diff options
| author | Simon Rettberg | 2015-09-10 11:38:25 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2015-09-10 11:38:25 +0200 |
| commit | 4ef812cdb8cb7eb294dba5837cad750deaa52da9 (patch) | |
| tree | d9c355fb3b2360d54c4d63c6784908eb38bc6e6b /dozentenmodul/src/main/java | |
| parent | [server] Make xml compatible with legacy run-virt (diff) | |
| download | tutor-module-4ef812cdb8cb7eb294dba5837cad750deaa52da9.tar.gz tutor-module-4ef812cdb8cb7eb294dba5837cad750deaa52da9.tar.xz tutor-module-4ef812cdb8cb7eb294dba5837cad750deaa52da9.zip | |
[*] Improve SSL handling
Diffstat (limited to 'dozentenmodul/src/main/java')
| -rw-r--r-- | dozentenmodul/src/main/java/org/openslx/dozmod/App.java | 3 | ||||
| -rw-r--r-- | dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java | 22 |
2 files changed, 17 insertions, 8 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java index eeced8fc..a2e4e859 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java @@ -163,7 +163,8 @@ public class App { SSLContext ctx = null; if (useSsl) { try { - ctx = SSLContext.getDefault(); + ctx = SSLContext.getInstance("TLSv1.2"); + ctx.init(null, null, null); } catch (final Exception e1) { SwingUtilities.invokeLater(new Runnable() { @Override diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java index 07b44175..35297c9f 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java @@ -30,10 +30,17 @@ public class GraphicalCertHandler { @Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { if (certs == null || certs.length == 0) { - Gui.asyncMessageBox( - "Der Satellit besitzt kein Zertifikat. Verschlüsselte Verbindung nicht möglich.\n\n" - + "Möchten Sie trotzdem fortfahren?", MessageType.WARNING, LOGGER, null); - // TODO: Ask and do + Boolean ret = Gui.syncExec(new GuiCallable<Boolean>() { + @Override + public Boolean run() { + return Gui.showMessageBox(null, + "Der Satellit besitzt kein Zertifikat. Verschlüsselte Verbindung nicht möglich.\n\n" + + "Möchten Sie trotzdem fortfahren?", MessageType.WARNING, LOGGER, + null); + } + }); + if (ret) + return; throw new CertificateException("No certificate provided by server"); } byte[] encoded = certs[0].getEncoded(); @@ -51,14 +58,15 @@ public class GraphicalCertHandler { byte[] expectedFingerprint = FingerprintManager.getFingerprint(address); final String question; if (expectedFingerprint == null) { - // Not known yet, ask - question = "Magst du die Zahl " + actualFingerprintReadable + "?"; + // First time we connect to this server, so remember the fingerprint + FingerprintManager.saveFingerprint(address, actualFingerprint); + return; } else if (Arrays.equals(actualFingerprint, expectedFingerprint)) { // Known, matches, everything's fine return; } else { // Known, mismatch, panic! - question = "!!! ALARM !!!! ALARM !!! *trage hol*\n\n" + "Der Fingerabdruck von " + address + question = "!!! ALARM !!!! ALARM !!!\n\n" + "Der Fingerabdruck von " + address + " hat sich verändert.\n" + "Erwartet: " + new BigInteger(expectedFingerprint).toString(16) + "\n" + "Vorgefunden: " + actualFingerprintReadable + "\n\n" |