mirror of
https://github.com/vanitasvitae/Smack.git
synced 2024-11-25 21:42:07 +01:00
Add support for HostnameVerifier
This commit is contained in:
parent
fe258fe110
commit
d35fd16a21
3 changed files with 55 additions and 0 deletions
|
@ -24,6 +24,7 @@ import org.jivesoftware.smack.util.dns.HostAddress;
|
||||||
import org.jxmpp.util.XmppStringUtils;
|
import org.jxmpp.util.XmppStringUtils;
|
||||||
|
|
||||||
import javax.net.SocketFactory;
|
import javax.net.SocketFactory;
|
||||||
|
import javax.net.ssl.HostnameVerifier;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.security.auth.callback.CallbackHandler;
|
import javax.security.auth.callback.CallbackHandler;
|
||||||
|
|
||||||
|
@ -91,6 +92,8 @@ public class ConnectionConfiguration implements Cloneable {
|
||||||
*/
|
*/
|
||||||
private String[] enabledSSLCiphers;
|
private String[] enabledSSLCiphers;
|
||||||
|
|
||||||
|
private HostnameVerifier hostnameVerifier;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Permanent store for the Roster, needed for roster versioning
|
* Permanent store for the Roster, needed for roster versioning
|
||||||
*/
|
*/
|
||||||
|
@ -358,6 +361,29 @@ public class ConnectionConfiguration implements Cloneable {
|
||||||
return enabledSSLCiphers;
|
return enabledSSLCiphers;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the HostnameVerifier used to verify the hostname of SSLSockets used by XMPP connections
|
||||||
|
* created with this ConnectionConfiguration.
|
||||||
|
*
|
||||||
|
* @param verifier
|
||||||
|
*/
|
||||||
|
public void setHostnameVerifier(HostnameVerifier verifier) {
|
||||||
|
hostnameVerifier = verifier;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the configured HostnameVerifier of this ConnectionConfiguration or the Smack default
|
||||||
|
* HostnameVerifier configured with
|
||||||
|
* {@link SmackConfiguration#setDefaultHostnameVerifier(HostnameVerifier)}.
|
||||||
|
*
|
||||||
|
* @return a configured HostnameVerifier or <code>null</code>
|
||||||
|
*/
|
||||||
|
public HostnameVerifier getHostnameVerifier() {
|
||||||
|
if (hostnameVerifier != null)
|
||||||
|
return hostnameVerifier;
|
||||||
|
return SmackConfiguration.getDefaultHostnameVerifier();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns true if the connection is going to use stream compression. Stream compression
|
* Returns true if the connection is going to use stream compression. Stream compression
|
||||||
* will be requested after TLS was established (if TLS was enabled) and only if the server
|
* will be requested after TLS was established (if TLS was enabled) and only if the server
|
||||||
|
|
|
@ -31,6 +31,8 @@ import java.util.Set;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
|
|
||||||
|
import javax.net.ssl.HostnameVerifier;
|
||||||
|
|
||||||
import org.jivesoftware.smack.compression.Java7ZlibInputOutputStream;
|
import org.jivesoftware.smack.compression.Java7ZlibInputOutputStream;
|
||||||
import org.jivesoftware.smack.compression.XMPPInputOutputStream;
|
import org.jivesoftware.smack.compression.XMPPInputOutputStream;
|
||||||
import org.jivesoftware.smack.initializer.SmackInitializer;
|
import org.jivesoftware.smack.initializer.SmackInitializer;
|
||||||
|
@ -178,6 +180,8 @@ public final class SmackConfiguration {
|
||||||
*/
|
*/
|
||||||
private static ParsingExceptionCallback defaultCallback = new ExceptionThrowingCallback();
|
private static ParsingExceptionCallback defaultCallback = new ExceptionThrowingCallback();
|
||||||
|
|
||||||
|
private static HostnameVerifier defaultHostnameVerififer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the Smack version information, eg "1.3.0".
|
* Returns the Smack version information, eg "1.3.0".
|
||||||
*
|
*
|
||||||
|
@ -319,6 +323,25 @@ public final class SmackConfiguration {
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the default HostnameVerifier that will be used by XMPP connections to verify the hostname
|
||||||
|
* of a TLS certificate. XMPP connections are able to overwrite this settings by supplying a
|
||||||
|
* HostnameVerifier in their ConnecitonConfiguration with
|
||||||
|
* {@link ConnectionConfiguration#setHostnameVerifier(HostnameVerifier)}.
|
||||||
|
*/
|
||||||
|
public static void setDefaultHostnameVerifier(HostnameVerifier verifier) {
|
||||||
|
defaultHostnameVerififer = verifier;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the default HostnameVerifier
|
||||||
|
*
|
||||||
|
* @return the default HostnameVerifier or <code>null</code> if none was set
|
||||||
|
*/
|
||||||
|
static HostnameVerifier getDefaultHostnameVerifier() {
|
||||||
|
return defaultHostnameVerififer;
|
||||||
|
}
|
||||||
|
|
||||||
public static void processConfigFile(InputStream cfgFileStream,
|
public static void processConfigFile(InputStream cfgFileStream,
|
||||||
Collection<Exception> exceptions) throws Exception {
|
Collection<Exception> exceptions) throws Exception {
|
||||||
processConfigFile(cfgFileStream, exceptions, SmackConfiguration.class.getClassLoader());
|
processConfigFile(cfgFileStream, exceptions, SmackConfiguration.class.getClassLoader());
|
||||||
|
|
|
@ -46,6 +46,7 @@ import org.xmlpull.v1.XmlPullParser;
|
||||||
import org.xmlpull.v1.XmlPullParserException;
|
import org.xmlpull.v1.XmlPullParserException;
|
||||||
import org.xmlpull.v1.XmlPullParserFactory;
|
import org.xmlpull.v1.XmlPullParserFactory;
|
||||||
|
|
||||||
|
import javax.net.ssl.HostnameVerifier;
|
||||||
import javax.net.ssl.KeyManager;
|
import javax.net.ssl.KeyManager;
|
||||||
import javax.net.ssl.KeyManagerFactory;
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
|
@ -674,6 +675,11 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
|
||||||
// Proceed to do the handshake
|
// Proceed to do the handshake
|
||||||
sslSocket.startHandshake();
|
sslSocket.startHandshake();
|
||||||
|
|
||||||
|
final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();
|
||||||
|
if (verifier != null && !verifier.verify(getServiceName(), sslSocket.getSession())) {
|
||||||
|
throw new CertificateException("Hostname verification of certificate failed. Certificate does not authenticate " + getServiceName());
|
||||||
|
}
|
||||||
|
|
||||||
//if (((SSLSocket) socket).getWantClientAuth()) {
|
//if (((SSLSocket) socket).getWantClientAuth()) {
|
||||||
// System.err.println("XMPPConnection wants client auth");
|
// System.err.println("XMPPConnection wants client auth");
|
||||||
//}
|
//}
|
||||||
|
|
Loading…
Reference in a new issue