From c4d77b873c4deb15a968ac17998a024bd0c618d4 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Tue, 10 May 2016 23:38:41 +0300 Subject: ssl blacklist --- src/main/java/com/juick/xmpp/s2s/ConnectionIn.java | 8 ++++---- src/main/java/com/juick/xmpp/s2s/ConnectionOut.java | 2 +- src/main/java/com/juick/xmpp/s2s/XMPPComponent.java | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) (limited to 'src/main/java/com') diff --git a/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java b/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java index a7d687d2..554d3b05 100644 --- a/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java +++ b/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java @@ -53,7 +53,7 @@ public class ConnectionIn extends Connection implements Runnable { } boolean xmppversionnew = parser.getAttributeValue(null, "version") != null; - sendOpenStream(xmppversionnew); + sendOpenStream(parser.getAttributeValue(null, "from"), xmppversionnew); while (parser.next() != XmlPullParser.END_DOCUMENT) { updateTsRemoteData(); @@ -144,7 +144,7 @@ public class ConnectionIn extends Connection implements Runnable { closeConnection(); } } else if (isSecured() && tag.equals("stream") && parser.getNamespace().equals(NS_STREAM)) { - sendOpenStream(true); + sendOpenStream(null, true); } else { LOGGER.info("STREAM " + streamID + ": " + XmlUtils.parseToString(parser, true)); } @@ -169,13 +169,13 @@ public class ConnectionIn extends Connection implements Runnable { tsRemoteData = System.currentTimeMillis(); } - void sendOpenStream(boolean xmppversionnew) throws IOException { + void sendOpenStream(String from, boolean xmppversionnew) throws IOException { String openStream = ""; if (xmppversionnew) { openStream += ""; - if (!isSecured()) { + if (!isSecured() && !XMPPComponent.brokenSSLhosts.contains(from)) { openStream += ""; } openStream += ""; diff --git a/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java b/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java index 8ce1b76d..68851da1 100644 --- a/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java +++ b/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java @@ -112,7 +112,7 @@ public class ConnectionOut extends Connection implements Runnable { XmlUtils.skip(parser); } else if (tag.equals("features") && parser.getNamespace().equals(NS_STREAM)) { StreamFeatures features = StreamFeatures.parse(parser); - if (!isSecured() && features.STARTTLS >= 0) { + if (!isSecured() && features.STARTTLS >= 0 && !XMPPComponent.brokenSSLhosts.contains(to)) { System.out.println("STREAM TO " + to + " " + streamID + " SECURING"); sendStanza(""); } else { diff --git a/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java b/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java index 03a12c26..2b293fd6 100644 --- a/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java +++ b/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java @@ -30,6 +30,7 @@ public class XMPPComponent implements ServletContextListener { public static String STATSFILE = null; public static String keystore; public static String keystorePassword; + public static List brokenSSLhosts; public static ConnectionRouter connRouter; static final List inConnections = Collections.synchronizedList(new ArrayList<>()); static final List outConnections = Collections.synchronizedList(new ArrayList<>()); @@ -163,7 +164,7 @@ public class XMPPComponent implements ServletContextListener { STATSFILE = conf.getProperty("statsfile"); keystore = conf.getProperty("keystore"); keystorePassword = conf.getProperty("keystore_password"); - + brokenSSLhosts = Arrays.asList(conf.getProperty("broken_ssl_hosts", "").split(",")); Class.forName("com.mysql.jdbc.Driver"); sql = DriverManager.getConnection("jdbc:mysql://localhost/juick?autoReconnect=true&user=" + conf.getProperty("mysql_username", "") + "&password=" + conf.getProperty("mysql_password", "")); -- cgit v1.2.3