1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
/*
* Copyright (C) 2003 Sun Microsystems, Inc.
* Copyright (C) 2003-2010 Martin Koegler
* Copyright (C) 2006 OCCAM Financial Technology
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
package com.tigervnc.vncviewer;
import java.util.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.*;
import java.security.cert.*;
public class X509Tunnel extends TLSTunnelBase
{
public X509Tunnel (Socket sock_)
{
super (sock_);
}
protected void setParam (SSLSocket sock)
{
String[]supported;
ArrayList enabled = new ArrayList ();
supported = sock.getSupportedCipherSuites ();
for (int i = 0; i < supported.length; i++)
if (!supported[i].matches (".*DH_anon.*"))
enabled.add (supported[i]);
sock.setEnabledCipherSuites ((String[])enabled.toArray (new String[0]));
}
protected void initContext (SSLContext sc) throws java.security.
GeneralSecurityException
{
TrustManager[] myTM = new TrustManager[]
{
new MyX509TrustManager ()};
sc.init (null, myTM, null);
}
class MyX509TrustManager implements X509TrustManager
{
X509TrustManager tm;
MyX509TrustManager () throws java.security.GeneralSecurityException
{
TrustManagerFactory tmf =
TrustManagerFactory.getInstance ("SunX509", "SunJSSE");
KeyStore ks = KeyStore.getInstance ("JKS");
tmf.init (ks);
tm = (X509TrustManager) tmf.getTrustManagers ()[0];
}
public void checkClientTrusted (X509Certificate[]chain,
String authType) throws
CertificateException
{
tm.checkClientTrusted (chain, authType);
}
public void checkServerTrusted (X509Certificate[]chain,
String authType)
throws CertificateException
{
try
{
tm.checkServerTrusted (chain, authType);
} catch (CertificateException e)
{
MessageBox m =
new MessageBox (e.toString (), MessageBox.MB_OKAYCANCEL);
if (!m.result ())
throw e;
}
}
public X509Certificate[] getAcceptedIssuers ()
{
return tm.getAcceptedIssuers ();
}
}
}
|