mirror of
https://github.com/vanitasvitae/Smack.git
synced 2024-12-22 10:37:59 +01:00
Move TLS Required check at the end of connect()
It was a *very* bad idea to perform the SecurityMode.Required check in
the connection's reader thread and not at the end of
AbstractXMPPConnectin's connect(). :/
This behavior dates back to 8e750912a7
Fixes SMACK-739
This commit is contained in:
parent
013f4d630a
commit
a9d5cd4a61
2 changed files with 9 additions and 10 deletions
|
@ -46,6 +46,7 @@ import org.jivesoftware.smack.SmackException.AlreadyLoggedInException;
|
|||
import org.jivesoftware.smack.SmackException.NoResponseException;
|
||||
import org.jivesoftware.smack.SmackException.NotConnectedException;
|
||||
import org.jivesoftware.smack.SmackException.ResourceBindingNotOfferedException;
|
||||
import org.jivesoftware.smack.SmackException.SecurityRequiredByClientException;
|
||||
import org.jivesoftware.smack.SmackException.SecurityRequiredException;
|
||||
import org.jivesoftware.smack.XMPPException.StreamErrorException;
|
||||
import org.jivesoftware.smack.XMPPException.XMPPErrorException;
|
||||
|
@ -373,6 +374,13 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
|
|||
// Wait with SASL auth until the SASL mechanisms have been received
|
||||
saslFeatureReceived.checkIfSuccessOrWaitOrThrow();
|
||||
|
||||
// If TLS is required but the server doesn't offer it, disconnect
|
||||
// from the server and throw an error. First check if we've already negotiated TLS
|
||||
// and are secure, however (features get parsed a second time after TLS is established).
|
||||
if (!isSecureConnection() && getConfiguration().getSecurityMode() == SecurityMode.required) {
|
||||
throw new SecurityRequiredByClientException();
|
||||
}
|
||||
|
||||
// Make note of the fact that we're now connected.
|
||||
connected = true;
|
||||
callConnectionConnectedListener();
|
||||
|
|
|
@ -29,9 +29,7 @@ import org.jivesoftware.smack.SmackException.AlreadyLoggedInException;
|
|||
import org.jivesoftware.smack.SmackException.NoResponseException;
|
||||
import org.jivesoftware.smack.SmackException.NotConnectedException;
|
||||
import org.jivesoftware.smack.SmackException.ConnectionException;
|
||||
import org.jivesoftware.smack.SmackException.SecurityRequiredByClientException;
|
||||
import org.jivesoftware.smack.SmackException.SecurityRequiredByServerException;
|
||||
import org.jivesoftware.smack.SmackException.SecurityRequiredException;
|
||||
import org.jivesoftware.smack.SynchronizationPoint;
|
||||
import org.jivesoftware.smack.XMPPException.StreamErrorException;
|
||||
import org.jivesoftware.smack.XMPPConnection;
|
||||
|
@ -917,7 +915,7 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
|
|||
}
|
||||
|
||||
@Override
|
||||
protected void afterFeaturesReceived() throws SecurityRequiredException, NotConnectedException, InterruptedException {
|
||||
protected void afterFeaturesReceived() throws NotConnectedException, InterruptedException {
|
||||
StartTls startTlsFeature = getFeature(StartTls.ELEMENT, StartTls.NAMESPACE);
|
||||
if (startTlsFeature != null) {
|
||||
if (startTlsFeature.required() && config.getSecurityMode() == SecurityMode.disabled) {
|
||||
|
@ -929,13 +927,6 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
|
|||
sendNonza(new StartTls());
|
||||
}
|
||||
}
|
||||
// If TLS is required but the server doesn't offer it, disconnect
|
||||
// from the server and throw an error. First check if we've already negotiated TLS
|
||||
// and are secure, however (features get parsed a second time after TLS is established).
|
||||
if (!isSecureConnection() && startTlsFeature == null
|
||||
&& getConfiguration().getSecurityMode() == SecurityMode.required) {
|
||||
throw new SecurityRequiredByClientException();
|
||||
}
|
||||
|
||||
if (getSASLAuthentication().authenticationSuccessful()) {
|
||||
// If we have received features after the SASL has been successfully completed, then we
|
||||
|
|
Loading…
Reference in a new issue