diff options
Diffstat (limited to 'dozentenmodul/src/main/java/org/openslx/dozmod')
-rw-r--r-- | dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java | 10 | ||||
-rw-r--r-- | dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java | 114 |
2 files changed, 68 insertions, 56 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java index e41e4f28..4ec19dbe 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java @@ -63,7 +63,10 @@ public class FingerprintManager { * @return fingerprint, null if unknown */ public static byte[] getKnownFingerprint(String address) { - return Base64.getDecoder().decode(prop.getProperty(address)); + String str = prop.getProperty(address); + if (str == null) + return null; + return Base64.getDecoder().decode(str); } /** @@ -74,7 +77,10 @@ public class FingerprintManager { * @return fingerprint, null if unknown */ public static byte[] getSuggestedFingerprint(String address) { - return Base64.getDecoder().decode(prop.getProperty(address + "_master")); + String str = prop.getProperty(address + "_master"); + if (str == null) + return null; + return Base64.getDecoder().decode(str); } } diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java index 48b6a14a..648a0403 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java @@ -31,66 +31,72 @@ public class GraphicalCertHandler { @Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { - if (certs == null || certs.length == 0) { - Boolean ret = Gui.syncExec(new GuiCallable<Boolean>() { + try { + if (certs == null || certs.length == 0) { + Boolean ret = Gui.syncExec(new GuiCallable<Boolean>() { + @Override + public Boolean run() { + return Gui.showMessageBox(null, + I18n.GUI.getString("GraphicalCertHandler.Message.warning.noCertificate"), + MessageType.WARNING, LOGGER, null); + } + }); + if (ret) + return; + throw new CertificateException("No certificate provided by server"); + } + byte[] encoded = certs[0].getEncoded(); + MessageDigest md; + try { + md = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException e) { + LOGGER.warn("Could not get SHA-256 hash of certificate", e); + throw new CertificateException("Could not get SHA-256 hash of certificate"); + } + md.update(encoded); + byte[] actualFingerprint = md.digest(); + final String actualFingerprintReadable = new BigInteger(actualFingerprint).toString(16); + // Now check the finger print + byte[] expectedFingerprint = FingerprintManager.getKnownFingerprint(address); + if (expectedFingerprint == null) { + expectedFingerprint = FingerprintManager.getSuggestedFingerprint(address); + } + final String question; + if (expectedFingerprint == null) { + // First time we connect to this server, so remember the finger print + FingerprintManager.saveKnownFingerprint(address, actualFingerprint); + return; + } else if (Arrays.equals(actualFingerprint, expectedFingerprint)) { + // Known, matches, everything's fine + return; + } else { + byte[] sf = FingerprintManager.getSuggestedFingerprint(address); + if (sf != null && Arrays.equals(actualFingerprint, sf)) { + // User stored invalid finger print, but master suggests the finger print we found. + // It probably changed, the satellite told the master server, but the user doesn't know yet. + FingerprintManager.saveKnownFingerprint(address, actualFingerprint); + return; + } + // Known, mismatch, panic! + question = I18n.GUI.getString("GraphicalCertHandler.Message.yesNo.fingerprintChanged", + address, + new BigInteger(expectedFingerprint).toString(16), actualFingerprintReadable); + } + // Some question needs to be asked + Boolean userOk = Gui.syncExec(new GuiCallable<Boolean>() { @Override public Boolean run() { - return Gui.showMessageBox(null, - I18n.GUI.getString("GraphicalCertHandler.Message.warning.noCertificate"), - MessageType.WARNING, LOGGER, null); + return Gui.showMessageBox(null, question, MessageType.QUESTION_YESNO, null, null); } }); - if (ret) - return; - throw new CertificateException("No certificate provided by server"); - } - byte[] encoded = certs[0].getEncoded(); - MessageDigest md; - try { - md = MessageDigest.getInstance("SHA-256"); - } catch (NoSuchAlgorithmException e) { - LOGGER.warn("Could not get SHA-256 hash of certificate", e); - throw new CertificateException("Could not get SHA-256 hash of certificate"); - } - md.update(encoded); - byte[] actualFingerprint = md.digest(); - final String actualFingerprintReadable = new BigInteger(actualFingerprint).toString(16); - // Now check the finger print - byte[] expectedFingerprint = FingerprintManager.getKnownFingerprint(address); - if (expectedFingerprint == null) { - expectedFingerprint = FingerprintManager.getSuggestedFingerprint(address); - } - final String question; - if (expectedFingerprint == null) { - // First time we connect to this server, so remember the finger print - FingerprintManager.saveKnownFingerprint(address, actualFingerprint); - return; - } else if (Arrays.equals(actualFingerprint, expectedFingerprint)) { - // Known, matches, everything's fine - return; - } else { - byte[] sf = FingerprintManager.getSuggestedFingerprint(address); - if (sf != null && Arrays.equals(actualFingerprint, sf)) { - // User stored invalid finger print, but master suggests the finger print we found. - // It probably changed, the satellite told the master server, but the user doesn't know yet. + if (userOk) { FingerprintManager.saveKnownFingerprint(address, actualFingerprint); - return; - } - // Known, mismatch, panic! - question = I18n.GUI.getString("GraphicalCertHandler.Message.yesNo.fingerprintChanged", address, - new BigInteger(expectedFingerprint).toString(16), actualFingerprintReadable); - } - // Some question needs to be asked - Boolean userOk = Gui.syncExec(new GuiCallable<Boolean>() { - @Override - public Boolean run() { - return Gui.showMessageBox(null, question, MessageType.QUESTION_YESNO, null, null); + } else { + throw new CertificateException("Rejected by user"); } - }); - if (userOk) { - FingerprintManager.saveKnownFingerprint(address, actualFingerprint); - } else { - throw new CertificateException("Rejected by user"); + } catch (Throwable t) { + LOGGER.warn("Exception when checking cert of satellite", t); + throw t; } } |