1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-25 21:42:07 +01:00

Add support for HostnameVerifier

This commit is contained in:
Florian Schmaus 2014-07-21 18:42:44 +02:00
parent fe258fe110
commit d35fd16a21
3 changed files with 55 additions and 0 deletions

View file

@ -24,6 +24,7 @@ import org.jivesoftware.smack.util.dns.HostAddress;
import org.jxmpp.util.XmppStringUtils; import org.jxmpp.util.XmppStringUtils;
import javax.net.SocketFactory; import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.CallbackHandler;
@ -91,6 +92,8 @@ public class ConnectionConfiguration implements Cloneable {
*/ */
private String[] enabledSSLCiphers; private String[] enabledSSLCiphers;
private HostnameVerifier hostnameVerifier;
/** /**
* Permanent store for the Roster, needed for roster versioning * Permanent store for the Roster, needed for roster versioning
*/ */
@ -358,6 +361,29 @@ public class ConnectionConfiguration implements Cloneable {
return enabledSSLCiphers; return enabledSSLCiphers;
} }
/**
* Set the HostnameVerifier used to verify the hostname of SSLSockets used by XMPP connections
* created with this ConnectionConfiguration.
*
* @param verifier
*/
public void setHostnameVerifier(HostnameVerifier verifier) {
hostnameVerifier = verifier;
}
/**
* Returns the configured HostnameVerifier of this ConnectionConfiguration or the Smack default
* HostnameVerifier configured with
* {@link SmackConfiguration#setDefaultHostnameVerifier(HostnameVerifier)}.
*
* @return a configured HostnameVerifier or <code>null</code>
*/
public HostnameVerifier getHostnameVerifier() {
if (hostnameVerifier != null)
return hostnameVerifier;
return SmackConfiguration.getDefaultHostnameVerifier();
}
/** /**
* Returns true if the connection is going to use stream compression. Stream compression * Returns true if the connection is going to use stream compression. Stream compression
* will be requested after TLS was established (if TLS was enabled) and only if the server * will be requested after TLS was established (if TLS was enabled) and only if the server

View file

@ -31,6 +31,8 @@ import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import org.jivesoftware.smack.compression.Java7ZlibInputOutputStream; import org.jivesoftware.smack.compression.Java7ZlibInputOutputStream;
import org.jivesoftware.smack.compression.XMPPInputOutputStream; import org.jivesoftware.smack.compression.XMPPInputOutputStream;
import org.jivesoftware.smack.initializer.SmackInitializer; import org.jivesoftware.smack.initializer.SmackInitializer;
@ -178,6 +180,8 @@ public final class SmackConfiguration {
*/ */
private static ParsingExceptionCallback defaultCallback = new ExceptionThrowingCallback(); private static ParsingExceptionCallback defaultCallback = new ExceptionThrowingCallback();
private static HostnameVerifier defaultHostnameVerififer;
/** /**
* Returns the Smack version information, eg "1.3.0". * Returns the Smack version information, eg "1.3.0".
* *
@ -319,6 +323,25 @@ public final class SmackConfiguration {
return res; return res;
} }
/**
* Set the default HostnameVerifier that will be used by XMPP connections to verify the hostname
* of a TLS certificate. XMPP connections are able to overwrite this settings by supplying a
* HostnameVerifier in their ConnecitonConfiguration with
* {@link ConnectionConfiguration#setHostnameVerifier(HostnameVerifier)}.
*/
public static void setDefaultHostnameVerifier(HostnameVerifier verifier) {
defaultHostnameVerififer = verifier;
}
/**
* Get the default HostnameVerifier
*
* @return the default HostnameVerifier or <code>null</code> if none was set
*/
static HostnameVerifier getDefaultHostnameVerifier() {
return defaultHostnameVerififer;
}
public static void processConfigFile(InputStream cfgFileStream, public static void processConfigFile(InputStream cfgFileStream,
Collection<Exception> exceptions) throws Exception { Collection<Exception> exceptions) throws Exception {
processConfigFile(cfgFileStream, exceptions, SmackConfiguration.class.getClassLoader()); processConfigFile(cfgFileStream, exceptions, SmackConfiguration.class.getClassLoader());

View file

@ -46,6 +46,7 @@ import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException; import org.xmlpull.v1.XmlPullParserException;
import org.xmlpull.v1.XmlPullParserFactory; import org.xmlpull.v1.XmlPullParserFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
@ -674,6 +675,11 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
// Proceed to do the handshake // Proceed to do the handshake
sslSocket.startHandshake(); sslSocket.startHandshake();
final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();
if (verifier != null && !verifier.verify(getServiceName(), sslSocket.getSession())) {
throw new CertificateException("Hostname verification of certificate failed. Certificate does not authenticate " + getServiceName());
}
//if (((SSLSocket) socket).getWantClientAuth()) { //if (((SSLSocket) socket).getWantClientAuth()) {
// System.err.println("XMPPConnection wants client auth"); // System.err.println("XMPPConnection wants client auth");
//} //}