I2P_Developers/i2p.itoopie
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Un-static part 3: CertificateManager

Browse Source
This commit is contained in:
zzz
2022-01-11 13:21:08 -05:00
parent d8c85586b0
commit 5e3878f9ad
3 changed files with 30 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/net/i2p/itoopie/gui/CertificateGUI.java
View File

@ -23,7 +23,7 @@ public class CertificateGUI {
} }
*/ */
public static synchronized boolean saveNewCert(Main main, File dir, String hostname, X509Certificate cert){ public static synchronized boolean saveNewCert(Main main, CertificateManager certificateManager, String hostname, X509Certificate cert){
JFrame frame = new JFrame(); JFrame frame = new JFrame();
frame.setLayout(new BorderLayout()); frame.setLayout(new BorderLayout());
JButton bt = new JButton(); JButton bt = new JButton();
@ -60,7 +60,7 @@ public class CertificateGUI {
JOptionPane.INFORMATION_MESSAGE); JOptionPane.INFORMATION_MESSAGE);
if (n == JOptionPane.YES_OPTION){ if (n == JOptionPane.YES_OPTION){
CertificateManager.forcePutServerCert(dir, hostname, CertificateHelper.convert(cert)); certificateManager.forcePutServerCert(hostname, CertificateHelper.convert(cert));
updateUI(main); updateUI(main);
return true; return true;
} else { } else {
@ -69,7 +69,7 @@ public class CertificateGUI {
} }
public static boolean overwriteCert(Main main, File dir, String hostname, X509Certificate cert){ public static boolean overwriteCert(Main main, CertificateManager certificateManager, String hostname, X509Certificate cert){
JFrame frame = new JFrame(); JFrame frame = new JFrame();
String title = Transl._t("Warning, new remote host detected"); String title = Transl._t("Warning, new remote host detected");
@ -110,7 +110,7 @@ public class CertificateGUI {
JOptionPane.YES_NO_OPTION, JOptionPane.YES_NO_OPTION,
JOptionPane.ERROR_MESSAGE); JOptionPane.ERROR_MESSAGE);
if (n == JOptionPane.YES_OPTION){ if (n == JOptionPane.YES_OPTION){
CertificateManager.forcePutServerCert(dir, hostname, CertificateHelper.convert(cert)); certificateManager.forcePutServerCert(hostname, CertificateHelper.convert(cert));
updateUI(main); updateUI(main);
return true; // Confirmation positive return true; // Confirmation positive
} else { } else {

40
src/net/i2p/itoopie/security/CertificateManager.java
View File

@ -34,17 +34,17 @@ public class CertificateManager {
private static final String DEFAULT_KEYSTORE_PASSWORD = "nut'nfancy"; private static final String DEFAULT_KEYSTORE_PASSWORD = "nut'nfancy";
private static final String DEFAULT_KEYSTORE_ALGORITHM = "SunX509"; private static final String DEFAULT_KEYSTORE_ALGORITHM = "SunX509";
public static final String DEFAULT_CERT_SPI = "X.509"; public static final String DEFAULT_CERT_SPI = "X.509";
private static KeyStore _ks; private KeyStore _ks;
private static Log _log; private final Log _log = LogFactory.getLog(CertificateManager.class);
private final File dir;
static {
_log = LogFactory.getLog(CertificateManager.class);
}
public CertificateManager(File d) {
dir = d;
}
public static boolean verifyCert(File dir, String storedCertAlias, X509Certificate cert) { public boolean verifyCert(String storedCertAlias, X509Certificate cert) {
try { try {
X509Certificate storedCert = (X509Certificate) getDefaultKeyStore(dir).getCertificate(storedCertAlias); X509Certificate storedCert = (X509Certificate) getDefaultKeyStore().getCertificate(storedCertAlias);
storedCert.verify(cert.getPublicKey()); storedCert.verify(cert.getPublicKey());
return true; return true;
} catch (KeyStoreException e) { } catch (KeyStoreException e) {
@ -54,9 +54,9 @@ public class CertificateManager {
} }
} }
public static boolean contains(File dir, String certName) { public boolean contains(String certName) {
try { try {
return getDefaultKeyStore(dir).containsAlias(certName); return getDefaultKeyStore().containsAlias(certName);
} catch (KeyStoreException e) { } catch (KeyStoreException e) {
_log.error("Error reading certificate with alias, " + certName + " from KeyStore", e); _log.error("Error reading certificate with alias, " + certName + " from KeyStore", e);
} }
@ -98,11 +98,11 @@ public class CertificateManager {
* @param cert - X509Certificate to store * @param cert - X509Certificate to store
* @return - True if store was successful, false in other cases. * @return - True if store was successful, false in other cases.
*/ */
public static boolean forcePutServerCert(File dir, String name, X509Certificate cert) { public boolean forcePutServerCert(String name, X509Certificate cert) {
KeyStore ks = getDefaultKeyStore(dir); KeyStore ks = getDefaultKeyStore();
try { try {
ks.setCertificateEntry(name, cert); ks.setCertificateEntry(name, cert);
saveKeyStore(ks, dir); saveKeyStore(ks);
return true; return true;
} catch (KeyStoreException e) { } catch (KeyStoreException e) {
e.printStackTrace(); e.printStackTrace();
@ -118,14 +118,14 @@ public class CertificateManager {
* @param cert - X509Certificate to overwrite * @param cert - X509Certificate to overwrite
* @return - True if the overwrite was successful, false in other cases * @return - True if the overwrite was successful, false in other cases
*/ */
public static boolean overwriteServerCert(File dir, String name, X509Certificate cert){ public boolean overwriteServerCert(String name, X509Certificate cert){
KeyStore ks = getDefaultKeyStore(dir); KeyStore ks = getDefaultKeyStore();
try { try {
if (ks.containsAlias(name)){ if (ks.containsAlias(name)){
return false; return false;
} else { } else {
getDefaultKeyStore(dir).setCertificateEntry(name, cert); getDefaultKeyStore().setCertificateEntry(name, cert);
saveKeyStore(ks, dir); saveKeyStore(ks);
return true; return true;
} }
} catch (KeyStoreException e) { } catch (KeyStoreException e) {
@ -159,7 +159,7 @@ public class CertificateManager {
* Get KeyStore containing server certs. * Get KeyStore containing server certs.
* @return - KeyStore used for keeping track of server. * @return - KeyStore used for keeping track of server.
*/ */
private static synchronized KeyStore getDefaultKeyStore(File dir) { private synchronized KeyStore getDefaultKeyStore() {
if (_ks == null){ if (_ks == null){
try { try {
_ks = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE); _ks = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE);
@ -177,7 +177,7 @@ public class CertificateManager {
try { try {
_ks = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE); _ks = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE);
_ks.load(null, DEFAULT_KEYSTORE_PASSWORD.toCharArray()); _ks.load(null, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
saveKeyStore(_ks, dir); saveKeyStore(_ks);
return _ks; return _ks;
} catch (Exception e){ } catch (Exception e){
// Log perhaps? // Log perhaps?
@ -188,7 +188,7 @@ public class CertificateManager {
} }
} }
private static void saveKeyStore(KeyStore ks, File dir) { private void saveKeyStore(KeyStore ks) {
try { try {
ks.store(new FileOutputStream(new File(dir, DEFAULT_KEYSTORE_LOCATION)), DEFAULT_KEYSTORE_PASSWORD.toCharArray()); ks.store(new FileOutputStream(new File(dir, DEFAULT_KEYSTORE_LOCATION)), DEFAULT_KEYSTORE_PASSWORD.toCharArray());
} catch (KeyStoreException e) { } catch (KeyStoreException e) {

10
src/net/i2p/itoopie/security/ItoopieHostnameVerifier.java
View File

@ -20,10 +20,12 @@ public class ItoopieHostnameVerifier implements HostnameVerifier {
private static final Object _uiLock = new Object(); private static final Object _uiLock = new Object();
private final Main _main; private final Main _main;
private final File _dir; private final File _dir;
private final CertificateManager certificateManager;
public ItoopieHostnameVerifier(Main main, File dir) { public ItoopieHostnameVerifier(Main main, File dir) {
_main = main; _main = main;
_dir = dir; _dir = dir;
certificateManager = new CertificateManager(dir);
} }
public boolean verify(String urlHostName, SSLSession session) { public boolean verify(String urlHostName, SSLSession session) {
@ -36,12 +38,12 @@ public class ItoopieHostnameVerifier implements HostnameVerifier {
return false; // Deny recently denied hosts. return false; // Deny recently denied hosts.
} }
if (CertificateManager.contains(_dir, serverHost)) { if (certificateManager.contains(serverHost)) {
if (CertificateManager.verifyCert(_dir, serverHost, CertificateHelper.convert(certs[0]))) { if (certificateManager.verifyCert(serverHost, CertificateHelper.convert(certs[0]))) {
return true; // Remote host has provided valid certificate that is stored locally. return true; // Remote host has provided valid certificate that is stored locally.
} else { } else {
// Remote host has provided a certificate that != the stored certificate for this host // Remote host has provided a certificate that != the stored certificate for this host
if (CertificateGUI.overwriteCert(_main, _dir, serverHost, certs[0])) { if (CertificateGUI.overwriteCert(_main, certificateManager, serverHost, certs[0])) {
return true; return true;
} else { } else {
recentlyDeniedHosts.add(session.getPeerHost() + ":" + session.getPeerPort()); recentlyDeniedHosts.add(session.getPeerHost() + ":" + session.getPeerPort());
@ -50,7 +52,7 @@ public class ItoopieHostnameVerifier implements HostnameVerifier {
} }
} else { } else {
// GUI, Add new host! new host // GUI, Add new host! new host
if (CertificateGUI.saveNewCert(_main, _dir, serverHost, certs[0])) { if (CertificateGUI.saveNewCert(_main, certificateManager, serverHost, certs[0])) {
return true; return true;
} else { } else {
recentlyDeniedHosts.add(session.getPeerHost() + ":" + session.getPeerPort()); recentlyDeniedHosts.add(session.getPeerHost() + ":" + session.getPeerPort());