You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by be...@apache.org on 2013/07/01 14:03:32 UTC
[3/8] git commit: rename BogusTrustManagerFactory to
NonCheckingX509TrustManagerFactory,
because it's not so much bogus as not checking if the certificates are valid.
rename BogusTrustManagerFactory to NonCheckingX509TrustManagerFactory, because it's not so much bogus as not checking if the certificates are valid.
Project: http://git-wip-us.apache.org/repos/asf/mina-vysper/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-vysper/commit/8c417579
Tree: http://git-wip-us.apache.org/repos/asf/mina-vysper/tree/8c417579
Diff: http://git-wip-us.apache.org/repos/asf/mina-vysper/diff/8c417579
Branch: refs/heads/master
Commit: 8c417579fd3bb5910feb140a8db691c4482572b6
Parents: f9be2f5
Author: Bernd Fondermann <be...@brainlounge.de>
Authored: Mon Jul 1 12:29:20 2013 +0200
Committer: Bernd Fondermann <be...@brainlounge.de>
Committed: Mon Jul 1 12:29:20 2013 +0200
----------------------------------------------------------------------
.../cryptography/BogusTrustManagerFactory.java | 79 ------------------
.../NonCheckingX509TrustManagerFactory.java | 87 ++++++++++++++++++++
.../apache/vysper/xmpp/server/XMPPServer.java | 4 +-
3 files changed, 89 insertions(+), 81 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina-vysper/blob/8c417579/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/BogusTrustManagerFactory.java
----------------------------------------------------------------------
diff --git a/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/BogusTrustManagerFactory.java b/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/BogusTrustManagerFactory.java
deleted file mode 100644
index d6b6947..0000000
--- a/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/BogusTrustManagerFactory.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.vysper.xmpp.cryptography;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import javax.net.ssl.ManagerFactoryParameters;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactorySpi;
-import javax.net.ssl.X509TrustManager;
-
-/**
- * BogusTrustManagerFactory trust manager factory. Creates BogusX509TrustManager
- *
- * nearly verbose copy from project MINA.
- * see http://svn.apache.org/viewvc/mina/branches/1.0/example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java?view=markup
- *
- * @author The Apache Directory Project (mina-dev@directory.apache.org)
- */
-public class BogusTrustManagerFactory extends TrustManagerFactorySpi implements TrustManagerFactory {
-
- static final X509TrustManager X509 = new X509TrustManager() {
- public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
- }
-
- public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
- }
-
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
- };
-
- private static final TrustManager[] X509_MANAGERS = new TrustManager[] { X509 };
-
- public BogusTrustManagerFactory() {
- }
-
- @Override
- protected TrustManager[] engineGetTrustManagers() {
- return X509_MANAGERS;
- }
-
- @Override
- protected void engineInit(KeyStore keystore) throws KeyStoreException {
- // noop
- }
-
- @Override
- protected void engineInit(ManagerFactoryParameters managerFactoryParameters)
- throws InvalidAlgorithmParameterException {
- // noop
- }
-
- public TrustManager[] getTrustManagers() {
- return X509_MANAGERS;
- }
-}
http://git-wip-us.apache.org/repos/asf/mina-vysper/blob/8c417579/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/NonCheckingX509TrustManagerFactory.java
----------------------------------------------------------------------
diff --git a/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/NonCheckingX509TrustManagerFactory.java b/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/NonCheckingX509TrustManagerFactory.java
new file mode 100644
index 0000000..4c3ff4e
--- /dev/null
+++ b/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/NonCheckingX509TrustManagerFactory.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.vysper.xmpp.cryptography;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactorySpi;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * NonCheckingTrustManagerFactory trust manager factory, uses an X509TrustManager implementation under the hood which
+ * will not actually do any checks.
+ *
+ * nearly verbose copy from project MINA.
+ * see http://svn.apache.org/viewvc/mina/branches/1.0/example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java?view=markup
+ *
+ * @author The Apache Directory Project (mina-dev@directory.apache.org)
+ */
+public class NonCheckingX509TrustManagerFactory extends TrustManagerFactorySpi implements TrustManagerFactory {
+
+ static final Logger logger = LoggerFactory.getLogger(NonCheckingX509TrustManagerFactory.class);
+
+ static final X509TrustManager X509 = new X509TrustManager() {
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+ logger.error("this XMPP Vysper instance uses NonCheckingTrustManagerFactory, clients certificates are not checked");
+ }
+
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+ logger.error("this XMPP Vysper instance uses NonCheckingTrustManagerFactory, server certificates are not checked");
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return new X509Certificate[0];
+ }
+ };
+
+ private static final TrustManager[] X509_MANAGERS = new TrustManager[] { X509 };
+
+ public NonCheckingX509TrustManagerFactory() {
+ }
+
+ @Override
+ protected TrustManager[] engineGetTrustManagers() {
+ return X509_MANAGERS;
+ }
+
+ @Override
+ protected void engineInit(KeyStore keystore) throws KeyStoreException {
+ // noop
+ }
+
+ @Override
+ protected void engineInit(ManagerFactoryParameters managerFactoryParameters)
+ throws InvalidAlgorithmParameterException {
+ // noop
+ }
+
+ public TrustManager[] getTrustManagers() {
+ return X509_MANAGERS;
+ }
+}
http://git-wip-us.apache.org/repos/asf/mina-vysper/blob/8c417579/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java
----------------------------------------------------------------------
diff --git a/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java b/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java
index 1cec6dd..bb1b13d 100644
--- a/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java
+++ b/server/core/src/main/java/org/apache/vysper/xmpp/server/XMPPServer.java
@@ -33,7 +33,7 @@ import org.apache.vysper.xmpp.addressing.EntityImpl;
import org.apache.vysper.xmpp.authentication.AccountManagement;
import org.apache.vysper.xmpp.authentication.Plain;
import org.apache.vysper.xmpp.authentication.SASLMechanism;
-import org.apache.vysper.xmpp.cryptography.BogusTrustManagerFactory;
+import org.apache.vysper.xmpp.cryptography.NonCheckingX509TrustManagerFactory;
import org.apache.vysper.xmpp.cryptography.InputStreamBasedTLSContextFactory;
import org.apache.vysper.xmpp.delivery.OfflineStanzaReceiver;
import org.apache.vysper.xmpp.delivery.StanzaRelayBroker;
@@ -134,7 +134,7 @@ public class XMPPServer {
public void start() throws Exception {
- BogusTrustManagerFactory bogusTrustManagerFactory = new BogusTrustManagerFactory();
+ NonCheckingX509TrustManagerFactory bogusTrustManagerFactory = new NonCheckingX509TrustManagerFactory();
if (StringUtils.isNotEmpty(tlsCertificatePassword) && tlsCertificate == null) {
throw new IllegalStateException("no TLS certificate loaded for the configured password");
}