2015 +0200 @@ -360,7 +360,7 @@ OutputStream os = new FileOutputStream(keyStoreFile); try { - ks.store(os, SecurityUtil.getTrustedCertsPassword()); + SecurityUtil.keyStoreStore(ks, os); } finally { os.close(); }
--- a/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java Mon Apr 13 14:37:56 2015 +0200 +++ b/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java Mon Apr 13 14:59:38 2015 +0200 @@ -401,7 +401,7 @@ OutputStream os = new FileOutputStream(keyStoreFile); try { - ks.store(os, SecurityUtil.getTrustedCertsPassword()); + SecurityUtil.keyStoreStore(ks, os); } finally { os.close(); } @@ -489,7 +489,7 @@ FileUtils.createRestrictedFile(keyStoreFile, true); } FileOutputStream fos = new FileOutputStream(keyStoreFile); - keyStore.store(fos, SecurityUtil.getTrustedCertsPassword()); + SecurityUtil.keyStoreStore(keyStore, fos); fos.close(); } }