|
|
@@ -145,14 +145,9 @@ public class CSecurityTLS extends CSecurity { |
|
|
|
manager = new SSLEngineManager(engine, is, os); |
|
|
|
manager.doHandshake(); |
|
|
|
} catch(java.lang.Exception e) { |
|
|
|
if (e.getMessage().equals("X.509 certificate not trusted")) |
|
|
|
throw new WarningException(e.getMessage()); |
|
|
|
else |
|
|
|
throw new SystemException(e.toString()); |
|
|
|
throw new SystemException(e.toString()); |
|
|
|
} |
|
|
|
|
|
|
|
//checkSession(); |
|
|
|
|
|
|
|
cc.setStreams(new TLSInStream(is, manager), |
|
|
|
new TLSOutStream(os, manager)); |
|
|
|
return true; |
|
|
@@ -205,13 +200,6 @@ public class CSecurityTLS extends CSecurity { |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
class MyHandshakeListener implements HandshakeCompletedListener { |
|
|
|
public void handshakeCompleted(HandshakeCompletedEvent e) { |
|
|
|
vlog.info("Handshake succesful!"); |
|
|
|
vlog.info("Using cipher suite: " + e.getCipherSuite()); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
class MyX509TrustManager implements X509TrustManager |
|
|
|
{ |
|
|
|
|
|
|
@@ -269,7 +257,7 @@ public class CSecurityTLS extends CSecurity { |
|
|
|
tmf.init(new CertPathTrustManagerParameters(params)); |
|
|
|
tm = (X509TrustManager)tmf.getTrustManagers()[0]; |
|
|
|
} catch (java.lang.Exception e) { |
|
|
|
vlog.error(e.toString()); |
|
|
|
throw new Exception(e.getMessage()); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
@@ -287,7 +275,7 @@ public class CSecurityTLS extends CSecurity { |
|
|
|
md = MessageDigest.getInstance("SHA-1"); |
|
|
|
verifyHostname(chain[0]); |
|
|
|
tm.checkServerTrusted(chain, authType); |
|
|
|
} catch (CertificateException e) { |
|
|
|
} catch (java.lang.Exception e) { |
|
|
|
if (e.getCause() instanceof CertPathBuilderException) { |
|
|
|
Object[] answer = {"YES", "NO"}; |
|
|
|
X509Certificate cert = chain[0]; |
|
|
@@ -344,34 +332,23 @@ public class CSecurityTLS extends CSecurity { |
|
|
|
fw.write(pem+"\n"); |
|
|
|
fw.write("-----END CERTIFICATE-----\n"); |
|
|
|
} catch (IOException ioe) { |
|
|
|
throw new Exception(ioe.getCause().getMessage()); |
|
|
|
throw new Exception(ioe.getMessage()); |
|
|
|
} finally { |
|
|
|
try { |
|
|
|
if (fw != null) |
|
|
|
fw.close(); |
|
|
|
} catch(IOException ioe2) { |
|
|
|
throw new Exception(ioe2.getCause().getMessage()); |
|
|
|
throw new Exception(ioe2.getMessage()); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
throw new SystemException(e.getCause().getMessage()); |
|
|
|
throw new WarningException("Peer certificate verification failed."); |
|
|
|
} |
|
|
|
} else if (e instanceof MyCertificateParsingException) { |
|
|
|
Object[] answer = {"YES", "NO"}; |
|
|
|
int ret = JOptionPane.showOptionDialog(null, |
|
|
|
"Hostname verification failed. Do you want to continue?", |
|
|
|
"Hostname Verification Failure", |
|
|
|
JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, |
|
|
|
null, answer, answer[0]); |
|
|
|
if (ret != JOptionPane.YES_OPTION) |
|
|
|
throw new WarningException("Hostname verification failed."); |
|
|
|
} else { |
|
|
|
throw new SystemException(e.getCause().getMessage()); |
|
|
|
throw new SystemException(e.getMessage()); |
|
|
|
} |
|
|
|
} catch (java.lang.Exception e) { |
|
|
|
throw new SystemException(e.getCause().getMessage()); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
@@ -412,36 +389,21 @@ public class CSecurityTLS extends CSecurity { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
throw new MyCertificateParsingException(); |
|
|
|
Object[] answer = {"YES", "NO"}; |
|
|
|
int ret = JOptionPane.showOptionDialog(null, |
|
|
|
"Hostname verification failed. Do you want to continue?", |
|
|
|
"Hostname Verification Failure", |
|
|
|
JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, |
|
|
|
null, answer, answer[0]); |
|
|
|
if (ret != JOptionPane.YES_OPTION) |
|
|
|
throw new WarningException("Hostname verification failed."); |
|
|
|
} catch (CertificateParsingException e) { |
|
|
|
throw new MyCertificateParsingException(e.getCause()); |
|
|
|
throw new SystemException(e.getMessage()); |
|
|
|
} catch (InvalidNameException e) { |
|
|
|
throw new MyCertificateParsingException(e.getCause()); |
|
|
|
throw new SystemException(e.getMessage()); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
private class MyCertificateParsingException |
|
|
|
extends CertificateParsingException |
|
|
|
{ |
|
|
|
|
|
|
|
public MyCertificateParsingException() { |
|
|
|
super(); |
|
|
|
} |
|
|
|
|
|
|
|
public MyCertificateParsingException(String msg) { |
|
|
|
super(msg); |
|
|
|
} |
|
|
|
|
|
|
|
public MyCertificateParsingException(String msg, Throwable cause) { |
|
|
|
super(msg, cause); |
|
|
|
} |
|
|
|
|
|
|
|
public MyCertificateParsingException(Throwable cause) { |
|
|
|
super(cause); |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
private class MyFileInputStream extends InputStream { |
|
|
|
// Blank lines in a certificate file will cause Java 6 to throw a |
|
|
|
// "DerInputStream.getLength(): lengthTag=127, too big" exception. |
|
|
@@ -503,11 +465,8 @@ public class CSecurityTLS extends CSecurity { |
|
|
|
public final String description() |
|
|
|
{ return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } |
|
|
|
|
|
|
|
//protected void checkSession(); |
|
|
|
protected CConnection client; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private SSLContext ctx; |
|
|
|
private SSLSession session; |
|
|
|
private SSLEngine engine; |