[pve-devel] r5424 - in vncterm/pve2: . tigerpatches

svn-commits at proxmox.com svn-commits at proxmox.com
Mon Jan 24 16:08:10 CET 2011


Author: dietmar
Date: 2011-01-24 16:08:10 +0100 (Mon, 24 Jan 2011)
New Revision: 5424

Added:
   vncterm/pve2/tigerpatches/trust-manager.patch
Modified:
   vncterm/pve2/VncViewer.jar
   vncterm/pve2/tigerpatches/export-ctrl-alt-delete.patch
   vncterm/pve2/tigerpatches/javascript-events.patch
   vncterm/pve2/tigerpatches/series
Log:
trust manager imjplementation


Modified: vncterm/pve2/VncViewer.jar
===================================================================
(Binary files differ)

Modified: vncterm/pve2/tigerpatches/export-ctrl-alt-delete.patch
===================================================================
--- vncterm/pve2/tigerpatches/export-ctrl-alt-delete.patch	2011-01-24 09:56:06 UTC (rev 5423)
+++ vncterm/pve2/tigerpatches/export-ctrl-alt-delete.patch	2011-01-24 15:08:10 UTC (rev 5424)
@@ -1,8 +1,8 @@
 Index: new/java/src/com/tigervnc/vncviewer/VncViewer.java
 ===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-18 14:19:59.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-18 14:19:59.000000000 +0100
-@@ -465,6 +465,30 @@
+--- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-24 16:08:09.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-24 16:08:15.000000000 +0100
+@@ -467,6 +467,30 @@
    }
  
  

Modified: vncterm/pve2/tigerpatches/javascript-events.patch
===================================================================
--- vncterm/pve2/tigerpatches/javascript-events.patch	2011-01-24 09:56:06 UTC (rev 5423)
+++ vncterm/pve2/tigerpatches/javascript-events.patch	2011-01-24 15:08:10 UTC (rev 5424)
@@ -1,7 +1,7 @@
 Index: new/java/src/com/tigervnc/vncviewer/VncViewer.java
 ===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-19 07:05:12.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-19 07:37:43.000000000 +0100
+--- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-24 15:39:36.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-24 16:08:09.000000000 +0100
 @@ -27,11 +27,15 @@
  
  package com.tigervnc.vncviewer;
@@ -98,8 +98,8 @@
    //
 Index: new/java/src/com/tigervnc/vncviewer/Makefile
 ===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/Makefile	2011-01-19 07:05:12.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/Makefile	2011-01-19 07:33:58.000000000 +0100
+--- new.orig/java/src/com/tigervnc/vncviewer/Makefile	2011-01-24 15:39:36.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/Makefile	2011-01-24 16:08:09.000000000 +0100
 @@ -4,7 +4,10 @@
  
  CP = cp

Modified: vncterm/pve2/tigerpatches/series
===================================================================
--- vncterm/pve2/tigerpatches/series	2011-01-24 09:56:06 UTC (rev 5423)
+++ vncterm/pve2/tigerpatches/series	2011-01-24 15:08:10 UTC (rev 5424)
@@ -1,3 +1,4 @@
 #keydebug.patch
 javascript-events.patch
 export-ctrl-alt-delete.patch
+trust-manager.patch

Added: vncterm/pve2/tigerpatches/trust-manager.patch
===================================================================
--- vncterm/pve2/tigerpatches/trust-manager.patch	                        (rev 0)
+++ vncterm/pve2/tigerpatches/trust-manager.patch	2011-01-24 15:08:10 UTC (rev 5424)
@@ -0,0 +1,181 @@
+
+ Unfortunately the java certificate store does not correctly access 
+ the browser certificate store (firefox, chrome). So we implement our 
+ own trust manager, and allow to pass the certificate as applet
+ parameter "PVECert" (newline encoded as '|').
+
+Index: new/java/src/com/tigervnc/vncviewer/X509Tunnel.java
+===================================================================
+--- new.orig/java/src/com/tigervnc/vncviewer/X509Tunnel.java	2011-01-24 15:39:36.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/X509Tunnel.java	2011-01-24 16:08:18.000000000 +0100
+@@ -26,13 +26,23 @@
+ import javax.net.ssl.*;
+ import java.security.*;
+ import java.security.cert.*;
++import java.security.cert.Certificate;
++import java.security.cert.CertificateFactory;
++import java.io.*;
+ 
+ public class X509Tunnel extends TLSTunnelBase
+ {
+ 
+-  public X509Tunnel (Socket sock_)
++  Certificate pvecert;
++
++  public X509Tunnel (Socket sock_, String certstr) throws CertificateException
+   {
+     super (sock_);
++
++    if (certstr != null) {
++      CertificateFactory cf = CertificateFactory.getInstance("X.509");
++      pvecert = cf.generateCertificate(new StringBufferInputStream(certstr));
++    }
+   }
+ 
+   protected void setParam (SSLSocket sock)
+@@ -52,9 +62,42 @@
+   protected void initContext (SSLContext sc) throws java.security.
+     GeneralSecurityException
+   {
+-    TrustManager[] myTM = new TrustManager[]
+-    {
+-    new MyX509TrustManager ()};
++    TrustManager[] myTM;
++
++    if (pvecert != null) {
++      myTM = new TrustManager[] {
++	new X509TrustManager() {
++	  public java.security.cert.X509Certificate[]
++	  getAcceptedIssuers() {
++	    return null;
++	  }
++	  public void checkClientTrusted(
++	    java.security.cert.X509Certificate[] certs,
++	    String authType) throws CertificateException {
++	    throw new CertificateException("no clients");
++	  }
++	  public void checkServerTrusted(
++	    java.security.cert.X509Certificate[] certs,
++	    String authType) throws CertificateException {
++
++	    if (certs == null || certs.length < 1) {
++	      throw new CertificateException("no certs");
++	    }
++	    if (certs == null || certs.length > 1) {
++	      throw new CertificateException("cert path too long");
++	    }
++
++	    if (!pvecert.equals(certs[0])) {
++	      throw new CertificateException("certificate does not match");
++	    }
++	  }
++	}
++      };
++    } else {
++      myTM = new TrustManager[] {
++	new MyX509TrustManager ()
++      };
++    }
+     sc.init (null, myTM, null);
+   }
+ 
+@@ -100,4 +143,5 @@
+       return tm.getAcceptedIssuers ();
+     }
+   }
++
+ }
+Index: new/java/src/com/tigervnc/vncviewer/RfbProto.java
+===================================================================
+--- new.orig/java/src/com/tigervnc/vncviewer/RfbProto.java	2011-01-24 15:39:36.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/RfbProto.java	2011-01-24 16:08:18.000000000 +0100
+@@ -411,7 +411,8 @@
+     }
+ 
+     void authenticateX509() throws Exception {
+-	X509Tunnel tunnel = new X509Tunnel(sock);
++
++      X509Tunnel tunnel = new X509Tunnel(sock, viewer.PVECert);
+ 	tunnel.setup (this);
+     }
+ 
+Index: new/java/src/com/tigervnc/vncviewer/VncViewer.java
+===================================================================
+--- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-24 16:08:15.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/VncViewer.java	2011-01-24 16:08:18.000000000 +0100
+@@ -95,6 +95,8 @@
+   int debugStatsExcludeUpdates;
+   int debugStatsMeasureUpdates;
+ 
++  String PVECert;
++
+   JSObject jswin;
+   String myid;
+ 
+@@ -278,7 +280,7 @@
+ 	fatalError(e.toString(), e);
+       }
+     }
+-    
++
+   }
+ 
+   //
+@@ -314,7 +316,7 @@
+   // If the rfbThread is being stopped, ignore any exceptions,
+   // otherwise rethrow the exception so it can be handled.
+   //
+- 
++
+   void processNormalProtocol() throws Exception {
+     try {
+       vc.processNormalProtocol();
+@@ -849,6 +851,11 @@
+ 
+     // SocketFactory.
+     socketFactory = readParameter("SocketFactory", false);
++
++    String tmpcert = readParameter("PVECert", false);
++    if (tmpcert != null) {
++      PVECert = tmpcert.replace('|', '\n');
++    }
+   }
+ 
+   //
+@@ -1002,7 +1009,7 @@
+   }
+ 
+   synchronized public void fatalError(String str, Exception e) {
+- 
++
+     if (rfb != null && rfb.closed()) {
+       // Not necessary to show error message if the error was caused
+       // by I/O problems after the rfb.close() method call.
+@@ -1100,11 +1107,11 @@
+   public void enableInput(boolean enable) {
+     vc.enableInput(enable);
+   }
+-  
++
+   //
+   // Resize framebuffer if autoScale is enabled.
+   //
+-  
++
+   public void componentResized(ComponentEvent e) {
+     if (e.getComponent() == vncFrame) {
+       if (options.autoScale) {
+@@ -1116,11 +1123,11 @@
+       }
+     }
+   }
+-  
++
+   //
+   // Ignore component events we're not interested in.
+   //
+-  
++
+   public void componentShown(ComponentEvent e) { }
+   public void componentMoved(ComponentEvent e) { }
+   public void componentHidden(ComponentEvent e) { }



More information about the pve-devel mailing list