Skip to content

L
libvncserver
Commit c5055013 authored by runge's avatar runge
Browse files
Options

reverse connections for ss_vncviewer. java one-time-keys.

parent 61c56222
Hide whitespace changes
Inline Side-by-side
Showing with 385 additions and 41 deletions
classes/ssl/ss_vncviewer
View file @ c5055013
......@@ -38,6 +38,9 @@
# (the first CONNECT is done through host1:port1 to host2:port2
# and then a 2nd CONNECT to the destination VNC server.)
#
# -showcert Only fetch the certificate using the 'openssl s_client'
# command (openssl(1) must in installed).
#
# See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
# certificates with VNC.
#
......@@ -91,6 +94,7 @@
#
# ss_vncviewer -sshssl -proxy fred@mygate.com mymachine:0
#
# -listen (or -reverse) set up a reverse connection.
#
# -alpha turn on cursor alphablending hack if you are using the
# enhanced tightvnc vncviewer.
......@@ -108,6 +112,8 @@ VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
#
#set -xv
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
if [ "X$STUNNEL" = "X" ]; then
......@@ -128,18 +134,27 @@ use_ssh=""
use_sshssl=""
direct_connect=""
ssh_sleep=15
ssh_cmd="sleep $ssh_sleep"
if echo "$*" | grep '.*-listen' > /dev/null; then
ssh_sleep=1800
fi
ssh_cmd=""
if [ "X$SS_VNCVIEWER_SSH_CMD" != "X" ]; then
ssh_cmd="$SS_VNCVIEWER_SSH_CMD"
fi
ssh_args=""
showcert=""
reverse=""
if [ "X$1" = "X-viewerflavor" ]; then
if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
echo "cotvnc"
exit 0
fi
str=`"$VNCVIEWERCMD" -h 2>&1 | head -5`
if echo "$VNCVIEWERCMD" | grep -i ultra > /dev/null; then
echo "ultravnc"
exit 0
fi
str=`$VNCVIEWERCMD -h 2>&1 | head -5`
if echo "$str" | grep -i 'TightVNC.viewer' > /dev/null; then
echo "tightvnc"
elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then
......@@ -173,6 +188,12 @@ do
;;
"-alpha") gotalpha=1
;;
"-showcert") showcert=1
;;
"-listen") reverse=1
;;
"-reverse") reverse=1
;;
"-grab") VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
;;
"-h"*) help; exit 0
......@@ -185,10 +206,36 @@ do
shift
done
if [ "X$gotalpha" != "X1" ]; then
if [ "X$gotalpha" = "X1" ]; then
VNCVIEWER_ALPHABLEND=1
export VNCVIEWER_ALPHABLEND
else
NO_ALPHABLEND=1
export NO_ALPHABLEND
fi
if [ "X$reverse" != "X" ]; then
ssh_sleep=1800
if [ "X$use_ssh" = "X1" ]; then
VNCVIEWER_LISTEN_LOCALHOST=1
export VNCVIEWER_LISTEN_LOCALHOST
fi
if [ "X$proxy" != "X" ]; then
if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
echo ""
echo "*Warning*: SSL -listen and a Web proxy does not make sense."
sleep 3
elif echo "$proxy" | grep "," > /dev/null; then
:
else
echo ""
echo "*Warning*: -listen and a single proxy/gateway does not make sense."
sleep 3
fi
fi
fi
if [ "X$ssh_cmd" = "X" ]; then
ssh_cmd="sleep $ssh_sleep"
fi
orig="$1"
shift
......@@ -207,13 +254,17 @@ if echo "$orig" | grep '^vnc://' > /dev/null; then
use_ssh=""
use_sshssl=""
direct_connect=1
elif echo "$orig" | grep '^vncs://' > /dev/null; then
orig=`echo "$orig" | sed -e 's,vncs://,,'`
fi
# play around with host:display port:
if echo "$orig" | grep ':' > /dev/null; then
:
else
orig="$orig:0"
if [ "X$reverse" = "X" ]; then
orig="$orig:0"
fi
fi
host=`echo "$orig" | awk -F: '{print $1}'`
......@@ -221,8 +272,14 @@ disp=`echo "$orig" | awk -F: '{print $2}'`
if [ "X$host" = "X" ]; then
host=localhost
fi
if [ $disp -lt 200 ]; then
port=`expr $disp + 5900`
if [ $disp -lt 0 ]; then
port=`expr 0 - $disp`
elif [ $disp -lt 200 ]; then
if [ "X$reverse" = "X" ]; then
port=`expr $disp + 5900`
else
port=`expr $disp + 5500`
fi
else
port=$disp
fi
......@@ -263,12 +320,47 @@ findfree() {
echo $use0
}
use=`findfree 5930`
final() {
echo ""
if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
rm -f $SS_VNCVIEWER_RM 2>/dev/null
fi
if [ "X$tcert" != "X" ]; then
rm -f $tcert
fi
if [ "X$pssh" != "X" ]; then
echo "Terminating background ssh process"
echo kill -TERM "$pssh"
kill -TERM "$pssh" 2>/dev/null
sleep 1
kill -KILL "$pssh" 2>/dev/null
pssh=""
fi
if [ "X$stunnel_pid" != "X" ]; then
echo "Terminating background stunnel process"
echo kill -TERM "$stunnel_pid"
kill -TERM "$stunnel_pid" 2>/dev/null
sleep 1
kill -KILL "$stunnel_pid" 2>/dev/null
stunnel_pid=""
fi
}
if [ $use -ge 5900 ]; then
N=`expr $use - 5900`
if [ "X$reverse" = "X" ]; then
use=`findfree 5930`
if [ $use -ge 5900 ]; then
N=`expr $use - 5900`
else
N=$use
fi
else
N=$use
p2=`expr $port + 30`
use=`findfree $p2`
if [ $use -ge 5500 ]; then
N=`expr $use - 5500`
else
N=$use
fi
fi
if echo "$0" | grep vncip > /dev/null; then
......@@ -280,6 +372,7 @@ if [ "X$use_ssh" = "X1" ]; then
ssh_host="$host"
vnc_host="localhost"
ssh=${SSH:-"ssh -x"}
if echo "$proxy" | grep "," > /dev/null; then
proxy1=`echo "$proxy" | awk -F, '{print $1}'`
proxy2=`echo "$proxy" | awk -F, '{print $2}'`
......@@ -312,6 +405,7 @@ if [ "X$use_ssh" = "X1" ]; then
stty sane
proxy="${ssh_user2}localhost:$proxport"
fi
if [ "X$proxy" != "X" ]; then
ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
if [ "X$ssh_port" = "X" ]; then
......@@ -333,6 +427,12 @@ if [ "X$use_ssh" = "X1" ]; then
if [ "X$SS_VNCVIEWER_USE_C" != "X" ]; then
C="-C"
fi
if [ "X$reverse" = "X" ]; then
ssh_redir="-L ${use}:${vnc_host}:${port}"
else
ssh_redir="-R ${port}:${vnc_host}:${use}"
fi
pmark=`sh -c 'echo $$'`
# the -t option actually speeds up typing response via VNC!!
if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
echo "$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host \"$info\""
......@@ -340,20 +440,32 @@ if [ "X$use_ssh" = "X1" ]; then
$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd"
exit $?
elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
echo "$ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
echo "$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
$ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
else
echo "$ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
echo "$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
$ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
fi
if [ "$?" != "0" ]; then
echo ""
echo "ssh to $ssh_host failed."
exit 1
fi
echo ""
stty sane
c=0
pssh=""
while [ $c -lt 30 ]
do
p=`expr $pmark + $c`
if ps -p "$p" 2>&1 | grep "$ssh" > /dev/null; then
pssh=$p
break
fi
c=`expr $c + 1`
done
if [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
sleep 1
else
......@@ -363,11 +475,23 @@ if [ "X$use_ssh" = "X1" ]; then
echo ""
#reset
stty sane
#echo "pssh=\"$pssh\""
if [ "X$use_sshssl" = "X" ]; then
echo "Running viewer:"
echo "$VNCVIEWERCMD" "$@" localhost:$N
echo ""
"$VNCVIEWERCMD" "$@" localhost:$N
trap "final" 0 2 15
if [ "X$reverse" = "X" ]; then
echo "$VNCVIEWERCMD" "$@" localhost:$N
echo ""
$VNCVIEWERCMD "$@" localhost:$N
else
echo ""
echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
echo ""
echo "$VNCVIEWERCMD" "$@" -listen $N
echo ""
$VNCVIEWERCMD "$@" -listen $N
fi
exit $?
else
......@@ -571,11 +695,39 @@ if [ "X$proxy" != "X" ]; then
ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
mytmp "$ptmp"
pcode "$ptmp"
connect="exec = $ptmp"
if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
if uname | grep Darwin >/dev/null; then
nd=`expr $use + 333`
SSVNC_LISTEN=$nd
export SSVNC_LISTEN
$ptmp 2>/dev/null &
sleep 3
host="localhost"
port="$nd"
connect="connect = localhost:$nd"
else
connect="exec = $ptmp"
fi
else
connect="exec = $ptmp"
fi
else
connect="connect = $host:$port"
fi
if [ "X$showcert" = "X1" ]; then
if [ "X$proxy" != "X" ]; then
SSVNC_LISTEN=$use
export SSVNC_LISTEN
$ptmp 2>/dev/null &
sleep 3
host="localhost"
port="$use"
fi
openssl s_client -connect $host:$port 2>&1 < /dev/null
exit $?
fi
if [ "X$direct_connect" != "X" ]; then
echo ""
echo "Running viewer for direct connection:"
......@@ -596,21 +748,37 @@ if [ "X$direct_connect" != "X" ]; then
SSVNC_LISTEN=$use
export SSVNC_LISTEN
$ptmp &
sleep 2
if [ "X$reverse" = "X" ]; then
sleep 2
fi
host="localhost"
disp="$N"
fi
echo "$VNCVIEWERCMD" "$@" $host:$disp
echo ""
"$VNCVIEWERCMD" "$@" $host:$disp
if [ "X$reverse" = "X" ]; then
echo "$VNCVIEWERCMD" "$@" $host:$disp
trap "final" 0 2 15
echo ""
$VNCVIEWERCMD "$@" $host:$disp
else
echo ""
echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
echo ""
echo "$VNCVIEWERCMD" "$@" -listen $N
trap "final" 0 2 15
echo ""
$VNCVIEWERCMD "$@" -listen $N
fi
exit $?
fi
##debug = 7
## debug = 6
tmp=/tmp/ss_vncviewer${RANDOM}.$$
mytmp "$tmp"
cat > "$tmp" <<END
if [ "X$reverse" = "X" ]; then
cat > "$tmp" <<END
foreground = yes
pid =
client = yes
......@@ -622,7 +790,92 @@ $cert
[vnc_stunnel]
accept = localhost:$use
$connect
END
else
p2=`expr 5500 + $N`
connect="connect = localhost:$p2"
if [ "X$cert" = "X" ]; then
tcert="/tmp/tcert.$$"
cat > $tcert <<END
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
+zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
dMw1yW09l+eEo4A7GzwOdw==
-----END CERTIFICATE-----
END
chmod 600 $tcert
cert="cert = $tcert"
fi
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
hloc=""
if [ "X$use_ssh" = "X1" ]; then
hloc="localhost:"
fi
cat > "$tmp" <<END
foreground = yes
pid =
client = no
debug = 6
$STUNNEL_EXTRA_OPTS
$verify
$cert
[vnc_stunnel]
accept = $hloc$port
$connect
END
fi
echo ""
echo "Using this stunnel configuration:"
......@@ -632,25 +885,39 @@ echo ""
sleep 1
echo ""
echo "Running: stunnel"
echo "Running stunnel:"
echo "$STUNNEL $tmp"
$STUNNEL "$tmp" < /dev/tty > /dev/tty &
pid=$!
stunnel_pid=$!
echo ""
# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
sleep 4
sleep 2
echo ""
echo "(pausing for possible certificate passphrase dialog)"
echo ""
sleep 2
fi
sleep 2
rm -f "$tmp"
echo ""
echo "Running viewer:"
echo "$VNCVIEWERCMD" "$@" localhost:$N
echo ""
"$VNCVIEWERCMD" "$@" localhost:$N
if [ "X$reverse" = "X" ]; then
echo "$VNCVIEWERCMD" "$@" localhost:$N
trap "final" 0 2 15
echo ""
$VNCVIEWERCMD "$@" localhost:$N
else
echo ""
echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
echo ""
echo "$VNCVIEWERCMD" "$@" -listen $N
trap "final" 0 2 15
echo ""
$VNCVIEWERCMD "$@" -listen $N
fi
kill $pid
sleep 1
classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
View file @ c5055013
......@@ -73,8 +73,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto
serverMajor = (b[4] - '0') * 100 + (b[5] - '0') * 10 + (b[6] - '0');
diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSLSocketToMe.java
--- vnc_javasrc.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500
+++ vnc_javasrc/SSLSocketToMe.java 2006-09-23 18:35:25.000000000 -0400
@@ -0,0 +1,1301 @@
+++ vnc_javasrc/SSLSocketToMe.java 2007-02-21 23:27:10.000000000 -0500
@@ -0,0 +1,1366 @@
+/*
+ * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer.
+ *
......@@ -100,9 +100,14 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+import java.net.*;
+import java.io.*;
+import javax.net.ssl.*;
+import java.security.cert.*;
+import java.util.*;
+
+import java.security.*;
+import java.security.cert.*;
+import java.security.spec.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+
+import java.awt.*;
+import java.awt.event.*;
+
......@@ -149,6 +154,25 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ java.security.cert.Certificate[] trustallCerts = null;
+ java.security.cert.Certificate[] trusturlCerts = null;
+
+ byte[] hex2bytes(String s) {
+ byte[] bytes = new byte[s.length()/2];
+ for (int i=0; i<s.length()/2; i++) {
+ int j = 2*i;
+ try {
+ int val = Integer.parseInt(s.substring(j, j+2), 16);
+ if (val > 127) {
+ val -= 256;
+ }
+ Integer I = new Integer(val);
+ bytes[i] = Byte.decode(I.toString()).byteValue();
+
+ } catch (Exception e) {
+ ;
+ }
+ }
+ return bytes;
+ }
+
+ SSLSocketToMe(String h, int p, VncViewer v) throws Exception {
+ host = h;
+ port = p;
......@@ -338,10 +362,48 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ * 2) to subsequently connect to the server if user agrees.
+ */
+
+ KeyManager[] mykey = null;
+
+ if (viewer.oneTimeKey != null && viewer.oneTimeKey.indexOf(",") > 0) {
+ int idx = viewer.oneTimeKey.indexOf(",");
+
+ String onetimekey = viewer.oneTimeKey.substring(0, idx);
+ byte[] key = hex2bytes(onetimekey);
+ String onetimecert = viewer.oneTimeKey.substring(idx+1);
+ byte[] cert = hex2bytes(onetimecert);
+
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec ( key );
+ PrivateKey ff = kf.generatePrivate (keysp);
+ dbg("ff " + ff);
+ String cert_str = new String(cert);
+
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ Collection c = cf.generateCertificates(new ByteArrayInputStream(cert));
+ Certificate[] certs = new Certificate[c.toArray().length];
+ if (c.size() == 1) {
+ Certificate tmpcert = cf.generateCertificate(new ByteArrayInputStream(cert));
+ dbg("tmpcert" + tmpcert);
+ certs[0] = tmpcert;
+ } else {
+ certs = (Certificate[]) c.toArray();
+ }
+
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+ ks.setKeyEntry("onetimekey", ff, "".toCharArray(), certs);
+ String da = KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(da);
+ kmf.init(ks, "".toCharArray());
+
+ mykey = kmf.getKeyManagers();
+ }
+
+
+ /* trust loc certs: */
+ try {
+ trustloc_ctx = SSLContext.getInstance("SSL");
+ trustloc_ctx.init(null, null, new
+ trustloc_ctx.init(mykey, null, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
......@@ -353,7 +415,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ /* trust all certs: */
+ try {
+ trustall_ctx = SSLContext.getInstance("SSL");
+ trustall_ctx.init(null, trustAllCerts, new
+ trustall_ctx.init(mykey, trustAllCerts, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
......@@ -365,7 +427,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ /* trust url certs: */
+ try {
+ trusturl_ctx = SSLContext.getInstance("SSL");
+ trusturl_ctx.init(null, trustUrlCert, new
+ trusturl_ctx.init(mykey, trustUrlCert, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
......@@ -377,7 +439,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ /* trust the one cert from server: */
+ try {
+ trustone_ctx = SSLContext.getInstance("SSL");
+ trustone_ctx.init(null, trustOneCert, new
+ trustone_ctx.init(mykey, trustOneCert, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
......@@ -563,6 +625,9 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ if (viewer.trustAllVncCerts) {
+ dbg("viewer.trustAllVncCerts-2");
+ user_wants_to_see_cert = false;
+ } else if (viewer.trustUrlVncCert) {
+ dbg("viewer.trustUrlVncCert-1");
+ user_wants_to_see_cert = false;
+ } else {
+ bcd = new BrowserCertsDialog(serv, host + ":" + port);
+ bcd.queryUser();
......@@ -1378,8 +1443,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+}
diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncViewer.java
--- vnc_javasrc.orig/VncViewer.java 2004-03-04 08:34:25.000000000 -0500
+++ vnc_javasrc/VncViewer.java 2006-12-01 02:31:26.000000000 -0500
@@ -88,6 +88,14 @@
+++ vnc_javasrc/VncViewer.java 2007-02-21 23:24:37.000000000 -0500
@@ -88,6 +88,16 @@
int deferCursorUpdates;
int deferUpdateRequests;
......@@ -1388,13 +1453,15 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ String CONNECT;
+ String urlPrefix;
+ String httpsPort;
+ String oneTimeKey;
+ boolean forceProxy;
+ boolean trustAllVncCerts;
+ boolean trustUrlVncCert;
+
// Reference to this applet for inter-applet communication.
public static java.applet.Applet refApplet;
@@ -626,6 +634,53 @@
@@ -626,6 +636,63 @@
// SocketFactory.
socketFactory = readParameter("SocketFactory", false);
......@@ -1435,6 +1502,11 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ }
+ System.out.println("urlPrefix: '" + urlPrefix + "'");
+
+ oneTimeKey = readParameter("oneTimeKey", false);
+ if (oneTimeKey != null) {
+ System.out.println("oneTimeKey: is set");
+ }
+
+ forceProxy = false;
+ str = readParameter("forceProxy", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
......@@ -1444,6 +1516,11 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ str = readParameter("trustAllVncCerts", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ trustAllVncCerts = true;
+ }
+ trustUrlVncCert = false;
+ str = readParameter("trustUrlVncCert", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ trustUrlVncCert = true;
+ }
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment