From 08725ba2bb49b70c84593a1d3a11d35afb9a449a Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Wed, 10 Aug 2016 12:34:05 +0200
Subject: use direct ssl when port was manually set to 5223 this should create
 a work around for the oracle xmpp server

---
 .../siacs/conversations/xmpp/XmppConnection.java   | 26 ++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
index 1072e29d..89ffa05d 100644
--- a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -46,6 +46,7 @@ import java.util.concurrent.atomic.AtomicInteger;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.X509KeyManager;
@@ -271,9 +272,30 @@ public class XmppConnection implements Runnable {
 				socket = SocksSocketFactory.createSocketOverTor(destination, account.getPort());
 				startXmpp();
 			} else if (extended && account.getHostname() != null && !account.getHostname().isEmpty()) {
-				socket = new Socket();
+
+				InetSocketAddress address = new InetSocketAddress(account.getHostname(), account.getPort());
+
+				features.encryptionEnabled = account.getPort() == 5223;
+
 				try {
-					socket.connect(new InetSocketAddress(account.getHostname(), account.getPort()), Config.SOCKET_TIMEOUT * 1000);
+					if (features.encryptionEnabled) {
+						try {
+							final TlsFactoryVerifier tlsFactoryVerifier = getTlsFactoryVerifier();
+							socket = tlsFactoryVerifier.factory.createSocket();
+							socket.connect(address, Config.SOCKET_TIMEOUT * 1000);
+							final SSLSession session = ((SSLSocket) socket).getSession();
+							if (!tlsFactoryVerifier.verifier.verify(account.getServer().getDomainpart(),session)) {
+								Log.d(Config.LOGTAG, account.getJid().toBareJid() + ": TLS certificate verification failed");
+								throw new SecurityException();
+							}
+						} catch (KeyManagementException e) {
+							features.encryptionEnabled = false;
+							socket = new Socket();
+						}
+					} else {
+						socket = new Socket();
+						socket.connect(address, Config.SOCKET_TIMEOUT * 1000);
+					}
 				} catch (IOException e) {
 					throw new UnknownHostException();
 				}
-- 
cgit v1.2.3