From 608ba8ce4abfa7325bb1d9018e0265d301a73b9a Mon Sep 17 00:00:00 2001 From: "Alexander \"PapaTutuWawa" Date: Sat, 12 Nov 2022 12:41:27 +0100 Subject: [PATCH] feat(moxxmpp_socket_tcp): Make onBadCertificate available --- packages/moxxmpp_socket_tcp/lib/src/socket.dart | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/packages/moxxmpp_socket_tcp/lib/src/socket.dart b/packages/moxxmpp_socket_tcp/lib/src/socket.dart index 1975fc4..4113eeb 100644 --- a/packages/moxxmpp_socket_tcp/lib/src/socket.dart +++ b/packages/moxxmpp_socket_tcp/lib/src/socket.dart @@ -49,12 +49,13 @@ class TCPSocketWrapper extends BaseSocketWrapper { Future> srvQuery(String domain, bool dnssec) async { return []; } - - bool _onBadCertificate(dynamic certificate, String domain) { - _log.fine('Bad certificate: ${certificate.toString()}'); - //final isExpired = certificate.endValidity.isAfter(DateTime.now()); - // TODO(Unknown): Either validate the certificate ourselves or use a platform native - // hostname verifier (or Dart adds it themselves) + + /// Called when we encounter a certificate we cannot verify. [certificate] refers to the certificate + /// in question, while [domain] refers to the domain we try to validate the certificate against. + /// + /// Return true if the certificate should be accepted. Return false if it should be rejected. + @visibleForOverriding + bool onBadCertificate(dynamic certificate, String domain) { return false; } @@ -83,7 +84,7 @@ class TCPSocketWrapper extends BaseSocketWrapper { sock, host: domain, supportedProtocols: const [ xmppClientALPNId ], - onBadCertificate: (cert) => _onBadCertificate(cert, domain), + onBadCertificate: (cert) => onBadCertificate(cert, domain), ); _ignoreSocketClosure = false; @@ -175,7 +176,7 @@ class TCPSocketWrapper extends BaseSocketWrapper { _socket = await SecureSocket.secure( _socket!, supportedProtocols: const [ xmppClientALPNId ], - onBadCertificate: (cert) => _onBadCertificate(cert, domain), + onBadCertificate: (cert) => onBadCertificate(cert, domain), ); _secure = true;