Add support for TLS version by adding the flag -tls (#6)

Co-authored-by: shiraya <shiraya@checkpoint.com>

Author: shira5931-chkp

mgmt_api_lib/src/main/java/com/checkpoint/mgmt_api/client/ApiClient.java

@@ -80,6 +80,8 @@ public class ApiClient {
     //Responsible for resolving the port
     private ApiPortResolver portResolver;
 
+    private String tlsVersion = TRANSPORT_LAYER_SECURITY;
+
     /**
      * Constructor.
      */
@@ -102,7 +104,9 @@ public ApiClient(ApiClientArgs args) {
         checkFingerprint     = args.isCheckFingerprint();
         proxySettings        = new ApiProxySettingsProcessor(args.getProxySetting());
         portResolver         = new ApiPortResolver(args.getPort(),args.isUserEnteredPort());
-        fingerprintManager   = new FingerprintManager(args.getFingerprintFile(), proxySettings);
+        tlsVersion           = args.getTlsVersion();
+        fingerprintManager   = new FingerprintManager(args.getFingerprintFile(), proxySettings, tlsVersion);
+
 
         if(args.getDebugFile() != null){
             setDebugFile(args.getDebugFile());
@@ -746,7 +750,7 @@ private HttpsURLConnection establishConnection(ApiLoginResponse loginResponse,St
         TrustManager[] trustCerts = new TrustManager[]{new FingerX509TrustManager(loginResponse.getServerIP(), loginResponse.getPort())};
 
         // Install the trustCerts trust manager
-        SSLContext sc = SSLContext.getInstance(TRANSPORT_LAYER_SECURITY);
+        SSLContext sc = SSLContext.getInstance(tlsVersion);
         sc.init(null, trustCerts, new java.security.SecureRandom());
         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
 

mgmt_api_lib/src/main/java/com/checkpoint/mgmt_api/client/ApiClientArgs.java

@@ -38,6 +38,7 @@ public class ApiClientArgs {
     private boolean isUserEnteredPort;
     //If set to null the connection won't use proxy tunneling
     private String proxySetting;
+    private String tlsVersion = TRANSPORT_LAYER_SECURITY;
 
     /**
      * Gets the debugFile.
@@ -157,4 +158,17 @@ public boolean isUserEnteredPort(){
     public void setProxySetting(String proxySetting){
         this.proxySetting = proxySetting;
     }
+
+    public String getTlsVersion() {
+        return tlsVersion;
+    }
+
+    public void setTlsVersion(String tlsVersion) {
+        if(tlsVersion==null){
+            this.tlsVersion = TRANSPORT_LAYER_SECURITY;
+        }
+        else {
+            this.tlsVersion = tlsVersion;
+        }
+    }
 }

mgmt_api_lib/src/main/java/com/checkpoint/mgmt_api/client/FingerprintManager.java

@@ -64,19 +64,22 @@ public class FingerprintManager
 
     //The setting for tunneling through proxy
     private ApiProxySettingsProcessor proxySettings;
+    private String tlsVersion;
 
     /**
      * Constructor
      *
      * @param path          The fingerprint file name.
      * @param proxySettings The proxy setting [user,password,server,port]
+     * @param tlsVersion
      * @throws ApiClientRunTimeException
      */
-    FingerprintManager(String path, ApiProxySettingsProcessor proxySettings) throws ApiClientRunTimeException
+    FingerprintManager(String path, ApiProxySettingsProcessor proxySettings, String tlsVersion) throws ApiClientRunTimeException
     {
 
         setFingerprintFile(path);
         this.proxySettings = proxySettings;
+        this.tlsVersion = tlsVersion;
     }
 
     /**
@@ -546,7 +549,7 @@ public void checkServerTrusted(java.security.cert.X509Certificate[] certs, Strin
         }};
 
         // Install the all-trusting trust manager
-        SSLContext sc = SSLContext.getInstance(TRANSPORT_LAYER_SECURITY);
+        SSLContext sc = SSLContext.getInstance(tlsVersion);
         sc.init(null, trustAllCerts, new SecureRandom());
         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());