private static String getFingerprint(X509Certificate cert) { try { return getFingerprint(cert.getEncoded(), "SHA1"); } catch (Exception e) { } return null; }
public static StringBuffer getServerCertificatePrompt(X509Certificate cert, String realm, String hostName) { return getServerCertificatePrompt(cert, realm, hostName, EnumSet.noneOf(SVNCertificateFailureKind.class)); }
public static StringBuffer getServerCertificatePrompt(X509Certificate cert, String realm, String hostName) { int failures = getServerCertificateFailures(cert, hostName); StringBuffer prompt = new StringBuffer(); prompt.append("Error validating server certificate for '"); prompt.append(realm); prompt.append("':\n"); if ((failures & 8) != 0) { prompt.append(" - The certificate is not issued by a trusted authority. Use the\n" + " fingerprint to validate the certificate manually!\n"); } if ((failures & 4) != 0) { prompt.append(" - The certificate hostname does not match.\n"); } if ((failures & 2) != 0) { prompt.append(" - The certificate has expired.\n"); } if ((failures & 1) != 0) { prompt.append(" - The certificate is not yet valid.\n"); } getServerCertificateInfo(cert, prompt); return prompt; }
public int acceptServerAuthentication(SVNURL url, String realm, Object serverAuth, boolean resultMayBeStored) { if (myPrompt instanceof PromptUserPassword2 && serverAuth instanceof X509Certificate) { PromptUserPassword2 sslPrompt = (PromptUserPassword2) myPrompt; serverAuth = serverAuth instanceof X509Certificate ? SVNSSLUtil.getServerCertificatePrompt((X509Certificate) serverAuth, realm, url.getHost()) : serverAuth; if (serverAuth == null) { serverAuth = "Unsupported certificate type '" + (serverAuth != null ? serverAuth.getClass().getName() : "null") + "'"; } return sslPrompt.askTrustSSLServer(serverAuth.toString(), resultMayBeStored); } else if (myPrompt != null && serverAuth instanceof byte[]) { String prompt = "The ''{0}'' server''s key fingerprint is:\n{1}\n" + "If you trust this host, select ''Yes'' to add the key to the SVN cache and carry on connecting.\n" + "If you do not trust this host, select ''No'' to abandon the connection."; prompt = MessageFormat.format(prompt, new Object[] {url.getHost(), SVNSSLUtil.getFingerprint((byte[]) serverAuth, "MD5")}); if (!myPrompt.askYesNo(realm, prompt, false)) { return REJECTED; } } return ACCEPTED; }
int failures = SVNSSLUtil.getServerCertificateFailures(certs[0], myURL.getHost());
public int acceptServerAuthentication(SVNURL url, String realm, Object serverAuth, boolean resultMayBeStored) { if (serverAuth instanceof X509Certificate) { serverAuth = serverAuth instanceof X509Certificate ? SVNSSLUtil.getServerCertificatePrompt((X509Certificate) serverAuth, realm, url.getHost()) : serverAuth; if (serverAuth == null) { serverAuth = "Unsupported certificate type '" + (serverAuth != null ? serverAuth.getClass().getName() : "null") + "'"; } return prompt.askTrustSSLServer(serverAuth.toString(), resultMayBeStored); } else if (prompt != null && serverAuth instanceof byte[]) { String prompt = "The ''{0}'' server''s key fingerprint is:\n{1}\n" + "If you trust this host, select ''Yes'' to add the key to the SVN cache and carry on connecting.\n" + "If you do not trust this host, select ''No'' to abandon the connection."; prompt = MessageFormat.format(prompt, new Object[]{url.getHost(), SVNSSLUtil.getFingerprint((byte[]) serverAuth, "MD5")}); if (!this.prompt.askYesNo(realm, prompt, false)) { return REJECTED; } } return ACCEPTED; }
int failures = SVNSSLUtil.getServerCertificateFailures(certs[0], myURL.getHost());
prompt.append("\n(R)eject or accept (t)emporarily? "); System.err.print(MessageFormat.format(prompt.toString(), new Object[] {url.getHost(), SVNSSLUtil.getFingerprint((byte[]) certificate, "MD5")})); System.err.flush(); while(true) { StringBuffer prompt = SVNSSLUtil.getServerCertificatePrompt(cert, realm, hostName, trustServerCertificateFailureKinds); if (resultMayBeStored) { prompt.append("\n(R)eject, accept (t)emporarily or accept (p)ermanently? ");
private static String getFingerprint(X509Certificate cert) { try { return getFingerprint(cert.getEncoded()); } catch (Exception e) { } return null; }
public int acceptServerAuthentication(SVNURL url, String realm, Object serverAuth, boolean resultMayBeStored) { if (serverAuth != null && myPrompt instanceof PromptUserPassword2) { PromptUserPassword2 sslPrompt = (PromptUserPassword2) myPrompt; serverAuth = serverAuth instanceof X509Certificate ? SVNSSLUtil.getServerCertificatePrompt((X509Certificate) serverAuth, realm, url.getHost()) : serverAuth; if (serverAuth == null) { serverAuth = "Unsupported certificate type '" + (serverAuth != null ? serverAuth.getClass().getName() : "null") + "'"; } return sslPrompt.askTrustSSLServer(serverAuth.toString(), resultMayBeStored); } return ACCEPTED; }
public static StringBuffer getServerCertificatePrompt(X509Certificate cert, String realm, String hostName) { int failures = getServerCertificateFailures(cert, hostName); StringBuffer prompt = new StringBuffer(); prompt.append("Error validating server certificate for '"); prompt.append(realm); prompt.append("':\n"); if ((failures & 8) != 0) { prompt.append(" - The certificate is not issued by a trusted authority. Use the\n" + " fingerprint to validate the certificate manually!\n"); } if ((failures & 4) != 0) { prompt.append(" - The certificate hostname does not match.\n"); } if ((failures & 2) != 0) { prompt.append(" - The certificate has expired.\n"); } if ((failures & 1) != 0) { prompt.append(" - The certificate is not yet valid.\n"); } getServerCertificateInfo(cert, prompt); return prompt; }
int failures = SVNSSLUtil.getServerCertificateFailures(certs[0], myURL.getHost());
prompt.append("\n(R)eject or accept (t)emporarily? "); System.err.print(MessageFormat.format(prompt.toString(), new Object[] {url.getHost(), SVNSSLUtil.getFingerprint((byte[]) certificate, "MD5")})); System.err.flush(); while(true) { StringBuffer prompt = SVNSSLUtil.getServerCertificatePrompt(cert, realm, hostName, trustServerCertificateFailureKinds); if (resultMayBeStored) { prompt.append("\n(R)eject, accept (t)emporarily or accept (p)ermanently? ");
private static void getServerCertificateInfo(X509Certificate cert, StringBuffer info) { info.append("Certificate information:"); info.append('\n'); info.append(" - Subject: "); info.append(cert.getSubjectDN().getName()); info.append('\n'); info.append(" - Valid: "); info.append("from " + cert.getNotBefore() + " until " + cert.getNotAfter()); info.append('\n'); info.append(" - Issuer: "); info.append(cert.getIssuerDN().getName()); info.append('\n'); info.append(" - Fingerprint: "); info.append(getFingerprint(cert)); }
public int acceptServerAuthentication(SVNURL url, String realm, Object serverAuth, boolean resultMayBeStored) { if (myPrompt instanceof PromptUserPassword2 && serverAuth instanceof X509Certificate) { PromptUserPassword2 sslPrompt = (PromptUserPassword2) myPrompt; serverAuth = serverAuth instanceof X509Certificate ? SVNSSLUtil.getServerCertificatePrompt((X509Certificate) serverAuth, realm, url.getHost()) : serverAuth; if (serverAuth == null) { serverAuth = "Unsupported certificate type '" + (serverAuth != null ? serverAuth.getClass().getName() : "null") + "'"; } return sslPrompt.askTrustSSLServer(serverAuth.toString(), resultMayBeStored); } else if (myPrompt != null && serverAuth instanceof byte[]) { String prompt = "The ''{0}'' server''s key fingerprint is:\n{1}\n" + "If you trust this host, select ''Yes'' to add the key to the SVN cache and carry on connecting.\n" + "If you do not trust this host, select ''No'' to abandon the connection."; if (!myPrompt.askYesNo(realm, prompt, false)) { return REJECTED; } } return ACCEPTED; }
public static StringBuffer getServerCertificatePrompt(X509Certificate cert, String realm, String hostName, EnumSet<SVNCertificateFailureKind> trustCertificateFailureKinds) { int failures = getServerCertificateFailures(cert, hostName); int trustMask = SVNCertificateFailureKind.createMask(trustCertificateFailureKinds); failures &= ~trustMask; StringBuffer prompt = new StringBuffer(); prompt.append("Error validating server certificate for '"); prompt.append(realm); prompt.append("':\n"); if ((failures & SVNCertificateFailureKind.UNKNOWN_CA.getCode()) != 0) { prompt.append(" - The certificate is not issued by a trusted authority. Use the\n" + " fingerprint to validate the certificate manually!\n"); } if ((failures & SVNCertificateFailureKind.CN_MISMATCH.getCode()) != 0) { prompt.append(" - The certificate hostname does not match.\n"); } if ((failures & SVNCertificateFailureKind.EXPIRED.getCode()) != 0) { prompt.append(" - The certificate has expired.\n"); } if ((failures & SVNCertificateFailureKind.NOT_YET_VALID.getCode()) != 0) { prompt.append(" - The certificate is not yet valid.\n"); } getServerCertificateInfo(cert, prompt); return prompt; }
private static void getServerCertificateInfo(X509Certificate cert, StringBuffer info) { info.append("Certificate information:"); info.append('\n'); info.append(" - Subject: "); info.append(cert.getSubjectDN().getName()); info.append('\n'); info.append(" - Valid: "); info.append("from " + cert.getNotBefore() + " until " + cert.getNotAfter()); info.append('\n'); info.append(" - Issuer: "); info.append(cert.getIssuerDN().getName()); info.append('\n'); info.append(" - Fingerprint: "); info.append(getFingerprint(cert)); }
private static void getServerCertificateInfo(X509Certificate cert, StringBuffer info) { info.append("Certificate information:"); info.append('\n'); info.append(" - Subject: "); info.append(cert.getSubjectDN().getName()); info.append('\n'); info.append(" - Valid: "); info.append("from " + cert.getNotBefore() + " until " + cert.getNotAfter()); info.append('\n'); info.append(" - Issuer: "); info.append(cert.getIssuerDN().getName()); info.append('\n'); info.append(" - Fingerprint: "); info.append(getFingerprint(cert)); }