From 98f4a1f12ec633d24d1479891ae0193be06e8aba Mon Sep 17 00:00:00 2001
From: megacz <megacz@xwt.org>
Date: Fri, 30 Jan 2004 06:49:38 +0000
Subject: [PATCH] 2002/08/07 04:32:05

darcs-hash:20040130064938-2ba56-9183f725bcb446cd381335558aecb6836c7cba9a.gz
---
 CHANGES                  |    2 ++
 src/org/xwt/TinySSL.java |   35 ++++++++++++++++++++++++-----------
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 27f12a3..a70c0de 100644
--- a/CHANGES
+++ b/CHANGES
@@ -329,3 +329,5 @@
 
 06-Jul megacz Surface.java: fixed button 1/3 swapping bug
 
+06-Jul megacz TinySSL.java: option to ignore untrusted certs, fixed GCJ bug
+
diff --git a/src/org/xwt/TinySSL.java b/src/org/xwt/TinySSL.java
index 637e41c..9c9d017 100644
--- a/src/org/xwt/TinySSL.java
+++ b/src/org/xwt/TinySSL.java
@@ -143,6 +143,9 @@ public class TinySSL extends Socket {
 
     String hostname;
 
+    /** if true, we don't mind if the server's cert isn't signed by a CA. USE WITH CAUTION! */
+    boolean ignoreUntrustedCert = false;
+
     /** the concatenation of all the bytes of all handshake messages sent or recieved */
     public byte[] handshakes = new byte[] { };
 
@@ -152,10 +155,12 @@ public class TinySSL extends Socket {
     public InputStream getInputStream() throws IOException { return is != null ? is : super.getInputStream(); }
     public OutputStream getOutputStream() throws IOException { return os != null ? os : super.getOutputStream(); }
 
-    public TinySSL(String host, int port) throws IOException { this(host, port, true); }
-    public TinySSL(String host, int port, boolean negotiateImmediately) throws IOException {
+    public TinySSL(String host, int port) throws IOException { this(host, port, true, false); }
+    public TinySSL(String host, int port, boolean negotiateImmediately) throws IOException { this(host, port, negotiateImmediately, false); }
+    public TinySSL(String host, int port, boolean negotiateImmediately, boolean ignoreUntrustedCert) throws IOException {
         super(host, port);
         hostname = host;
+        this.ignoreUntrustedCert = ignoreUntrustedCert;
         if (negotiateImmediately) negotiate();
     }
 
@@ -364,7 +369,7 @@ public class TinySSL extends Socket {
                                 }
 
                             if (!good) throw new SSLException("server certificate does not seem to have a CN: " + CN);
-                            if (!CN.equals(hostname))
+                            if (!ignoreUntrustedCert && !CN.equals(hostname))
                                 throw new SSLException("connecting to host " + hostname + " but server certificate was issued for " + CN);
 
                             SimpleDateFormat dateF = new SimpleDateFormat("MM-dd-yy-HH-mm-ss-z");
@@ -381,8 +386,10 @@ public class TinySSL extends Socket {
                             Date endDate = dateF.parse(s, new ParsePosition(0));
 
                             Date now = new Date();
-                            if (now.after(endDate)) throw new SSLException("server certificate expired on " + endDate);
-                            if (now.before(startDate)) throw new SSLException("server certificate will not be valid until " + startDate);
+                            if (!ignoreUntrustedCert && now.after(endDate))
+                                throw new SSLException("server certificate expired on " + endDate);
+                            if (!ignoreUntrustedCert && now.before(startDate))
+                                throw new SSLException("server certificate will not be valid until " + startDate);
 
                             Log.log(this, "server cert (name, validity dates) checks out okay");
                             
@@ -395,6 +402,8 @@ public class TinySSL extends Socket {
                     }
                     if (Log.on) Log.log(this, "  Certificate (" + numcerts + " certificates)");
 
+                    if (ignoreUntrustedCert) break;
+
                     boolean good = false;
 
                     // pass 1 -- only check CA's whose subject is a partial match
@@ -1472,20 +1481,22 @@ public class TinySSL extends Socket {
         "1HP9SFIIThbbP4pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71" +
         "lSk8UOg013gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZw" +
         "IDAQAB"
-
     };
 
+    public static boolean alwaysFalse = false;
+
     static class entropySpinner extends Thread {
         volatile boolean stop = false;
         byte counter = 0;
         entropySpinner() { start(); }
         public void run() {
             while (true) {
-                // without this synchronization, GCJ will over-optimize this loop into an infinite loop. Argh.
-                synchronized(this) {
-                    counter++;
-                    if (stop) return;
-                }
+                counter++;
+
+                // without this line, GCJ will over-optimize this loop into an infinite loop. Argh.
+                if (alwaysFalse) stop = true;
+
+                if (stop) return;
             }
         }
     }
@@ -1515,6 +1526,7 @@ public class TinySSL extends Socket {
             if (Log.on) Log.log(TinySSL.class, e);
         } 
         
+        if (Log.on) Log.log(TinySSL.class, "generating entropy..."); 
         randpool = new byte[10];
         try { Thread.sleep(100); } catch (Exception e) { }
         for(int i=0; i<spinners.length; i++) {
@@ -1539,6 +1551,7 @@ public class TinySSL extends Socket {
         randpool = new byte[md5.getDigestSize()];
         md5.doFinal(randpool, 0);
 
+        if (Log.on) Log.log(TinySSL.class, "TinySSL is initialized."); 
     } 
 
 
-- 
1.7.10.4