SHA256
1
0
forked from pool/tigervnc
tigervnc/u_tigervnc-add-autoaccept-parameter.patch

117 lines
4.6 KiB
Diff
Raw Normal View History

diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
index 6014502..9b886b5 100644
--- a/java/com/tigervnc/rfb/CSecurityTLS.java
+++ b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -47,6 +47,9 @@ public class CSecurityTLS extends CSecurity {
public static StringParameter x509crl
= new StringParameter("x509crl",
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
+ public static StringParameter x509autoaccept
+ = new StringParameter("x509autoaccept",
+ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
private void initGlobal()
{
@@ -71,6 +74,7 @@ public class CSecurityTLS extends CSecurity {
setDefaults();
cafile = x509ca.getData();
crlfile = x509crl.getData();
+ certautoaccept = x509autoaccept.getData();
}
public static String getDefaultCA() {
@@ -247,34 +251,46 @@ public class CSecurityTLS extends CSecurity {
try {
tm.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
- Object[] answer = {"Proceed", "Exit"};
-
- StringBuilder message = new StringBuilder();
- message.append(e.getCause().getLocalizedMessage());
- message.append("\nContinue connecting to this host?");
+ String fingerprint = null;
try {
+ StringBuilder fingerprintBuilder = new StringBuilder();
+
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
sha1.update(chain[0].getEncoded());
- message.append("\nSHA-1 fingerprint: ");
-
for(byte B : sha1.digest()) {
- message.append(Integer.toHexString(0xff & B));
- message.append(':');
+ fingerprintBuilder.append(String.format("%02x", /*0xff & */B));
+ fingerprintBuilder.append(':');
}
- message.deleteCharAt(message.length() - 1);
+ fingerprintBuilder.deleteCharAt(fingerprintBuilder.length() - 1);
+
+ fingerprint = fingerprintBuilder.toString();
} catch (NoSuchAlgorithmException noSuchAlgorithmException) {
// No fingerprint then...
}
- int ret = JOptionPane.showOptionDialog(null,
- message.toString(),
- "Confirm certificate exception?",
- JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
- null, answer, answer[0]);
- if (ret == JOptionPane.NO_OPTION)
- System.exit(1);
+ if(fingerprint == null || certautoaccept == null || !fingerprint.equalsIgnoreCase(certautoaccept)) {
+ Object[] answer = {"Proceed", "Exit"};
+
+ StringBuilder message = new StringBuilder();
+ message.append(e.getCause().getLocalizedMessage());
+ message.append("\nContinue connecting to this host?");
+ if(fingerprint != null) {
+ message.append("\nSHA-1 fingerprint: ");
+ message.append(fingerprint);
+ message.append("\nBle: ");
+ message.append(certautoaccept);
+ }
+
+ int ret = JOptionPane.showOptionDialog(null,
+ message.toString(),
+ "Confirm certificate exception?",
+ JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE,
+ null, answer, answer[0]);
+ if (ret == JOptionPane.NO_OPTION)
+ System.exit(1);
+ }
} catch (java.lang.Exception e) {
throw new Exception(e.toString());
}
@@ -301,7 +317,7 @@ public class CSecurityTLS extends CSecurity {
private SSLEngineManager manager;
private boolean anon;
- private String cafile, crlfile;
+ private String cafile, crlfile, certautoaccept;
private FdInStream is;
private FdOutStream os;
diff --git a/java/com/tigervnc/vncviewer/VncViewer.java b/java/com/tigervnc/vncviewer/VncViewer.java
index cc21c2e..6786636 100644
--- a/java/com/tigervnc/vncviewer/VncViewer.java
+++ b/java/com/tigervnc/vncviewer/VncViewer.java
@@ -354,6 +354,8 @@ public class VncViewer extends javax.swing.JApplet
parent.setFocusTraversalKeysEnabled(false);
setLookAndFeel();
setBackground(Color.white);
+
+ SecurityClient.setDefaults();
}
private void getTimestamp() {
@@ -375,6 +377,7 @@ public class VncViewer extends javax.swing.JApplet
if (embed.getValue() && nViewers == 0) {
alwaysShowServerDialog.setParam(false);
Configuration.global().readAppletParams(this);
+ Configuration.viewer().readAppletParams(this);
fullScreen.setParam(false);
scalingFactor.setParam("100");
String host = getCodeBase().getHost();