diff options
author | Vitaly Takmazov | 2016-05-10 23:38:41 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-05-10 23:38:41 +0300 |
commit | c4d77b873c4deb15a968ac17998a024bd0c618d4 (patch) | |
tree | b497115959e3d83be1a94a8b11dcf61fe45d8b8c /src/main | |
parent | 8d80768befad0246ab69d46179243079edc9a5b7 (diff) |
ssl blacklist
Diffstat (limited to 'src/main')
-rw-r--r-- | src/main/java/com/juick/xmpp/s2s/ConnectionIn.java | 8 | ||||
-rw-r--r-- | src/main/java/com/juick/xmpp/s2s/ConnectionOut.java | 2 | ||||
-rw-r--r-- | src/main/java/com/juick/xmpp/s2s/XMPPComponent.java | 3 |
3 files changed, 7 insertions, 6 deletions
diff --git a/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java b/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java index a7d687d2..554d3b05 100644 --- a/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java +++ b/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java @@ -53,7 +53,7 @@ public class ConnectionIn extends Connection implements Runnable { } boolean xmppversionnew = parser.getAttributeValue(null, "version") != null; - sendOpenStream(xmppversionnew); + sendOpenStream(parser.getAttributeValue(null, "from"), xmppversionnew); while (parser.next() != XmlPullParser.END_DOCUMENT) { updateTsRemoteData(); @@ -144,7 +144,7 @@ public class ConnectionIn extends Connection implements Runnable { closeConnection(); } } else if (isSecured() && tag.equals("stream") && parser.getNamespace().equals(NS_STREAM)) { - sendOpenStream(true); + sendOpenStream(null, true); } else { LOGGER.info("STREAM " + streamID + ": " + XmlUtils.parseToString(parser, true)); } @@ -169,13 +169,13 @@ public class ConnectionIn extends Connection implements Runnable { tsRemoteData = System.currentTimeMillis(); } - void sendOpenStream(boolean xmppversionnew) throws IOException { + void sendOpenStream(String from, boolean xmppversionnew) throws IOException { String openStream = "<?xml version='1.0'?><stream:stream xmlns='jabber:server' " + "xmlns:stream='http://etherx.jabber.org/streams' xmlns:db='jabber:server:dialback' from='" + XMPPComponent.HOSTNAME + "' id='" + streamID + "' version='1.0'>"; if (xmppversionnew) { openStream += "<stream:features>"; - if (!isSecured()) { + if (!isSecured() && !XMPPComponent.brokenSSLhosts.contains(from)) { openStream += "<starttls xmlns=\"" + NS_TLS + "\"><optional/></starttls>"; } openStream += "</stream:features>"; diff --git a/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java b/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java index 8ce1b76d..68851da1 100644 --- a/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java +++ b/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java @@ -112,7 +112,7 @@ public class ConnectionOut extends Connection implements Runnable { XmlUtils.skip(parser); } else if (tag.equals("features") && parser.getNamespace().equals(NS_STREAM)) { StreamFeatures features = StreamFeatures.parse(parser); - if (!isSecured() && features.STARTTLS >= 0) { + if (!isSecured() && features.STARTTLS >= 0 && !XMPPComponent.brokenSSLhosts.contains(to)) { System.out.println("STREAM TO " + to + " " + streamID + " SECURING"); sendStanza("<starttls xmlns=\"" + NS_TLS + "\" />"); } else { diff --git a/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java b/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java index 03a12c26..2b293fd6 100644 --- a/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java +++ b/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java @@ -30,6 +30,7 @@ public class XMPPComponent implements ServletContextListener { public static String STATSFILE = null; public static String keystore; public static String keystorePassword; + public static List<String> brokenSSLhosts; public static ConnectionRouter connRouter; static final List<ConnectionIn> inConnections = Collections.synchronizedList(new ArrayList<>()); static final List<ConnectionOut> outConnections = Collections.synchronizedList(new ArrayList<>()); @@ -163,7 +164,7 @@ public class XMPPComponent implements ServletContextListener { STATSFILE = conf.getProperty("statsfile"); keystore = conf.getProperty("keystore"); keystorePassword = conf.getProperty("keystore_password"); - + brokenSSLhosts = Arrays.asList(conf.getProperty("broken_ssl_hosts", "").split(",")); Class.forName("com.mysql.jdbc.Driver"); sql = DriverManager.getConnection("jdbc:mysql://localhost/juick?autoReconnect=true&user=" + conf.getProperty("mysql_username", "") + "&password=" + conf.getProperty("mysql_password", "")); |