Geek Answers Handbook

How to create an SSL connection using the Smack XMPP library?

I am creating a small program that acts as an XMPP client, and I use the Smack library. Now the server I'm connecting to requires SSL (in Pidgin I need to check "Force old (port 5223) SSL"). I am having trouble connecting Smack to this server. Is it possible?

+6
java ssl xmpp
source share
3 answers

Take a look at this topic.

http://www.igniterealtime.org/community/thread/37678

Essentially, you need to add these two lines to your code:

connConfig.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled); connConfig.setSocketFactory(new DummySSLSocketFactory());

where connConfig is your ConnectionConfiguration object. Get the DummySSLSocketFactory from the Spark source code repository. All he does is accept almost any certificate. It seemed to work for me. Good luck

+7
source share

Yes, it is quite easy to achieve. Take a look at the ConnectionConfiguration class and, in particular, the setSecurityMode method, which takes the ConnectionConfiguration.SecurityMode parameter as a parameter. Setting this parameter to "required" means that Smack uses TLS.

from Javadoc:

Securirty through TLS encryption is required to connect. If the server does not offer TLS or if the TLS negotiations failed, the connection to the server will fail.

+3
source share

This can be done as follows:

Store CA certificate in keystore

To save the certificate to Keystore, follow these steps:

Step 1: Download the jar file of the bouncycastle file. It can be downloaded here: Bouncy Castle JAVA Releases

Step 2: Use the following command to store the certificate in the keystore

 keytool -importcert -v -trustcacerts -file "<certificate_file_with_path>" -alias "<some_name_for_certificate>" -keystore "<file_name_for_the_output_keystore>" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "<bouncy_castle_jar_file_with_path>" -storetype BKS -storepass "<password_for_the_keystore>"

Step 3: Verify the keystore file

 keytool -importcert -v -list -keystore "<file_name_for_the_keystore_with_path>" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "<bouncy_castle_jar_file_with_path>" -storetype BKS -storepass "<password_for_the_keystore>"

This tells us the certificate included in the keystore.

We have a keystore that we can use in our code.

Using keystore

After creating this keystore, save it in the raw folder of the application. Use the code below to get the handshake of the certificate with the openfire server.

To create an openfire connection using XMPP, you may need to get the configuration. To do this, use the following method:

 public ConnectionConfiguration getConfigForXMPPCon(Context context) { ConnectionConfiguration config = new ConnectionConfiguration(URLConstants.XMPP_HOST, URLConstants.XMPP_PORT); config.setSASLAuthenticationEnabled(false); config.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled); config.setCompressionEnabled(false); SSLContext sslContext = null; try { sslContext = createSSLContext(context); } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } config.setCustomSSLContext(sslContext); config.setSocketFactory(sslContext.getSocketFactory()); return config; } private SSLContext createSSLContext(Context context) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, IOException, CertificateException { KeyStore trustStore; InputStream in = null; trustStore = KeyStore.getInstance("BKS"); if (StringConstants.DEV_SERVER_IP.equals(URLConstants.XMPP_HOST) || StringConstants.TEST_SERVER_IP.equals(URLConstants.XMPP_HOST)) in = context.getResources().openRawResource(R.raw.ssl_keystore_dev_test); else if(StringConstants.STAGE_SERVER_IP.equals(URLConstants.XMPP_HOST) || StringConstants.STAGE2_SERVER_IP.equals(URLConstants.XMPP_HOST)) in = context.getResources().openRawResource(R.raw.ssl_keystore_stage); else if(StringConstants.PROD_SERVER_IP.equals(URLConstants.XMPP_HOST) || StringConstants.PROD1_SERVER_IP.equals(URLConstants.XMPP_HOST)) in = context.getResources().openRawResource(R.raw.ssl_keystore_prod); trustStore.load(in, "<keystore_password>".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext; }

Done..!! Just connect .. Now your connection is secure.

Everyone will follow the same on my blog at smackssl.blogspot.in

+3
source share

More articles:


All Articles