mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 37 Wiki Activity
Browse Source

Allow multiple certs with same DN in saved certs file.

tags/v1.8.90
Brian P. Hinz 6 years ago
parent
0f2d1f6f0d
commit
b22624f433
1 changed files with 21 additions and 13 deletions
Split View Show Diff Stats
  1. 21
    13
      java/com/tigervnc/rfb/CSecurityTLS.java

+ 21
- 13
java/com/tigervnc/rfb/CSecurityTLS.java View File

@@ -218,9 +218,8 @@ public class CSecurityTLS extends CSecurity {
Collection<? extends Certificate> cacerts =
cf.generateCertificates(caStream);
for (Certificate cert : cacerts) {
String dn =
((X509Certificate)cert).getSubjectX500Principal().getName();
ks.setCertificateEntry(dn, (X509Certificate)cert);
String thumbprint = getThumbprint((X509Certificate)cert);
ks.setCertificateEntry(thumbprint, (X509Certificate)cert);
}
}
File cacert = new File(cafile);
@@ -229,9 +228,8 @@ public class CSecurityTLS extends CSecurity {
Collection<? extends Certificate> cacerts =
cf.generateCertificates(caStream);
for (Certificate cert : cacerts) {
String dn =
((X509Certificate)cert).getSubjectX500Principal().getName();
ks.setCertificateEntry(dn, (X509Certificate)cert);
String thumbprint = getThumbprint((X509Certificate)cert);
ks.setCertificateEntry(thumbprint, (X509Certificate)cert);
}
}
PKIXBuilderParameters params =
@@ -264,19 +262,13 @@ public class CSecurityTLS extends CSecurity {
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException
{
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-1");
verifyHostname(chain[0]);
tm.checkServerTrusted(chain, authType);
} catch (java.lang.Exception e) {
if (e.getCause() instanceof CertPathBuilderException) {
Object[] answer = {"YES", "NO"};
X509Certificate cert = chain[0];
md.update(cert.getEncoded());
String thumbprint =
DatatypeConverter.printHexBinary(md.digest());
thumbprint = thumbprint.replaceAll("..(?!$)", "$0 ");
int ret = JOptionPane.showOptionDialog(null,
"This certificate has been signed by an unknown authority\n"+
"\n"+
@@ -287,7 +279,7 @@ public class CSecurityTLS extends CSecurity {
" Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+
" Not Valid Before: "+cert.getNotBefore()+"\n"+
" Not Valid After: "+cert.getNotAfter()+"\n"+
" SHA1 Fingerprint: "+thumbprint+"\n"+
" SHA1 Fingerprint: "+getThumbprint(cert)+"\n"+
"\n"+
"Do you want to save it and continue?",
"Certificate Issuer Unknown",
@@ -351,6 +343,22 @@ public class CSecurityTLS extends CSecurity {
return tm.getAcceptedIssuers();
}

private String getThumbprint(X509Certificate cert)
{
String thumbprint = null;
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(cert.getEncoded());
thumbprint = DatatypeConverter.printHexBinary(md.digest());
thumbprint = thumbprint.replaceAll("..(?!$)", "$0 ");
} catch(CertificateEncodingException e) {
throw new SystemException(e.getMessage());
} catch(NoSuchAlgorithmException e) {
throw new SystemException(e.getMessage());
}
return thumbprint;
}

private void verifyHostname(X509Certificate cert)
throws CertificateParsingException
{

Write Preview
Loading…
Cancel
Save