Mercurial > hg > release > icedtea6-1.7
changeset 2003:fcc8fa217369
netx: do not prompt user multiple times for the same certificate
2010-10-18 Omair Majid <omajid@redhat.com>
* rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
Add temporarilyUntrusted.
(checkServerTrusted): Only prompt user if the certificate was not
untrusted.
(temporarilyUntrust): New method.
(isTemporarilyUntrusted): New method.
| author | Omair Majid <omajid@redhat.com> |
|---|---|
| date | Mon, 18 Oct 2010 12:52:22 -0400 |
| parents | 902c6f336008 |
| children | 6c21e99512e1 |
| files | ChangeLog rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java |
| diffstat | 2 files changed, 42 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Oct 18 14:18:22 2010 +0100 +++ b/ChangeLog Mon Oct 18 12:52:22 2010 -0400 @@ -1,3 +1,12 @@ +2010-10-18 Omair Majid <omajid@redhat.com> + + * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java: + Add temporarilyUntrusted. + (checkServerTrusted): Only prompt user if the certificate was not + untrusted. + (temporarilyUntrust): New method. + (isTemporarilyUntrusted): New method. + 2010-10-15 Pavel Tisnovsky <ptisnovs@redhat.com> * patches/openjdk/6853592-BadWindow-warning-fix.patch:
--- a/rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java Mon Oct 18 14:18:22 2010 +0100 +++ b/rt/net/sourceforge/jnlp/security/VariableX509TrustManager.java Mon Oct 18 12:52:22 2010 -0400 @@ -66,7 +66,8 @@ X509TrustManager userTrustManager = null; X509TrustManager caTrustManager = null; - ArrayList<Certificate> temporarilyTrusted = new ArrayList(); + ArrayList<Certificate> temporarilyTrusted = new ArrayList<Certificate>(); + ArrayList<Certificate> temporarilyUntrusted = new ArrayList<Certificate>(); static VariableX509TrustManager instance = null; @@ -192,11 +193,14 @@ if (checkOnly) { throw ce; } else { - - boolean b = askUser(chain, authType, trusted, CNMatched, hostName); + if (!isTemporarilyUntrusted(chain[0])) { + boolean b = askUser(chain, authType, trusted, CNMatched, hostName); - if (b) { - temporarilyTrust(chain[0]); + if (b) { + temporarilyTrust(chain[0]); + } else { + temporarilyUntrust(chain[0]); + } } checkAllManagers(chain, authType); @@ -247,6 +251,30 @@ } /** + * Temporarily untrust the given cert - do not ask the user to trust this + * certificate again + * + * @param c The certificate to trust + */ + private void temporarilyUntrust(Certificate c) { + temporarilyUntrusted.add(c); + } + + /** + * Was this certificate explicitly untrusted by user? + * + * @param c the certificate + * @return true if the user was presented with this certificate and chose + * not to trust it + */ + private boolean isTemporarilyUntrusted(Certificate c) { + if (temporarilyUntrusted.contains(c)) { + return true; + } + return false; + } + + /** * Temporarily trust the given cert (runtime) * * @param c The certificate to trust