From 4be9da897c6a3ef45bc465583d3e7e6c75909022 Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Thu, 18 Nov 2010 14:00:12 +0000 Subject: [PATCH] [Development] java: Implement TLS security type. (Martin Koegler) git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4199 3789f03b-4d11-0410-bbf8-ca57d06f2519 --- java/src/com/tigervnc/vncviewer/Makefile | 4 +- java/src/com/tigervnc/vncviewer/RfbProto.java | 13 +++ .../src/com/tigervnc/vncviewer/TLSTunnel.java | 51 +++++++++++ .../com/tigervnc/vncviewer/TLSTunnelBase.java | 86 +++++++++++++++++++ .../src/com/tigervnc/vncviewer/VncViewer.java | 15 ++++ 5 files changed, 167 insertions(+), 2 deletions(-) create mode 100644 java/src/com/tigervnc/vncviewer/TLSTunnel.java create mode 100644 java/src/com/tigervnc/vncviewer/TLSTunnelBase.java diff --git a/java/src/com/tigervnc/vncviewer/Makefile b/java/src/com/tigervnc/vncviewer/Makefile index 0dba158e..1abc15af 100644 --- a/java/src/com/tigervnc/vncviewer/Makefile +++ b/java/src/com/tigervnc/vncviewer/Makefile @@ -19,7 +19,7 @@ CLASSES = VncViewer.class RfbProto.class AuthPanel.class VncCanvas.class \ SocketFactory.class HTTPConnectSocketFactory.class \ HTTPConnectSocket.class ReloginPanel.class \ InStream.class MemInStream.class ZlibInStream.class \ - Dialog.class MessageBox.class + TLSTunnelBase.class TLSTunnel.class Dialog.class MessageBox.class SOURCES = VncViewer.java RfbProto.java AuthPanel.java VncCanvas.java \ VncCanvas2.java \ @@ -29,7 +29,7 @@ SOURCES = VncViewer.java RfbProto.java AuthPanel.java VncCanvas.java \ SocketFactory.java HTTPConnectSocketFactory.java \ HTTPConnectSocket.java ReloginPanel.java \ InStream.java MemInStream.java ZlibInStream.java \ - Dialog.java MessageBox.java + TLSTunnelBase.java TLSTunnel.java Dialog.java MessageBox.java all: $(CLASSES) $(ARCHIVE) diff --git a/java/src/com/tigervnc/vncviewer/RfbProto.java b/java/src/com/tigervnc/vncviewer/RfbProto.java index a0aade04..eb8ca938 100644 --- a/java/src/com/tigervnc/vncviewer/RfbProto.java +++ b/java/src/com/tigervnc/vncviewer/RfbProto.java @@ -431,6 +431,9 @@ class RfbProto { case SecTypeNone: case SecTypeVncAuth: case SecTypePlain: + case SecTypeTLSNone: + case SecTypeTLSVnc: + case SecTypeTLSPlain: writeInt(secTypes[i]); return secTypes[i]; } @@ -476,6 +479,11 @@ class RfbProto { readSecurityResult("VNC authentication"); } + void authenticateTLS() throws Exception { + TLSTunnel tunnel = new TLSTunnel(sock); + tunnel.setup (this); + } + void authenticatePlain(String User, String Password) throws Exception { byte[] user=User.getBytes(); byte[] password=Password.getBytes(); @@ -1545,4 +1553,9 @@ class RfbProto { numBytesRead += 4; return r; } + + public void setStreams(InputStream is_, OutputStream os_) { + is = new DataInputStream(is_); + os = os_; + } } diff --git a/java/src/com/tigervnc/vncviewer/TLSTunnel.java b/java/src/com/tigervnc/vncviewer/TLSTunnel.java new file mode 100644 index 00000000..00cfb4ab --- /dev/null +++ b/java/src/com/tigervnc/vncviewer/TLSTunnel.java @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2003 Sun Microsystems, Inc. + * Copyright (C) 2003-2010 Martin Koegler + * Copyright (C) 2006 OCCAM Financial Technology + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +package com.tigervnc.vncviewer; + +import java.util.*; +import java.net.*; +import javax.net.ssl.*; + +public class TLSTunnel extends TLSTunnelBase +{ + + public TLSTunnel (Socket sock_) + { + super (sock_); + } + + + protected void setParam (SSLSocket sock) + { + String[]supported; + ArrayList enabled = new ArrayList (); + + supported = sock.getSupportedCipherSuites (); + + for (int i = 0; i < supported.length; i++) + if (supported[i].matches (".*DH_anon.*")) + enabled.add (supported[i]); + + sock.setEnabledCipherSuites ((String[])enabled.toArray (new String[0])); + } + +} diff --git a/java/src/com/tigervnc/vncviewer/TLSTunnelBase.java b/java/src/com/tigervnc/vncviewer/TLSTunnelBase.java new file mode 100644 index 00000000..922e8374 --- /dev/null +++ b/java/src/com/tigervnc/vncviewer/TLSTunnelBase.java @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2003 Sun Microsystems, Inc. + * Copyright (C) 2003-2010 Martin Koegler + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +package com.tigervnc.vncviewer; + +import java.util.ArrayList; +import java.net.*; +import javax.net.ssl.*; + +public abstract class TLSTunnelBase +{ + + public TLSTunnelBase (Socket sock_) + { + sock = sock_; + } + + protected void initContext (SSLContext sc) throws java.security. + GeneralSecurityException + { + sc.init (null, null, null); + } + + public void setup (RfbProto cc) throws Exception + { + if (cc.readU8 () == 0) + throw new Exception("Setup on the server failed"); + try + { + SSLSocketFactory sslfactory; + SSLSocket sslsock; + SSLContext sc = SSLContext.getInstance ("TLS"); + System.out.println("Generating TLS context"); + initContext (sc); + System.out.println("Doing TLS handshake"); + sslfactory = sc.getSocketFactory (); + sslsock = (SSLSocket) sslfactory.createSocket (sock, + sock.getInetAddress (). + getHostName (), + sock.getPort (), true); + + setParam (sslsock); + + /* Not neccessary - just ensures that we know what cipher + * suite we are using for the output of toString() + */ + sslsock.startHandshake (); + + System.out.println("TLS done"); + + cc.setStreams (sslsock.getInputStream (), + sslsock.getOutputStream ()); + } + catch (java.io.IOException e) + { + throw new Exception("TLS handshake failed " + e.toString ()); + } + catch (java.security.GeneralSecurityException e) + { + throw new Exception("TLS handshake failed " + e.toString ()); + } + } + + + protected abstract void setParam (SSLSocket sock); + + Socket sock; + +} diff --git a/java/src/com/tigervnc/vncviewer/VncViewer.java b/java/src/com/tigervnc/vncviewer/VncViewer.java index 41f484f9..26c82384 100644 --- a/java/src/com/tigervnc/vncviewer/VncViewer.java +++ b/java/src/com/tigervnc/vncviewer/VncViewer.java @@ -392,6 +392,21 @@ public class VncViewer extends java.applet.Applet rfb.authenticatePlain(user,pw); } break; + case RfbProto.SecTypeTLSNone: + showConnectionStatus("TLSNone"); + rfb.authenticateTLS(); + rfb.authenticateNone(); + break; + case RfbProto.SecTypeTLSVnc: + showConnectionStatus("TLSVnc"); + rfb.authenticateTLS(); + doAuthentification(RfbProto.SecTypeVncAuth); + break; + case RfbProto.SecTypeTLSPlain: + showConnectionStatus("TLSPlain"); + rfb.authenticateTLS(); + doAuthentification(RfbProto.SecTypePlain); + break; default: throw new Exception("Unknown authentication scheme " + secType); } -- 2.39.5