Allow multiple certs with same DN in saved certs file.

diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 4b20e0bf0d96088a5248e1621704ac9d19b1b4ac..08aa1125ac1e5aeef9a09f4e3fcf6ebc37bdb40a 100644 (file)
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -218,9 +218,8 @@ public class CSecurityTLS extends CSecurity {
           Collection<? extends Certificate> cacerts =
             cf.generateCertificates(caStream);
           for (Certificate cert : cacerts) {
-            String dn =
-              ((X509Certificate)cert).getSubjectX500Principal().getName();
-            ks.setCertificateEntry(dn, (X509Certificate)cert);
+            String thumbprint = getThumbprint((X509Certificate)cert);
+            ks.setCertificateEntry(thumbprint, (X509Certificate)cert);
           }
         }
         File cacert = new File(cafile);
@@ -229,9 +228,8 @@ public class CSecurityTLS extends CSecurity {
           Collection<? extends Certificate> cacerts =
             cf.generateCertificates(caStream);
           for (Certificate cert : cacerts) {
-            String dn =
-              ((X509Certificate)cert).getSubjectX500Principal().getName();
-            ks.setCertificateEntry(dn, (X509Certificate)cert);
+            String thumbprint = getThumbprint((X509Certificate)cert);
+            ks.setCertificateEntry(thumbprint, (X509Certificate)cert);
           }
         }
         PKIXBuilderParameters params =
@@ -264,19 +262,13 @@ public class CSecurityTLS extends CSecurity {
     public void checkServerTrusted(X509Certificate[] chain, String authType)
       throws CertificateException
     {
-      MessageDigest md = null;
       try {
-        md = MessageDigest.getInstance("SHA-1");
         verifyHostname(chain[0]);
         tm.checkServerTrusted(chain, authType);
       } catch (java.lang.Exception e) {
         if (e.getCause() instanceof CertPathBuilderException) {
           Object[] answer = {"YES", "NO"};
           X509Certificate cert = chain[0];
-          md.update(cert.getEncoded());
-          String thumbprint =
-            DatatypeConverter.printHexBinary(md.digest());
-          thumbprint = thumbprint.replaceAll("..(?!$)", "$0 ");
           int ret = JOptionPane.showOptionDialog(null,
             "This certificate has been signed by an unknown authority\n"+
             "\n"+
@@ -287,7 +279,7 @@ public class CSecurityTLS extends CSecurity {
             "  Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+
             "  Not Valid Before: "+cert.getNotBefore()+"\n"+
             "  Not Valid After: "+cert.getNotAfter()+"\n"+
-            "  SHA1 Fingerprint: "+thumbprint+"\n"+
+            "  SHA1 Fingerprint: "+getThumbprint(cert)+"\n"+
             "\n"+
             "Do you want to save it and continue?",
             "Certificate Issuer Unknown",
@@ -351,6 +343,22 @@ public class CSecurityTLS extends CSecurity {
       return tm.getAcceptedIssuers();
     }
 
+    private String getThumbprint(X509Certificate cert)
+    {
+      String thumbprint = null;
+      try {
+        MessageDigest md = MessageDigest.getInstance("SHA-1");
+        md.update(cert.getEncoded());
+        thumbprint = DatatypeConverter.printHexBinary(md.digest());
+        thumbprint = thumbprint.replaceAll("..(?!$)", "$0 ");
+      } catch(CertificateEncodingException e) {
+        throw new SystemException(e.getMessage());
+      } catch(NoSuchAlgorithmException e) {
+        throw new SystemException(e.getMessage());
+      }
+      return thumbprint;
+    }
+
     private void verifyHostname(X509Certificate cert)
       throws CertificateParsingException
     {