From 650deda752e20d112b3cd350b9e3455c8cd89757 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Sat, 7 Mar 2020 20:02:23 +0100 Subject: [PATCH 01/10] gradle: remove unnecessary repositories{} from smack-openpgp/build.gradle The MavenCentral repository is already configured by the projects root build.gradle file. No need to do it again in the subproject. --- smack-openpgp/build.gradle | 4 ---- 1 file changed, 4 deletions(-) diff --git a/smack-openpgp/build.gradle b/smack-openpgp/build.gradle index 5ef546976..665f141d2 100644 --- a/smack-openpgp/build.gradle +++ b/smack-openpgp/build.gradle @@ -1,10 +1,6 @@ description = """\ Smack API for XEP-0373: OpenPGP for XMPP.""" -repositories { - mavenCentral() -} - // Note that the test dependencies (junit, …) are inferred from the // sourceSet.test of the core subproject dependencies { From f7eaa3cc9e3491d211426109678e3a071dd3bf2d Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Sat, 7 Mar 2020 20:02:52 +0100 Subject: [PATCH 02/10] gradle: smack-omemo(-signal) add description, remove plugins As those plugins are already configured by the projects root build.gradle file, there is no need to apply them again. --- smack-omemo-signal/build.gradle | 5 +++-- smack-omemo/build.gradle | 4 ++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/smack-omemo-signal/build.gradle b/smack-omemo-signal/build.gradle index e2f21dc54..3c81d2c9d 100644 --- a/smack-omemo-signal/build.gradle +++ b/smack-omemo-signal/build.gradle @@ -1,5 +1,6 @@ -apply plugin: 'checkstyle' -apply plugin: 'maven' +description=""" +Smack API for XEP-0384: OMEMO Encryption using libsignal +""" dependencies { compile project(":smack-im") diff --git a/smack-omemo/build.gradle b/smack-omemo/build.gradle index 354c3db20..a9c5c54c7 100644 --- a/smack-omemo/build.gradle +++ b/smack-omemo/build.gradle @@ -1,3 +1,7 @@ +description=""" +Smack API for XEP-0384: OMEMO Encryption +""" + dependencies { compile project(":smack-im") compile project(":smack-extensions") From 7b002ea2149e48514fa74b4ebc0d6b55e8e14a2a Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Sat, 7 Mar 2020 20:08:01 +0100 Subject: [PATCH 03/10] gradle: add Android jar to smack-android-extensions compile classpath --- smack-android-extensions/build.gradle | 3 +++ 1 file changed, 3 insertions(+) diff --git a/smack-android-extensions/build.gradle b/smack-android-extensions/build.gradle index 3279bdeb1..2a57ed2d7 100644 --- a/smack-android-extensions/build.gradle +++ b/smack-android-extensions/build.gradle @@ -6,4 +6,7 @@ Extra Smack extensions for Android.""" dependencies { compile project(':smack-android') compile project(':smack-extensions') + + // Add the Android jar to the Eclipse .classpath. + compileClasspath files(androidBootClasspath) } From 9a081e621d59df7eafe3172f60200bb9a22e88ce Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Sat, 7 Mar 2020 20:08:32 +0100 Subject: [PATCH 04/10] gradle: use compileClasspath instead of compileOnly In the previous commit 46ddf071b ("gradle: add Android jar to smack-android-extensions compile classpath") we already added the Android jar using compileClasspath to smack-android-extensions. Now use the same configuration for smack-android, since compileOnly is deprecated. --- smack-android/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smack-android/build.gradle b/smack-android/build.gradle index 46d83633d..34b3a784a 100644 --- a/smack-android/build.gradle +++ b/smack-android/build.gradle @@ -24,5 +24,5 @@ dependencies { } // Add the Android jar to the Eclipse .classpath. - compileOnly files(androidBootClasspath) + compileClasspath files(androidBootClasspath) } From 6440f322fe6cc562554375fbbaf90ef7a7f92f8b Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Wed, 12 Feb 2020 23:09:36 +0100 Subject: [PATCH 05/10] Ensure a X509TrustManager is set --- .../smack/AbstractXMPPConnection.java | 13 ++++++------ .../org/jivesoftware/smack/util/TLSUtils.java | 21 +++++++++++++++++++ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java index 4d344376d..1402e3738 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java @@ -135,6 +135,7 @@ import org.jivesoftware.smack.util.PacketParserUtils; import org.jivesoftware.smack.util.ParserUtils; import org.jivesoftware.smack.util.Predicate; import org.jivesoftware.smack.util.StringUtils; +import org.jivesoftware.smack.util.TLSUtils; import org.jivesoftware.smack.util.dns.HostAddress; import org.jivesoftware.smack.util.dns.SmackDaneProvider; import org.jivesoftware.smack.util.dns.SmackDaneVerifier; @@ -2340,16 +2341,16 @@ public abstract class AbstractXMPPConnection implements XMPPConnection { context = SSLContext.getInstance("TLS"); final SecureRandom secureRandom = new java.security.SecureRandom(); - X509TrustManager customTrustManager = config.getCustomX509TrustManager(); + X509TrustManager trustManager = config.getCustomX509TrustManager(); + if (trustManager == null) { + trustManager = TLSUtils.getDefaultX509TrustManager(ks); + } if (daneVerifier != null) { // User requested DANE verification. - daneVerifier.init(context, kms, customTrustManager, secureRandom); + daneVerifier.init(context, kms, trustManager, secureRandom); } else { - TrustManager[] customTrustManagers = null; - if (customTrustManager != null) { - customTrustManagers = new TrustManager[] { customTrustManager }; - } + TrustManager[] customTrustManagers = new TrustManager[] { trustManager }; context.init(kms, customTrustManagers, secureRandom); } } diff --git a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java index 5c3527482..807ffd958 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java @@ -17,6 +17,8 @@ package org.jivesoftware.smack.util; import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; @@ -34,6 +36,7 @@ import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import org.jivesoftware.smack.ConnectionConfiguration; @@ -240,4 +243,22 @@ public class TLSUtils { return new X509Certificate[0]; } } + + public static X509TrustManager getDefaultX509TrustManager(KeyStore keyStore) { + String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); + TrustManagerFactory trustManagerFactory; + try { + trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm); + trustManagerFactory.init(keyStore); + } catch (NoSuchAlgorithmException | KeyStoreException e) { + throw new AssertionError(e); + } + + for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) { + if (trustManager instanceof X509TrustManager) { + return (X509TrustManager) trustManager; + } + } + throw new AssertionError("No trust manager for the default algorithm " + defaultAlgorithm + " found"); + } } From 00dd77b3467a7612aa4bb77a0cfa76ffd3e2dda5 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Mon, 9 Mar 2020 13:39:19 +0100 Subject: [PATCH 06/10] Try to guess the default truststore and path Tested with OpenJDK 8 and 11. The 'JKS' fallback is for OpenJDK 11. --- .../smack/AbstractXMPPConnection.java | 23 +++++++++++++++- .../org/jivesoftware/smack/util/TLSUtils.java | 26 ++++++++++++++++++- 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java index 1402e3738..0e13c28c7 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/AbstractXMPPConnection.java @@ -2304,7 +2304,28 @@ public abstract class AbstractXMPPConnection implements XMPPConnection { ks = null; } } else { - ks.load(null, null); + InputStream stream = TLSUtils.getDefaultTruststoreStreamIfPossible(); + try { + // Note that PKCS12 keystores need a password one some Java platforms. Hence we try the famous + // 'changeit' here. See https://bugs.openjdk.java.net/browse/JDK-8194702 + char[] password = "changeit".toCharArray(); + try { + ks.load(stream, password); + } finally { + stream.close(); + } + } catch (IOException e) { + LOGGER.log(Level.FINE, "KeyStore load() threw, attempting 'jks' fallback", e); + + ks = KeyStore.getInstance("jks"); + // Open the stream again, so that we read it from the beginning. + stream = TLSUtils.getDefaultTruststoreStreamIfPossible(); + try { + ks.load(stream, null); + } finally { + stream.close(); + } + } } } diff --git a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java index 807ffd958..97dc8597f 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java @@ -1,6 +1,6 @@ /** * - * Copyright 2014-2016 Florian Schmaus + * Copyright 2014-2020 Florian Schmaus * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,9 @@ */ package org.jivesoftware.smack.util; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -29,6 +32,8 @@ import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.HashSet; import java.util.Set; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; @@ -45,6 +50,8 @@ import org.jivesoftware.smack.SmackException.SecurityNotPossibleException; public class TLSUtils { + private static final Logger LOGGER = Logger.getLogger(TLSUtils.class.getName()); + public static final String SSL = "SSL"; public static final String TLS = "TLS"; public static final String PROTO_SSL3 = SSL + "v3"; @@ -261,4 +268,21 @@ public class TLSUtils { } throw new AssertionError("No trust manager for the default algorithm " + defaultAlgorithm + " found"); } + + private static final File DEFAULT_TRUSTSTORE_PATH; + + static { + String javaHome = System.getProperty("java.home"); + String defaultTruststorePath = javaHome + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts"; + DEFAULT_TRUSTSTORE_PATH = new File(defaultTruststorePath); + } + + public static FileInputStream getDefaultTruststoreStreamIfPossible() { + try { + return new FileInputStream(DEFAULT_TRUSTSTORE_PATH); + } catch (FileNotFoundException e) { + LOGGER.log(Level.WARNING, "Could not open default truststore at " + DEFAULT_TRUSTSTORE_PATH, e); + return null; + } + } } From 863d0bf4032bba1b9199b8aa1a68981f2ed2fdc1 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Mon, 9 Mar 2020 14:41:52 +0100 Subject: [PATCH 07/10] Fix NPE in ServiceDiscoveryManager --- .../java/org/jivesoftware/smack/packet/StanzaBuilder.java | 8 ++++++++ .../smackx/disco/ServiceDiscoveryManager.java | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/packet/StanzaBuilder.java b/smack-core/src/main/java/org/jivesoftware/smack/packet/StanzaBuilder.java index 3539d22bd..cff077e29 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/packet/StanzaBuilder.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/packet/StanzaBuilder.java @@ -162,6 +162,14 @@ public abstract class StanzaBuilder> implements Stanz return getThis(); } + public final B addOptExtensions(Collection extensionElements) { + if (extensionElements == null) { + return getThis(); + } + + return addExtensions(extensionElements); + } + public final B addExtensions(Collection extensionElements) { for (ExtensionElement extensionElement : extensionElements) { addExtension(extensionElement); diff --git a/smack-extensions/src/main/java/org/jivesoftware/smackx/disco/ServiceDiscoveryManager.java b/smack-extensions/src/main/java/org/jivesoftware/smackx/disco/ServiceDiscoveryManager.java index 62fc38d1d..a009d260b 100644 --- a/smack-extensions/src/main/java/org/jivesoftware/smackx/disco/ServiceDiscoveryManager.java +++ b/smack-extensions/src/main/java/org/jivesoftware/smackx/disco/ServiceDiscoveryManager.java @@ -178,7 +178,7 @@ public final class ServiceDiscoveryManager extends Manager { // Add node identities responseBuilder.addIdentities(nodeInformationProvider.getNodeIdentities()); // Add packet extensions - responseBuilder.addExtensions(nodeInformationProvider.getNodePacketExtensions()); + responseBuilder.addOptExtensions(nodeInformationProvider.getNodePacketExtensions()); } else { // Return error since specified node was not found responseBuilder.ofType(IQ.Type.error); From 39a833166a162eccb0136fbbfaf9c8dd0a2361d7 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Fri, 13 Mar 2020 16:40:46 +0100 Subject: [PATCH 08/10] Add workaround for truststores in JKS format when using Java >= 9 --- .../org/jivesoftware/smack/util/TLSUtils.java | 50 +++++++++++++++++++ .../SmackIntegrationTestFramework.java | 7 ++- 2 files changed, 56 insertions(+), 1 deletion(-) diff --git a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java index 97dc8597f..cba78280f 100644 --- a/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java +++ b/smack-core/src/main/java/org/jivesoftware/smack/util/TLSUtils.java @@ -16,9 +16,12 @@ */ package org.jivesoftware.smack.util; +import java.io.DataInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -285,4 +288,51 @@ public class TLSUtils { return null; } } + + enum DefaultTrustStoreType { + jks, + unknown, + no_default, + } + + private static final int JKS_MAGIC = 0xfeedfeed; + private static final int JKS_VERSION_1 = 1; + private static final int JKS_VERSION_2 = 2; + + public static DefaultTrustStoreType getDefaultTruststoreType() throws IOException { + try (InputStream inputStream = getDefaultTruststoreStreamIfPossible()) { + if (inputStream == null) { + return DefaultTrustStoreType.no_default; + } + + DataInputStream dis = new DataInputStream(inputStream); + int magic = dis.readInt(); + int version = dis.readInt(); + + if (magic == JKS_MAGIC && (version == JKS_VERSION_1 || version == JKS_VERSION_2)) { + return DefaultTrustStoreType.jks; + } + } + + return DefaultTrustStoreType.unknown; + } + + /** + * Tries to determine if the default truststore type is of type jks and sets the javax.net.ssl.trustStoreType system + * property to 'JKS' if so. This is meant as workaround in situations where the default truststore type is (still) + * 'jks' but we run on a newer JRE/JDK which uses PKCS#12 as type. See for example Gentoo bug #712290. + */ + public static void setDefaultTrustStoreTypeToJksIfRequired() { + DefaultTrustStoreType defaultTrustStoreType; + try { + defaultTrustStoreType = getDefaultTruststoreType(); + } catch (IOException e) { + LOGGER.log(Level.WARNING, "Could not set keystore type to jks if required", e); + return; + } + + if (defaultTrustStoreType == DefaultTrustStoreType.jks) { + System.setProperty("javax.net.ssl.trustStoreType", "JKS"); + } + } } diff --git a/smack-integration-test/src/main/java/org/igniterealtime/smack/inttest/SmackIntegrationTestFramework.java b/smack-integration-test/src/main/java/org/igniterealtime/smack/inttest/SmackIntegrationTestFramework.java index a2c07772a..36e9afda2 100644 --- a/smack-integration-test/src/main/java/org/igniterealtime/smack/inttest/SmackIntegrationTestFramework.java +++ b/smack-integration-test/src/main/java/org/igniterealtime/smack/inttest/SmackIntegrationTestFramework.java @@ -1,6 +1,6 @@ /** * - * Copyright 2015-2019 Florian Schmaus + * Copyright 2015-2020 Florian Schmaus * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -56,6 +56,7 @@ import org.jivesoftware.smack.XMPPException; import org.jivesoftware.smack.tcp.XMPPTCPConnection; import org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration; import org.jivesoftware.smack.util.StringUtils; +import org.jivesoftware.smack.util.TLSUtils; import org.jivesoftware.smackx.debugger.EnhancedDebuggerWindow; import org.jivesoftware.smackx.iqregister.AccountManager; @@ -71,6 +72,10 @@ import org.reflections.scanners.TypeAnnotationsScanner; public class SmackIntegrationTestFramework { + static { + TLSUtils.setDefaultTrustStoreTypeToJksIfRequired(); + } + private static final Logger LOGGER = Logger.getLogger(SmackIntegrationTestFramework.class.getName()); public static boolean SINTTEST_UNIT_TEST = false; From 4beaae7d6ac9a17ca1e2ee91aecfc3a2fbeede04 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Fri, 13 Mar 2020 16:41:27 +0100 Subject: [PATCH 09/10] disco: avoid boxing to Integer when not necessary --- .../smackx/disco/DiscoInfoLookupShortcutMechanism.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/smack-extensions/src/main/java/org/jivesoftware/smackx/disco/DiscoInfoLookupShortcutMechanism.java b/smack-extensions/src/main/java/org/jivesoftware/smackx/disco/DiscoInfoLookupShortcutMechanism.java index eaf525f11..10a6c56aa 100644 --- a/smack-extensions/src/main/java/org/jivesoftware/smackx/disco/DiscoInfoLookupShortcutMechanism.java +++ b/smack-extensions/src/main/java/org/jivesoftware/smackx/disco/DiscoInfoLookupShortcutMechanism.java @@ -1,6 +1,6 @@ /** * - * Copyright 2018 Florian Schmaus. + * Copyright 2018-2020 Florian Schmaus. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -47,7 +47,7 @@ public abstract class DiscoInfoLookupShortcutMechanism implements Comparable Date: Fri, 13 Mar 2020 16:58:45 +0100 Subject: [PATCH 10/10] Remove Bouncycastle as direct dependency By not directly depending on Bouncycastle (BC), we avoid conflicts between different bouncycastle versions. It is also part of the developers job to take care that all required security primitives are available. If they are provide by BC or some other security provider should not be up to Smack to decide. We now only add BC as test dependency to satisfy this requirement when the unit tests are executed. --- smack-core/build.gradle | 1 + .../jivesoftware/smack/test/util/SmackTestSuite.java | 7 ++++++- smack-experimental/build.gradle | 1 - .../org/jivesoftware/smackx/hashes/HashManager.java | 11 +---------- .../java/org/jivesoftware/smackx/hashes/HashTest.java | 7 +++++++ smack-omemo/build.gradle | 2 -- .../jivesoftware/smackx/omemo/OmemoInitializer.java | 9 --------- .../jivesoftware/smackx/omemo/WrapperObjectsTest.java | 1 - version.gradle | 1 - 9 files changed, 15 insertions(+), 25 deletions(-) diff --git a/smack-core/build.gradle b/smack-core/build.gradle index 40e9026d6..8d29cfd89 100644 --- a/smack-core/build.gradle +++ b/smack-core/build.gradle @@ -24,6 +24,7 @@ dependencies { testCompile "org.assertj:assertj-core:3.11.1" testCompile "org.xmlunit:xmlunit-assertj:$xmlUnitVersion" testCompile 'com.jamesmurty.utils:java-xmlbuilder:1.2' + testCompile 'org.bouncycastle:bcprov-jdk15on:1.64' } class CreateFileTask extends DefaultTask { diff --git a/smack-core/src/test/java/org/jivesoftware/smack/test/util/SmackTestSuite.java b/smack-core/src/test/java/org/jivesoftware/smack/test/util/SmackTestSuite.java index 155954c0e..8a34b991b 100644 --- a/smack-core/src/test/java/org/jivesoftware/smack/test/util/SmackTestSuite.java +++ b/smack-core/src/test/java/org/jivesoftware/smack/test/util/SmackTestSuite.java @@ -1,6 +1,6 @@ /** * - * Copyright © 2014-2019 Florian Schmaus + * Copyright © 2014-2020 Florian Schmaus * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,11 +16,14 @@ */ package org.jivesoftware.smack.test.util; +import java.security.Security; import java.util.Base64; import org.jivesoftware.smack.SmackConfiguration; import org.jivesoftware.smack.util.stringencoder.Base64.Encoder; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + /** * The SmackTestSuite takes care of initializing Smack for the unit tests. For example the Base64 * encoder is configured. @@ -52,5 +55,7 @@ public class SmackTestSuite { } }); + + Security.addProvider(new BouncyCastleProvider()); } } diff --git a/smack-experimental/build.gradle b/smack-experimental/build.gradle index f1078bcc4..f64702d10 100644 --- a/smack-experimental/build.gradle +++ b/smack-experimental/build.gradle @@ -10,6 +10,5 @@ dependencies { testCompile project(path: ":smack-core", configuration: "testRuntime") testCompile project(path: ":smack-extensions", configuration: "testRuntime") - compile "org.bouncycastle:bcprov-jdk15on:$bouncyCastleVersion" compile "org.hsluv:hsluv:0.2" } diff --git a/smack-experimental/src/main/java/org/jivesoftware/smackx/hashes/HashManager.java b/smack-experimental/src/main/java/org/jivesoftware/smackx/hashes/HashManager.java index 096a7b85b..b3f0c3db4 100644 --- a/smack-experimental/src/main/java/org/jivesoftware/smackx/hashes/HashManager.java +++ b/smack-experimental/src/main/java/org/jivesoftware/smackx/hashes/HashManager.java @@ -1,6 +1,6 @@ /** * - * Copyright © 2017 Paul Schaub, 2019 Florian Schmaus + * Copyright © 2017 Paul Schaub, 2019-2020 Florian Schmaus * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,13 +42,10 @@ import java.util.WeakHashMap; import org.jivesoftware.smack.Manager; import org.jivesoftware.smack.XMPPConnection; -import org.jivesoftware.smack.util.SecurityUtil; import org.jivesoftware.smackx.disco.ServiceDiscoveryManager; import org.jivesoftware.smackx.hashes.element.HashElement; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - /** * Manager that can be used to determine support for hash functions. By default the Manager announces support for * XEP-0300, as well as for the recommended set of hash algorithms. Those contain SHA256, SHA384, SHA512, SHA3-256, @@ -57,12 +54,6 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider; */ public final class HashManager extends Manager { - static { - // Remove any BC providers and add a fresh one. - // This is done, since older Android versions ship with a crippled BC provider. - SecurityUtil.ensureProviderAtFirstPosition(BouncyCastleProvider.class); - } - public static final String PREFIX_NS_ALGO = "urn:xmpp:hash-function-text-names:"; public enum NAMESPACE { diff --git a/smack-experimental/src/test/java/org/jivesoftware/smackx/hashes/HashTest.java b/smack-experimental/src/test/java/org/jivesoftware/smackx/hashes/HashTest.java index 355f1a45a..91a9852e7 100644 --- a/smack-experimental/src/test/java/org/jivesoftware/smackx/hashes/HashTest.java +++ b/smack-experimental/src/test/java/org/jivesoftware/smackx/hashes/HashTest.java @@ -18,9 +18,12 @@ package org.jivesoftware.smackx.hashes; import static org.junit.jupiter.api.Assertions.assertEquals; +import java.security.Security; + import org.jivesoftware.smack.test.util.SmackTestSuite; import org.jivesoftware.smack.util.StringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.jupiter.api.Test; /** @@ -30,6 +33,10 @@ import org.junit.jupiter.api.Test; */ public class HashTest extends SmackTestSuite { + static { + Security.addProvider(new BouncyCastleProvider()); + } + private static final String testString = "Hello World!"; private static final String md5sum = "ed076287532e86365e841e92bfc50d8c"; private static final String sha1sum = "2ef7bde608ce5404e97d5f042f95f89f1c232871"; diff --git a/smack-omemo/build.gradle b/smack-omemo/build.gradle index a9c5c54c7..89ec8a473 100644 --- a/smack-omemo/build.gradle +++ b/smack-omemo/build.gradle @@ -7,7 +7,5 @@ dependencies { compile project(":smack-extensions") compile project(":smack-experimental") - compile "org.bouncycastle:bcprov-jdk15on:$bouncyCastleVersion" - testCompile project(path: ":smack-core", configuration: "testRuntime") } diff --git a/smack-omemo/src/main/java/org/jivesoftware/smackx/omemo/OmemoInitializer.java b/smack-omemo/src/main/java/org/jivesoftware/smackx/omemo/OmemoInitializer.java index 243257b99..5f293490f 100644 --- a/smack-omemo/src/main/java/org/jivesoftware/smackx/omemo/OmemoInitializer.java +++ b/smack-omemo/src/main/java/org/jivesoftware/smackx/omemo/OmemoInitializer.java @@ -17,9 +17,6 @@ package org.jivesoftware.smackx.omemo; import org.jivesoftware.smack.initializer.UrlInitializer; -import org.jivesoftware.smack.util.SecurityUtil; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; /** * Initializer class that registers omemo providers. @@ -29,12 +26,6 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider; @SuppressWarnings("unused") public class OmemoInitializer extends UrlInitializer { - static { - // Remove any BC providers and add a fresh one. - // This is done, since older Android versions ship with a crippled BC provider. - SecurityUtil.ensureProviderAtFirstPosition(BouncyCastleProvider.class); - } - @Override protected String getProvidersUri() { return "classpath:org.jivesoftware.smackx.omemo/omemo.providers"; diff --git a/smack-omemo/src/test/java/org/jivesoftware/smackx/omemo/WrapperObjectsTest.java b/smack-omemo/src/test/java/org/jivesoftware/smackx/omemo/WrapperObjectsTest.java index 268b021d8..66c538bf8 100644 --- a/smack-omemo/src/test/java/org/jivesoftware/smackx/omemo/WrapperObjectsTest.java +++ b/smack-omemo/src/test/java/org/jivesoftware/smackx/omemo/WrapperObjectsTest.java @@ -27,7 +27,6 @@ import static org.junit.Assert.assertNotNull; import java.security.NoSuchAlgorithmException; import org.jivesoftware.smack.test.util.SmackTestSuite; - import org.jivesoftware.smackx.omemo.element.OmemoElement; import org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException; import org.jivesoftware.smackx.omemo.internal.CipherAndAuthTag; diff --git a/version.gradle b/version.gradle index 72ccec1ac..c55ce5484 100644 --- a/version.gradle +++ b/version.gradle @@ -10,7 +10,6 @@ allprojects { // - https://issues.igniterealtime.org/browse/SMACK-858 jxmppVersion = '0.7.0-alpha5' miniDnsVersion = '0.4.0-alpha3' - bouncyCastleVersion = '1.62' smackMinAndroidSdk = 19 } }