use of org.jivesoftware.openfire.keystore.CertificateStoreManager in project Openfire by igniterealtime.
the class XMPPServer method finishSetup.
/**
* Finish the setup process. Because this method is meant to be called from inside
* the Admin console plugin, it spawns its own thread to do the work so that the
* class loader is correct.
*/
public void finishSetup() {
if (!setupMode) {
return;
}
// Make sure that setup finished correctly.
if ("true".equals(JiveGlobals.getXMLProperty("setup"))) {
// already been touched by setup prior to this method being called.
for (String propName : JiveGlobals.getXMLPropertyNames()) {
if (JiveGlobals.getProperty(propName) == null) {
JiveGlobals.setProperty(propName, JiveGlobals.getXMLProperty(propName));
}
}
// Set default SASL SCRAM-SHA-1 iteration count
JiveGlobals.setProperty("sasl.scram-sha-1.iteration-count", Integer.toString(ScramUtils.DEFAULT_ITERATION_COUNT));
// Check if keystore (that out-of-the-box is a fallback for all keystores) already has certificates for current domain.
// Will be a module after finishing setup.
CertificateStoreManager certificateStoreManager = null;
try {
certificateStoreManager = new CertificateStoreManager();
certificateStoreManager.initialize(this);
certificateStoreManager.start();
final IdentityStore identityStore = certificateStoreManager.getIdentityStore(ConnectionType.SOCKET_C2S);
identityStore.ensureDomainCertificates("DSA", "RSA");
} catch (Exception e) {
logger.error("Error generating self-signed certificates", e);
} finally {
if (certificateStoreManager != null) {
certificateStoreManager.stop();
certificateStoreManager.destroy();
}
}
// Initialize list of admins now (before we restart Jetty)
AdminManager.getInstance().getAdminAccounts();
Thread finishSetup = new Thread() {
@Override
public void run() {
try {
if (isStandAlone()) {
// Always restart the HTTP server manager. This covers the case
// of changing the ports, as well as generating self-signed certificates.
// Wait a short period before shutting down the admin console.
// Otherwise, the page that requested the setup finish won't
// render properly!
Thread.sleep(1000);
((AdminConsolePlugin) pluginManager.getPlugin("admin")).restart();
// ((AdminConsolePlugin) pluginManager.getPlugin("admin")).shutdown();
// ((AdminConsolePlugin) pluginManager.getPlugin("admin")).startup();
}
verifyDataSource();
// First load all the modules so that modules may access other modules while
// being initialized
loadModules();
// Initize all the modules
initModules();
// Start all the modules
startModules();
} catch (Exception e) {
e.printStackTrace();
logger.error(e.getMessage(), e);
shutdownServer();
}
}
};
// Use the correct class loader.
finishSetup.setContextClassLoader(loader);
finishSetup.start();
// We can now safely indicate that setup has finished
setupMode = false;
}
}
use of org.jivesoftware.openfire.keystore.CertificateStoreManager in project Openfire by igniterealtime.
the class XMPPServer method finalSetupSteps.
private void finalSetupSteps() {
for (String propName : JiveGlobals.getXMLPropertyNames()) {
if (!XML_ONLY_PROPERTIES.contains(propName)) {
if (JiveGlobals.getProperty(propName) == null) {
JiveGlobals.setProperty(propName, JiveGlobals.getXMLProperty(propName));
}
JiveGlobals.setPropertyEncrypted(propName, JiveGlobals.isXMLPropertyEncrypted(propName));
}
}
// Check if keystore (that out-of-the-box is a fallback for all keystores) already has certificates for current domain.
// Will be a module after finishing setup.
CertificateStoreManager certificateStoreManager = null;
try {
certificateStoreManager = new CertificateStoreManager();
certificateStoreManager.initialize(this);
certificateStoreManager.start();
final IdentityStore identityStore = certificateStoreManager.getIdentityStore(ConnectionType.SOCKET_C2S);
identityStore.ensureDomainCertificate();
} catch (Exception e) {
logger.error("Error generating self-signed certificates", e);
} finally {
if (certificateStoreManager != null) {
certificateStoreManager.stop();
certificateStoreManager.destroy();
}
}
// Initialize list of admins now (before we restart Jetty)
AdminManager.getInstance().getAdminAccounts();
}
use of org.jivesoftware.openfire.keystore.CertificateStoreManager in project Openfire by igniterealtime.
the class SASLAuthentication method verifyCertificates.
public static boolean verifyCertificates(Certificate[] chain, String hostname, boolean isS2S) {
final CertificateStoreManager certificateStoreManager = XMPPServer.getInstance().getCertificateStoreManager();
final ConnectionType connectionType = isS2S ? ConnectionType.SOCKET_S2S : ConnectionType.SOCKET_C2S;
final TrustStore trustStore = certificateStoreManager.getTrustStore(connectionType);
final X509Certificate trusted = trustStore.getEndEntityCertificate(chain);
if (trusted != null) {
return verifyCertificate(trusted, hostname);
}
return false;
}
Aggregations