# HG changeset patch
# User Omair Majid <omajid@redhat.com>
# Date 1287420742 14400
# Node ID fcc8fa217369fb311eae171f073d9e7d00600adc
# Parent  902c6f3360081179c50aea802f09e8160c31418a
netx: do not prompt user multiple times for the same certificate

2010-10-18  Omair Majid  <omajid@redhat.com>

    * rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
    Add temporarilyUntrusted.
    (checkServerTrusted): Only prompt user if the certificate was not
    untrusted.
    (temporarilyUntrust): New method.
    (isTemporarilyUntrusted): New method.

diff -r 902c6f336008 -r fcc8fa217369 ChangeLog
--- a/ChangeLog	Mon Oct 18 14:18:22 2010 +0100
+++ b/ChangeLog	Mon Oct 18 12:52:22 2010 -0400
@@ -1,3 +1,12 @@
+2010-10-18  Omair Majid  <omajid@redhat.com>
+
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
+	Add temporarilyUntrusted.
+	(checkServerTrusted): Only prompt user if the certificate was not
+	untrusted.
+	(temporarilyUntrust): New method.
+	(isTemporarilyUntrusted): New method.
+
 2010-10-15  Pavel Tisnovsky  <ptisnovs@redhat.com>
 
 	* patches/openjdk/6853592-BadWindow-warning-fix.patch:
diff -r 902c6f336008 -r fcc8fa217369 rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Mon Oct 18 14:18:22 2010 +0100
+++ b/rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Mon Oct 18 12:52:22 2010 -0400
@@ -66,7 +66,8 @@
     X509TrustManager userTrustManager = null;
     X509TrustManager caTrustManager = null;
     
-    ArrayList<Certificate> temporarilyTrusted = new ArrayList();
+    ArrayList<Certificate> temporarilyTrusted = new ArrayList<Certificate>();
+    ArrayList<Certificate> temporarilyUntrusted = new ArrayList<Certificate>();
     
     static VariableX509TrustManager instance = null;
 
@@ -192,11 +193,14 @@
             if (checkOnly) {
                 throw ce;
             } else {
-
-                boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
+                if (!isTemporarilyUntrusted(chain[0])) {
+                    boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
 
-                if (b) {
-                    temporarilyTrust(chain[0]);
+                    if (b) {
+                        temporarilyTrust(chain[0]);
+                    } else {
+                        temporarilyUntrust(chain[0]);
+                    }
                 }
 
                 checkAllManagers(chain, authType);
@@ -247,6 +251,30 @@
     }
 
     /**
+     * Temporarily untrust the given cert - do not ask the user to trust this
+     * certificate again
+     *
+     * @param c The certificate to trust
+     */
+    private void temporarilyUntrust(Certificate c) {
+        temporarilyUntrusted.add(c);
+    }
+
+    /**
+     * Was this certificate explicitly untrusted by user?
+     *
+     * @param c the certificate
+     * @return true if the user was presented with this certificate and chose
+     * not to trust it
+     */
+    private boolean isTemporarilyUntrusted(Certificate c) {
+        if (temporarilyUntrusted.contains(c)) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
      * Temporarily trust the given cert (runtime)
      * 
      * @param c The certificate to trust