Remove SmackDaneVerifier.finish(SSLSocket)

2024-11-22 14:22:05 +01:00 · 2019-02-04 09:47:59 +01:00 · 2019-02-04 09:47:59 +01:00 · 5705f18f58
commit 5705f18f58
parent 658fd08d20
3 changed files with 3 additions and 24 deletions
--- a/smack-core/src/main/java/org/jivesoftware/smack/util/dns/SmackDaneVerifier.java
+++ b/smack-core/src/main/java/org/jivesoftware/smack/util/dns/SmackDaneVerifier.java
@ -1,6 +1,6 @@
 /**
 *
- * Copyright 2015-2018 Florian Schmaus
+ * Copyright 2015-2019 Florian Schmaus
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -23,7 +23,6 @@ import java.security.cert.CertificateException;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.X509TrustManager;
 /**
@ -32,8 +31,5 @@ import javax.net.ssl.X509TrustManager;
 public interface SmackDaneVerifier {
    void init(SSLContext context, KeyManager[] km, X509TrustManager tm, SecureRandom random) throws KeyManagementException;
    // TODO: Remove this method in favor of finish(SSLSession).
    void finish(SSLSocket socket) throws CertificateException;
    void finish(SSLSession sslSession)  throws CertificateException;
 }
--- a/smack-resolver-minidns/src/main/java/org/jivesoftware/smack/util/dns/minidns/MiniDnsDaneVerifier.java
+++ b/smack-resolver-minidns/src/main/java/org/jivesoftware/smack/util/dns/minidns/MiniDnsDaneVerifier.java
@ -1,6 +1,6 @@
 /**
 *
- * Copyright 2015-2018 Florian Schmaus
+ * Copyright 2015-2019 Florian Schmaus
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -24,11 +24,9 @@ import java.util.logging.Logger;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 import org.jivesoftware.smack.util.CloseableUtil;
 import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
 import org.minidns.dane.DaneVerifier;
@ -54,21 +52,6 @@ public class MiniDnsDaneVerifier implements SmackDaneVerifier {
        context.init(km, new TrustManager[] {expectingTrustManager}, random);
    }
    @Override
    public void finish(SSLSocket sslSocket) throws CertificateException {
        if (VERIFIER.verify(sslSocket)) {
            // DANE verification was the only requirement according to the TLSA RR. We can return here.
            return;
        }
        // DANE verification was successful, but according to the TLSA RR we also must perform PKIX validation.
        if (expectingTrustManager.hasException()) {
            // PKIX validation has failed. Throw an exception but close the socket first.
            CloseableUtil.maybeClose(sslSocket, LOGGER);
            throw expectingTrustManager.getException();
        }
    }
    @Override
    public void finish(SSLSession sslSession) throws CertificateException {
        if (VERIFIER.verify(sslSession)) {
--- a/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java
+++ b/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java
@ -669,7 +669,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
        sslSocket.startHandshake();
        if (smackTlsContext.daneVerifier != null) {
-            smackTlsContext.daneVerifier.finish(sslSocket);
+            smackTlsContext.daneVerifier.finish(sslSocket.getSession());
        }
        final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();