Package org.jivesoftware.smack.util

Class TLSUtils

java.lang.Object
org.jivesoftware.smack.util.TLSUtils
public class TLSUtils extends Object

  • Field Details

  • Constructor Details

    • TLSUtils

      public TLSUtils()

  • Method Details

    • setEnabledTlsProtocolsToRecommended

      public static <B extends ConnectionConfiguration.Builder<B, ?>> B setEnabledTlsProtocolsToRecommended(B builder)
      Enable the recommended TLS protocols.
      Type Parameters:
      B - Type of the ConnectionConfiguration builder.
      Parameters:
      builder - the configuration builder to apply this setting to
      Returns:
      the given builder

    • acceptAllCertificates

      public static <B extends ConnectionConfiguration.Builder<?, ?>> B acceptAllCertificates(B builder)
      Accept all TLS certificates.

      Warning: Use with care. This method make the Connection use TLSUtils.AcceptAllTrustManager and essentially invalidates all security guarantees provided by TLS. Only use this method if you understand the implications.

      Type Parameters:
      B - Type of the ConnectionConfiguration builder.
      Parameters:
      builder - a connection configuration builder.
      Returns:
      the given builder.

    • disableHostnameVerificationForTlsCertificates

      public static <B extends ConnectionConfiguration.Builder<?, ?>> B disableHostnameVerificationForTlsCertificates(B builder)
      Disable the hostname verification of TLS certificates.

      Warning: Use with care. This disables hostname verification of TLS certificates and essentially invalidates all security guarantees provided by TLS. Only use this method if you understand the implications.

      Type Parameters:
      B - Type of the ConnectionConfiguration builder.
      Parameters:
      builder - a connection configuration builder.
      Returns:
      the given builder.

    • setEnabledProtocolsAndCiphers

      public static void setEnabledProtocolsAndCiphers(SSLSocket sslSocket, String[] enabledProtocols, String[] enabledCiphers) throws SmackException.SecurityNotPossibleException
      Throws:
      SmackException.SecurityNotPossibleException

    • getChannelBindingTlsServerEndPoint

      public static byte[] getChannelBindingTlsServerEndPoint(SSLSession sslSession) throws SSLPeerUnverifiedException, CertificateEncodingException, NoSuchAlgorithmException
      Get the channel binding data for the 'tls-server-end-point' channel binding type. This channel binding type is defined in RFC 5929 § 4.
      Parameters:
      sslSession - the SSL/TLS session from which the data should be retrieved.
      Returns:
      the channel binding data.
      Throws:
      SSLPeerUnverifiedException - if we TLS peer could not be verified.
      CertificateEncodingException - if there was an encoding error with the certificate.
      NoSuchAlgorithmException - if no such algorithm is available.
      See Also:

    • getDefaultTruststoreStreamIfPossible

      public static FileInputStream getDefaultTruststoreStreamIfPossible()

    • getDefaultTruststoreType

      public static org.jivesoftware.smack.util.TLSUtils.DefaultTrustStoreType getDefaultTruststoreType() throws IOException
      Throws:
      IOException

    • setDefaultTrustStoreTypeToJksIfRequired

      public static void setDefaultTrustStoreTypeToJksIfRequired()
      Tries to determine if the default truststore type is of type jks and sets the javax.net.ssl.trustStoreType system property to 'JKS' if so. This is meant as workaround in situations where the default truststore type is (still) 'jks' but we run on a newer JRE/JDK which uses PKCS#12 as type. See for example Gentoo bug #712290.