refactor swithOverToTls stuff
This commit is contained in:
parent
fb8737ed9f
commit
3c5d7d4f1b
|
@ -505,65 +505,54 @@ public class XmppConnection implements Runnable {
|
||||||
return getPreferences().getBoolean("enable_legacy_ssl", false);
|
return getPreferences().getBoolean("enable_legacy_ssl", false);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void switchOverToTls(final Tag currentTag) throws XmlPullParserException,
|
private void switchOverToTls(final Tag currentTag) throws XmlPullParserException, IOException {
|
||||||
IOException {
|
tagReader.readTag();
|
||||||
tagReader.readTag();
|
try {
|
||||||
try {
|
final SSLContext sc = SSLContext.getInstance("TLS");
|
||||||
final SSLContext sc = SSLContext.getInstance("TLS");
|
sc.init(null,new X509TrustManager[]{this.mXmppConnectionService.getMemorizingTrustManager()},mXmppConnectionService.getRNG());
|
||||||
sc.init(null,
|
final SSLSocketFactory factory = sc.getSocketFactory();
|
||||||
new X509TrustManager[]{this.mXmppConnectionService.getMemorizingTrustManager()},
|
final HostnameVerifier verifier = this.mXmppConnectionService.getMemorizingTrustManager().wrapHostnameVerifier(new StrictHostnameVerifier());
|
||||||
mXmppConnectionService.getRNG());
|
final InetAddress address = socket == null ? null : socket.getInetAddress();
|
||||||
final SSLSocketFactory factory = sc.getSocketFactory();
|
|
||||||
|
|
||||||
if (factory == null) {
|
if (factory == null || address == null || verifier == null) {
|
||||||
throw new IOException("SSLSocketFactory was null");
|
throw new IOException("could not setup ssl");
|
||||||
}
|
}
|
||||||
|
|
||||||
final HostnameVerifier verifier = this.mXmppConnectionService.getMemorizingTrustManager().wrapHostnameVerifier(new StrictHostnameVerifier());
|
final SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,address.getHostAddress(), socket.getPort(),true);
|
||||||
|
|
||||||
if (socket == null || socket.isClosed()) {
|
if (sslSocket == null) {
|
||||||
throw new IOException("socket null or closed");
|
throw new IOException("could not initialize ssl socket");
|
||||||
}
|
}
|
||||||
final InetAddress address = socket.getInetAddress();
|
|
||||||
if (address == null) {
|
|
||||||
throw new IOException("socket address was null");
|
|
||||||
}
|
|
||||||
|
|
||||||
final SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,address.getHostAddress(), socket.getPort(),true);
|
final String[] supportProtocols;
|
||||||
|
if (enableLegacySSL()) {
|
||||||
|
supportProtocols = sslSocket.getSupportedProtocols();
|
||||||
|
} else {
|
||||||
|
final Collection<String> supportedProtocols = new LinkedList<>(
|
||||||
|
Arrays.asList(sslSocket.getSupportedProtocols()));
|
||||||
|
supportedProtocols.remove("SSLv3");
|
||||||
|
supportProtocols = new String[supportedProtocols.size()];
|
||||||
|
supportedProtocols.toArray(supportProtocols);
|
||||||
|
}
|
||||||
|
sslSocket.setEnabledProtocols(supportProtocols);
|
||||||
|
|
||||||
// Support all protocols except legacy SSL.
|
if (!verifier.verify(account.getServer().getDomainpart(),sslSocket.getSession())) {
|
||||||
// The min SDK version prevents us having to worry about SSLv2. In
|
Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
|
||||||
// future, this may be true of SSLv3 as well.
|
disconnect(true);
|
||||||
final String[] supportProtocols;
|
changeStatus(Account.State.SECURITY_ERROR);
|
||||||
if (enableLegacySSL()) {
|
}
|
||||||
supportProtocols = sslSocket.getSupportedProtocols();
|
tagReader.setInputStream(sslSocket.getInputStream());
|
||||||
} else {
|
tagWriter.setOutputStream(sslSocket.getOutputStream());
|
||||||
final Collection<String> supportedProtocols = new LinkedList<>(
|
sendStartStream();
|
||||||
Arrays.asList(sslSocket.getSupportedProtocols()));
|
Log.d(Config.LOGTAG, account.getJid().toBareJid()+ ": TLS connection established");
|
||||||
supportedProtocols.remove("SSLv3");
|
enabledEncryption = true;
|
||||||
supportProtocols = new String[supportedProtocols.size()];
|
processStream(tagReader.readTag());
|
||||||
supportedProtocols.toArray(supportProtocols);
|
sslSocket.close();
|
||||||
}
|
} catch (final NoSuchAlgorithmException | KeyManagementException e1) {
|
||||||
sslSocket.setEnabledProtocols(supportProtocols);
|
Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
|
||||||
|
disconnect(true);
|
||||||
if (verifier != null
|
changeStatus(Account.State.SECURITY_ERROR);
|
||||||
&& !verifier.verify(account.getServer().getDomainpart(),
|
}
|
||||||
sslSocket.getSession())) {
|
|
||||||
Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
|
|
||||||
disconnect(true);
|
|
||||||
changeStatus(Account.State.SECURITY_ERROR);
|
|
||||||
}
|
|
||||||
tagReader.setInputStream(sslSocket.getInputStream());
|
|
||||||
tagWriter.setOutputStream(sslSocket.getOutputStream());
|
|
||||||
sendStartStream();
|
|
||||||
Log.d(Config.LOGTAG, account.getJid().toBareJid()
|
|
||||||
+ ": TLS connection established");
|
|
||||||
enabledEncryption = true;
|
|
||||||
processStream(tagReader.readTag());
|
|
||||||
sslSocket.close();
|
|
||||||
} catch (final NoSuchAlgorithmException | KeyManagementException e1) {
|
|
||||||
e1.printStackTrace();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void processStreamFeatures(final Tag currentTag)
|
private void processStreamFeatures(final Tag currentTag)
|
||||||
|
|
Loading…
Reference in New Issue