Swiftdiff options
| author | Nick Hudson <nick.hudson@isode.com> | 2012-03-08 10:16:55 (GMT) |
|---|---|---|
| committer | Kevin Smith <git@kismith.co.uk> | 2012-03-08 21:51:02 (GMT) |
| commit | c5392b36c368ebdca2e8ab356eb0d1fb0d36a5cb (patch) | |
| tree | 38c40c5661bce2b5655d91e6e7dadcc3b536fac5 /src/com/isode/stroke/session | |
| parent | 0470264fd4f9e7e73d1b655dc680e5ca7c10513c (diff) | |
| download | stroke-c5392b36c368ebdca2e8ab356eb0d1fb0d36a5cb.zip stroke-c5392b36c368ebdca2e8ab356eb0d1fb0d36a5cb.tar.bz2 | |
Implement "CertificateWithKey" and add support for setting client certificates
This change provides the functionality to allow clients to specify a
PKCS#12 file containing client certificate/key for use when starting
TLS sessions.
The PKCS12Certificate class now subclasses "CertificateWithKey"
(matching the Swiften implementation).
Swiften also has "CAPICertificate", which is another subclass of
CertificateWithKey. This has not been provided in this patch.
From a client's point of view, all that's necessary to specify a
certificate to be used for TLS is to do something like
CertificateWithKey myCert = new PKCS12Certificate(
"/home/fred/myp12file.p12",
"secret".toCharArray());
coreClient.setCertificate(myCert);
before calling "CoreClient.connect".
Matching the Swiften functionality, constructing a new
PKCS12Certificate does not actually perform validation of the P12
file/passphrase; that takes place when the p12 file is used.
There is limited scope for returning to the caller errors describing
possible problems, but JSSEContext uses the "emitError" method which
does maintain error information, which is available in a debugger, or
from the JSSEContext.toString() method.
Test-information:
Set up an M-Link server with TLS verified that
- when I specify a client certificate with suitable SAN, the client
sends it and the server reports authentication using the certificate
- when I specify a client certificate without a suitable SAN, the
client sends it but the server rejects it
Diffstat (limited to 'src/com/isode/stroke/session')
| -rw-r--r-- | src/com/isode/stroke/session/SessionStream.java | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/com/isode/stroke/session/SessionStream.java b/src/com/isode/stroke/session/SessionStream.java index ee17a09..5dbb0fc 100644 --- a/src/com/isode/stroke/session/SessionStream.java +++ b/src/com/isode/stroke/session/SessionStream.java @@ -15,6 +15,7 @@ import com.isode.stroke.signals.Signal; import com.isode.stroke.signals.Signal1; import com.isode.stroke.tls.Certificate; import com.isode.stroke.tls.CertificateVerificationError; +import com.isode.stroke.tls.CertificateWithKey; import com.isode.stroke.tls.PKCS12Certificate; public abstract class SessionStream { @@ -60,7 +61,7 @@ public abstract class SessionStream { public abstract void resetXMPPParser(); - public void setTLSCertificate(PKCS12Certificate cert) { + public void setTLSCertificate(CertificateWithKey cert) { certificate = cert; } @@ -80,7 +81,7 @@ public abstract class SessionStream { public final Signal onTLSEncrypted = new Signal(); public final Signal1<String> onDataRead = new Signal1<String>(); public final Signal1<String> onDataWritten = new Signal1<String>(); - protected PKCS12Certificate getTLSCertificate() { + protected CertificateWithKey getTLSCertificate() { return certificate; } @@ -94,5 +95,5 @@ public abstract class SessionStream { "; " + (hasTLSCertificate() ? "has" : "no") + " certificate"; } - private PKCS12Certificate certificate; + private CertificateWithKey certificate; } |