1
0
Fork 0
mirror of https://codeberg.org/Mercury-IM/Smack synced 2024-11-25 15:52:06 +01:00

Ensure a X509TrustManager is set

This commit is contained in:
Florian Schmaus 2020-02-12 23:09:36 +01:00
parent 9a081e621d
commit 6440f322fe
2 changed files with 28 additions and 6 deletions

View file

@ -135,6 +135,7 @@ import org.jivesoftware.smack.util.PacketParserUtils;
import org.jivesoftware.smack.util.ParserUtils; import org.jivesoftware.smack.util.ParserUtils;
import org.jivesoftware.smack.util.Predicate; import org.jivesoftware.smack.util.Predicate;
import org.jivesoftware.smack.util.StringUtils; import org.jivesoftware.smack.util.StringUtils;
import org.jivesoftware.smack.util.TLSUtils;
import org.jivesoftware.smack.util.dns.HostAddress; import org.jivesoftware.smack.util.dns.HostAddress;
import org.jivesoftware.smack.util.dns.SmackDaneProvider; import org.jivesoftware.smack.util.dns.SmackDaneProvider;
import org.jivesoftware.smack.util.dns.SmackDaneVerifier; import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
@ -2340,16 +2341,16 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
context = SSLContext.getInstance("TLS"); context = SSLContext.getInstance("TLS");
final SecureRandom secureRandom = new java.security.SecureRandom(); final SecureRandom secureRandom = new java.security.SecureRandom();
X509TrustManager customTrustManager = config.getCustomX509TrustManager(); X509TrustManager trustManager = config.getCustomX509TrustManager();
if (trustManager == null) {
trustManager = TLSUtils.getDefaultX509TrustManager(ks);
}
if (daneVerifier != null) { if (daneVerifier != null) {
// User requested DANE verification. // User requested DANE verification.
daneVerifier.init(context, kms, customTrustManager, secureRandom); daneVerifier.init(context, kms, trustManager, secureRandom);
} else { } else {
TrustManager[] customTrustManagers = null; TrustManager[] customTrustManagers = new TrustManager[] { trustManager };
if (customTrustManager != null) {
customTrustManagers = new TrustManager[] { customTrustManager };
}
context.init(kms, customTrustManagers, secureRandom); context.init(kms, customTrustManagers, secureRandom);
} }
} }

View file

@ -17,6 +17,8 @@
package org.jivesoftware.smack.util; package org.jivesoftware.smack.util;
import java.security.KeyManagementException; import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom; import java.security.SecureRandom;
@ -34,6 +36,7 @@ import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
import org.jivesoftware.smack.ConnectionConfiguration; import org.jivesoftware.smack.ConnectionConfiguration;
@ -240,4 +243,22 @@ public class TLSUtils {
return new X509Certificate[0]; return new X509Certificate[0];
} }
} }
public static X509TrustManager getDefaultX509TrustManager(KeyStore keyStore) {
String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory trustManagerFactory;
try {
trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
trustManagerFactory.init(keyStore);
} catch (NoSuchAlgorithmException | KeyStoreException e) {
throw new AssertionError(e);
}
for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
if (trustManager instanceof X509TrustManager) {
return (X509TrustManager) trustManager;
}
}
throw new AssertionError("No trust manager for the default algorithm " + defaultAlgorithm + " found");
}
} }