Don't show the security padlock when the security controller requires secure signaling, but signaling is insecure

19 files changed, 194 insertions, 11 deletions

diff --git a/src/net/java/sip/communicator/impl/gui/main/call/CallPeerAdapter.java b/src/net/java/sip/communicator/impl/gui/main/call/CallPeerAdapter.java
index 38e6099..0af2990 100644
--- a/src/net/java/sip/communicator/impl/gui/main/call/CallPeerAdapter.java
+++ b/src/net/java/sip/communicator/impl/gui/main/call/CallPeerAdapter.java
@@ -267,8 +267,13 @@ public class CallPeerAdapter
 
         renderer.securityOn(evt);
 
-        NotificationManager.fireNotification(
-            NotificationManager.CALL_SECURITY_ON);
+        if((evt.getSecurityController().requiresSecureSignalingTransport()
+            && peer.getProtocolProvider().isSignalingTransportSecure())
+            || !evt.getSecurityController().requiresSecureSignalingTransport())
+        {
+            NotificationManager.fireNotification(
+                NotificationManager.CALL_SECURITY_ON);
+        }
     }
 
     /**
diff --git a/src/net/java/sip/communicator/impl/gui/main/call/OneToOneCallPeerPanel.java b/src/net/java/sip/communicator/impl/gui/main/call/OneToOneCallPeerPanel.java
index d7ca8ea..f3e7271 100644
--- a/src/net/java/sip/communicator/impl/gui/main/call/OneToOneCallPeerPanel.java
+++ b/src/net/java/sip/communicator/impl/gui/main/call/OneToOneCallPeerPanel.java
@@ -1214,10 +1214,14 @@ public class OneToOneCallPeerPanel
      */
     public void securityOn(CallPeerSecurityOnEvent evt)
     {
-        securityStatusLabel.setIcon(new ImageIcon(ImageLoader
-            .getImage(ImageLoader.SECURE_BUTTON_ON)));
-
-        securityImageID = ImageLoader.SECURE_BUTTON_ON;
+        if((evt.getSecurityController().requiresSecureSignalingTransport()
+            && callPeer.getProtocolProvider().isSignalingTransportSecure())
+            || !evt.getSecurityController().requiresSecureSignalingTransport())
+        {
+            securityImageID = ImageLoader.SECURE_BUTTON_ON;
+            securityStatusLabel.setIcon(new ImageIcon(ImageLoader
+                .getImage(securityImageID)));
+        }
 
         //set common encryption properties
         securityStatusLabel.setEncryptionCipher(evt.getCipher());
diff --git a/src/net/java/sip/communicator/impl/gui/main/call/conference/BasicConferenceParticipantPanel.java b/src/net/java/sip/communicator/impl/gui/main/call/conference/BasicConferenceParticipantPanel.java
index 8c08fa8..0180bdd 100644
--- a/src/net/java/sip/communicator/impl/gui/main/call/conference/BasicConferenceParticipantPanel.java
+++ b/src/net/java/sip/communicator/impl/gui/main/call/conference/BasicConferenceParticipantPanel.java
@@ -138,6 +138,11 @@ public abstract class BasicConferenceParticipantPanel
     private boolean isLocalPeer;
 
     /**
+     * A reference to the container of this call member panel.
+     */
+    private CallRenderer renderer = null;
+
+    /**
      * Creates an instance of <tt>ConferenceParticipantPanel</tt>.
      *
      * @param renderer the renderer for the call
@@ -145,6 +150,7 @@ public abstract class BasicConferenceParticipantPanel
     public BasicConferenceParticipantPanel( CallRenderer renderer,
                                             boolean isLocalPeer)
     {
+        this.renderer = renderer;
         this.isLocalPeer = isLocalPeer;
 
         soundIndicator = new SoundLevelIndicator(  renderer,
@@ -424,9 +430,15 @@ public abstract class BasicConferenceParticipantPanel
      */
     public void securityOn(CallPeerSecurityOnEvent evt)
     {
-        securityImageID = ImageLoader.SECURE_ON_CONF_CALL;
-        securityStatusLabel.setIcon(new ImageIcon(ImageLoader
-            .getImage(securityImageID)));
+        if ((evt.getSecurityController().requiresSecureSignalingTransport()
+            && renderer.getCall().getProtocolProvider()
+                .isSignalingTransportSecure())
+            || !evt.getSecurityController().requiresSecureSignalingTransport())
+        {
+            securityImageID = ImageLoader.SECURE_ON_CONF_CALL;
+            securityStatusLabel.setIcon(new ImageIcon(ImageLoader
+                .getImage(securityImageID)));
+        }
 
         securityStatusLabel.setEncryptionCipher(evt.getCipher());
         switch (evt.getSessionType())
diff --git a/src/net/java/sip/communicator/impl/neomedia/ZrtpControlImpl.java b/src/net/java/sip/communicator/impl/neomedia/ZrtpControlImpl.java
index 70f6de6..da534a1 100644
--- a/src/net/java/sip/communicator/impl/neomedia/ZrtpControlImpl.java
+++ b/src/net/java/sip/communicator/impl/neomedia/ZrtpControlImpl.java
@@ -279,4 +279,14 @@ public class ZrtpControlImpl
     {
         return getTransformEngine().getUserCallback().isSecurityVerified();
     }
+
+    /**
+     * Returns false, ZRTP exchanges is keys over the media path.
+     * 
+     * @return false
+     */
+    public boolean requiresSecureSignalingTransport()
+    {
+        return false;
+    }
 }
diff --git a/src/net/java/sip/communicator/impl/neomedia/transform/sdes/SDesControlImpl.java b/src/net/java/sip/communicator/impl/neomedia/transform/sdes/SDesControlImpl.java
index 90c2579..9f3a9fa 100644
--- a/src/net/java/sip/communicator/impl/neomedia/transform/sdes/SDesControlImpl.java
+++ b/src/net/java/sip/communicator/impl/neomedia/transform/sdes/SDesControlImpl.java
@@ -181,4 +181,14 @@ public class SDesControlImpl
     public void setConnector(AbstractRTPConnector newValue)

     {

     }

+

+    /**

+     * Returns true, SDES always requires the secure transport of its keys.

+     * 

+     * @return true

+     */

+    public boolean requiresSecureSignalingTransport()

+    {

+        return true;

+    }

 }

diff --git a/src/net/java/sip/communicator/impl/protocol/dict/ProtocolProviderServiceDictImpl.java b/src/net/java/sip/communicator/impl/protocol/dict/ProtocolProviderServiceDictImpl.java
index 445783b..312822e 100644
--- a/src/net/java/sip/communicator/impl/protocol/dict/ProtocolProviderServiceDictImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/dict/ProtocolProviderServiceDictImpl.java
@@ -301,7 +301,15 @@ public class ProtocolProviderServiceDictImpl
                 RegistrationStateChangeEvent.REASON_USER_REQUEST,
                 null);
     }
-    
+
+    /**
+     * DICT has no support for secure transport.
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Close the connection to the server 
      */
diff --git a/src/net/java/sip/communicator/impl/protocol/gibberish/ProtocolProviderServiceGibberishImpl.java b/src/net/java/sip/communicator/impl/protocol/gibberish/ProtocolProviderServiceGibberishImpl.java
index 56d26b9..a38339c 100644
--- a/src/net/java/sip/communicator/impl/protocol/gibberish/ProtocolProviderServiceGibberishImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/gibberish/ProtocolProviderServiceGibberishImpl.java
@@ -292,6 +292,14 @@ public class ProtocolProviderServiceGibberishImpl
     }
 
     /**
+     * Gibberish has no support for secure transport.
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
+    /**
      * Returns the gibberish protocol icon.
      * @return the gibberish protocol icon
      */
diff --git a/src/net/java/sip/communicator/impl/protocol/icq/ProtocolProviderServiceIcqImpl.java b/src/net/java/sip/communicator/impl/protocol/icq/ProtocolProviderServiceIcqImpl.java
index 2f3f1b5..bba63f2 100644
--- a/src/net/java/sip/communicator/impl/protocol/icq/ProtocolProviderServiceIcqImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/icq/ProtocolProviderServiceIcqImpl.java
@@ -428,6 +428,17 @@ public class ProtocolProviderServiceIcqImpl
             aimConnection.disconnect(true);
     }
 
+    /*
+     * (non-Javadoc)
+     * 
+     * @see net.java.sip.communicator.service.protocol.ProtocolProviderService#
+     * isSignallingTransportSecure()
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Returns the short name of the protocol that the implementation of this
      * provider is based upon (like SIP, Jabber, ICQ/AIM, or others for
diff --git a/src/net/java/sip/communicator/impl/protocol/irc/ProtocolProviderServiceIrcImpl.java b/src/net/java/sip/communicator/impl/protocol/irc/ProtocolProviderServiceIrcImpl.java
index a41dd9f..1041a1a 100644
--- a/src/net/java/sip/communicator/impl/protocol/irc/ProtocolProviderServiceIrcImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/irc/ProtocolProviderServiceIrcImpl.java
@@ -277,6 +277,17 @@ public class ProtocolProviderServiceIrcImpl
             ircStack.disconnect();
     }
 
+    /*
+     * (non-Javadoc)
+     * 
+     * @see net.java.sip.communicator.service.protocol.ProtocolProviderService#
+     * isSignallingTransportSecure()
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Returns the icon for this protocol.
      * 
diff --git a/src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java b/src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java
index 2842e3c..8659de6 100644
--- a/src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java
@@ -446,6 +446,16 @@ public class ProtocolProviderServiceJabberImpl
     }
 
     /**
+     * Indicates if the XMPP transport channel is using a TLS secured socket.
+     * 
+     * @return True when TLS is used, false otherwise.
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return connection != null && connection.isUsingTLS();
+    }
+
+    /**
      * Connects and logins to the server
      * @param authority SecurityAuthority
      * @param reasonCode the authentication reason code. Indicates the reason of
diff --git a/src/net/java/sip/communicator/impl/protocol/mock/MockProvider.java b/src/net/java/sip/communicator/impl/protocol/mock/MockProvider.java
index d46bce8..31e8ada 100644
--- a/src/net/java/sip/communicator/impl/protocol/mock/MockProvider.java
+++ b/src/net/java/sip/communicator/impl/protocol/mock/MockProvider.java
@@ -200,6 +200,17 @@ public class MockProvider
     {
     }
 
+    /*
+     * (non-Javadoc)
+     * 
+     * @see net.java.sip.communicator.service.protocol.ProtocolProviderService#
+     * isSignallingTransportSecure()
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Returns the AccountID that uniquely identifies the account represented by
      * this instance of the ProtocolProviderService.
diff --git a/src/net/java/sip/communicator/impl/protocol/msn/ProtocolProviderServiceMsnImpl.java b/src/net/java/sip/communicator/impl/protocol/msn/ProtocolProviderServiceMsnImpl.java
index 0803dfb..c6cef33 100644
--- a/src/net/java/sip/communicator/impl/protocol/msn/ProtocolProviderServiceMsnImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/msn/ProtocolProviderServiceMsnImpl.java
@@ -240,6 +240,17 @@ public class ProtocolProviderServiceMsnImpl
         unregister(true);
     }
 
+    /*
+     * (non-Javadoc)
+     * 
+     * @see net.java.sip.communicator.service.protocol.ProtocolProviderService#
+     * isSignallingTransportSecure()
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Unregister and fire the event if requested
      * @param fireEvent boolean
diff --git a/src/net/java/sip/communicator/impl/protocol/rss/ProtocolProviderServiceRssImpl.java b/src/net/java/sip/communicator/impl/protocol/rss/ProtocolProviderServiceRssImpl.java
index 50e9cc3..d4a73e2 100644
--- a/src/net/java/sip/communicator/impl/protocol/rss/ProtocolProviderServiceRssImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/rss/ProtocolProviderServiceRssImpl.java
@@ -231,6 +231,17 @@ public class ProtocolProviderServiceRssImpl
             , null);
     }
 
+    /*
+     * (non-Javadoc)
+     * 
+     * @see net.java.sip.communicator.service.protocol.ProtocolProviderService#
+     * isSignallingTransportSecure()
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Returns the rss protocol icon.
      * @return the rss protocol icon
diff --git a/src/net/java/sip/communicator/impl/protocol/sip/ProtocolProviderServiceSipImpl.java b/src/net/java/sip/communicator/impl/protocol/sip/ProtocolProviderServiceSipImpl.java
index b6d0f79..743fb5a 100644
--- a/src/net/java/sip/communicator/impl/protocol/sip/ProtocolProviderServiceSipImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/sip/ProtocolProviderServiceSipImpl.java
@@ -1922,6 +1922,17 @@ public class ProtocolProviderServiceSipImpl
     }
 
     /**
+     * Indicates if the SIP transport channel is using a TLS secured socket.
+     * 
+     * @return True when TLS is used the SIP transport protocol, false
+     *         otherwise or when no proxy is being used.
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return ListeningPoint.TLS.equalsIgnoreCase(outboundProxyTransport);
+    }
+
+    /**
      * Extracts all properties concerning the usage of an outbound proxy for
      * this account.
      * @param accountID the account whose outbound proxy we are currently
diff --git a/src/net/java/sip/communicator/impl/protocol/ssh/ProtocolProviderServiceSSHImpl.java b/src/net/java/sip/communicator/impl/protocol/ssh/ProtocolProviderServiceSSHImpl.java
index eb90dc2..9c9c0b9 100644
--- a/src/net/java/sip/communicator/impl/protocol/ssh/ProtocolProviderServiceSSHImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/ssh/ProtocolProviderServiceSSHImpl.java
@@ -619,7 +619,18 @@ public class ProtocolProviderServiceSSHImpl
                 , RegistrationStateChangeEvent.REASON_USER_REQUEST
                 , null);
     }
-    
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see net.java.sip.communicator.service.protocol.ProtocolProviderService#
+     * isSignallingTransportSecure()
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Returns the ssh protocol icon.
      * @return the ssh protocol icon
diff --git a/src/net/java/sip/communicator/impl/protocol/yahoo/ProtocolProviderServiceYahooImpl.java b/src/net/java/sip/communicator/impl/protocol/yahoo/ProtocolProviderServiceYahooImpl.java
index 02e1958..679fcb8 100644
--- a/src/net/java/sip/communicator/impl/protocol/yahoo/ProtocolProviderServiceYahooImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/yahoo/ProtocolProviderServiceYahooImpl.java
@@ -324,6 +324,17 @@ public class ProtocolProviderServiceYahooImpl
                 null);
     }
 
+    /*
+     * (non-Javadoc)
+     * 
+     * @see net.java.sip.communicator.service.protocol.ProtocolProviderService#
+     * isSignallingTransportSecure()
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Returns the short name of the protocol that the implementation of this
      * provider is based upon (like SIP, Msn, ICQ/AIM, or others for
diff --git a/src/net/java/sip/communicator/impl/protocol/zeroconf/ProtocolProviderServiceZeroconfImpl.java b/src/net/java/sip/communicator/impl/protocol/zeroconf/ProtocolProviderServiceZeroconfImpl.java
index 120a6bd..2aef1f1 100644
--- a/src/net/java/sip/communicator/impl/protocol/zeroconf/ProtocolProviderServiceZeroconfImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/zeroconf/ProtocolProviderServiceZeroconfImpl.java
@@ -258,6 +258,17 @@ public class ProtocolProviderServiceZeroconfImpl
             , null);
     }
 
+    /*
+     * (non-Javadoc)
+     * 
+     * @see net.java.sip.communicator.service.protocol.ProtocolProviderService#
+     * isSignallingTransportSecure()
+     */
+    public boolean isSignalingTransportSecure()
+    {
+        return false;
+    }
+
     /**
      * Returns the zeroconf protocol icon.
      * @return the zeroconf protocol icon
diff --git a/src/net/java/sip/communicator/service/neomedia/SrtpControl.java b/src/net/java/sip/communicator/service/neomedia/SrtpControl.java
index 4f940f6..18cb7cd 100644
--- a/src/net/java/sip/communicator/service/neomedia/SrtpControl.java
+++ b/src/net/java/sip/communicator/service/neomedia/SrtpControl.java
@@ -75,4 +75,13 @@ public interface SrtpControl
      * SRTP engine
      */
     public void setConnector(AbstractRTPConnector newValue);
+
+    /**
+     * Indicates if the key exchange method is dependent on secure transport of
+     * the signaling channel.
+     * 
+     * @return True when secure signaling is required to make the encryption
+     *         secure, false otherwise.
+     */
+    public boolean requiresSecureSignalingTransport();
 }
diff --git a/src/net/java/sip/communicator/service/protocol/ProtocolProviderService.java b/src/net/java/sip/communicator/service/protocol/ProtocolProviderService.java
index 9228144..487afdd 100644
--- a/src/net/java/sip/communicator/service/protocol/ProtocolProviderService.java
+++ b/src/net/java/sip/communicator/service/protocol/ProtocolProviderService.java
@@ -179,4 +179,12 @@ public interface ProtocolProviderService
      * @return the id of the account represented by this provider.
      */
     public AccountID getAccountID();
+
+    /**
+     * Indicate if the signaling transport of this protocol instance uses a
+     * secure (e.g. via TLS) connection.
+     * 
+     * @return True when the connection is secured, false otherwise.
+     */
+    public boolean isSignalingTransportSecure();
 }