mirror of
https://github.com/vanitasvitae/Smack.git
synced 2024-11-22 03:52:06 +01:00
Remove SmackDaneVerifier.finish(SSLSocket)
This commit is contained in:
parent
658fd08d20
commit
5705f18f58
3 changed files with 3 additions and 24 deletions
|
@ -1,6 +1,6 @@
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* Copyright 2015-2018 Florian Schmaus
|
* Copyright 2015-2019 Florian Schmaus
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -23,7 +23,6 @@ import java.security.cert.CertificateException;
|
||||||
import javax.net.ssl.KeyManager;
|
import javax.net.ssl.KeyManager;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLSession;
|
import javax.net.ssl.SSLSession;
|
||||||
import javax.net.ssl.SSLSocket;
|
|
||||||
import javax.net.ssl.X509TrustManager;
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -32,8 +31,5 @@ import javax.net.ssl.X509TrustManager;
|
||||||
public interface SmackDaneVerifier {
|
public interface SmackDaneVerifier {
|
||||||
void init(SSLContext context, KeyManager[] km, X509TrustManager tm, SecureRandom random) throws KeyManagementException;
|
void init(SSLContext context, KeyManager[] km, X509TrustManager tm, SecureRandom random) throws KeyManagementException;
|
||||||
|
|
||||||
// TODO: Remove this method in favor of finish(SSLSession).
|
|
||||||
void finish(SSLSocket socket) throws CertificateException;
|
|
||||||
|
|
||||||
void finish(SSLSession sslSession) throws CertificateException;
|
void finish(SSLSession sslSession) throws CertificateException;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* Copyright 2015-2018 Florian Schmaus
|
* Copyright 2015-2019 Florian Schmaus
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -24,11 +24,9 @@ import java.util.logging.Logger;
|
||||||
import javax.net.ssl.KeyManager;
|
import javax.net.ssl.KeyManager;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLSession;
|
import javax.net.ssl.SSLSession;
|
||||||
import javax.net.ssl.SSLSocket;
|
|
||||||
import javax.net.ssl.TrustManager;
|
import javax.net.ssl.TrustManager;
|
||||||
import javax.net.ssl.X509TrustManager;
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
import org.jivesoftware.smack.util.CloseableUtil;
|
|
||||||
import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
|
import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
|
||||||
|
|
||||||
import org.minidns.dane.DaneVerifier;
|
import org.minidns.dane.DaneVerifier;
|
||||||
|
@ -54,21 +52,6 @@ public class MiniDnsDaneVerifier implements SmackDaneVerifier {
|
||||||
context.init(km, new TrustManager[] {expectingTrustManager}, random);
|
context.init(km, new TrustManager[] {expectingTrustManager}, random);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public void finish(SSLSocket sslSocket) throws CertificateException {
|
|
||||||
if (VERIFIER.verify(sslSocket)) {
|
|
||||||
// DANE verification was the only requirement according to the TLSA RR. We can return here.
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// DANE verification was successful, but according to the TLSA RR we also must perform PKIX validation.
|
|
||||||
if (expectingTrustManager.hasException()) {
|
|
||||||
// PKIX validation has failed. Throw an exception but close the socket first.
|
|
||||||
CloseableUtil.maybeClose(sslSocket, LOGGER);
|
|
||||||
throw expectingTrustManager.getException();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void finish(SSLSession sslSession) throws CertificateException {
|
public void finish(SSLSession sslSession) throws CertificateException {
|
||||||
if (VERIFIER.verify(sslSession)) {
|
if (VERIFIER.verify(sslSession)) {
|
||||||
|
|
|
@ -669,7 +669,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
|
||||||
sslSocket.startHandshake();
|
sslSocket.startHandshake();
|
||||||
|
|
||||||
if (smackTlsContext.daneVerifier != null) {
|
if (smackTlsContext.daneVerifier != null) {
|
||||||
smackTlsContext.daneVerifier.finish(sslSocket);
|
smackTlsContext.daneVerifier.finish(sslSocket.getSession());
|
||||||
}
|
}
|
||||||
|
|
||||||
final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();
|
final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();
|
||||||
|
|
Loading…
Reference in a new issue