[Tigervnc-devel] [PATCH 07/10] Implement X509 Security types

Sun, 07 Nov 2010 08:51:29 -0800 

Signed-off-by: Martin Koegler <mkoeg...@auto.tuwien.ac.at>
---
 java/src/com/tigervnc/vncviewer/Makefile        |    4 +-
 java/src/com/tigervnc/vncviewer/RfbProto.java   |    8 ++
 java/src/com/tigervnc/vncviewer/VncViewer.java  |   15 ++++
 java/src/com/tigervnc/vncviewer/X509Tunnel.java |  103 +++++++++++++++++++++++
 4 files changed, 128 insertions(+), 2 deletions(-)
 create mode 100644 java/src/com/tigervnc/vncviewer/X509Tunnel.java

diff --git a/java/src/com/tigervnc/vncviewer/Makefile 
b/java/src/com/tigervnc/vncviewer/Makefile
index 1abc15a..7e73d02 100644
--- a/java/src/com/tigervnc/vncviewer/Makefile
+++ b/java/src/com/tigervnc/vncviewer/Makefile
@@ -19,7 +19,7 @@ CLASSES = VncViewer.class RfbProto.class AuthPanel.class 
VncCanvas.class \
          SocketFactory.class HTTPConnectSocketFactory.class \
          HTTPConnectSocket.class ReloginPanel.class \
          InStream.class MemInStream.class ZlibInStream.class \
-         TLSTunnelBase.class TLSTunnel.class Dialog.class MessageBox.class
+         TLSTunnelBase.class TLSTunnel.class X509Tunnel.class Dialog.class 
MessageBox.class
 
 SOURCES = VncViewer.java RfbProto.java AuthPanel.java VncCanvas.java \
          VncCanvas2.java \
@@ -29,7 +29,7 @@ SOURCES = VncViewer.java RfbProto.java AuthPanel.java 
VncCanvas.java \
          SocketFactory.java HTTPConnectSocketFactory.java \
          HTTPConnectSocket.java ReloginPanel.java \
          InStream.java MemInStream.java ZlibInStream.java \
-         TLSTunnelBase.java TLSTunnel.java Dialog.java MessageBox.java
+         TLSTunnelBase.java TLSTunnel.java X509Tunnel.java Dialog.java 
MessageBox.java
 
 all: $(CLASSES) $(ARCHIVE)
 
diff --git a/java/src/com/tigervnc/vncviewer/RfbProto.java 
b/java/src/com/tigervnc/vncviewer/RfbProto.java
index eb8ca93..e88d8e7 100644
--- a/java/src/com/tigervnc/vncviewer/RfbProto.java
+++ b/java/src/com/tigervnc/vncviewer/RfbProto.java
@@ -434,6 +434,9 @@ class RfbProto {
                case SecTypeTLSNone:
                case SecTypeTLSVnc:
                case SecTypeTLSPlain:
+               case SecTypeX509None:
+               case SecTypeX509Vnc:
+               case SecTypeX509Plain:
                    writeInt(secTypes[i]);
                    return secTypes[i];
                }
@@ -484,6 +487,11 @@ class RfbProto {
        tunnel.setup (this);
     }
 
+    void authenticateX509() throws Exception {
+       X509Tunnel tunnel = new X509Tunnel(sock);
+       tunnel.setup (this);
+    }
+
     void authenticatePlain(String User, String Password) throws Exception {
       byte[] user=User.getBytes();
       byte[] password=Password.getBytes();
diff --git a/java/src/com/tigervnc/vncviewer/VncViewer.java 
b/java/src/com/tigervnc/vncviewer/VncViewer.java
index 26c8238..1c6482a 100644
--- a/java/src/com/tigervnc/vncviewer/VncViewer.java
+++ b/java/src/com/tigervnc/vncviewer/VncViewer.java
@@ -407,6 +407,21 @@ public class VncViewer extends java.applet.Applet
            rfb.authenticateTLS();
            doAuthentification(RfbProto.SecTypePlain);
            break;
+       case RfbProto.SecTypeX509None:
+           showConnectionStatus("X509None");
+           rfb.authenticateX509();
+           rfb.authenticateNone();
+           break;
+       case RfbProto.SecTypeX509Vnc:
+           showConnectionStatus("X509Vnc");
+           rfb.authenticateX509();
+           doAuthentification(RfbProto.SecTypeVncAuth);
+           break;
+       case RfbProto.SecTypeX509Plain:
+           showConnectionStatus("X509Plain");
+           rfb.authenticateX509();
+           doAuthentification(RfbProto.SecTypePlain);
+           break;
        default:
            throw new Exception("Unknown authentication scheme " + secType);
        }
diff --git a/java/src/com/tigervnc/vncviewer/X509Tunnel.java 
b/java/src/com/tigervnc/vncviewer/X509Tunnel.java
new file mode 100644
index 0000000..ddc3f82
--- /dev/null
+++ b/java/src/com/tigervnc/vncviewer/X509Tunnel.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2003 Sun Microsystems, Inc.
+ * Copyright (C) 2003-2010 Martin Koegler
+ * Copyright (C) 2006 OCCAM Financial Technology
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+package com.tigervnc.vncviewer;
+
+import java.util.*;
+import java.net.*;
+import javax.net.ssl.*;
+import java.security.*;
+import java.security.cert.*;
+
+public class X509Tunnel extends TLSTunnelBase
+{
+
+  public X509Tunnel (Socket sock_)
+  {
+    super (sock_);
+  }
+
+  protected void setParam (SSLSocket sock)
+  {
+    String[]supported;
+    ArrayList enabled = new ArrayList ();
+
+    supported = sock.getSupportedCipherSuites ();
+
+    for (int i = 0; i < supported.length; i++)
+      if (!supported[i].matches (".*DH_anon.*"))
+       enabled.add (supported[i]);
+
+    sock.setEnabledCipherSuites ((String[])enabled.toArray (new String[0]));
+  }
+
+  protected void initContext (SSLContext sc) throws java.security.
+    GeneralSecurityException
+  {
+    TrustManager[] myTM = new TrustManager[]
+    {
+    new MyX509TrustManager ()};
+    sc.init (null, myTM, null);
+  }
+
+
+  class MyX509TrustManager implements X509TrustManager
+  {
+
+    X509TrustManager tm;
+
+      MyX509TrustManager () throws java.security.GeneralSecurityException
+    {
+      TrustManagerFactory tmf =
+       TrustManagerFactory.getInstance ("SunX509", "SunJSSE");
+      KeyStore ks = KeyStore.getInstance ("JKS");
+        tmf.init (ks);
+        tm = (X509TrustManager) tmf.getTrustManagers ()[0];
+    }
+    public void checkClientTrusted (X509Certificate[]chain,
+                                   String authType) throws
+      CertificateException
+    {
+      tm.checkClientTrusted (chain, authType);
+    }
+
+    public void checkServerTrusted (X509Certificate[]chain,
+                                   String authType)
+      throws CertificateException
+    {
+      try
+      {
+       tm.checkServerTrusted (chain, authType);
+      } catch (CertificateException e)
+      {
+       MessageBox m =
+         new MessageBox (e.toString (), MessageBox.MB_OKAYCANCEL);
+       if (!m.result ())
+         throw e;
+      }
+    }
+
+    public X509Certificate[] getAcceptedIssuers ()
+    {
+      return tm.getAcceptedIssuers ();
+    }
+  }
+}
-- 
1.5.6.5


------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel

Reply via email to