X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fping%2FSSLPinger.java;h=0b253c5f260bdda007da19b09ff16d560e68cc71;hp=d6ebe71c2a3b3f3dd60f8463f82a6f51097202fe;hb=99ef9ee7f8d4a2332e4f08c7a0b23cc84966f555;hpb=943d8e7ed0ea5a9d56e7e694a3cbd849c52bad16

diff --git a/src/org/cacert/gigi/ping/SSLPinger.java b/src/org/cacert/gigi/ping/SSLPinger.java
index d6ebe71c..0b253c5f 100644
--- a/src/org/cacert/gigi/ping/SSLPinger.java
+++ b/src/org/cacert/gigi/ping/SSLPinger.java
@@ -3,38 +3,57 @@ package org.cacert.gigi.ping;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.math.BigInteger;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.nio.ByteBuffer;
 import java.nio.channels.SocketChannel;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Arrays;
 
 import javax.net.ssl.SNIHostName;
 import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.SSLEngineResult.Status;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
 import javax.net.ssl.SSLParameters;
 import javax.security.cert.X509Certificate;
 
+import org.cacert.gigi.Certificate;
+import org.cacert.gigi.Domain;
+import org.cacert.gigi.User;
+
 public class SSLPinger extends DomainPinger {
 
+    public static final String[] TYPES = new String[] {
+            "xmpp", "server-xmpp", "smtp", "imap"
+    };
+
+    private KeyStore truststore;
+
+    public SSLPinger(KeyStore truststore) {
+        this.truststore = truststore;
+    }
+
     @Override
-    public void ping(String domain, String configuration, String expToken) {
-        try {
-            SocketChannel sch = SocketChannel.open();
+    public String ping(Domain domain, String configuration, User u) {
+        try (SocketChannel sch = SocketChannel.open()) {
             String[] parts = configuration.split(":", 2);
-            sch.connect(new InetSocketAddress(domain, Integer.parseInt(parts[0])));
+            sch.connect(new InetSocketAddress(domain.getSuffix(), Integer.parseInt(parts[0])));
             if (parts.length == 2) {
                 switch (parts[1]) {
                 case "xmpp":
-                    startXMPP(sch, false, domain);
+                    startXMPP(sch, false, domain.getSuffix());
                     break;
                 case "server-xmpp":
-                    startXMPP(sch, true, domain);
+                    startXMPP(sch, true, domain.getSuffix());
                     break;
                 case "smtp":
                     startSMTP(sch);
@@ -45,9 +64,9 @@ public class SSLPinger extends DomainPinger {
 
                 }
             }
-            test(sch, domain);
+            return test(sch, domain.getSuffix(), u);
         } catch (IOException e) {
-            e.printStackTrace();
+            return "Connecton failed";
         }
 
     }
@@ -126,9 +145,18 @@ public class SSLPinger extends DomainPinger {
         }
     }
 
-    private void test(SocketChannel sch, String domain) {
+    private String test(SocketChannel sch, String domain, User subject) {
         try {
-            SSLContext sc = SSLContext.getDefault();
+            SSLContext sc = SSLContext.getInstance("SSL");
+            try {
+                TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
+                tmf.init(truststore);
+                sc.init(null, tmf.getTrustManagers(), new SecureRandom());
+            } catch (KeyManagementException e) {
+                e.printStackTrace();
+            } catch (KeyStoreException e) {
+                e.printStackTrace();
+            }
             SSLEngine se = sc.createSSLEngine();
             ByteBuffer enc_in = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
             ByteBuffer enc_out = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
@@ -175,18 +203,24 @@ public class SSLPinger extends DomainPinger {
                 }
 
             }
-            System.out.println("completed");
-            System.out.println(se.getSession().getCipherSuite());
             X509Certificate[] peerCertificateChain = se.getSession().getPeerCertificateChain();
-            for (X509Certificate x509Certificate : peerCertificateChain) {
-                System.out.println(x509Certificate.getSubjectDN().getName());
+            X509Certificate first = peerCertificateChain[0];
+
+            BigInteger serial = first.getSerialNumber();
+            Certificate c = Certificate.getBySerial(serial.toString(16));
+            if (c.getOwnerId() != subject.getId()) {
+                return "Owner mismatch";
             }
+            return PING_SUCCEDED;
         } catch (NoSuchAlgorithmException e) {
             e.printStackTrace();
+            return "Security failed";
         } catch (SSLException e) {
             e.printStackTrace();
+            return "Security failed";
         } catch (IOException e) {
             e.printStackTrace();
+            return "Connection closed";
         }
     }
 }