1
0
Fork 0
mirror of https://codeberg.org/Mercury-IM/Smack synced 2024-12-22 20:47:57 +01:00

Configure default Hostname Verifiers

This commit is contained in:
Florian Schmaus 2014-08-01 17:35:44 +02:00
parent 89dc3a0e85
commit 076c7d0b81
5 changed files with 171 additions and 1 deletions

View file

@ -0,0 +1,33 @@
/**
*
* Copyright © 2014 Florian Schmaus
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack.android;
import java.util.List;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.jivesoftware.smack.SmackConfiguration;
import org.jivesoftware.smack.initializer.SimpleSmackInitializer;
public class AndroidSmackInitializer extends SimpleSmackInitializer {
@Override
public List<Exception> initialize() {
SmackConfiguration.setDefaultHostnameVerifier(new StrictHostnameVerifier());
return null;
}
}

View file

@ -1,6 +1,6 @@
/**
*
* Copyright 2014 the original author or authors
* Copyright 2014 Florian Schmaus
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -14,3 +14,18 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack.initializer;
import java.util.List;
public abstract class SimpleSmackInitializer implements SmackInitializer {
@Override
public abstract List<Exception> initialize();
@Override
public List<Exception> initialize(ClassLoader classLoader) {
return initialize();
}
}

View file

@ -14,5 +14,7 @@
<className>org.jivesoftware.smack.initializer.legacy.LegacyInitializer</className>
<className>org.jivesoftware.smack.sasl.javax.SASLJavaXSmackInitializer</className>
<className>org.jivesoftware.smack.sasl.provided.SASLProvidedSmackInitializer</className>
<className>org.jivesoftware.smack.android.AndroidSmackInitializer</className>
<className>org.jivesoftware.smack.java7.Java7SmackInitializer</className>
</optionalStartupClasses>
</smack>

View file

@ -0,0 +1,88 @@
/**
*
* Copyright 2014 the original author or authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack.java7;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.kerberos.KerberosPrincipal;
import sun.security.util.HostnameChecker;
/**
* <p>
* HostnameVerifier implementation which implements the same policy as the Java built-in
* pre-HostnameVerifier policy.
* </p>
* <p>
* Based on the <a href="found at http://kevinlocke.name/bits
* /2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/">work by Kevin
* Locke</a> (released under CC0 1.0 Universal / Public Domain Dedication).
* </p>
*/
public class Java7HostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
HostnameChecker checker = HostnameChecker.getInstance(HostnameChecker.TYPE_TLS);
boolean validCertificate = false, validPrincipal = false;
try {
Certificate[] peerCertificates = session.getPeerCertificates();
if (peerCertificates.length > 0 && peerCertificates[0] instanceof X509Certificate) {
X509Certificate peerCertificate = (X509Certificate) peerCertificates[0];
try {
checker.match(hostname, peerCertificate);
// Certificate matches hostname
validCertificate = true;
}
catch (CertificateException ex) {
// Certificate does not match hostname
}
}
else {
// Peer does not have any certificates or they aren't X.509
}
}
catch (SSLPeerUnverifiedException ex) {
// Not using certificates for peers, try verifying the principal
try {
Principal peerPrincipal = session.getPeerPrincipal();
if (peerPrincipal instanceof KerberosPrincipal) {
validPrincipal = HostnameChecker.match(hostname,
(KerberosPrincipal) peerPrincipal);
}
else {
// Can't verify principal, not Kerberos
}
}
catch (SSLPeerUnverifiedException ex2) {
// Can't verify principal, no principal
}
}
return validCertificate || validPrincipal;
}
}

View file

@ -0,0 +1,32 @@
/**
*
* Copyright 2014 the original author or authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack.java7;
import java.util.List;
import org.jivesoftware.smack.SmackConfiguration;
import org.jivesoftware.smack.initializer.SimpleSmackInitializer;
public class Java7SmackInitializer extends SimpleSmackInitializer {
@Override
public List<Exception> initialize() {
SmackConfiguration.setDefaultHostnameVerifier(new Java7HostnameVerifier());
return null;
}
}