From 79d7554a7c66130b2c1392970da415393ba41c5c Mon Sep 17 00:00:00 2001
From: James McKenzie <git@madingley.org>
Date: Sun, 13 Oct 2019 01:41:06 +0100
Subject: fix up for fc30

---
 INF/APC.pm                |  4 ++--
 INF/DSRx020.pm            | 40 +++++++++++++++++++++++++++++++---------
 INF/ILO.pm                | 34 +++++++++++++++++++++++++---------
 INF/ILO2.pm               | 12 +++++++-----
 INF/SuperMicro.pm         |  2 +-
 Makefile                  |  1 +
 avocent/crypto.properties |  2 ++
 ilo/mypolicy              |  3 ++-
 inf.pl                    |  2 +-
 notes                     |  6 ++++++
 10 files changed, 78 insertions(+), 28 deletions(-)
 create mode 100644 avocent/crypto.properties
 create mode 100644 notes

diff --git a/INF/APC.pm b/INF/APC.pm
index 6d443b8..2033e26 100644
--- a/INF/APC.pm
+++ b/INF/APC.pm
@@ -329,8 +329,8 @@ sub port_state_set($$$) {
     }
 
     for my $node ( 'rPDUOutletControlOutletCommand', 'sPDUOutletCtl' ) {
-        my $ret = $self->get( $node, $i );
-        my $oid = name_to_oid( $node, $i );
+        my $ret  = $self->get( $node, $i );
+        my $oid  = name_to_oid( $node, $i );
         my $name = oid_to_name($oid);
 
         if ( defined $ret ) {
diff --git a/INF/DSRx020.pm b/INF/DSRx020.pm
index 191f4bf..c68274c 100644
--- a/INF/DSRx020.pm
+++ b/INF/DSRx020.pm
@@ -548,10 +548,12 @@ sub view($$) {
         system(
             "echo",
             "java",
-	    "-Djava.net.preferIPv4Stack=true",
-	    "-Djava.net.useSystemProxies=false",
-	    "-DsocksProxyVersion=4",
-	    "-DsocksProxySet=true",
+            "-Djava.security.disableSystemPropertiesFile=1",
+"-Djava.security.properties=/usr/local/share/inf/avocent/crypto.properties",
+            "-Djava.net.preferIPv4Stack=true",
+            "-Djava.net.useSystemProxies=false",
+            "-DsocksProxyVersion=4",
+            "-DsocksProxySet=true",
             "-DsocksProxyHost=" . $self->{proxy_host},
             "-DsocksProxyPort=" . $self->{proxy_port},
             "-cp",
@@ -561,10 +563,12 @@ sub view($$) {
         );
         system(
             "java",
-	    "-Djava.net.preferIPv4Stack=true",
-	    "-Djava.net.useSystemProxies=false",
-	    "-DsocksProxyVersion=4",
-	    "-DsocksProxySet=true",
+            "-Djava.security.disableSystemPropertiesFile=1",
+"-Djava.security.properties=/usr/local/share/inf/avocent/crypto.properties",
+            "-Djava.net.preferIPv4Stack=true",
+            "-Djava.net.useSystemProxies=false",
+            "-DsocksProxyVersion=4",
+            "-DsocksProxySet=true",
             "-DsocksProxyHost=" . $self->{proxy_host},
             "-DsocksProxyPort=" . $self->{proxy_port},
             "-cp",
@@ -575,7 +579,25 @@ sub view($$) {
 
     }
     else {
-        system( "java", "-cp", $cp, "com.avocent.video.Stingray", @$args );
+        system(
+            "echo",
+            "java",
+            "-Djava.security.disableSystemPropertiesFile=1",
+"-Djava.security.properties=/usr/local/share/inf/avocent/crypto.properties",
+            "-cp",
+            $cp,
+            "com.avocent.video.Stingray",
+            @$args
+        );
+        system(
+            "java",
+            "-Djava.security.disableSystemPropertiesFile=1",
+"-Djava.security.properties=/usr/local/share/inf/avocent/crypto.properties",
+            "-cp",
+            $cp,
+            "com.avocent.video.Stingray",
+            @$args
+        );
     }
 
 }
diff --git a/INF/ILO.pm b/INF/ILO.pm
index 99da2ea..1bca34a 100644
--- a/INF/ILO.pm
+++ b/INF/ILO.pm
@@ -1,7 +1,5 @@
 #!/usr/bin/env perl 
 
-IO::Socket::SSL::set_ctx_defaults( SSL_verify_mode => SSL_VERIFY_NONE );
-
 package INF::ILO;
 
 use HTTP::Daemon::SSL;
@@ -18,6 +16,10 @@ use XML::Simple;
 use Data::Dumper;
 use JSON::PP;
 
+#IO::Socket::SSL::set_ctx_defaults( SSL_verify_mode => SSL_VERIFY_NONE );
+IO::Socket::SSL::set_ctx_defaults(
+    SSL_verify_mode => Net::SSLeay::VERIFY_NONE() );
+
 sub read_file($) {
     my ($name) = @_;
 
@@ -100,7 +102,6 @@ sub setup_port_proxy($$$$) {
     return $child;
 }
 
-
 sub proxy($$$) {
     my ( $self, $req, $res ) = @_;
 
@@ -213,7 +214,7 @@ sub view($) {
     }
     my $content = $res->content;
 
-    unless ( $content =~ /Netscape'\) \{(.*)}[\s\n]*else if/s ) {
+    unless ( $content =~ /Netscape'\) \{(.*)\}[\s\n]*else if/s ) {
         print STDERR "returned html doesn't look right\n";
         return -1;
     }
@@ -250,8 +251,21 @@ sub view($) {
     $SIG{TERM} = sub { kill 'TERM', ( @{ $self->{to_kill} } ); die; };
 
     system(
+        "echo",
         "appletviewer",
         "-J-Djava.security.manager",
+
+        #        "-J-Djava.security.debug=access,failure,policy",
+        "-J-Djava.security.policy=/usr/local/share/inf/ilo/mypolicy",
+        "-J-Djavax.net.ssl.trustStore=/usr/local/share/inf/ilo/server.jks",
+        $self->{proxy_url} . "/html/java_irc.html"
+    );
+
+    system(
+        "appletviewer",
+        "-J-Djava.security.manager",
+
+        #        "-J-Djava.security.debug=access,failure,policy",
         "-J-Djava.security.policy=/usr/local/share/inf/ilo/mypolicy",
         "-J-Djavax.net.ssl.trustStore=/usr/local/share/inf/ilo/server.jks",
         $self->{proxy_url} . "/html/java_irc.html"
@@ -404,7 +418,9 @@ sub new ($;$) {
     $self->{userid} = undef;
 
     $self->{ua}->ssl_opts(
-        SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE,
+
+        #	SSL_verify_mode => SSL_VERIFY_NONE,
+        SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
         verify_hostname => 0,
     );
 
@@ -416,7 +432,6 @@ sub new ($;$) {
         $self->{proxy_port} = $parm->{proxy_port};
     }
 
-
     my $local_port = int( rand(30000) ) + 30000;
 
     $self->{proxy_url} = 'https://127.0.0.1:' . $local_port;
@@ -425,9 +440,10 @@ sub new ($;$) {
         port         => $local_port,
         daemon_class => 'HTTP::Daemon::SSL',
         daemon_args  => [
-            LocalAddr     => '127.0.0.1',
-            SSL_key_file  => '/usr/local/share/inf/ilo/server.key',
-            SSL_cert_file => '/usr/local/share/inf/ilo/server.crt',
+            LocalAddr       => '127.0.0.1',
+            SSL_key_file    => '/usr/local/share/inf/ilo/server.key',
+            SSL_cert_file   => '/usr/local/share/inf/ilo/server.crt',
+            SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
         ],
     );
     $self->{server}->mount(
diff --git a/INF/ILO2.pm b/INF/ILO2.pm
index 6a5265e..0e2375b 100644
--- a/INF/ILO2.pm
+++ b/INF/ILO2.pm
@@ -1,6 +1,7 @@
 #!/usr/bin/env perl 
 
-IO::Socket::SSL::set_ctx_defaults( SSL_verify_mode => SSL_VERIFY_NONE );
+IO::Socket::SSL::set_ctx_defaults(
+    SSL_verify_mode => Net::SSLeay::VERIFY_NONE() );
 
 package INF::ILO2;
 
@@ -584,7 +585,7 @@ sub new ($;$) {
     $self->{userid} = undef;
 
     $self->{ua}->ssl_opts(
-        SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE,
+        SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
         verify_hostname => 0,
     );
 
@@ -604,9 +605,10 @@ sub new ($;$) {
         port         => $local_port,
         daemon_class => 'HTTP::Daemon::SSL',
         daemon_args  => [
-            LocalAddr     => '127.0.0.1',
-            SSL_key_file  => '/usr/local/share/inf/ilo/server.key',
-            SSL_cert_file => '/usr/local/share/inf/ilo/server.crt',
+            LocalAddr       => '127.0.0.1',
+            SSL_key_file    => '/usr/local/share/inf/ilo/server.key',
+            SSL_cert_file   => '/usr/local/share/inf/ilo/server.crt',
+            SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
         ],
     );
     $self->{server}->mount(
diff --git a/INF/SuperMicro.pm b/INF/SuperMicro.pm
index 3afa3d6..7284826 100644
--- a/INF/SuperMicro.pm
+++ b/INF/SuperMicro.pm
@@ -260,7 +260,7 @@ sub new ($;$) {
     my ( $class, $parm ) = @_;
     my $self;
 
-    $self->{ua} = my $ua = LWP::UserAgent->new;
+    $self->{ua}         = my $ua = LWP::UserAgent->new;
     $self->{cookie_jar} = HTTP::Cookies->new();
     $self->{ua}->cookie_jar( $self->{cookie_jar} );
 
diff --git a/Makefile b/Makefile
index d2d1c18..f172065 100644
--- a/Makefile
+++ b/Makefile
@@ -33,6 +33,7 @@ install:
 	install -m 644 avocent/avmWin32Lib.jar /usr/local/share/inf/avocent/
 	install -m 644 avocent/jpcscdll.jar /usr/local/share/inf/avocent/
 	install -m 644 avocent/jpcscso.jar /usr/local/share/inf/avocent/
+	install -m 644 avocent/crypto.properties /usr/local/share/inf/avocent/
 	install -m 644 ilo/certs /usr/local/share/inf/ilo/
 	install -m 644 ilo/intgapp_221.jar /usr/local/share/inf/ilo/
 	install -m 644 ilo/rc175p08.jar /usr/local/share/inf/ilo/
diff --git a/avocent/crypto.properties b/avocent/crypto.properties
new file mode 100644
index 0000000..9208258
--- /dev/null
+++ b/avocent/crypto.properties
@@ -0,0 +1,2 @@
+jdk.certpath.disabledAlgorithms=MD2
+jdk.tls.disabledAlgorithms=RC2
diff --git a/ilo/mypolicy b/ilo/mypolicy
index e945c25..5e96ff0 100644
--- a/ilo/mypolicy
+++ b/ilo/mypolicy
@@ -1,5 +1,6 @@
 grant {
-	permission java.net.SocketPermission "localhost", "connect, accept ,resolve, listen";
+        permission java.security.AllPermission;
+        permission java.net.SocketPermission "127.0.0.1:*", "connect, accept ,resolve, listen";
         permission java.util.PropertyPermission "java.io.tmpdir","read";
 	permission java.io.FilePermission "/tmp/-", "read, write";
 	permission java.io.FilePermission "/tmp", "read, write";
diff --git a/inf.pl b/inf.pl
index 6c6481d..d5aae40 100755
--- a/inf.pl
+++ b/inf.pl
@@ -101,7 +101,7 @@ sub thing($$$$) {
             and ( $s =~ /$looks/i ) );
         print "Outlet is $s\n";
         $i++;
-      } until ( ( $i > $wait )
+    } until ( ( $i > $wait )
           and ( not( $s =~ /Pending/ ) )
           and ( $s =~ /$looke/i ) );
 
diff --git a/notes b/notes
new file mode 100644
index 0000000..ea664f2
--- /dev/null
+++ b/notes
@@ -0,0 +1,6 @@
+
+debugging java's miserable handshakes can be done with 
+ -Djavax.net.debug=ssl:handsake
+
+edit /etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.222.b10-0.fc30.x86_64/lib/security/java.security
+
-- 
cgit v1.2.3