Search in sources :

Example 1 with CertificateStoreManager

use of org.jivesoftware.openfire.keystore.CertificateStoreManager in project Openfire by igniterealtime.

the class XMPPServer method finishSetup.

/**
     * Finish the setup process. Because this method is meant to be called from inside
     * the Admin console plugin, it spawns its own thread to do the work so that the
     * class loader is correct.
     */
public void finishSetup() {
    if (!setupMode) {
        return;
    }
    // Make sure that setup finished correctly.
    if ("true".equals(JiveGlobals.getXMLProperty("setup"))) {
        // already been touched by setup prior to this method being called.
        for (String propName : JiveGlobals.getXMLPropertyNames()) {
            if (JiveGlobals.getProperty(propName) == null) {
                JiveGlobals.setProperty(propName, JiveGlobals.getXMLProperty(propName));
            }
        }
        // Set default SASL SCRAM-SHA-1 iteration count
        JiveGlobals.setProperty("sasl.scram-sha-1.iteration-count", Integer.toString(ScramUtils.DEFAULT_ITERATION_COUNT));
        // Check if keystore (that out-of-the-box is a fallback for all keystores) already has certificates for current domain.
        // Will be a module after finishing setup.
        CertificateStoreManager certificateStoreManager = null;
        try {
            certificateStoreManager = new CertificateStoreManager();
            certificateStoreManager.initialize(this);
            certificateStoreManager.start();
            final IdentityStore identityStore = certificateStoreManager.getIdentityStore(ConnectionType.SOCKET_C2S);
            identityStore.ensureDomainCertificates("DSA", "RSA");
        } catch (Exception e) {
            logger.error("Error generating self-signed certificates", e);
        } finally {
            if (certificateStoreManager != null) {
                certificateStoreManager.stop();
                certificateStoreManager.destroy();
            }
        }
        // Initialize list of admins now (before we restart Jetty)
        AdminManager.getInstance().getAdminAccounts();
        Thread finishSetup = new Thread() {

            @Override
            public void run() {
                try {
                    if (isStandAlone()) {
                        // Always restart the HTTP server manager. This covers the case
                        // of changing the ports, as well as generating self-signed certificates.
                        // Wait a short period before shutting down the admin console.
                        // Otherwise, the page that requested the setup finish won't
                        // render properly!
                        Thread.sleep(1000);
                        ((AdminConsolePlugin) pluginManager.getPlugin("admin")).restart();
                    //                            ((AdminConsolePlugin) pluginManager.getPlugin("admin")).shutdown();
                    //                            ((AdminConsolePlugin) pluginManager.getPlugin("admin")).startup();
                    }
                    verifyDataSource();
                    // First load all the modules so that modules may access other modules while
                    // being initialized
                    loadModules();
                    // Initize all the modules
                    initModules();
                    // Start all the modules
                    startModules();
                } catch (Exception e) {
                    e.printStackTrace();
                    logger.error(e.getMessage(), e);
                    shutdownServer();
                }
            }
        };
        // Use the correct class loader.
        finishSetup.setContextClassLoader(loader);
        finishSetup.start();
        // We can now safely indicate that setup has finished
        setupMode = false;
    }
}
Also used : AdminConsolePlugin(org.jivesoftware.openfire.container.AdminConsolePlugin) CertificateStoreManager(org.jivesoftware.openfire.keystore.CertificateStoreManager) IdentityStore(org.jivesoftware.openfire.keystore.IdentityStore)

Example 2 with CertificateStoreManager

use of org.jivesoftware.openfire.keystore.CertificateStoreManager in project Openfire by igniterealtime.

the class XMPPServer method finalSetupSteps.

private void finalSetupSteps() {
    for (String propName : JiveGlobals.getXMLPropertyNames()) {
        if (!XML_ONLY_PROPERTIES.contains(propName)) {
            if (JiveGlobals.getProperty(propName) == null) {
                JiveGlobals.setProperty(propName, JiveGlobals.getXMLProperty(propName));
            }
            JiveGlobals.setPropertyEncrypted(propName, JiveGlobals.isXMLPropertyEncrypted(propName));
        }
    }
    // Check if keystore (that out-of-the-box is a fallback for all keystores) already has certificates for current domain.
    // Will be a module after finishing setup.
    CertificateStoreManager certificateStoreManager = null;
    try {
        certificateStoreManager = new CertificateStoreManager();
        certificateStoreManager.initialize(this);
        certificateStoreManager.start();
        final IdentityStore identityStore = certificateStoreManager.getIdentityStore(ConnectionType.SOCKET_C2S);
        identityStore.ensureDomainCertificate();
    } catch (Exception e) {
        logger.error("Error generating self-signed certificates", e);
    } finally {
        if (certificateStoreManager != null) {
            certificateStoreManager.stop();
            certificateStoreManager.destroy();
        }
    }
    // Initialize list of admins now (before we restart Jetty)
    AdminManager.getInstance().getAdminAccounts();
}
Also used : CertificateStoreManager(org.jivesoftware.openfire.keystore.CertificateStoreManager) IdentityStore(org.jivesoftware.openfire.keystore.IdentityStore) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) FileNotFoundException(java.io.FileNotFoundException)

Example 3 with CertificateStoreManager

use of org.jivesoftware.openfire.keystore.CertificateStoreManager in project Openfire by igniterealtime.

the class SASLAuthentication method verifyCertificates.

public static boolean verifyCertificates(Certificate[] chain, String hostname, boolean isS2S) {
    final CertificateStoreManager certificateStoreManager = XMPPServer.getInstance().getCertificateStoreManager();
    final ConnectionType connectionType = isS2S ? ConnectionType.SOCKET_S2S : ConnectionType.SOCKET_C2S;
    final TrustStore trustStore = certificateStoreManager.getTrustStore(connectionType);
    final X509Certificate trusted = trustStore.getEndEntityCertificate(chain);
    if (trusted != null) {
        return verifyCertificate(trusted, hostname);
    }
    return false;
}
Also used : ConnectionType(org.jivesoftware.openfire.spi.ConnectionType) TrustStore(org.jivesoftware.openfire.keystore.TrustStore) CertificateStoreManager(org.jivesoftware.openfire.keystore.CertificateStoreManager) X509Certificate(java.security.cert.X509Certificate)

Aggregations

CertificateStoreManager (org.jivesoftware.openfire.keystore.CertificateStoreManager)3 IdentityStore (org.jivesoftware.openfire.keystore.IdentityStore)2 FileNotFoundException (java.io.FileNotFoundException)1 IOException (java.io.IOException)1 UnknownHostException (java.net.UnknownHostException)1 X509Certificate (java.security.cert.X509Certificate)1 AdminConsolePlugin (org.jivesoftware.openfire.container.AdminConsolePlugin)1 TrustStore (org.jivesoftware.openfire.keystore.TrustStore)1 ConnectionType (org.jivesoftware.openfire.spi.ConnectionType)1