From 63ee86708feda53eebcd19db97ed6c5da47cb2b5 Mon Sep 17 00:00:00 2001 From: "Brian P. Hinz" Date: Sat, 10 Oct 2015 13:06:14 -0400 Subject: [PATCH] Cleanup exception handling for x509* auth types in java viewer --- java/com/tigervnc/rfb/CSecurityTLS.java | 75 ++++++------------------- 1 file changed, 17 insertions(+), 58 deletions(-) diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java index a0166032..40c34bb1 100644 --- a/java/com/tigervnc/rfb/CSecurityTLS.java +++ b/java/com/tigervnc/rfb/CSecurityTLS.java @@ -145,14 +145,9 @@ public class CSecurityTLS extends CSecurity { manager = new SSLEngineManager(engine, is, os); manager.doHandshake(); } catch(java.lang.Exception e) { - if (e.getMessage().equals("X.509 certificate not trusted")) - throw new WarningException(e.getMessage()); - else - throw new SystemException(e.toString()); + throw new SystemException(e.toString()); } - //checkSession(); - cc.setStreams(new TLSInStream(is, manager), new TLSOutStream(os, manager)); return true; @@ -205,13 +200,6 @@ public class CSecurityTLS extends CSecurity { } - class MyHandshakeListener implements HandshakeCompletedListener { - public void handshakeCompleted(HandshakeCompletedEvent e) { - vlog.info("Handshake succesful!"); - vlog.info("Using cipher suite: " + e.getCipherSuite()); - } - } - class MyX509TrustManager implements X509TrustManager { @@ -269,7 +257,7 @@ public class CSecurityTLS extends CSecurity { tmf.init(new CertPathTrustManagerParameters(params)); tm = (X509TrustManager)tmf.getTrustManagers()[0]; } catch (java.lang.Exception e) { - vlog.error(e.toString()); + throw new Exception(e.getMessage()); } } @@ -287,7 +275,7 @@ public class CSecurityTLS extends CSecurity { md = MessageDigest.getInstance("SHA-1"); verifyHostname(chain[0]); tm.checkServerTrusted(chain, authType); - } catch (CertificateException e) { + } catch (java.lang.Exception e) { if (e.getCause() instanceof CertPathBuilderException) { Object[] answer = {"YES", "NO"}; X509Certificate cert = chain[0]; @@ -344,34 +332,23 @@ public class CSecurityTLS extends CSecurity { fw.write(pem+"\n"); fw.write("-----END CERTIFICATE-----\n"); } catch (IOException ioe) { - throw new Exception(ioe.getCause().getMessage()); + throw new Exception(ioe.getMessage()); } finally { try { if (fw != null) fw.close(); } catch(IOException ioe2) { - throw new Exception(ioe2.getCause().getMessage()); + throw new Exception(ioe2.getMessage()); } } } } } else { - throw new SystemException(e.getCause().getMessage()); + throw new WarningException("Peer certificate verification failed."); } - } else if (e instanceof MyCertificateParsingException) { - Object[] answer = {"YES", "NO"}; - int ret = JOptionPane.showOptionDialog(null, - "Hostname verification failed. Do you want to continue?", - "Hostname Verification Failure", - JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, - null, answer, answer[0]); - if (ret != JOptionPane.YES_OPTION) - throw new WarningException("Hostname verification failed."); } else { - throw new SystemException(e.getCause().getMessage()); + throw new SystemException(e.getMessage()); } - } catch (java.lang.Exception e) { - throw new SystemException(e.getCause().getMessage()); } } @@ -412,36 +389,21 @@ public class CSecurityTLS extends CSecurity { } } } - throw new MyCertificateParsingException(); + Object[] answer = {"YES", "NO"}; + int ret = JOptionPane.showOptionDialog(null, + "Hostname verification failed. Do you want to continue?", + "Hostname Verification Failure", + JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, + null, answer, answer[0]); + if (ret != JOptionPane.YES_OPTION) + throw new WarningException("Hostname verification failed."); } catch (CertificateParsingException e) { - throw new MyCertificateParsingException(e.getCause()); + throw new SystemException(e.getMessage()); } catch (InvalidNameException e) { - throw new MyCertificateParsingException(e.getCause()); + throw new SystemException(e.getMessage()); } } - private class MyCertificateParsingException - extends CertificateParsingException - { - - public MyCertificateParsingException() { - super(); - } - - public MyCertificateParsingException(String msg) { - super(msg); - } - - public MyCertificateParsingException(String msg, Throwable cause) { - super(msg, cause); - } - - public MyCertificateParsingException(Throwable cause) { - super(cause); - } - - } - private class MyFileInputStream extends InputStream { // Blank lines in a certificate file will cause Java 6 to throw a // "DerInputStream.getLength(): lengthTag=127, too big" exception. @@ -503,11 +465,8 @@ public class CSecurityTLS extends CSecurity { public final String description() { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } - //protected void checkSession(); protected CConnection client; - - private SSLContext ctx; private SSLSession session; private SSLEngine engine; -- 2.39.5