diff options
author | Brian P. Hinz <bphinz@users.sf.net> | 2017-07-11 23:23:01 -0400 |
---|---|---|
committer | Brian P. Hinz <bphinz@users.sf.net> | 2017-07-22 20:31:40 -0400 |
commit | b22624f433754267c1b12e309e3db75081b8ad22 (patch) | |
tree | d19dead593e2b8f0498032de08c856dc6f75e0cc /java/com/tigervnc | |
parent | 0f2d1f6f0d6b484025cf01f08661e020517a9845 (diff) | |
download | tigervnc-b22624f433754267c1b12e309e3db75081b8ad22.tar.gz tigervnc-b22624f433754267c1b12e309e3db75081b8ad22.zip |
Allow multiple certs with same DN in saved certs file.
Diffstat (limited to 'java/com/tigervnc')
-rw-r--r-- | java/com/tigervnc/rfb/CSecurityTLS.java | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java index 4b20e0bf..08aa1125 100644 --- a/java/com/tigervnc/rfb/CSecurityTLS.java +++ b/java/com/tigervnc/rfb/CSecurityTLS.java @@ -218,9 +218,8 @@ public class CSecurityTLS extends CSecurity { Collection<? extends Certificate> cacerts = cf.generateCertificates(caStream); for (Certificate cert : cacerts) { - String dn = - ((X509Certificate)cert).getSubjectX500Principal().getName(); - ks.setCertificateEntry(dn, (X509Certificate)cert); + String thumbprint = getThumbprint((X509Certificate)cert); + ks.setCertificateEntry(thumbprint, (X509Certificate)cert); } } File cacert = new File(cafile); @@ -229,9 +228,8 @@ public class CSecurityTLS extends CSecurity { Collection<? extends Certificate> cacerts = cf.generateCertificates(caStream); for (Certificate cert : cacerts) { - String dn = - ((X509Certificate)cert).getSubjectX500Principal().getName(); - ks.setCertificateEntry(dn, (X509Certificate)cert); + String thumbprint = getThumbprint((X509Certificate)cert); + ks.setCertificateEntry(thumbprint, (X509Certificate)cert); } } PKIXBuilderParameters params = @@ -264,19 +262,13 @@ public class CSecurityTLS extends CSecurity { public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { - MessageDigest md = null; try { - md = MessageDigest.getInstance("SHA-1"); verifyHostname(chain[0]); tm.checkServerTrusted(chain, authType); } catch (java.lang.Exception e) { if (e.getCause() instanceof CertPathBuilderException) { Object[] answer = {"YES", "NO"}; X509Certificate cert = chain[0]; - md.update(cert.getEncoded()); - String thumbprint = - DatatypeConverter.printHexBinary(md.digest()); - thumbprint = thumbprint.replaceAll("..(?!$)", "$0 "); int ret = JOptionPane.showOptionDialog(null, "This certificate has been signed by an unknown authority\n"+ "\n"+ @@ -287,7 +279,7 @@ public class CSecurityTLS extends CSecurity { " Signature Algorithm: "+cert.getPublicKey().getAlgorithm()+"\n"+ " Not Valid Before: "+cert.getNotBefore()+"\n"+ " Not Valid After: "+cert.getNotAfter()+"\n"+ - " SHA1 Fingerprint: "+thumbprint+"\n"+ + " SHA1 Fingerprint: "+getThumbprint(cert)+"\n"+ "\n"+ "Do you want to save it and continue?", "Certificate Issuer Unknown", @@ -351,6 +343,22 @@ public class CSecurityTLS extends CSecurity { return tm.getAcceptedIssuers(); } + private String getThumbprint(X509Certificate cert) + { + String thumbprint = null; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + md.update(cert.getEncoded()); + thumbprint = DatatypeConverter.printHexBinary(md.digest()); + thumbprint = thumbprint.replaceAll("..(?!$)", "$0 "); + } catch(CertificateEncodingException e) { + throw new SystemException(e.getMessage()); + } catch(NoSuchAlgorithmException e) { + throw new SystemException(e.getMessage()); + } + return thumbprint; + } + private void verifyHostname(X509Certificate cert) throws CertificateParsingException { |