From 28d838952fe355d9b981f72ebb27bb6ddfb6eb3c Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Thu, 18 Nov 2010 14:17:49 +0000 Subject: [PATCH] [Development] java: Implement X509 Security types. (Martin Koegler) git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4200 3789f03b-4d11-0410-bbf8-ca57d06f2519 --- java/src/com/tigervnc/vncviewer/Makefile | 4 +- java/src/com/tigervnc/vncviewer/RfbProto.java | 8 ++ .../src/com/tigervnc/vncviewer/VncViewer.java | 15 +++ .../com/tigervnc/vncviewer/X509Tunnel.java | 103 ++++++++++++++++++ 4 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 java/src/com/tigervnc/vncviewer/X509Tunnel.java diff --git a/java/src/com/tigervnc/vncviewer/Makefile b/java/src/com/tigervnc/vncviewer/Makefile index 1abc15af..7e73d02f 100644 --- a/java/src/com/tigervnc/vncviewer/Makefile +++ b/java/src/com/tigervnc/vncviewer/Makefile @@ -19,7 +19,7 @@ CLASSES = VncViewer.class RfbProto.class AuthPanel.class VncCanvas.class \ SocketFactory.class HTTPConnectSocketFactory.class \ HTTPConnectSocket.class ReloginPanel.class \ InStream.class MemInStream.class ZlibInStream.class \ - TLSTunnelBase.class TLSTunnel.class Dialog.class MessageBox.class + TLSTunnelBase.class TLSTunnel.class X509Tunnel.class Dialog.class MessageBox.class SOURCES = VncViewer.java RfbProto.java AuthPanel.java VncCanvas.java \ VncCanvas2.java \ @@ -29,7 +29,7 @@ SOURCES = VncViewer.java RfbProto.java AuthPanel.java VncCanvas.java \ SocketFactory.java HTTPConnectSocketFactory.java \ HTTPConnectSocket.java ReloginPanel.java \ InStream.java MemInStream.java ZlibInStream.java \ - TLSTunnelBase.java TLSTunnel.java Dialog.java MessageBox.java + TLSTunnelBase.java TLSTunnel.java X509Tunnel.java Dialog.java MessageBox.java all: $(CLASSES) $(ARCHIVE) diff --git a/java/src/com/tigervnc/vncviewer/RfbProto.java b/java/src/com/tigervnc/vncviewer/RfbProto.java index eb8ca938..e88d8e79 100644 --- a/java/src/com/tigervnc/vncviewer/RfbProto.java +++ b/java/src/com/tigervnc/vncviewer/RfbProto.java @@ -434,6 +434,9 @@ class RfbProto { case SecTypeTLSNone: case SecTypeTLSVnc: case SecTypeTLSPlain: + case SecTypeX509None: + case SecTypeX509Vnc: + case SecTypeX509Plain: writeInt(secTypes[i]); return secTypes[i]; } @@ -484,6 +487,11 @@ class RfbProto { tunnel.setup (this); } + void authenticateX509() throws Exception { + X509Tunnel tunnel = new X509Tunnel(sock); + tunnel.setup (this); + } + void authenticatePlain(String User, String Password) throws Exception { byte[] user=User.getBytes(); byte[] password=Password.getBytes(); diff --git a/java/src/com/tigervnc/vncviewer/VncViewer.java b/java/src/com/tigervnc/vncviewer/VncViewer.java index 26c82384..1c6482a3 100644 --- a/java/src/com/tigervnc/vncviewer/VncViewer.java +++ b/java/src/com/tigervnc/vncviewer/VncViewer.java @@ -407,6 +407,21 @@ public class VncViewer extends java.applet.Applet rfb.authenticateTLS(); doAuthentification(RfbProto.SecTypePlain); break; + case RfbProto.SecTypeX509None: + showConnectionStatus("X509None"); + rfb.authenticateX509(); + rfb.authenticateNone(); + break; + case RfbProto.SecTypeX509Vnc: + showConnectionStatus("X509Vnc"); + rfb.authenticateX509(); + doAuthentification(RfbProto.SecTypeVncAuth); + break; + case RfbProto.SecTypeX509Plain: + showConnectionStatus("X509Plain"); + rfb.authenticateX509(); + doAuthentification(RfbProto.SecTypePlain); + break; default: throw new Exception("Unknown authentication scheme " + secType); } diff --git a/java/src/com/tigervnc/vncviewer/X509Tunnel.java b/java/src/com/tigervnc/vncviewer/X509Tunnel.java new file mode 100644 index 00000000..ddc3f82a --- /dev/null +++ b/java/src/com/tigervnc/vncviewer/X509Tunnel.java @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2003 Sun Microsystems, Inc. + * Copyright (C) 2003-2010 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +package com.tigervnc.vncviewer; + +import java.util.*; +import java.net.*; +import javax.net.ssl.*; +import java.security.*; +import java.security.cert.*; + +public class X509Tunnel extends TLSTunnelBase +{ + + public X509Tunnel (Socket sock_) + { + super (sock_); + } + + protected void setParam (SSLSocket sock) + { + String[]supported; + ArrayList enabled = new ArrayList (); + + supported = sock.getSupportedCipherSuites (); + + for (int i = 0; i < supported.length; i++) + if (!supported[i].matches (".*DH_anon.*")) + enabled.add (supported[i]); + + sock.setEnabledCipherSuites ((String[])enabled.toArray (new String[0])); + } + + protected void initContext (SSLContext sc) throws java.security. + GeneralSecurityException + { + TrustManager[] myTM = new TrustManager[] + { + new MyX509TrustManager ()}; + sc.init (null, myTM, null); + } + + + class MyX509TrustManager implements X509TrustManager + { + + X509TrustManager tm; + + MyX509TrustManager () throws java.security.GeneralSecurityException + { + TrustManagerFactory tmf = + TrustManagerFactory.getInstance ("SunX509", "SunJSSE"); + KeyStore ks = KeyStore.getInstance ("JKS"); + tmf.init (ks); + tm = (X509TrustManager) tmf.getTrustManagers ()[0]; + } + public void checkClientTrusted (X509Certificate[]chain, + String authType) throws + CertificateException + { + tm.checkClientTrusted (chain, authType); + } + + public void checkServerTrusted (X509Certificate[]chain, + String authType) + throws CertificateException + { + try + { + tm.checkServerTrusted (chain, authType); + } catch (CertificateException e) + { + MessageBox m = + new MessageBox (e.toString (), MessageBox.MB_OKAYCANCEL); + if (!m.result ()) + throw e; + } + } + + public X509Certificate[] getAcceptedIssuers () + { + return tm.getAcceptedIssuers (); + } + } +} -- 2.39.5