aboutsummaryrefslogtreecommitdiffstats
path: root/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'src/main')
-rw-r--r--src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java101
1 files changed, 45 insertions, 56 deletions
diff --git a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
index b03d3f74..0d65e547 100644
--- a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -505,65 +505,54 @@ public class XmppConnection implements Runnable {
return getPreferences().getBoolean("enable_legacy_ssl", false);
}
- private void switchOverToTls(final Tag currentTag) throws XmlPullParserException,
- IOException {
- tagReader.readTag();
- try {
- final SSLContext sc = SSLContext.getInstance("TLS");
- sc.init(null,
- new X509TrustManager[]{this.mXmppConnectionService.getMemorizingTrustManager()},
- mXmppConnectionService.getRNG());
- final SSLSocketFactory factory = sc.getSocketFactory();
-
- if (factory == null) {
- throw new IOException("SSLSocketFactory was null");
- }
-
- final HostnameVerifier verifier = this.mXmppConnectionService.getMemorizingTrustManager().wrapHostnameVerifier(new StrictHostnameVerifier());
+ private void switchOverToTls(final Tag currentTag) throws XmlPullParserException, IOException {
+ tagReader.readTag();
+ try {
+ final SSLContext sc = SSLContext.getInstance("TLS");
+ sc.init(null,new X509TrustManager[]{this.mXmppConnectionService.getMemorizingTrustManager()},mXmppConnectionService.getRNG());
+ final SSLSocketFactory factory = sc.getSocketFactory();
+ final HostnameVerifier verifier = this.mXmppConnectionService.getMemorizingTrustManager().wrapHostnameVerifier(new StrictHostnameVerifier());
+ final InetAddress address = socket == null ? null : socket.getInetAddress();
+
+ if (factory == null || address == null || verifier == null) {
+ throw new IOException("could not setup ssl");
+ }
- if (socket == null || socket.isClosed()) {
- throw new IOException("socket null or closed");
- }
- final InetAddress address = socket.getInetAddress();
- if (address == null) {
- throw new IOException("socket address was null");
- }
+ final SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,address.getHostAddress(), socket.getPort(),true);
- final SSLSocket sslSocket = (SSLSocket) factory.createSocket(socket,address.getHostAddress(), socket.getPort(),true);
+ if (sslSocket == null) {
+ throw new IOException("could not initialize ssl socket");
+ }
- // Support all protocols except legacy SSL.
- // The min SDK version prevents us having to worry about SSLv2. In
- // future, this may be true of SSLv3 as well.
- final String[] supportProtocols;
- if (enableLegacySSL()) {
- supportProtocols = sslSocket.getSupportedProtocols();
- } else {
- final Collection<String> supportedProtocols = new LinkedList<>(
- Arrays.asList(sslSocket.getSupportedProtocols()));
- supportedProtocols.remove("SSLv3");
- supportProtocols = new String[supportedProtocols.size()];
- supportedProtocols.toArray(supportProtocols);
- }
- sslSocket.setEnabledProtocols(supportProtocols);
-
- if (verifier != null
- && !verifier.verify(account.getServer().getDomainpart(),
- sslSocket.getSession())) {
- Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
- disconnect(true);
- changeStatus(Account.State.SECURITY_ERROR);
- }
- tagReader.setInputStream(sslSocket.getInputStream());
- tagWriter.setOutputStream(sslSocket.getOutputStream());
- sendStartStream();
- Log.d(Config.LOGTAG, account.getJid().toBareJid()
- + ": TLS connection established");
- enabledEncryption = true;
- processStream(tagReader.readTag());
- sslSocket.close();
- } catch (final NoSuchAlgorithmException | KeyManagementException e1) {
- e1.printStackTrace();
- }
+ final String[] supportProtocols;
+ if (enableLegacySSL()) {
+ supportProtocols = sslSocket.getSupportedProtocols();
+ } else {
+ final Collection<String> supportedProtocols = new LinkedList<>(
+ Arrays.asList(sslSocket.getSupportedProtocols()));
+ supportedProtocols.remove("SSLv3");
+ supportProtocols = new String[supportedProtocols.size()];
+ supportedProtocols.toArray(supportProtocols);
+ }
+ sslSocket.setEnabledProtocols(supportProtocols);
+
+ if (!verifier.verify(account.getServer().getDomainpart(),sslSocket.getSession())) {
+ Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
+ disconnect(true);
+ changeStatus(Account.State.SECURITY_ERROR);
+ }
+ tagReader.setInputStream(sslSocket.getInputStream());
+ tagWriter.setOutputStream(sslSocket.getOutputStream());
+ sendStartStream();
+ Log.d(Config.LOGTAG, account.getJid().toBareJid()+ ": TLS connection established");
+ enabledEncryption = true;
+ processStream(tagReader.readTag());
+ sslSocket.close();
+ } catch (final NoSuchAlgorithmException | KeyManagementException e1) {
+ Log.d(Config.LOGTAG,account.getJid().toBareJid()+": TLS certificate verification failed");
+ disconnect(true);
+ changeStatus(Account.State.SECURITY_ERROR);
+ }
}
private void processStreamFeatures(final Tag currentTag)