[Development] java: Implement X509 Security types. (Martin Koegler)
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4200 3789f03b-4d11-0410-bbf8-ca57d06f2519
diff --git a/java/src/com/tigervnc/vncviewer/Makefile b/java/src/com/tigervnc/vncviewer/Makefile
index 1abc15a..7e73d02 100644
--- a/java/src/com/tigervnc/vncviewer/Makefile
+++ b/java/src/com/tigervnc/vncviewer/Makefile
@@ -19,7 +19,7 @@
SocketFactory.class HTTPConnectSocketFactory.class \
HTTPConnectSocket.class ReloginPanel.class \
InStream.class MemInStream.class ZlibInStream.class \
- TLSTunnelBase.class TLSTunnel.class Dialog.class MessageBox.class
+ TLSTunnelBase.class TLSTunnel.class X509Tunnel.class Dialog.class MessageBox.class
SOURCES = VncViewer.java RfbProto.java AuthPanel.java VncCanvas.java \
VncCanvas2.java \
@@ -29,7 +29,7 @@
SocketFactory.java HTTPConnectSocketFactory.java \
HTTPConnectSocket.java ReloginPanel.java \
InStream.java MemInStream.java ZlibInStream.java \
- TLSTunnelBase.java TLSTunnel.java Dialog.java MessageBox.java
+ TLSTunnelBase.java TLSTunnel.java X509Tunnel.java Dialog.java MessageBox.java
all: $(CLASSES) $(ARCHIVE)
diff --git a/java/src/com/tigervnc/vncviewer/RfbProto.java b/java/src/com/tigervnc/vncviewer/RfbProto.java
index eb8ca93..e88d8e7 100644
--- a/java/src/com/tigervnc/vncviewer/RfbProto.java
+++ b/java/src/com/tigervnc/vncviewer/RfbProto.java
@@ -434,6 +434,9 @@
case SecTypeTLSNone:
case SecTypeTLSVnc:
case SecTypeTLSPlain:
+ case SecTypeX509None:
+ case SecTypeX509Vnc:
+ case SecTypeX509Plain:
writeInt(secTypes[i]);
return secTypes[i];
}
@@ -484,6 +487,11 @@
tunnel.setup (this);
}
+ void authenticateX509() throws Exception {
+ X509Tunnel tunnel = new X509Tunnel(sock);
+ tunnel.setup (this);
+ }
+
void authenticatePlain(String User, String Password) throws Exception {
byte[] user=User.getBytes();
byte[] password=Password.getBytes();
diff --git a/java/src/com/tigervnc/vncviewer/VncViewer.java b/java/src/com/tigervnc/vncviewer/VncViewer.java
index 26c8238..1c6482a 100644
--- a/java/src/com/tigervnc/vncviewer/VncViewer.java
+++ b/java/src/com/tigervnc/vncviewer/VncViewer.java
@@ -407,6 +407,21 @@
rfb.authenticateTLS();
doAuthentification(RfbProto.SecTypePlain);
break;
+ case RfbProto.SecTypeX509None:
+ showConnectionStatus("X509None");
+ rfb.authenticateX509();
+ rfb.authenticateNone();
+ break;
+ case RfbProto.SecTypeX509Vnc:
+ showConnectionStatus("X509Vnc");
+ rfb.authenticateX509();
+ doAuthentification(RfbProto.SecTypeVncAuth);
+ break;
+ case RfbProto.SecTypeX509Plain:
+ showConnectionStatus("X509Plain");
+ rfb.authenticateX509();
+ doAuthentification(RfbProto.SecTypePlain);
+ break;
default:
throw new Exception("Unknown authentication scheme " + secType);
}
diff --git a/java/src/com/tigervnc/vncviewer/X509Tunnel.java b/java/src/com/tigervnc/vncviewer/X509Tunnel.java
new file mode 100644
index 0000000..ddc3f82
--- /dev/null
+++ b/java/src/com/tigervnc/vncviewer/X509Tunnel.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2003 Sun Microsystems, Inc.
+ * Copyright (C) 2003-2010 Martin Koegler
+ * Copyright (C) 2006 OCCAM Financial Technology
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+package com.tigervnc.vncviewer;
+
+import java.util.*;
+import java.net.*;
+import javax.net.ssl.*;
+import java.security.*;
+import java.security.cert.*;
+
+public class X509Tunnel extends TLSTunnelBase
+{
+
+ public X509Tunnel (Socket sock_)
+ {
+ super (sock_);
+ }
+
+ protected void setParam (SSLSocket sock)
+ {
+ String[]supported;
+ ArrayList enabled = new ArrayList ();
+
+ supported = sock.getSupportedCipherSuites ();
+
+ for (int i = 0; i < supported.length; i++)
+ if (!supported[i].matches (".*DH_anon.*"))
+ enabled.add (supported[i]);
+
+ sock.setEnabledCipherSuites ((String[])enabled.toArray (new String[0]));
+ }
+
+ protected void initContext (SSLContext sc) throws java.security.
+ GeneralSecurityException
+ {
+ TrustManager[] myTM = new TrustManager[]
+ {
+ new MyX509TrustManager ()};
+ sc.init (null, myTM, null);
+ }
+
+
+ class MyX509TrustManager implements X509TrustManager
+ {
+
+ X509TrustManager tm;
+
+ MyX509TrustManager () throws java.security.GeneralSecurityException
+ {
+ TrustManagerFactory tmf =
+ TrustManagerFactory.getInstance ("SunX509", "SunJSSE");
+ KeyStore ks = KeyStore.getInstance ("JKS");
+ tmf.init (ks);
+ tm = (X509TrustManager) tmf.getTrustManagers ()[0];
+ }
+ public void checkClientTrusted (X509Certificate[]chain,
+ String authType) throws
+ CertificateException
+ {
+ tm.checkClientTrusted (chain, authType);
+ }
+
+ public void checkServerTrusted (X509Certificate[]chain,
+ String authType)
+ throws CertificateException
+ {
+ try
+ {
+ tm.checkServerTrusted (chain, authType);
+ } catch (CertificateException e)
+ {
+ MessageBox m =
+ new MessageBox (e.toString (), MessageBox.MB_OKAYCANCEL);
+ if (!m.result ())
+ throw e;
+ }
+ }
+
+ public X509Certificate[] getAcceptedIssuers ()
+ {
+ return tm.getAcceptedIssuers ();
+ }
+ }
+}