org.jivesoftware.smack.util.TLSUtils Java Examples

The following examples show how to use org.jivesoftware.smack.util.TLSUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: XmppTools.java    From Smack with Apache License 2.0 6 votes vote down vote up
public static boolean createAccount(DomainBareJid xmppDomain, Localpart username, String password)
        throws KeyManagementException, NoSuchAlgorithmException, SmackException, IOException, XMPPException,
        InterruptedException {
    XMPPTCPConnectionConfiguration.Builder configBuilder = XMPPTCPConnectionConfiguration.builder()
            .setXmppDomain(xmppDomain);
    TLSUtils.acceptAllCertificates(configBuilder);
    XMPPTCPConnectionConfiguration config = configBuilder.build();
    XMPPTCPConnection connection = new XMPPTCPConnection(config);
    connection.connect();
    try {
        if (!supportsIbr(connection))
            return false;

        AccountManager accountManager = AccountManager.getInstance(connection);
        accountManager.createAccount(username, password);
        return true;
    } finally {
        connection.disconnect();
    }
}
 
Example #2
Source File: ScramPlusMechanism.java    From Smack with Apache License 2.0 5 votes vote down vote up
@Override
protected byte[] getChannelBindingData() throws SmackSaslException {
    byte[] cbData;
    try {
        cbData = TLSUtils.getChannelBindingTlsServerEndPoint(sslSession);
    }
    catch (SSLPeerUnverifiedException | CertificateEncodingException | NoSuchAlgorithmException e) {
        throw new SmackSaslException(e);
    }
    return cbData;
}
 
Example #3
Source File: XmppTools.java    From Smack with Apache License 2.0 5 votes vote down vote up
public static boolean supportsIbr(DomainBareJid xmppDomain) throws SmackException, IOException, XMPPException,
        InterruptedException, KeyManagementException, NoSuchAlgorithmException {
    XMPPTCPConnectionConfiguration.Builder configBuilder = XMPPTCPConnectionConfiguration.builder()
            .setXmppDomain(xmppDomain);
    TLSUtils.acceptAllCertificates(configBuilder);
    XMPPTCPConnectionConfiguration config = configBuilder.build();
    XMPPTCPConnection connection = new XMPPTCPConnection(config);
    connection.connect();
    try {
        return supportsIbr(connection);
    } finally {
        connection.disconnect();
    }
}
 
Example #4
Source File: XMPPTCPConnection.java    From Smack with Apache License 2.0 4 votes vote down vote up
/**
 * The server has indicated that TLS negotiation can start. We now need to secure the
 * existing plain connection and perform a handshake. This method won't return until the
 * connection has finished the handshake or an error occurred while securing the connection.
 * @throws IOException if an I/O error occurred.
 * @throws SecurityNotPossibleException if TLS is not possible.
 * @throws CertificateException if there is an issue with the certificate.
 */
@SuppressWarnings("LiteralClassName")
private void proceedTLSReceived() throws IOException, SecurityNotPossibleException, CertificateException {
    SmackTlsContext smackTlsContext = getSmackTlsContext();

    Socket plain = socket;
    // Secure the plain connection
    socket = smackTlsContext.sslContext.getSocketFactory().createSocket(plain,
            config.getXMPPServiceDomain().toString(), plain.getPort(), true);

    final SSLSocket sslSocket = (SSLSocket) socket;
    // Immediately set the enabled SSL protocols and ciphers. See SMACK-712 why this is
    // important (at least on certain platforms) and it seems to be a good idea anyways to
    // prevent an accidental implicit handshake.
    TLSUtils.setEnabledProtocolsAndCiphers(sslSocket, config.getEnabledSSLProtocols(), config.getEnabledSSLCiphers());

    // Initialize the reader and writer with the new secured version
    initReaderAndWriter();

    // Proceed to do the handshake
    sslSocket.startHandshake();

    if (smackTlsContext.daneVerifier != null) {
        smackTlsContext.daneVerifier.finish(sslSocket.getSession());
    }

    final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();
    if (verifier == null) {
            throw new IllegalStateException("No HostnameVerifier set. Use connectionConfiguration.setHostnameVerifier() to configure.");
    }

    final String verifierHostname;
    {
        DnsName xmppServiceDomainDnsName = getConfiguration().getXmppServiceDomainAsDnsNameIfPossible();
        // Try to convert the XMPP service domain, which potentially includes Unicode characters, into ASCII
        // Compatible Encoding (ACE) to match RFC3280 dNSname IA5String constraint.
        // See also: https://bugzilla.mozilla.org/show_bug.cgi?id=280839#c1
        if (xmppServiceDomainDnsName != null) {
            verifierHostname = xmppServiceDomainDnsName.ace;
        }
        else {
            LOGGER.log(Level.WARNING, "XMPP service domain name '" + getXMPPServiceDomain()
                            + "' can not be represented as DNS name. TLS X.509 certificate validiation may fail.");
            verifierHostname = getXMPPServiceDomain().toString();
        }
    }

    final boolean verificationSuccessful;
    // Verify the TLS session.
    verificationSuccessful = verifier.verify(verifierHostname, sslSocket.getSession());
    if (!verificationSuccessful) {
        throw new CertificateException(
                        "Hostname verification of certificate failed. Certificate does not authenticate "
                                        + getXMPPServiceDomain());
    }

    // Set that TLS was successful
    secureSocket = sslSocket;
}