Added TLS HostnameVerifier

ge0rg · Jul 24, 2014 · 8d483b2 · 8d483b2
1 parent 400d511
commit 8d483b2
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/source/org/jivesoftware/smack/ConnectionConfiguration.java b/source/org/jivesoftware/smack/ConnectionConfiguration.java
@@ -25,6 +25,7 @@
 import org.jivesoftware.smack.util.dns.HostAddress;
 
 import javax.net.SocketFactory;
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
 import javax.security.auth.callback.CallbackHandler;
 import java.io.File;
@@ -65,6 +66,7 @@ public class ConnectionConfiguration implements Cloneable {
     private boolean notMatchingDomainCheckEnabled = false;
     private boolean isRosterVersioningAvailable = false;
     private SSLContext customSSLContext;
+    private HostnameVerifier tlsHostnameVerifier;
 
     private boolean compressionEnabled = false;
 
@@ -495,6 +497,25 @@ public void setCustomSSLContext(SSLContext context) {
         this.customSSLContext = context;
     }
 
+    /**
+     * Gets the hostname verifier for SSL sockets. This is null by default,
+     * which means no hostname verification will take place.
+     *
+     * @return the SSLContext previously set with setCustomSSLContext() or null.
+     */
+    public HostnameVerifier getHostnameVerifier() {
+        return this.tlsHostnameVerifier;
+    }
+
+    /**
+     * Sets a custom HostnameVerifier for creating SSL sockets.
+     *
+     * @param verifier the custom HostnameVerifier for new sockets; null to reset default behavior.
+     */
+    public void setHostnameVerifier(HostnameVerifier verifier) {
+        this.tlsHostnameVerifier = verifier;
+    }
+
     /**
      * Returns true if the connection is going to use stream compression. Stream compression
      * will be requested after TLS was established (if TLS was enabled) and only if the server

diff --git a/source/org/jivesoftware/smack/XMPPConnection.java b/source/org/jivesoftware/smack/XMPPConnection.java
@@ -29,6 +29,7 @@
 import org.jivesoftware.smack.util.StringUtils;
 import org.jivesoftware.smack.util.dns.HostAddress;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
@@ -887,6 +888,10 @@ else if(config.getKeystoreType().equals("Apple")) {
         initReaderAndWriter();
         // Proceed to do the handshake
         ((SSLSocket) socket).startHandshake();
+        // Verify the server hostname
+        HostnameVerifier verifier = this.config.getHostnameVerifier();
+	if (verifier != null && !verifier.verify(getServiceName(), ((SSLSocket) socket).getSession()))
+                throw new XMPPException("Server could not authenticate as '" + getServiceName() + "'.");
         //if (((SSLSocket) socket).getWantClientAuth()) {
         //    System.err.println("Connection wants client auth");
         //}