From 4ef812cdb8cb7eb294dba5837cad750deaa52da9 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 10 Sep 2015 11:38:25 +0200 Subject: [*] Improve SSL handling --- .../src/main/java/org/openslx/dozmod/App.java | 3 ++- .../openslx/dozmod/gui/GraphicalCertHandler.java | 22 +++++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) (limited to 'dozentenmodul/src/main/java') diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java index eeced8fc..a2e4e859 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java @@ -163,7 +163,8 @@ public class App { SSLContext ctx = null; if (useSsl) { try { - ctx = SSLContext.getDefault(); + ctx = SSLContext.getInstance("TLSv1.2"); + ctx.init(null, null, null); } catch (final Exception e1) { SwingUtilities.invokeLater(new Runnable() { @Override diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java index 07b44175..35297c9f 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java @@ -30,10 +30,17 @@ public class GraphicalCertHandler { @Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { if (certs == null || certs.length == 0) { - Gui.asyncMessageBox( - "Der Satellit besitzt kein Zertifikat. Verschlüsselte Verbindung nicht möglich.\n\n" - + "Möchten Sie trotzdem fortfahren?", MessageType.WARNING, LOGGER, null); - // TODO: Ask and do + Boolean ret = Gui.syncExec(new GuiCallable() { + @Override + public Boolean run() { + return Gui.showMessageBox(null, + "Der Satellit besitzt kein Zertifikat. Verschlüsselte Verbindung nicht möglich.\n\n" + + "Möchten Sie trotzdem fortfahren?", MessageType.WARNING, LOGGER, + null); + } + }); + if (ret) + return; throw new CertificateException("No certificate provided by server"); } byte[] encoded = certs[0].getEncoded(); @@ -51,14 +58,15 @@ public class GraphicalCertHandler { byte[] expectedFingerprint = FingerprintManager.getFingerprint(address); final String question; if (expectedFingerprint == null) { - // Not known yet, ask - question = "Magst du die Zahl " + actualFingerprintReadable + "?"; + // First time we connect to this server, so remember the fingerprint + FingerprintManager.saveFingerprint(address, actualFingerprint); + return; } else if (Arrays.equals(actualFingerprint, expectedFingerprint)) { // Known, matches, everything's fine return; } else { // Known, mismatch, panic! - question = "!!! ALARM !!!! ALARM !!! *trage hol*\n\n" + "Der Fingerabdruck von " + address + question = "!!! ALARM !!!! ALARM !!!\n\n" + "Der Fingerabdruck von " + address + " hat sich verändert.\n" + "Erwartet: " + new BigInteger(expectedFingerprint).toString(16) + "\n" + "Vorgefunden: " + actualFingerprintReadable + "\n\n" -- cgit v1.2.3-55-g7522