SMACK-376 Allow supplying a custom SSLContext for encrypted connections.

The provided TrustManager / SSLContext implementation is very flexible, but it does not allow to query the user about accepting possibly invalid SSL certificates. By supplying a custom SSLContext with a TrustManager implementing such a query mechanism it is possible to implement this behaviour. The patch adds ConnectionConfiguration.customSSLContext with appropriate getter/setter methods and uses the custom context in XMPPConnection. Signed-Off-By: Georg Lukas <georg@op-co.de> git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@13520 b35dd754-fafc-0310-a699-88a17e54d16e
2025-09-10 09:39:39 +02:00 · 2013-02-26 08:44:17 +00:00 · 2013-02-26 08:44:17 +00:00 · da1987a98b
commit da1987a98b
parent c57843eeee
2 changed files with 28 additions and 5 deletions
--- a/source/org/jivesoftware/smack/XMPPConnection.java
+++ b/source/org/jivesoftware/smack/XMPPConnection.java
@ -763,14 +763,14 @@ public class XMPPConnection extends Connection {
     * @throws Exception if an exception occurs.
     */
    void proceedTLSReceived() throws Exception {
-        SSLContext context = SSLContext.getInstance("TLS");
+        SSLContext context = this.config.getCustomSSLContext();
        KeyStore ks = null;
        KeyManager[] kms = null;
        PasswordCallback pcb = null;

        if(config.getCallbackHandler() == null) {
           ks = null;
-        } else {
+        } else if (context == null) {
            //System.out.println("Keystore type: "+configuration.getKeystoreType());
            if(config.getKeystoreType().equals("NONE")) {
                ks = null;
@ -826,9 +826,11 @@ public class XMPPConnection extends Connection {
        }

        // Verify certificate presented by the server
-        context.init(kms,
-                new javax.net.ssl.TrustManager[]{new ServerTrustManager(getServiceName(), config)},
-                new java.security.SecureRandom());
+        if (context == null) {
+            context = SSLContext.getInstance("TLS");
+            context.init(kms, new javax.net.ssl.TrustManager[] { new ServerTrustManager(getServiceName(), config) },
+                    new java.security.SecureRandom());
+        }
        Socket plain = socket;
        // Secure the plain connection
        socket = context.getSocketFactory().createSocket(plain,