Package net.sourceforge.jnlp.security

Class PluginAppVerifier

  • All Implemented Interfaces:
    AppVerifier
    public class PluginAppVerifier
extends java.lang.Object
implements AppVerifier

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.util.List<java.security.cert.CertPath> buildCertPathsList​(JarCertVerifier jcv)
      Build a list of all the CertPaths that were detected in the provided JCV, placing them in the most trusted possible order.
      void checkTrustWithUser​(JNLPClassLoader.SecurityDelegate securityDelegate, JarCertVerifier jcv, JNLPFile file)
      Prompt the user with requests for trusting the certificates used by this app
      boolean hasAlreadyTrustedPublisher​(java.util.Map<java.security.cert.CertPath,​CertInformation> certs, java.util.Map<java.lang.String,​java.lang.Integer> signedJars)
      Checks if the app has already found trust in its publisher(s).
      boolean hasRootInCacerts​(java.util.Map<java.security.cert.CertPath,​CertInformation> certs, java.util.Map<java.lang.String,​java.lang.Integer> signedJars)
      Checks if the app has signer(s) whose certs along their chains are in CA certs.
      boolean isFullySigned​(java.util.Map<java.security.cert.CertPath,​CertInformation> certs, java.util.Map<java.lang.String,​java.lang.Integer> signedJars)
      Checks if the app's jars are covered by the provided certificates, enough to consider the app fully signed.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • PluginAppVerifier

        public PluginAppVerifier()

    • Method Detail

      • hasAlreadyTrustedPublisher

        public boolean hasAlreadyTrustedPublisher​(java.util.Map<java.security.cert.CertPath,​CertInformation> certs,
                                          java.util.Map<java.lang.String,​java.lang.Integer> signedJars)
        Description copied from interface: AppVerifier
        Checks if the app has already found trust in its publisher(s).
        Specified by:
        hasAlreadyTrustedPublisher in interface AppVerifier
        Parameters:
        certs - The certs to search through and their cert information
        signedJars - A map of all the jars of this app and the number of signed entries each one has.
        Returns:
        True if the app trusts its publishers.

      • hasRootInCacerts

        public boolean hasRootInCacerts​(java.util.Map<java.security.cert.CertPath,​CertInformation> certs,
                                java.util.Map<java.lang.String,​java.lang.Integer> signedJars)
        Description copied from interface: AppVerifier
        Checks if the app has signer(s) whose certs along their chains are in CA certs.
        Specified by:
        hasRootInCacerts in interface AppVerifier
        Parameters:
        certs - The certs to search through and their cert information
        signedJars - A map of all the jars of this app and the number of signed entries each one has.
        Returns:
        True if the app has a root in the CA certs store.

      • isFullySigned

        public boolean isFullySigned​(java.util.Map<java.security.cert.CertPath,​CertInformation> certs,
                             java.util.Map<java.lang.String,​java.lang.Integer> signedJars)
        Description copied from interface: AppVerifier
        Checks if the app's jars are covered by the provided certificates, enough to consider the app fully signed.
        Specified by:
        isFullySigned in interface AppVerifier
        Parameters:
        certs - Any possible signer and their respective information regarding this app.
        signedJars - A map of all the jars of this app and the number of signed entries each one has.
        Returns:
        true if jar is fully signed

      • buildCertPathsList

        public java.util.List<java.security.cert.CertPath> buildCertPathsList​(JarCertVerifier jcv)
        Build a list of all the CertPaths that were detected in the provided JCV, placing them in the most trusted possible order.
        Parameters:
        jcv - The verifier containing the CertPaths to examine.
        Returns:
        A list of CertPaths sorted in the following order: Signers with 1. Already trusted publishers 2. Roots in the CA store and have no signing issues 3. Roots in the CA store but have signing issues 4. Everything else