Do not offer TLS when no certificates were created. JM-895

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@6094 b35dd754-fafc-0310-a699-88a17e54d16e

src/java/org/jivesoftware/wildfire/ClientSession.java

@@ -18,6 +18,7 @@ import org.jivesoftware.util.Log;
 import org.jivesoftware.wildfire.auth.AuthToken;
 import org.jivesoftware.wildfire.auth.UnauthorizedException;
 import org.jivesoftware.wildfire.net.SASLAuthentication;
+import org.jivesoftware.wildfire.net.SSLConfig;
 import org.jivesoftware.wildfire.net.SocketConnection;
 import org.jivesoftware.wildfire.privacy.PrivacyList;
 import org.jivesoftware.wildfire.privacy.PrivacyListManager;
@@ -235,8 +236,20 @@ public class ClientSession extends Session {
 
         // Indicate the TLS policy to use for this connection
         if (!connection.isSecure()) {
+            boolean hasCertificates = false;
+            try {
+                hasCertificates = SSLConfig.getKeyStore().size() > 0;
+            }
+            catch (Exception e) {
+                Log.error(e);
+            }
+            if (Connection.TLSPolicy.required == tlsPolicy && !hasCertificates) {
+                Log.error("Client session rejected. TLS is required but no certificates " +
+                        "were created.");
+                return null;
+            }
             // Set default TLS policy
-            connection.setTlsPolicy(tlsPolicy);
+            connection.setTlsPolicy(hasCertificates ? tlsPolicy : Connection.TLSPolicy.disabled);
         } else {
             // Set default TLS policy
             connection.setTlsPolicy(Connection.TLSPolicy.disabled);

src/java/org/jivesoftware/wildfire/server/IncomingServerSession.java

@@ -13,12 +13,13 @@ package org.jivesoftware.wildfire.server;
 
 import org.dom4j.Element;
 import org.dom4j.io.XMPPPacketReader;
+import org.jivesoftware.util.JiveGlobals;
+import org.jivesoftware.util.Log;
 import org.jivesoftware.wildfire.*;
 import org.jivesoftware.wildfire.auth.UnauthorizedException;
 import org.jivesoftware.wildfire.net.SASLAuthentication;
+import org.jivesoftware.wildfire.net.SSLConfig;
 import org.jivesoftware.wildfire.net.SocketConnection;
-import org.jivesoftware.util.Log;
-import org.jivesoftware.util.JiveGlobals;
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmpp.packet.Packet;
@@ -152,8 +153,22 @@ public class IncomingServerSession extends Session {
         connection.deliverRawText(openingStream.toString());
 
         // Indicate the TLS policy to use for this connection
-        connection.setTlsPolicy(ServerDialback.isEnabled() ? Connection.TLSPolicy.optional :
-                Connection.TLSPolicy.required);
+        Connection.TLSPolicy tlsPolicy =
+                ServerDialback.isEnabled() ? Connection.TLSPolicy.optional :
+                        Connection.TLSPolicy.required;
+        boolean hasCertificates = false;
+        try {
+            hasCertificates = SSLConfig.getKeyStore().size() > 0;
+        }
+        catch (Exception e) {
+            Log.error(e);
+        }
+        if (Connection.TLSPolicy.required == tlsPolicy && !hasCertificates) {
+            Log.error("Server session rejected. TLS is required but no certificates " +
+                    "were created.");
+            return null;
+        }
+        connection.setTlsPolicy(hasCertificates ? tlsPolicy : Connection.TLSPolicy.disabled);
 
         // Indicate the compression policy to use for this connection
         String policyName = JiveGlobals.getProperty("xmpp.server.compression.policy",