Kaynağa Gözat

Update and tidy SSLCertificateDialogModel.

pull/809/head
Chris Smith 7 yıl önce
ebeveyn
işleme
9526a0c2af

+ 23
- 17
src/main/java/com/dmdirc/ui/core/dialogs/sslcertificate/SSLCertificateDialogModel.java Dosyayı Görüntüle

19
 
19
 
20
 import com.dmdirc.tls.CertificateAction;
20
 import com.dmdirc.tls.CertificateAction;
21
 import com.dmdirc.tls.CertificateDoesntMatchHostException;
21
 import com.dmdirc.tls.CertificateDoesntMatchHostException;
22
+import com.dmdirc.tls.CertificateHostChecker;
22
 import com.dmdirc.tls.CertificateManager;
23
 import com.dmdirc.tls.CertificateManager;
23
 import com.dmdirc.tls.CertificateNotTrustedException;
24
 import com.dmdirc.tls.CertificateNotTrustedException;
24
 
25
 
47
     private final CertificateManager manager;
48
     private final CertificateManager manager;
48
     /** The list of problems found with the certs, if any. */
49
     /** The list of problems found with the certs, if any. */
49
     private final Collection<CertificateException> problems;
50
     private final Collection<CertificateException> problems;
51
+    /** Checker to use for hostnames. */
52
+    private final CertificateHostChecker hostChecker;
50
 
53
 
51
     /**
54
     /**
52
      * Creates a new SSLCertificateDialogModel for the specified chain.
55
      * Creates a new SSLCertificateDialogModel for the specified chain.
61
         this.chain = chain;
64
         this.chain = chain;
62
         this.problems = problems;
65
         this.problems = problems;
63
         this.manager = manager;
66
         this.manager = manager;
67
+        this.hostChecker = new CertificateHostChecker();
64
     }
68
     }
65
 
69
 
66
     /**
70
     /**
75
         boolean first = true;
79
         boolean first = true;
76
 
80
 
77
         for (X509Certificate cert : chain) {
81
         for (X509Certificate cert : chain) {
78
-            boolean invalid = first && !manager.isValidHost(cert);
82
+            boolean invalid = first && !hostChecker.isValidFor(cert, manager.getServerName());
79
             first = false;
83
             first = false;
80
 
84
 
81
             try {
85
             try {
123
                 cert.getNotAfter().toString(), tooOld, false));
127
                 cert.getNotAfter().toString(), tooOld, false));
124
         res.add(group);
128
         res.add(group);
125
 
129
 
126
-        final boolean wrongName = index == 0 && !manager.isValidHost(cert);
130
+        final boolean wrongName = index == 0 && !hostChecker.isValidFor(cert, manager.getServerName());
127
         final String names = getAlternateNames(cert);
131
         final String names = getAlternateNames(cert);
128
         final Map<String, String> fields = CertificateManager.getDNFieldsFromCert(cert);
132
         final Map<String, String> fields = CertificateManager.getDNFieldsFromCert(cert);
129
 
133
 
160
      *
164
      *
161
      * @return A comma-separated list of alternate names
165
      * @return A comma-separated list of alternate names
162
      */
166
      */
163
-    protected String getAlternateNames(final X509Certificate cert) {
167
+    private String getAlternateNames(final X509Certificate cert) {
164
         final StringBuilder res = new StringBuilder();
168
         final StringBuilder res = new StringBuilder();
165
 
169
 
166
         try {
170
         try {
196
      * @param field   The name of the field to look for
200
      * @param field   The name of the field to look for
197
      * @param invalid Whether or not the field is a cause for concern
201
      * @param invalid Whether or not the field is a cause for concern
198
      */
202
      */
199
-    protected void addCertField(final Map<String, String> fields,
200
-            final List<CertificateInformationEntry> group, final String title,
201
-            final String field, final boolean invalid) {
202
-        group.add(new CertificateInformationEntry(title,
203
-                fields.containsKey(field) ? fields.get(field) : NOTPRESENT, invalid,
203
+    private void addCertField(
204
+            final Map<String, String> fields,
205
+            final List<CertificateInformationEntry> group,
206
+            final String title,
207
+            final String field,
208
+            final boolean invalid) {
209
+        group.add(new CertificateInformationEntry(title, fields.getOrDefault(field, NOTPRESENT), invalid,
204
                 !fields.containsKey(field)));
210
                 !fields.containsKey(field)));
205
     }
211
     }
206
 
212
 
212
     public List<CertificateSummaryEntry> getSummary() {
218
     public List<CertificateSummaryEntry> getSummary() {
213
         final List<CertificateSummaryEntry> res = new ArrayList<>();
219
         final List<CertificateSummaryEntry> res = new ArrayList<>();
214
 
220
 
215
-        boolean outofdate = false;
216
-        boolean wronghost = false;
217
-        boolean nottrusted = false;
221
+        boolean outOfDate = false;
222
+        boolean wrongHost = false;
223
+        boolean notTrusted = false;
218
 
224
 
219
         for (CertificateException ex : problems) {
225
         for (CertificateException ex : problems) {
220
             if (ex instanceof CertificateExpiredException
226
             if (ex instanceof CertificateExpiredException
221
                     || ex instanceof CertificateNotYetValidException) {
227
                     || ex instanceof CertificateNotYetValidException) {
222
-                outofdate = true;
228
+                outOfDate = true;
223
             } else if (ex instanceof CertificateDoesntMatchHostException) {
229
             } else if (ex instanceof CertificateDoesntMatchHostException) {
224
-                wronghost = true;
230
+                wrongHost = true;
225
             } else if (ex instanceof CertificateNotTrustedException) {
231
             } else if (ex instanceof CertificateNotTrustedException) {
226
-                nottrusted = true;
232
+                notTrusted = true;
227
             }
233
             }
228
         }
234
         }
229
 
235
 
230
-        if (outofdate) {
236
+        if (outOfDate) {
231
             res.add(new CertificateSummaryEntry("One or more certificates are "
237
             res.add(new CertificateSummaryEntry("One or more certificates are "
232
                     + "not within their validity period", false));
238
                     + "not within their validity period", false));
233
         } else {
239
         } else {
235
                     + "within their validity period", true));
241
                     + "within their validity period", true));
236
         }
242
         }
237
 
243
 
238
-        if (nottrusted) {
244
+        if (notTrusted) {
239
             res.add(new CertificateSummaryEntry("The certificate is not issued "
245
             res.add(new CertificateSummaryEntry("The certificate is not issued "
240
                     + "by a trusted authority", false));
246
                     + "by a trusted authority", false));
241
         } else {
247
         } else {
243
                     + "trusted", true));
249
                     + "trusted", true));
244
         }
250
         }
245
 
251
 
246
-        if (wronghost) {
252
+        if (wrongHost) {
247
             res.add(new CertificateSummaryEntry("The certificate is not issued "
253
             res.add(new CertificateSummaryEntry("The certificate is not issued "
248
                     + "to the host you are connecting to", false));
254
                     + "to the host you are connecting to", false));
249
         } else {
255
         } else {

Loading…
İptal
Kaydet