packages/eclipse-ecf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:b2e4fb01f1df682610e3c945a3e714e989893f86
Branches Tags
packages:main
..
compare: packages:76c98f7c8419b190465a1b39a3fa6fb419582e21
Branches Tags
packages:main

No commits in common. "b2e4fb01f1df682610e3c945a3e714e989893f86" and "76c98f7c8419b190465a1b39a3fa6fb419582e21" have entirely different histories.
b2e4fb01f1 ... 76c98f7c84

6 changed files with 0 additions and 974 deletions
Show Stats Expand all files Collapse all files

226
0001-Avoid-hard-coding-dependency-versions-by-using-featu.patch
View File

@ -1,226 +0,0 @@
From 51b88b0a6e59107f393d497cf94db07c0865e577 Mon Sep 17 00:00:00 2001
From: Mat Booth <mat.booth@redhat.com>
Date: Sun, 16 Jun 2019 12:22:32 +0100
Subject: [PATCH 1/2] Avoid hard-coding dependency versions by using feature
imports instead of feature plugins for third party bundles
---
.../feature.xml | 8 +--
.../feature.xml | 32 ++---------
.../feature.xml | 56 ++-----------------
.../feature.xml | 8 +--
.../feature.xml | 7 ---
.../org.eclipse.ecf.xmpp.feature/feature.xml | 8 +--
6 files changed, 11 insertions(+), 108 deletions(-)
diff --git a/releng/features/org.eclipse.ecf.discovery.dnssd.feature/feature.xml b/releng/features/org.eclipse.ecf.discovery.dnssd.feature/feature.xml
index 0c7810a..d4b0e67 100644
--- a/releng/features/org.eclipse.ecf.discovery.dnssd.feature/feature.xml
+++ b/releng/features/org.eclipse.ecf.discovery.dnssd.feature/feature.xml
@@ -27,6 +27,7 @@
<requires>
<import feature="org.eclipse.ecf.discovery.feature" version="1.0.0" match="compatible"/>
+ <import plugin="org.xbill.dns"/>
</requires>
<plugin
@@ -36,11 +37,4 @@
version="0.0.0"
unpack="false"/>
- <plugin
- id="org.xbill.dns"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
</feature>
diff --git a/releng/features/org.eclipse.ecf.filetransfer.httpclient4.feature/feature.xml b/releng/features/org.eclipse.ecf.filetransfer.httpclient4.feature/feature.xml
index 3405a28..14061df 100644
--- a/releng/features/org.eclipse.ecf.filetransfer.httpclient4.feature/feature.xml
+++ b/releng/features/org.eclipse.ecf.filetransfer.httpclient4.feature/feature.xml
@@ -27,6 +27,10 @@ Contributors: Composent, Inc. - initial API and implementation
<requires>
<import feature="org.eclipse.ecf.filetransfer.feature" version="3.9.0" match="compatible"/>
+ <import plugin="org.apache.commons.codec" />
+ <import plugin="org.apache.commons.logging" />
+ <import plugin="org.apache.httpcomponents.httpclient" />
+ <import plugin="org.apache.httpcomponents.httpcore" />
</requires>
<plugin
@@ -36,32 +40,4 @@ Contributors: Composent, Inc. - initial API and implementation
version="0.0.0"
unpack="false"/>
- <plugin
- id="org.apache.commons.codec"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="org.apache.commons.logging"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="org.apache.httpcomponents.httpclient"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="org.apache.httpcomponents.httpcore"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
</feature>
diff --git a/releng/features/org.eclipse.ecf.filetransfer.httpclient45.feature/feature.xml b/releng/features/org.eclipse.ecf.filetransfer.httpclient45.feature/feature.xml
index 635864e..8d2a450 100644
--- a/releng/features/org.eclipse.ecf.filetransfer.httpclient45.feature/feature.xml
+++ b/releng/features/org.eclipse.ecf.filetransfer.httpclient45.feature/feature.xml
@@ -21,6 +21,10 @@
<requires>
<import feature="org.eclipse.ecf.filetransfer.feature" version="3.9.0" match="compatible"/>
+ <import plugin="org.apache.commons.codec" />
+ <import plugin="org.apache.commons.logging" />
+ <import plugin="org.apache.httpcomponents.httpclient" />
+ <import plugin="org.apache.httpcomponents.httpcore" />
</requires>
<plugin
@@ -38,56 +42,4 @@
version="0.0.0"
unpack="false"/>
- <plugin
- id="org.apache.commons.codec"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="org.apache.commons.logging"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="com.sun.jna"
- os="win32"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="com.sun.jna.platform"
- os="win32"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="org.apache.httpcomponents.httpclient"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="org.apache.httpcomponents.httpclient.win"
- os="win32"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
- <plugin
- id="org.apache.httpcomponents.httpcore"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
</feature>
diff --git a/releng/features/org.eclipse.ecf.remoteservice.rosgi.feature/feature.xml b/releng/features/org.eclipse.ecf.remoteservice.rosgi.feature/feature.xml
index af23e93..284c52f 100644
--- a/releng/features/org.eclipse.ecf.remoteservice.rosgi.feature/feature.xml
+++ b/releng/features/org.eclipse.ecf.remoteservice.rosgi.feature/feature.xml
@@ -32,6 +32,7 @@ https://wiki.eclipse.org/ECF#OSGi_Remote_Services
<requires>
<import feature="org.eclipse.ecf.provider.generic.feature" version="1.0" match="compatible"/>
<import feature="org.eclipse.ecf.remoteservice.feature" version="2.1" match="compatible"/>
+ <import plugin="org.objectweb.asm" />
</requires>
<plugin
@@ -48,11 +49,4 @@ https://wiki.eclipse.org/ECF#OSGi_Remote_Services
version="0.0.0"
unpack="false"/>
- <plugin
- id="org.objectweb.asm"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
</feature>
diff --git a/releng/features/org.eclipse.ecf.remoteservice.servlet.feature/feature.xml b/releng/features/org.eclipse.ecf.remoteservice.servlet.feature/feature.xml
index dee188b..0d0d7ad 100644
--- a/releng/features/org.eclipse.ecf.remoteservice.servlet.feature/feature.xml
+++ b/releng/features/org.eclipse.ecf.remoteservice.servlet.feature/feature.xml
@@ -50,11 +50,4 @@ https://wiki.eclipse.org/ECF#OSGi_Remote_Services
version="0.0.0"
unpack="false"/>
- <plugin
- id="javax.servlet"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
</feature>
diff --git a/releng/features/org.eclipse.ecf.xmpp.feature/feature.xml b/releng/features/org.eclipse.ecf.xmpp.feature/feature.xml
index a7aa0da..4e3cc0c 100644
--- a/releng/features/org.eclipse.ecf.xmpp.feature/feature.xml
+++ b/releng/features/org.eclipse.ecf.xmpp.feature/feature.xml
@@ -30,6 +30,7 @@ Contributors: Composent, Inc. - initial API and implementation
<import feature="org.eclipse.ecf.presence.feature" version="1.0" match="compatible"/>
<import feature="org.eclipse.ecf.datashare.feature" version="1.0" match="compatible"/>
<import feature="org.eclipse.ecf.remoteservice.feature" version="2.1" match="compatible"/>
+ <import plugin="org.xbill.dns"/>
</requires>
<plugin
@@ -62,11 +63,4 @@ Contributors: Composent, Inc. - initial API and implementation
fragment="true"
unpack="false"/>
- <plugin
- id="org.xbill.dns"
- download-size="0"
- install-size="0"
- version="0.0.0"
- unpack="false"/>
-
</feature>
--
2.20.1

25
0002-Remove-unneeded-dep-on-jdt-annotations.patch
View File

@ -1,25 +0,0 @@
From d52239f133c57aba7853f534c80730b403c3b16d Mon Sep 17 00:00:00 2001
From: Mat Booth <mat.booth@redhat.com>
Date: Sun, 16 Jun 2019 12:37:29 +0100
Subject: [PATCH 2/2] Remove unneeded dep on jdt annotations
---
.../build.properties | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient45/build.properties b/providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient45/build.properties
index d9caeab..f165c5f 100644
--- a/providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient45/build.properties
+++ b/providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient45/build.properties
@@ -9,7 +9,4 @@ bin.includes = META-INF/,\
.options
src.includes = about.html,\
asl-v20.txt
-## JDT Null Analysis for Eclipse
-additional.bundles = org.eclipse.jdt.annotation
-## JDT Null Analysis and OSGi Services types for Tycho
-jars.extra.classpath = platform:/plugin/org.eclipse.jdt.annotation,platform:/plugin/org.eclipse.osgi.services
+jars.extra.classpath = platform:/plugin/org.eclipse.osgi.services
--
2.20.1

587
CVE-2014-0363.patch
View File

@ -1,587 +0,0 @@
From 689ed4135ea36bed8d420eb11ca389499fa4a440 Mon Sep 17 00:00:00 2001
From: caodongxia <315816521@qq.com>
Date: Sat, 12 Dec 2020 14:25:15 +0800
Subject: [PATCH] CVE-2014-0363.patch
Reference: https://src.fedoraproject.org/rpms/smack/blob/48915f05037f5c246878f9b6a6fab78bfcd6c86f/f/smack-3.2.2-CVE-2014-0363.patch
diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ConnectionConfiguration.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ConnectionConfiguration.java
index 9eb7bb9..5c52561 100644
--- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ConnectionConfiguration.java
+++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ConnectionConfiguration.java
@@ -27,7 +27,6 @@ import org.jivesoftware.smack.util.dns.HostAddress;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.security.auth.callback.CallbackHandler;
-import java.io.File;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -54,17 +53,9 @@ public class ConnectionConfiguration implements Cloneable {
private int port;
protected List<HostAddress> hostAddresses;
- private String truststorePath;
- private String truststoreType;
- private String truststorePassword;
private String keystorePath;
private String keystoreType;
private String pkcs11Library;
- private boolean verifyChainEnabled = false;
- private boolean verifyRootCAEnabled = false;
- private boolean selfSignedCertificateEnabled = false;
- private boolean expiredCertificatesCheckEnabled = false;
- private boolean notMatchingDomainCheckEnabled = false;
private SSLContext customSSLContext;
private boolean compressionEnabled = false;
@@ -190,18 +181,6 @@ public class ConnectionConfiguration implements Cloneable {
this.serviceName = serviceName;
this.proxy = proxy;
- // Build the default path to the cacert truststore file. By default we are
- // going to use the file located in $JREHOME/lib/security/cacerts.
- String javaHome = System.getProperty("java.home");
- StringBuilder buffer = new StringBuilder();
- buffer.append(javaHome).append(File.separator).append("lib");
- buffer.append(File.separator).append("security");
- buffer.append(File.separator).append("cacerts");
- truststorePath = buffer.toString();
- // Set the default store type
- truststoreType = "jks";
- // Set the default password of the cacert file that is "changeit"
- truststorePassword = "changeit";
keystorePath = System.getProperty("javax.net.ssl.keyStore");
keystoreType = "jks";
pkcs11Library = "pkcs11.config";
@@ -274,66 +253,6 @@ public class ConnectionConfiguration implements Cloneable {
this.securityMode = securityMode;
}
- /**
- * Retuns the path to the trust store file. The trust store file contains the root
- * certificates of several well known CAs. By default, will attempt to use the
- * the file located in $JREHOME/lib/security/cacerts.
- *
- * @return the path to the truststore file.
- */
- public String getTruststorePath() {
- return truststorePath;
- }
-
- /**
- * Sets the path to the trust store file. The truststore file contains the root
- * certificates of several well?known CAs. By default Smack is going to use
- * the file located in $JREHOME/lib/security/cacerts.
- *
- * @param truststorePath the path to the truststore file.
- */
- public void setTruststorePath(String truststorePath) {
- this.truststorePath = truststorePath;
- }
-
- /**
- * Returns the trust store type, or <tt>null</tt> if it's not set.
- *
- * @return the trust store type.
- */
- public String getTruststoreType() {
- return truststoreType;
- }
-
- /**
- * Sets the trust store type.
- *
- * @param truststoreType the trust store type.
- */
- public void setTruststoreType(String truststoreType) {
- this.truststoreType = truststoreType;
- }
-
- /**
- * Returns the password to use to access the trust store file. It is assumed that all
- * certificates share the same password in the trust store.
- *
- * @return the password to use to access the truststore file.
- */
- public String getTruststorePassword() {
- return truststorePassword;
- }
-
- /**
- * Sets the password to use to access the trust store file. It is assumed that all
- * certificates share the same password in the trust store.
- *
- * @param truststorePassword the password to use to access the truststore file.
- */
- public void setTruststorePassword(String truststorePassword) {
- this.truststorePassword = truststorePassword;
- }
-
/**
* Retuns the path to the keystore file. The key store file contains the
* certificates that may be used to authenticate the client to the server,
@@ -395,110 +314,6 @@ public class ConnectionConfiguration implements Cloneable {
this.pkcs11Library = pkcs11Library;
}
- /**
- * Returns true if the whole chain of certificates presented by the server are going to
- * be checked. By default the certificate chain is not verified.
- *
- * @return true if the whole chaing of certificates presented by the server are going to
- * be checked.
- */
- public boolean isVerifyChainEnabled() {
- return verifyChainEnabled;
- }
-
- /**
- * Sets if the whole chain of certificates presented by the server are going to
- * be checked. By default the certificate chain is not verified.
- *
- * @param verifyChainEnabled if the whole chaing of certificates presented by the server
- * are going to be checked.
- */
- public void setVerifyChainEnabled(boolean verifyChainEnabled) {
- this.verifyChainEnabled = verifyChainEnabled;
- }
-
- /**
- * Returns true if root CA checking is going to be done. By default checking is disabled.
- *
- * @return true if root CA checking is going to be done.
- */
- public boolean isVerifyRootCAEnabled() {
- return verifyRootCAEnabled;
- }
-
- /**
- * Sets if root CA checking is going to be done. By default checking is disabled.
- *
- * @param verifyRootCAEnabled if root CA checking is going to be done.
- */
- public void setVerifyRootCAEnabled(boolean verifyRootCAEnabled) {
- this.verifyRootCAEnabled = verifyRootCAEnabled;
- }
-
- /**
- * Returns true if self-signed certificates are going to be accepted. By default
- * this option is disabled.
- *
- * @return true if self-signed certificates are going to be accepted.
- */
- public boolean isSelfSignedCertificateEnabled() {
- return selfSignedCertificateEnabled;
- }
-
- /**
- * Sets if self-signed certificates are going to be accepted. By default
- * this option is disabled.
- *
- * @param selfSignedCertificateEnabled if self-signed certificates are going to be accepted.
- */
- public void setSelfSignedCertificateEnabled(boolean selfSignedCertificateEnabled) {
- this.selfSignedCertificateEnabled = selfSignedCertificateEnabled;
- }
-
- /**
- * Returns true if certificates presented by the server are going to be checked for their
- * validity. By default certificates are not verified.
- *
- * @return true if certificates presented by the server are going to be checked for their
- * validity.
- */
- public boolean isExpiredCertificatesCheckEnabled() {
- return expiredCertificatesCheckEnabled;
- }
-
- /**
- * Sets if certificates presented by the server are going to be checked for their
- * validity. By default certificates are not verified.
- *
- * @param expiredCertificatesCheckEnabled if certificates presented by the server are going
- * to be checked for their validity.
- */
- public void setExpiredCertificatesCheckEnabled(boolean expiredCertificatesCheckEnabled) {
- this.expiredCertificatesCheckEnabled = expiredCertificatesCheckEnabled;
- }
-
- /**
- * Returns true if certificates presented by the server are going to be checked for their
- * domain. By default certificates are not verified.
- *
- * @return true if certificates presented by the server are going to be checked for their
- * domain.
- */
- public boolean isNotMatchingDomainCheckEnabled() {
- return notMatchingDomainCheckEnabled;
- }
-
- /**
- * Sets if certificates presented by the server are going to be checked for their
- * domain. By default certificates are not verified.
- *
- * @param notMatchingDomainCheckEnabled if certificates presented by the server are going
- * to be checked for their domain.
- */
- public void setNotMatchingDomainCheckEnabled(boolean notMatchingDomainCheckEnabled) {
- this.notMatchingDomainCheckEnabled = notMatchingDomainCheckEnabled;
- }
-
/**
* Gets the custom SSLContext for SSL sockets. This is null by default.
*
diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ServerTrustManager.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ServerTrustManager.java
deleted file mode 100644
index afc4e23..0000000
--- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ServerTrustManager.java
+++ /dev/null
@@ -1,330 +0,0 @@
-/**
- * $RCSfile$
- * $Revision$
- * $Date$
- *
- * Copyright 2003-2005 Jive Software.
- *
- * All rights reserved. Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.jivesoftware.smack;
-
-import javax.net.ssl.X509TrustManager;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.io.IOException;
-import java.security.*;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.*;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-/**
- * Trust manager that checks all certificates presented by the server. This class
- * is used during TLS negotiation. It is possible to disable/enable some or all checkings
- * by configuring the {@link ConnectionConfiguration}. The truststore file that contains
- * knows and trusted CA root certificates can also be configure in {@link ConnectionConfiguration}.
- *
- * @author Gaston Dombiak
- */
-class ServerTrustManager implements X509TrustManager {
-
- private static Pattern cnPattern = Pattern.compile("(?i)(cn=)([^,]*)");
-
- private ConnectionConfiguration configuration;
-
- /**
- * Holds the domain of the remote server we are trying to connect
- */
- private String server;
- private KeyStore trustStore;
-
- private static Map<KeyStoreOptions, KeyStore> stores = new HashMap<KeyStoreOptions, KeyStore>();
-
- public ServerTrustManager(String server, ConnectionConfiguration configuration) {
- this.configuration = configuration;
- this.server = server;
-
- InputStream in = null;
- synchronized (stores) {
- KeyStoreOptions options = new KeyStoreOptions(configuration.getTruststoreType(),
- configuration.getTruststorePath(), configuration.getTruststorePassword());
- if (stores.containsKey(options)) {
- trustStore = stores.get(options);
- } else {
- try {
- trustStore = KeyStore.getInstance(options.getType());
- in = new FileInputStream(options.getPath());
- trustStore.load(in, options.getPassword().toCharArray());
- } catch (Exception e) {
- trustStore = null;
- e.printStackTrace();
- } finally {
- if (in != null) {
- try {
- in.close();
- } catch (IOException ioe) {
- // Ignore.
- }
- }
- }
- stores.put(options, trustStore);
- }
- if (trustStore == null)
- // Disable root CA checking
- configuration.setVerifyRootCAEnabled(false);
- }
- }
-
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
-
- public void checkClientTrusted(X509Certificate[] arg0, String arg1)
- throws CertificateException {
- }
-
- public void checkServerTrusted(X509Certificate[] x509Certificates, String arg1)
- throws CertificateException {
-
- int nSize = x509Certificates.length;
-
- List<String> peerIdentities = getPeerIdentity(x509Certificates[0]);
-
- if (configuration.isVerifyChainEnabled()) {
- // Working down the chain, for every certificate in the chain,
- // verify that the subject of the certificate is the issuer of the
- // next certificate in the chain.
- Principal principalLast = null;
- for (int i = nSize -1; i >= 0 ; i--) {
- X509Certificate x509certificate = x509Certificates[i];
- Principal principalIssuer = x509certificate.getIssuerDN();
- Principal principalSubject = x509certificate.getSubjectDN();
- if (principalLast != null) {
- if (principalIssuer.equals(principalLast)) {
- try {
- PublicKey publickey =
- x509Certificates[i + 1].getPublicKey();
- x509Certificates[i].verify(publickey);
- }
- catch (GeneralSecurityException generalsecurityexception) {
- throw new CertificateException(
- "signature verification failed of " + peerIdentities);
- }
- }
- else {
- throw new CertificateException(
- "subject/issuer verification failed of " + peerIdentities);
- }
- }
- principalLast = principalSubject;
- }
- }
-
- if (configuration.isVerifyRootCAEnabled()) {
- // Verify that the the last certificate in the chain was issued
- // by a third-party that the client trusts.
- boolean trusted = false;
- try {
- trusted = trustStore.getCertificateAlias(x509Certificates[nSize - 1]) != null;
- if (!trusted && nSize == 1 && configuration.isSelfSignedCertificateEnabled())
- {
- System.out.println("Accepting self-signed certificate of remote server: " +
- peerIdentities);
- trusted = true;
- }
- }
- catch (KeyStoreException e) {
- e.printStackTrace();
- }
- if (!trusted) {
- throw new CertificateException("root certificate not trusted of " + peerIdentities);
- }
- }
-
- if (configuration.isNotMatchingDomainCheckEnabled()) {
- // Verify that the first certificate in the chain corresponds to
- // the server we desire to authenticate.
- // Check if the certificate uses a wildcard indicating that subdomains are valid
- if (peerIdentities.size() == 1 && peerIdentities.get(0).startsWith("*.")) {
- // Remove the wildcard
- String peerIdentity = peerIdentities.get(0).replace("*.", "");
- // Check if the requested subdomain matches the certified domain
- if (!server.endsWith(peerIdentity)) {
- throw new CertificateException("target verification failed of " + peerIdentities);
- }
- }
- else if (!peerIdentities.contains(server)) {
- throw new CertificateException("target verification failed of " + peerIdentities);
- }
- }
-
- if (configuration.isExpiredCertificatesCheckEnabled()) {
- // For every certificate in the chain, verify that the certificate
- // is valid at the current time.
- Date date = new Date();
- for (int i = 0; i < nSize; i++) {
- try {
- x509Certificates[i].checkValidity(date);
- }
- catch (GeneralSecurityException generalsecurityexception) {
- throw new CertificateException("invalid date of " + server);
- }
- }
- }
-
- }
-
- /**
- * Returns the identity of the remote server as defined in the specified certificate. The
- * identity is defined in the subjectDN of the certificate and it can also be defined in
- * the subjectAltName extension of type "xmpp". When the extension is being used then the
- * identity defined in the extension in going to be returned. Otherwise, the value stored in
- * the subjectDN is returned.
- *
- * @param x509Certificate the certificate the holds the identity of the remote server.
- * @return the identity of the remote server as defined in the specified certificate.
- */
- public static List<String> getPeerIdentity(X509Certificate x509Certificate) {
- // Look the identity in the subjectAltName extension if available
- List<String> names = getSubjectAlternativeNames(x509Certificate);
- if (names.isEmpty()) {
- String name = x509Certificate.getSubjectDN().getName();
- Matcher matcher = cnPattern.matcher(name);
- if (matcher.find()) {
- name = matcher.group(2);
- }
- // Create an array with the unique identity
- names = new ArrayList<String>();
- names.add(name);
- }
- return names;
- }
-
- /**
- * Returns the JID representation of an XMPP entity contained as a SubjectAltName extension
- * in the certificate. If none was found then return <tt>null</tt>.
- *
- * @param certificate the certificate presented by the remote entity.
- * @return the JID representation of an XMPP entity contained as a SubjectAltName extension
- * in the certificate. If none was found then return <tt>null</tt>.
- */
- private static List<String> getSubjectAlternativeNames(X509Certificate certificate) {
- List<String> identities = new ArrayList<String>();
- try {
- Collection<List<?>> altNames = certificate.getSubjectAlternativeNames();
- // Check that the certificate includes the SubjectAltName extension
- if (altNames == null) {
- return Collections.emptyList();
- }
- // Use the type OtherName to search for the certified server name
- /*for (List item : altNames) {
- Integer type = (Integer) item.get(0);
- if (type == 0) {
- // Type OtherName found so return the associated value
- try {
- // Value is encoded using ASN.1 so decode it to get the server's identity
- ASN1InputStream decoder = new ASN1InputStream((byte[]) item.toArray()[1]);
- DEREncodable encoded = decoder.readObject();
- encoded = ((DERSequence) encoded).getObjectAt(1);
- encoded = ((DERTaggedObject) encoded).getObject();
- encoded = ((DERTaggedObject) encoded).getObject();
- String identity = ((DERUTF8String) encoded).getString();
- // Add the decoded server name to the list of identities
- identities.add(identity);
- }
- catch (UnsupportedEncodingException e) {
- // Ignore
- }
- catch (IOException e) {
- // Ignore
- }
- catch (Exception e) {
- e.printStackTrace();
- }
- }
- // Other types are not good for XMPP so ignore them
- System.out.println("SubjectAltName of invalid type found: " + certificate);
- }*/
- }
- catch (CertificateParsingException e) {
- e.printStackTrace();
- }
- return identities;
- }
-
- private static class KeyStoreOptions {
- private final String type;
- private final String path;
- private final String password;
-
- public KeyStoreOptions(String type, String path, String password) {
- super();
- this.type = type;
- this.path = path;
- this.password = password;
- }
-
- public String getType() {
- return type;
- }
-
- public String getPath() {
- return path;
- }
-
- public String getPassword() {
- return password;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((password == null) ? 0 : password.hashCode());
- result = prime * result + ((path == null) ? 0 : path.hashCode());
- result = prime * result + ((type == null) ? 0 : type.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- KeyStoreOptions other = (KeyStoreOptions) obj;
- if (password == null) {
- if (other.password != null)
- return false;
- } else if (!password.equals(other.password))
- return false;
- if (path == null) {
- if (other.path != null)
- return false;
- } else if (!path.equals(other.path))
- return false;
- if (type == null) {
- if (other.type != null)
- return false;
- } else if (!type.equals(other.type))
- return false;
- return true;
- }
- }
-}
diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/XMPPConnection.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/XMPPConnection.java
index 49d6c72..3ddd324 100644
--- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/XMPPConnection.java
+++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/XMPPConnection.java
@@ -860,8 +860,7 @@ public class XMPPConnection extends Connection {
// Verify certificate presented by the server
if (context == null) {
context = SSLContext.getInstance("TLS");
- context.init(kms, new javax.net.ssl.TrustManager[] { new ServerTrustManager(getServiceName(), config) },
- new java.security.SecureRandom());
+ context.init(kms, null, new java.security.SecureRandom());
}
Socket plain = socket;
// Secure the plain connection
--
2.27.0

132
eclipse-ecf.spec
View File

@ -1,132 +0,0 @@
%global _eclipsedir %{_prefix}/lib/eclipse
%global __requires_exclude .*org\.eclipse\.equinox.*
%global git_tag bc2e29e0d5cf49d05bd97dbb082d2ab58eedd13b
%bcond_with bootstrap
Name: eclipse-ecf
Version: 3.14.19
Release: 2
Summary: Eclipse Communication Framework (ECF) Eclipse plug-in
License: EPL-1.0 and ASL 2.0
URL: http://www.eclipse.org/ecf/
Source0: http://git.eclipse.org/c/ecf/org.eclipse.ecf.git/snapshot/org.eclipse.ecf-%{git_tag}.tar.xz
Patch0: 0001-Avoid-hard-coding-dependency-versions-by-using-featu.patch
Patch1: CVE-2014-0363.patch
Patch2: 0002-Remove-unneeded-dep-on-jdt-annotations.patch
BuildRequires: tycho tycho-extras maven-plugin-build-helper eclipse-license osgi-annotation
BuildRequires: xpp3-minimal httpcomponents-client httpcomponents-core apache-commons-codec
BuildRequires: apache-commons-logging
%if %{without bootstrap}
BuildRequires: eclipse-emf-runtime eclipse-pde
%endif
BuildArch: noarch
%description
ECF is a set of frameworks for building communications into applications and
services. It provides a lightweight, modular, transport-independent, fully
compliant implementation of the OSGi Remote Services standard.
%package core
Summary: Eclipse ECF Core
Requires: httpcomponents-client httpcomponents-core
%description core
ECF bundles required by eclipse-platform.
Requires: httpcomponents-client
Requires: httpcomponents-core
# Obsolete SDK and runtime packages since F33
Obsoletes: %{name}-runtime < 3.14.17-3
Obsoletes: %{name}-sdk < 3.14.17-3
%prep
%setup -q -n org.eclipse.ecf-%{git_tag}
find . -type f -name "*.jar" -exec rm {} \;
find . -type f -name "*.class" -exec rm {} \;
%patch0 -p1
%patch1 -p1
%patch2 -p1
# Requires Optional from Java 8
sed -i -e 's/JavaSE-1.7/JavaSE-1.8/' providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient45/META-INF/MANIFEST.MF
# Don't use target platform or jgit packaging bits
%pom_xpath_remove "pom:target"
%pom_xpath_remove "pom:plugin[pom:artifactId='tycho-packaging-plugin']/pom:dependencies"
%pom_xpath_remove "pom:plugin[pom:artifactId='tycho-packaging-plugin']/pom:configuration/pom:sourceReferences"
%pom_xpath_remove "pom:plugin[pom:artifactId='tycho-packaging-plugin']/pom:configuration/pom:timestampProvider"
%pom_disable_module releng/org.eclipse.ecf.releng.repository
# Don't build bundles that are not relevant to our platform
%pom_disable_module providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient45.win32
%pom_xpath_remove "feature/plugin[@os='win32']" releng/features/org.eclipse.ecf.filetransfer.httpclient45.feature/feature.xml
# Only build core modules needed by Eclipse platform
%pom_xpath_replace "pom:modules" "<modules>
<module>releng/features/org.eclipse.ecf.core.feature</module>
<module>releng/features/org.eclipse.ecf.core.ssl.feature</module>
<module>releng/features/org.eclipse.ecf.filetransfer.feature</module>
<module>releng/features/org.eclipse.ecf.filetransfer.httpclient4.feature</module>
<module>releng/features/org.eclipse.ecf.filetransfer.httpclient4.ssl.feature</module>
<module>releng/features/org.eclipse.ecf.filetransfer.httpclient45.feature</module>
<module>releng/features/org.eclipse.ecf.filetransfer.ssl.feature</module>
<module>framework/bundles/org.eclipse.ecf</module>
<module>framework/bundles/org.eclipse.ecf.identity</module>
<module>framework/bundles/org.eclipse.ecf.filetransfer</module>
<module>framework/bundles/org.eclipse.ecf.ssl</module>
<module>providers/bundles/org.eclipse.ecf.provider.filetransfer</module>
<module>providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient4</module>
<module>providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient4.ssl</module>
<module>providers/bundles/org.eclipse.ecf.provider.filetransfer.httpclient45</module>
<module>providers/bundles/org.eclipse.ecf.provider.filetransfer.ssl</module>
</modules>"
%mvn_package "::{pom,target}::" __noinstall
%mvn_package "::jar:{sources,sources-feature}:" __noinstall
%mvn_package ":"
%build
QUALIFIER=$(date -u -d"$(stat --format=%y %{SOURCE0})" +v%Y%m%d-%H%M)
%mvn_build -j -- -DforceContextQualifier=$QUALIFIER
%install
%mvn_install
install -d -m 755 %{buildroot}%{_eclipsedir}
mv %{buildroot}%{_datadir}/eclipse/droplets/ecf/{plugins,features} %{buildroot}%{_eclipsedir}
rm -r %{buildroot}%{_datadir}/eclipse/droplets/ecf
sed -i -e 's|%{_datadir}/eclipse/droplets/ecf|%{_eclipsedir}|' %{buildroot}%{_datadir}/maven-metadata/eclipse-ecf.xml
sed -i -e 's|%{_datadir}/eclipse/droplets/ecf/features/|%{_eclipsedir}/features/|' \
-e 's|%{_datadir}/eclipse/droplets/ecf/plugins/|%{_eclipsedir}/plugins/|' .mfiles
sed -i -e '/droplets/d' .mfiles
for del in $( (cd %{buildroot}%{_eclipsedir}/plugins && ls | grep -v -e '^org\.eclipse\.ecf' ) ) ; do
rm %{buildroot}%{_eclipsedir}/plugins/$del
sed -i -e "/$del/d" .mfiles
done
install -d -m 755 %{buildroot}%{_javadir}/eclipse
location=%{_eclipsedir}/plugins
while [ "$location" != "/" ] ; do
location=$(dirname $location)
updir="$updir../"
done
pushd %{buildroot}%{_javadir}/eclipse
for J in ecf{,.identity,.ssl,.filetransfer,.provider.filetransfer{,.ssl,.httpclient4{,.ssl}}} ; do
DIR=$updir%{_eclipsedir}/plugins
[ -e "`ls $DIR/org.eclipse.${J}_*.jar`" ] && ln -s $DIR/org.eclipse.${J}_*.jar ${J}.jar
done
popd
%files core -f .mfiles
%{_javadir}/eclipse/*
%changelog
* Mon Mar 07 2022 xu_ping <tc@openeuler.org> - 3.14.19-2
- add filetransfer.httpclient4 and filetransfer.httpclient4.ssl for tycho
* Tue Jan 18 2022 SimpleUpdate Robot <tc@openeuler.org> - 3.14.19-1
- Upgrade to version 3.14.19
* Thu Feb 4 2021 wutao <wutao61@huawei.com> - 3.14.4-3
- remove irclib deps
* Sat Dec 12 2020 caodongxia <caodongxia@huawei.com> - 3.14.4-2
- Fix CVE-2014-0363.patch
* Thu Aug 27 2020 yanan li <liyanan032@huawei.com> - 3.14.4-1
- Package init

4
eclipse-ecf.yaml
View File

@ -1,4 +0,0 @@
version_control: git
src_repo: http://git.eclipse.org/r/ecf/org.eclipse.ecf.git
tag_prefix: "ECF_"
seperator: "_"

BIN
org.eclipse.ecf-bc2e29e0d5cf49d05bd97dbb082d2ab58eedd13b.tar.xz
View File

Binary file not shown.