tls exceptions for untrusted certs
This commit is contained in:
parent
1cf05fccdb
commit
3bb5fcb3ca
|
@ -0,0 +1,32 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
|
||||||
|
android:layout_width="match_parent"
|
||||||
|
android:layout_height="match_parent"
|
||||||
|
android:orientation="vertical"
|
||||||
|
android:padding="8dp">
|
||||||
|
|
||||||
|
<TextView
|
||||||
|
android:id="@+id/hint"
|
||||||
|
android:layout_width="wrap_content"
|
||||||
|
android:layout_height="wrap_content"
|
||||||
|
android:textSize="18sp"/>
|
||||||
|
|
||||||
|
<TextView
|
||||||
|
android:paddingTop="8dp"
|
||||||
|
android:paddingBottom="8dp"
|
||||||
|
android:id="@+id/sha"
|
||||||
|
android:layout_width="wrap_content"
|
||||||
|
android:layout_height="wrap_content"
|
||||||
|
android:typeface="monospace"
|
||||||
|
android:textSize="18sp"/>
|
||||||
|
|
||||||
|
<TextView
|
||||||
|
android:id="@+id/dont"
|
||||||
|
android:layout_width="wrap_content"
|
||||||
|
android:layout_height="wrap_content"
|
||||||
|
android:textColor="#FFe92727"
|
||||||
|
android:textStyle="bold"
|
||||||
|
android:textSize="18sp"
|
||||||
|
android:text="Do not connect unless you know exactly what you are doing" />
|
||||||
|
|
||||||
|
</LinearLayout>
|
|
@ -1,23 +1,28 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<menu xmlns:android="http://schemas.android.com/apk/res/android" >
|
<menu xmlns:android="http://schemas.android.com/apk/res/android" >
|
||||||
<item
|
<item
|
||||||
android:id="@+id/account_delete"
|
android:id="@+id/mgmt_account_edit"
|
||||||
|
android:icon="@drawable/ic_action_edit"
|
||||||
|
android:title="Edit Account"
|
||||||
|
android:showAsAction="always" />
|
||||||
|
<item
|
||||||
|
android:id="@+id/mgmt_account_delete"
|
||||||
android:icon="@drawable/ic_action_delete"
|
android:icon="@drawable/ic_action_delete"
|
||||||
android:title="Delete"
|
android:title="Delete"
|
||||||
android:showAsAction="always"
|
android:showAsAction="always"
|
||||||
/>
|
/>
|
||||||
<item
|
<item
|
||||||
android:id="@+id/account_disable"
|
android:id="@+id/mgmt_account_disable"
|
||||||
android:title="Temporarily disable"
|
android:title="Temporarily disable"
|
||||||
android:showAsAction="always"/>
|
android:showAsAction="never"/>
|
||||||
<item
|
<item
|
||||||
android:id="@+id/account_enable"
|
android:id="@+id/mgmt_account_enable"
|
||||||
android:title="Enable"
|
android:title="Enable"
|
||||||
android:showAsAction="always"
|
android:showAsAction="never"
|
||||||
android:visible="false"/>
|
android:visible="false"/>
|
||||||
|
|
||||||
<item
|
<item
|
||||||
android:id="@+id/announce_pgp"
|
android:id="@+id/mgmt_account_announce_pgp"
|
||||||
android:orderInCategory="75"
|
android:orderInCategory="75"
|
||||||
android:showAsAction="never"
|
android:showAsAction="never"
|
||||||
android:title="@string/announce_pgp" />
|
android:title="@string/announce_pgp" />
|
||||||
|
|
|
@ -138,6 +138,22 @@ public class Account extends AbstractEntity{
|
||||||
return keys;
|
return keys;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getSSLFingerprint() {
|
||||||
|
if (keys.has("ssl_cert")) {
|
||||||
|
try {
|
||||||
|
return keys.getString("ssl_cert");
|
||||||
|
} catch (JSONException e) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setSSLCertFingerprint(String fingerprint) {
|
||||||
|
this.setKey("ssl_cert", fingerprint);
|
||||||
|
}
|
||||||
|
|
||||||
public boolean setKey(String keyName, String keyValue) {
|
public boolean setKey(String keyName, String keyValue) {
|
||||||
try {
|
try {
|
||||||
this.keys.put(keyName, keyValue);
|
this.keys.put(keyName, keyValue);
|
||||||
|
|
|
@ -41,6 +41,7 @@ import eu.siacs.conversations.xmpp.OnIqPacketReceived;
|
||||||
import eu.siacs.conversations.xmpp.OnMessagePacketReceived;
|
import eu.siacs.conversations.xmpp.OnMessagePacketReceived;
|
||||||
import eu.siacs.conversations.xmpp.OnPresencePacketReceived;
|
import eu.siacs.conversations.xmpp.OnPresencePacketReceived;
|
||||||
import eu.siacs.conversations.xmpp.OnStatusChanged;
|
import eu.siacs.conversations.xmpp.OnStatusChanged;
|
||||||
|
import eu.siacs.conversations.xmpp.OnTLSExceptionReceived;
|
||||||
import eu.siacs.conversations.xmpp.PresencePacket;
|
import eu.siacs.conversations.xmpp.PresencePacket;
|
||||||
import eu.siacs.conversations.xmpp.XmppConnection;
|
import eu.siacs.conversations.xmpp.XmppConnection;
|
||||||
import android.app.AlarmManager;
|
import android.app.AlarmManager;
|
||||||
|
@ -76,6 +77,11 @@ public class XmppConnectionService extends Service {
|
||||||
|
|
||||||
public OnConversationListChangedListener convChangedListener = null;
|
public OnConversationListChangedListener convChangedListener = null;
|
||||||
private OnAccountListChangedListener accountChangedListener = null;
|
private OnAccountListChangedListener accountChangedListener = null;
|
||||||
|
private OnTLSExceptionReceived tlsException = null;
|
||||||
|
|
||||||
|
public void setOnTLSExceptionReceivedListener(OnTLSExceptionReceived listener) {
|
||||||
|
tlsException = listener;
|
||||||
|
}
|
||||||
|
|
||||||
private Random mRandom = new Random(System.currentTimeMillis());
|
private Random mRandom = new Random(System.currentTimeMillis());
|
||||||
|
|
||||||
|
@ -169,7 +175,9 @@ public class XmppConnectionService extends Service {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onStatusChanged(Account account) {
|
public void onStatusChanged(Account account) {
|
||||||
|
Log.d(LOGTAG,account.getJid()+" status switched to " + account.getStatus());
|
||||||
if (accountChangedListener != null) {
|
if (accountChangedListener != null) {
|
||||||
|
Log.d(LOGTAG,"notifiy ui");
|
||||||
accountChangedListener.onAccountListChangedListener();
|
accountChangedListener.onAccountListChangedListener();
|
||||||
}
|
}
|
||||||
if (account.getStatus() == Account.STATUS_ONLINE) {
|
if (account.getStatus() == Account.STATUS_ONLINE) {
|
||||||
|
@ -452,6 +460,16 @@ public class XmppConnectionService extends Service {
|
||||||
connection.setOnPresencePacketReceivedListener(this.presenceListener);
|
connection.setOnPresencePacketReceivedListener(this.presenceListener);
|
||||||
connection
|
connection
|
||||||
.setOnUnregisteredIqPacketReceivedListener(this.unknownIqListener);
|
.setOnUnregisteredIqPacketReceivedListener(this.unknownIqListener);
|
||||||
|
connection.setOnTLSExceptionReceivedListener(new OnTLSExceptionReceived() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onTLSExceptionReceived(String fingerprint, Account account) {
|
||||||
|
Log.d(LOGTAG,"tls exception arrived in service");
|
||||||
|
if (tlsException!=null) {
|
||||||
|
tlsException.onTLSExceptionReceived(fingerprint,account);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
return connection;
|
return connection;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -816,16 +834,7 @@ public class XmppConnectionService extends Service {
|
||||||
|
|
||||||
public void updateAccount(Account account) {
|
public void updateAccount(Account account) {
|
||||||
databaseBackend.updateAccount(account);
|
databaseBackend.updateAccount(account);
|
||||||
if (account.getXmppConnection() != null) {
|
reconnectAccount(account);
|
||||||
disconnect(account);
|
|
||||||
}
|
|
||||||
if (!account.isOptionSet(Account.OPTION_DISABLED)) {
|
|
||||||
if (account.getXmppConnection()==null) {
|
|
||||||
account.setXmppConnection(this.createConnection(account));
|
|
||||||
}
|
|
||||||
Thread thread = new Thread(account.getXmppConnection());
|
|
||||||
thread.start();
|
|
||||||
}
|
|
||||||
if (accountChangedListener != null)
|
if (accountChangedListener != null)
|
||||||
accountChangedListener.onAccountListChangedListener();
|
accountChangedListener.onAccountListChangedListener();
|
||||||
}
|
}
|
||||||
|
@ -1097,4 +1106,21 @@ public class XmppConnectionService extends Service {
|
||||||
}
|
}
|
||||||
return contact;
|
return contact;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void removeOnTLSExceptionReceivedListener() {
|
||||||
|
this.tlsException = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void reconnectAccount(Account account) {
|
||||||
|
if (account.getXmppConnection() != null) {
|
||||||
|
disconnect(account);
|
||||||
|
}
|
||||||
|
if (!account.isOptionSet(Account.OPTION_DISABLED)) {
|
||||||
|
if (account.getXmppConnection()==null) {
|
||||||
|
account.setXmppConnection(this.createConnection(account));
|
||||||
|
}
|
||||||
|
Thread thread = new Thread(account.getXmppConnection());
|
||||||
|
thread.start();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -8,6 +8,7 @@ import eu.siacs.conversations.crypto.PgpEngine;
|
||||||
import eu.siacs.conversations.crypto.PgpEngine.UserInputRequiredException;
|
import eu.siacs.conversations.crypto.PgpEngine.UserInputRequiredException;
|
||||||
import eu.siacs.conversations.entities.Account;
|
import eu.siacs.conversations.entities.Account;
|
||||||
import eu.siacs.conversations.ui.EditAccount.EditAccountListener;
|
import eu.siacs.conversations.ui.EditAccount.EditAccountListener;
|
||||||
|
import eu.siacs.conversations.xmpp.OnTLSExceptionReceived;
|
||||||
import android.app.Activity;
|
import android.app.Activity;
|
||||||
import android.app.AlertDialog;
|
import android.app.AlertDialog;
|
||||||
import android.content.Context;
|
import android.content.Context;
|
||||||
|
@ -18,7 +19,6 @@ import android.content.IntentSender.SendIntentException;
|
||||||
import android.os.Bundle;
|
import android.os.Bundle;
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
import android.view.ActionMode;
|
import android.view.ActionMode;
|
||||||
import android.view.ActionMode.Callback;
|
|
||||||
import android.view.LayoutInflater;
|
import android.view.LayoutInflater;
|
||||||
import android.view.Menu;
|
import android.view.Menu;
|
||||||
import android.view.MenuInflater;
|
import android.view.MenuInflater;
|
||||||
|
@ -39,6 +39,7 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
protected boolean isActionMode = false;
|
protected boolean isActionMode = false;
|
||||||
protected ActionMode actionMode;
|
protected ActionMode actionMode;
|
||||||
protected Account selectedAccountForActionMode = null;
|
protected Account selectedAccountForActionMode = null;
|
||||||
|
protected ManageAccountActivity activity = this;
|
||||||
|
|
||||||
protected List<Account> accountList = new ArrayList<Account>();
|
protected List<Account> accountList = new ArrayList<Account>();
|
||||||
protected ListView accountListView;
|
protected ListView accountListView;
|
||||||
|
@ -60,6 +61,45 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
protected OnTLSExceptionReceived tlsExceptionReceived = new OnTLSExceptionReceived() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onTLSExceptionReceived(final String fingerprint, final Account account) {
|
||||||
|
activity.runOnUiThread(new Runnable() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void run() {
|
||||||
|
AlertDialog.Builder builder = new AlertDialog.Builder(activity);
|
||||||
|
builder.setTitle("Untrusted Certificate");
|
||||||
|
builder.setIconAttribute(android.R.attr.alertDialogIcon);
|
||||||
|
View view = (View) getLayoutInflater().inflate(R.layout.cert_warning, null);
|
||||||
|
TextView sha = (TextView) view.findViewById(R.id.sha);
|
||||||
|
TextView hint = (TextView) view.findViewById(R.id.hint);
|
||||||
|
StringBuilder humanReadableSha = new StringBuilder();
|
||||||
|
humanReadableSha.append(fingerprint);
|
||||||
|
for(int i = 2; i < 58; i += 3) {
|
||||||
|
humanReadableSha.insert(i, ":");
|
||||||
|
}
|
||||||
|
hint.setText(account.getServer()+" presented you with an unstrusted, possible self signed, certificate.\nThe SHA1 fingerprint is");
|
||||||
|
sha.setText(humanReadableSha.toString());
|
||||||
|
builder.setView(view);
|
||||||
|
//builder.setMessage(server+" presented you with an unstrusted, possible self signed, certificate. The SHA1 fingerprint is "+fingerprint+" Do not connect unless you know exactly what you are doing");
|
||||||
|
builder.setNegativeButton("Don't connect", null);
|
||||||
|
builder.setPositiveButton("Trust certificate", new OnClickListener() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onClick(DialogInterface dialog, int which) {
|
||||||
|
account.setSSLCertFingerprint(fingerprint);
|
||||||
|
activity.xmppConnectionService.updateAccount(account);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
builder.create().show();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void onCreate(Bundle savedInstanceState) {
|
protected void onCreate(Bundle savedInstanceState) {
|
||||||
|
|
||||||
|
@ -114,6 +154,10 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
statusView.setText("server requires TLS");
|
statusView.setText("server requires TLS");
|
||||||
statusView.setTextColor(0xFFe92727);
|
statusView.setTextColor(0xFFe92727);
|
||||||
break;
|
break;
|
||||||
|
case Account.STATUS_TLS_ERROR:
|
||||||
|
statusView.setText("untrusted cerficate");
|
||||||
|
statusView.setTextColor(0xFFe92727);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -129,16 +173,14 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
public void onItemClick(AdapterView<?> arg0, View view,
|
public void onItemClick(AdapterView<?> arg0, View view,
|
||||||
int position, long arg3) {
|
int position, long arg3) {
|
||||||
if (!isActionMode) {
|
if (!isActionMode) {
|
||||||
EditAccount dialog = new EditAccount();
|
Account account = accountList.get(position);
|
||||||
dialog.setAccount(accountList.get(position));
|
if ((account.getStatus() != Account.STATUS_ONLINE)&&(account.getStatus() != Account.STATUS_CONNECTING)&&(!account.isOptionSet(Account.OPTION_DISABLED))) {
|
||||||
dialog.setEditAccountListener(new EditAccountListener() {
|
activity.xmppConnectionService.reconnectAccount(accountList.get(position));
|
||||||
|
} else if (account.getStatus() == Account.STATUS_ONLINE) {
|
||||||
@Override
|
activity.startActivity(new Intent(activity.getApplicationContext(),NewConversationActivity.class));
|
||||||
public void onAccountEdited(Account account) {
|
|
||||||
xmppConnectionService.updateAccount(account);
|
|
||||||
}
|
}
|
||||||
});
|
|
||||||
dialog.show(getFragmentManager(), "edit_account");
|
Log.d("gultsch","clicked on account "+accountList.get(position).getJid());
|
||||||
} else {
|
} else {
|
||||||
selectedAccountForActionMode = accountList.get(position);
|
selectedAccountForActionMode = accountList.get(position);
|
||||||
actionMode.invalidate();
|
actionMode.invalidate();
|
||||||
|
@ -159,11 +201,11 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
@Override
|
@Override
|
||||||
public boolean onPrepareActionMode(ActionMode mode, Menu menu) {
|
public boolean onPrepareActionMode(ActionMode mode, Menu menu) {
|
||||||
if (selectedAccountForActionMode.isOptionSet(Account.OPTION_DISABLED)) {
|
if (selectedAccountForActionMode.isOptionSet(Account.OPTION_DISABLED)) {
|
||||||
menu.findItem(R.id.account_enable).setVisible(true);
|
menu.findItem(R.id.mgmt_account_enable).setVisible(true);
|
||||||
menu.findItem(R.id.account_disable).setVisible(false);
|
menu.findItem(R.id.mgmt_account_disable).setVisible(false);
|
||||||
} else {
|
} else {
|
||||||
menu.findItem(R.id.account_disable).setVisible(true);
|
menu.findItem(R.id.mgmt_account_disable).setVisible(true);
|
||||||
menu.findItem(R.id.account_enable).setVisible(false);
|
menu.findItem(R.id.mgmt_account_enable).setVisible(false);
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -183,15 +225,27 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean onActionItemClicked(final ActionMode mode, MenuItem item) {
|
public boolean onActionItemClicked(final ActionMode mode, MenuItem item) {
|
||||||
if (item.getItemId()==R.id.account_disable) {
|
if (item.getItemId()==R.id.mgmt_account_edit) {
|
||||||
|
EditAccount dialog = new EditAccount();
|
||||||
|
dialog.setAccount(selectedAccountForActionMode);
|
||||||
|
dialog.setEditAccountListener(new EditAccountListener() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onAccountEdited(Account account) {
|
||||||
|
xmppConnectionService.updateAccount(account);
|
||||||
|
actionMode.finish();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
dialog.show(getFragmentManager(), "edit_account");
|
||||||
|
} else if (item.getItemId()==R.id.mgmt_account_disable) {
|
||||||
selectedAccountForActionMode.setOption(Account.OPTION_DISABLED, true);
|
selectedAccountForActionMode.setOption(Account.OPTION_DISABLED, true);
|
||||||
xmppConnectionService.updateAccount(selectedAccountForActionMode);
|
xmppConnectionService.updateAccount(selectedAccountForActionMode);
|
||||||
mode.finish();
|
mode.finish();
|
||||||
} else if (item.getItemId()==R.id.account_enable) {
|
} else if (item.getItemId()==R.id.mgmt_account_enable) {
|
||||||
selectedAccountForActionMode.setOption(Account.OPTION_DISABLED, false);
|
selectedAccountForActionMode.setOption(Account.OPTION_DISABLED, false);
|
||||||
xmppConnectionService.updateAccount(selectedAccountForActionMode);
|
xmppConnectionService.updateAccount(selectedAccountForActionMode);
|
||||||
mode.finish();
|
mode.finish();
|
||||||
} else if (item.getItemId()==R.id.account_delete) {
|
} else if (item.getItemId()==R.id.mgmt_account_delete) {
|
||||||
AlertDialog.Builder builder = new AlertDialog.Builder(activity);
|
AlertDialog.Builder builder = new AlertDialog.Builder(activity);
|
||||||
builder.setTitle("Are you sure?");
|
builder.setTitle("Are you sure?");
|
||||||
builder.setIconAttribute(android.R.attr.alertDialogIcon);
|
builder.setIconAttribute(android.R.attr.alertDialogIcon);
|
||||||
|
@ -207,7 +261,7 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
});
|
});
|
||||||
builder.setNegativeButton("Cancel",null);
|
builder.setNegativeButton("Cancel",null);
|
||||||
builder.create().show();
|
builder.create().show();
|
||||||
} else if (item.getItemId()==R.id.announce_pgp) {
|
} else if (item.getItemId()==R.id.mgmt_account_announce_pgp) {
|
||||||
if (activity.hasPgp()) {
|
if (activity.hasPgp()) {
|
||||||
mode.finish();
|
mode.finish();
|
||||||
try {
|
try {
|
||||||
|
@ -236,6 +290,7 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
protected void onStop() {
|
protected void onStop() {
|
||||||
if (xmppConnectionServiceBound) {
|
if (xmppConnectionServiceBound) {
|
||||||
xmppConnectionService.removeOnAccountListChangedListener();
|
xmppConnectionService.removeOnAccountListChangedListener();
|
||||||
|
xmppConnectionService.removeOnTLSExceptionReceivedListener();
|
||||||
}
|
}
|
||||||
super.onStop();
|
super.onStop();
|
||||||
}
|
}
|
||||||
|
@ -243,6 +298,7 @@ public class ManageAccountActivity extends XmppActivity {
|
||||||
@Override
|
@Override
|
||||||
void onBackendConnected() {
|
void onBackendConnected() {
|
||||||
xmppConnectionService.setOnAccountListChangedListener(accountChanged);
|
xmppConnectionService.setOnAccountListChangedListener(accountChanged);
|
||||||
|
xmppConnectionService.setOnTLSExceptionReceivedListener(tlsExceptionReceived);
|
||||||
this.accountList.clear();
|
this.accountList.clear();
|
||||||
this.accountList.addAll(xmppConnectionService.getAccounts());
|
this.accountList.addAll(xmppConnectionService.getAccounts());
|
||||||
accountListViewAdapter.notifyDataSetChanged();
|
accountListViewAdapter.notifyDataSetChanged();
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
package eu.siacs.conversations.utils;
|
||||||
|
|
||||||
|
public class CryptoHelper {
|
||||||
|
final protected static char[] hexArray = "0123456789ABCDEF".toCharArray();
|
||||||
|
public static String bytesToHex(byte[] bytes) {
|
||||||
|
char[] hexChars = new char[bytes.length * 2];
|
||||||
|
for ( int j = 0; j < bytes.length; j++ ) {
|
||||||
|
int v = bytes[j] & 0xFF;
|
||||||
|
hexChars[j * 2] = hexArray[v >>> 4];
|
||||||
|
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
|
||||||
|
}
|
||||||
|
return new String(hexChars);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,7 @@
|
||||||
|
package eu.siacs.conversations.xmpp;
|
||||||
|
|
||||||
|
import eu.siacs.conversations.entities.Account;
|
||||||
|
|
||||||
|
public interface OnTLSExceptionReceived {
|
||||||
|
public void onTLSExceptionReceived(String fingerprint, Account account);
|
||||||
|
}
|
|
@ -9,6 +9,7 @@ import java.net.UnknownHostException;
|
||||||
import java.security.KeyManagementException;
|
import java.security.KeyManagementException;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
|
import java.security.MessageDigest;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.security.cert.CertPathValidatorException;
|
import java.security.cert.CertPathValidatorException;
|
||||||
|
@ -33,6 +34,7 @@ import android.os.Bundle;
|
||||||
import android.os.PowerManager;
|
import android.os.PowerManager;
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
import eu.siacs.conversations.entities.Account;
|
import eu.siacs.conversations.entities.Account;
|
||||||
|
import eu.siacs.conversations.utils.CryptoHelper;
|
||||||
import eu.siacs.conversations.utils.DNSHelper;
|
import eu.siacs.conversations.utils.DNSHelper;
|
||||||
import eu.siacs.conversations.utils.SASL;
|
import eu.siacs.conversations.utils.SASL;
|
||||||
import eu.siacs.conversations.xml.Element;
|
import eu.siacs.conversations.xml.Element;
|
||||||
|
@ -71,6 +73,7 @@ public class XmppConnection implements Runnable {
|
||||||
private OnIqPacketReceived unregisteredIqListener = null;
|
private OnIqPacketReceived unregisteredIqListener = null;
|
||||||
private OnMessagePacketReceived messageListener = null;
|
private OnMessagePacketReceived messageListener = null;
|
||||||
private OnStatusChanged statusListener = null;
|
private OnStatusChanged statusListener = null;
|
||||||
|
private OnTLSExceptionReceived tlsListener;
|
||||||
|
|
||||||
public XmppConnection(Account account, PowerManager pm) {
|
public XmppConnection(Account account, PowerManager pm) {
|
||||||
this.account = account;
|
this.account = account;
|
||||||
|
@ -127,7 +130,9 @@ public class XmppConnection implements Runnable {
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
if (account.getStatus() != Account.STATUS_TLS_ERROR) {
|
||||||
this.changeStatus(Account.STATUS_OFFLINE);
|
this.changeStatus(Account.STATUS_OFFLINE);
|
||||||
|
}
|
||||||
if (wakeLock.isHeld()) {
|
if (wakeLock.isHeld()) {
|
||||||
wakeLock.release();
|
wakeLock.release();
|
||||||
}
|
}
|
||||||
|
@ -312,7 +317,26 @@ public class XmppConnection implements Runnable {
|
||||||
try {
|
try {
|
||||||
origTrustmanager.checkServerTrusted(chain, authType);
|
origTrustmanager.checkServerTrusted(chain, authType);
|
||||||
} catch (CertificateException e) {
|
} catch (CertificateException e) {
|
||||||
Log.d(LOGTAG,"cert exeption");
|
if (e.getCause() instanceof CertPathValidatorException) {
|
||||||
|
String sha;
|
||||||
|
try {
|
||||||
|
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
|
||||||
|
sha1.update(chain[0].getEncoded());
|
||||||
|
sha = CryptoHelper.bytesToHex(sha1.digest());
|
||||||
|
if (!sha.equals(account.getSSLFingerprint())) {
|
||||||
|
changeStatus(Account.STATUS_TLS_ERROR);
|
||||||
|
if (tlsListener!=null) {
|
||||||
|
tlsListener.onTLSExceptionReceived(sha,account);
|
||||||
|
}
|
||||||
|
throw new CertificateException();
|
||||||
|
}
|
||||||
|
} catch (NoSuchAlgorithmException e1) {
|
||||||
|
// TODO Auto-generated catch block
|
||||||
|
e1.printStackTrace();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
throw new CertificateException();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -529,6 +553,10 @@ public class XmppConnection implements Runnable {
|
||||||
this.statusListener = listener;
|
this.statusListener = listener;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setOnTLSExceptionReceivedListener(OnTLSExceptionReceived listener) {
|
||||||
|
this.tlsListener = listener;
|
||||||
|
}
|
||||||
|
|
||||||
public void disconnect() {
|
public void disconnect() {
|
||||||
shouldConnect = false;
|
shouldConnect = false;
|
||||||
tagWriter.writeTag(Tag.end("stream:stream"));
|
tagWriter.writeTag(Tag.end("stream:stream"));
|
||||||
|
|
Loading…
Reference in New Issue