Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
Openfire
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
Openfire
Commits
cc6be12e
Commit
cc6be12e
authored
Oct 22, 2015
by
Guus der Kinderen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
OF-946: Use constant instead of hard-coded property name.
parent
fe97ecbe
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
270 additions
and
265 deletions
+270
-265
SSLConfigSocketFactory.java
...org/jivesoftware/openfire/net/SSLConfigSocketFactory.java
+3
-2
TLSWrapper.java
src/java/org/jivesoftware/openfire/net/TLSWrapper.java
+263
-262
SimpleSSLSocketFactory.java
src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java
+4
-1
No files found.
src/java/org/jivesoftware/openfire/net/SSLConfigSocketFactory.java
View file @
cc6be12e
...
...
@@ -3,6 +3,7 @@ package org.jivesoftware.openfire.net;
import
org.jivesoftware.openfire.keystore.IdentityStoreConfig
;
import
org.jivesoftware.openfire.keystore.Purpose
;
import
org.jivesoftware.openfire.keystore.TrustStoreConfig
;
import
org.jivesoftware.openfire.session.ConnectionSettings
;
import
org.jivesoftware.util.CertificateEventListener
;
import
org.jivesoftware.util.CertificateManager
;
import
org.jivesoftware.util.JiveGlobals
;
...
...
@@ -104,7 +105,7 @@ public class SSLConfigSocketFactory
final
IdentityStoreConfig
identityStoreConfig
=
(
IdentityStoreConfig
)
SSLConfig
.
getInstance
().
getStoreConfig
(
Purpose
.
SOCKETBASED_IDENTITYSTORE
);
final
TrustStoreConfig
trustStoreConfig
=
(
TrustStoreConfig
)
SSLConfig
.
getInstance
().
getStoreConfig
(
Purpose
.
SOCKETBASED_C2S_TRUSTSTORE
);
final
String
algorithm
=
JiveGlobals
.
getProperty
(
"xmpp.socket.ssl.algorithm"
,
"TLS"
);
final
String
algorithm
=
JiveGlobals
.
getProperty
(
ConnectionSettings
.
Client
.
TLS_ALGORITHM
,
"TLS"
);
final
SSLContext
context
=
SSLContext
.
getInstance
(
algorithm
);
context
.
init
(
identityStoreConfig
.
getKeyManagers
(),
trustStoreConfig
.
getTrustManagers
(),
new
java
.
security
.
SecureRandom
()
);
...
...
@@ -116,7 +117,7 @@ public class SSLConfigSocketFactory
final
IdentityStoreConfig
identityStoreConfig
=
(
IdentityStoreConfig
)
SSLConfig
.
getInstance
().
getStoreConfig
(
Purpose
.
SOCKETBASED_IDENTITYSTORE
);
final
TrustStoreConfig
trustStoreConfig
=
(
TrustStoreConfig
)
SSLConfig
.
getInstance
().
getStoreConfig
(
Purpose
.
SOCKETBASED_S2S_TRUSTSTORE
);
final
String
algorithm
=
JiveGlobals
.
getProperty
(
"xmpp.socket.ssl.algorithm"
,
"TLS"
);
final
String
algorithm
=
JiveGlobals
.
getProperty
(
ConnectionSettings
.
Client
.
TLS_ALGORITHM
,
"TLS"
);
final
SSLContext
context
=
SSLContext
.
getInstance
(
algorithm
);
context
.
init
(
identityStoreConfig
.
getKeyManagers
(),
trustStoreConfig
.
getTrustManagers
(),
new
java
.
security
.
SecureRandom
()
);
...
...
src/java/org/jivesoftware/openfire/net/TLSWrapper.java
View file @
cc6be12e
/**
* $RCSfile$
* $Revision: $
* $Date: $
*
* Copyright (C) 2005-2008 Jive Software and Artur Hefczyc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org
.
jivesoftware
.
openfire
.
net
;
import
java.nio.ByteBuffer
;
/**
* $RCSfile$
* $Revision: $
* $Date: $
*
* Copyright (C) 2005-2008 Jive Software and Artur Hefczyc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org
.
jivesoftware
.
openfire
.
net
;
import
java.nio.ByteBuffer
;
import
java.security.*
;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLEngine
;
import
javax.net.ssl.SSLEngineResult
;
import
javax.net.ssl.SSLException
;
import
javax.net.ssl.SSLSession
;
import
javax.net.ssl.TrustManager
;
import
javax.net.ssl.SSLEngineResult.HandshakeStatus
;
import
javax.net.ssl.SSLEngineResult.Status
;
import
org.jivesoftware.openfire.Connection
;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLEngine
;
import
javax.net.ssl.SSLEngineResult
;
import
javax.net.ssl.SSLException
;
import
javax.net.ssl.SSLSession
;
import
javax.net.ssl.TrustManager
;
import
javax.net.ssl.SSLEngineResult.HandshakeStatus
;
import
javax.net.ssl.SSLEngineResult.Status
;
import
org.jivesoftware.openfire.Connection
;
import
org.jivesoftware.openfire.keystore.IdentityStoreConfig
;
import
org.jivesoftware.openfire.keystore.Purpose
;
import
org.jivesoftware.openfire.keystore.TrustStoreConfig
;
import
org.jivesoftware.util.JiveGlobals
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
/**
* Creates and initializes the SSLContext instance to use to secure the plain connection. This
* class is also responsible for encoding and decoding the encrypted data and place it into
* the corresponding the {@link ByteBuffer}.
*
* @author Artur Hefczyc
* @author Hao Chen
*/
public
class
TLSWrapper
{
private
static
final
Logger
Log
=
LoggerFactory
.
getLogger
(
TLSWrapper
.
class
);
/*
* Enables logging of the SSLEngine operations.
*/
private
boolean
logging
=
false
;
private
SSLEngine
tlsEngine
;
private
SSLEngineResult
tlsEngineResult
;
private
int
netBuffSize
;
private
int
appBuffSize
;
public
TLSWrapper
(
Connection
connection
,
boolean
clientMode
,
boolean
needClientAuth
,
String
remoteServer
)
{
import
org.jivesoftware.openfire.session.ConnectionSettings
;
import
org.jivesoftware.util.JiveGlobals
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
/**
* Creates and initializes the SSLContext instance to use to secure the plain connection. This
* class is also responsible for encoding and decoding the encrypted data and place it into
* the corresponding the {@link ByteBuffer}.
*
* @author Artur Hefczyc
* @author Hao Chen
*/
public
class
TLSWrapper
{
private
static
final
Logger
Log
=
LoggerFactory
.
getLogger
(
TLSWrapper
.
class
);
/*
* Enables logging of the SSLEngine operations.
*/
private
boolean
logging
=
false
;
private
SSLEngine
tlsEngine
;
private
SSLEngineResult
tlsEngineResult
;
private
int
netBuffSize
;
private
int
appBuffSize
;
public
TLSWrapper
(
Connection
connection
,
boolean
clientMode
,
boolean
needClientAuth
,
String
remoteServer
)
{
final
boolean
isClientToServer
=
(
remoteServer
==
null
);
// Create/initialize the SSLContext with key material
try
{
// First initialize the key and trust material.
// Create/initialize the SSLContext with key material
try
{
// First initialize the key and trust material.
final
SSLConfig
sslConfig
=
SSLConfig
.
getInstance
();
final
Purpose
purpose
=
(
isClientToServer
?
Purpose
.
SOCKETBASED_C2S_TRUSTSTORE
:
Purpose
.
SOCKETBASED_S2S_TRUSTSTORE
);
final
TrustStoreConfig
trustStoreConfig
=
(
TrustStoreConfig
)
sslConfig
.
getStoreConfig
(
purpose
);
// TrustManager's decide whether to allow connections.
// TrustManager's decide whether to allow connections.
final
TrustManager
[]
tm
;
if
(
clientMode
||
needClientAuth
)
...
...
@@ -81,210 +82,210 @@ public class TLSWrapper {
final
KeyStore
ksTrust
=
trustStoreConfig
.
getStore
();
if
(
isClientToServer
)
{
// Check if we can trust certificates presented by the client
tm
=
new
TrustManager
[]{
new
ClientTrustManager
(
ksTrust
)};
}
// Check if we can trust certificates presented by the client
tm
=
new
TrustManager
[]{
new
ClientTrustManager
(
ksTrust
)};
}
else
{
// Check if we can trust certificates presented by the server
tm
=
new
TrustManager
[]{
new
ServerTrustManager
(
remoteServer
,
ksTrust
,
connection
)};
}
}
// Check if we can trust certificates presented by the server
tm
=
new
TrustManager
[]{
new
ServerTrustManager
(
remoteServer
,
ksTrust
,
connection
)};
}
}
else
{
tm
=
trustStoreConfig
.
getTrustManagers
();
}
final
IdentityStoreConfig
identityStoreConfig
=
(
IdentityStoreConfig
)
sslConfig
.
getStoreConfig
(
Purpose
.
SOCKETBASED_IDENTITYSTORE
);
final
String
algorithm
=
JiveGlobals
.
getProperty
(
"xmpp.socket.ssl.algorithm"
,
"TLS"
);
final
String
algorithm
=
JiveGlobals
.
getProperty
(
ConnectionSettings
.
Client
.
TLS_ALGORITHM
,
"TLS"
);
final
SSLContext
tlsContext
=
SSLContext
.
getInstance
(
algorithm
);
tlsContext
.
init
(
identityStoreConfig
.
getKeyManagers
(),
tm
,
null
);
/*
* Configure the tlsEngine to act as a server in the SSL/TLS handshake. We're a server,
* so no need to use host/port variant.
*
* The first call for a server is a NEED_UNWRAP.
*/
tlsEngine
=
tlsContext
.
createSSLEngine
();
tlsEngine
.
setUseClientMode
(
clientMode
);
SSLSession
sslSession
=
tlsEngine
.
getSession
();
netBuffSize
=
sslSession
.
getPacketBufferSize
();
appBuffSize
=
sslSession
.
getApplicationBufferSize
();
/*
* Configure the tlsEngine to act as a server in the SSL/TLS handshake. We're a server,
* so no need to use host/port variant.
*
* The first call for a server is a NEED_UNWRAP.
*/
tlsEngine
=
tlsContext
.
createSSLEngine
();
tlsEngine
.
setUseClientMode
(
clientMode
);
SSLSession
sslSession
=
tlsEngine
.
getSession
();
netBuffSize
=
sslSession
.
getPacketBufferSize
();
appBuffSize
=
sslSession
.
getApplicationBufferSize
();
}
catch
(
NoSuchAlgorithmException
|
KeyManagementException
ex
)
{
Log
.
error
(
"TLSHandler startup problem. SSLContext initialisation failed."
,
ex
);
}
}
public
int
getNetBuffSize
()
{
return
netBuffSize
;
}
public
int
getAppBuffSize
()
{
return
appBuffSize
;
}
/**
* Returns whether unwrap(ByteBuffer, ByteBuffer) will accept any more inbound data messages and
* whether wrap(ByteBuffer, ByteBuffer) will produce any more outbound data messages.
*
* @return true if the TLSHandler will not consume anymore network data and will not produce any
* anymore network data.
*/
public
boolean
isEngineClosed
()
{
return
(
tlsEngine
.
isOutboundDone
()
&&
tlsEngine
.
isInboundDone
());
}
public
void
enableLogging
(
boolean
logging
)
{
this
.
logging
=
logging
;
}
/**
* Attempts to decode SSL/TLS network data into a subsequence of plaintext application data
* buffers. Depending on the state of the TLSWrapper, this method may consume network data
* without producing any application data (for example, it may consume handshake data.)
*
* If this TLSWrapper has not yet started its initial handshake, this method will automatically
* start the handshake.
*
* @param net a ByteBuffer containing inbound network data
* @param app a ByteBuffer to hold inbound application data
* @return a ByteBuffer containing inbound application data
* @throws SSLException A problem was encountered while processing the data that caused the
* TLSHandler to abort.
*/
public
ByteBuffer
unwrap
(
ByteBuffer
net
,
ByteBuffer
app
)
throws
SSLException
{
ByteBuffer
out
=
app
;
out
=
resizeApplicationBuffer
(
out
);
// guarantees enough room for unwrap
tlsEngineResult
=
tlsEngine
.
unwrap
(
net
,
out
);
log
(
"server unwrap: "
,
tlsEngineResult
);
if
(
tlsEngineResult
.
getHandshakeStatus
()
==
HandshakeStatus
.
NEED_TASK
)
{
// If the result indicates that we have outstanding tasks to do, go
// ahead and run them in this thread.
doTasks
();
}
return
out
;
}
/**
* Attempts to encode a buffer of plaintext application data into TLS network data. Depending on
* the state of the TLSWrapper, this method may produce network data without consuming any
* application data (for example, it may generate handshake data).
*
* If this TLSWrapper has not yet started its initial handshake, this method will automatically
* start the handshake.
*
* @param app a ByteBuffer containing outbound application data
* @param net a ByteBuffer to hold outbound network data
* @throws SSLException A problem was encountered while processing the data that caused the
* TLSWrapper to abort.
*/
public
void
wrap
(
ByteBuffer
app
,
ByteBuffer
net
)
throws
SSLException
{
tlsEngineResult
=
tlsEngine
.
wrap
(
app
,
net
);
log
(
"server wrap: "
,
tlsEngineResult
);
if
(
tlsEngineResult
.
getHandshakeStatus
()
==
HandshakeStatus
.
NEED_TASK
)
{
// If the result indicates that we have outstanding tasks to do, go
// ahead and run them in this thread.
doTasks
();
}
}
/**
* Signals that no more outbound application data will be sent on this TLSHandler.
*
* @throws SSLException
*/
public
void
close
()
throws
SSLException
{
// Indicate that application is done with engine
tlsEngine
.
closeOutbound
();
}
/**
* Returns the current status for this TLSHandler.
*
* @return the current TLSStatus
*/
public
TLSStatus
getStatus
()
{
TLSStatus
status
=
null
;
if
(
tlsEngineResult
!=
null
&&
tlsEngineResult
.
getStatus
()
==
Status
.
BUFFER_UNDERFLOW
)
{
status
=
TLSStatus
.
UNDERFLOW
;
}
else
{
if
(
tlsEngineResult
!=
null
&&
tlsEngineResult
.
getStatus
()
==
Status
.
CLOSED
)
{
status
=
TLSStatus
.
CLOSED
;
}
else
{
switch
(
tlsEngine
.
getHandshakeStatus
())
{
case
NEED_WRAP:
status
=
TLSStatus
.
NEED_WRITE
;
break
;
case
NEED_UNWRAP:
status
=
TLSStatus
.
NEED_READ
;
break
;
default
:
status
=
TLSStatus
.
OK
;
break
;
}
}
}
return
status
;
}
private
ByteBuffer
resizeApplicationBuffer
(
ByteBuffer
app
)
{
// TODO Creating new buffers and copying over old one may not scale and may even be a
// security risk. Consider using views. Thanks to Noah for the tip.
if
(
app
.
remaining
()
<
appBuffSize
)
{
ByteBuffer
bb
=
ByteBuffer
.
allocate
(
app
.
capacity
()
+
appBuffSize
);
app
.
flip
();
bb
.
put
(
app
);
return
bb
;
}
else
{
return
app
;
}
}
/*
* Do all the outstanding handshake tasks in the current Thread.
*/
private
SSLEngineResult
.
HandshakeStatus
doTasks
()
{
Runnable
runnable
;
/*
* We could run this in a separate thread, but do in the current for now.
*/
while
((
runnable
=
tlsEngine
.
getDelegatedTask
())
!=
null
)
{
runnable
.
run
();
}
return
tlsEngine
.
getHandshakeStatus
();
}
/*
* Logging code
*/
private
boolean
resultOnce
=
true
;
private
void
log
(
String
str
,
SSLEngineResult
result
)
{
if
(!
logging
)
{
return
;
}
if
(
resultOnce
)
{
resultOnce
=
false
;
Log
.
info
(
"The format of the SSLEngineResult is: \n"
+
"\t\"getStatus() / getHandshakeStatus()\" +\n"
+
"\t\"bytesConsumed() / bytesProduced()\"\n"
);
}
HandshakeStatus
hsStatus
=
result
.
getHandshakeStatus
();
Log
.
info
(
str
+
result
.
getStatus
()
+
"/"
+
hsStatus
+
", "
+
result
.
bytesConsumed
()
+
"/"
+
result
.
bytesProduced
()
+
" bytes"
);
if
(
hsStatus
==
HandshakeStatus
.
FINISHED
)
{
Log
.
info
(
"\t...ready for application data"
);
}
}
protected
SSLEngine
getTlsEngine
()
{
return
tlsEngine
;
}
}
}
}
public
int
getNetBuffSize
()
{
return
netBuffSize
;
}
public
int
getAppBuffSize
()
{
return
appBuffSize
;
}
/**
* Returns whether unwrap(ByteBuffer, ByteBuffer) will accept any more inbound data messages and
* whether wrap(ByteBuffer, ByteBuffer) will produce any more outbound data messages.
*
* @return true if the TLSHandler will not consume anymore network data and will not produce any
* anymore network data.
*/
public
boolean
isEngineClosed
()
{
return
(
tlsEngine
.
isOutboundDone
()
&&
tlsEngine
.
isInboundDone
());
}
public
void
enableLogging
(
boolean
logging
)
{
this
.
logging
=
logging
;
}
/**
* Attempts to decode SSL/TLS network data into a subsequence of plaintext application data
* buffers. Depending on the state of the TLSWrapper, this method may consume network data
* without producing any application data (for example, it may consume handshake data.)
*
* If this TLSWrapper has not yet started its initial handshake, this method will automatically
* start the handshake.
*
* @param net a ByteBuffer containing inbound network data
* @param app a ByteBuffer to hold inbound application data
* @return a ByteBuffer containing inbound application data
* @throws SSLException A problem was encountered while processing the data that caused the
* TLSHandler to abort.
*/
public
ByteBuffer
unwrap
(
ByteBuffer
net
,
ByteBuffer
app
)
throws
SSLException
{
ByteBuffer
out
=
app
;
out
=
resizeApplicationBuffer
(
out
);
// guarantees enough room for unwrap
tlsEngineResult
=
tlsEngine
.
unwrap
(
net
,
out
);
log
(
"server unwrap: "
,
tlsEngineResult
);
if
(
tlsEngineResult
.
getHandshakeStatus
()
==
HandshakeStatus
.
NEED_TASK
)
{
// If the result indicates that we have outstanding tasks to do, go
// ahead and run them in this thread.
doTasks
();
}
return
out
;
}
/**
* Attempts to encode a buffer of plaintext application data into TLS network data. Depending on
* the state of the TLSWrapper, this method may produce network data without consuming any
* application data (for example, it may generate handshake data).
*
* If this TLSWrapper has not yet started its initial handshake, this method will automatically
* start the handshake.
*
* @param app a ByteBuffer containing outbound application data
* @param net a ByteBuffer to hold outbound network data
* @throws SSLException A problem was encountered while processing the data that caused the
* TLSWrapper to abort.
*/
public
void
wrap
(
ByteBuffer
app
,
ByteBuffer
net
)
throws
SSLException
{
tlsEngineResult
=
tlsEngine
.
wrap
(
app
,
net
);
log
(
"server wrap: "
,
tlsEngineResult
);
if
(
tlsEngineResult
.
getHandshakeStatus
()
==
HandshakeStatus
.
NEED_TASK
)
{
// If the result indicates that we have outstanding tasks to do, go
// ahead and run them in this thread.
doTasks
();
}
}
/**
* Signals that no more outbound application data will be sent on this TLSHandler.
*
* @throws SSLException
*/
public
void
close
()
throws
SSLException
{
// Indicate that application is done with engine
tlsEngine
.
closeOutbound
();
}
/**
* Returns the current status for this TLSHandler.
*
* @return the current TLSStatus
*/
public
TLSStatus
getStatus
()
{
TLSStatus
status
=
null
;
if
(
tlsEngineResult
!=
null
&&
tlsEngineResult
.
getStatus
()
==
Status
.
BUFFER_UNDERFLOW
)
{
status
=
TLSStatus
.
UNDERFLOW
;
}
else
{
if
(
tlsEngineResult
!=
null
&&
tlsEngineResult
.
getStatus
()
==
Status
.
CLOSED
)
{
status
=
TLSStatus
.
CLOSED
;
}
else
{
switch
(
tlsEngine
.
getHandshakeStatus
())
{
case
NEED_WRAP:
status
=
TLSStatus
.
NEED_WRITE
;
break
;
case
NEED_UNWRAP:
status
=
TLSStatus
.
NEED_READ
;
break
;
default
:
status
=
TLSStatus
.
OK
;
break
;
}
}
}
return
status
;
}
private
ByteBuffer
resizeApplicationBuffer
(
ByteBuffer
app
)
{
// TODO Creating new buffers and copying over old one may not scale and may even be a
// security risk. Consider using views. Thanks to Noah for the tip.
if
(
app
.
remaining
()
<
appBuffSize
)
{
ByteBuffer
bb
=
ByteBuffer
.
allocate
(
app
.
capacity
()
+
appBuffSize
);
app
.
flip
();
bb
.
put
(
app
);
return
bb
;
}
else
{
return
app
;
}
}
/*
* Do all the outstanding handshake tasks in the current Thread.
*/
private
SSLEngineResult
.
HandshakeStatus
doTasks
()
{
Runnable
runnable
;
/*
* We could run this in a separate thread, but do in the current for now.
*/
while
((
runnable
=
tlsEngine
.
getDelegatedTask
())
!=
null
)
{
runnable
.
run
();
}
return
tlsEngine
.
getHandshakeStatus
();
}
/*
* Logging code
*/
private
boolean
resultOnce
=
true
;
private
void
log
(
String
str
,
SSLEngineResult
result
)
{
if
(!
logging
)
{
return
;
}
if
(
resultOnce
)
{
resultOnce
=
false
;
Log
.
info
(
"The format of the SSLEngineResult is: \n"
+
"\t\"getStatus() / getHandshakeStatus()\" +\n"
+
"\t\"bytesConsumed() / bytesProduced()\"\n"
);
}
HandshakeStatus
hsStatus
=
result
.
getHandshakeStatus
();
Log
.
info
(
str
+
result
.
getStatus
()
+
"/"
+
hsStatus
+
", "
+
result
.
bytesConsumed
()
+
"/"
+
result
.
bytesProduced
()
+
" bytes"
);
if
(
hsStatus
==
HandshakeStatus
.
FINISHED
)
{
Log
.
info
(
"\t...ready for application data"
);
}
}
protected
SSLEngine
getTlsEngine
()
{
return
tlsEngine
;
}
}
src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java
View file @
cc6be12e
...
...
@@ -37,8 +37,11 @@ import java.security.cert.CertificateException;
import
java.security.cert.CertificateExpiredException
;
import
java.security.cert.CertificateNotYetValidException
;
import
java.security.cert.X509Certificate
;
import
java.util.Comparator
;
import
org.jivesoftware.openfire.session.ConnectionSettings
;
/**
* SSLSocketFactory that accepts any certificate chain and also accepts expired
* certificates.
...
...
@@ -54,7 +57,7 @@ public class SimpleSSLSocketFactory extends SSLSocketFactory implements Comparat
public
SimpleSSLSocketFactory
()
{
try
{
String
algorithm
=
JiveGlobals
.
getProperty
(
"xmpp.socket.ssl.algorithm"
,
"TLS"
);
String
algorithm
=
JiveGlobals
.
getProperty
(
ConnectionSettings
.
Client
.
TLS_ALGORITHM
,
"TLS"
);
SSLContext
sslcontent
=
SSLContext
.
getInstance
(
algorithm
);
sslcontent
.
init
(
null
,
// KeyManager not required
new
TrustManager
[]
{
new
DummyTrustManager
()
},
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment