diff options
author | Danesh Dadachanji <[email protected]> | 2011-08-11 14:11:41 -0400 |
---|---|---|
committer | Danesh Dadachanji <[email protected]> | 2011-08-11 14:11:41 -0400 |
commit | b9489af4180d2f31ea915df7c7d856107937c52f (patch) | |
tree | c28ecd0c514da3cc28440c0bb4a694e969cd00ce /netx | |
parent | 99c884e49205ce26a993ff71268b189cd3bc53d2 (diff) |
PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted.
Diffstat (limited to 'netx')
-rw-r--r-- | netx/net/sourceforge/jnlp/tools/JarSigner.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java index b452dbc..a7d529b 100644 --- a/netx/net/sourceforge/jnlp/tools/JarSigner.java +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java @@ -373,7 +373,13 @@ public class JarSigner implements CertVerifier { alreadyTrustPublisher = CertificateUtils.inKeyStores(publisher, certKeyStores); X509Certificate root = (X509Certificate) getRoot(); KeyStore[] caKeyStores = KeyStores.getCAKeyStores(); - rootInCacerts = CertificateUtils.inKeyStores(root, caKeyStores); + // Check entire cert path for a trusted CA + for (Certificate c : certPath.getCertificates()) { + if ((rootInCacerts = CertificateUtils.inKeyStores( + (X509Certificate) c, caKeyStores))) { + break; + } + } } catch (Exception e) { // TODO: Warn user about not being able to // look through their cacerts/trusted.certs |