Completes TLS & Session.

Adds TLSError and TLSOptions. Updates BasicSessionStream, SessionStream and Session. Updates Client and Components to accomodate changes in TLS. Also completes TLSLayer in StreamStack which was pending due to TLS port. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details. Test-Information: Tests added for Certificate and ServerIdentityVerifier. Test updated for ComponentSession. All tests pass. Change-Id: I34a8fe068c1e8af5348cc4ab49d3d1ed118ae833
author: Tarun Gupta <tarun1995gupta@gmail.com> 2015-07-24 17:01:42 (GMT)
committer: Nick Hudson <nick.hudson@isode.com> 2015-08-14 15:32:08 (GMT)
commit: 0a1f7199e26523dd2693f44a5841c5434cc9000d (patch)
tree: 8f28ebb20fbe60f420ea25055955ac3d246db549 /src/com/isode/stroke/tls
parent: dc2b35bee48261e8b06e12bd82a434af118e035e (diff)
download: stroke-0a1f7199e26523dd2693f44a5841c5434cc9000d.zip
stroke-0a1f7199e26523dd2693f44a5841c5434cc9000d.tar.bz2
11 files changed, 205 insertions, 12 deletions
diff --git a/src/com/isode/stroke/tls/BlindCertificateTrustChecker.java b/src/com/isode/stroke/tls/BlindCertificateTrustChecker.java
new file mode 100644
index 0000000..46866f2
--- /dev/null
+++ b/src/com/isode/stroke/tls/BlindCertificateTrustChecker.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2010-2015 Isode Limited.
+ * All rights reserved.
+ * See the COPYING file for more information.
+ */
+/*
+ * Copyright (c) 2015 Tarun Gupta.
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information.
+ */
+
+package com.isode.stroke.tls;
+
+import com.isode.stroke.tls.CertificateTrustChecker;
+import java.util.List;
+
+/**
+ * A certificate trust checker that trusts any ceritficate.
+ *
+ * This can be used to ignore any TLS certificate errors occurring 
+ * during connection.
+ *
+ * @link Client#setAlwaysTrustCertificates()
+ */
+public class BlindCertificateTrustChecker implements CertificateTrustChecker {
+
+	public boolean isCertificateTrusted(final List<Certificate> certificate) {
+		return true;
+	}
+}
+\ No newline at end of file
diff --git a/src/com/isode/stroke/tls/Certificate.java b/src/com/isode/stroke/tls/Certificate.java
index de23f94..fdd64c0 100644
--- a/src/com/isode/stroke/tls/Certificate.java
+++ b/src/com/isode/stroke/tls/Certificate.java
@@ -9,6 +9,7 @@
 package com.isode.stroke.tls;
 
 import com.isode.stroke.base.ByteArray;
+import com.isode.stroke.crypto.CryptoProvider;
 import com.isode.stroke.stringcodecs.Hexify;
 import com.isode.stroke.stringcodecs.SHA1;
 import java.util.List;
@@ -31,8 +32,8 @@ public abstract class Certificate {
 
     public abstract ByteArray toDER();
 
-    public String getSHA1Fingerprint() {
-        ByteArray hash = SHA1.getHash(toDER());
+    public static String getSHA1Fingerprint(Certificate certificate, CryptoProvider crypto) {
+        ByteArray hash = crypto.getSHA1Hash(certificate.toDER());
         StringBuilder s = new StringBuilder();
         for (int i = 0; i < hash.getSize(); ++i) {
             if (i > 0) {
diff --git a/src/com/isode/stroke/tls/CertificateVerificationError.java b/src/com/isode/stroke/tls/CertificateVerificationError.java
index d76dc00..baff374 100644
--- a/src/com/isode/stroke/tls/CertificateVerificationError.java
+++ b/src/com/isode/stroke/tls/CertificateVerificationError.java
@@ -29,12 +29,21 @@ public class CertificateVerificationError implements Error {
         RevocationCheckFailed
     }
 
+    public CertificateVerificationError() {
+        this(Type.UnknownError);
+    }
+
     public CertificateVerificationError(Type type) {
         if (type == null) {
             throw new IllegalStateException();
         }
         this.type = type;
     }
-    public final Type type;
+
+    public Type getType() {
+        return type;
+    }
+
+    private final Type type;
 }
 
diff --git a/src/com/isode/stroke/tls/ServerIdentityVerifier.java b/src/com/isode/stroke/tls/ServerIdentityVerifier.java
index 20caae8..86ce803 100644
--- a/src/com/isode/stroke/tls/ServerIdentityVerifier.java
+++ b/src/com/isode/stroke/tls/ServerIdentityVerifier.java
@@ -9,15 +9,20 @@
  */
 package com.isode.stroke.tls;
 
-import com.isode.stroke.idn.IDNA;
+import com.isode.stroke.idn.IDNConverter;
 import com.isode.stroke.jid.JID;
 import java.util.List;
 
 public class ServerIdentityVerifier {
 
-    public ServerIdentityVerifier(JID jid) {
+    public ServerIdentityVerifier(JID jid, IDNConverter idnConverter) {
+        this.domainValid = false;
         domain = jid.getDomain();
-        encodedDomain = IDNA.getEncoded(domain);
+        String domainResult = idnConverter.getIDNAEncoded(domain);
+        if (domainResult != null) {
+            encodedDomain = domainResult;
+            domainValid = true;
+        }        
     }
 
     public boolean certificateVerifies(Certificate certificate) {
@@ -69,6 +74,9 @@ public class ServerIdentityVerifier {
     }
 
     boolean matchesDomain(String s) {
+        if (!domainValid) {
+            return false;
+        }        
         if (s.startsWith("*.")) {
             String matchString = s.substring(2);
             String matchDomain = encodedDomain;
@@ -88,4 +96,5 @@ public class ServerIdentityVerifier {
     }
     private String domain;
     private String encodedDomain;
+    private boolean domainValid;
 }
diff --git a/src/com/isode/stroke/tls/SimpleCertificate.java b/src/com/isode/stroke/tls/SimpleCertificate.java
new file mode 100644
index 0000000..178d36d
--- /dev/null
+++ b/src/com/isode/stroke/tls/SimpleCertificate.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2010-2015 Isode Limited.
+ * All rights reserved.
+ * See the COPYING file for more information.
+ */
+/*
+ * Copyright (c) 2015 Tarun Gupta.
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information.
+ */
+
+package com.isode.stroke.tls;
+
+import java.util.List;
+import java.util.ArrayList;
+import com.isode.stroke.base.ByteArray;
+
+public class SimpleCertificate extends Certificate {
+
+	private String subjectName = "";
+	private ByteArray der = new ByteArray();
+	private List<String> commonNames = new ArrayList<String>();
+	private List<String> dnsNames = new ArrayList<String>();
+	private List<String> xmppAddresses = new ArrayList<String>();
+	private List<String> srvNames = new ArrayList<String>();
+
+	public void setSubjectName(final String name) {
+		subjectName = name;
+	}
+
+	public String getSubjectName() {
+		return subjectName;
+	}
+
+	public List<String> getCommonNames() {
+		return commonNames;
+	}
+
+	public void addCommonName(final String name) {
+		commonNames.add(name);
+	}
+
+	public void addSRVName(final String name) {
+		srvNames.add(name);
+	}
+
+	public void addDNSName(final String name) {
+		dnsNames.add(name);
+	}
+
+	public void addXMPPAddress(final String addr) {
+		xmppAddresses.add(addr);
+	}
+
+	public List<String> getSRVNames() {
+		return srvNames;
+	}
+
+	public List<String> getDNSNames() {
+		return dnsNames;
+	}
+
+	public List<String> getXMPPAddresses() {
+		return xmppAddresses;
+	}
+
+	public ByteArray toDER() {
+		return der;
+	}
+
+	public void setDER(final ByteArray der) {
+		this.der = der;
+	}
+
+	private void parse() {
+
+	}
+}
+\ No newline at end of file
diff --git a/src/com/isode/stroke/tls/TLSContext.java b/src/com/isode/stroke/tls/TLSContext.java
index 3f5e8d7..cd9f90d 100644
--- a/src/com/isode/stroke/tls/TLSContext.java
+++ b/src/com/isode/stroke/tls/TLSContext.java
@@ -15,6 +15,7 @@ import com.isode.stroke.base.ByteArray;
 import com.isode.stroke.base.SafeByteArray;
 import com.isode.stroke.signals.Signal;
 import com.isode.stroke.signals.Signal1;
+import com.isode.stroke.tls.TLSError;
 
 public abstract class TLSContext {
 
@@ -41,6 +42,6 @@ public abstract class TLSContext {
 
     public Signal1<SafeByteArray> onDataForNetwork = new Signal1<SafeByteArray>();
     public Signal1<SafeByteArray> onDataForApplication = new Signal1<SafeByteArray>();
-    public Signal onError = new Signal();
+    public Signal1<TLSError> onError = new Signal1<TLSError>();
     public Signal onConnected = new Signal();
 }
diff --git a/src/com/isode/stroke/tls/TLSContextFactory.java b/src/com/isode/stroke/tls/TLSContextFactory.java
index 27e322f..f33539b 100644
--- a/src/com/isode/stroke/tls/TLSContextFactory.java
+++ b/src/com/isode/stroke/tls/TLSContextFactory.java
@@ -11,5 +11,7 @@ package com.isode.stroke.tls;
 
 public interface TLSContextFactory {
     boolean canCreate();
-    TLSContext createTLSContext();
+    TLSContext createTLSContext(TLSOptions tlsOptions);
+    //void setCheckCertificateRevocation(boolean b);
+	//void setDisconnectOnCardRemoval(boolean b);
 }
diff --git a/src/com/isode/stroke/tls/TLSError.java b/src/com/isode/stroke/tls/TLSError.java
new file mode 100644
index 0000000..619b747
--- /dev/null
+++ b/src/com/isode/stroke/tls/TLSError.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2012-2015 Isode Limited.
+ * All rights reserved.
+ * See the COPYING file for more information.
+ */
+/*
+ * Copyright (c) 2015 Tarun Gupta.
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information.
+ */
+
+package com.isode.stroke.tls;
+
+import com.isode.stroke.base.Error;
+
+public class TLSError implements Error {
+
+	private Type type;
+
+	public enum Type {
+		UnknownError,
+		CertificateCardRemoved
+	};
+
+	public TLSError() {
+		this(Type.UnknownError);
+	}
+
+	public TLSError(Type type) {
+		this.type = type;
+	}
+
+	public Type getType() { 
+		return type; 
+	}
+}
+\ No newline at end of file
diff --git a/src/com/isode/stroke/tls/TLSOptions.java b/src/com/isode/stroke/tls/TLSOptions.java
new file mode 100644
index 0000000..9c0b647
--- /dev/null
+++ b/src/com/isode/stroke/tls/TLSOptions.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2015 Isode Limited.
+ * All rights reserved.
+ * See the COPYING file for more information.
+ */
+/*
+ * Copyright (c) 2015 Tarun Gupta.
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information.
+ */
+
+package com.isode.stroke.tls;
+
+public class TLSOptions {
+
+	/**
+  	 * This flag is not used in java, and is purely here to maintain
+  	 * consistency with Swiften
+  	 */
+	public boolean schannelTLS1_0Workaround;
+
+	public TLSOptions() {
+		schannelTLS1_0Workaround = false;
+	}
+}
+\ No newline at end of file
diff --git a/src/com/isode/stroke/tls/java/JSSEContext.java b/src/com/isode/stroke/tls/java/JSSEContext.java
index 17b7d4d..02f3b4d 100644
--- a/src/com/isode/stroke/tls/java/JSSEContext.java
+++ b/src/com/isode/stroke/tls/java/JSSEContext.java
@@ -53,6 +53,7 @@ import com.isode.stroke.tls.CertificateVerificationError.Type;
 import com.isode.stroke.tls.CertificateWithKey;
 import com.isode.stroke.tls.PKCS12Certificate;
 import com.isode.stroke.tls.TLSContext;
+import com.isode.stroke.tls.TLSError;
 
 
 
@@ -121,7 +122,7 @@ public class JSSEContext extends TLSContext {
          */
         logger_.log(Level.WARNING, jsseContextError.toString(), e);
         errorsEmitted.add(jsseContextError);
-        onError.emit();        
+        onError.emit(null);
     }
     
     @Override
@@ -921,7 +922,7 @@ public class JSSEContext extends TLSContext {
     public void handleDataFromNetwork(SafeByteArray data) {
         if (hasError()) {
             /* We have previously seen, and reported, an error.  Emit again */
-            onError.emit();        
+            onError.emit(null);        
             return;
         }
 
@@ -999,7 +1000,7 @@ public class JSSEContext extends TLSContext {
     public void handleDataFromApplication(SafeByteArray data) {
         if (hasError()) {
             /* We have previously seen, and reported, an error.  Emit again */
-            onError.emit();        
+            onError.emit(null);        
             return;
         }
 	if (closeNotifyReceived) {
diff --git a/src/com/isode/stroke/tls/java/JSSEContextFactory.java b/src/com/isode/stroke/tls/java/JSSEContextFactory.java
index 63b184d..666ee77 100644
--- a/src/com/isode/stroke/tls/java/JSSEContextFactory.java
+++ b/src/com/isode/stroke/tls/java/JSSEContextFactory.java
@@ -14,6 +14,7 @@ import java.util.HashSet;
 import java.util.Set;
 
 import com.isode.stroke.tls.TLSContext;
+import com.isode.stroke.tls.TLSOptions;
 import com.isode.stroke.tls.TLSContextFactory;
 
 /**
@@ -33,7 +34,7 @@ public class JSSEContextFactory implements TLSContextFactory {
     }
 
     @Override
-    public TLSContext createTLSContext() {
+    public TLSContext createTLSContext(TLSOptions tlsOptions) {
         return new JSSEContext(restrictedCipherSuites);
     }
author	Tarun Gupta <tarun1995gupta@gmail.com>	2015-07-24 17:01:42 (GMT)
committer	Nick Hudson <nick.hudson@isode.com>	2015-08-14 15:32:08 (GMT)
commit	0a1f7199e26523dd2693f44a5841c5434cc9000d (patch)
tree	8f28ebb20fbe60f420ea25055955ac3d246db549 /src/com/isode/stroke/tls
parent	dc2b35bee48261e8b06e12bd82a434af118e035e (diff)
download	stroke-0a1f7199e26523dd2693f44a5841c5434cc9000d.zip stroke-0a1f7199e26523dd2693f44a5841c5434cc9000d.tar.bz2