aboutsummaryrefslogtreecommitdiffstats
path: root/src/eu/siacs/conversations/xmpp
diff options
context:
space:
mode:
authorDaniel Gultsch <daniel@gultsch.de>2014-03-07 14:24:33 +0100
committerDaniel Gultsch <daniel@gultsch.de>2014-03-07 14:24:33 +0100
commit3bb5fcb3ca3586f2c641e0810ba0e019604ad7e4 (patch)
tree343b247e9a746cca31ed9c358bca2adf6fda309d /src/eu/siacs/conversations/xmpp
parent1cf05fccdb0823a99e0ea33cc51150c7e31f2f1e (diff)
tls exceptions for untrusted certs
Diffstat (limited to 'src/eu/siacs/conversations/xmpp')
-rw-r--r--src/eu/siacs/conversations/xmpp/OnTLSExceptionReceived.java7
-rw-r--r--src/eu/siacs/conversations/xmpp/XmppConnection.java36
2 files changed, 39 insertions, 4 deletions
diff --git a/src/eu/siacs/conversations/xmpp/OnTLSExceptionReceived.java b/src/eu/siacs/conversations/xmpp/OnTLSExceptionReceived.java
new file mode 100644
index 000000000..0e232ee40
--- /dev/null
+++ b/src/eu/siacs/conversations/xmpp/OnTLSExceptionReceived.java
@@ -0,0 +1,7 @@
+package eu.siacs.conversations.xmpp;
+
+import eu.siacs.conversations.entities.Account;
+
+public interface OnTLSExceptionReceived {
+ public void onTLSExceptionReceived(String fingerprint, Account account);
+}
diff --git a/src/eu/siacs/conversations/xmpp/XmppConnection.java b/src/eu/siacs/conversations/xmpp/XmppConnection.java
index c5aa1d7da..24168aef9 100644
--- a/src/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -9,6 +9,7 @@ import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
+import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertPathValidatorException;
@@ -33,6 +34,7 @@ import android.os.Bundle;
import android.os.PowerManager;
import android.util.Log;
import eu.siacs.conversations.entities.Account;
+import eu.siacs.conversations.utils.CryptoHelper;
import eu.siacs.conversations.utils.DNSHelper;
import eu.siacs.conversations.utils.SASL;
import eu.siacs.conversations.xml.Element;
@@ -71,6 +73,7 @@ public class XmppConnection implements Runnable {
private OnIqPacketReceived unregisteredIqListener = null;
private OnMessagePacketReceived messageListener = null;
private OnStatusChanged statusListener = null;
+ private OnTLSExceptionReceived tlsListener;
public XmppConnection(Account account, PowerManager pm) {
this.account = account;
@@ -127,7 +130,9 @@ public class XmppConnection implements Runnable {
}
return;
} catch (IOException e) {
- this.changeStatus(Account.STATUS_OFFLINE);
+ if (account.getStatus() != Account.STATUS_TLS_ERROR) {
+ this.changeStatus(Account.STATUS_OFFLINE);
+ }
if (wakeLock.isHeld()) {
wakeLock.release();
}
@@ -312,7 +317,26 @@ public class XmppConnection implements Runnable {
try {
origTrustmanager.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
- Log.d(LOGTAG,"cert exeption");
+ if (e.getCause() instanceof CertPathValidatorException) {
+ String sha;
+ try {
+ MessageDigest sha1 = MessageDigest.getInstance("SHA1");
+ sha1.update(chain[0].getEncoded());
+ sha = CryptoHelper.bytesToHex(sha1.digest());
+ if (!sha.equals(account.getSSLFingerprint())) {
+ changeStatus(Account.STATUS_TLS_ERROR);
+ if (tlsListener!=null) {
+ tlsListener.onTLSExceptionReceived(sha,account);
+ }
+ throw new CertificateException();
+ }
+ } catch (NoSuchAlgorithmException e1) {
+ // TODO Auto-generated catch block
+ e1.printStackTrace();
+ }
+ } else {
+ throw new CertificateException();
+ }
}
}
@@ -325,8 +349,8 @@ public class XmppConnection implements Runnable {
sc.init(null, wrappedTrustManagers, null);
SSLSocketFactory factory = sc.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,
- socket.getInetAddress().getHostAddress(), socket.getPort(),
- true);
+ socket.getInetAddress().getHostAddress(), socket.getPort(),
+ true);
tagReader.setInputStream(sslSocket.getInputStream());
Log.d(LOGTAG, "reset inputstream");
tagWriter.setOutputStream(sslSocket.getOutputStream());
@@ -528,6 +552,10 @@ public class XmppConnection implements Runnable {
public void setOnStatusChangedListener(OnStatusChanged listener) {
this.statusListener = listener;
}
+
+ public void setOnTLSExceptionReceivedListener(OnTLSExceptionReceived listener) {
+ this.tlsListener = listener;
+ }
public void disconnect() {
shouldConnect = false;