diff options
author | Daniel Gultsch <daniel@gultsch.de> | 2014-03-07 14:24:33 +0100 |
---|---|---|
committer | Daniel Gultsch <daniel@gultsch.de> | 2014-03-07 14:24:33 +0100 |
commit | 3bb5fcb3ca3586f2c641e0810ba0e019604ad7e4 (patch) | |
tree | 343b247e9a746cca31ed9c358bca2adf6fda309d /src/eu/siacs/conversations/xmpp | |
parent | 1cf05fccdb0823a99e0ea33cc51150c7e31f2f1e (diff) |
tls exceptions for untrusted certs
Diffstat (limited to 'src/eu/siacs/conversations/xmpp')
-rw-r--r-- | src/eu/siacs/conversations/xmpp/OnTLSExceptionReceived.java | 7 | ||||
-rw-r--r-- | src/eu/siacs/conversations/xmpp/XmppConnection.java | 36 |
2 files changed, 39 insertions, 4 deletions
diff --git a/src/eu/siacs/conversations/xmpp/OnTLSExceptionReceived.java b/src/eu/siacs/conversations/xmpp/OnTLSExceptionReceived.java new file mode 100644 index 000000000..0e232ee40 --- /dev/null +++ b/src/eu/siacs/conversations/xmpp/OnTLSExceptionReceived.java @@ -0,0 +1,7 @@ +package eu.siacs.conversations.xmpp; + +import eu.siacs.conversations.entities.Account; + +public interface OnTLSExceptionReceived { + public void onTLSExceptionReceived(String fingerprint, Account account); +} diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java index c5aa1d7da..24168aef9 100644 --- a/src/eu/siacs/conversations/xmpp/XmppConnection.java +++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java @@ -9,6 +9,7 @@ import java.net.UnknownHostException; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.cert.CertPathValidatorException; @@ -33,6 +34,7 @@ import android.os.Bundle; import android.os.PowerManager; import android.util.Log; import eu.siacs.conversations.entities.Account; +import eu.siacs.conversations.utils.CryptoHelper; import eu.siacs.conversations.utils.DNSHelper; import eu.siacs.conversations.utils.SASL; import eu.siacs.conversations.xml.Element; @@ -71,6 +73,7 @@ public class XmppConnection implements Runnable { private OnIqPacketReceived unregisteredIqListener = null; private OnMessagePacketReceived messageListener = null; private OnStatusChanged statusListener = null; + private OnTLSExceptionReceived tlsListener; public XmppConnection(Account account, PowerManager pm) { this.account = account; @@ -127,7 +130,9 @@ public class XmppConnection implements Runnable { } return; } catch (IOException e) { - this.changeStatus(Account.STATUS_OFFLINE); + if (account.getStatus() != Account.STATUS_TLS_ERROR) { + this.changeStatus(Account.STATUS_OFFLINE); + } if (wakeLock.isHeld()) { wakeLock.release(); } @@ -312,7 +317,26 @@ public class XmppConnection implements Runnable { try { origTrustmanager.checkServerTrusted(chain, authType); } catch (CertificateException e) { - Log.d(LOGTAG,"cert exeption"); + if (e.getCause() instanceof CertPathValidatorException) { + String sha; + try { + MessageDigest sha1 = MessageDigest.getInstance("SHA1"); + sha1.update(chain[0].getEncoded()); + sha = CryptoHelper.bytesToHex(sha1.digest()); + if (!sha.equals(account.getSSLFingerprint())) { + changeStatus(Account.STATUS_TLS_ERROR); + if (tlsListener!=null) { + tlsListener.onTLSExceptionReceived(sha,account); + } + throw new CertificateException(); + } + } catch (NoSuchAlgorithmException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } + } else { + throw new CertificateException(); + } } } @@ -325,8 +349,8 @@ public class XmppConnection implements Runnable { sc.init(null, wrappedTrustManagers, null); SSLSocketFactory factory = sc.getSocketFactory(); SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket, - socket.getInetAddress().getHostAddress(), socket.getPort(), - true); + socket.getInetAddress().getHostAddress(), socket.getPort(), + true); tagReader.setInputStream(sslSocket.getInputStream()); Log.d(LOGTAG, "reset inputstream"); tagWriter.setOutputStream(sslSocket.getOutputStream()); @@ -528,6 +552,10 @@ public class XmppConnection implements Runnable { public void setOnStatusChangedListener(OnStatusChanged listener) { this.statusListener = listener; } + + public void setOnTLSExceptionReceivedListener(OnTLSExceptionReceived listener) { + this.tlsListener = listener; + } public void disconnect() { shouldConnect = false; |