Move UserPasswordGetter out of CConn

8 files changed, 52 insertions, 50 deletions

diff --git a/java/com/tigervnc/rfb/CSecurity.java b/java/com/tigervnc/rfb/CSecurity.java
index f67680cd..a99a5f87 100644
--- a/java/com/tigervnc/rfb/CSecurity.java
+++ b/java/com/tigervnc/rfb/CSecurity.java
@@ -42,5 +42,5 @@ abstract public class CSecurity {
    * Use variable directly instead of dumb get/set methods.
    * It MUST be set by viewer.
    */
-  static UserPasswdGetter upg;
+  public static UserPasswdGetter upg;
 }
diff --git a/java/com/tigervnc/rfb/CSecurityIdent.java b/java/com/tigervnc/rfb/CSecurityIdent.java
index 9eb6e0b6..e53432bf 100644
--- a/java/com/tigervnc/rfb/CSecurityIdent.java
+++ b/java/com/tigervnc/rfb/CSecurityIdent.java
@@ -1,4 +1,4 @@
-/* Copyright (C) 2011 Brian P. Hinz
+/* Copyright (C) 2011-2017 Brian P. Hinz
  *
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -30,7 +30,7 @@ public class CSecurityIdent extends CSecurity {
 
     StringBuffer username = new StringBuffer();
 
-    CConn.upg.getUserPasswd(username, null);
+    upg.getUserPasswd(username, null);
 
     // Return the response to the server
     os.writeU32(username.length());
@@ -46,9 +46,6 @@ public class CSecurityIdent extends CSecurity {
 
   public int getType() { return Security.secTypeIdent; }
 
-  java.net.Socket sock;
-  UserPasswdGetter upg;
-
   static LogWriter vlog = new LogWriter("Ident");
   public String description() { return "No Encryption"; }
 
diff --git a/java/com/tigervnc/rfb/CSecurityPlain.java b/java/com/tigervnc/rfb/CSecurityPlain.java
index d6f8ffde..98f6b8cc 100644
--- a/java/com/tigervnc/rfb/CSecurityPlain.java
+++ b/java/com/tigervnc/rfb/CSecurityPlain.java
@@ -1,6 +1,6 @@
 /* Copyright (C) 2005 Martin Koegler
  * Copyright (C) 2010 TigerVNC Team
- * Copyright (C) 2011 Brian P. Hinz
+ * Copyright (C) 2011-2017 Brian P. Hinz
  *
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -34,7 +34,7 @@ public class CSecurityPlain extends CSecurity {
     StringBuffer username = new StringBuffer();
     StringBuffer password = new StringBuffer();
 
-    CConn.upg.getUserPasswd(username, password);
+    upg.getUserPasswd(username, password);
 
     // Return the response to the server
     os.writeU32(username.length());
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 733e97d4..c91f36a1 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -56,6 +56,8 @@ import com.tigervnc.rdr.*;
 import com.tigervnc.network.*;
 import com.tigervnc.vncviewer.*;
 
+import static javax.swing.JOptionPane.*;
+
 public class CSecurityTLS extends CSecurity {
 
   public static StringParameter X509CA
@@ -64,6 +66,7 @@ public class CSecurityTLS extends CSecurity {
   public static StringParameter X509CRL
   = new StringParameter("X509CRL",
                         "X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
+  public static UserMsgBox msg;
 
   private void initGlobal()
   {
@@ -254,6 +257,16 @@ public class CSecurityTLS extends CSecurity {
     {
       Collection<? extends Certificate> certs = null;
       X509Certificate cert = chain[0];
+      try {
+        cert.checkValidity();
+      } catch(CertificateNotYetValidException e) {
+        throw new AuthFailureException("server certificate has not been activated");
+      } catch(CertificateExpiredException e) {
+        if (!msg.showMsgBox(YES_NO_OPTION, "certificate has expired",
+			      "The certificate of the server has expired, "+
+			      "do you want to continue?"))
+          throw new AuthFailureException("server certificate has expired");
+      }
       String thumbprint = getThumbprint(cert);
       File vncDir = new File(FileUtils.getVncHomeDir());
       File certFile = new File(vncDir, "x509_savedcerts.pem");
@@ -270,8 +283,7 @@ public class CSecurityTLS extends CSecurity {
         tm.checkServerTrusted(chain, authType);
       } catch (java.lang.Exception e) {
         if (e.getCause() instanceof CertPathBuilderException) {
-          Object[] answer = {"YES", "NO"};
-          int ret = JOptionPane.showOptionDialog(null,
+          String certinfo =
             "This certificate has been signed by an unknown authority\n"+
             "\n"+
             "  Subject: "+cert.getSubjectX500Principal().getName()+"\n"+
@@ -283,46 +295,38 @@ public class CSecurityTLS extends CSecurity {
             "  Not Valid After: "+cert.getNotAfter()+"\n"+
             "  SHA1 Fingerprint: "+getThumbprint(cert)+"\n"+
             "\n"+
-            "Do you want to save it and continue?",
-            "Certificate Issuer Unknown",
-            JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
-            null, answer, answer[0]);
-          if (ret == JOptionPane.YES_OPTION) {
+            "Do you want to save it and continue?";
+          if (!msg.showMsgBox(YES_NO_OPTION, "certificate issuer unknown",
+                certinfo)) {
+            throw new AuthFailureException("certificate issuer unknown");
+          }
+          if (certs == null || !certs.contains(cert)) {
+            byte[] der = cert.getEncoded();
+            String pem = DatatypeConverter.printBase64Binary(der);
+            pem = pem.replaceAll("(.{64})", "$1\n");
+            FileWriter fw = null;
             try {
               if (!vncDir.exists())
                 vncDir.mkdir();
               if (!certFile.exists() && !certFile.createNewFile()) {
                 vlog.error("Certificate save failed.");
-                return;
-              }
-            } catch (java.lang.Exception ioe) {
-              // skip save if security settings prohibit access to filesystem
-              vlog.error("Certificate save failed: "+ioe.getMessage());
-              return;
-            }
-            if (certs == null || !certs.contains(cert)) {
-              byte[] der = cert.getEncoded();
-              String pem = DatatypeConverter.printBase64Binary(der);
-              pem = pem.replaceAll("(.{64})", "$1\n");
-              FileWriter fw = null;
-              try {
+              } else {
                 fw = new FileWriter(certFile.getAbsolutePath(), true);
                 fw.write("-----BEGIN CERTIFICATE-----\n");
                 fw.write(pem+"\n");
                 fw.write("-----END CERTIFICATE-----\n");
-              } catch (IOException ioe) {
-                throw new Exception(ioe.getMessage());
-              } finally {
-                try {
-                  if (fw != null)
-                    fw.close();
-                } catch(IOException ioe2) {
-                  throw new Exception(ioe2.getMessage());
-                }
+              }
+            } catch (IOException ioe) {
+              msg.showMsgBox(OK_OPTION, "certificate save failed",
+                             "Could not save the certificate");
+            } finally {
+              try {
+                if (fw != null)
+                  fw.close();
+              } catch(IOException ioe2) {
+                throw new Exception(ioe2.getMessage());
               }
             }
-          } else {
-            throw new WarningException("Peer certificate verification failed.");
           }
         } else {
           throw new SystemException(e.getMessage());
diff --git a/java/com/tigervnc/rfb/CSecurityVeNCrypt.java b/java/com/tigervnc/rfb/CSecurityVeNCrypt.java
index 179900a4..daf205cd 100644
--- a/java/com/tigervnc/rfb/CSecurityVeNCrypt.java
+++ b/java/com/tigervnc/rfb/CSecurityVeNCrypt.java
@@ -178,7 +178,13 @@ public class CSecurityVeNCrypt extends CSecurity {
   }
 
   public final int getType() { return chosenType; }
-  public final String description() { return Security.secTypeName(chosenType); }
+  public final String description()
+  {
+    if (csecurity != null)
+      return csecurity.description();
+    return "VeNCrypt";
+  }
+
 
   public static StringParameter secTypesStr;
 
diff --git a/java/com/tigervnc/rfb/CSecurityVncAuth.java b/java/com/tigervnc/rfb/CSecurityVncAuth.java
index e053e410..e8c5686d 100644
--- a/java/com/tigervnc/rfb/CSecurityVncAuth.java
+++ b/java/com/tigervnc/rfb/CSecurityVncAuth.java
@@ -36,7 +36,7 @@ public class CSecurityVncAuth extends CSecurity {
     byte[] challenge = new byte[vncAuthChallengeSize];
     is.readBytes(challenge, 0, vncAuthChallengeSize);
     StringBuffer passwd = new StringBuffer();
-    CConn.upg.getUserPasswd(null, passwd);
+    upg.getUserPasswd(null, passwd);
 
     // Calculate the correct response
     byte[] key = new byte[8];
diff --git a/java/com/tigervnc/rfb/SecurityClient.java b/java/com/tigervnc/rfb/SecurityClient.java
index ff2433c2..d3557337 100644
--- a/java/com/tigervnc/rfb/SecurityClient.java
+++ b/java/com/tigervnc/rfb/SecurityClient.java
@@ -1,6 +1,6 @@
 /* Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.
  * Copyright (C) 2010 TigerVNC Team
- * Copyright (C) 2011-2012 Brian P. Hinz
+ * Copyright (C) 2011-2017 Brian P. Hinz
  *
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,16 +20,14 @@
 
 package com.tigervnc.rfb;
 
-import com.tigervnc.vncviewer.CConn;
-
 public class SecurityClient extends Security {
 
   public SecurityClient() { super(secTypes); }
 
   public CSecurity GetCSecurity(int secType)
   {
-    assert (CConn.upg != null); /* (upg == null) means bug in the viewer */
-    assert (msg != null);
+    assert (CSecurity.upg != null); /* (upg == null) means bug in the viewer */
+    assert (CSecurityTLS.msg != null);
 
     if (!IsSupported(secType))
       throw new Exception("Security type not supported");
@@ -75,9 +73,6 @@ public class SecurityClient extends Security {
       CSecurityTLS.setDefaults();
   }
 
-  //UserPasswdGetter upg = null;
-  String msg = null;
-
   public static StringParameter secTypes
   = new StringParameter("SecurityTypes",
                         "Specify which security scheme to use (None, VncAuth, Plain, Ident, TLSNone, TLSVnc, TLSPlain, TLSIdent, X509None, X509Vnc, X509Plain, X509Ident)",
diff --git a/java/com/tigervnc/rfb/UserPasswdGetter.java b/java/com/tigervnc/rfb/UserPasswdGetter.java
index feb05ed1..7390b11a 100644
--- a/java/com/tigervnc/rfb/UserPasswdGetter.java
+++ b/java/com/tigervnc/rfb/UserPasswdGetter.java
@@ -23,5 +23,5 @@
 package com.tigervnc.rfb;
 
 public interface UserPasswdGetter {
-  public boolean getUserPasswd(StringBuffer user, StringBuffer password);
+  public void getUserPasswd(StringBuffer user, StringBuffer password);
 }