aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net
diff options
context:
space:
mode:
authorOmair Majid <[email protected]>2011-09-23 12:05:43 -0400
committerOmair Majid <[email protected]>2011-09-23 12:05:43 -0400
commit3981cff3d9feca0a3d240f675b8268ddb8751b83 (patch)
treebb67307c9e700efc9f4d16bbe388a99680554fa0 /netx/net
parent94355bd36513b3f649c1c027dd50e63862f1d635 (diff)
RH738814: Access denied at ssl handshake
It turns out that TrustManager.checkTrusted() could be called by untrusted code. In such a case, we should still show a warning to the user, and not throw a SecurityException instead. 2011-09-23 Omair Majid <[email protected]> * netx/net/sourceforge/jnlp/security/SecurityDialogs.java (showCertWarningDialog): Add a javadoc comment. * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java (askUser): Wrap the call to showCertWarningDialog in a doPrivileged block.
Diffstat (limited to 'netx/net')
-rw-r--r--netx/net/sourceforge/jnlp/security/SecurityDialogs.java2
-rw-r--r--netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java18
2 files changed, 15 insertions, 5 deletions
diff --git a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
index 9b93a73..d13aef9 100644
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java
@@ -181,6 +181,8 @@ public class SecurityDialogs {
* @param accessType the type of warning dialog to show
* @param file the JNLPFile associated with this warning
* @param jarSigner the JarSigner used to verify this application
+ *
+ * @return true if the user accepted the certificate
*/
public static boolean showCertWarningDialog(AccessType accessType,
JNLPFile file, CertVerifier jarSigner) {
diff --git a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
index b6f1377..b90bb1b 100644
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
@@ -37,7 +37,9 @@ exception statement from your version.
package net.sourceforge.jnlp.security;
+import java.security.AccessController;
import java.security.KeyStore;
+import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -380,17 +382,23 @@ final public class VariableX509TrustManager extends X509ExtendedTrustManager {
* @param authType The authentication algorithm
* @return user's response
*/
- private boolean askUser(X509Certificate[] chain, String authType,
- boolean isTrusted, boolean hostMatched,
- String hostName) {
+ private boolean askUser(final X509Certificate[] chain, final String authType,
+ final boolean isTrusted, final boolean hostMatched,
+ final String hostName) {
if (JNLPRuntime.isTrustAll()){
return true;
}
- return SecurityDialogs.showCertWarningDialog(
+ final VariableX509TrustManager trustManager = this;
+ return AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+ @Override
+ public Boolean run() {
+ return SecurityDialogs.showCertWarningDialog(
AccessType.UNVERIFIED, null,
- new HttpsCertVerifier(this, chain, authType,
+ new HttpsCertVerifier(trustManager, chain, authType,
isTrusted, hostMatched,
hostName));
+ }
+ });
}
/**