[pve-devel] r5424 - in vncterm/pve2: . tigerpatches
svn-commits at proxmox.com
svn-commits at proxmox.com
Mon Jan 24 16:08:10 CET 2011
Author: dietmar
Date: 2011-01-24 16:08:10 +0100 (Mon, 24 Jan 2011)
New Revision: 5424
Added:
vncterm/pve2/tigerpatches/trust-manager.patch
Modified:
vncterm/pve2/VncViewer.jar
vncterm/pve2/tigerpatches/export-ctrl-alt-delete.patch
vncterm/pve2/tigerpatches/javascript-events.patch
vncterm/pve2/tigerpatches/series
Log:
trust manager imjplementation
Modified: vncterm/pve2/VncViewer.jar
===================================================================
(Binary files differ)
Modified: vncterm/pve2/tigerpatches/export-ctrl-alt-delete.patch
===================================================================
--- vncterm/pve2/tigerpatches/export-ctrl-alt-delete.patch 2011-01-24 09:56:06 UTC (rev 5423)
+++ vncterm/pve2/tigerpatches/export-ctrl-alt-delete.patch 2011-01-24 15:08:10 UTC (rev 5424)
@@ -1,8 +1,8 @@
Index: new/java/src/com/tigervnc/vncviewer/VncViewer.java
===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-18 14:19:59.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-18 14:19:59.000000000 +0100
-@@ -465,6 +465,30 @@
+--- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-24 16:08:09.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-24 16:08:15.000000000 +0100
+@@ -467,6 +467,30 @@
}
Modified: vncterm/pve2/tigerpatches/javascript-events.patch
===================================================================
--- vncterm/pve2/tigerpatches/javascript-events.patch 2011-01-24 09:56:06 UTC (rev 5423)
+++ vncterm/pve2/tigerpatches/javascript-events.patch 2011-01-24 15:08:10 UTC (rev 5424)
@@ -1,7 +1,7 @@
Index: new/java/src/com/tigervnc/vncviewer/VncViewer.java
===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-19 07:05:12.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-19 07:37:43.000000000 +0100
+--- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-24 15:39:36.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-24 16:08:09.000000000 +0100
@@ -27,11 +27,15 @@
package com.tigervnc.vncviewer;
@@ -98,8 +98,8 @@
//
Index: new/java/src/com/tigervnc/vncviewer/Makefile
===================================================================
---- new.orig/java/src/com/tigervnc/vncviewer/Makefile 2011-01-19 07:05:12.000000000 +0100
-+++ new/java/src/com/tigervnc/vncviewer/Makefile 2011-01-19 07:33:58.000000000 +0100
+--- new.orig/java/src/com/tigervnc/vncviewer/Makefile 2011-01-24 15:39:36.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/Makefile 2011-01-24 16:08:09.000000000 +0100
@@ -4,7 +4,10 @@
CP = cp
Modified: vncterm/pve2/tigerpatches/series
===================================================================
--- vncterm/pve2/tigerpatches/series 2011-01-24 09:56:06 UTC (rev 5423)
+++ vncterm/pve2/tigerpatches/series 2011-01-24 15:08:10 UTC (rev 5424)
@@ -1,3 +1,4 @@
#keydebug.patch
javascript-events.patch
export-ctrl-alt-delete.patch
+trust-manager.patch
Added: vncterm/pve2/tigerpatches/trust-manager.patch
===================================================================
--- vncterm/pve2/tigerpatches/trust-manager.patch (rev 0)
+++ vncterm/pve2/tigerpatches/trust-manager.patch 2011-01-24 15:08:10 UTC (rev 5424)
@@ -0,0 +1,181 @@
+
+ Unfortunately the java certificate store does not correctly access
+ the browser certificate store (firefox, chrome). So we implement our
+ own trust manager, and allow to pass the certificate as applet
+ parameter "PVECert" (newline encoded as '|').
+
+Index: new/java/src/com/tigervnc/vncviewer/X509Tunnel.java
+===================================================================
+--- new.orig/java/src/com/tigervnc/vncviewer/X509Tunnel.java 2011-01-24 15:39:36.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/X509Tunnel.java 2011-01-24 16:08:18.000000000 +0100
+@@ -26,13 +26,23 @@
+ import javax.net.ssl.*;
+ import java.security.*;
+ import java.security.cert.*;
++import java.security.cert.Certificate;
++import java.security.cert.CertificateFactory;
++import java.io.*;
+
+ public class X509Tunnel extends TLSTunnelBase
+ {
+
+- public X509Tunnel (Socket sock_)
++ Certificate pvecert;
++
++ public X509Tunnel (Socket sock_, String certstr) throws CertificateException
+ {
+ super (sock_);
++
++ if (certstr != null) {
++ CertificateFactory cf = CertificateFactory.getInstance("X.509");
++ pvecert = cf.generateCertificate(new StringBufferInputStream(certstr));
++ }
+ }
+
+ protected void setParam (SSLSocket sock)
+@@ -52,9 +62,42 @@
+ protected void initContext (SSLContext sc) throws java.security.
+ GeneralSecurityException
+ {
+- TrustManager[] myTM = new TrustManager[]
+- {
+- new MyX509TrustManager ()};
++ TrustManager[] myTM;
++
++ if (pvecert != null) {
++ myTM = new TrustManager[] {
++ new X509TrustManager() {
++ public java.security.cert.X509Certificate[]
++ getAcceptedIssuers() {
++ return null;
++ }
++ public void checkClientTrusted(
++ java.security.cert.X509Certificate[] certs,
++ String authType) throws CertificateException {
++ throw new CertificateException("no clients");
++ }
++ public void checkServerTrusted(
++ java.security.cert.X509Certificate[] certs,
++ String authType) throws CertificateException {
++
++ if (certs == null || certs.length < 1) {
++ throw new CertificateException("no certs");
++ }
++ if (certs == null || certs.length > 1) {
++ throw new CertificateException("cert path too long");
++ }
++
++ if (!pvecert.equals(certs[0])) {
++ throw new CertificateException("certificate does not match");
++ }
++ }
++ }
++ };
++ } else {
++ myTM = new TrustManager[] {
++ new MyX509TrustManager ()
++ };
++ }
+ sc.init (null, myTM, null);
+ }
+
+@@ -100,4 +143,5 @@
+ return tm.getAcceptedIssuers ();
+ }
+ }
++
+ }
+Index: new/java/src/com/tigervnc/vncviewer/RfbProto.java
+===================================================================
+--- new.orig/java/src/com/tigervnc/vncviewer/RfbProto.java 2011-01-24 15:39:36.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/RfbProto.java 2011-01-24 16:08:18.000000000 +0100
+@@ -411,7 +411,8 @@
+ }
+
+ void authenticateX509() throws Exception {
+- X509Tunnel tunnel = new X509Tunnel(sock);
++
++ X509Tunnel tunnel = new X509Tunnel(sock, viewer.PVECert);
+ tunnel.setup (this);
+ }
+
+Index: new/java/src/com/tigervnc/vncviewer/VncViewer.java
+===================================================================
+--- new.orig/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-24 16:08:15.000000000 +0100
++++ new/java/src/com/tigervnc/vncviewer/VncViewer.java 2011-01-24 16:08:18.000000000 +0100
+@@ -95,6 +95,8 @@
+ int debugStatsExcludeUpdates;
+ int debugStatsMeasureUpdates;
+
++ String PVECert;
++
+ JSObject jswin;
+ String myid;
+
+@@ -278,7 +280,7 @@
+ fatalError(e.toString(), e);
+ }
+ }
+-
++
+ }
+
+ //
+@@ -314,7 +316,7 @@
+ // If the rfbThread is being stopped, ignore any exceptions,
+ // otherwise rethrow the exception so it can be handled.
+ //
+-
++
+ void processNormalProtocol() throws Exception {
+ try {
+ vc.processNormalProtocol();
+@@ -849,6 +851,11 @@
+
+ // SocketFactory.
+ socketFactory = readParameter("SocketFactory", false);
++
++ String tmpcert = readParameter("PVECert", false);
++ if (tmpcert != null) {
++ PVECert = tmpcert.replace('|', '\n');
++ }
+ }
+
+ //
+@@ -1002,7 +1009,7 @@
+ }
+
+ synchronized public void fatalError(String str, Exception e) {
+-
++
+ if (rfb != null && rfb.closed()) {
+ // Not necessary to show error message if the error was caused
+ // by I/O problems after the rfb.close() method call.
+@@ -1100,11 +1107,11 @@
+ public void enableInput(boolean enable) {
+ vc.enableInput(enable);
+ }
+-
++
+ //
+ // Resize framebuffer if autoScale is enabled.
+ //
+-
++
+ public void componentResized(ComponentEvent e) {
+ if (e.getComponent() == vncFrame) {
+ if (options.autoScale) {
+@@ -1116,11 +1123,11 @@
+ }
+ }
+ }
+-
++
+ //
+ // Ignore component events we're not interested in.
+ //
+-
++
+ public void componentShown(ComponentEvent e) { }
+ public void componentMoved(ComponentEvent e) { }
+ public void componentHidden(ComponentEvent e) { }
More information about the pve-devel
mailing list