summaryrefslogtreecommitdiffstats
path: root/classes/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'classes/ssl')
-rw-r--r--classes/ssl/SignedVncViewer.jarbin76438 -> 77664 bytes
-rw-r--r--classes/ssl/VncViewer.jarbin73709 -> 74938 bytes
-rwxr-xr-xclasses/ssl/ss_vncviewer329
-rw-r--r--classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch97
4 files changed, 385 insertions, 41 deletions
diff --git a/classes/ssl/SignedVncViewer.jar b/classes/ssl/SignedVncViewer.jar
index 5c77ae9..38cb51b 100644
--- a/classes/ssl/SignedVncViewer.jar
+++ b/classes/ssl/SignedVncViewer.jar
Binary files differ
diff --git a/classes/ssl/VncViewer.jar b/classes/ssl/VncViewer.jar
index 23e4259..fb3da29 100644
--- a/classes/ssl/VncViewer.jar
+++ b/classes/ssl/VncViewer.jar
Binary files differ
diff --git a/classes/ssl/ss_vncviewer b/classes/ssl/ss_vncviewer
index 3f8bd42..381e678 100755
--- a/classes/ssl/ss_vncviewer
+++ b/classes/ssl/ss_vncviewer
@@ -38,6 +38,9 @@
# (the first CONNECT is done through host1:port1 to host2:port2
# and then a 2nd CONNECT to the destination VNC server.)
#
+# -showcert Only fetch the certificate using the 'openssl s_client'
+# command (openssl(1) must in installed).
+#
# See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
# certificates with VNC.
#
@@ -91,6 +94,7 @@
#
# ss_vncviewer -sshssl -proxy fred@mygate.com mymachine:0
#
+# -listen (or -reverse) set up a reverse connection.
#
# -alpha turn on cursor alphablending hack if you are using the
# enhanced tightvnc vncviewer.
@@ -108,6 +112,8 @@ VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
#
+#set -xv
+
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
if [ "X$STUNNEL" = "X" ]; then
@@ -128,18 +134,27 @@ use_ssh=""
use_sshssl=""
direct_connect=""
ssh_sleep=15
-ssh_cmd="sleep $ssh_sleep"
+if echo "$*" | grep '.*-listen' > /dev/null; then
+ ssh_sleep=1800
+fi
+ssh_cmd=""
if [ "X$SS_VNCVIEWER_SSH_CMD" != "X" ]; then
ssh_cmd="$SS_VNCVIEWER_SSH_CMD"
fi
ssh_args=""
+showcert=""
+reverse=""
if [ "X$1" = "X-viewerflavor" ]; then
if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
echo "cotvnc"
exit 0
fi
- str=`"$VNCVIEWERCMD" -h 2>&1 | head -5`
+ if echo "$VNCVIEWERCMD" | grep -i ultra > /dev/null; then
+ echo "ultravnc"
+ exit 0
+ fi
+ str=`$VNCVIEWERCMD -h 2>&1 | head -5`
if echo "$str" | grep -i 'TightVNC.viewer' > /dev/null; then
echo "tightvnc"
elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then
@@ -173,6 +188,12 @@ do
;;
"-alpha") gotalpha=1
;;
+ "-showcert") showcert=1
+ ;;
+ "-listen") reverse=1
+ ;;
+ "-reverse") reverse=1
+ ;;
"-grab") VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
;;
"-h"*) help; exit 0
@@ -185,10 +206,36 @@ do
shift
done
-if [ "X$gotalpha" != "X1" ]; then
+if [ "X$gotalpha" = "X1" ]; then
+ VNCVIEWER_ALPHABLEND=1
+ export VNCVIEWER_ALPHABLEND
+else
NO_ALPHABLEND=1
export NO_ALPHABLEND
fi
+if [ "X$reverse" != "X" ]; then
+ ssh_sleep=1800
+ if [ "X$use_ssh" = "X1" ]; then
+ VNCVIEWER_LISTEN_LOCALHOST=1
+ export VNCVIEWER_LISTEN_LOCALHOST
+ fi
+ if [ "X$proxy" != "X" ]; then
+ if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
+ echo ""
+ echo "*Warning*: SSL -listen and a Web proxy does not make sense."
+ sleep 3
+ elif echo "$proxy" | grep "," > /dev/null; then
+ :
+ else
+ echo ""
+ echo "*Warning*: -listen and a single proxy/gateway does not make sense."
+ sleep 3
+ fi
+ fi
+fi
+if [ "X$ssh_cmd" = "X" ]; then
+ ssh_cmd="sleep $ssh_sleep"
+fi
orig="$1"
shift
@@ -207,13 +254,17 @@ if echo "$orig" | grep '^vnc://' > /dev/null; then
use_ssh=""
use_sshssl=""
direct_connect=1
+elif echo "$orig" | grep '^vncs://' > /dev/null; then
+ orig=`echo "$orig" | sed -e 's,vncs://,,'`
fi
# play around with host:display port:
if echo "$orig" | grep ':' > /dev/null; then
:
else
- orig="$orig:0"
+ if [ "X$reverse" = "X" ]; then
+ orig="$orig:0"
+ fi
fi
host=`echo "$orig" | awk -F: '{print $1}'`
@@ -221,8 +272,14 @@ disp=`echo "$orig" | awk -F: '{print $2}'`
if [ "X$host" = "X" ]; then
host=localhost
fi
-if [ $disp -lt 200 ]; then
- port=`expr $disp + 5900`
+if [ $disp -lt 0 ]; then
+ port=`expr 0 - $disp`
+elif [ $disp -lt 200 ]; then
+ if [ "X$reverse" = "X" ]; then
+ port=`expr $disp + 5900`
+ else
+ port=`expr $disp + 5500`
+ fi
else
port=$disp
fi
@@ -263,12 +320,47 @@ findfree() {
echo $use0
}
-use=`findfree 5930`
+final() {
+ echo ""
+ if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
+ rm -f $SS_VNCVIEWER_RM 2>/dev/null
+ fi
+ if [ "X$tcert" != "X" ]; then
+ rm -f $tcert
+ fi
+ if [ "X$pssh" != "X" ]; then
+ echo "Terminating background ssh process"
+ echo kill -TERM "$pssh"
+ kill -TERM "$pssh" 2>/dev/null
+ sleep 1
+ kill -KILL "$pssh" 2>/dev/null
+ pssh=""
+ fi
+ if [ "X$stunnel_pid" != "X" ]; then
+ echo "Terminating background stunnel process"
+ echo kill -TERM "$stunnel_pid"
+ kill -TERM "$stunnel_pid" 2>/dev/null
+ sleep 1
+ kill -KILL "$stunnel_pid" 2>/dev/null
+ stunnel_pid=""
+ fi
+}
-if [ $use -ge 5900 ]; then
- N=`expr $use - 5900`
+if [ "X$reverse" = "X" ]; then
+ use=`findfree 5930`
+ if [ $use -ge 5900 ]; then
+ N=`expr $use - 5900`
+ else
+ N=$use
+ fi
else
- N=$use
+ p2=`expr $port + 30`
+ use=`findfree $p2`
+ if [ $use -ge 5500 ]; then
+ N=`expr $use - 5500`
+ else
+ N=$use
+ fi
fi
if echo "$0" | grep vncip > /dev/null; then
@@ -280,6 +372,7 @@ if [ "X$use_ssh" = "X1" ]; then
ssh_host="$host"
vnc_host="localhost"
ssh=${SSH:-"ssh -x"}
+
if echo "$proxy" | grep "," > /dev/null; then
proxy1=`echo "$proxy" | awk -F, '{print $1}'`
proxy2=`echo "$proxy" | awk -F, '{print $2}'`
@@ -312,6 +405,7 @@ if [ "X$use_ssh" = "X1" ]; then
stty sane
proxy="${ssh_user2}localhost:$proxport"
fi
+
if [ "X$proxy" != "X" ]; then
ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
if [ "X$ssh_port" = "X" ]; then
@@ -333,6 +427,12 @@ if [ "X$use_ssh" = "X1" ]; then
if [ "X$SS_VNCVIEWER_USE_C" != "X" ]; then
C="-C"
fi
+ if [ "X$reverse" = "X" ]; then
+ ssh_redir="-L ${use}:${vnc_host}:${port}"
+ else
+ ssh_redir="-R ${port}:${vnc_host}:${use}"
+ fi
+ pmark=`sh -c 'echo $$'`
# the -t option actually speeds up typing response via VNC!!
if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
echo "$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host \"$info\""
@@ -340,20 +440,32 @@ if [ "X$use_ssh" = "X1" ]; then
$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd"
exit $?
elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
- echo "$ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+ echo "$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
- $ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+ $ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
else
- echo "$ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+ echo "$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
- $ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+ $ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
fi
if [ "$?" != "0" ]; then
echo ""
echo "ssh to $ssh_host failed."
exit 1
fi
- echo ""
+ stty sane
+
+ c=0
+ pssh=""
+ while [ $c -lt 30 ]
+ do
+ p=`expr $pmark + $c`
+ if ps -p "$p" 2>&1 | grep "$ssh" > /dev/null; then
+ pssh=$p
+ break
+ fi
+ c=`expr $c + 1`
+ done
if [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
sleep 1
else
@@ -363,11 +475,23 @@ if [ "X$use_ssh" = "X1" ]; then
echo ""
#reset
stty sane
+ #echo "pssh=\"$pssh\""
if [ "X$use_sshssl" = "X" ]; then
echo "Running viewer:"
- echo "$VNCVIEWERCMD" "$@" localhost:$N
- echo ""
- "$VNCVIEWERCMD" "$@" localhost:$N
+
+ trap "final" 0 2 15
+ if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" localhost:$N
+ echo ""
+ $VNCVIEWERCMD "$@" localhost:$N
+ else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+ fi
exit $?
else
@@ -571,11 +695,39 @@ if [ "X$proxy" != "X" ]; then
ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
mytmp "$ptmp"
pcode "$ptmp"
- connect="exec = $ptmp"
+ if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
+ if uname | grep Darwin >/dev/null; then
+ nd=`expr $use + 333`
+ SSVNC_LISTEN=$nd
+ export SSVNC_LISTEN
+ $ptmp 2>/dev/null &
+ sleep 3
+ host="localhost"
+ port="$nd"
+ connect="connect = localhost:$nd"
+ else
+ connect="exec = $ptmp"
+ fi
+ else
+ connect="exec = $ptmp"
+ fi
else
connect="connect = $host:$port"
fi
+if [ "X$showcert" = "X1" ]; then
+ if [ "X$proxy" != "X" ]; then
+ SSVNC_LISTEN=$use
+ export SSVNC_LISTEN
+ $ptmp 2>/dev/null &
+ sleep 3
+ host="localhost"
+ port="$use"
+ fi
+ openssl s_client -connect $host:$port 2>&1 < /dev/null
+ exit $?
+fi
+
if [ "X$direct_connect" != "X" ]; then
echo ""
echo "Running viewer for direct connection:"
@@ -596,21 +748,37 @@ if [ "X$direct_connect" != "X" ]; then
SSVNC_LISTEN=$use
export SSVNC_LISTEN
$ptmp &
- sleep 2
+ if [ "X$reverse" = "X" ]; then
+ sleep 2
+ fi
host="localhost"
disp="$N"
fi
- echo "$VNCVIEWERCMD" "$@" $host:$disp
- echo ""
- "$VNCVIEWERCMD" "$@" $host:$disp
+ if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" $host:$disp
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" $host:$disp
+ else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+ fi
exit $?
fi
##debug = 7
+## debug = 6
tmp=/tmp/ss_vncviewer${RANDOM}.$$
mytmp "$tmp"
-cat > "$tmp" <<END
+if [ "X$reverse" = "X" ]; then
+
+ cat > "$tmp" <<END
foreground = yes
pid =
client = yes
@@ -622,7 +790,92 @@ $cert
[vnc_stunnel]
accept = localhost:$use
$connect
+
+END
+else
+
+ p2=`expr 5500 + $N`
+ connect="connect = localhost:$p2"
+ if [ "X$cert" = "X" ]; then
+ tcert="/tmp/tcert.$$"
+ cat > $tcert <<END
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
++zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
+OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
+jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
+qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
+S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
+CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
+6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
+MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
+PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
+Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
+rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
+yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
+1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
+eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
+uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
+RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
+GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
+3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
+vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
+SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
+3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
+zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
+YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
+/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
+VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
+A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
+MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
+bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
+b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
+ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
+CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
+Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
+6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
+QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
+jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
+YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
+vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
+ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
+2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
+CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
+wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
+dMw1yW09l+eEo4A7GzwOdw==
+-----END CERTIFICATE-----
END
+ chmod 600 $tcert
+ cert="cert = $tcert"
+ fi
+
+ STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
+
+ hloc=""
+ if [ "X$use_ssh" = "X1" ]; then
+ hloc="localhost:"
+ fi
+ cat > "$tmp" <<END
+foreground = yes
+pid =
+client = no
+debug = 6
+$STUNNEL_EXTRA_OPTS
+$verify
+$cert
+
+[vnc_stunnel]
+accept = $hloc$port
+$connect
+
+END
+
+fi
echo ""
echo "Using this stunnel configuration:"
@@ -632,25 +885,39 @@ echo ""
sleep 1
echo ""
-echo "Running: stunnel"
+echo "Running stunnel:"
echo "$STUNNEL $tmp"
$STUNNEL "$tmp" < /dev/tty > /dev/tty &
-pid=$!
+stunnel_pid=$!
echo ""
# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
- sleep 4
+ sleep 2
+ echo ""
+ echo "(pausing for possible certificate passphrase dialog)"
+ echo ""
+ sleep 2
fi
sleep 2
rm -f "$tmp"
echo ""
echo "Running viewer:"
-echo "$VNCVIEWERCMD" "$@" localhost:$N
-echo ""
-"$VNCVIEWERCMD" "$@" localhost:$N
+if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" localhost:$N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" localhost:$N
+else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+fi
-kill $pid
sleep 1
diff --git a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
index 8111b88..bd26a47 100644
--- a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
+++ b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
@@ -73,8 +73,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto
serverMajor = (b[4] - '0') * 100 + (b[5] - '0') * 10 + (b[6] - '0');
diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSLSocketToMe.java
--- vnc_javasrc.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500
-+++ vnc_javasrc/SSLSocketToMe.java 2006-09-23 18:35:25.000000000 -0400
-@@ -0,0 +1,1301 @@
++++ vnc_javasrc/SSLSocketToMe.java 2007-02-21 23:27:10.000000000 -0500
+@@ -0,0 +1,1366 @@
+/*
+ * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer.
+ *
@@ -100,9 +100,14 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+import java.net.*;
+import java.io.*;
+import javax.net.ssl.*;
-+import java.security.cert.*;
+import java.util.*;
+
++import java.security.*;
++import java.security.cert.*;
++import java.security.spec.*;
++import java.security.cert.Certificate;
++import java.security.cert.CertificateFactory;
++
+import java.awt.*;
+import java.awt.event.*;
+
@@ -149,6 +154,25 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ java.security.cert.Certificate[] trustallCerts = null;
+ java.security.cert.Certificate[] trusturlCerts = null;
+
++ byte[] hex2bytes(String s) {
++ byte[] bytes = new byte[s.length()/2];
++ for (int i=0; i<s.length()/2; i++) {
++ int j = 2*i;
++ try {
++ int val = Integer.parseInt(s.substring(j, j+2), 16);
++ if (val > 127) {
++ val -= 256;
++ }
++ Integer I = new Integer(val);
++ bytes[i] = Byte.decode(I.toString()).byteValue();
++
++ } catch (Exception e) {
++ ;
++ }
++ }
++ return bytes;
++ }
++
+ SSLSocketToMe(String h, int p, VncViewer v) throws Exception {
+ host = h;
+ port = p;
@@ -338,10 +362,48 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ * 2) to subsequently connect to the server if user agrees.
+ */
+
++ KeyManager[] mykey = null;
++
++ if (viewer.oneTimeKey != null && viewer.oneTimeKey.indexOf(",") > 0) {
++ int idx = viewer.oneTimeKey.indexOf(",");
++
++ String onetimekey = viewer.oneTimeKey.substring(0, idx);
++ byte[] key = hex2bytes(onetimekey);
++ String onetimecert = viewer.oneTimeKey.substring(idx+1);
++ byte[] cert = hex2bytes(onetimecert);
++
++ KeyFactory kf = KeyFactory.getInstance("RSA");
++ PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec ( key );
++ PrivateKey ff = kf.generatePrivate (keysp);
++ dbg("ff " + ff);
++ String cert_str = new String(cert);
++
++ CertificateFactory cf = CertificateFactory.getInstance("X.509");
++ Collection c = cf.generateCertificates(new ByteArrayInputStream(cert));
++ Certificate[] certs = new Certificate[c.toArray().length];
++ if (c.size() == 1) {
++ Certificate tmpcert = cf.generateCertificate(new ByteArrayInputStream(cert));
++ dbg("tmpcert" + tmpcert);
++ certs[0] = tmpcert;
++ } else {
++ certs = (Certificate[]) c.toArray();
++ }
++
++ KeyStore ks = KeyStore.getInstance("JKS");
++ ks.load(null, null);
++ ks.setKeyEntry("onetimekey", ff, "".toCharArray(), certs);
++ String da = KeyManagerFactory.getDefaultAlgorithm();
++ KeyManagerFactory kmf = KeyManagerFactory.getInstance(da);
++ kmf.init(ks, "".toCharArray());
++
++ mykey = kmf.getKeyManagers();
++ }
++
++
+ /* trust loc certs: */
+ try {
+ trustloc_ctx = SSLContext.getInstance("SSL");
-+ trustloc_ctx.init(null, null, new
++ trustloc_ctx.init(mykey, null, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
@@ -353,7 +415,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ /* trust all certs: */
+ try {
+ trustall_ctx = SSLContext.getInstance("SSL");
-+ trustall_ctx.init(null, trustAllCerts, new
++ trustall_ctx.init(mykey, trustAllCerts, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
@@ -365,7 +427,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ /* trust url certs: */
+ try {
+ trusturl_ctx = SSLContext.getInstance("SSL");
-+ trusturl_ctx.init(null, trustUrlCert, new
++ trusturl_ctx.init(mykey, trustUrlCert, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
@@ -377,7 +439,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ /* trust the one cert from server: */
+ try {
+ trustone_ctx = SSLContext.getInstance("SSL");
-+ trustone_ctx.init(null, trustOneCert, new
++ trustone_ctx.init(mykey, trustOneCert, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
@@ -563,6 +625,9 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ if (viewer.trustAllVncCerts) {
+ dbg("viewer.trustAllVncCerts-2");
+ user_wants_to_see_cert = false;
++ } else if (viewer.trustUrlVncCert) {
++ dbg("viewer.trustUrlVncCert-1");
++ user_wants_to_see_cert = false;
+ } else {
+ bcd = new BrowserCertsDialog(serv, host + ":" + port);
+ bcd.queryUser();
@@ -1378,8 +1443,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+}
diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncViewer.java
--- vnc_javasrc.orig/VncViewer.java 2004-03-04 08:34:25.000000000 -0500
-+++ vnc_javasrc/VncViewer.java 2006-12-01 02:31:26.000000000 -0500
-@@ -88,6 +88,14 @@
++++ vnc_javasrc/VncViewer.java 2007-02-21 23:24:37.000000000 -0500
+@@ -88,6 +88,16 @@
int deferCursorUpdates;
int deferUpdateRequests;
@@ -1388,13 +1453,15 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ String CONNECT;
+ String urlPrefix;
+ String httpsPort;
++ String oneTimeKey;
+ boolean forceProxy;
+ boolean trustAllVncCerts;
++ boolean trustUrlVncCert;
+
// Reference to this applet for inter-applet communication.
public static java.applet.Applet refApplet;
-@@ -626,6 +634,53 @@
+@@ -626,6 +636,63 @@
// SocketFactory.
socketFactory = readParameter("SocketFactory", false);
@@ -1435,6 +1502,11 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ }
+ System.out.println("urlPrefix: '" + urlPrefix + "'");
+
++ oneTimeKey = readParameter("oneTimeKey", false);
++ if (oneTimeKey != null) {
++ System.out.println("oneTimeKey: is set");
++ }
++
+ forceProxy = false;
+ str = readParameter("forceProxy", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
@@ -1445,6 +1517,11 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ trustAllVncCerts = true;
+ }
++ trustUrlVncCert = false;
++ str = readParameter("trustUrlVncCert", false);
++ if (str != null && str.equalsIgnoreCase("Yes")) {
++ trustUrlVncCert = true;
++ }
}
public String readParameter(String name, boolean required) {
generated by cgit v1.2.3 (git 2.46.0) at 2025-11-04 11:39:00 +0000