Swiftdiff options
Diffstat (limited to 'src/com/isode/stroke/tls')
| -rw-r--r-- | src/com/isode/stroke/tls/CertificateTrustChecker.java | 8 | ||||
| -rw-r--r-- | src/com/isode/stroke/tls/TLSContext.java | 13 | ||||
| -rw-r--r-- | src/com/isode/stroke/tls/java/JSSEContext.java | 24 |
3 files changed, 35 insertions, 10 deletions
diff --git a/src/com/isode/stroke/tls/CertificateTrustChecker.java b/src/com/isode/stroke/tls/CertificateTrustChecker.java index 2fcf3c0..7f4753b 100644 --- a/src/com/isode/stroke/tls/CertificateTrustChecker.java +++ b/src/com/isode/stroke/tls/CertificateTrustChecker.java @@ -4,11 +4,14 @@ * See Documentation/Licenses/GPLv3.txt for more information. */ /* - * Copyright (c) 2011, Isode Limited, London, England. + * Copyright (c) 2011-2014, Isode Limited, London, England. * All rights reserved. */ package com.isode.stroke.tls; +import java.util.List; + + /** * A class to implement a check for certificate trust. */ @@ -19,5 +22,6 @@ public interface CertificateTrustChecker { * trusted. This usually happens when a certificate's validation * fails, to check whether to proceed with the connection or not. */ - boolean isCertificateTrusted(Certificate certificate); + public boolean isCertificateTrusted(List<Certificate> chain); + } diff --git a/src/com/isode/stroke/tls/TLSContext.java b/src/com/isode/stroke/tls/TLSContext.java index ec39a3b..738c8b6 100644 --- a/src/com/isode/stroke/tls/TLSContext.java +++ b/src/com/isode/stroke/tls/TLSContext.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2012, Isode Limited, London, England. + * Copyright (c) 2011-2014, Isode Limited, London, England. * All rights reserved. */ /* @@ -9,6 +9,8 @@ package com.isode.stroke.tls; +import java.util.List; + import com.isode.stroke.base.ByteArray; import com.isode.stroke.signals.Signal; import com.isode.stroke.signals.Signal1; @@ -22,7 +24,16 @@ public abstract class TLSContext { public abstract void handleDataFromNetwork(ByteArray data); public abstract void handleDataFromApplication(ByteArray data); + /** + * The peer certificate, as presented by the remote entity + * @return the peer certificate, which may be null + */ public abstract Certificate getPeerCertificate(); + /** + * The peer's certificate chain, as presented by the remote entity + * @return the peer certificate chain, which may be null. + */ + public abstract List<Certificate> getPeerCertificateChain(); public abstract CertificateVerificationError getPeerCertificateVerificationError(); public abstract ByteArray getFinishMessage(); diff --git a/src/com/isode/stroke/tls/java/JSSEContext.java b/src/com/isode/stroke/tls/java/JSSEContext.java index 2928498..13904e8 100644 --- a/src/com/isode/stroke/tls/java/JSSEContext.java +++ b/src/com/isode/stroke/tls/java/JSSEContext.java @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2013, Isode Limited, London, England. +/* Copyright (c) 2012-2014, Isode Limited, London, England. * All rights reserved. * * Acquisition and use of this software and related materials for any @@ -26,7 +26,9 @@ import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; +import java.util.ArrayList; import java.util.HashSet; +import java.util.List; import java.util.Set; import java.util.Vector; import java.util.logging.Level; @@ -627,8 +629,10 @@ public class JSSEContext extends TLSContext { if (certs == null || certs.length == 0) { return; } - - peerCertificate = new JavaCertificate(certs[0]); + peerCertificateChain = new ArrayList<Certificate>(certs.length); + for (X509Certificate x509:certs) { + peerCertificateChain.add(new JavaCertificate(x509)); + } /* Swiften uses SSL_get_verify_result() for this, and the documentation * for that says it "while the verification of a certificate can fail @@ -1052,10 +1056,16 @@ public class JSSEContext extends TLSContext { } - + @Override + public List<Certificate> getPeerCertificateChain() { + return peerCertificateChain; + } @Override public Certificate getPeerCertificate() { - return peerCertificate; + if (peerCertificateChain == null || peerCertificateChain.isEmpty()) { + return null; + } + return (peerCertificateChain.get(0)); } @Override @@ -1161,9 +1171,9 @@ public class JSSEContext extends TLSContext { private Object recvMutex = new Object(); /** - * The server certificate as obtained from the TLS handshake + * The server certificate chain as obtained from the TLS handshake */ - private JavaCertificate peerCertificate = null; + private List<Certificate> peerCertificateChain = null; /** * The CertificateVerificationError derived from the peerCertificate. This |