diff options
Diffstat (limited to 'src/com/isode/stroke/tls')
-rw-r--r-- | src/com/isode/stroke/tls/BlindCertificateTrustChecker.java | 30 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/Certificate.java | 5 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/CertificateVerificationError.java | 11 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/ServerIdentityVerifier.java | 15 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/SimpleCertificate.java | 78 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/TLSContext.java | 3 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/TLSContextFactory.java | 4 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/TLSError.java | 36 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/TLSOptions.java | 25 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/java/JSSEContext.java | 7 | ||||
-rw-r--r-- | src/com/isode/stroke/tls/java/JSSEContextFactory.java | 3 |
11 files changed, 205 insertions, 12 deletions
diff --git a/src/com/isode/stroke/tls/BlindCertificateTrustChecker.java b/src/com/isode/stroke/tls/BlindCertificateTrustChecker.java new file mode 100644 index 0000000..46866f2 --- /dev/null +++ b/src/com/isode/stroke/tls/BlindCertificateTrustChecker.java @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2010-2015 Isode Limited. + * All rights reserved. + * See the COPYING file for more information. + */ +/* + * Copyright (c) 2015 Tarun Gupta. + * Licensed under the simplified BSD license. + * See Documentation/Licenses/BSD-simplified.txt for more information. + */ + +package com.isode.stroke.tls; + +import com.isode.stroke.tls.CertificateTrustChecker; +import java.util.List; + +/** + * A certificate trust checker that trusts any ceritficate. + * + * This can be used to ignore any TLS certificate errors occurring + * during connection. + * + * @link Client#setAlwaysTrustCertificates() + */ +public class BlindCertificateTrustChecker implements CertificateTrustChecker { + + public boolean isCertificateTrusted(final List<Certificate> certificate) { + return true; + } +}
\ No newline at end of file diff --git a/src/com/isode/stroke/tls/Certificate.java b/src/com/isode/stroke/tls/Certificate.java index de23f94..fdd64c0 100644 --- a/src/com/isode/stroke/tls/Certificate.java +++ b/src/com/isode/stroke/tls/Certificate.java @@ -9,6 +9,7 @@ package com.isode.stroke.tls; import com.isode.stroke.base.ByteArray; +import com.isode.stroke.crypto.CryptoProvider; import com.isode.stroke.stringcodecs.Hexify; import com.isode.stroke.stringcodecs.SHA1; import java.util.List; @@ -31,8 +32,8 @@ public abstract class Certificate { public abstract ByteArray toDER(); - public String getSHA1Fingerprint() { - ByteArray hash = SHA1.getHash(toDER()); + public static String getSHA1Fingerprint(Certificate certificate, CryptoProvider crypto) { + ByteArray hash = crypto.getSHA1Hash(certificate.toDER()); StringBuilder s = new StringBuilder(); for (int i = 0; i < hash.getSize(); ++i) { if (i > 0) { diff --git a/src/com/isode/stroke/tls/CertificateVerificationError.java b/src/com/isode/stroke/tls/CertificateVerificationError.java index d76dc00..baff374 100644 --- a/src/com/isode/stroke/tls/CertificateVerificationError.java +++ b/src/com/isode/stroke/tls/CertificateVerificationError.java @@ -29,12 +29,21 @@ public class CertificateVerificationError implements Error { RevocationCheckFailed } + public CertificateVerificationError() { + this(Type.UnknownError); + } + public CertificateVerificationError(Type type) { if (type == null) { throw new IllegalStateException(); } this.type = type; } - public final Type type; + + public Type getType() { + return type; + } + + private final Type type; } diff --git a/src/com/isode/stroke/tls/ServerIdentityVerifier.java b/src/com/isode/stroke/tls/ServerIdentityVerifier.java index 20caae8..86ce803 100644 --- a/src/com/isode/stroke/tls/ServerIdentityVerifier.java +++ b/src/com/isode/stroke/tls/ServerIdentityVerifier.java @@ -9,15 +9,20 @@ */ package com.isode.stroke.tls; -import com.isode.stroke.idn.IDNA; +import com.isode.stroke.idn.IDNConverter; import com.isode.stroke.jid.JID; import java.util.List; public class ServerIdentityVerifier { - public ServerIdentityVerifier(JID jid) { + public ServerIdentityVerifier(JID jid, IDNConverter idnConverter) { + this.domainValid = false; domain = jid.getDomain(); - encodedDomain = IDNA.getEncoded(domain); + String domainResult = idnConverter.getIDNAEncoded(domain); + if (domainResult != null) { + encodedDomain = domainResult; + domainValid = true; + } } public boolean certificateVerifies(Certificate certificate) { @@ -69,6 +74,9 @@ public class ServerIdentityVerifier { } boolean matchesDomain(String s) { + if (!domainValid) { + return false; + } if (s.startsWith("*.")) { String matchString = s.substring(2); String matchDomain = encodedDomain; @@ -88,4 +96,5 @@ public class ServerIdentityVerifier { } private String domain; private String encodedDomain; + private boolean domainValid; } diff --git a/src/com/isode/stroke/tls/SimpleCertificate.java b/src/com/isode/stroke/tls/SimpleCertificate.java new file mode 100644 index 0000000..178d36d --- /dev/null +++ b/src/com/isode/stroke/tls/SimpleCertificate.java @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2010-2015 Isode Limited. + * All rights reserved. + * See the COPYING file for more information. + */ +/* + * Copyright (c) 2015 Tarun Gupta. + * Licensed under the simplified BSD license. + * See Documentation/Licenses/BSD-simplified.txt for more information. + */ + +package com.isode.stroke.tls; + +import java.util.List; +import java.util.ArrayList; +import com.isode.stroke.base.ByteArray; + +public class SimpleCertificate extends Certificate { + + private String subjectName = ""; + private ByteArray der = new ByteArray(); + private List<String> commonNames = new ArrayList<String>(); + private List<String> dnsNames = new ArrayList<String>(); + private List<String> xmppAddresses = new ArrayList<String>(); + private List<String> srvNames = new ArrayList<String>(); + + public void setSubjectName(final String name) { + subjectName = name; + } + + public String getSubjectName() { + return subjectName; + } + + public List<String> getCommonNames() { + return commonNames; + } + + public void addCommonName(final String name) { + commonNames.add(name); + } + + public void addSRVName(final String name) { + srvNames.add(name); + } + + public void addDNSName(final String name) { + dnsNames.add(name); + } + + public void addXMPPAddress(final String addr) { + xmppAddresses.add(addr); + } + + public List<String> getSRVNames() { + return srvNames; + } + + public List<String> getDNSNames() { + return dnsNames; + } + + public List<String> getXMPPAddresses() { + return xmppAddresses; + } + + public ByteArray toDER() { + return der; + } + + public void setDER(final ByteArray der) { + this.der = der; + } + + private void parse() { + + } +}
\ No newline at end of file diff --git a/src/com/isode/stroke/tls/TLSContext.java b/src/com/isode/stroke/tls/TLSContext.java index 3f5e8d7..cd9f90d 100644 --- a/src/com/isode/stroke/tls/TLSContext.java +++ b/src/com/isode/stroke/tls/TLSContext.java @@ -15,6 +15,7 @@ import com.isode.stroke.base.ByteArray; import com.isode.stroke.base.SafeByteArray; import com.isode.stroke.signals.Signal; import com.isode.stroke.signals.Signal1; +import com.isode.stroke.tls.TLSError; public abstract class TLSContext { @@ -41,6 +42,6 @@ public abstract class TLSContext { public Signal1<SafeByteArray> onDataForNetwork = new Signal1<SafeByteArray>(); public Signal1<SafeByteArray> onDataForApplication = new Signal1<SafeByteArray>(); - public Signal onError = new Signal(); + public Signal1<TLSError> onError = new Signal1<TLSError>(); public Signal onConnected = new Signal(); } diff --git a/src/com/isode/stroke/tls/TLSContextFactory.java b/src/com/isode/stroke/tls/TLSContextFactory.java index 27e322f..f33539b 100644 --- a/src/com/isode/stroke/tls/TLSContextFactory.java +++ b/src/com/isode/stroke/tls/TLSContextFactory.java @@ -11,5 +11,7 @@ package com.isode.stroke.tls; public interface TLSContextFactory { boolean canCreate(); - TLSContext createTLSContext(); + TLSContext createTLSContext(TLSOptions tlsOptions); + //void setCheckCertificateRevocation(boolean b); + //void setDisconnectOnCardRemoval(boolean b); } diff --git a/src/com/isode/stroke/tls/TLSError.java b/src/com/isode/stroke/tls/TLSError.java new file mode 100644 index 0000000..619b747 --- /dev/null +++ b/src/com/isode/stroke/tls/TLSError.java @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2012-2015 Isode Limited. + * All rights reserved. + * See the COPYING file for more information. + */ +/* + * Copyright (c) 2015 Tarun Gupta. + * Licensed under the simplified BSD license. + * See Documentation/Licenses/BSD-simplified.txt for more information. + */ + +package com.isode.stroke.tls; + +import com.isode.stroke.base.Error; + +public class TLSError implements Error { + + private Type type; + + public enum Type { + UnknownError, + CertificateCardRemoved + }; + + public TLSError() { + this(Type.UnknownError); + } + + public TLSError(Type type) { + this.type = type; + } + + public Type getType() { + return type; + } +}
\ No newline at end of file diff --git a/src/com/isode/stroke/tls/TLSOptions.java b/src/com/isode/stroke/tls/TLSOptions.java new file mode 100644 index 0000000..9c0b647 --- /dev/null +++ b/src/com/isode/stroke/tls/TLSOptions.java @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2015 Isode Limited. + * All rights reserved. + * See the COPYING file for more information. + */ +/* + * Copyright (c) 2015 Tarun Gupta. + * Licensed under the simplified BSD license. + * See Documentation/Licenses/BSD-simplified.txt for more information. + */ + +package com.isode.stroke.tls; + +public class TLSOptions { + + /** + * This flag is not used in java, and is purely here to maintain + * consistency with Swiften + */ + public boolean schannelTLS1_0Workaround; + + public TLSOptions() { + schannelTLS1_0Workaround = false; + } +}
\ No newline at end of file diff --git a/src/com/isode/stroke/tls/java/JSSEContext.java b/src/com/isode/stroke/tls/java/JSSEContext.java index 17b7d4d..02f3b4d 100644 --- a/src/com/isode/stroke/tls/java/JSSEContext.java +++ b/src/com/isode/stroke/tls/java/JSSEContext.java @@ -53,6 +53,7 @@ import com.isode.stroke.tls.CertificateVerificationError.Type; import com.isode.stroke.tls.CertificateWithKey; import com.isode.stroke.tls.PKCS12Certificate; import com.isode.stroke.tls.TLSContext; +import com.isode.stroke.tls.TLSError; @@ -121,7 +122,7 @@ public class JSSEContext extends TLSContext { */ logger_.log(Level.WARNING, jsseContextError.toString(), e); errorsEmitted.add(jsseContextError); - onError.emit(); + onError.emit(null); } @Override @@ -921,7 +922,7 @@ public class JSSEContext extends TLSContext { public void handleDataFromNetwork(SafeByteArray data) { if (hasError()) { /* We have previously seen, and reported, an error. Emit again */ - onError.emit(); + onError.emit(null); return; } @@ -999,7 +1000,7 @@ public class JSSEContext extends TLSContext { public void handleDataFromApplication(SafeByteArray data) { if (hasError()) { /* We have previously seen, and reported, an error. Emit again */ - onError.emit(); + onError.emit(null); return; } if (closeNotifyReceived) { diff --git a/src/com/isode/stroke/tls/java/JSSEContextFactory.java b/src/com/isode/stroke/tls/java/JSSEContextFactory.java index 63b184d..666ee77 100644 --- a/src/com/isode/stroke/tls/java/JSSEContextFactory.java +++ b/src/com/isode/stroke/tls/java/JSSEContextFactory.java @@ -14,6 +14,7 @@ import java.util.HashSet; import java.util.Set; import com.isode.stroke.tls.TLSContext; +import com.isode.stroke.tls.TLSOptions; import com.isode.stroke.tls.TLSContextFactory; /** @@ -33,7 +34,7 @@ public class JSSEContextFactory implements TLSContextFactory { } @Override - public TLSContext createTLSContext() { + public TLSContext createTLSContext(TLSOptions tlsOptions) { return new JSSEContext(restrictedCipherSuites); } |