mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-11-24 23:32:05 +01:00
Move TLS Required check at the end of connect()
It was a *very* bad idea to perform the SecurityMode.Required check in
the connection's reader thread and not at the end of
AbstractXMPPConnectin's connect(). :/
This behavior dates back to 8e750912a7
Fixes SMACK-739
This commit is contained in:
parent
013f4d630a
commit
a9d5cd4a61
2 changed files with 9 additions and 10 deletions
|
@ -46,6 +46,7 @@ import org.jivesoftware.smack.SmackException.AlreadyLoggedInException;
|
||||||
import org.jivesoftware.smack.SmackException.NoResponseException;
|
import org.jivesoftware.smack.SmackException.NoResponseException;
|
||||||
import org.jivesoftware.smack.SmackException.NotConnectedException;
|
import org.jivesoftware.smack.SmackException.NotConnectedException;
|
||||||
import org.jivesoftware.smack.SmackException.ResourceBindingNotOfferedException;
|
import org.jivesoftware.smack.SmackException.ResourceBindingNotOfferedException;
|
||||||
|
import org.jivesoftware.smack.SmackException.SecurityRequiredByClientException;
|
||||||
import org.jivesoftware.smack.SmackException.SecurityRequiredException;
|
import org.jivesoftware.smack.SmackException.SecurityRequiredException;
|
||||||
import org.jivesoftware.smack.XMPPException.StreamErrorException;
|
import org.jivesoftware.smack.XMPPException.StreamErrorException;
|
||||||
import org.jivesoftware.smack.XMPPException.XMPPErrorException;
|
import org.jivesoftware.smack.XMPPException.XMPPErrorException;
|
||||||
|
@ -373,6 +374,13 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
|
||||||
// Wait with SASL auth until the SASL mechanisms have been received
|
// Wait with SASL auth until the SASL mechanisms have been received
|
||||||
saslFeatureReceived.checkIfSuccessOrWaitOrThrow();
|
saslFeatureReceived.checkIfSuccessOrWaitOrThrow();
|
||||||
|
|
||||||
|
// If TLS is required but the server doesn't offer it, disconnect
|
||||||
|
// from the server and throw an error. First check if we've already negotiated TLS
|
||||||
|
// and are secure, however (features get parsed a second time after TLS is established).
|
||||||
|
if (!isSecureConnection() && getConfiguration().getSecurityMode() == SecurityMode.required) {
|
||||||
|
throw new SecurityRequiredByClientException();
|
||||||
|
}
|
||||||
|
|
||||||
// Make note of the fact that we're now connected.
|
// Make note of the fact that we're now connected.
|
||||||
connected = true;
|
connected = true;
|
||||||
callConnectionConnectedListener();
|
callConnectionConnectedListener();
|
||||||
|
|
|
@ -29,9 +29,7 @@ import org.jivesoftware.smack.SmackException.AlreadyLoggedInException;
|
||||||
import org.jivesoftware.smack.SmackException.NoResponseException;
|
import org.jivesoftware.smack.SmackException.NoResponseException;
|
||||||
import org.jivesoftware.smack.SmackException.NotConnectedException;
|
import org.jivesoftware.smack.SmackException.NotConnectedException;
|
||||||
import org.jivesoftware.smack.SmackException.ConnectionException;
|
import org.jivesoftware.smack.SmackException.ConnectionException;
|
||||||
import org.jivesoftware.smack.SmackException.SecurityRequiredByClientException;
|
|
||||||
import org.jivesoftware.smack.SmackException.SecurityRequiredByServerException;
|
import org.jivesoftware.smack.SmackException.SecurityRequiredByServerException;
|
||||||
import org.jivesoftware.smack.SmackException.SecurityRequiredException;
|
|
||||||
import org.jivesoftware.smack.SynchronizationPoint;
|
import org.jivesoftware.smack.SynchronizationPoint;
|
||||||
import org.jivesoftware.smack.XMPPException.StreamErrorException;
|
import org.jivesoftware.smack.XMPPException.StreamErrorException;
|
||||||
import org.jivesoftware.smack.XMPPConnection;
|
import org.jivesoftware.smack.XMPPConnection;
|
||||||
|
@ -917,7 +915,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void afterFeaturesReceived() throws SecurityRequiredException, NotConnectedException, InterruptedException {
|
protected void afterFeaturesReceived() throws NotConnectedException, InterruptedException {
|
||||||
StartTls startTlsFeature = getFeature(StartTls.ELEMENT, StartTls.NAMESPACE);
|
StartTls startTlsFeature = getFeature(StartTls.ELEMENT, StartTls.NAMESPACE);
|
||||||
if (startTlsFeature != null) {
|
if (startTlsFeature != null) {
|
||||||
if (startTlsFeature.required() && config.getSecurityMode() == SecurityMode.disabled) {
|
if (startTlsFeature.required() && config.getSecurityMode() == SecurityMode.disabled) {
|
||||||
|
@ -929,13 +927,6 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
|
||||||
sendNonza(new StartTls());
|
sendNonza(new StartTls());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// If TLS is required but the server doesn't offer it, disconnect
|
|
||||||
// from the server and throw an error. First check if we've already negotiated TLS
|
|
||||||
// and are secure, however (features get parsed a second time after TLS is established).
|
|
||||||
if (!isSecureConnection() && startTlsFeature == null
|
|
||||||
&& getConfiguration().getSecurityMode() == SecurityMode.required) {
|
|
||||||
throw new SecurityRequiredByClientException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (getSASLAuthentication().authenticationSuccessful()) {
|
if (getSASLAuthentication().authenticationSuccessful()) {
|
||||||
// If we have received features after the SASL has been successfully completed, then we
|
// If we have received features after the SASL has been successfully completed, then we
|
||||||
|
|
Loading…
Reference in a new issue