Merge pull request #668 from SamWhited/auth-pinning

Auth mechanism pinning
This commit is contained in:
Daniel Gultsch 2014-11-15 17:44:51 +01:00
commit 69ab8a2adb
18 changed files with 294 additions and 279 deletions

View File

@ -17,7 +17,13 @@ public class DigestMd5 extends SaslMechanism {
super(tagWriter, account, rng);
}
public static String getMechanism() {
@Override
public int getPriority() {
return 10;
}
@Override
public String getMechanism() {
return "DIGEST-MD5";
}

View File

@ -12,7 +12,13 @@ public class Plain extends SaslMechanism {
super(tagWriter, account, null);
}
public static String getMechanism() {
@Override
public int getPriority() {
return 0;
}
@Override
public String getMechanism() {
return "PLAIN";
}

View File

@ -44,6 +44,15 @@ public abstract class SaslMechanism {
this.rng = rng;
}
/**
* The priority is used to pin the authentication mechanism. If authentication fails, it MAY be retried with another
* mechanism of the same priority, but MUST NOT be tried with a mechanism of lower priority (to prevent downgrade
* attacks).
* @return An arbitrary int representing the priority
*/
public abstract int getPriority();
public abstract String getMechanism();
public String getClientFirstMessage() {
return "";
}

View File

@ -43,7 +43,13 @@ public class ScramSha1 extends SaslMechanism {
clientFirstMessageBare = "";
}
public static String getMechanism() {
@Override
public int getPriority() {
return 20;
}
@Override
public String getMechanism() {
return "SCRAM-SHA-1";
}

View File

@ -34,30 +34,83 @@ public class Account extends AbstractEntity {
public static final String KEYS = "keys";
public static final String AVATAR = "avatar";
public static final String PINNED_MECHANISM_KEY = "pinned_mechanism";
public static final int OPTION_USETLS = 0;
public static final int OPTION_DISABLED = 1;
public static final int OPTION_REGISTER = 2;
public static final int OPTION_USECOMPRESSION = 3;
public static final int STATUS_CONNECTING = 0;
public static final int STATUS_DISABLED = -2;
public static final int STATUS_OFFLINE = -1;
public static final int STATUS_ONLINE = 1;
public static final int STATUS_NO_INTERNET = 2;
public static final int STATUS_UNAUTHORIZED = 3;
public static final int STATUS_SERVER_NOT_FOUND = 5;
public static enum State {
DISABLED,
OFFLINE,
CONNECTING,
ONLINE,
NO_INTERNET,
UNAUTHORIZED(true),
SERVER_NOT_FOUND(true),
REGISTRATION_FAILED(true),
REGISTRATION_CONFLICT(true),
REGISTRATION_SUCCESSFUL,
REGISTRATION_NOT_SUPPORTED(true),
SECURITY_ERROR(true),
INCOMPATIBLE_SERVER(true);
private boolean isError;
public boolean isError() {
return this.isError;
}
private State(final boolean isError) {
this.isError = isError;
}
private State() {
this(false);
}
public int getReadableId() {
switch (this) {
case DISABLED:
return R.string.account_status_disabled;
case ONLINE:
return R.string.account_status_online;
case CONNECTING:
return R.string.account_status_connecting;
case OFFLINE:
return R.string.account_status_offline;
case UNAUTHORIZED:
return R.string.account_status_unauthorized;
case SERVER_NOT_FOUND:
return R.string.account_status_not_found;
case NO_INTERNET:
return R.string.account_status_no_internet;
case REGISTRATION_FAILED:
return R.string.account_status_regis_fail;
case REGISTRATION_CONFLICT:
return R.string.account_status_regis_conflict;
case REGISTRATION_SUCCESSFUL:
return R.string.account_status_regis_success;
case REGISTRATION_NOT_SUPPORTED:
return R.string.account_status_regis_not_sup;
case SECURITY_ERROR:
return R.string.account_status_security_error;
case INCOMPATIBLE_SERVER:
return R.string.account_status_incompatible_server;
default:
return R.string.account_status_unknown;
}
}
}
public static final int STATUS_REGISTRATION_FAILED = 7;
public static final int STATUS_REGISTRATION_CONFLICT = 8;
public static final int STATUS_REGISTRATION_SUCCESSFULL = 9;
public static final int STATUS_REGISTRATION_NOT_SUPPORTED = 10;
public List<Conversation> pendingConferenceJoins = new CopyOnWriteArrayList<>();
public List<Conversation> pendingConferenceLeaves = new CopyOnWriteArrayList<>();
protected Jid jid;
protected String password;
protected int options = 0;
protected String rosterVersion;
protected int status = -1;
protected State status = State.OFFLINE;
protected JSONObject keys = new JSONObject();
protected String avatar;
protected boolean online = false;
@ -149,28 +202,24 @@ public class Account extends AbstractEntity {
this.password = password;
}
public int getStatus() {
public State getStatus() {
if (isOptionSet(OPTION_DISABLED)) {
return STATUS_DISABLED;
return State.DISABLED;
} else {
return this.status;
}
}
public void setStatus(final int status) {
public void setStatus(final State status) {
this.status = status;
}
public boolean errorStatus() {
int s = getStatus();
return (s == STATUS_REGISTRATION_FAILED
|| s == STATUS_REGISTRATION_CONFLICT
|| s == STATUS_REGISTRATION_NOT_SUPPORTED
|| s == STATUS_SERVER_NOT_FOUND || s == STATUS_UNAUTHORIZED);
return getStatus().isError();
}
public boolean hasErrorStatus() {
return getXmppConnection() != null && getStatus() > STATUS_NO_INTERNET && (getXmppConnection().getAttempt() >= 2);
return getXmppConnection() != null && getStatus().isError() && getXmppConnection().getAttempt() >= 2;
}
public String getResource() {
@ -350,36 +399,6 @@ public class Account extends AbstractEntity {
return this.avatar;
}
public int getReadableStatusId() {
switch (getStatus()) {
case Account.STATUS_DISABLED:
return R.string.account_status_disabled;
case Account.STATUS_ONLINE:
return R.string.account_status_online;
case Account.STATUS_CONNECTING:
return R.string.account_status_connecting;
case Account.STATUS_OFFLINE:
return R.string.account_status_offline;
case Account.STATUS_UNAUTHORIZED:
return R.string.account_status_unauthorized;
case Account.STATUS_SERVER_NOT_FOUND:
return R.string.account_status_not_found;
case Account.STATUS_NO_INTERNET:
return R.string.account_status_no_internet;
case Account.STATUS_REGISTRATION_FAILED:
return R.string.account_status_regis_fail;
case Account.STATUS_REGISTRATION_CONFLICT:
return R.string.account_status_regis_conflict;
case Account.STATUS_REGISTRATION_SUCCESSFULL:
return R.string.account_status_regis_success;
case Account.STATUS_REGISTRATION_NOT_SUPPORTED:
return R.string.account_status_regis_not_sup;
default:
return R.string.account_status_unknown;
}
}
public void activateGracePeriod() {
this.mEndGracePeriod = SystemClock.elapsedRealtime()
+ (Config.CARBON_GRACE_PERIOD * 1000);

View File

@ -365,7 +365,7 @@ public class NotificationService {
}
private boolean inMiniGracePeriod(Account account) {
int miniGrace = account.getStatus() == Account.STATUS_ONLINE ? Config.MINI_GRACE_PERIOD
int miniGrace = account.getStatus() == Account.State.ONLINE ? Config.MINI_GRACE_PERIOD
: Config.MINI_GRACE_PERIOD * 2;
return SystemClock.elapsedRealtime() < (this.mLastNotification + miniGrace);
}

View File

@ -156,7 +156,7 @@ public class XmppConnectionService extends Service {
if (mOnAccountUpdate != null) {
mOnAccountUpdate.onAccountUpdate();
}
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
for (Conversation conversation : account.pendingConferenceLeaves) {
leaveMuc(conversation);
}
@ -184,17 +184,17 @@ public class XmppConnectionService extends Service {
}
syncDirtyContacts(account);
scheduleWakeupCall(Config.PING_MAX_INTERVAL, true);
} else if (account.getStatus() == Account.STATUS_OFFLINE) {
} else if (account.getStatus() == Account.State.OFFLINE) {
resetSendingToWaiting(account);
if (!account.isOptionSet(Account.OPTION_DISABLED)) {
int timeToReconnect = mRandom.nextInt(50) + 10;
scheduleWakeupCall(timeToReconnect, false);
}
} else if (account.getStatus() == Account.STATUS_REGISTRATION_SUCCESSFULL) {
} else if (account.getStatus() == Account.State.REGISTRATION_SUCCESSFUL) {
databaseBackend.updateAccount(account);
reconnectAccount(account, true);
} else if ((account.getStatus() != Account.STATUS_CONNECTING)
&& (account.getStatus() != Account.STATUS_NO_INTERNET)) {
} else if ((account.getStatus() != Account.State.CONNECTING)
&& (account.getStatus() != Account.State.NO_INTERNET)) {
if (connection != null) {
int next = connection.getTimeToNextAttempt();
Log.d(Config.LOGTAG, account.getJid().toBareJid()
@ -399,18 +399,18 @@ public class XmppConnectionService extends Service {
for (Account account : accounts) {
if (!account.isOptionSet(Account.OPTION_DISABLED)) {
if (!hasInternetConnection()) {
account.setStatus(Account.STATUS_NO_INTERNET);
account.setStatus(Account.State.NO_INTERNET);
if (statusListener != null) {
statusListener.onStatusChanged(account);
}
} else {
if (account.getStatus() == Account.STATUS_NO_INTERNET) {
account.setStatus(Account.STATUS_OFFLINE);
if (account.getStatus() == Account.State.NO_INTERNET) {
account.setStatus(Account.State.OFFLINE);
if (statusListener != null) {
statusListener.onStatusChanged(account);
}
}
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
long lastReceived = account.getXmppConnection()
.getLastPacketReceived();
long lastSent = account.getXmppConnection()
@ -423,13 +423,13 @@ public class XmppConnectionService extends Service {
account.getXmppConnection().sendPing();
this.scheduleWakeupCall(2, false);
}
} else if (account.getStatus() == Account.STATUS_OFFLINE) {
} else if (account.getStatus() == Account.State.OFFLINE) {
if (account.getXmppConnection() == null) {
account.setXmppConnection(this
.createConnection(account));
}
new Thread(account.getXmppConnection()).start();
} else if ((account.getStatus() == Account.STATUS_CONNECTING)
} else if ((account.getStatus() == Account.State.CONNECTING)
&& ((SystemClock.elapsedRealtime() - account
.getXmppConnection().getLastConnect()) / 1000 >= Config.CONNECT_TIMEOUT)) {
Log.d(Config.LOGTAG, account.getJid()
@ -602,7 +602,7 @@ public class XmppConnectionService extends Service {
MessagePacket packet = null;
boolean saveInDb = true;
boolean send = false;
if (account.getStatus() == Account.STATUS_ONLINE
if (account.getStatus() == Account.State.ONLINE
&& account.getXmppConnection() != null) {
if (message.getType() == Message.TYPE_IMAGE || message.getType() == Message.TYPE_FILE) {
if (message.getCounterpart() != null) {
@ -1034,7 +1034,7 @@ public class XmppConnectionService extends Service {
public void archiveConversation(Conversation conversation) {
if (conversation.getMode() == Conversation.MODE_MULTI) {
if (conversation.getAccount().getStatus() == Account.STATUS_ONLINE) {
if (conversation.getAccount().getStatus() == Account.State.ONLINE) {
Bookmark bookmark = conversation.getBookmark();
if (bookmark != null && bookmark.autojoin()) {
bookmark.setAutojoin(false);
@ -1227,7 +1227,7 @@ public class XmppConnectionService extends Service {
private void switchToForeground() {
for (Account account : getAccounts()) {
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
XmppConnection connection = account.getXmppConnection();
if (connection != null && connection.getFeatures().csi()) {
connection.sendActive();
@ -1239,7 +1239,7 @@ public class XmppConnectionService extends Service {
private void switchToBackground() {
for (Account account : getAccounts()) {
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
XmppConnection connection = account.getXmppConnection();
if (connection != null && connection.getFeatures().csi()) {
connection.sendInactive();
@ -1270,7 +1270,7 @@ public class XmppConnectionService extends Service {
Account account = conversation.getAccount();
account.pendingConferenceJoins.remove(conversation);
account.pendingConferenceLeaves.remove(conversation);
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
Log.d(Config.LOGTAG,
"joining conversation " + conversation.getContactJid());
String nick = conversation.getMucOptions().getProposedNick();
@ -1363,7 +1363,7 @@ public class XmppConnectionService extends Service {
} else {
conversation.setContactJid(options.getJoinJid());
databaseBackend.updateConversation(conversation);
if (conversation.getAccount().getStatus() == Account.STATUS_ONLINE) {
if (conversation.getAccount().getStatus() == Account.State.ONLINE) {
Bookmark bookmark = conversation.getBookmark();
if (bookmark != null) {
bookmark.setNick(nick);
@ -1378,7 +1378,7 @@ public class XmppConnectionService extends Service {
Account account = conversation.getAccount();
account.pendingConferenceJoins.remove(conversation);
account.pendingConferenceLeaves.remove(conversation);
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
PresencePacket packet = new PresencePacket();
packet.setTo(conversation.getMucOptions().getJoinJid());
packet.setFrom(conversation.getAccount().getJid());
@ -1394,8 +1394,8 @@ public class XmppConnectionService extends Service {
}
public void disconnect(Account account, boolean force) {
if ((account.getStatus() == Account.STATUS_ONLINE)
|| (account.getStatus() == Account.STATUS_DISABLED)) {
if ((account.getStatus() == Account.State.ONLINE)
|| (account.getStatus() == Account.State.DISABLED)) {
if (!force) {
List<Conversation> conversations = getConversations();
for (Conversation conversation : conversations) {
@ -1511,7 +1511,7 @@ public class XmppConnectionService extends Service {
contact.resetOption(Contact.Options.DIRTY_DELETE);
contact.setOption(Contact.Options.DIRTY_PUSH);
Account account = contact.getAccount();
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
boolean ask = contact.getOption(Contact.Options.ASKING);
boolean sendUpdates = contact
.getOption(Contact.Options.PENDING_SUBSCRIPTION_REQUEST)
@ -1687,7 +1687,7 @@ public class XmppConnectionService extends Service {
contact.resetOption(Contact.Options.DIRTY_PUSH);
contact.setOption(Contact.Options.DIRTY_DELETE);
Account account = contact.getAccount();
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
IqPacket iq = new IqPacket(IqPacket.TYPE_SET);
Element item = iq.query("jabber:iq:roster").addChild("item");
item.setAttribute("jid", contact.getJid().toString());
@ -1885,7 +1885,7 @@ public class XmppConnectionService extends Service {
}
public void replyWithNotAcceptable(Account account, MessagePacket packet) {
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
MessagePacket error = this.mMessageGenerator
.generateNotAcceptable(packet);
sendMessagePacket(account, error);

View File

@ -130,7 +130,7 @@ public class ChooseContactActivity extends XmppActivity {
protected void filterContacts(String needle) {
this.contacts.clear();
for (Account account : xmppConnectionService.getAccounts()) {
if (account.getStatus() != Account.STATUS_DISABLED) {
if (account.getStatus() != Account.State.DISABLED) {
for (Contact contact : account.getRoster().getContacts()) {
if (contact.showInRoster() && contact.match(needle)) {
this.contacts.add(contact);

View File

@ -266,7 +266,7 @@ public class ContactDetailsActivity extends XmppActivity implements OnAccountUpd
receive.setChecked(false);
}
}
if (contact.getAccount().getStatus() == Account.STATUS_ONLINE) {
if (contact.getAccount().getStatus() == Account.State.ONLINE) {
receive.setEnabled(true);
send.setEnabled(true);
} else {

View File

@ -544,7 +544,7 @@ public class ConversationFragment extends Fragment {
} else if (conversation.getMode() == Conversation.MODE_SINGLE) {
makeFingerprintWarning();
} else if (!conversation.getMucOptions().online()
&& conversation.getAccount().getStatus() == Account.STATUS_ONLINE) {
&& conversation.getAccount().getStatus() == Account.State.ONLINE) {
int error = conversation.getMucOptions().getError();
switch (error) {
case MucOptions.ERROR_NICK_IN_USE:
@ -648,7 +648,7 @@ public class ConversationFragment extends Fragment {
public void updateSendButton() {
Conversation c = this.conversation;
if (activity.useSendButtonToIndicateStatus() && c != null
&& c.getAccount().getStatus() == Account.STATUS_ONLINE) {
&& c.getAccount().getStatus() == Account.State.ONLINE) {
if (c.getMode() == Conversation.MODE_SINGLE) {
switch (c.getContact().getMostAvailableStatus()) {
case Presences.CHAT:

View File

@ -62,7 +62,7 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate
@Override
public void onClick(View v) {
if (mAccount != null
&& mAccount.getStatus() == Account.STATUS_DISABLED) {
&& mAccount.getStatus() == Account.State.DISABLED) {
mAccount.setOption(Account.OPTION_DISABLED, false);
xmppConnectionService.updateAccount(mAccount);
return;
@ -139,13 +139,13 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate
@Override
public void run() {
if (mAccount != null
&& mAccount.getStatus() != Account.STATUS_ONLINE
&& mAccount.getStatus() != Account.State.ONLINE
&& mFetchingAvatar) {
startActivity(new Intent(getApplicationContext(),
ManageAccountActivity.class));
finish();
} else if (jidToEdit == null && mAccount != null
&& mAccount.getStatus() == Account.STATUS_ONLINE) {
&& mAccount.getStatus() == Account.State.ONLINE) {
if (!mFetchingAvatar) {
mFetchingAvatar = true;
xmppConnectionService.checkForAvatar(mAccount,
@ -231,12 +231,12 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate
protected void updateSaveButton() {
if (mAccount != null
&& mAccount.getStatus() == Account.STATUS_CONNECTING) {
&& mAccount.getStatus() == Account.State.CONNECTING) {
this.mSaveButton.setEnabled(false);
this.mSaveButton.setTextColor(getSecondaryTextColor());
this.mSaveButton.setText(R.string.account_status_connecting);
} else if (mAccount != null
&& mAccount.getStatus() == Account.STATUS_DISABLED) {
&& mAccount.getStatus() == Account.State.DISABLED) {
this.mSaveButton.setEnabled(true);
this.mSaveButton.setTextColor(getPrimaryTextColor());
this.mSaveButton.setText(R.string.enable);
@ -245,7 +245,7 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate
this.mSaveButton.setTextColor(getPrimaryTextColor());
if (jidToEdit != null) {
if (mAccount != null
&& mAccount.getStatus() == Account.STATUS_ONLINE) {
&& mAccount.getStatus() == Account.State.ONLINE) {
this.mSaveButton.setText(R.string.save);
if (!accountInfoEdited()) {
this.mSaveButton.setEnabled(false);
@ -379,7 +379,7 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate
this.mRegisterNew.setVisibility(View.GONE);
this.mRegisterNew.setChecked(false);
}
if (this.mAccount.getStatus() == Account.STATUS_ONLINE
if (this.mAccount.getStatus() == Account.State.ONLINE
&& !this.mFetchingAvatar) {
this.mStats.setVisibility(View.VISIBLE);
this.mSessionEst.setText(UIHelper.readableTimeDifference(
@ -428,8 +428,7 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate
}
} else {
if (this.mAccount.errorStatus()) {
this.mAccountJid.setError(getString(this.mAccount
.getReadableStatusId()));
this.mAccountJid.setError(getString(this.mAccount.getStatus().getReadableId()));
this.mAccountJid.requestFocus();
}
this.mStats.setVisibility(View.GONE);

View File

@ -555,7 +555,7 @@ public class StartConversationActivity extends XmppActivity implements OnRosterU
protected void onBackendConnected() {
this.mActivatedAccounts.clear();
for (Account account : xmppConnectionService.getAccounts()) {
if (account.getStatus() != Account.STATUS_DISABLED) {
if (account.getStatus() != Account.State.DISABLED) {
this.mActivatedAccounts.add(account.getJid().toBareJid().toString());
}
}
@ -646,7 +646,7 @@ public class StartConversationActivity extends XmppActivity implements OnRosterU
protected void filterContacts(String needle) {
this.contacts.clear();
for (Account account : xmppConnectionService.getAccounts()) {
if (account.getStatus() != Account.STATUS_DISABLED) {
if (account.getStatus() != Account.State.DISABLED) {
for (Contact contact : account.getRoster().getContacts()) {
if (contact.showInRoster() && contact.match(needle)) {
this.contacts.add(contact);
@ -661,7 +661,7 @@ public class StartConversationActivity extends XmppActivity implements OnRosterU
protected void filterConferences(String needle) {
this.conferences.clear();
for (Account account : xmppConnectionService.getAccounts()) {
if (account.getStatus() != Account.STATUS_DISABLED) {
if (account.getStatus() != Account.State.DISABLED) {
for (Bookmark bookmark : account.getBookmarks()) {
if (bookmark.match(needle)) {
this.conferences.add(bookmark);

View File

@ -143,7 +143,7 @@ public class VerifyOTRActivity extends XmppActivity implements XmppConnectionSer
}
protected boolean isAccountOnline() {
if (this.mAccount.getStatus() != Account.STATUS_ONLINE) {
if (this.mAccount.getStatus() != Account.State.ONLINE) {
Toast.makeText(this,R.string.not_connected_try_again,Toast.LENGTH_SHORT).show();
return false;
} else {

View File

@ -517,7 +517,7 @@ public abstract class XmppActivity extends Activity {
if (presences.size() == 0) {
if (!contact.getOption(Contact.Options.TO)
&& !contact.getOption(Contact.Options.ASKING)
&& contact.getAccount().getStatus() == Account.STATUS_ONLINE) {
&& contact.getAccount().getStatus() == Account.State.ONLINE) {
showAskForPresenceDialog(contact);
} else if (!contact.getOption(Contact.Options.TO)
|| !contact.getOption(Contact.Options.FROM)) {

View File

@ -36,67 +36,19 @@ public class AccountAdapter extends ArrayAdapter<Account> {
ImageView imageView = (ImageView) view.findViewById(R.id.account_image);
imageView.setImageBitmap(activity.avatarService().get(account,
activity.getPixel(48)));
statusView.setText(getContext().getString(account.getStatus().getReadableId()));
switch (account.getStatus()) {
case Account.STATUS_DISABLED:
statusView.setText(getContext().getString(
R.string.account_status_disabled));
statusView.setTextColor(activity.getSecondaryTextColor());
break;
case Account.STATUS_ONLINE:
statusView.setText(getContext().getString(
R.string.account_status_online));
case ONLINE:
statusView.setTextColor(activity.getPrimaryColor());
break;
case Account.STATUS_CONNECTING:
statusView.setText(getContext().getString(
R.string.account_status_connecting));
case DISABLED:
case CONNECTING:
statusView.setTextColor(activity.getSecondaryTextColor());
break;
case Account.STATUS_OFFLINE:
statusView.setText(getContext().getString(
R.string.account_status_offline));
statusView.setTextColor(activity.getWarningTextColor());
break;
case Account.STATUS_UNAUTHORIZED:
statusView.setText(getContext().getString(
R.string.account_status_unauthorized));
statusView.setTextColor(activity.getWarningTextColor());
break;
case Account.STATUS_SERVER_NOT_FOUND:
statusView.setText(getContext().getString(
R.string.account_status_not_found));
statusView.setTextColor(activity.getWarningTextColor());
break;
case Account.STATUS_NO_INTERNET:
statusView.setText(getContext().getString(
R.string.account_status_no_internet));
statusView.setTextColor(activity.getWarningTextColor());
break;
case Account.STATUS_REGISTRATION_FAILED:
statusView.setText(getContext().getString(
R.string.account_status_regis_fail));
statusView.setTextColor(activity.getWarningTextColor());
break;
case Account.STATUS_REGISTRATION_CONFLICT:
statusView.setText(getContext().getString(
R.string.account_status_regis_conflict));
statusView.setTextColor(activity.getWarningTextColor());
break;
case Account.STATUS_REGISTRATION_SUCCESSFULL:
statusView.setText(getContext().getString(
R.string.account_status_regis_success));
statusView.setTextColor(activity.getSecondaryTextColor());
break;
case Account.STATUS_REGISTRATION_NOT_SUPPORTED:
statusView.setText(getContext().getString(
R.string.account_status_regis_not_sup));
statusView.setTextColor(activity.getWarningTextColor());
break;
default:
statusView.setText("");
statusView.setTextColor(activity.getWarningTextColor());
break;
}
return view;
}
}

View File

@ -12,6 +12,8 @@ import android.util.Log;
import android.util.SparseArray;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.json.JSONException;
import org.json.JSONObject;
import org.xmlpull.v1.XmlPullParserException;
import java.io.IOException;
@ -120,15 +122,15 @@ public class XmppConnection implements Runnable {
applicationContext = service.getApplicationContext();
}
protected void changeStatus(int nextStatus) {
protected void changeStatus(final Account.State nextStatus) {
if (account.getStatus() != nextStatus) {
if ((nextStatus == Account.STATUS_OFFLINE)
&& (account.getStatus() != Account.STATUS_CONNECTING)
&& (account.getStatus() != Account.STATUS_ONLINE)
&& (account.getStatus() != Account.STATUS_DISABLED)) {
if ((nextStatus == Account.State.OFFLINE)
&& (account.getStatus() != Account.State.CONNECTING)
&& (account.getStatus() != Account.State.ONLINE)
&& (account.getStatus() != Account.State.DISABLED)) {
return;
}
if (nextStatus == Account.STATUS_ONLINE) {
if (nextStatus == Account.State.ONLINE) {
this.attempt = 0;
}
account.setStatus(nextStatus);
@ -151,12 +153,12 @@ public class XmppConnection implements Runnable {
tagReader = new XmlReader(wakeLock);
tagWriter = new TagWriter();
packetCallbacks.clear();
this.changeStatus(Account.STATUS_CONNECTING);
this.changeStatus(Account.State.CONNECTING);
Bundle result = DNSHelper.getSRVRecord(account.getServer());
ArrayList<Parcelable> values = result.getParcelableArrayList("values");
if ("timeout".equals(result.getString("error"))) {
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString() + ": dns timeout");
this.changeStatus(Account.STATUS_OFFLINE);
this.changeStatus(Account.State.OFFLINE);
return;
} else if (values != null) {
int i = 0;
@ -197,7 +199,7 @@ public class XmppConnection implements Runnable {
}
}
if (socketError) {
this.changeStatus(Account.STATUS_SERVER_NOT_FOUND);
this.changeStatus(Account.State.SERVER_NOT_FOUND);
if (wakeLock.isHeld()) {
try {
wakeLock.release();
@ -212,7 +214,7 @@ public class XmppConnection implements Runnable {
} else {
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString()
+ ": timeout in DNS resolution");
changeStatus(Account.STATUS_OFFLINE);
changeStatus(Account.State.OFFLINE);
return;
}
OutputStream out = socket.getOutputStream();
@ -236,7 +238,7 @@ public class XmppConnection implements Runnable {
socket.close();
}
} catch (UnknownHostException e) {
this.changeStatus(Account.STATUS_SERVER_NOT_FOUND);
this.changeStatus(Account.State.SERVER_NOT_FOUND);
if (wakeLock.isHeld()) {
try {
wakeLock.release();
@ -245,7 +247,7 @@ public class XmppConnection implements Runnable {
}
} catch (final IOException | XmlPullParserException e) {
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString() + ": " + e.getMessage());
this.changeStatus(Account.STATUS_OFFLINE);
this.changeStatus(Account.State.OFFLINE);
if (wakeLock.isHeld()) {
try {
wakeLock.release();
@ -254,7 +256,7 @@ public class XmppConnection implements Runnable {
}
} catch (NoSuchAlgorithmException e) {
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString() + ": " + e.getMessage());
this.changeStatus(Account.STATUS_OFFLINE);
this.changeStatus(Account.State.OFFLINE);
Log.d(Config.LOGTAG, "compression exception " + e.getMessage());
if (wakeLock.isHeld()) {
try {
@ -293,13 +295,15 @@ public class XmppConnection implements Runnable {
Log.e(Config.LOGTAG, String.valueOf(e));
}
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString() + ": logged in");
account.setKey(Account.PINNED_MECHANISM_KEY,
String.valueOf(saslMechanism.getPriority()));
tagReader.reset();
sendStartStream();
processStream(tagReader.readTag());
break;
} else if (nextTag.isStart("failure")) {
tagReader.readElement(nextTag);
changeStatus(Account.STATUS_UNAUTHORIZED);
changeStatus(Account.State.UNAUTHORIZED);
} else if (nextTag.isStart("challenge")) {
final String challenge = tagReader.readElement(nextTag).getContent();
final Element response = new Element("response");
@ -376,7 +380,7 @@ public class XmppConnection implements Runnable {
tagReader.readElement(nextTag);
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString() + ": resumption failed");
streamId = null;
if (account.getStatus() != Account.STATUS_ONLINE) {
if (account.getStatus() != Account.State.ONLINE) {
sendBindRequest();
}
} else if (nextTag.isStart("iq")) {
@ -388,8 +392,8 @@ public class XmppConnection implements Runnable {
}
nextTag = tagReader.readTag();
}
if (account.getStatus() == Account.STATUS_ONLINE) {
account. setStatus(Account.STATUS_OFFLINE);
if (account.getStatus() == Account.State.ONLINE) {
account. setStatus(Account.State.OFFLINE);
if (statusListener != null) {
statusListener.onStatusChanged(account);
}
@ -407,7 +411,7 @@ public class XmppConnection implements Runnable {
public void onIqPacketReceived(Account account, IqPacket packet) {
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString()
+ ": online with resource " + account.getResource());
changeStatus(Account.STATUS_ONLINE);
changeStatus(Account.State.ONLINE);
}
});
}
@ -595,8 +599,9 @@ public class XmppConnection implements Runnable {
if (verifier != null
&& !verifier.verify(account.getServer().getDomainpart(),
sslSocket.getSession())) {
account.setStatus(Account.State.SECURITY_ERROR);
sslSocket.close();
throw new IOException("host mismatch in TLS connection");
throw new IOException("Host mismatch in TLS connection");
}
tagReader.setInputStream(sslSocket.getInputStream());
tagWriter.setOutputStream(sslSocket.getOutputStream());
@ -624,7 +629,7 @@ public class XmppConnection implements Runnable {
sendRegistryRequest();
} else if (!this.streamFeatures.hasChild("register")
&& account.isOptionSet(Account.OPTION_REGISTER)) {
changeStatus(Account.STATUS_REGISTRATION_NOT_SUPPORTED);
changeStatus(Account.State.REGISTRATION_NOT_SUPPORTED);
disconnect(true);
} else if (this.streamFeatures.hasChild("mechanisms")
&& shouldAuthenticate && enabledEncryption) {
@ -632,19 +637,29 @@ public class XmppConnection implements Runnable {
.findChild("mechanisms"));
final Element auth = new Element("auth");
auth.setAttribute("xmlns", "urn:ietf:params:xml:ns:xmpp-sasl");
if (mechanisms.contains(ScramSha1.getMechanism())) {
if (mechanisms.contains("SCRAM-SHA-1")) {
saslMechanism = new ScramSha1(tagWriter, account, mXmppConnectionService.getRNG());
Log.d(Config.LOGTAG, "Authenticating with " + ScramSha1.getMechanism());
auth.setAttribute("mechanism", ScramSha1.getMechanism());
} else if (mechanisms.contains(DigestMd5.getMechanism())) {
Log.d(Config.LOGTAG, "Authenticating with " + DigestMd5.getMechanism());
} else if (mechanisms.contains("DIGEST-MD5")) {
saslMechanism = new DigestMd5(tagWriter, account, mXmppConnectionService.getRNG());
auth.setAttribute("mechanism", DigestMd5.getMechanism());
} else if (mechanisms.contains(Plain.getMechanism())) {
Log.d(Config.LOGTAG, "Authenticating with " + Plain.getMechanism());
} else if (mechanisms.contains("PLAIN")) {
saslMechanism = new Plain(tagWriter, account);
auth.setAttribute("mechanism", Plain.getMechanism());
}
final JSONObject keys = account.getKeys();
try {
if (keys.has(Account.PINNED_MECHANISM_KEY) &&
keys.getInt(Account.PINNED_MECHANISM_KEY) > saslMechanism.getPriority() ) {
Log.e(Config.LOGTAG, "Auth failed. Authentication mechanism " + saslMechanism.getMechanism() +
" has lower priority (" + String.valueOf(saslMechanism.getPriority()) +
") than pinned priority (" + keys.getInt(Account.PINNED_MECHANISM_KEY) +
"). Possible downgrade attack?");
disconnect(true);
account.setStatus(Account.State.SECURITY_ERROR);
}
} catch (final JSONException e) {
Log.d(Config.LOGTAG, "Parse error while checking pinned auth mechanism");
}
Log.d(Config.LOGTAG, "Authenticating with " + saslMechanism.getMechanism());
auth.setAttribute("mechanism", saslMechanism.getMechanism());
if (!saslMechanism.getClientFirstMessage().isEmpty()) {
auth.setContent(saslMechanism.getClientFirstMessage());
}
@ -658,6 +673,7 @@ public class XmppConnection implements Runnable {
} else if (this.streamFeatures.hasChild("bind") && shouldBind) {
sendBindRequest();
} else {
account.setStatus(Account.State.INCOMPATIBLE_SERVER);
Log.d(Config.LOGTAG, account.getJid().toBareJid()
+ ": incompatible server. disconnecting");
disconnect(true);
@ -721,20 +737,20 @@ public class XmppConnection implements Runnable {
if (packet.getType() == IqPacket.TYPE_RESULT) {
account.setOption(Account.OPTION_REGISTER,
false);
changeStatus(Account.STATUS_REGISTRATION_SUCCESSFULL);
changeStatus(Account.State.REGISTRATION_SUCCESSFUL);
} else if (packet.hasChild("error")
&& (packet.findChild("error")
.hasChild("conflict"))) {
changeStatus(Account.STATUS_REGISTRATION_CONFLICT);
changeStatus(Account.State.REGISTRATION_CONFLICT);
} else {
changeStatus(Account.STATUS_REGISTRATION_FAILED);
changeStatus(Account.State.REGISTRATION_FAILED);
Log.d(Config.LOGTAG, packet.toString());
}
disconnect(true);
}
});
} else {
changeStatus(Account.STATUS_REGISTRATION_FAILED);
changeStatus(Account.State.REGISTRATION_FAILED);
disconnect(true);
Log.d(Config.LOGTAG, account.getJid().toBareJid()
+ ": could not register. instructions are"

View File

@ -917,7 +917,7 @@ public class JingleConnection implements Downloadable {
}
public boolean start() {
if (account.getStatus() == Account.STATUS_ONLINE) {
if (account.getStatus() == Account.State.ONLINE) {
if (mJingleStatus == JINGLE_STATUS_INITIATED) {
new Thread(new Runnable() {

View File

@ -141,6 +141,8 @@
<string name="account_status_regis_conflict">Username already in use</string>
<string name="account_status_regis_success">Registration completed</string>
<string name="account_status_regis_not_sup">Server does not support registration</string>
<string name="account_status_security_error">Security error</string>
<string name="account_status_incompatible_server">Incompatible server</string>
<string name="encryption_choice_none">Plain text</string>
<string name="encryption_choice_otr">OTR</string>
<string name="encryption_choice_pgp">OpenPGP</string>