Ensure a X509TrustManager is set

2024-11-21 22:02:06 +01:00 · 2020-02-12 23:09:36 +01:00 · 2020-02-12 23:09:36 +01:00 · 6440f322fe
commit 6440f322fe
parent 9a081e621d
2 changed files with 28 additions and 6 deletions
--- a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java
+++ b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java
@ -135,6 +135,7 @@ import org.jivesoftware.smack.util.PacketParserUtils;
 import org.jivesoftware.smack.util.ParserUtils;
 import org.jivesoftware.smack.util.Predicate;
 import org.jivesoftware.smack.util.StringUtils;
+import org.jivesoftware.smack.util.TLSUtils;
 import org.jivesoftware.smack.util.dns.HostAddress;
 import org.jivesoftware.smack.util.dns.SmackDaneProvider;
 import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
@ -2340,16 +2341,16 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
            context = SSLContext.getInstance("TLS");

            final SecureRandom secureRandom = new java.security.SecureRandom();
-            X509TrustManager customTrustManager = config.getCustomX509TrustManager();
+            X509TrustManager trustManager = config.getCustomX509TrustManager();
+            if (trustManager == null) {
+                trustManager = TLSUtils.getDefaultX509TrustManager(ks);
+            }

            if (daneVerifier != null) {
                // User requested DANE verification.
-                daneVerifier.init(context, kms, customTrustManager, secureRandom);
+                daneVerifier.init(context, kms, trustManager, secureRandom);
            } else {
-                TrustManager[] customTrustManagers = null;
-                if (customTrustManager != null) {
-                    customTrustManagers = new TrustManager[] { customTrustManager };
-                }
+                TrustManager[] customTrustManagers = new TrustManager[] { trustManager };
                context.init(kms, customTrustManagers, secureRandom);
            }
        }
--- a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java
+++ b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java
@ -17,6 +17,8 @@
 package org.jivesoftware.smack.util;

 import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
@ -34,6 +36,7 @@ import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;

 import org.jivesoftware.smack.ConnectionConfiguration;
@ -240,4 +243,22 @@ public class TLSUtils {
            return new X509Certificate[0];
        }
    }
+
+    public static X509TrustManager getDefaultX509TrustManager(KeyStore keyStore) {
+        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
+        TrustManagerFactory trustManagerFactory;
+        try {
+            trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
+            trustManagerFactory.init(keyStore);
+        } catch (NoSuchAlgorithmException | KeyStoreException e) {
+            throw new AssertionError(e);
+        }
+
+        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
+            if (trustManager instanceof X509TrustManager) {
+                return (X509TrustManager) trustManager;
+            }
+        }
+        throw new AssertionError("No trust manager for the default algorithm " + defaultAlgorithm + " found");
+    }
 }