mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-12-22 12:37:58 +01:00
Remove SmackDaneVerifier.finish(SSLSocket)
This commit is contained in:
parent
658fd08d20
commit
5705f18f58
3 changed files with 3 additions and 24 deletions
|
@ -1,6 +1,6 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2015-2018 Florian Schmaus
|
||||
* Copyright 2015-2019 Florian Schmaus
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -23,7 +23,6 @@ import java.security.cert.CertificateException;
|
|||
import javax.net.ssl.KeyManager;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.net.ssl.SSLSocket;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
|
||||
/**
|
||||
|
@ -32,8 +31,5 @@ import javax.net.ssl.X509TrustManager;
|
|||
public interface SmackDaneVerifier {
|
||||
void init(SSLContext context, KeyManager[] km, X509TrustManager tm, SecureRandom random) throws KeyManagementException;
|
||||
|
||||
// TODO: Remove this method in favor of finish(SSLSession).
|
||||
void finish(SSLSocket socket) throws CertificateException;
|
||||
|
||||
void finish(SSLSession sslSession) throws CertificateException;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2015-2018 Florian Schmaus
|
||||
* Copyright 2015-2019 Florian Schmaus
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -24,11 +24,9 @@ import java.util.logging.Logger;
|
|||
import javax.net.ssl.KeyManager;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.net.ssl.SSLSocket;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
|
||||
import org.jivesoftware.smack.util.CloseableUtil;
|
||||
import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
|
||||
|
||||
import org.minidns.dane.DaneVerifier;
|
||||
|
@ -54,21 +52,6 @@ public class MiniDnsDaneVerifier implements SmackDaneVerifier {
|
|||
context.init(km, new TrustManager[] {expectingTrustManager}, random);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void finish(SSLSocket sslSocket) throws CertificateException {
|
||||
if (VERIFIER.verify(sslSocket)) {
|
||||
// DANE verification was the only requirement according to the TLSA RR. We can return here.
|
||||
return;
|
||||
}
|
||||
|
||||
// DANE verification was successful, but according to the TLSA RR we also must perform PKIX validation.
|
||||
if (expectingTrustManager.hasException()) {
|
||||
// PKIX validation has failed. Throw an exception but close the socket first.
|
||||
CloseableUtil.maybeClose(sslSocket, LOGGER);
|
||||
throw expectingTrustManager.getException();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void finish(SSLSession sslSession) throws CertificateException {
|
||||
if (VERIFIER.verify(sslSession)) {
|
||||
|
|
|
@ -669,7 +669,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
|
|||
sslSocket.startHandshake();
|
||||
|
||||
if (smackTlsContext.daneVerifier != null) {
|
||||
smackTlsContext.daneVerifier.finish(sslSocket);
|
||||
smackTlsContext.daneVerifier.finish(sslSocket.getSession());
|
||||
}
|
||||
|
||||
final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();
|
||||
|
|
Loading…
Reference in a new issue