mirror of
https://github.com/vanitasvitae/Smack.git
synced 2024-11-22 20:12:07 +01:00
TLSUtils.disableHostnameVerificationForTlsCertificates()
(yeah, I know) Sometimes "a friend" has setup an XMPP service which uses a self-signed cert. While we can get a decent amount of security by using techniques like e.g. the MemorizingTrustManager, there's still a pitfall. If the service's TLS certificates contains no or the wrong service/hostname information, Smack will throw an CertificateException. Therefore provide an API call to disable hostname verification.
This commit is contained in:
parent
c36ffd18c2
commit
9ec7d628c8
1 changed files with 32 additions and 4 deletions
|
@ -25,7 +25,9 @@ import java.util.Arrays;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import javax.net.ssl.HostnameVerifier;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.SSLSession;
|
||||||
import javax.net.ssl.SSLSocket;
|
import javax.net.ssl.SSLSocket;
|
||||||
import javax.net.ssl.TrustManager;
|
import javax.net.ssl.TrustManager;
|
||||||
import javax.net.ssl.X509TrustManager;
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
@ -78,15 +80,17 @@ public class TLSUtils {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Accept all SSL/TLS certificates.
|
* Accept all TLS certificates.
|
||||||
* <p>
|
* <p>
|
||||||
* <b>Warning</b> Use with care. This method make the Connection use
|
* <b>Warning:</b> Use with care. This method make the Connection use {@link AcceptAllTrustManager} and essentially
|
||||||
* {@link AcceptAllTrustManager}. Only use this method if you understand the implications.
|
* <b>invalidates all security guarantees provided by TLS</b>. Only use this method if you understand the
|
||||||
|
* implications.
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @param builder
|
* @param builder a connection configuration builder.
|
||||||
* @throws NoSuchAlgorithmException
|
* @throws NoSuchAlgorithmException
|
||||||
* @throws KeyManagementException
|
* @throws KeyManagementException
|
||||||
|
* @return the given builder.
|
||||||
*/
|
*/
|
||||||
public static <B extends ConnectionConfiguration.Builder<B,?>> B acceptAllCertificates(B builder) throws NoSuchAlgorithmException, KeyManagementException {
|
public static <B extends ConnectionConfiguration.Builder<B,?>> B acceptAllCertificates(B builder) throws NoSuchAlgorithmException, KeyManagementException {
|
||||||
SSLContext context = SSLContext.getInstance(TLS);
|
SSLContext context = SSLContext.getInstance(TLS);
|
||||||
|
@ -95,6 +99,30 @@ public class TLSUtils {
|
||||||
return builder;
|
return builder;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static final HostnameVerifier DOES_NOT_VERIFY_VERIFIER = new HostnameVerifier() {
|
||||||
|
@Override
|
||||||
|
public boolean verify(String hostname, SSLSession session) {
|
||||||
|
// This verifier doesn't verify the hostname, it always returns true.
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Disable the hostname verification of TLS certificates.
|
||||||
|
* <p>
|
||||||
|
* <b>Warning:</b> Use with care. This disables hostname verification of TLS certificates and essentially
|
||||||
|
* <b>invalidates all security guarantees provided by TLS</b>. Only use this method if you understand the
|
||||||
|
* implications.
|
||||||
|
* </p>
|
||||||
|
*
|
||||||
|
* @param builder a connection configuration builder.
|
||||||
|
* @return the given builder.
|
||||||
|
*/
|
||||||
|
public static <B extends ConnectionConfiguration.Builder<B,?>> B disableHostnameVerificationForTlsCertificicates(B builder) {
|
||||||
|
builder.setHostnameVerifier(DOES_NOT_VERIFY_VERIFIER);
|
||||||
|
return builder;
|
||||||
|
}
|
||||||
|
|
||||||
public static void setEnabledProtocolsAndCiphers(final SSLSocket sslSocket,
|
public static void setEnabledProtocolsAndCiphers(final SSLSocket sslSocket,
|
||||||
String[] enabledProtocols, String[] enabledCiphers)
|
String[] enabledProtocols, String[] enabledCiphers)
|
||||||
throws SecurityNotPossibleException {
|
throws SecurityNotPossibleException {
|
||||||
|
|
Loading…
Reference in a new issue