Brian P. Hinz
8 年之前
+ 17
- 58
java/com/tigervnc/rfb/CSecurityTLS.java
查看文件
| @@ -145,14 +145,9 @@ public class CSecurityTLS extends CSecurity { | |||
| manager = new SSLEngineManager(engine, is, os); | |||
| manager.doHandshake(); | |||
| } catch(java.lang.Exception e) { | |||
| if (e.getMessage().equals("X.509 certificate not trusted")) | |||
| throw new WarningException(e.getMessage()); | |||
| else | |||
| throw new SystemException(e.toString()); | |||
| throw new SystemException(e.toString()); | |||
| } | |||
| //checkSession(); | |||
| cc.setStreams(new TLSInStream(is, manager), | |||
| new TLSOutStream(os, manager)); | |||
| return true; | |||
| @@ -205,13 +200,6 @@ public class CSecurityTLS extends CSecurity { | |||
| } | |||
| class MyHandshakeListener implements HandshakeCompletedListener { | |||
| public void handshakeCompleted(HandshakeCompletedEvent e) { | |||
| vlog.info("Handshake succesful!"); | |||
| vlog.info("Using cipher suite: " + e.getCipherSuite()); | |||
| } | |||
| } | |||
| class MyX509TrustManager implements X509TrustManager | |||
| { | |||
| @@ -269,7 +257,7 @@ public class CSecurityTLS extends CSecurity { | |||
| tmf.init(new CertPathTrustManagerParameters(params)); | |||
| tm = (X509TrustManager)tmf.getTrustManagers()[0]; | |||
| } catch (java.lang.Exception e) { | |||
| vlog.error(e.toString()); | |||
| throw new Exception(e.getMessage()); | |||
| } | |||
| } | |||
| @@ -287,7 +275,7 @@ public class CSecurityTLS extends CSecurity { | |||
| md = MessageDigest.getInstance("SHA-1"); | |||
| verifyHostname(chain[0]); | |||
| tm.checkServerTrusted(chain, authType); | |||
| } catch (CertificateException e) { | |||
| } catch (java.lang.Exception e) { | |||
| if (e.getCause() instanceof CertPathBuilderException) { | |||
| Object[] answer = {"YES", "NO"}; | |||
| X509Certificate cert = chain[0]; | |||
| @@ -344,34 +332,23 @@ public class CSecurityTLS extends CSecurity { | |||
| fw.write(pem+"\n"); | |||
| fw.write("-----END CERTIFICATE-----\n"); | |||
| } catch (IOException ioe) { | |||
| throw new Exception(ioe.getCause().getMessage()); | |||
| throw new Exception(ioe.getMessage()); | |||
| } finally { | |||
| try { | |||
| if (fw != null) | |||
| fw.close(); | |||
| } catch(IOException ioe2) { | |||
| throw new Exception(ioe2.getCause().getMessage()); | |||
| throw new Exception(ioe2.getMessage()); | |||
| } | |||
| } | |||
| } | |||
| } | |||
| } else { | |||
| throw new SystemException(e.getCause().getMessage()); | |||
| throw new WarningException("Peer certificate verification failed."); | |||
| } | |||
| } else if (e instanceof MyCertificateParsingException) { | |||
| Object[] answer = {"YES", "NO"}; | |||
| int ret = JOptionPane.showOptionDialog(null, | |||
| "Hostname verification failed. Do you want to continue?", | |||
| "Hostname Verification Failure", | |||
| JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, | |||
| null, answer, answer[0]); | |||
| if (ret != JOptionPane.YES_OPTION) | |||
| throw new WarningException("Hostname verification failed."); | |||
| } else { | |||
| throw new SystemException(e.getCause().getMessage()); | |||
| throw new SystemException(e.getMessage()); | |||
| } | |||
| } catch (java.lang.Exception e) { | |||
| throw new SystemException(e.getCause().getMessage()); | |||
| } | |||
| } | |||
| @@ -412,36 +389,21 @@ public class CSecurityTLS extends CSecurity { | |||
| } | |||
| } | |||
| } | |||
| throw new MyCertificateParsingException(); | |||
| Object[] answer = {"YES", "NO"}; | |||
| int ret = JOptionPane.showOptionDialog(null, | |||
| "Hostname verification failed. Do you want to continue?", | |||
| "Hostname Verification Failure", | |||
| JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, | |||
| null, answer, answer[0]); | |||
| if (ret != JOptionPane.YES_OPTION) | |||
| throw new WarningException("Hostname verification failed."); | |||
| } catch (CertificateParsingException e) { | |||
| throw new MyCertificateParsingException(e.getCause()); | |||
| throw new SystemException(e.getMessage()); | |||
| } catch (InvalidNameException e) { | |||
| throw new MyCertificateParsingException(e.getCause()); | |||
| throw new SystemException(e.getMessage()); | |||
| } | |||
| } | |||
| private class MyCertificateParsingException | |||
| extends CertificateParsingException | |||
| { | |||
| public MyCertificateParsingException() { | |||
| super(); | |||
| } | |||
| public MyCertificateParsingException(String msg) { | |||
| super(msg); | |||
| } | |||
| public MyCertificateParsingException(String msg, Throwable cause) { | |||
| super(msg, cause); | |||
| } | |||
| public MyCertificateParsingException(Throwable cause) { | |||
| super(cause); | |||
| } | |||
| } | |||
| private class MyFileInputStream extends InputStream { | |||
| // Blank lines in a certificate file will cause Java 6 to throw a | |||
| // "DerInputStream.getLength(): lengthTag=127, too big" exception. | |||
| @@ -503,11 +465,8 @@ public class CSecurityTLS extends CSecurity { | |||
| public final String description() | |||
| { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | |||
| //protected void checkSession(); | |||
| protected CConnection client; | |||
| private SSLContext ctx; | |||
| private SSLSession session; | |||
| private SSLEngine engine; | |||
Loading…