From 5705f18f5861df890b0356d2a68b2df8a05002a5 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Mon, 4 Feb 2019 09:47:59 +0100 Subject: [PATCH] Remove SmackDaneVerifier.finish(SSLSocket) --- .../smack/util/dns/SmackDaneVerifier.java | 6 +----- .../util/dns/minidns/MiniDnsDaneVerifier.java | 19 +------------------ .../smack/tcp/XMPPTCPConnection.java | 2 +- 3 files changed, 3 insertions(+), 24 deletions(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/util/dns/SmackDaneVerifier.java b/smack-core/src/main/java/org/jivesoftware/smack/util/dns/SmackDaneVerifier.java index 98549e0bb..340544807 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/util/dns/SmackDaneVerifier.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/util/dns/SmackDaneVerifier.java @@ -1,6 +1,6 @@ /** * - * Copyright 2015-2018 Florian Schmaus + * Copyright 2015-2019 Florian Schmaus * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,7 +23,6 @@ import java.security.cert.CertificateException; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocket; import javax.net.ssl.X509TrustManager; /** @@ -32,8 +31,5 @@ import javax.net.ssl.X509TrustManager; public interface SmackDaneVerifier { void init(SSLContext context, KeyManager[] km, X509TrustManager tm, SecureRandom random) throws KeyManagementException; - // TODO: Remove this method in favor of finish(SSLSession). - void finish(SSLSocket socket) throws CertificateException; - void finish(SSLSession sslSession) throws CertificateException; } diff --git a/smack-resolver-minidns/src/main/java/org/jivesoftware/smack/util/dns/minidns/MiniDnsDaneVerifier.java b/smack-resolver-minidns/src/main/java/org/jivesoftware/smack/util/dns/minidns/MiniDnsDaneVerifier.java index b00599211..76d3bf536 100644 --- a/smack-resolver-minidns/src/main/java/org/jivesoftware/smack/util/dns/minidns/MiniDnsDaneVerifier.java +++ b/smack-resolver-minidns/src/main/java/org/jivesoftware/smack/util/dns/minidns/MiniDnsDaneVerifier.java @@ -1,6 +1,6 @@ /** * - * Copyright 2015-2018 Florian Schmaus + * Copyright 2015-2019 Florian Schmaus * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,11 +24,9 @@ import java.util.logging.Logger; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; -import org.jivesoftware.smack.util.CloseableUtil; import org.jivesoftware.smack.util.dns.SmackDaneVerifier; import org.minidns.dane.DaneVerifier; @@ -54,21 +52,6 @@ public class MiniDnsDaneVerifier implements SmackDaneVerifier { context.init(km, new TrustManager[] {expectingTrustManager}, random); } - @Override - public void finish(SSLSocket sslSocket) throws CertificateException { - if (VERIFIER.verify(sslSocket)) { - // DANE verification was the only requirement according to the TLSA RR. We can return here. - return; - } - - // DANE verification was successful, but according to the TLSA RR we also must perform PKIX validation. - if (expectingTrustManager.hasException()) { - // PKIX validation has failed. Throw an exception but close the socket first. - CloseableUtil.maybeClose(sslSocket, LOGGER); - throw expectingTrustManager.getException(); - } - } - @Override public void finish(SSLSession sslSession) throws CertificateException { if (VERIFIER.verify(sslSession)) { diff --git a/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java b/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java index a6d1bf78a..dc866897f 100644 --- a/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java +++ b/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java @@ -669,7 +669,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection { sslSocket.startHandshake(); if (smackTlsContext.daneVerifier != null) { - smackTlsContext.daneVerifier.finish(sslSocket); + smackTlsContext.daneVerifier.finish(sslSocket.getSession()); } final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();