Do not offer TLS when no certificates were created. JM-895

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@6094 b35dd754-fafc-0310-a699-88a17e54d16e

Do not offer TLS when no certificates were created. JM-895
git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@6094 b35dd754-fafc-0310-a699-88a17e54d16e
6e82fc15 · Gaston Dombiak · gato · 00319ac7 · 6e82fc15 · 6e82fc15
Commit 6e82fc15 authored Nov 13, 2006 by Gaston Dombiak Committed by gato Nov 13, 2006
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 5 deletions

ClientSession.java src/java/org/jivesoftware/wildfire/ClientSession.java +14 -1

IncomingServerSession.java ...g/jivesoftware/wildfire/server/IncomingServerSession.java +19 -4

No files found.
--- a/src/java/org/jivesoftware/wildfire/ClientSession.java
+++ b/src/java/org/jivesoftware/wildfire/ClientSession.java
@@ -18,6 +18,7 @@ import org.jivesoftware.util.Log;
 import org.jivesoftware.wildfire.auth.AuthToken;
 import org.jivesoftware.wildfire.auth.UnauthorizedException;
 import org.jivesoftware.wildfire.net.SASLAuthentication;
+import org.jivesoftware.wildfire.net.SSLConfig;
 import org.jivesoftware.wildfire.net.SocketConnection;
 import org.jivesoftware.wildfire.privacy.PrivacyList;
 import org.jivesoftware.wildfire.privacy.PrivacyListManager;
@@ -235,8 +236,20 @@ public class ClientSession extends Session {
        // Indicate the TLS policy to use for this connection
        if (!connection.isSecure()) {
+            boolean hasCertificates = false;
+            try {
+                hasCertificates = SSLConfig.getKeyStore().size() > 0;
+            }
+            catch (Exception e) {
+                Log.error(e);
+            }
+            if (Connection.TLSPolicy.required == tlsPolicy && !hasCertificates) {
+                Log.error("Client session rejected. TLS is required but no certificates " +
+                        "were created.");
+                return null;
+            }
            // Set default TLS policy
-            connection.setTlsPolicy(tlsPolicy);
+            connection.setTlsPolicy(hasCertificates ? tlsPolicy : Connection.TLSPolicy.disabled);
        } else {
            // Set default TLS policy
            connection.setTlsPolicy(Connection.TLSPolicy.disabled);

--- a/src/java/org/jivesoftware/wildfire/server/IncomingServerSession.java
+++ b/src/java/org/jivesoftware/wildfire/server/IncomingServerSession.java
@@ -13,12 +13,13 @@ package org.jivesoftware.wildfire.server;
 import org.dom4j.Element;
 import org.dom4j.io.XMPPPacketReader;
+import org.jivesoftware.util.JiveGlobals;
+import org.jivesoftware.util.Log;
 import org.jivesoftware.wildfire.*;
 import org.jivesoftware.wildfire.auth.UnauthorizedException;
 import org.jivesoftware.wildfire.net.SASLAuthentication;
+import org.jivesoftware.wildfire.net.SSLConfig;
 import org.jivesoftware.wildfire.net.SocketConnection;
-import org.jivesoftware.util.Log;
-import org.jivesoftware.util.JiveGlobals;
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmpp.packet.Packet;
@@ -152,8 +153,22 @@ public class IncomingServerSession extends Session {
        connection.deliverRawText(openingStream.toString());
        // Indicate the TLS policy to use for this connection
-        connection.setTlsPolicy(ServerDialback.isEnabled() ? Connection.TLSPolicy.optional :
+        Connection.TLSPolicy tlsPolicy =
-                Connection.TLSPolicy.required);
+                ServerDialback.isEnabled() ? Connection.TLSPolicy.optional :
+                        Connection.TLSPolicy.required;
+        boolean hasCertificates = false;
+        try {
+            hasCertificates = SSLConfig.getKeyStore().size() > 0;
+        }
+        catch (Exception e) {
+            Log.error(e);
+        }
+        if (Connection.TLSPolicy.required == tlsPolicy && !hasCertificates) {
+            Log.error("Server session rejected. TLS is required but no certificates " +
+                    "were created.");
+            return null;
+        }
+        connection.setTlsPolicy(hasCertificates ? tlsPolicy : Connection.TLSPolicy.disabled);
        // Indicate the compression policy to use for this connection
        String policyName = JiveGlobals.getProperty("xmpp.server.compression.policy",