Log warning if account creation over insecure connection

Prepare for SMACK-644.
2015-02-21 16:55:30 +01:00 · 2015-02-21 16:55:30 +01:00 · 29bda59617
parent 19f96d2c40
commit 29bda59617
1 changed files with 43 additions and 0 deletions
--- a/smack-extensions/src/main/java/org/jivesoftware/smackx/iqregister/AccountManager.java
+++ b/smack-extensions/src/main/java/org/jivesoftware/smackx/iqregister/AccountManager.java
@ -22,6 +22,7 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 import java.util.WeakHashMap;
+import java.util.logging.Logger;

 import org.jivesoftware.smack.Manager;
 import org.jivesoftware.smack.PacketCollector;
@ -42,6 +43,9 @@ import org.jxmpp.util.XmppStringUtils;
 * @author Matt Tucker
 */
 public class AccountManager extends Manager {
+
+    private static final Logger LOGGER = Logger.getLogger(AccountManager.class.getName());
+
    private static final Map<XMPPConnection, AccountManager> INSTANCES = new WeakHashMap<XMPPConnection, AccountManager>();

    /**
@ -59,6 +63,35 @@ public class AccountManager extends Manager {
        return accountManager;
    }

+    private static boolean allowSensitiveOperationOverInsecureConnectionDefault = false;
+
+    /**
+     * The default value used by new account managers for <code>allowSensitiveOperationOverInsecureConnection</code>.
+     *
+     * @param allow
+     * @see #sensitiveOperationOverInsecureConnection(boolean)
+     * @since 4.1
+     */
+    public static void sensitiveOperationOverInsecureConnectionDefault(boolean allow) {
+        AccountManager.allowSensitiveOperationOverInsecureConnectionDefault = allow;
+    }
+
+    private boolean allowSensitiveOperationOverInsecureConnection = allowSensitiveOperationOverInsecureConnectionDefault;
+
+    /**
+     * Set to <code>true</code> to allow sensitive operation over insecure connection.
+     * <p>
+     * Set to true to allow sensitive operations like account creation or password changes over an insecure (e.g.
+     * unencrypted) connections.
+     * </p>
+     *
+     * @param allow
+     * @since 4.1
+     */
+    public void sensitiveOperationOverInsecureConnection(boolean allow) {
+        this.allowSensitiveOperationOverInsecureConnection = allow;
+    }
+
    private Registration info = null;

    /**
@ -226,6 +259,11 @@ public class AccountManager extends Manager {
     */
    public void createAccount(String username, String password, Map<String, String> attributes)
                    throws NoResponseException, XMPPErrorException, NotConnectedException {
+        if (!connection().isSecureConnection() && !allowSensitiveOperationOverInsecureConnection) {
+            // TODO throw exception in newer Smack versions
+            LOGGER.warning("Creating account over insecure connection. "
+                            + "This will throw an exception in future versions of Smack if AccountManager.sensitiveOperationOverInsecureConnection(true) is not set");
+        }
        attributes.put("username", username);
        attributes.put("password", password);
        Registration reg = new Registration(attributes);
@ -245,6 +283,11 @@ public class AccountManager extends Manager {
     * @throws NotConnectedException 
     */
    public void changePassword(String newPassword) throws NoResponseException, XMPPErrorException, NotConnectedException {
+        if (!connection().isSecureConnection() && !allowSensitiveOperationOverInsecureConnection) {
+            // TODO throw exception in newer Smack versions
+            LOGGER.warning("Changing password over insecure connection. "
+                            + "This will throw an exception in future versions of Smack if AccountManager.sensitiveOperationOverInsecureConnection(true) is not set");
+        }
        Map<String, String> map = new HashMap<String, String>();
        map.put("username",XmppStringUtils.parseLocalpart(connection().getUser()));
        map.put("password",newPassword);