vanitasvitae
/
Smack
mirror of https://github.com/vanitasvitae/Smack.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove SmackDaneVerifier.finish(SSLSocket)

This commit is contained in:
Florian Schmaus 2019-02-04 09:47:59 +01:00
parent 658fd08d20
commit 5705f18f58
3 changed files with 3 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
smack-core/src/main/java/org/jivesoftware/smack/util/dns/SmackDaneVerifier.java
View File

@ -1,6 +1,6 @@
/** /**
* *
* Copyright 2015-2018 Florian Schmaus * Copyright 2015-2019 Florian Schmaus
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -23,7 +23,6 @@ import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
/** /**
@ -32,8 +31,5 @@ import javax.net.ssl.X509TrustManager;
public interface SmackDaneVerifier { public interface SmackDaneVerifier {
void init(SSLContext context, KeyManager[] km, X509TrustManager tm, SecureRandom random) throws KeyManagementException; void init(SSLContext context, KeyManager[] km, X509TrustManager tm, SecureRandom random) throws KeyManagementException;
// TODO: Remove this method in favor of finish(SSLSession).
void finish(SSLSocket socket) throws CertificateException;
void finish(SSLSession sslSession) throws CertificateException; void finish(SSLSession sslSession) throws CertificateException;
} }

19
smack-resolver-minidns/src/main/java/org/jivesoftware/smack/util/dns/minidns/MiniDnsDaneVerifier.java
View File

@ -1,6 +1,6 @@
/** /**
* *
* Copyright 2015-2018 Florian Schmaus * Copyright 2015-2019 Florian Schmaus
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -24,11 +24,9 @@ import java.util.logging.Logger;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
import org.jivesoftware.smack.util.CloseableUtil;
import org.jivesoftware.smack.util.dns.SmackDaneVerifier; import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
import org.minidns.dane.DaneVerifier; import org.minidns.dane.DaneVerifier;
@ -54,21 +52,6 @@ public class MiniDnsDaneVerifier implements SmackDaneVerifier {
context.init(km, new TrustManager[] {expectingTrustManager}, random); context.init(km, new TrustManager[] {expectingTrustManager}, random);
} }
@Override
public void finish(SSLSocket sslSocket) throws CertificateException {
if (VERIFIER.verify(sslSocket)) {
// DANE verification was the only requirement according to the TLSA RR. We can return here.
return;
}
// DANE verification was successful, but according to the TLSA RR we also must perform PKIX validation.
if (expectingTrustManager.hasException()) {
// PKIX validation has failed. Throw an exception but close the socket first.
CloseableUtil.maybeClose(sslSocket, LOGGER);
throw expectingTrustManager.getException();
}
}
@Override @Override
public void finish(SSLSession sslSession) throws CertificateException { public void finish(SSLSession sslSession) throws CertificateException {
if (VERIFIER.verify(sslSession)) { if (VERIFIER.verify(sslSession)) {

2
smack-tcp/src/main/java/org/jivesoftware/smack/tcp/XMPPTCPConnection.java
View File

@ -669,7 +669,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
sslSocket.startHandshake(); sslSocket.startHandshake();
if (smackTlsContext.daneVerifier != null) { if (smackTlsContext.daneVerifier != null) {
smackTlsContext.daneVerifier.finish(sslSocket); smackTlsContext.daneVerifier.finish(sslSocket.getSession());
} }
final HostnameVerifier verifier = getConfiguration().getHostnameVerifier(); final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();