mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-12-22 20:47:57 +01:00
Configure default Hostname Verifiers
This commit is contained in:
parent
89dc3a0e85
commit
076c7d0b81
5 changed files with 171 additions and 1 deletions
|
@ -0,0 +1,33 @@
|
|||
/**
|
||||
*
|
||||
* Copyright © 2014 Florian Schmaus
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jivesoftware.smack.android;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.http.conn.ssl.StrictHostnameVerifier;
|
||||
import org.jivesoftware.smack.SmackConfiguration;
|
||||
import org.jivesoftware.smack.initializer.SimpleSmackInitializer;
|
||||
|
||||
public class AndroidSmackInitializer extends SimpleSmackInitializer {
|
||||
|
||||
@Override
|
||||
public List<Exception> initialize() {
|
||||
SmackConfiguration.setDefaultHostnameVerifier(new StrictHostnameVerifier());
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2014 the original author or authors
|
||||
* Copyright 2014 Florian Schmaus
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -14,3 +14,18 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jivesoftware.smack.initializer;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
public abstract class SimpleSmackInitializer implements SmackInitializer {
|
||||
|
||||
@Override
|
||||
public abstract List<Exception> initialize();
|
||||
|
||||
@Override
|
||||
public List<Exception> initialize(ClassLoader classLoader) {
|
||||
return initialize();
|
||||
}
|
||||
|
||||
}
|
|
@ -14,5 +14,7 @@
|
|||
<className>org.jivesoftware.smack.initializer.legacy.LegacyInitializer</className>
|
||||
<className>org.jivesoftware.smack.sasl.javax.SASLJavaXSmackInitializer</className>
|
||||
<className>org.jivesoftware.smack.sasl.provided.SASLProvidedSmackInitializer</className>
|
||||
<className>org.jivesoftware.smack.android.AndroidSmackInitializer</className>
|
||||
<className>org.jivesoftware.smack.java7.Java7SmackInitializer</className>
|
||||
</optionalStartupClasses>
|
||||
</smack>
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2014 the original author or authors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.jivesoftware.smack.java7;
|
||||
|
||||
import java.security.Principal;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
import javax.net.ssl.HostnameVerifier;
|
||||
import javax.net.ssl.SSLPeerUnverifiedException;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.security.auth.kerberos.KerberosPrincipal;
|
||||
|
||||
import sun.security.util.HostnameChecker;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* HostnameVerifier implementation which implements the same policy as the Java built-in
|
||||
* pre-HostnameVerifier policy.
|
||||
* </p>
|
||||
* <p>
|
||||
* Based on the <a href="found at http://kevinlocke.name/bits
|
||||
* /2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/">work by Kevin
|
||||
* Locke</a> (released under CC0 1.0 Universal / Public Domain Dedication).
|
||||
* </p>
|
||||
*/
|
||||
public class Java7HostnameVerifier implements HostnameVerifier {
|
||||
|
||||
@Override
|
||||
public boolean verify(String hostname, SSLSession session) {
|
||||
HostnameChecker checker = HostnameChecker.getInstance(HostnameChecker.TYPE_TLS);
|
||||
|
||||
boolean validCertificate = false, validPrincipal = false;
|
||||
try {
|
||||
Certificate[] peerCertificates = session.getPeerCertificates();
|
||||
|
||||
if (peerCertificates.length > 0 && peerCertificates[0] instanceof X509Certificate) {
|
||||
X509Certificate peerCertificate = (X509Certificate) peerCertificates[0];
|
||||
|
||||
try {
|
||||
checker.match(hostname, peerCertificate);
|
||||
// Certificate matches hostname
|
||||
validCertificate = true;
|
||||
}
|
||||
catch (CertificateException ex) {
|
||||
// Certificate does not match hostname
|
||||
}
|
||||
}
|
||||
else {
|
||||
// Peer does not have any certificates or they aren't X.509
|
||||
}
|
||||
}
|
||||
catch (SSLPeerUnverifiedException ex) {
|
||||
// Not using certificates for peers, try verifying the principal
|
||||
try {
|
||||
Principal peerPrincipal = session.getPeerPrincipal();
|
||||
if (peerPrincipal instanceof KerberosPrincipal) {
|
||||
validPrincipal = HostnameChecker.match(hostname,
|
||||
(KerberosPrincipal) peerPrincipal);
|
||||
}
|
||||
else {
|
||||
// Can't verify principal, not Kerberos
|
||||
}
|
||||
}
|
||||
catch (SSLPeerUnverifiedException ex2) {
|
||||
// Can't verify principal, no principal
|
||||
}
|
||||
}
|
||||
|
||||
return validCertificate || validPrincipal;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2014 the original author or authors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jivesoftware.smack.java7;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.jivesoftware.smack.SmackConfiguration;
|
||||
import org.jivesoftware.smack.initializer.SimpleSmackInitializer;
|
||||
|
||||
public class Java7SmackInitializer extends SimpleSmackInitializer {
|
||||
|
||||
@Override
|
||||
public List<Exception> initialize() {
|
||||
SmackConfiguration.setDefaultHostnameVerifier(new Java7HostnameVerifier());
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue