rename BogusTrustManagerFactory to NonCheckingX509TrustManagerFactory, because it's not so much bogus as not checking if the certificates are valid.
Project: http://git-wip-us.apache.org/repos/asf/mina-vysper/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-vysper/commit/8c417579 Tree: http://git-wip-us.apache.org/repos/asf/mina-vysper/tree/8c417579 Diff: http://git-wip-us.apache.org/repos/asf/mina-vysper/diff/8c417579 Branch: refs/heads/master Commit: 8c417579fd3bb5910feb140a8db691c4482572b6 Parents: f9be2f5 Author: Bernd Fondermann <[email protected]> Authored: Mon Jul 1 12:29:20 2013 +0200 Committer: Bernd Fondermann <[email protected]> Committed: Mon Jul 1 12:29:20 2013 +0200 ---------------------------------------------------------------------- .../cryptography/BogusTrustManagerFactory.java | 79 ------------------ .../NonCheckingX509TrustManagerFactory.java | 87 ++++++++++++++++++++ .../apache/vysper/xmpp/server/XMPPServer.java | 4 +- 3 files changed, 89 insertions(+), 81 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-vysper/blob/8c417579/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/BogusTrustManagerFactory.java ---------------------------------------------------------------------- diff --git a/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/BogusTrustManagerFactory.java b/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/BogusTrustManagerFactory.java deleted file mode 100644 index d6b6947..0000000 --- a/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/BogusTrustManagerFactory.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.vysper.xmpp.cryptography; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -import javax.net.ssl.ManagerFactoryParameters; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactorySpi; -import javax.net.ssl.X509TrustManager; - -/** - * BogusTrustManagerFactory trust manager factory. Creates BogusX509TrustManager - * - * nearly verbose copy from project MINA. - * see http://svn.apache.org/viewvc/mina/branches/1.0/example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java?view=markup - * - * @author The Apache Directory Project ([email protected]) - */ -public class BogusTrustManagerFactory extends TrustManagerFactorySpi implements TrustManagerFactory { - - static final X509TrustManager X509 = new X509TrustManager() { - public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { - } - - public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { - } - - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[0]; - } - }; - - private static final TrustManager[] X509_MANAGERS = new TrustManager[] { X509 }; - - public BogusTrustManagerFactory() { - } - - @Override - protected TrustManager[] engineGetTrustManagers() { - return X509_MANAGERS; - } - - @Override - protected void engineInit(KeyStore keystore) throws KeyStoreException { - // noop - } - - @Override - protected void engineInit(ManagerFactoryParameters managerFactoryParameters) - throws InvalidAlgorithmParameterException { - // noop - } - - public TrustManager[] getTrustManagers() { - return X509_MANAGERS; - } -} http://git-wip-us.apache.org/repos/asf/mina-vysper/blob/8c417579/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/NonCheckingX509TrustManagerFactory.java ---------------------------------------------------------------------- diff --git a/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/NonCheckingX509TrustManagerFactory.java b/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/NonCheckingX509TrustManagerFactory.java new file mode 100644 index 0000000..4c3ff4e --- /dev/null +++ b/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/NonCheckingX509TrustManagerFactory.java @@ -0,0 +1,87 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.vysper.xmpp.cryptography; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactorySpi; +import javax.net.ssl.X509TrustManager; + +/** + * NonCheckingTrustManagerFactory trust manager factory, uses an X509TrustManager implementation under the hood which + * will not actually do any checks. + * + * nearly verbose copy from project MINA. + * see http://svn.apache.org/viewvc/mina/branches/1.0/example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java?view=markup + * + * @author The Apache Directory Project ([email protected]) + */ +public class NonCheckingX509TrustManagerFactory extends TrustManagerFactorySpi implements TrustManagerFactory { + + static final Logger logger = LoggerFactory.getLogger(NonCheckingX509TrustManagerFactory.class); + + static final X509TrustManager X509 = new X509TrustManager() { + public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { + logger.error("this XMPP Vysper instance uses NonCheckingTrustManagerFactory, clients certificates are not checked"); + } + + public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { + logger.error("this XMPP Vysper instance uses NonCheckingTrustManagerFactory, server certificates are not checked"); + } + + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + }; + + private static final TrustManager[] X509_MANAGERS = new TrustManager[] { X509 }; + + public NonCheckingX509TrustManagerFactory() { + } + + @Override + protected TrustManager[] engineGetTrustManagers() { + return X509_MANAGERS; + } + + @Override + protected void engineInit(KeyStore keystore) throws KeyStoreException { + // noop + } + + @Override + protected void engineInit(ManagerFactoryParameters managerFactoryParameters) + throws InvalidAlgorithmParameterException { + // noop + } + + public TrustManager[] getTrustManagers() { + return X509_MANAGERS; + } +} http://git-wip-us.apache.org/repos/asf/mina-vysper/blob/8c417579/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java ---------------------------------------------------------------------- diff --git a/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java b/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java index 1cec6dd..bb1b13d 100644 --- a/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java +++ b/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java @@ -33,7 +33,7 @@ import org.apache.vysper.xmpp.addressing.EntityImpl; import org.apache.vysper.xmpp.authentication.AccountManagement; import org.apache.vysper.xmpp.authentication.Plain; import org.apache.vysper.xmpp.authentication.SASLMechanism; -import org.apache.vysper.xmpp.cryptography.BogusTrustManagerFactory; +import org.apache.vysper.xmpp.cryptography.NonCheckingX509TrustManagerFactory; import org.apache.vysper.xmpp.cryptography.InputStreamBasedTLSContextFactory; import org.apache.vysper.xmpp.delivery.OfflineStanzaReceiver; import org.apache.vysper.xmpp.delivery.StanzaRelayBroker; @@ -134,7 +134,7 @@ public class XMPPServer { public void start() throws Exception { - BogusTrustManagerFactory bogusTrustManagerFactory = new BogusTrustManagerFactory(); + NonCheckingX509TrustManagerFactory bogusTrustManagerFactory = new NonCheckingX509TrustManagerFactory(); if (StringUtils.isNotEmpty(tlsCertificatePassword) && tlsCertificate == null) { throw new IllegalStateException("no TLS certificate loaded for the configured password"); }
