diff options
author | Simon Rettberg | 2015-09-10 12:06:04 +0200 |
---|---|---|
committer | Simon Rettberg | 2015-09-10 12:06:04 +0200 |
commit | a4a47f3a636df76885275136f6c0757207c72763 (patch) | |
tree | 75930c80306e48acea8e1978b4eae20daff417a8 /dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java | |
parent | [*] Improve SSL handling (diff) | |
download | tutor-module-a4a47f3a636df76885275136f6c0757207c72763.tar.gz tutor-module-a4a47f3a636df76885275136f6c0757207c72763.tar.xz tutor-module-a4a47f3a636df76885275136f6c0757207c72763.zip |
[client] Remember finger prints supplied by master server
Diffstat (limited to 'dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java')
-rw-r--r-- | dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java index 35297c9f..99c03373 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java @@ -54,17 +54,27 @@ public class GraphicalCertHandler { md.update(encoded); byte[] actualFingerprint = md.digest(); final String actualFingerprintReadable = new BigInteger(actualFingerprint).toString(16); - // Now check the fingerprint - byte[] expectedFingerprint = FingerprintManager.getFingerprint(address); + // Now check the finger print + byte[] expectedFingerprint = FingerprintManager.getKnownFingerprint(address); + if (expectedFingerprint == null) { + expectedFingerprint = FingerprintManager.getSuggestedFingerprint(address); + } final String question; if (expectedFingerprint == null) { - // First time we connect to this server, so remember the fingerprint - FingerprintManager.saveFingerprint(address, actualFingerprint); + // First time we connect to this server, so remember the finger print + FingerprintManager.saveKnownFingerprint(address, actualFingerprint); return; } else if (Arrays.equals(actualFingerprint, expectedFingerprint)) { // Known, matches, everything's fine return; } else { + byte[] sf = FingerprintManager.getSuggestedFingerprint(address); + if (sf != null && Arrays.equals(actualFingerprint, sf)) { + // User stored invalid finger print, but master suggests the finger print we found. + // It probably changed, the satellite told the master server, but the user doesn't know yet. + FingerprintManager.saveKnownFingerprint(address, actualFingerprint); + return; + } // Known, mismatch, panic! question = "!!! ALARM !!!! ALARM !!!\n\n" + "Der Fingerabdruck von " + address + " hat sich verändert.\n" + "Erwartet: " @@ -80,7 +90,7 @@ public class GraphicalCertHandler { } }); if (userOk) { - FingerprintManager.saveFingerprint(address, actualFingerprint); + FingerprintManager.saveKnownFingerprint(address, actualFingerprint); } else { throw new CertificateException("Rejected by user"); } |