Examples with IdentityStore org.jivesoftware.openfire.keystore.IdentityStore used on opensource projects

Example 1 with IdentityStore

use of org.jivesoftware.openfire.keystore.IdentityStore in project Openfire by igniterealtime.

the class XMPPServer method finishSetup.

/**
     * Finish the setup process. Because this method is meant to be called from inside
     * the Admin console plugin, it spawns its own thread to do the work so that the
     * class loader is correct.
     */
public void finishSetup() {
    if (!setupMode) {
        return;
    }
    // Make sure that setup finished correctly.
    if ("true".equals(JiveGlobals.getXMLProperty("setup"))) {
        // already been touched by setup prior to this method being called.
        for (String propName : JiveGlobals.getXMLPropertyNames()) {
            if (JiveGlobals.getProperty(propName) == null) {
                JiveGlobals.setProperty(propName, JiveGlobals.getXMLProperty(propName));
            }
        }
        // Set default SASL SCRAM-SHA-1 iteration count
        JiveGlobals.setProperty("sasl.scram-sha-1.iteration-count", Integer.toString(ScramUtils.DEFAULT_ITERATION_COUNT));
        // Check if keystore (that out-of-the-box is a fallback for all keystores) already has certificates for current domain.
        // Will be a module after finishing setup.
        CertificateStoreManager certificateStoreManager = null;
        try {
            certificateStoreManager = new CertificateStoreManager();
            certificateStoreManager.initialize(this);
            certificateStoreManager.start();
            final IdentityStore identityStore = certificateStoreManager.getIdentityStore(ConnectionType.SOCKET_C2S);
            identityStore.ensureDomainCertificates("DSA", "RSA");
        } catch (Exception e) {
            logger.error("Error generating self-signed certificates", e);
        } finally {
            if (certificateStoreManager != null) {
                certificateStoreManager.stop();
                certificateStoreManager.destroy();
            }
        }
        // Initialize list of admins now (before we restart Jetty)
        AdminManager.getInstance().getAdminAccounts();
        Thread finishSetup = new Thread() {

            @Override
            public void run() {
                try {
                    if (isStandAlone()) {
                        // Always restart the HTTP server manager. This covers the case
                        // of changing the ports, as well as generating self-signed certificates.
                        // Wait a short period before shutting down the admin console.
                        // Otherwise, the page that requested the setup finish won't
                        // render properly!
                        Thread.sleep(1000);
                        ((AdminConsolePlugin) pluginManager.getPlugin("admin")).restart();
                    //                            ((AdminConsolePlugin) pluginManager.getPlugin("admin")).shutdown();
                    //                            ((AdminConsolePlugin) pluginManager.getPlugin("admin")).startup();
                    }
                    verifyDataSource();
                    // First load all the modules so that modules may access other modules while
                    // being initialized
                    loadModules();
                    // Initize all the modules
                    initModules();
                    // Start all the modules
                    startModules();
                } catch (Exception e) {
                    e.printStackTrace();
                    logger.error(e.getMessage(), e);
                    shutdownServer();
                }
            }
        };
        // Use the correct class loader.
        finishSetup.setContextClassLoader(loader);
        finishSetup.start();
        // We can now safely indicate that setup has finished
        setupMode = false;
    }
}

Example 2 with IdentityStore

use of org.jivesoftware.openfire.keystore.IdentityStore in project Openfire by igniterealtime.

the class HttpBindManager method createSSLConnector.

private Connector createSSLConnector(final Server httpBindServer) {
    final int securePort = getHttpBindSecurePort();
    try {
        final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(ConnectionType.BOSH_C2S);
        if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements()) {
            if (!identityStore.containsDomainCertificate()) {
                Log.warn("HTTP binding: Using certificates but they are not valid for the hosted domain");
            }
            final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
            final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.BOSH_C2S, true).generateConnectionConfiguration();
            final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();
            final HttpConfiguration httpsConfig = new HttpConfiguration();
            httpsConfig.setSecureScheme("https");
            httpsConfig.setSecurePort(securePort);
            configureProxiedConnector(httpsConfig);
            httpsConfig.addCustomizer(new SecureRequestCustomizer());
            httpsConfig.setSendServerVersion(false);
            final ServerConnector sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig));
            sslConnector.setHost(getBindInterface());
            sslConnector.setPort(securePort);
            return sslConnector;
        }
    } catch (Exception e) {
        Log.error("Error creating SSL connector for Http bind", e);
    }
    return null;
}

Example 3 with IdentityStore

use of org.jivesoftware.openfire.keystore.IdentityStore in project Openfire by igniterealtime.

the class AdminConsolePlugin method startup.

/**
 * Starts the Jetty instance.
 */
protected void startup() {
    deleteLegacyWebInfLibFolder();
    restartNeeded = false;
    // Add listener for certificate events
    certificateListener = new CertificateListener();
    CertificateManager.addListener(certificateListener);
    // the number of threads allocated to each connector/port
    int serverThreads = JiveGlobals.getXMLProperty("adminConsole.serverThreads", 2);
    adminPort = JiveGlobals.getXMLProperty("adminConsole.port", 9090);
    adminSecurePort = JiveGlobals.getXMLProperty("adminConsole.securePort", 9091);
    final QueuedThreadPool tp = new QueuedThreadPool();
    tp.setName("Jetty-QTP-AdminConsole");
    adminServer = new Server(tp);
    if (JMXManager.isEnabled()) {
        JMXManager jmx = JMXManager.getInstance();
        adminServer.addBean(jmx.getContainer());
    }
    // Create connector for http traffic if it's enabled.
    if (adminPort > 0) {
        final HttpConfiguration httpConfig = new HttpConfiguration();
        // Do not send Jetty info in HTTP headers
        httpConfig.setSendServerVersion(false);
        configureProxiedConnector(httpConfig);
        final ServerConnector httpConnector = new ServerConnector(adminServer, null, null, null, -1, serverThreads, new HttpConnectionFactory(httpConfig));
        // Listen on a specific network interface if it has been set.
        String bindInterface = getBindInterface();
        httpConnector.setHost(bindInterface);
        httpConnector.setPort(adminPort);
        adminServer.addConnector(httpConnector);
    }
    // Create a connector for https traffic if it's enabled.
    sslEnabled = false;
    try {
        IdentityStore identityStore = null;
        if (XMPPServer.getInstance().getCertificateStoreManager() == null) {
            Log.warn("Admin console: CertificateStoreManager has not been initialized yet. HTTPS will be unavailable.");
        } else {
            identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(ConnectionType.WEBADMIN);
        }
        if (identityStore != null && adminSecurePort > 0) {
            if (identityStore.getAllCertificates().isEmpty()) {
                Log.warn("Admin console: Identity store does not have any certificates. HTTPS will be unavailable.");
            } else {
                if (!identityStore.containsDomainCertificate()) {
                    Log.warn("Admin console: Using certificates but they are not valid for the hosted domain");
                }
                final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
                final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.WEBADMIN, true).generateConnectionConfiguration();
                final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();
                final HttpConfiguration httpsConfig = new HttpConfiguration();
                httpsConfig.setSendServerVersion(false);
                httpsConfig.setSecureScheme("https");
                httpsConfig.setSecurePort(adminSecurePort);
                httpsConfig.addCustomizer(new SecureRequestCustomizer());
                configureProxiedConnector(httpsConfig);
                final HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpsConfig);
                final SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, org.eclipse.jetty.http.HttpVersion.HTTP_1_1.toString());
                final ServerConnector httpsConnector = new ServerConnector(adminServer, null, null, null, -1, serverThreads, sslConnectionFactory, httpConnectionFactory);
                final String bindInterface = getBindInterface();
                httpsConnector.setHost(bindInterface);
                httpsConnector.setPort(adminSecurePort);
                adminServer.addConnector(httpsConnector);
                sslEnabled = true;
            }
        }
    } catch (Exception e) {
        Log.error("An exception occurred while trying to make available the admin console via HTTPS.", e);
    }
    // Make sure that at least one connector was registered.
    if (adminServer.getConnectors() == null || adminServer.getConnectors().length == 0) {
        adminServer = null;
        // Log warning.
        log(LocaleUtils.getLocalizedString("admin.console.warning"));
        return;
    }
    createWebAppContext();
    HandlerCollection collection = new HandlerCollection();
    adminServer.setHandler(collection);
    collection.setHandlers(new Handler[] { contexts, new DefaultHandler() });
    try {
        adminServer.start();
        // Log the ports that the admin server is listening on.
        logAdminConsolePorts();
    } catch (Exception e) {
        Log.error("Could not start admin console server", e);
    }
}

Example 4 with IdentityStore

use of org.jivesoftware.openfire.keystore.IdentityStore in project Openfire by igniterealtime.

the class ConnectionListener method getDefaultClientAuth.

protected Connection.ClientAuth getDefaultClientAuth() {
    try {
        final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(getType());
        final boolean hasSignedCert = identityStore.getAllCertificates().values().stream().anyMatch(certificate -> !CertificateManager.isSelfSignedCertificate(certificate) && !CertificateManager.isSigningRequestPending(certificate));
        if (hasSignedCert && Arrays.asList(ConnectionType.SOCKET_S2S).contains(getType())) {
            return Connection.ClientAuth.wanted;
        } else {
            return Connection.ClientAuth.disabled;
        }
    } catch (Exception e) {
        Log.info("An unexpected exception occurred while calculating the default client auth setting for connection type {}.", getType(), e);
        return Connection.ClientAuth.disabled;
    }
}

Example 5 with IdentityStore

use of org.jivesoftware.openfire.keystore.IdentityStore in project Openfire by igniterealtime.

the class HttpBindManager method createSSLConnector.

private void createSSLConnector(int securePort) {
    httpsConnector = null;
    try {
        final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(ConnectionType.BOSH_C2S);
        if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements()) {
            if (!identityStore.containsDomainCertificate("RSA")) {
                Log.warn("HTTP binding: Using RSA certificates but they are not valid for " + "the hosted domain");
            }
            final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
            final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.BOSH_C2S, true).generateConnectionConfiguration();
            final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();
            final HttpConfiguration httpsConfig = new HttpConfiguration();
            httpsConfig.setSecureScheme("https");
            httpsConfig.setSecurePort(securePort);
            configureProxiedConnector(httpsConfig);
            httpsConfig.addCustomizer(new SecureRequestCustomizer());
            final ServerConnector sslConnector;
            if ("npn".equals(JiveGlobals.getXMLProperty("spdy.protocol", ""))) {
                sslConnector = new HTTPSPDYServerConnector(httpBindServer, sslContextFactory);
            } else {
                sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig));
            }
            sslConnector.setHost(getBindInterface());
            sslConnector.setPort(securePort);
            httpsConnector = sslConnector;
        }
    } catch (Exception e) {
        Log.error("Error creating SSL connector for Http bind", e);
    }
}