summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java10
-rw-r--r--dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java114
2 files changed, 68 insertions, 56 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java
index e41e4f28..4ec19dbe 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java
@@ -63,7 +63,10 @@ public class FingerprintManager {
* @return fingerprint, null if unknown
*/
public static byte[] getKnownFingerprint(String address) {
- return Base64.getDecoder().decode(prop.getProperty(address));
+ String str = prop.getProperty(address);
+ if (str == null)
+ return null;
+ return Base64.getDecoder().decode(str);
}
/**
@@ -74,7 +77,10 @@ public class FingerprintManager {
* @return fingerprint, null if unknown
*/
public static byte[] getSuggestedFingerprint(String address) {
- return Base64.getDecoder().decode(prop.getProperty(address + "_master"));
+ String str = prop.getProperty(address + "_master");
+ if (str == null)
+ return null;
+ return Base64.getDecoder().decode(str);
}
}
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java
index 48b6a14a..648a0403 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java
@@ -31,66 +31,72 @@ public class GraphicalCertHandler {
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
- if (certs == null || certs.length == 0) {
- Boolean ret = Gui.syncExec(new GuiCallable<Boolean>() {
+ try {
+ if (certs == null || certs.length == 0) {
+ Boolean ret = Gui.syncExec(new GuiCallable<Boolean>() {
+ @Override
+ public Boolean run() {
+ return Gui.showMessageBox(null,
+ I18n.GUI.getString("GraphicalCertHandler.Message.warning.noCertificate"),
+ MessageType.WARNING, LOGGER, null);
+ }
+ });
+ if (ret)
+ return;
+ throw new CertificateException("No certificate provided by server");
+ }
+ byte[] encoded = certs[0].getEncoded();
+ MessageDigest md;
+ try {
+ md = MessageDigest.getInstance("SHA-256");
+ } catch (NoSuchAlgorithmException e) {
+ LOGGER.warn("Could not get SHA-256 hash of certificate", e);
+ throw new CertificateException("Could not get SHA-256 hash of certificate");
+ }
+ md.update(encoded);
+ byte[] actualFingerprint = md.digest();
+ final String actualFingerprintReadable = new BigInteger(actualFingerprint).toString(16);
+ // Now check the finger print
+ byte[] expectedFingerprint = FingerprintManager.getKnownFingerprint(address);
+ if (expectedFingerprint == null) {
+ expectedFingerprint = FingerprintManager.getSuggestedFingerprint(address);
+ }
+ final String question;
+ if (expectedFingerprint == null) {
+ // First time we connect to this server, so remember the finger print
+ FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
+ return;
+ } else if (Arrays.equals(actualFingerprint, expectedFingerprint)) {
+ // Known, matches, everything's fine
+ return;
+ } else {
+ byte[] sf = FingerprintManager.getSuggestedFingerprint(address);
+ if (sf != null && Arrays.equals(actualFingerprint, sf)) {
+ // User stored invalid finger print, but master suggests the finger print we found.
+ // It probably changed, the satellite told the master server, but the user doesn't know yet.
+ FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
+ return;
+ }
+ // Known, mismatch, panic!
+ question = I18n.GUI.getString("GraphicalCertHandler.Message.yesNo.fingerprintChanged",
+ address,
+ new BigInteger(expectedFingerprint).toString(16), actualFingerprintReadable);
+ }
+ // Some question needs to be asked
+ Boolean userOk = Gui.syncExec(new GuiCallable<Boolean>() {
@Override
public Boolean run() {
- return Gui.showMessageBox(null,
- I18n.GUI.getString("GraphicalCertHandler.Message.warning.noCertificate"),
- MessageType.WARNING, LOGGER, null);
+ return Gui.showMessageBox(null, question, MessageType.QUESTION_YESNO, null, null);
}
});
- if (ret)
- return;
- throw new CertificateException("No certificate provided by server");
- }
- byte[] encoded = certs[0].getEncoded();
- MessageDigest md;
- try {
- md = MessageDigest.getInstance("SHA-256");
- } catch (NoSuchAlgorithmException e) {
- LOGGER.warn("Could not get SHA-256 hash of certificate", e);
- throw new CertificateException("Could not get SHA-256 hash of certificate");
- }
- md.update(encoded);
- byte[] actualFingerprint = md.digest();
- final String actualFingerprintReadable = new BigInteger(actualFingerprint).toString(16);
- // Now check the finger print
- byte[] expectedFingerprint = FingerprintManager.getKnownFingerprint(address);
- if (expectedFingerprint == null) {
- expectedFingerprint = FingerprintManager.getSuggestedFingerprint(address);
- }
- final String question;
- if (expectedFingerprint == null) {
- // First time we connect to this server, so remember the finger print
- FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
- return;
- } else if (Arrays.equals(actualFingerprint, expectedFingerprint)) {
- // Known, matches, everything's fine
- return;
- } else {
- byte[] sf = FingerprintManager.getSuggestedFingerprint(address);
- if (sf != null && Arrays.equals(actualFingerprint, sf)) {
- // User stored invalid finger print, but master suggests the finger print we found.
- // It probably changed, the satellite told the master server, but the user doesn't know yet.
+ if (userOk) {
FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
- return;
- }
- // Known, mismatch, panic!
- question = I18n.GUI.getString("GraphicalCertHandler.Message.yesNo.fingerprintChanged", address,
- new BigInteger(expectedFingerprint).toString(16), actualFingerprintReadable);
- }
- // Some question needs to be asked
- Boolean userOk = Gui.syncExec(new GuiCallable<Boolean>() {
- @Override
- public Boolean run() {
- return Gui.showMessageBox(null, question, MessageType.QUESTION_YESNO, null, null);
+ } else {
+ throw new CertificateException("Rejected by user");
}
- });
- if (userOk) {
- FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
- } else {
- throw new CertificateException("Rejected by user");
+ } catch (Throwable t) {
+ LOGGER.warn("Exception when checking cert of satellite", t);
+ throw t;
}
}