1
0
Fork 0
mirror of https://codeberg.org/Mercury-IM/Smack synced 2024-12-22 20:47:57 +01:00

Move TLS Required check at the end of connect()

It was a *very* bad idea to perform the SecurityMode.Required check in
the connection's reader thread and not at the end of
AbstractXMPPConnectin's connect(). :/

This behavior dates back to 8e750912a7

Fixes SMACK-739
This commit is contained in:
Florian Schmaus 2016-11-12 11:12:50 +01:00
parent fca2f59e08
commit 059ee99ba0
2 changed files with 11 additions and 10 deletions

View file

@ -362,6 +362,7 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
// Perform the actual connection to the XMPP service
connectInternal();
return this;
}

View file

@ -28,10 +28,9 @@ import org.jivesoftware.smack.SmackException.AlreadyConnectedException;
import org.jivesoftware.smack.SmackException.AlreadyLoggedInException;
import org.jivesoftware.smack.SmackException.NoResponseException;
import org.jivesoftware.smack.SmackException.NotConnectedException;
import org.jivesoftware.smack.SmackException.ConnectionException;
import org.jivesoftware.smack.SmackException.SecurityRequiredByClientException;
import org.jivesoftware.smack.SmackException.ConnectionException;
import org.jivesoftware.smack.SmackException.SecurityRequiredByServerException;
import org.jivesoftware.smack.SmackException.SecurityRequiredException;
import org.jivesoftware.smack.SynchronizationPoint;
import org.jivesoftware.smack.XMPPException.StreamErrorException;
import org.jivesoftware.smack.XMPPConnection;
@ -857,6 +856,14 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
// Wait with SASL auth until the SASL mechanisms have been received
saslFeatureReceived.checkIfSuccessOrWaitOrThrow();
// If TLS is required but the server doesn't offer it, disconnect
// from the server and throw an error. First check if we've already negotiated TLS
// and are secure, however (features get parsed a second time after TLS is established).
if (!isSecureConnection() && getConfiguration().getSecurityMode() == SecurityMode.required) {
shutdown();
throw new SecurityRequiredByClientException();
}
// Make note of the fact that we're now connected.
connected = true;
callConnectionConnectedListener();
@ -897,7 +904,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
}
@Override
protected void afterFeaturesReceived() throws SecurityRequiredException, NotConnectedException {
protected void afterFeaturesReceived() throws NotConnectedException {
StartTls startTlsFeature = getFeature(StartTls.ELEMENT, StartTls.NAMESPACE);
if (startTlsFeature != null) {
if (startTlsFeature.required() && config.getSecurityMode() == SecurityMode.disabled) {
@ -909,13 +916,6 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
send(new StartTls());
}
}
// If TLS is required but the server doesn't offer it, disconnect
// from the server and throw an error. First check if we've already negotiated TLS
// and are secure, however (features get parsed a second time after TLS is established).
if (!isSecureConnection() && startTlsFeature == null
&& getConfiguration().getSecurityMode() == SecurityMode.required) {
throw new SecurityRequiredByClientException();
}
if (getSASLAuthentication().authenticationSuccessful()) {
// If we have received features after the SASL has been successfully completed, then we