mirror of
https://github.com/igniterealtime/Spark.git
synced 2025-10-29 19:57:28 +00:00
LoginDialog and AccountCreationWizard: extract configureConnectionTls()
This commit is contained in:
Sergey Ponomarev
parent
1d58ed1125
commit
6ee0092a74
@ -363,7 +363,22 @@ public class AccountCreationWizard extends JPanel {
|
||||
{
|
||||
builder.setHost( localPreferences.getXmppHost() );
|
||||
}
|
||||
|
||||
configureConnectionTls(builder, securityMode, useDirectTls, hostPortConfigured, serverName);
|
||||
|
||||
final XMPPTCPConnectionConfiguration configuration = builder.build();
|
||||
|
||||
final AbstractXMPPConnection connection = new XMPPTCPConnection( configuration );
|
||||
connection.setParsingExceptionCallback( new ExceptionLoggingCallback() );
|
||||
try {
|
||||
connection.connect();
|
||||
} catch (InterruptedException e) {
|
||||
throw new IllegalStateException(e);
|
||||
}
|
||||
|
||||
return connection;
|
||||
}
|
||||
|
||||
private void configureConnectionTls(XMPPTCPConnectionConfiguration.Builder builder, ConnectionConfiguration.SecurityMode securityMode, boolean useDirectTls, boolean hostPortConfigured, String serverName) throws SmackException.SmackMessageException {
|
||||
if (securityMode != ConnectionConfiguration.SecurityMode.disabled) {
|
||||
if (!useDirectTls) {
|
||||
// This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
|
||||
@ -398,18 +413,6 @@ public class AccountCreationWizard extends JPanel {
|
||||
builder.setSecurityMode( ConnectionConfiguration.SecurityMode.ifpossible );
|
||||
}
|
||||
}
|
||||
|
||||
final XMPPTCPConnectionConfiguration configuration = builder.build();
|
||||
|
||||
final AbstractXMPPConnection connection = new XMPPTCPConnection( configuration );
|
||||
connection.setParsingExceptionCallback( new ExceptionLoggingCallback() );
|
||||
try {
|
||||
connection.connect();
|
||||
} catch (InterruptedException e) {
|
||||
throw new IllegalStateException(e);
|
||||
}
|
||||
|
||||
return connection;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -289,45 +289,7 @@ public class LoginDialog {
|
||||
if (localPref.isProxyEnabled()) {
|
||||
builder.setProxyInfo(proxyInfo);
|
||||
}
|
||||
|
||||
if (securityMode != ConnectionConfiguration.SecurityMode.disabled) {
|
||||
if (localPref.isDisableHostnameVerification()) {
|
||||
TLSUtils.disableHostnameVerificationForTlsCertificates(builder);
|
||||
}
|
||||
if (!useDirectTls) {
|
||||
// This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
|
||||
// plain connections which is 5222.
|
||||
SparkSSLContextCreator.Options options = localPref.isAllowClientSideAuthentication() ? BOTH : ONLY_SERVER_SIDE;
|
||||
try {
|
||||
SSLContext context = SparkSSLContextCreator.setUpContext(options);
|
||||
builder.setSslContextFactory(() -> context);
|
||||
builder.setSecurityMode(securityMode);
|
||||
builder.setCustomX509TrustManager(new SparkTrustManager());
|
||||
} catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | NoSuchProviderException e) {
|
||||
Log.warning("Could not establish secured connection", e);
|
||||
}
|
||||
} else { // useDirectTls
|
||||
if (!hostPortConfigured) {
|
||||
// SMACK 4.1.9 does not support XEP-0368, and does not apply a port change, if the host is not changed too.
|
||||
// Here, we force the host to be set (by doing a DNS lookup), and force the port to 5223 (which is the
|
||||
// default 'old-style' SSL port).
|
||||
DnsName serverNameDnsName = DnsName.from(loginServer);
|
||||
java.util.List<InetAddress> resolvedAddresses = DNSUtil.getDNSResolver().lookupHostAddress(serverNameDnsName, null, DnssecMode.disabled);
|
||||
if (resolvedAddresses.isEmpty()) {
|
||||
throw new RuntimeException("Could not resolve " + serverNameDnsName);
|
||||
}
|
||||
builder.setHost(resolvedAddresses.get(0).getHostName());
|
||||
builder.setPort(5223);
|
||||
}
|
||||
SparkSSLContextCreator.Options options = localPref.isAllowClientSideAuthentication() ? BOTH : ONLY_SERVER_SIDE;
|
||||
builder.setSocketFactory(new SparkSSLSocketFactory(options));
|
||||
// SMACK 4.1.9 does not recognize an 'old-style' SSL socket as being secure, which will cause a failure when
|
||||
// the 'required' Security Mode is defined. Here, we work around this by replacing that security mode with an
|
||||
// 'if-possible' setting.
|
||||
builder.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);
|
||||
}
|
||||
SASLAuthentication.registerSASLMechanism(new SASLExternalMechanism());
|
||||
}
|
||||
configureConnectionTls(builder, securityMode, useDirectTls, hostPortConfigured, loginServer);
|
||||
|
||||
// SPARK-1747: Don't use the GSS-API SASL mechanism when SSO is disabled.
|
||||
SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIMechanism.class.getName());
|
||||
@ -358,6 +320,47 @@ public class LoginDialog {
|
||||
return builder.build();
|
||||
}
|
||||
|
||||
private void configureConnectionTls(XMPPTCPConnectionConfiguration.Builder builder, ConnectionConfiguration.SecurityMode securityMode, boolean useDirectTls, boolean hostPortConfigured, String serverName) {
|
||||
if (securityMode != ConnectionConfiguration.SecurityMode.disabled) {
|
||||
if (localPref.isDisableHostnameVerification()) {
|
||||
TLSUtils.disableHostnameVerificationForTlsCertificates(builder);
|
||||
}
|
||||
if (!useDirectTls) {
|
||||
// This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
|
||||
// plain connections which is 5222.
|
||||
SparkSSLContextCreator.Options options = localPref.isAllowClientSideAuthentication() ? BOTH : ONLY_SERVER_SIDE;
|
||||
try {
|
||||
SSLContext context = SparkSSLContextCreator.setUpContext(options);
|
||||
builder.setSslContextFactory(() -> context);
|
||||
builder.setSecurityMode(securityMode);
|
||||
builder.setCustomX509TrustManager(new SparkTrustManager());
|
||||
} catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | NoSuchProviderException e) {
|
||||
Log.warning("Could not establish secured connection", e);
|
||||
}
|
||||
} else { // useDirectTls
|
||||
if (!hostPortConfigured) {
|
||||
// SMACK 4.1.9 does not support XEP-0368, and does not apply a port change, if the host is not changed too.
|
||||
// Here, we force the host to be set (by doing a DNS lookup), and force the port to 5223 (which is the
|
||||
// default 'old-style' SSL port).
|
||||
DnsName serverNameDnsName = DnsName.from(serverName);
|
||||
java.util.List<InetAddress> resolvedAddresses = DNSUtil.getDNSResolver().lookupHostAddress(serverNameDnsName, null, DnssecMode.disabled);
|
||||
if (resolvedAddresses.isEmpty()) {
|
||||
throw new RuntimeException("Could not resolve " + serverNameDnsName);
|
||||
}
|
||||
builder.setHost(resolvedAddresses.get(0).getHostName());
|
||||
builder.setPort(5223);
|
||||
}
|
||||
SparkSSLContextCreator.Options options = localPref.isAllowClientSideAuthentication() ? BOTH : ONLY_SERVER_SIDE;
|
||||
builder.setSocketFactory(new SparkSSLSocketFactory(options));
|
||||
// SMACK 4.1.9 does not recognize an 'old-style' SSL socket as being secure, which will cause a failure when
|
||||
// the 'required' Security Mode is defined. Here, we work around this by replacing that security mode with an
|
||||
// 'if-possible' setting.
|
||||
builder.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);
|
||||
}
|
||||
SASLAuthentication.registerSASLMechanism(new SASLExternalMechanism());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Define Login Panel implementation.
|
||||
*/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user