diff options
| author | Simon Rettberg | 2015-09-10 11:38:25 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2015-09-10 11:38:25 +0200 |
| commit | 4ef812cdb8cb7eb294dba5837cad750deaa52da9 (patch) | |
| tree | d9c355fb3b2360d54c4d63c6784908eb38bc6e6b | |
| parent | [server] Make xml compatible with legacy run-virt (diff) | |
| download | tutor-module-4ef812cdb8cb7eb294dba5837cad750deaa52da9.tar.gz tutor-module-4ef812cdb8cb7eb294dba5837cad750deaa52da9.tar.xz tutor-module-4ef812cdb8cb7eb294dba5837cad750deaa52da9.zip | |
[*] Improve SSL handling
4 files changed, 27 insertions, 13 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java index eeced8fc..a2e4e859 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java @@ -163,7 +163,8 @@ public class App { SSLContext ctx = null; if (useSsl) { try { - ctx = SSLContext.getDefault(); + ctx = SSLContext.getInstance("TLSv1.2"); + ctx.init(null, null, null); } catch (final Exception e1) { SwingUtilities.invokeLater(new Runnable() { @Override diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java index 07b44175..35297c9f 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java @@ -30,10 +30,17 @@ public class GraphicalCertHandler { @Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { if (certs == null || certs.length == 0) { - Gui.asyncMessageBox( - "Der Satellit besitzt kein Zertifikat. Verschlüsselte Verbindung nicht möglich.\n\n" - + "Möchten Sie trotzdem fortfahren?", MessageType.WARNING, LOGGER, null); - // TODO: Ask and do + Boolean ret = Gui.syncExec(new GuiCallable<Boolean>() { + @Override + public Boolean run() { + return Gui.showMessageBox(null, + "Der Satellit besitzt kein Zertifikat. Verschlüsselte Verbindung nicht möglich.\n\n" + + "Möchten Sie trotzdem fortfahren?", MessageType.WARNING, LOGGER, + null); + } + }); + if (ret) + return; throw new CertificateException("No certificate provided by server"); } byte[] encoded = certs[0].getEncoded(); @@ -51,14 +58,15 @@ public class GraphicalCertHandler { byte[] expectedFingerprint = FingerprintManager.getFingerprint(address); final String question; if (expectedFingerprint == null) { - // Not known yet, ask - question = "Magst du die Zahl " + actualFingerprintReadable + "?"; + // First time we connect to this server, so remember the fingerprint + FingerprintManager.saveFingerprint(address, actualFingerprint); + return; } else if (Arrays.equals(actualFingerprint, expectedFingerprint)) { // Known, matches, everything's fine return; } else { // Known, mismatch, panic! - question = "!!! ALARM !!!! ALARM !!! *trage hol*\n\n" + "Der Fingerabdruck von " + address + question = "!!! ALARM !!!! ALARM !!!\n\n" + "Der Fingerabdruck von " + address + " hat sich verändert.\n" + "Erwartet: " + new BigInteger(expectedFingerprint).toString(16) + "\n" + "Vorgefunden: " + actualFingerprintReadable + "\n\n" diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/App.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/App.java index 425a3384..2648310b 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/App.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/App.java @@ -1,6 +1,7 @@ package org.openslx.bwlp.sat; import java.io.IOException; +import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.sql.SQLException; import java.util.Date; @@ -44,7 +45,8 @@ public class App { private static final Set<String> failFastMethods = new HashSet<>(); - public static void main(String[] args) throws TTransportException, NoSuchAlgorithmException, IOException { + public static void main(String[] args) throws TTransportException, NoSuchAlgorithmException, IOException, + KeyManagementException { //get going and show basic information in log file BasicConfigurator.configure(); if (args.length != 0 && args[0].equals("debug")) { @@ -94,10 +96,11 @@ public class App { SSLContext ctx = null; if (Configuration.getMasterServerSsl()) { - ctx = SSLContext.getDefault(); + ctx = SSLContext.getInstance("TLSv1.2"); + ctx.init(null, null, null); } - ThriftManager.setMasterServerAddress(ctx, // TODO: Use the TLSv1.2 one once the master is ready - Configuration.getMasterServerAddress(), Configuration.getMasterServerPort(), 30000); + ThriftManager.setMasterServerAddress(ctx, Configuration.getMasterServerAddress(), + Configuration.getMasterServerPort(), 30000); // Load useful things from master server OrganizationList.get(); diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Configuration.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Configuration.java index b9652a0c..c8208338 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Configuration.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Configuration.java @@ -40,7 +40,9 @@ public class Configuration { dbUsername = prop.getProperty("db.username"); dbPassword = prop.getProperty("db.password"); masterAddress = prop.getProperty("master.address"); - masterSsl = Boolean.getBoolean(prop.getProperty("master.ssl")); + if (!Util.isEmptyString(prop.getProperty("master.ssl"))) { + masterSsl = Boolean.getBoolean(prop.getProperty("master.ssl")); + } try { masterPort = Integer.parseInt(prop.getProperty("master.port")); } catch (Exception e) { |