| Age | Commit message (Collapse) | Author |
|---|
|
Add the BOSHSessionStream class to stroke.
Also tidy up PortingProgress.txt there were some files it was saying had not
been imported when they had.
Test-information:
Code inspection as there are no unit tests for the new code.
Sanity test all existing unit tests pass.
Change-Id: Ia049a008f0d2c39c23f5752aa7740b10f48aa397
|
|
Adds TLSError and TLSOptions.
Updates BasicSessionStream, SessionStream and Session.
Updates Client and Components to accomodate changes in TLS.
Also completes TLSLayer in StreamStack which was pending due to TLS port.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Tests added for Certificate and ServerIdentityVerifier.
Test updated for ComponentSession.
All tests pass.
Change-Id: I34a8fe068c1e8af5348cc4ab49d3d1ed118ae833
|
|
Adds Component, ComponentConnector, ComponentError, ComponentSession, ComponentXMLTracer, CoreComponent,
ComponentSessionStanzaChannel, ComponentXMTracer, CoreComponent.
Updates CoreClient, StrokeGUI, BasicSessionStream and SessionStream and Client, so that signal definition can be changed.
Updates ComponentHandshake element, Entity.
Updates OutgoingAdHocCommandSession to have feature parity with Swiften.
This patch does not port Client or Session fully, which will be done in separate future patches.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Test added for ComponentSession, which passes.
Test for ComponentConnector cannot be ported right now and will be done in future patches,
as it requires some bits of Network to be ported.
Change-Id: I7138a2041fe28a2be7ac57cb47b15365f9334b24
|
|
TLSLayer could not be updated because it requires TLS to be ported first.
Updates other classes, only for having compatibility with SafeByteArray because of updates in Stream Stack.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Tests added for StreamStack and XMPPLayer, which passes.
Change-Id: I8707fc1f16d622d2a90f6f39f671b7e7c46aa170
|
|
Since the initial Stroke TLS implementation was done, some changes
were made in Swiften, starting with
"Show Certificate dialog from certificate error window."
159e773b156f531575d0d7e241e2d20c85ee6d7cA
which mean that certificate verification uses the peer's certificate
chain, and not just the peer's EE certificate.
This change updates Stroke so that its API now more closely matches
what Swiften does.
Note that any current Stroke clients that implement the
"CertificateTrustChecker" interface will break, as this patch makes an
incompatible change to that interface, requiring implementing classes
to handle a certificate chain rather than a single certificate.
Isode copyright notices are updated; Remko copyright notices are
updated to reflect the current copyright notices in any equivalent
Swiften source files.
Test-information:
Used MLC (after having patched it for CertificateTrustChecker changes)
and verified that it sees the entire certificate chain coming back.
Ran self-tests for Stroke and saw no junit failures
Change-Id: I3d863f929bfed3324446cadf3bb4d6b9ff916660
|
|
Makes ClientOptions do more.
|
|
|
|
This change provides the functionality to allow clients to specify a
PKCS#12 file containing client certificate/key for use when starting
TLS sessions.
The PKCS12Certificate class now subclasses "CertificateWithKey"
(matching the Swiften implementation).
Swiften also has "CAPICertificate", which is another subclass of
CertificateWithKey. This has not been provided in this patch.
From a client's point of view, all that's necessary to specify a
certificate to be used for TLS is to do something like
CertificateWithKey myCert = new PKCS12Certificate(
"/home/fred/myp12file.p12",
"secret".toCharArray());
coreClient.setCertificate(myCert);
before calling "CoreClient.connect".
Matching the Swiften functionality, constructing a new
PKCS12Certificate does not actually perform validation of the P12
file/passphrase; that takes place when the p12 file is used.
There is limited scope for returning to the caller errors describing
possible problems, but JSSEContext uses the "emitError" method which
does maintain error information, which is available in a debugger, or
from the JSSEContext.toString() method.
Test-information:
Set up an M-Link server with TLS verified that
- when I specify a client certificate with suitable SAN, the client
sends it and the server reports authentication using the certificate
- when I specify a client certificate without a suitable SAN, the
client sends it but the server rejects it
|
|
Also fixed up some incorrect Remko copyrights
|
|
|
|
|
Swift