Swiftdiff options
| author | Nick Hudson <nick.hudson@isode.com> | 2014-07-10 13:31:24 (GMT) |
|---|---|---|
| committer | Swift Review <review@swift.im> | 2014-07-22 11:43:14 (GMT) |
| commit | f86f1c1df0fc8bfd72306d55d370e202378652b2 (patch) | |
| tree | b06484367c13f4b0e704e0adbcf4809f8d961386 /src/com/isode/stroke/streamstack | |
| parent | b6b5d495636f14d776087d9e255e7d7528522734 (diff) | |
| download | stroke-f86f1c1df0fc8bfd72306d55d370e202378652b2.zip stroke-f86f1c1df0fc8bfd72306d55d370e202378652b2.tar.bz2 | |
Make Stroke return peer certificate chain, rather then just EE certificate
Since the initial Stroke TLS implementation was done, some changes
were made in Swiften, starting with
"Show Certificate dialog from certificate error window."
159e773b156f531575d0d7e241e2d20c85ee6d7cA
which mean that certificate verification uses the peer's certificate
chain, and not just the peer's EE certificate.
This change updates Stroke so that its API now more closely matches
what Swiften does.
Note that any current Stroke clients that implement the
"CertificateTrustChecker" interface will break, as this patch makes an
incompatible change to that interface, requiring implementing classes
to handle a certificate chain rather than a single certificate.
Isode copyright notices are updated; Remko copyright notices are
updated to reflect the current copyright notices in any equivalent
Swiften source files.
Test-information:
Used MLC (after having patched it for CertificateTrustChecker changes)
and verified that it sees the entire certificate chain coming back.
Ran self-tests for Stroke and saw no junit failures
Change-Id: I3d863f929bfed3324446cadf3bb4d6b9ff916660
Diffstat (limited to 'src/com/isode/stroke/streamstack')
| -rw-r--r-- | src/com/isode/stroke/streamstack/TLSLayer.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/com/isode/stroke/streamstack/TLSLayer.java b/src/com/isode/stroke/streamstack/TLSLayer.java index 1f213fc..70bcd1a 100644 --- a/src/com/isode/stroke/streamstack/TLSLayer.java +++ b/src/com/isode/stroke/streamstack/TLSLayer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2012, Isode Limited, London, England. + * Copyright (c) 2010-2014, Isode Limited, London, England. * All rights reserved. */ /* @@ -9,6 +9,8 @@ package com.isode.stroke.streamstack; +import java.util.List; + import com.isode.stroke.base.ByteArray; import com.isode.stroke.signals.Signal; import com.isode.stroke.signals.Slot1; @@ -54,6 +56,10 @@ public class TLSLayer extends StreamLayer { return context.setClientCertificate(certificate); } + public List<Certificate> getPeerCertificateChain() { + return context.getPeerCertificateChain(); + } + public Certificate getPeerCertificate() { return context.getPeerCertificate(); } |