Removed setting port for STARTTLS, fixed enabled on start checkboxes.

Added setUp method to SPARKSSLContext, removed acceptAll from Security
tab as there is already Accept All checkbox in certificates tab.

Author: Alameyo

core/src/main/java/org/jivesoftware/AccountCreationWizard.java

@@ -34,7 +34,6 @@
 import org.jivesoftware.spark.util.SwingWorker;
 import org.jivesoftware.spark.util.log.Log;
 import org.jivesoftware.sparkimpl.certificates.SparkSSLContext;
-import org.jivesoftware.sparkimpl.certificates.SparkTrustManager;
 import org.jivesoftware.sparkimpl.settings.local.LocalPreferences;
 import org.jivesoftware.sparkimpl.settings.local.SettingsManager;
 import org.jxmpp.util.XmppStringUtils;
@@ -45,9 +44,6 @@
 import java.io.IOException;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Security;
 
 /**
  * Allows the creation of accounts on an XMPP server.
@@ -362,14 +358,10 @@ private XMPPConnection getConnection() throws SmackException, IOException, XMPPE
         }
 
         if (securityMode != ConnectionConfiguration.SecurityMode.disabled && !useOldSSL) {
-            builder.setPort(5222);
             // This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
             // plain connections which is 5222.
             try {
-                Provider bcProvider = new BouncyCastleJsseProvider();
-                Security.addProvider(bcProvider);
-                SSLContext context = SparkSSLContext.getInstance("TLS");
-                context.init(null, SparkTrustManager.getTrustManagerList(), new SecureRandom());
+                SSLContext context = SparkSSLContext.setUpContext();
                 builder.setCustomSSLContext(context);
                 builder.setSecurityMode( securityMode );
             } catch (NoSuchAlgorithmException | KeyManagementException e) {

core/src/main/java/org/jivesoftware/LoginDialog.java

@@ -16,7 +16,6 @@
 
 package org.jivesoftware;
 
-import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
 import org.dom4j.Document;
 import org.dom4j.DocumentException;
 import org.dom4j.Element;
@@ -47,7 +46,6 @@
 import org.jivesoftware.spark.util.log.Log;
 import org.jivesoftware.sparkimpl.plugin.manager.Enterprise;
 import org.jivesoftware.sparkimpl.certificates.SparkSSLContext;
-import org.jivesoftware.sparkimpl.certificates.SparkTrustManager;
 import org.jivesoftware.sparkimpl.plugin.layout.LayoutSettings;
 import org.jivesoftware.sparkimpl.plugin.layout.LayoutSettingsManager;
 import org.jivesoftware.sparkimpl.settings.JiveInfo;
@@ -81,9 +79,6 @@
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Security;
 import java.util.*;
 import java.util.List;
 
@@ -285,14 +280,10 @@ protected XMPPTCPConnectionConfiguration retrieveConnectionConfiguration() {
         }
 
         if (securityMode != ConnectionConfiguration.SecurityMode.disabled && !useOldSSL) {
-            builder.setPort(5222);
             // This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
             // plain connections which is 5222.
             try {
-                Provider bcProvider = new BouncyCastleJsseProvider();
-                Security.addProvider(bcProvider);
-                SSLContext context = SparkSSLContext.getInstance("TLS");
-                context.init(null, SparkTrustManager.getTrustManagerList(), new SecureRandom());
+                SSLContext context = SparkSSLContext.setUpContext();
                 builder.setCustomSSLContext(context);
                 builder.setSecurityMode( securityMode );
             } catch (NoSuchAlgorithmException | KeyManagementException e) {

core/src/main/java/org/jivesoftware/spark/ui/login/CertificatesManagerSettingsPanel.java

@@ -144,6 +144,10 @@ public Component prepareRenderer(TableCellRenderer renderer, int rowIndex,
 		checkCRL.addActionListener(this);
 		checkOCSP.addActionListener(this);
 		acceptRevoked.addActionListener(this);
+		acceptExpired.setEnabled(!acceptAll.isSelected());
+		acceptNotValidYet.setEnabled(!acceptAll.isSelected());
+		acceptRevoked.setEnabled(!acceptAll.isSelected());
+		acceptSelfSigned.setEnabled(!acceptAll.isSelected());
 		checkCRL.setEnabled(!acceptRevoked.isSelected());
 		checkOCSP.setEnabled(checkCRL.isSelected());
 		allowSoftFail.setEnabled(checkOCSP.isSelected());
@@ -197,9 +201,6 @@ public void actionPerformed(ActionEvent e) {
                 acceptExpired.setEnabled(true);
                 acceptNotValidYet.setEnabled(true);
                 acceptRevoked.setEnabled(true);
-                checkCRL.setEnabled(true);
-                checkOCSP.setEnabled(true);
-                allowSoftFail.setEnabled(true);
 
             }
         } else if (e.getSource() == showCert) {
@@ -213,7 +214,6 @@ public void actionPerformed(ActionEvent e) {
             if (checkCRL.isSelected()) {
 
                 checkOCSP.setEnabled(true);
-                allowSoftFail.setEnabled(true);
             } else if (!checkCRL.isSelected()) {
 
                 checkOCSP.setSelected(false);

core/src/main/java/org/jivesoftware/spark/ui/login/SecurityLoginSettingsPanel.java

@@ -24,9 +24,6 @@
 
 import javax.swing.*;
 import java.awt.*;
-import java.awt.event.ActionEvent;
-import java.awt.event.ActionListener;
-
 import static java.awt.GridBagConstraints.*;
 
 /**
@@ -49,7 +46,6 @@ public class SecurityLoginSettingsPanel extends JPanel
     // Checkbox that toggles between 'old' style SSL (socket encryption, typically on port 5223), or STARTTLS. A check indicates 'old' behavior.
     private JCheckBox useSSLBox;
 
-    private JCheckBox acceptAllCertificatesBox;
     private JCheckBox disableHostnameVerificationBox;
 
     public SecurityLoginSettingsPanel( LocalPreferences localPreferences, JDialog optionsDialog )
@@ -73,15 +69,13 @@ public SecurityLoginSettingsPanel( LocalPreferences localPreferences, JDialog op
         modeDisabledRadio.setToolTipText( Res.getString( "tooltip.encryptionmode.disabled" ) );
 
         useSSLBox = new JCheckBox();
-        acceptAllCertificatesBox = new JCheckBox();
         disableHostnameVerificationBox = new JCheckBox();
 
         // .. Set labels/text for all the components.
         ResourceUtils.resButton( modeRequiredRadio,              Res.getString( "radio.encryptionmode.required" ) );
         ResourceUtils.resButton( modeIfPossibleRadio,            Res.getString( "radio.encryptionmode.ifpossible" ) );
         ResourceUtils.resButton( modeDisabledRadio,              Res.getString( "radio.encryptionmode.disabled" ) );
         ResourceUtils.resButton( useSSLBox,                      Res.getString( "label.old.ssl" ) );
-        ResourceUtils.resButton( acceptAllCertificatesBox,       Res.getString( "checkbox.accept.all.certificates" ) );
         ResourceUtils.resButton( disableHostnameVerificationBox, Res.getString( "checkbox.disable.hostname.verification" ) );
 
         // ... add the radio buttons to a group to make them interdependent.
@@ -94,7 +88,6 @@ public SecurityLoginSettingsPanel( LocalPreferences localPreferences, JDialog op
         modeDisabledRadio.addChangeListener( e -> {
             final boolean encryptionPossible = !modeDisabledRadio.isSelected();
             useSSLBox.setEnabled( encryptionPossible );
-            acceptAllCertificatesBox.setEnabled( encryptionPossible );
             disableHostnameVerificationBox.setEnabled( encryptionPossible );
         } );
 
@@ -103,7 +96,6 @@ public SecurityLoginSettingsPanel( LocalPreferences localPreferences, JDialog op
         modeIfPossibleRadio.setSelected( localPreferences.getSecurityMode() == ConnectionConfiguration.SecurityMode.ifpossible );
         modeDisabledRadio.setSelected( localPreferences.getSecurityMode() == ConnectionConfiguration.SecurityMode.disabled );
         useSSLBox.setSelected( localPreferences.isSSL() );
-        acceptAllCertificatesBox.setSelected( localPreferences.isAcceptAllCertificates() );
         disableHostnameVerificationBox.setSelected( localPreferences.isDisableHostnameVerification() );
 
         // ... place the components on the titled-border panel.
@@ -116,8 +108,7 @@ public SecurityLoginSettingsPanel( LocalPreferences localPreferences, JDialog op
         add( encryptionModePanel,            new GridBagConstraints( 0, 0, 1, 1, 1.0, 0.0, NORTHWEST, HORIZONTAL, DEFAULT_INSETS, 0, 0 ) );
 
         // ... place the other components under the titled-border panel.
-        add( acceptAllCertificatesBox,       new GridBagConstraints( 0, 1, 1, 1, 0.0, 0.0, NORTHWEST, HORIZONTAL, DEFAULT_INSETS, 0, 0 ) );
-        add( disableHostnameVerificationBox, new GridBagConstraints( 0, 2, 1, 1, 0.0, 1.0, NORTHWEST, HORIZONTAL, DEFAULT_INSETS, 0, 0 ) );
+        add( disableHostnameVerificationBox, new GridBagConstraints( 0, 1, 1, 1, 0.0, 1.0, NORTHWEST, HORIZONTAL, DEFAULT_INSETS, 0, 0 ) );
     }
 
     public boolean validate_settings()
@@ -140,7 +131,6 @@ public void saveSettings()
             localPreferences.setSecurityMode( ConnectionConfiguration.SecurityMode.disabled );
         }
         localPreferences.setSSL( useSSLBox.isSelected() );
-        localPreferences.setAcceptAllCertificates( acceptAllCertificatesBox.isSelected() );
         localPreferences.setDisableHostnameVerification( disableHostnameVerificationBox.isSelected() );
         SettingsManager.saveSettings();
     }

core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkSSLContext.java

@@ -1,6 +1,10 @@
 package org.jivesoftware.sparkimpl.certificates;
 
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.Provider;
+import java.security.SecureRandom;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLContextSpi;
@@ -12,4 +16,17 @@ protected SparkSSLContext(SSLContextSpi contextSpi, Provider provider, String pr
         // TODO Auto-generated constructor stub
     }
 
+    /**
+     * Create SSLContext and initialize it
+     * 
+     * @return initialized SSL context with BouncyCastleProvider
+     * @throws KeyManagementException
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     */
+    public static SSLContext setUpContext() throws KeyManagementException, NoSuchAlgorithmException {
+        SSLContext context = SparkSSLContext.getInstance("TLS");
+        context.init(null, SparkTrustManager.getTrustManagerList(), new SecureRandom());
+        return context;
+    }
 }