| 71 |
71 |
private boolean wasAuthenticated = false;
|
| 72 |
72 |
private boolean anonymous = false;
|
| 73 |
73 |
private boolean usingTLS = false;
|
|
74 |
private boolean usingSSL = false;
|
| 74 |
75 |
|
| 75 |
76 |
PacketWriter packetWriter;
|
| 76 |
77 |
PacketReader packetReader;
|
| ... | ... | |
| 384 |
385 |
return connected;
|
| 385 |
386 |
}
|
| 386 |
387 |
|
|
388 |
/**
|
|
389 |
*
|
|
390 |
* Returns true if the connection to the server is using legacy SSL or has successfully
|
|
391 |
* negotiated TLS. Once TLS has been negotiatied the connection has been secured. @see #isUsingTLS. @see #isUsingSSL.
|
|
392 |
*
|
|
393 |
* @return true if a secure connection to the server.
|
|
394 |
*/
|
| 387 |
395 |
public boolean isSecureConnection() {
|
| 388 |
|
return isUsingTLS();
|
|
396 |
return isUsingTLS() || isUsingSSL();
|
| 389 |
397 |
}
|
| 390 |
398 |
|
| 391 |
399 |
public boolean isAuthenticated() {
|
| ... | ... | |
| 541 |
549 |
else {
|
| 542 |
550 |
this.socket = config.getSocketFactory().createSocket(host, port);
|
| 543 |
551 |
}
|
|
552 |
if (ConnectionConfiguration.SecurityMode.legacy == config.getSecurityMode()) {
|
|
553 |
enableEncryption(false);
|
|
554 |
usingSSL = true;
|
|
555 |
}
|
| 544 |
556 |
}
|
| 545 |
557 |
catch (UnknownHostException uhe) {
|
| 546 |
558 |
String errorMessage = "Could not connect to " + host + ":" + port + ".";
|
| ... | ... | |
| 554 |
566 |
throw new XMPPException(errorMessage, new XMPPError(
|
| 555 |
567 |
XMPPError.Condition.remote_server_error, errorMessage), ioe);
|
| 556 |
568 |
}
|
|
569 |
catch (Exception e) {
|
|
570 |
String errorMessage = "Error during connection encryption to " + host + ":" + port + ".";
|
|
571 |
throw new XMPPException(errorMessage, new XMPPError(
|
|
572 |
XMPPError.Condition.remote_server_error, errorMessage), e);
|
|
573 |
}
|
| 557 |
574 |
initConnection();
|
| 558 |
575 |
}
|
| 559 |
576 |
|
| ... | ... | |
| 704 |
721 |
"XMPPError establishing connection with server."),
|
| 705 |
722 |
ioe);
|
| 706 |
723 |
}
|
|
724 |
catch (Exception e) {
|
|
725 |
String errorMessage = "Could not enable SSL encryption while connecting to server.";
|
|
726 |
throw new XMPPException(errorMessage, new XMPPError(
|
|
727 |
XMPPError.Condition.remote_server_error, errorMessage), e);
|
|
728 |
}
|
| 707 |
729 |
|
| 708 |
730 |
// If debugging is enabled, we open a window and write out all network traffic.
|
| 709 |
731 |
initDebugger();
|
| 710 |
732 |
}
|
| 711 |
733 |
|
| 712 |
734 |
/***********************************************
|
| 713 |
|
* TLS code below
|
|
735 |
* TLS/SSL code below
|
| 714 |
736 |
**********************************************/
|
| 715 |
737 |
|
| 716 |
738 |
/**
|
| ... | ... | |
| 724 |
746 |
}
|
| 725 |
747 |
|
| 726 |
748 |
/**
|
|
749 |
* Returns true if the connection to the server is using legacy SSL.
|
|
750 |
*
|
|
751 |
* @return true if the connection to the server is using legacy SSL.
|
|
752 |
*/
|
|
753 |
public boolean isUsingSSL() {
|
|
754 |
return usingSSL;
|
|
755 |
}
|
|
756 |
|
|
757 |
/**
|
| 727 |
758 |
* Notification message saying that the server supports TLS so confirm the server that we
|
| 728 |
759 |
* want to secure the connection.
|
| 729 |
760 |
*
|
| ... | ... | |
| 737 |
768 |
return;
|
| 738 |
769 |
}
|
| 739 |
770 |
|
| 740 |
|
if (config.getSecurityMode() == ConnectionConfiguration.SecurityMode.disabled) {
|
| 741 |
|
// Do not secure the connection using TLS since TLS was disabled
|
|
771 |
if (required && usingSSL) {
|
|
772 |
packetReader.notifyConnectionError(new IllegalStateException(
|
|
773 |
"TLS required by server but legacy SSL already enabled"));
|
| 742 |
774 |
return;
|
| 743 |
775 |
}
|
|
776 |
|
|
777 |
|
|
778 |
if ((config.getSecurityMode() == ConnectionConfiguration.SecurityMode.disabled) ||
|
|
779 |
(config.getSecurityMode() == ConnectionConfiguration.SecurityMode.legacy)) {
|
|
780 |
// Do not secure the connection using TLS since TLS was disabled or we are using SSL.
|
|
781 |
return;
|
|
782 |
}
|
|
783 |
|
| 744 |
784 |
try {
|
| 745 |
785 |
writer.write("<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>");
|
| 746 |
786 |
writer.flush();
|
| ... | ... | |
| 750 |
790 |
}
|
| 751 |
791 |
}
|
| 752 |
792 |
|
| 753 |
|
/**
|
| 754 |
|
* The server has indicated that TLS negotiation can start. We now need to secure the
|
| 755 |
|
* existing plain connection and perform a handshake. This method won't return until the
|
| 756 |
|
* connection has finished the handshake or an error occured while securing the connection.
|
| 757 |
|
*
|
| 758 |
|
* @throws Exception if an exception occurs.
|
| 759 |
|
*/
|
| 760 |
|
void proceedTLSReceived() throws Exception {
|
| 761 |
|
SSLContext context = SSLContext.getInstance("TLS");
|
|
793 |
private void enableEncryption(boolean tls) throws Exception {
|
|
794 |
SSLContext context = SSLContext.getInstance(tls ? "TLS" : "SSL");
|
| 762 |
795 |
KeyStore ks = null;
|
| 763 |
796 |
KeyManager[] kms = null;
|
| 764 |
797 |
PasswordCallback pcb = null;
|
| ... | ... | |
| 831 |
864 |
plain.getInetAddress().getHostName(), plain.getPort(), true);
|
| 832 |
865 |
socket.setSoTimeout(0);
|
| 833 |
866 |
socket.setKeepAlive(true);
|
|
867 |
}
|
|
868 |
|
|
869 |
/**
|
|
870 |
* The server has indicated that TLS negotiation can start. We now need to secure the
|
|
871 |
* existing plain connection and perform a handshake. This method won't return until the
|
|
872 |
* connection has finished the handshake or an error occured while securing the connection.
|
|
873 |
*
|
|
874 |
* @throws Exception if an exception occurs.
|
|
875 |
*/
|
|
876 |
void proceedTLSReceived() throws Exception {
|
|
877 |
enableEncryption(true);
|
| 834 |
878 |
// Initialize the reader and writer with the new secured version
|
| 835 |
879 |
initReaderAndWriter();
|
| 836 |
880 |
// Proceed to do the handshake
|