diff options
author | Vitaly Takmazov | 2016-11-08 15:14:28 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-11-08 15:14:28 +0300 |
commit | 7e8e8f8d709318cce97f40adaee8a4abbdc2b960 (patch) | |
tree | 73e687f4153daf46bc7662ba4ee284ef5851fed6 /juick-ws/src/main/java/com/juick | |
parent | 69a2000c03948b3ab8413f210ecf919ab5ef948d (diff) |
xmpp: allow s2s without tls
Diffstat (limited to 'juick-ws/src/main/java/com/juick')
3 files changed, 10 insertions, 11 deletions
diff --git a/juick-ws/src/main/java/com/juick/ws/s2s/Connection.java b/juick-ws/src/main/java/com/juick/ws/s2s/Connection.java index 77c12d1d..b187aa3e 100644 --- a/juick-ws/src/main/java/com/juick/ws/s2s/Connection.java +++ b/juick-ws/src/main/java/com/juick/ws/s2s/Connection.java @@ -61,15 +61,14 @@ public class Connection { KeyStore ks = KeyStore.getInstance("JKS"); try (InputStream ksIs = new FileInputStream(xmpp.keystore)) { ks.load(ksIs, xmpp.keystorePassword.toCharArray()); + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory + .getDefaultAlgorithm()); + kmf.init(ks, xmpp.keystorePassword.toCharArray()); + sc = SSLContext.getInstance("TLSv1.2"); + sc.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom()); + } catch (Exception e) { + logger.warning("tls unavailable"); } - - KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory - .getDefaultAlgorithm()); - kmf.init(ks, xmpp.keystorePassword.toCharArray()); - sc = SSLContext.getInstance("TLSv1.2"); - - sc.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom()); - } public void logParser() { diff --git a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java index d1d69dd0..5ac21fb6 100644 --- a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java +++ b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java @@ -133,7 +133,7 @@ public class ConnectionIn extends Connection implements Runnable { LOGGER.info("STREAM " + streamID + ": " + xml); xmpp.getRouter().send(xml); } - } else if (!isSecured() && tag.equals("starttls")) { + } else if (sc != null && !isSecured() && tag.equals("starttls")) { LOGGER.info("STREAM " + streamID + " SECURING"); sendStanza("<proceed xmlns=\"" + NS_TLS + "\" />"); try { @@ -182,7 +182,7 @@ public class ConnectionIn extends Connection implements Runnable { xmpp.HOSTNAME + "' id='" + streamID + "' version='1.0'>"; if (xmppversionnew) { openStream += "<stream:features>"; - if (!isSecured() && !xmpp.brokenSSLhosts.contains(from)) { + if (sc != null && !isSecured() && !xmpp.brokenSSLhosts.contains(from)) { openStream += "<starttls xmlns=\"" + NS_TLS + "\"><optional/></starttls>"; } openStream += "</stream:features>"; diff --git a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionOut.java b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionOut.java index 1de16329..6a0fe33b 100644 --- a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionOut.java +++ b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionOut.java @@ -116,7 +116,7 @@ public class ConnectionOut extends Connection implements Runnable { XmlUtils.skip(parser); } else if (tag.equals("features") && parser.getNamespace().equals(NS_STREAM)) { StreamFeatures features = StreamFeatures.parse(parser); - if (!isSecured() && features.STARTTLS >= 0 && !xmpp.brokenSSLhosts.contains(to)) { + if (sc != null && !isSecured() && features.STARTTLS >= 0 && !xmpp.brokenSSLhosts.contains(to)) { logger.info("STREAM TO " + to + " " + streamID + " SECURING"); sendStanza("<starttls xmlns=\"" + NS_TLS + "\" />"); } else { |