From 7e8e8f8d709318cce97f40adaee8a4abbdc2b960 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 8 Nov 2016 15:14:28 +0300
Subject: xmpp: allow s2s without tls
---
juick-ws/src/main/java/com/juick/ws/s2s/Connection.java | 15 +++++++--------
juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java | 4 ++--
.../src/main/java/com/juick/ws/s2s/ConnectionOut.java | 2 +-
3 files changed, 10 insertions(+), 11 deletions(-)
(limited to 'juick-ws')
diff --git a/juick-ws/src/main/java/com/juick/ws/s2s/Connection.java b/juick-ws/src/main/java/com/juick/ws/s2s/Connection.java
index 77c12d1d..b187aa3e 100644
--- a/juick-ws/src/main/java/com/juick/ws/s2s/Connection.java
+++ b/juick-ws/src/main/java/com/juick/ws/s2s/Connection.java
@@ -61,15 +61,14 @@ public class Connection {
KeyStore ks = KeyStore.getInstance("JKS");
try (InputStream ksIs = new FileInputStream(xmpp.keystore)) {
ks.load(ksIs, xmpp.keystorePassword.toCharArray());
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
+ .getDefaultAlgorithm());
+ kmf.init(ks, xmpp.keystorePassword.toCharArray());
+ sc = SSLContext.getInstance("TLSv1.2");
+ sc.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());
+ } catch (Exception e) {
+ logger.warning("tls unavailable");
}
-
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
- .getDefaultAlgorithm());
- kmf.init(ks, xmpp.keystorePassword.toCharArray());
- sc = SSLContext.getInstance("TLSv1.2");
-
- sc.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());
-
}
public void logParser() {
diff --git a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java
index d1d69dd0..5ac21fb6 100644
--- a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java
+++ b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionIn.java
@@ -133,7 +133,7 @@ public class ConnectionIn extends Connection implements Runnable {
LOGGER.info("STREAM " + streamID + ": " + xml);
xmpp.getRouter().send(xml);
}
- } else if (!isSecured() && tag.equals("starttls")) {
+ } else if (sc != null && !isSecured() && tag.equals("starttls")) {
LOGGER.info("STREAM " + streamID + " SECURING");
sendStanza("");
try {
@@ -182,7 +182,7 @@ public class ConnectionIn extends Connection implements Runnable {
xmpp.HOSTNAME + "' id='" + streamID + "' version='1.0'>";
if (xmppversionnew) {
openStream += "";
- if (!isSecured() && !xmpp.brokenSSLhosts.contains(from)) {
+ if (sc != null && !isSecured() && !xmpp.brokenSSLhosts.contains(from)) {
openStream += "";
}
openStream += "";
diff --git a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionOut.java b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionOut.java
index 1de16329..6a0fe33b 100644
--- a/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionOut.java
+++ b/juick-ws/src/main/java/com/juick/ws/s2s/ConnectionOut.java
@@ -116,7 +116,7 @@ public class ConnectionOut extends Connection implements Runnable {
XmlUtils.skip(parser);
} else if (tag.equals("features") && parser.getNamespace().equals(NS_STREAM)) {
StreamFeatures features = StreamFeatures.parse(parser);
- if (!isSecured() && features.STARTTLS >= 0 && !xmpp.brokenSSLhosts.contains(to)) {
+ if (sc != null && !isSecured() && features.STARTTLS >= 0 && !xmpp.brokenSSLhosts.contains(to)) {
logger.info("STREAM TO " + to + " " + streamID + " SECURING");
sendStanza("");
} else {
--
cgit v1.2.3