From 6440f322fe6cc562554375fbbaf90ef7a7f92f8b Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Wed, 12 Feb 2020 23:09:36 +0100 Subject: [PATCH] Ensure a X509TrustManager is set --- .../smack/AbstractXMPPConnection.java | 13 ++++++------ .../org/jivesoftware/smack/util/TLSUtils.java | 21 +++++++++++++++++++ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java index 4d344376d..1402e3738 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java @@ -135,6 +135,7 @@ import org.jivesoftware.smack.util.PacketParserUtils; import org.jivesoftware.smack.util.ParserUtils; import org.jivesoftware.smack.util.Predicate; import org.jivesoftware.smack.util.StringUtils; +import org.jivesoftware.smack.util.TLSUtils; import org.jivesoftware.smack.util.dns.HostAddress; import org.jivesoftware.smack.util.dns.SmackDaneProvider; import org.jivesoftware.smack.util.dns.SmackDaneVerifier; @@ -2340,16 +2341,16 @@ public abstract class AbstractXMPPConnection implements XMPPConnection { context = SSLContext.getInstance("TLS"); final SecureRandom secureRandom = new java.security.SecureRandom(); - X509TrustManager customTrustManager = config.getCustomX509TrustManager(); + X509TrustManager trustManager = config.getCustomX509TrustManager(); + if (trustManager == null) { + trustManager = TLSUtils.getDefaultX509TrustManager(ks); + } if (daneVerifier != null) { // User requested DANE verification. - daneVerifier.init(context, kms, customTrustManager, secureRandom); + daneVerifier.init(context, kms, trustManager, secureRandom); } else { - TrustManager[] customTrustManagers = null; - if (customTrustManager != null) { - customTrustManagers = new TrustManager[] { customTrustManager }; - } + TrustManager[] customTrustManagers = new TrustManager[] { trustManager }; context.init(kms, customTrustManagers, secureRandom); } } diff --git a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java index 5c3527482..807ffd958 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java @@ -17,6 +17,8 @@ package org.jivesoftware.smack.util; import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; @@ -34,6 +36,7 @@ import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import org.jivesoftware.smack.ConnectionConfiguration; @@ -240,4 +243,22 @@ public class TLSUtils { return new X509Certificate[0]; } } + + public static X509TrustManager getDefaultX509TrustManager(KeyStore keyStore) { + String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); + TrustManagerFactory trustManagerFactory; + try { + trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm); + trustManagerFactory.init(keyStore); + } catch (NoSuchAlgorithmException | KeyStoreException e) { + throw new AssertionError(e); + } + + for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) { + if (trustManager instanceof X509TrustManager) { + return (X509TrustManager) trustManager; + } + } + throw new AssertionError("No trust manager for the default algorithm " + defaultAlgorithm + " found"); + } }