aboutsummaryrefslogtreecommitdiffstats
path: root/netx
diff options
context:
space:
mode:
authorDanesh Dadachanji <[email protected]>2011-08-11 14:11:41 -0400
committerDanesh Dadachanji <[email protected]>2011-08-11 14:11:41 -0400
commitb9489af4180d2f31ea915df7c7d856107937c52f (patch)
treec28ecd0c514da3cc28440c0bb4a694e969cd00ce /netx
parent99c884e49205ce26a993ff71268b189cd3bc53d2 (diff)
PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted.
Diffstat (limited to 'netx')
-rw-r--r--netx/net/sourceforge/jnlp/tools/JarSigner.java8
1 files changed, 7 insertions, 1 deletions
diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java
index b452dbc..a7d529b 100644
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java
@@ -373,7 +373,13 @@ public class JarSigner implements CertVerifier {
alreadyTrustPublisher = CertificateUtils.inKeyStores(publisher, certKeyStores);
X509Certificate root = (X509Certificate) getRoot();
KeyStore[] caKeyStores = KeyStores.getCAKeyStores();
- rootInCacerts = CertificateUtils.inKeyStores(root, caKeyStores);
+ // Check entire cert path for a trusted CA
+ for (Certificate c : certPath.getCertificates()) {
+ if ((rootInCacerts = CertificateUtils.inKeyStores(
+ (X509Certificate) c, caKeyStores))) {
+ break;
+ }
+ }
} catch (Exception e) {
// TODO: Warn user about not being able to
// look through their cacerts/trusted.certs