Remove SmackDaneVerifier.finish(SSLSocket)

smack-core/src/main/java/org/jivesoftware/smack/util/dns/SmackDaneVerifier.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2015-2018 Florian Schmaus
+ * Copyright 2015-2019 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,7 +23,6 @@ import java.security.cert.CertificateException;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
 import javax.net.ssl.X509TrustManager;
 
 /**
@@ -32,8 +31,5 @@ import javax.net.ssl.X509TrustManager;
 public interface SmackDaneVerifier {
     void init(SSLContext context, KeyManager[] km, X509TrustManager tm, SecureRandom random) throws KeyManagementException;
 
-    // TODO: Remove this method in favor of finish(SSLSession).
-    void finish(SSLSocket socket) throws CertificateException;
-
     void finish(SSLSession sslSession)  throws CertificateException;
 }

smack-resolver-minidns/src/main/java/org/jivesoftware/smack/util/dns/minidns/MiniDnsDaneVerifier.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2015-2018 Florian Schmaus
+ * Copyright 2015-2019 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,11 +24,9 @@ import java.util.logging.Logger;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
-import org.jivesoftware.smack.util.CloseableUtil;
 import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
 
 import org.minidns.dane.DaneVerifier;
@@ -54,21 +52,6 @@ public class MiniDnsDaneVerifier implements SmackDaneVerifier {
         context.init(km, new TrustManager[] {expectingTrustManager}, random);
     }
 
-    @Override
-    public void finish(SSLSocket sslSocket) throws CertificateException {
-        if (VERIFIER.verify(sslSocket)) {
-            // DANE verification was the only requirement according to the TLSA RR. We can return here.
-            return;
-        }
-
-        // DANE verification was successful, but according to the TLSA RR we also must perform PKIX validation.
-        if (expectingTrustManager.hasException()) {
-            // PKIX validation has failed. Throw an exception but close the socket first.
-            CloseableUtil.maybeClose(sslSocket, LOGGER);
-            throw expectingTrustManager.getException();
-        }
-    }
-
     @Override
     public void finish(SSLSession sslSession) throws CertificateException {
         if (VERIFIER.verify(sslSession)) {

smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java

@@ -669,7 +669,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
         sslSocket.startHandshake();
 
         if (smackTlsContext.daneVerifier != null) {
-            smackTlsContext.daneVerifier.finish(sslSocket);
+            smackTlsContext.daneVerifier.finish(sslSocket.getSession());
         }
 
         final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();