mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-11-25 15:52:06 +01:00
Ensure a X509TrustManager is set
This commit is contained in:
parent
9a081e621d
commit
6440f322fe
2 changed files with 28 additions and 6 deletions
|
@ -135,6 +135,7 @@ import org.jivesoftware.smack.util.PacketParserUtils;
|
||||||
import org.jivesoftware.smack.util.ParserUtils;
|
import org.jivesoftware.smack.util.ParserUtils;
|
||||||
import org.jivesoftware.smack.util.Predicate;
|
import org.jivesoftware.smack.util.Predicate;
|
||||||
import org.jivesoftware.smack.util.StringUtils;
|
import org.jivesoftware.smack.util.StringUtils;
|
||||||
|
import org.jivesoftware.smack.util.TLSUtils;
|
||||||
import org.jivesoftware.smack.util.dns.HostAddress;
|
import org.jivesoftware.smack.util.dns.HostAddress;
|
||||||
import org.jivesoftware.smack.util.dns.SmackDaneProvider;
|
import org.jivesoftware.smack.util.dns.SmackDaneProvider;
|
||||||
import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
|
import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
|
||||||
|
@ -2340,16 +2341,16 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
|
||||||
context = SSLContext.getInstance("TLS");
|
context = SSLContext.getInstance("TLS");
|
||||||
|
|
||||||
final SecureRandom secureRandom = new java.security.SecureRandom();
|
final SecureRandom secureRandom = new java.security.SecureRandom();
|
||||||
X509TrustManager customTrustManager = config.getCustomX509TrustManager();
|
X509TrustManager trustManager = config.getCustomX509TrustManager();
|
||||||
|
if (trustManager == null) {
|
||||||
|
trustManager = TLSUtils.getDefaultX509TrustManager(ks);
|
||||||
|
}
|
||||||
|
|
||||||
if (daneVerifier != null) {
|
if (daneVerifier != null) {
|
||||||
// User requested DANE verification.
|
// User requested DANE verification.
|
||||||
daneVerifier.init(context, kms, customTrustManager, secureRandom);
|
daneVerifier.init(context, kms, trustManager, secureRandom);
|
||||||
} else {
|
} else {
|
||||||
TrustManager[] customTrustManagers = null;
|
TrustManager[] customTrustManagers = new TrustManager[] { trustManager };
|
||||||
if (customTrustManager != null) {
|
|
||||||
customTrustManagers = new TrustManager[] { customTrustManager };
|
|
||||||
}
|
|
||||||
context.init(kms, customTrustManagers, secureRandom);
|
context.init(kms, customTrustManagers, secureRandom);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,8 @@
|
||||||
package org.jivesoftware.smack.util;
|
package org.jivesoftware.smack.util;
|
||||||
|
|
||||||
import java.security.KeyManagementException;
|
import java.security.KeyManagementException;
|
||||||
|
import java.security.KeyStore;
|
||||||
|
import java.security.KeyStoreException;
|
||||||
import java.security.MessageDigest;
|
import java.security.MessageDigest;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
@ -34,6 +36,7 @@ import javax.net.ssl.SSLPeerUnverifiedException;
|
||||||
import javax.net.ssl.SSLSession;
|
import javax.net.ssl.SSLSession;
|
||||||
import javax.net.ssl.SSLSocket;
|
import javax.net.ssl.SSLSocket;
|
||||||
import javax.net.ssl.TrustManager;
|
import javax.net.ssl.TrustManager;
|
||||||
|
import javax.net.ssl.TrustManagerFactory;
|
||||||
import javax.net.ssl.X509TrustManager;
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
import org.jivesoftware.smack.ConnectionConfiguration;
|
import org.jivesoftware.smack.ConnectionConfiguration;
|
||||||
|
@ -240,4 +243,22 @@ public class TLSUtils {
|
||||||
return new X509Certificate[0];
|
return new X509Certificate[0];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static X509TrustManager getDefaultX509TrustManager(KeyStore keyStore) {
|
||||||
|
String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
|
||||||
|
TrustManagerFactory trustManagerFactory;
|
||||||
|
try {
|
||||||
|
trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
|
||||||
|
trustManagerFactory.init(keyStore);
|
||||||
|
} catch (NoSuchAlgorithmException | KeyStoreException e) {
|
||||||
|
throw new AssertionError(e);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
|
||||||
|
if (trustManager instanceof X509TrustManager) {
|
||||||
|
return (X509TrustManager) trustManager;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
throw new AssertionError("No trust manager for the default algorithm " + defaultAlgorithm + " found");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue