Skip to content

Commit ed359b2

Browse files
Add support for TLS version by adding the flag -tls (#6)
Co-authored-by: shiraya <shiraya@checkpoint.com>
1 parent d9f4b97 commit ed359b2

3 files changed

Lines changed: 25 additions & 4 deletions

File tree

mgmt_api_lib/src/main/java/com/checkpoint/mgmt_api/client/ApiClient.java

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,8 @@ public class ApiClient {
8080
//Responsible for resolving the port
8181
private ApiPortResolver portResolver;
8282

83+
private String tlsVersion = TRANSPORT_LAYER_SECURITY;
84+
8385
/**
8486
* Constructor.
8587
*/
@@ -102,7 +104,9 @@ public ApiClient(ApiClientArgs args) {
102104
checkFingerprint = args.isCheckFingerprint();
103105
proxySettings = new ApiProxySettingsProcessor(args.getProxySetting());
104106
portResolver = new ApiPortResolver(args.getPort(),args.isUserEnteredPort());
105-
fingerprintManager = new FingerprintManager(args.getFingerprintFile(), proxySettings);
107+
tlsVersion = args.getTlsVersion();
108+
fingerprintManager = new FingerprintManager(args.getFingerprintFile(), proxySettings, tlsVersion);
109+
106110

107111
if(args.getDebugFile() != null){
108112
setDebugFile(args.getDebugFile());
@@ -746,7 +750,7 @@ private HttpsURLConnection establishConnection(ApiLoginResponse loginResponse,St
746750
TrustManager[] trustCerts = new TrustManager[]{new FingerX509TrustManager(loginResponse.getServerIP(), loginResponse.getPort())};
747751

748752
// Install the trustCerts trust manager
749-
SSLContext sc = SSLContext.getInstance(TRANSPORT_LAYER_SECURITY);
753+
SSLContext sc = SSLContext.getInstance(tlsVersion);
750754
sc.init(null, trustCerts, new java.security.SecureRandom());
751755
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
752756

mgmt_api_lib/src/main/java/com/checkpoint/mgmt_api/client/ApiClientArgs.java

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ public class ApiClientArgs {
3838
private boolean isUserEnteredPort;
3939
//If set to null the connection won't use proxy tunneling
4040
private String proxySetting;
41+
private String tlsVersion = TRANSPORT_LAYER_SECURITY;
4142

4243
/**
4344
* Gets the debugFile.
@@ -157,4 +158,17 @@ public boolean isUserEnteredPort(){
157158
public void setProxySetting(String proxySetting){
158159
this.proxySetting = proxySetting;
159160
}
161+
162+
public String getTlsVersion() {
163+
return tlsVersion;
164+
}
165+
166+
public void setTlsVersion(String tlsVersion) {
167+
if(tlsVersion==null){
168+
this.tlsVersion = TRANSPORT_LAYER_SECURITY;
169+
}
170+
else {
171+
this.tlsVersion = tlsVersion;
172+
}
173+
}
160174
}

mgmt_api_lib/src/main/java/com/checkpoint/mgmt_api/client/FingerprintManager.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,19 +64,22 @@ public class FingerprintManager
6464

6565
//The setting for tunneling through proxy
6666
private ApiProxySettingsProcessor proxySettings;
67+
private String tlsVersion;
6768

6869
/**
6970
* Constructor
7071
*
7172
* @param path The fingerprint file name.
7273
* @param proxySettings The proxy setting [user,password,server,port]
74+
* @param tlsVersion
7375
* @throws ApiClientRunTimeException
7476
*/
75-
FingerprintManager(String path, ApiProxySettingsProcessor proxySettings) throws ApiClientRunTimeException
77+
FingerprintManager(String path, ApiProxySettingsProcessor proxySettings, String tlsVersion) throws ApiClientRunTimeException
7678
{
7779

7880
setFingerprintFile(path);
7981
this.proxySettings = proxySettings;
82+
this.tlsVersion = tlsVersion;
8083
}
8184

8285
/**
@@ -546,7 +549,7 @@ public void checkServerTrusted(java.security.cert.X509Certificate[] certs, Strin
546549
}};
547550

548551
// Install the all-trusting trust manager
549-
SSLContext sc = SSLContext.getInstance(TRANSPORT_LAYER_SECURITY);
552+
SSLContext sc = SSLContext.getInstance(tlsVersion);
550553
sc.init(null, trustAllCerts, new SecureRandom());
551554
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
552555

0 commit comments

Comments
 (0)