Examples with MemorizingTrustManager - de.duenndns.ssl.MemorizingTrustManager

Example 6 with MemorizingTrustManager

use of de.duenndns.ssl.MemorizingTrustManager in project Conversations by siacs.

the class XmppConnectionService method updateMemorizingTrustmanager.

public void updateMemorizingTrustmanager() {
    final MemorizingTrustManager tm;
    final boolean dontTrustSystemCAs = getPreferences().getBoolean("dont_trust_system_cas", false);
    if (dontTrustSystemCAs) {
        tm = new MemorizingTrustManager(getApplicationContext(), null);
    } else {
        tm = new MemorizingTrustManager(getApplicationContext());
    }
    setMemorizingTrustManager(tm);
}

Also used : MemorizingTrustManager(de.duenndns.ssl.MemorizingTrustManager)

Example 7 with MemorizingTrustManager

use of de.duenndns.ssl.MemorizingTrustManager in project Conversations by siacs.

the class MTMExample method onCreate.

/** Creates the Activity and registers a MemorizingTrustManager. */
@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    JULHandler.initialize();
    requestWindowFeature(Window.FEATURE_INDETERMINATE_PROGRESS);
    setContentView(R.layout.mtmexample);
    // set up gui elements
    findViewById(R.id.connect).setOnClickListener(this);
    content = (TextView) findViewById(R.id.content);
    urlinput = (EditText) findViewById(R.id.url);
    // register handler for background thread
    hdlr = new Handler();
    // Here, the MemorizingTrustManager is activated for HTTPS
    try {
        // set location of the keystore
        MemorizingTrustManager.setKeyStoreFile("private", "sslkeys.bks");
        // register MemorizingTrustManager for HTTPS
        SSLContext sc = SSLContext.getInstance("TLS");
        mtm = new MemorizingTrustManager(this);
        sc.init(null, new X509TrustManager[] { mtm }, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(mtm.wrapHostnameVerifier(HttpsURLConnection.getDefaultHostnameVerifier()));
        // disable redirects to reduce possible confusion
        HttpsURLConnection.setFollowRedirects(false);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Also used : MemorizingTrustManager(de.duenndns.ssl.MemorizingTrustManager) Handler(android.os.Handler) SSLContext(javax.net.ssl.SSLContext) KeyStoreException(java.security.KeyStoreException)

Example 8 with MemorizingTrustManager

use of de.duenndns.ssl.MemorizingTrustManager in project Conversations by siacs.

the class XmppConnection method getTlsFactoryVerifier.

private TlsFactoryVerifier getTlsFactoryVerifier() throws NoSuchAlgorithmException, KeyManagementException, IOException {
    final SSLContext sc = SSLSocketHelper.getSSLContext();
    MemorizingTrustManager trustManager = this.mXmppConnectionService.getMemorizingTrustManager();
    KeyManager[] keyManager;
    if (account.getPrivateKeyAlias() != null && account.getPassword().isEmpty()) {
        keyManager = new KeyManager[] { new MyKeyManager() };
    } else {
        keyManager = null;
    }
    String domain = account.getJid().getDomainpart();
    sc.init(keyManager, new X509TrustManager[] { mInteractive ? trustManager.getInteractive(domain) : trustManager.getNonInteractive(domain) }, mXmppConnectionService.getRNG());
    final SSLSocketFactory factory = sc.getSocketFactory();
    final HostnameVerifier verifier;
    if (mInteractive) {
        verifier = trustManager.wrapHostnameVerifier(new XmppDomainVerifier());
    } else {
        verifier = trustManager.wrapHostnameVerifierNonInteractive(new XmppDomainVerifier());
    }
    return new TlsFactoryVerifier(factory, verifier);
}

Also used : MemorizingTrustManager(de.duenndns.ssl.MemorizingTrustManager) XmppDomainVerifier(eu.siacs.conversations.crypto.XmppDomainVerifier) SSLContext(javax.net.ssl.SSLContext) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) HostnameVerifier(javax.net.ssl.HostnameVerifier)

Example 9 with MemorizingTrustManager

use of de.duenndns.ssl.MemorizingTrustManager in project xabber-android by redsolution.

the class HttpFileUploadManager method uploadFile.

public void uploadFile(final AccountJid account, final UserJid user, final String filePath) {
    final Jid uploadServerUrl = uploadServers.get(account);
    if (uploadServerUrl == null) {
        return;
    }
    AccountItem accountItem = AccountManager.getInstance().getAccount(account);
    if (accountItem == null) {
        return;
    }
    final File file = new File(filePath);
    final com.xabber.xmpp.httpfileupload.Request httpFileUpload = new com.xabber.xmpp.httpfileupload.Request();
    httpFileUpload.setFilename(file.getName());
    httpFileUpload.setSize(String.valueOf(file.length()));
    httpFileUpload.setTo(uploadServerUrl);
    try {
        accountItem.getConnection().sendIqWithResponseCallback(httpFileUpload, new StanzaListener() {

            @Override
            public void processStanza(Stanza packet) throws SmackException.NotConnectedException, InterruptedException {
                if (!(packet instanceof Slot)) {
                    return;
                }
                uploadFileToSlot(account, (Slot) packet);
            }

            private void uploadFileToSlot(final AccountJid account, final Slot slot) {
                SSLSocketFactory sslSocketFactory = null;
                MemorizingTrustManager mtm = CertificateManager.getInstance().getNewFileUploadManager(account);
                final SSLContext sslContext;
                try {
                    sslContext = SSLContext.getInstance("SSL");
                    sslContext.init(null, new X509TrustManager[] { mtm }, new java.security.SecureRandom());
                    sslSocketFactory = sslContext.getSocketFactory();
                } catch (NoSuchAlgorithmException | KeyManagementException e) {
                    return;
                }
                OkHttpClient client = new OkHttpClient().newBuilder().sslSocketFactory(sslSocketFactory).hostnameVerifier(mtm.wrapHostnameVerifier(new org.apache.http.conn.ssl.StrictHostnameVerifier())).writeTimeout(5, TimeUnit.MINUTES).connectTimeout(5, TimeUnit.MINUTES).readTimeout(5, TimeUnit.MINUTES).build();
                Request request = new Request.Builder().url(slot.getPutUrl()).put(RequestBody.create(CONTENT_TYPE, file)).build();
                final String fileMessageId;
                fileMessageId = MessageManager.getInstance().createFileMessage(account, user, file);
                LogManager.i(HttpFileUploadManager.this, "starting upload file to " + slot.getPutUrl() + " size " + file.length());
                client.newCall(request).enqueue(new Callback() {

                    @Override
                    public void onFailure(Call call, IOException e) {
                        LogManager.i(HttpFileUploadManager.this, "onFailure " + e.getMessage());
                        MessageManager.getInstance().updateMessageWithError(fileMessageId, e.toString());
                    }

                    @Override
                    public void onResponse(Call call, Response response) throws IOException {
                        LogManager.i(HttpFileUploadManager.this, "onResponse " + response.isSuccessful() + " " + response.body().string());
                        if (response.isSuccessful()) {
                            MessageManager.getInstance().updateFileMessage(account, user, fileMessageId, slot.getGetUrl());
                        } else {
                            MessageManager.getInstance().updateMessageWithError(fileMessageId, response.message());
                        }
                    }
                });
            }
        }, new ExceptionCallback() {

            @Override
            public void processException(Exception exception) {
                LogManager.i(this, "On HTTP file upload slot error");
                LogManager.exception(this, exception);
                Application.getInstance().onError(R.string.http_file_upload_slot_error);
            }
        });
    } catch (SmackException.NotConnectedException | InterruptedException e) {
        LogManager.exception(this, e);
    }
}

Also used : OkHttpClient(okhttp3.OkHttpClient) AccountItem(com.xabber.android.data.account.AccountItem) StanzaListener(org.jivesoftware.smack.StanzaListener) AccountJid(com.xabber.android.data.entity.AccountJid) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) Call(okhttp3.Call) UserJid(com.xabber.android.data.entity.UserJid) AccountJid(com.xabber.android.data.entity.AccountJid) DomainBareJid(org.jxmpp.jid.DomainBareJid) Jid(org.jxmpp.jid.Jid) Stanza(org.jivesoftware.smack.packet.Stanza) Request(okhttp3.Request) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) ExceptionCallback(org.jivesoftware.smack.ExceptionCallback) SmackException(org.jivesoftware.smack.SmackException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) XMPPException(org.jivesoftware.smack.XMPPException) MemorizingTrustManager(de.duenndns.ssl.MemorizingTrustManager) Response(okhttp3.Response) Callback(okhttp3.Callback) ExceptionCallback(org.jivesoftware.smack.ExceptionCallback) X509TrustManager(javax.net.ssl.X509TrustManager) Slot(com.xabber.xmpp.httpfileupload.Slot) File(java.io.File)

Example 10 with MemorizingTrustManager

use of de.duenndns.ssl.MemorizingTrustManager in project xabber-android by redsolution.

the class ConnectionBuilder method build.

@NonNull
public static XMPPTCPConnection build(AccountJid account, @NonNull final ConnectionSettings connectionSettings) {
    XMPPTCPConnectionConfiguration.Builder builder = XMPPTCPConnectionConfiguration.builder();
    builder.setXmppDomain(connectionSettings.getServerName());
    if (connectionSettings.isCustomHostAndPort()) {
        setCustomHost(connectionSettings, builder);
        builder.setPort(connectionSettings.getPort());
    }
    builder.setDebuggerEnabled(true);
    builder.setSecurityMode(connectionSettings.getTlsMode().getSecurityMode());
    builder.setCompressionEnabled(connectionSettings.useCompression());
    builder.setSendPresence(false);
    builder.setUsernameAndPassword(connectionSettings.getUserName(), connectionSettings.getPassword());
    builder.setResource(connectionSettings.getResource());
    builder.setProxyInfo(getProxyInfo(connectionSettings));
    try {
        LogManager.i(LOG_TAG, "SettingsManager.securityCheckCertificate: " + SettingsManager.securityCheckCertificate());
        if (SettingsManager.securityCheckCertificate()) {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            MemorizingTrustManager mtm = CertificateManager.getInstance().getNewMemorizingTrustManager(account);
            sslContext.init(null, new X509TrustManager[] { mtm }, new java.security.SecureRandom());
            builder.setCustomSSLContext(sslContext);
            builder.setHostnameVerifier(mtm.wrapHostnameVerifier(new CustomDomainVerifier()));
        } else {
            TLSUtils.acceptAllCertificates(builder);
            builder.setHostnameVerifier(new AllowAllHostnameVerifier());
        }
    } catch (NoSuchAlgorithmException | KeyManagementException e) {
        LogManager.exception(LOG_TAG, e);
    }
    // if account have token
    if (connectionSettings.getToken() != null && !connectionSettings.getToken().isEmpty() && connectionSettings.getPassword() != null && connectionSettings.getPassword().isEmpty()) {
        // then enable only SASLXOauth2Mechanism
        builder.addEnabledSaslMechanism(SASLXOauth2Mechanism.NAME);
        // and set token as password
        builder.setUsernameAndPassword(connectionSettings.getUserName(), connectionSettings.getToken());
    }
    // X-TOKEN
    if (connectionSettings.getXToken() != null && !connectionSettings.getXToken().isExpired()) {
        LogManager.d(LOG_TAG, "Authorization with x-token");
        SASLAuthentication.registerSASLMechanism(new SASLXTOKENMechanism());
        builder.addEnabledSaslMechanism(SASLXTOKENMechanism.NAME);
        builder.setUsernameAndPassword(connectionSettings.getUserName(), connectionSettings.getXToken().getToken());
    }
    LogManager.i(LOG_TAG, "new XMPPTCPConnection " + connectionSettings.getServerName());
    return new XMPPTCPConnection(builder.build());
}

Also used : SASLXTOKENMechanism(com.xabber.xmpp.smack.SASLXTOKENMechanism) XMPPTCPConnection(com.xabber.xmpp.smack.XMPPTCPConnection) AllowAllHostnameVerifier(org.apache.http.conn.ssl.AllowAllHostnameVerifier) XMPPTCPConnectionConfiguration(com.xabber.xmpp.smack.XMPPTCPConnectionConfiguration) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyManagementException(java.security.KeyManagementException) MemorizingTrustManager(de.duenndns.ssl.MemorizingTrustManager) NonNull(androidx.annotation.NonNull)

Aggregations

MemorizingTrustManager (de.duenndns.ssl.MemorizingTrustManager)10 SSLContext (javax.net.ssl.SSLContext)6 KeyManagementException (java.security.KeyManagementException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 NonNull (androidx.annotation.NonNull)3 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)3 IOException (java.io.IOException)2 KeyStoreException (java.security.KeyStoreException)2 OkHttpClient (okhttp3.OkHttpClient)2 SmackException (org.jivesoftware.smack.SmackException)2 StanzaListener (org.jivesoftware.smack.StanzaListener)2 XMPPException (org.jivesoftware.smack.XMPPException)2 Stanza (org.jivesoftware.smack.packet.Stanza)2 XMPPTCPConnection (org.jivesoftware.smack.tcp.XMPPTCPConnection)2 Handler (android.os.Handler)1 RemoteException (android.os.RemoteException)1 AccountItem (com.xabber.android.data.account.AccountItem)1 AccountJid (com.xabber.android.data.entity.AccountJid)1 UserJid (com.xabber.android.data.entity.UserJid)1 AccountRosterListener (com.xabber.android.data.roster.AccountRosterListener)1