X-Git-Url: http://git.megacz.com/?a=blobdiff_plain;f=src%2Forg%2Fxwt%2FTinySSL.java;h=cf9f90133a1a02909635759643485e5f869b1dc2;hb=605c83ebfebbf069a495dd9a26e509e30465aa08;hp=abb5561b2c15c5b2657e617c579931f8920835db;hpb=bb38b8569de61718a7be9f728eabdf2c7c240c42;p=org.ibex.core.git diff --git a/src/org/xwt/TinySSL.java b/src/org/xwt/TinySSL.java index abb5561..cf9f901 100644 --- a/src/org/xwt/TinySSL.java +++ b/src/org/xwt/TinySSL.java @@ -22,7 +22,7 @@ import org.bouncycastle.crypto.engines.RC4Engine; import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.asn1.DERInputStream; import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERConstructedSequence; +import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.BERInputStream; @@ -352,7 +352,7 @@ public class TinySSL extends Socket { int certlen = ((rec[7 + i] & 0xff) << 16) | ((rec[7 + i + 1] & 0xff) << 8) | (rec[7 + i + 2] & 0xff); try { DERInputStream dIn = new DERInputStream(new ByteArrayInputStream(rec, 7 + i + 3, certlen)); - this_cert = new X509CertificateStructure((DERConstructedSequence)dIn.readObject()); + this_cert = new X509CertificateStructure((DERSequence)dIn.readObject()); } catch (Exception e) { SSLException t = new SSLException("error decoding server certificate: " + e); t.fillInStackTrace(); @@ -375,15 +375,17 @@ public class TinySSL extends Socket { } if (!good) throw new SSLException("server certificate does not seem to have a CN: " + CN); - if (!ignoreUntrustedCert && !CN.equals(hostname)) + if (!ignoreUntrustedCert && !CN.equalsIgnoreCase(hostname)) throw new SSLException("connecting to host " + hostname + " but server certificate was issued for " + CN); - SimpleDateFormat dateF = new SimpleDateFormat("MM-dd-yy-HH-mm-ss-z"); + SimpleDateFormat dateF = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss-z"); // the following idiocy is a result of the brokenness of the GNU Classpath's SimpleDateFormat String s = tbs.getStartDate().getTime(); - s = s.substring(2, 4) + "-" + s.substring(4, 6) + "-" + s.substring(0, 2) + "-" + s.substring(6, 8) + "-" + - s.substring(8, 10) + "-" + s.substring(10, 12) + "-" + s.substring(12); + s = s.substring(0, 4) + "-" + s.substring(4, 6) + "-" + s.substring(6, 8) + "-" + + s.substring(8, 10) + "-" + s.substring(10, 12) + "-" + + s.substring(12, 14) + "-" + s.substring(14); + Date startDate = dateF.parse(s, new ParsePosition(0)); s = tbs.getEndDate().getTime(); @@ -407,7 +409,7 @@ public class TinySSL extends Socket { X509Extension basicConstraints = this_cert.getTBSCertificate().getExtensions().getExtension(X509Extensions.BasicConstraints); if (basicConstraints == null) throw new SSLException("certificate did not contain a basic constraints block"); DERInputStream dis = new DERInputStream(new ByteArrayInputStream(basicConstraints.getValue().getOctets())); - BasicConstraints bc = new BasicConstraints((DERConstructedSequence)dis.readObject()); + BasicConstraints bc = new BasicConstraints((DERSequence)dis.readObject()); if (!bc.isCA()) throw new SSLException("non-CA certificate used for signing"); } @@ -565,7 +567,7 @@ public class TinySSL extends Socket { byte[] encrypted_pre_master_secret; SubjectPublicKeyInfo pki = server_cert.getSubjectPublicKeyInfo(); - RSAPublicKeyStructure rsa_pks = new RSAPublicKeyStructure((DERConstructedSequence)pki.getPublicKey()); + RSAPublicKeyStructure rsa_pks = new RSAPublicKeyStructure((DERSequence)pki.getPublicKey()); BigInteger modulus = rsa_pks.getModulus(); BigInteger exponent = rsa_pks.getPublicExponent(); @@ -797,7 +799,7 @@ public class TinySSL extends Socket { // decrypt the signature using the signer's public key byte[] ED = signee.getSignature().getBytes(); SubjectPublicKeyInfo pki = signer; - RSAPublicKeyStructure rsa_pks = new RSAPublicKeyStructure((DERConstructedSequence)pki.getPublicKey()); + RSAPublicKeyStructure rsa_pks = new RSAPublicKeyStructure((DERSequence)pki.getPublicKey()); BigInteger modulus = rsa_pks.getModulus(); BigInteger exponent = rsa_pks.getPublicExponent(); AsymmetricBlockCipher rsa = new PKCS1(new RSAEngine()); @@ -807,7 +809,7 @@ public class TinySSL extends Socket { byte[] D = rsa.processBlock(ED, 0, ED.length); BERInputStream beris = new BERInputStream(new ByteArrayInputStream(D)); DERObject derob = beris.readObject(); - DERConstructedSequence dercs = (DERConstructedSequence)derob; + DERSequence dercs = (DERSequence)derob; DEROctetString deros = (DEROctetString)dercs.getObjectAt(1); byte[] MD = deros.getOctets(); @@ -1538,7 +1540,7 @@ public class TinySSL extends Socket { trusted_CA_public_key_identifiers[i/2] = base64_encoded_trusted_CA_public_keys[i]; byte[] b = Base64.decode(base64_encoded_trusted_CA_public_keys[i+1]); DERInputStream dIn = new DERInputStream(new ByteArrayInputStream(b)); - trusted_CA_public_keys[i/2] = new SubjectPublicKeyInfo((DERConstructedSequence)dIn.readObject()); + trusted_CA_public_keys[i/2] = new SubjectPublicKeyInfo((DERSequence)dIn.readObject()); } } catch (Exception e) {