From af09e89d54b57649cf60363d03f84d129baecd27 Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Tue, 7 Jul 2015 02:38:18 +0300 Subject: [PATCH 2/2] Display SHA-1 fingerprint of untrusted certificate in java client. --- java/com/tigervnc/rfb/CSecurityTLS.java | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java index 7633f08..6014502 100644 --- a/java/com/tigervnc/rfb/CSecurityTLS.java +++ b/java/com/tigervnc/rfb/CSecurityTLS.java @@ -248,9 +248,28 @@ public class CSecurityTLS extends CSecurity { tm.checkServerTrusted(chain, authType); } catch (CertificateException e) { Object[] answer = {"Proceed", "Exit"}; + + StringBuilder message = new StringBuilder(); + message.append(e.getCause().getLocalizedMessage()); + message.append("\nContinue connecting to this host?"); + + try { + MessageDigest sha1 = MessageDigest.getInstance("SHA1"); + sha1.update(chain[0].getEncoded()); + + message.append("\nSHA-1 fingerprint: "); + + for(byte B : sha1.digest()) { + message.append(Integer.toHexString(0xff & B)); + message.append(':'); + } + message.deleteCharAt(message.length() - 1); + } catch (NoSuchAlgorithmException noSuchAlgorithmException) { + // No fingerprint then... + } + int ret = JOptionPane.showOptionDialog(null, - e.getCause().getLocalizedMessage()+"\n"+ - "Continue connecting to this host?", + message.toString(), "Confirm certificate exception?", JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, null, answer, answer[0]); -- 2.1.4