forked from pool/tigervnc
117 lines
4.6 KiB
Diff
117 lines
4.6 KiB
Diff
|
diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
|
||
|
index 6014502..9b886b5 100644
|
||
|
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
|
||
|
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
|
||
|
@@ -47,6 +47,9 @@ public class CSecurityTLS extends CSecurity {
|
||
|
public static StringParameter x509crl
|
||
|
= new StringParameter("x509crl",
|
||
|
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
|
||
|
+ public static StringParameter x509autoaccept
|
||
|
+ = new StringParameter("x509autoaccept",
|
||
|
+ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
|
||
|
|
||
|
private void initGlobal()
|
||
|
{
|
||
|
@@ -71,6 +74,7 @@ public class CSecurityTLS extends CSecurity {
|
||
|
setDefaults();
|
||
|
cafile = x509ca.getData();
|
||
|
crlfile = x509crl.getData();
|
||
|
+ certautoaccept = x509autoaccept.getData();
|
||
|
}
|
||
|
|
||
|
public static String getDefaultCA() {
|
||
|
@@ -247,34 +251,46 @@ public class CSecurityTLS extends CSecurity {
|
||
|
try {
|
||
|
tm.checkServerTrusted(chain, authType);
|
||
|
} catch (CertificateException e) {
|
||
|
- Object[] answer = {"Proceed", "Exit"};
|
||
|
-
|
||
|
- StringBuilder message = new StringBuilder();
|
||
|
- message.append(e.getCause().getLocalizedMessage());
|
||
|
- message.append("\nContinue connecting to this host?");
|
||
|
+ String fingerprint = null;
|
||
|
|
||
|
try {
|
||
|
+ StringBuilder fingerprintBuilder = new StringBuilder();
|
||
|
+
|
||
|
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
|
||
|
sha1.update(chain[0].getEncoded());
|
||
|
|
||
|
- message.append("\nSHA-1 fingerprint: ");
|
||
|
-
|
||
|
for(byte B : sha1.digest()) {
|
||
|
- message.append(Integer.toHexString(0xff & B));
|
||
|
- message.append(':');
|
||
|
+ fingerprintBuilder.append(String.format("%02x", /*0xff & */B));
|
||
|
+ fingerprintBuilder.append(':');
|
||
|
}
|
||
|
- message.deleteCharAt(message.length() - 1);
|
||
|
+ fingerprintBuilder.deleteCharAt(fingerprintBuilder.length() - 1);
|
||
|
+
|
||
|
+ fingerprint = fingerprintBuilder.toString();
|
||
|
} catch (NoSuchAlgorithmException noSuchAlgorithmException) {
|
||
|
// No fingerprint then...
|
||
|
}
|
||
|
|
||
|
- int ret = JOptionPane.showOptionDialog(null,
|
||
|
- message.toString(),
|
||
|
- "Confirm certificate exception?",
|
||
|
- JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
|
||
|
- null, answer, answer[0]);
|
||
|
- if (ret == JOptionPane.NO_OPTION)
|
||
|
- System.exit(1);
|
||
|
+ if(fingerprint == null || certautoaccept == null || !fingerprint.equalsIgnoreCase(certautoaccept)) {
|
||
|
+ Object[] answer = {"Proceed", "Exit"};
|
||
|
+
|
||
|
+ StringBuilder message = new StringBuilder();
|
||
|
+ message.append(e.getCause().getLocalizedMessage());
|
||
|
+ message.append("\nContinue connecting to this host?");
|
||
|
+ if(fingerprint != null) {
|
||
|
+ message.append("\nSHA-1 fingerprint: ");
|
||
|
+ message.append(fingerprint);
|
||
|
+ message.append("\nBle: ");
|
||
|
+ message.append(certautoaccept);
|
||
|
+ }
|
||
|
+
|
||
|
+ int ret = JOptionPane.showOptionDialog(null,
|
||
|
+ message.toString(),
|
||
|
+ "Confirm certificate exception?",
|
||
|
+ JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
|
||
|
+ null, answer, answer[0]);
|
||
|
+ if (ret == JOptionPane.NO_OPTION)
|
||
|
+ System.exit(1);
|
||
|
+ }
|
||
|
} catch (java.lang.Exception e) {
|
||
|
throw new Exception(e.toString());
|
||
|
}
|
||
|
@@ -301,7 +317,7 @@ public class CSecurityTLS extends CSecurity {
|
||
|
private SSLEngineManager manager;
|
||
|
private boolean anon;
|
||
|
|
||
|
- private String cafile, crlfile;
|
||
|
+ private String cafile, crlfile, certautoaccept;
|
||
|
private FdInStream is;
|
||
|
private FdOutStream os;
|
||
|
|
||
|
diff --git a/java/com/tigervnc/vncviewer/VncViewer.java b/java/com/tigervnc/vncviewer/VncViewer.java
|
||
|
index cc21c2e..6786636 100644
|
||
|
--- a/java/com/tigervnc/vncviewer/VncViewer.java
|
||
|
+++ b/java/com/tigervnc/vncviewer/VncViewer.java
|
||
|
@@ -354,6 +354,8 @@ public class VncViewer extends javax.swing.JApplet
|
||
|
parent.setFocusTraversalKeysEnabled(false);
|
||
|
setLookAndFeel();
|
||
|
setBackground(Color.white);
|
||
|
+
|
||
|
+ SecurityClient.setDefaults();
|
||
|
}
|
||
|
|
||
|
private void getTimestamp() {
|
||
|
@@ -375,6 +377,7 @@ public class VncViewer extends javax.swing.JApplet
|
||
|
if (embed.getValue() && nViewers == 0) {
|
||
|
alwaysShowServerDialog.setParam(false);
|
||
|
Configuration.global().readAppletParams(this);
|
||
|
+ Configuration.viewer().readAppletParams(this);
|
||
|
fullScreen.setParam(false);
|
||
|
scalingFactor.setParam("100");
|
||
|
String host = getCodeBase().getHost();
|