From 059ee99ba0d5ff7758829acf5a9aeede09ec820b Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Sat, 12 Nov 2016 11:12:50 +0100 Subject: [PATCH] Move TLS Required check at the end of connect() It was a *very* bad idea to perform the SecurityMode.Required check in the connection's reader thread and not at the end of AbstractXMPPConnectin's connect(). :/ This behavior dates back to 8e750912a765f77a4f178a4f307a8b42c2afb5ae Fixes SMACK-739 --- .../smack/AbstractXMPPConnection.java | 1 + .../smack/tcp/XMPPTCPConnection.java | 20 +++++++++---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java index 7b680b1a3..df1acef66 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java @@ -362,6 +362,7 @@ public abstract class AbstractXMPPConnection implements XMPPConnection { // Perform the actual connection to the XMPP service connectInternal(); + return this; } diff --git a/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java b/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java index d0ca18bf2..4d21f6fc6 100644 --- a/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java +++ b/smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java @@ -28,10 +28,9 @@ import org.jivesoftware.smack.SmackException.AlreadyConnectedException; import org.jivesoftware.smack.SmackException.AlreadyLoggedInException; import org.jivesoftware.smack.SmackException.NoResponseException; import org.jivesoftware.smack.SmackException.NotConnectedException; -import org.jivesoftware.smack.SmackException.ConnectionException; import org.jivesoftware.smack.SmackException.SecurityRequiredByClientException; +import org.jivesoftware.smack.SmackException.ConnectionException; import org.jivesoftware.smack.SmackException.SecurityRequiredByServerException; -import org.jivesoftware.smack.SmackException.SecurityRequiredException; import org.jivesoftware.smack.SynchronizationPoint; import org.jivesoftware.smack.XMPPException.StreamErrorException; import org.jivesoftware.smack.XMPPConnection; @@ -857,6 +856,14 @@ public class XMPPTCPConnection extends AbstractXMPPConnection { // Wait with SASL auth until the SASL mechanisms have been received saslFeatureReceived.checkIfSuccessOrWaitOrThrow(); + // If TLS is required but the server doesn't offer it, disconnect + // from the server and throw an error. First check if we've already negotiated TLS + // and are secure, however (features get parsed a second time after TLS is established). + if (!isSecureConnection() && getConfiguration().getSecurityMode() == SecurityMode.required) { + shutdown(); + throw new SecurityRequiredByClientException(); + } + // Make note of the fact that we're now connected. connected = true; callConnectionConnectedListener(); @@ -897,7 +904,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection { } @Override - protected void afterFeaturesReceived() throws SecurityRequiredException, NotConnectedException { + protected void afterFeaturesReceived() throws NotConnectedException { StartTls startTlsFeature = getFeature(StartTls.ELEMENT, StartTls.NAMESPACE); if (startTlsFeature != null) { if (startTlsFeature.required() && config.getSecurityMode() == SecurityMode.disabled) { @@ -909,13 +916,6 @@ public class XMPPTCPConnection extends AbstractXMPPConnection { send(new StartTls()); } } - // If TLS is required but the server doesn't offer it, disconnect - // from the server and throw an error. First check if we've already negotiated TLS - // and are secure, however (features get parsed a second time after TLS is established). - if (!isSecureConnection() && startTlsFeature == null - && getConfiguration().getSecurityMode() == SecurityMode.required) { - throw new SecurityRequiredByClientException(); - } if (getSASLAuthentication().authenticationSuccessful()) { // If we have received features after the SASL has been successfully completed, then we