refactor swithOverToTls stuff

This commit is contained in:
Daniel Gultsch 2014-12-30 01:17:11 +01:00
parent fb8737ed9f
commit 3c5d7d4f1b
1 changed files with 43 additions and 54 deletions

View File

@ -505,65 +505,54 @@ public class XmppConnection implements Runnable {
return getPreferences().getBoolean("enable_legacy_ssl", false); return getPreferences().getBoolean("enable_legacy_ssl", false);
} }
private void switchOverToTls(final Tag currentTag) throws XmlPullParserException, private void switchOverToTls(final Tag currentTag) throws XmlPullParserException, IOException {
IOException { tagReader.readTag();
tagReader.readTag(); try {
try { final SSLContext sc = SSLContext.getInstance("TLS");
final SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null,new X509TrustManager[]{this.mXmppConnectionService.getMemorizingTrustManager()},mXmppConnectionService.getRNG());
sc.init(null, final SSLSocketFactory factory = sc.getSocketFactory();
new X509TrustManager[]{this.mXmppConnectionService.getMemorizingTrustManager()}, final HostnameVerifier verifier = this.mXmppConnectionService.getMemorizingTrustManager().wrapHostnameVerifier(new StrictHostnameVerifier());
mXmppConnectionService.getRNG()); final InetAddress address = socket == null ? null : socket.getInetAddress();
final SSLSocketFactory factory = sc.getSocketFactory();
if (factory == null) { if (factory == null || address == null || verifier == null) {
throw new IOException("SSLSocketFactory was null"); throw new IOException("could not setup ssl");
} }
final HostnameVerifier verifier = this.mXmppConnectionService.getMemorizingTrustManager().wrapHostnameVerifier(new StrictHostnameVerifier()); final SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,address.getHostAddress(), socket.getPort(),true);
if (socket == null || socket.isClosed()) { if (sslSocket == null) {
throw new IOException("socket null or closed"); throw new IOException("could not initialize ssl socket");
} }
final InetAddress address = socket.getInetAddress();
if (address == null) {
throw new IOException("socket address was null");
}
final SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,address.getHostAddress(), socket.getPort(),true); final String[] supportProtocols;
if (enableLegacySSL()) {
supportProtocols = sslSocket.getSupportedProtocols();
} else {
final Collection<String> supportedProtocols = new LinkedList<>(
Arrays.asList(sslSocket.getSupportedProtocols()));
supportedProtocols.remove("SSLv3");
supportProtocols = new String[supportedProtocols.size()];
supportedProtocols.toArray(supportProtocols);
}
sslSocket.setEnabledProtocols(supportProtocols);
// Support all protocols except legacy SSL. if (!verifier.verify(account.getServer().getDomainpart(),sslSocket.getSession())) {
// The min SDK version prevents us having to worry about SSLv2. In Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
// future, this may be true of SSLv3 as well. disconnect(true);
final String[] supportProtocols; changeStatus(Account.State.SECURITY_ERROR);
if (enableLegacySSL()) { }
supportProtocols = sslSocket.getSupportedProtocols(); tagReader.setInputStream(sslSocket.getInputStream());
} else { tagWriter.setOutputStream(sslSocket.getOutputStream());
final Collection<String> supportedProtocols = new LinkedList<>( sendStartStream();
Arrays.asList(sslSocket.getSupportedProtocols())); Log.d(Config.LOGTAG, account.getJid().toBareJid()+ ": TLS connection established");
supportedProtocols.remove("SSLv3"); enabledEncryption = true;
supportProtocols = new String[supportedProtocols.size()]; processStream(tagReader.readTag());
supportedProtocols.toArray(supportProtocols); sslSocket.close();
} } catch (final NoSuchAlgorithmException | KeyManagementException e1) {
sslSocket.setEnabledProtocols(supportProtocols); Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
disconnect(true);
if (verifier != null changeStatus(Account.State.SECURITY_ERROR);
&& !verifier.verify(account.getServer().getDomainpart(), }
sslSocket.getSession())) {
Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
disconnect(true);
changeStatus(Account.State.SECURITY_ERROR);
}
tagReader.setInputStream(sslSocket.getInputStream());
tagWriter.setOutputStream(sslSocket.getOutputStream());
sendStartStream();
Log.d(Config.LOGTAG, account.getJid().toBareJid()
+ ": TLS connection established");
enabledEncryption = true;
processStream(tagReader.readTag());
sslSocket.close();
} catch (final NoSuchAlgorithmException | KeyManagementException e1) {
e1.printStackTrace();
}
} }
private void processStreamFeatures(final Tag currentTag) private void processStreamFeatures(final Tag currentTag)