1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-26 14:02:06 +01:00

Compare commits

...

5 commits

Author SHA1 Message Date
Florian Schmaus
f60e4055ec Use ACE representation of XMPP domain on certificate verification
This is based on the patch provided by Georg Lukas, modified to take
XMPP domain names that can not be represented as DNS names into
account. See c42d2eea24 (r269250137)

Fixes SMACK-870.
2019-05-16 14:14:10 +02:00
Florian Schmaus
381190a45c Add ConnectionConfiguration.getXmppServiceDomainAsDnsNameIfPossible()
in preperation of SMACK-870, so that the DNS name can be used for the
certificate verification.
2019-05-16 14:02:28 +02:00
Florian Schmaus
edcde28ecd Set UncaughtExceptionHandler for CACHED_EXECUTOR_SERVICE
In order to avoid uncaught exceptions from terminating the
program (SMACK-896).
2019-05-09 11:04:26 +02:00
Florian Schmaus
7980e2cedb
Merge pull request #318 from vanitasvitae/xhtml_fix
SMACK-868: Fix XHTMLText producing invalid XML
2019-05-06 22:56:01 +02:00
Eng ChongMeng
dd903bec95
SMACK-868: Fix XHTMLText producing invalid XML 2019-05-06 00:39:41 +02:00
4 changed files with 61 additions and 4 deletions

View file

@ -294,6 +294,12 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
Thread thread = new Thread(runnable); Thread thread = new Thread(runnable);
thread.setName("Smack Cached Executor"); thread.setName("Smack Cached Executor");
thread.setDaemon(true); thread.setDaemon(true);
thread.setUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
@Override
public void uncaughtException(Thread t, Throwable e) {
LOGGER.log(Level.WARNING, t + " encountered uncaught exception", e);
}
});
return thread; return thread;
} }
}); });

View file

@ -1,6 +1,6 @@
/** /**
* *
* Copyright 2003-2007 Jive Software, 2017-2018 Florian Schmaus. * Copyright 2003-2007 Jive Software, 2017-2019 Florian Schmaus.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -25,6 +25,8 @@ import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.SocketFactory; import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HostnameVerifier;
@ -46,6 +48,7 @@ import org.jxmpp.jid.impl.JidCreate;
import org.jxmpp.jid.parts.Resourcepart; import org.jxmpp.jid.parts.Resourcepart;
import org.jxmpp.stringprep.XmppStringprepException; import org.jxmpp.stringprep.XmppStringprepException;
import org.minidns.dnsname.DnsName; import org.minidns.dnsname.DnsName;
import org.minidns.dnsname.InvalidDnsNameException;
import org.minidns.util.InetAddressUtil; import org.minidns.util.InetAddressUtil;
/** /**
@ -61,6 +64,8 @@ public abstract class ConnectionConfiguration {
SmackConfiguration.getVersion(); SmackConfiguration.getVersion();
} }
private static final Logger LOGGER = Logger.getLogger(ConnectionConfiguration.class.getName());
/** /**
* The XMPP domain of the XMPP Service. Usually servers use the same service name as the name * The XMPP domain of the XMPP Service. Usually servers use the same service name as the name
* of the server. However, there are some servers like google where host would be * of the server. However, there are some servers like google where host would be
@ -68,6 +73,8 @@ public abstract class ConnectionConfiguration {
*/ */
protected final DomainBareJid xmppServiceDomain; protected final DomainBareJid xmppServiceDomain;
protected final DnsName xmppServiceDomainDnsName;
protected final InetAddress hostAddress; protected final InetAddress hostAddress;
protected final DnsName host; protected final DnsName host;
protected final int port; protected final int port;
@ -140,6 +147,19 @@ public abstract class ConnectionConfiguration {
if (xmppServiceDomain == null) { if (xmppServiceDomain == null) {
throw new IllegalArgumentException("Must define the XMPP domain"); throw new IllegalArgumentException("Must define the XMPP domain");
} }
DnsName xmppServiceDomainDnsName;
try {
xmppServiceDomainDnsName = DnsName.from(xmppServiceDomain);
} catch (InvalidDnsNameException e) {
LOGGER.log(Level.INFO,
"Could not transform XMPP service domain '" + xmppServiceDomain
+ "' to a DNS name. TLS X.509 certificate validiation may not be possible.",
e);
xmppServiceDomainDnsName = null;
}
this.xmppServiceDomainDnsName = xmppServiceDomainDnsName;
hostAddress = builder.hostAddress; hostAddress = builder.hostAddress;
host = builder.host; host = builder.host;
port = builder.port; port = builder.port;
@ -201,6 +221,17 @@ public abstract class ConnectionConfiguration {
return xmppServiceDomain; return xmppServiceDomain;
} }
/**
* Returns the XMPP service domain as DNS name if possible. Note that since not every XMPP address domainpart is a
* valid DNS name, this method may return <code>null</code>.
*
* @return the XMPP service domain as DNS name or <code>null</code>.
* @since 4.3.4
*/
public DnsName getXmppServiceDomainAsDnsNameIfPossible() {
return xmppServiceDomainDnsName;
}
/** /**
* Returns the TLS security mode used when making the connection. By default, * Returns the TLS security mode used when making the connection. By default,
* the mode is {@link SecurityMode#ifpossible}. * the mode is {@link SecurityMode#ifpossible}.

View file

@ -105,7 +105,7 @@ public class XHTMLText {
private XHTMLText appendOpenBodyTag(String style, String lang) { private XHTMLText appendOpenBodyTag(String style, String lang) {
text.halfOpenElement(Message.BODY); text.halfOpenElement(Message.BODY);
text.xmlnsAttribute(NAMESPACE); text.xmlnsAttribute(NAMESPACE);
text.optElement(STYLE, style); text.optAttribute(STYLE, style);
text.xmllangAttribute(lang); text.xmllangAttribute(lang);
text.rightAngleBracket(); text.rightAngleBracket();
return this; return this;

View file

@ -141,6 +141,7 @@ import org.jxmpp.jid.impl.JidCreate;
import org.jxmpp.jid.parts.Resourcepart; import org.jxmpp.jid.parts.Resourcepart;
import org.jxmpp.stringprep.XmppStringprepException; import org.jxmpp.stringprep.XmppStringprepException;
import org.jxmpp.util.XmppStringUtils; import org.jxmpp.util.XmppStringUtils;
import org.minidns.dnsname.DnsName;
import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException; import org.xmlpull.v1.XmlPullParserException;
@ -861,8 +862,27 @@ public class XMPPTCPConnection extends AbstractXMPPConnection {
final HostnameVerifier verifier = getConfiguration().getHostnameVerifier(); final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();
if (verifier == null) { if (verifier == null) {
throw new IllegalStateException("No HostnameVerifier set. Use connectionConfiguration.setHostnameVerifier() to configure."); throw new IllegalStateException("No HostnameVerifier set. Use connectionConfiguration.setHostnameVerifier() to configure.");
} else if (!verifier.verify(getXMPPServiceDomain().toString(), sslSocket.getSession())) { }
throw new CertificateException("Hostname verification of certificate failed. Certificate does not authenticate " + getXMPPServiceDomain());
final String verifierHostname;
{
DnsName xmppServiceDomainDnsName = getConfiguration().getXmppServiceDomainAsDnsNameIfPossible();
// Try to convert the XMPP service domain, which potentially includes Unicode characters, into ASCII
// Compatible Encoding (ACE) to match RFC3280 dNSname IA5String constraint.
// See also: https://bugzilla.mozilla.org/show_bug.cgi?id=280839#c1
if (xmppServiceDomainDnsName != null) {
verifierHostname = xmppServiceDomainDnsName.ace;
}
else {
LOGGER.log(Level.WARNING, "XMPP service domain name '" + getXMPPServiceDomain()
+ "' can not be represented as DNS name. TLS X.509 certificate validiation may fail.");
verifierHostname = getXMPPServiceDomain().toString();
}
}
if (!verifier.verify(verifierHostname, sslSocket.getSession())) {
throw new CertificateException(
"Hostname verification of certificate failed. Certificate does not authenticate "
+ getXMPPServiceDomain());
} }
// Set that TLS was successful // Set that TLS was successful