smack-android-extensions/build.gradle

@@ -6,7 +6,4 @@ Extra Smack extensions for Android."""
 dependencies {
 	compile project(':smack-android')
 	compile project(':smack-extensions')
-
-	// Add the Android jar to the Eclipse .classpath.
-	compileClasspath files(androidBootClasspath)
 }

smack-android/build.gradle

@@ -24,5 +24,5 @@ dependencies {
 	}
 
 	// Add the Android jar to the Eclipse .classpath.
-	compileClasspath files(androidBootClasspath)
+	compileOnly files(androidBootClasspath)
 }

smack-core/build.gradle

@@ -24,7 +24,6 @@ dependencies {
 	testCompile "org.assertj:assertj-core:3.11.1"
 	testCompile "org.xmlunit:xmlunit-assertj:$xmlUnitVersion"
 	testCompile 'com.jamesmurty.utils:java-xmlbuilder:1.2'
-	testCompile 'org.bouncycastle:bcprov-jdk15on:1.64'
 }
 
 class CreateFileTask extends DefaultTask {

smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java

@@ -135,7 +135,6 @@ import org.jivesoftware.smack.util.PacketParserUtils;
 import org.jivesoftware.smack.util.ParserUtils;
 import org.jivesoftware.smack.util.Predicate;
 import org.jivesoftware.smack.util.StringUtils;
-import org.jivesoftware.smack.util.TLSUtils;
 import org.jivesoftware.smack.util.dns.HostAddress;
 import org.jivesoftware.smack.util.dns.SmackDaneProvider;
 import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
@@ -2304,28 +2303,7 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
                         ks = null;
                     }
                 } else {
-                    InputStream stream = TLSUtils.getDefaultTruststoreStreamIfPossible();
+                    ks.load(null, null);
-                    try {
-                        // Note that PKCS12 keystores need a password one some Java platforms. Hence we try the famous
-                        // 'changeit' here. See https://bugs.openjdk.java.net/browse/JDK-8194702
-                        char[] password = "changeit".toCharArray();
-                        try {
-                            ks.load(stream, password);
-                        } finally {
-                            stream.close();
-                        }
-                    } catch (IOException e) {
-                        LOGGER.log(Level.FINE, "KeyStore load() threw, attempting 'jks' fallback", e);
-
-                        ks = KeyStore.getInstance("jks");
-                        // Open the stream again, so that we read it from the beginning.
-                        stream = TLSUtils.getDefaultTruststoreStreamIfPossible();
-                        try {
-                            ks.load(stream, null);
-                        } finally {
-                            stream.close();
-                        }
-                    }
                 }
             }
 
@@ -2362,16 +2340,16 @@ public abstract class AbstractXMPPConnection implements XMPPConnection {
             context = SSLContext.getInstance("TLS");
 
             final SecureRandom secureRandom = new java.security.SecureRandom();
-            X509TrustManager trustManager = config.getCustomX509TrustManager();
+            X509TrustManager customTrustManager = config.getCustomX509TrustManager();
-            if (trustManager == null) {
-                trustManager = TLSUtils.getDefaultX509TrustManager(ks);
-            }
 
             if (daneVerifier != null) {
                 // User requested DANE verification.
-                daneVerifier.init(context, kms, trustManager, secureRandom);
+                daneVerifier.init(context, kms, customTrustManager, secureRandom);
             } else {
-                TrustManager[] customTrustManagers = new TrustManager[] { trustManager };
+                TrustManager[] customTrustManagers = null;
+                if (customTrustManager != null) {
+                    customTrustManagers = new TrustManager[] { customTrustManager };
+                }
                 context.init(kms, customTrustManagers, secureRandom);
             }
         }

smack-core/src/main/java/org/jivesoftware/smack/packet/StanzaBuilder.java

@@ -162,14 +162,6 @@ public abstract class StanzaBuilder<B extends StanzaBuilder<B>> implements Stanz
         return getThis();
     }
 
-    public final B addOptExtensions(Collection<? extends ExtensionElement> extensionElements) {
-        if (extensionElements == null) {
-            return getThis();
-        }
-
-        return addExtensions(extensionElements);
-    }
-
     public final B addExtensions(Collection<? extends ExtensionElement> extensionElements) {
         for (ExtensionElement extensionElement : extensionElements) {
             addExtension(extensionElement);

smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2014-2020 Florian Schmaus
+ * Copyright 2014-2016 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,15 +16,7 @@
  */
 package org.jivesoftware.smack.util;
 
-import java.io.DataInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
 import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
@@ -35,8 +27,6 @@ import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
@@ -44,7 +34,6 @@ import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
 
 import org.jivesoftware.smack.ConnectionConfiguration;
@@ -53,8 +42,6 @@ import org.jivesoftware.smack.SmackException.SecurityNotPossibleException;
 
 public class TLSUtils {
 
-    private static final Logger LOGGER = Logger.getLogger(TLSUtils.class.getName());
-
     public static final String SSL = "SSL";
     public static final String TLS = "TLS";
     public static final String PROTO_SSL3 = SSL + "v3";
@@ -253,86 +240,4 @@ public class TLSUtils {
             return new X509Certificate[0];
         }
     }
-
-    public static X509TrustManager getDefaultX509TrustManager(KeyStore keyStore) {
-        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
-        TrustManagerFactory trustManagerFactory;
-        try {
-            trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
-            trustManagerFactory.init(keyStore);
-        } catch (NoSuchAlgorithmException | KeyStoreException e) {
-            throw new AssertionError(e);
-        }
-
-        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
-            if (trustManager instanceof X509TrustManager) {
-                return (X509TrustManager) trustManager;
-            }
-        }
-        throw new AssertionError("No trust manager for the default algorithm " + defaultAlgorithm + " found");
-    }
-
-    private static final File DEFAULT_TRUSTSTORE_PATH;
-
-    static {
-        String javaHome = System.getProperty("java.home");
-        String defaultTruststorePath = javaHome + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts";
-        DEFAULT_TRUSTSTORE_PATH = new File(defaultTruststorePath);
-    }
-
-    public static FileInputStream getDefaultTruststoreStreamIfPossible() {
-        try {
-            return new FileInputStream(DEFAULT_TRUSTSTORE_PATH);
-        } catch (FileNotFoundException e) {
-            LOGGER.log(Level.WARNING, "Could not open default truststore at " + DEFAULT_TRUSTSTORE_PATH, e);
-            return null;
-        }
-    }
-
-    enum DefaultTrustStoreType {
-        jks,
-        unknown,
-        no_default,
-    }
-
-    private static final int JKS_MAGIC = 0xfeedfeed;
-    private static final int JKS_VERSION_1 = 1;
-    private static final int JKS_VERSION_2 = 2;
-
-    public static DefaultTrustStoreType getDefaultTruststoreType() throws IOException {
-        try (InputStream inputStream = getDefaultTruststoreStreamIfPossible()) {
-            if (inputStream == null) {
-                return DefaultTrustStoreType.no_default;
-            }
-
-            DataInputStream dis = new DataInputStream(inputStream);
-            int magic = dis.readInt();
-            int version = dis.readInt();
-
-            if (magic == JKS_MAGIC && (version == JKS_VERSION_1 || version == JKS_VERSION_2)) {
-                return DefaultTrustStoreType.jks;
-            }
-        }
-
-        return DefaultTrustStoreType.unknown;
-    }
-
-    /**
-     * Tries to determine if the default truststore type is of type jks and sets the javax.net.ssl.trustStoreType system
-     * property to 'JKS' if so. This is meant as workaround in situations where the default truststore type is (still)
-     * 'jks' but we run on a newer JRE/JDK which uses PKCS#12 as type. See for example <a href="https://bugs.gentoo.org/712290">Gentoo bug #712290</a>.
-     */
-    public static void setDefaultTrustStoreTypeToJksIfRequired() {
-        DefaultTrustStoreType defaultTrustStoreType;
-        try {
-            defaultTrustStoreType = getDefaultTruststoreType();
-        } catch (IOException e) {
-            LOGGER.log(Level.WARNING, "Could not set keystore type to jks if required", e);
-            return;
-        }
-
-        if (defaultTrustStoreType == DefaultTrustStoreType.jks) {
-            System.setProperty("javax.net.ssl.trustStoreType", "JKS");
-        }
-    }
 }

smack-core/src/test/java/org/jivesoftware/smack/test/util/SmackTestSuite.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright © 2014-2020 Florian Schmaus
+ * Copyright © 2014-2019 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,11 @@
  */
 package org.jivesoftware.smack.test.util;
 
-import java.security.Security;
 import java.util.Base64;
 
 import org.jivesoftware.smack.SmackConfiguration;
 import org.jivesoftware.smack.util.stringencoder.Base64.Encoder;
 
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
 /**
  * The SmackTestSuite takes care of initializing Smack for the unit tests. For example the Base64
  * encoder is configured.
@@ -55,7 +52,5 @@ public class SmackTestSuite {
             }
 
         });
-
-        Security.addProvider(new BouncyCastleProvider());
     }
 }

smack-experimental/build.gradle

@@ -10,5 +10,6 @@ dependencies {
 	testCompile project(path: ":smack-core", configuration: "testRuntime")
 	testCompile project(path: ":smack-extensions", configuration: "testRuntime")
 
+	compile "org.bouncycastle:bcprov-jdk15on:$bouncyCastleVersion"
 	compile "org.hsluv:hsluv:0.2"
 }

smack-experimental/src/main/java/org/jivesoftware/smackx/hashes/HashManager.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright © 2017 Paul Schaub, 2019-2020 Florian Schmaus
+ * Copyright © 2017 Paul Schaub, 2019 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,10 +42,13 @@ import java.util.WeakHashMap;
 
 import org.jivesoftware.smack.Manager;
 import org.jivesoftware.smack.XMPPConnection;
+import org.jivesoftware.smack.util.SecurityUtil;
 
 import org.jivesoftware.smackx.disco.ServiceDiscoveryManager;
 import org.jivesoftware.smackx.hashes.element.HashElement;
 
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 /**
  * Manager that can be used to determine support for hash functions. By default the Manager announces support for
  * XEP-0300, as well as for the recommended set of hash algorithms. Those contain SHA256, SHA384, SHA512, SHA3-256,
@@ -54,6 +57,12 @@ import org.jivesoftware.smackx.hashes.element.HashElement;
  */
 public final class HashManager extends Manager {
 
+    static {
+        // Remove any BC providers and add a fresh one.
+        // This is done, since older Android versions ship with a crippled BC provider.
+        SecurityUtil.ensureProviderAtFirstPosition(BouncyCastleProvider.class);
+    }
+
     public static final String PREFIX_NS_ALGO = "urn:xmpp:hash-function-text-names:";
 
     public enum NAMESPACE {

smack-experimental/src/test/java/org/jivesoftware/smackx/hashes/HashTest.java

@@ -18,12 +18,9 @@ package org.jivesoftware.smackx.hashes;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
-import java.security.Security;
-
 import org.jivesoftware.smack.test.util.SmackTestSuite;
 import org.jivesoftware.smack.util.StringUtils;
 
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.junit.jupiter.api.Test;
 
 /**
@@ -33,10 +30,6 @@ import org.junit.jupiter.api.Test;
  */
 public class HashTest extends SmackTestSuite {
 
-    static {
-        Security.addProvider(new BouncyCastleProvider());
-    }
-
     private static final String testString =     "Hello World!";
     private static final String md5sum =         "ed076287532e86365e841e92bfc50d8c";
     private static final String sha1sum =        "2ef7bde608ce5404e97d5f042f95f89f1c232871";

smack-extensions/src/main/java/org/jivesoftware/smackx/disco/DiscoInfoLookupShortcutMechanism.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2018-2020 Florian Schmaus.
+ * Copyright 2018 Florian Schmaus.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@ public abstract class DiscoInfoLookupShortcutMechanism implements Comparable<Dis
 
     @Override
     public final int compareTo(DiscoInfoLookupShortcutMechanism other) {
-        int ourPriority = getPriority();
+        Integer ourPriority = getPriority();
         return Integer.compare(ourPriority, other.getPriority());
     }
 }

smack-extensions/src/main/java/org/jivesoftware/smackx/disco/ServiceDiscoveryManager.java

@@ -178,7 +178,7 @@ public final class ServiceDiscoveryManager extends Manager {
                         // Add node identities
                         responseBuilder.addIdentities(nodeInformationProvider.getNodeIdentities());
                         // Add packet extensions
-                        responseBuilder.addOptExtensions(nodeInformationProvider.getNodePacketExtensions());
+                        responseBuilder.addExtensions(nodeInformationProvider.getNodePacketExtensions());
                     } else {
                         // Return <item-not-found/> error since specified node was not found
                         responseBuilder.ofType(IQ.Type.error);

smack-integration-test/src/main/java/org/igniterealtime/smack/inttest/SmackIntegrationTestFramework.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2015-2020 Florian Schmaus
+ * Copyright 2015-2019 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -56,7 +56,6 @@ import org.jivesoftware.smack.XMPPException;
 import org.jivesoftware.smack.tcp.XMPPTCPConnection;
 import org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration;
 import org.jivesoftware.smack.util.StringUtils;
-import org.jivesoftware.smack.util.TLSUtils;
 
 import org.jivesoftware.smackx.debugger.EnhancedDebuggerWindow;
 import org.jivesoftware.smackx.iqregister.AccountManager;
@@ -72,10 +71,6 @@ import org.reflections.scanners.TypeAnnotationsScanner;
 
 public class SmackIntegrationTestFramework<DC extends AbstractXMPPConnection> {
 
-    static {
-        TLSUtils.setDefaultTrustStoreTypeToJksIfRequired();
-    }
-
     private static final Logger LOGGER = Logger.getLogger(SmackIntegrationTestFramework.class.getName());
 
     public static boolean SINTTEST_UNIT_TEST = false;

smack-omemo-signal/build.gradle

@@ -1,6 +1,5 @@
-description="""
+apply plugin: 'checkstyle'
-Smack API for XEP-0384: OMEMO Encryption using libsignal
+apply plugin: 'maven'
-"""
 
 dependencies {
 	compile project(":smack-im")

smack-omemo/build.gradle

@@ -1,11 +1,9 @@
-description="""
-Smack API for XEP-0384: OMEMO Encryption
-"""
-
 dependencies {
 	compile project(":smack-im")
 	compile project(":smack-extensions")
 	compile project(":smack-experimental")
 
+	compile "org.bouncycastle:bcprov-jdk15on:$bouncyCastleVersion"
+
 	testCompile project(path: ":smack-core", configuration: "testRuntime")
 }

smack-omemo/src/main/java/org/jivesoftware/smackx/omemo/OmemoInitializer.java

@@ -17,6 +17,9 @@
 package org.jivesoftware.smackx.omemo;
 
 import org.jivesoftware.smack.initializer.UrlInitializer;
+import org.jivesoftware.smack.util.SecurityUtil;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 /**
  * Initializer class that registers omemo providers.
@@ -26,6 +29,12 @@ import org.jivesoftware.smack.initializer.UrlInitializer;
 @SuppressWarnings("unused")
 public class OmemoInitializer extends UrlInitializer {
 
+    static {
+        // Remove any BC providers and add a fresh one.
+        // This is done, since older Android versions ship with a crippled BC provider.
+        SecurityUtil.ensureProviderAtFirstPosition(BouncyCastleProvider.class);
+    }
+
     @Override
     protected String getProvidersUri() {
         return "classpath:org.jivesoftware.smackx.omemo/omemo.providers";

smack-omemo/src/test/java/org/jivesoftware/smackx/omemo/WrapperObjectsTest.java

@@ -27,6 +27,7 @@ import static org.junit.Assert.assertNotNull;
 import java.security.NoSuchAlgorithmException;
 
 import org.jivesoftware.smack.test.util.SmackTestSuite;
+
 import org.jivesoftware.smackx.omemo.element.OmemoElement;
 import org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException;
 import org.jivesoftware.smackx.omemo.internal.CipherAndAuthTag;

smack-openpgp/build.gradle

@@ -1,6 +1,10 @@
 description = """\
 Smack API for XEP-0373: OpenPGP for XMPP."""
 
+repositories {
+	mavenCentral()
+}
+
 // Note that the test dependencies (junit, …) are inferred from the
 // sourceSet.test of the core subproject
 dependencies {

version.gradle

@@ -10,6 +10,7 @@ allprojects {
 		// - https://issues.igniterealtime.org/browse/SMACK-858
 		jxmppVersion = '0.7.0-alpha5'
 		miniDnsVersion = '0.4.0-alpha3'
+		bouncyCastleVersion = '1.62'
 		smackMinAndroidSdk = 19
 	}
 }