Example 1 with MXParser
use of org.jivesoftware.openfire.net.MXParser in project Openfire by igniterealtime.
the class LocalOutgoingServerSession method secureAndAuthenticate.
private static LocalOutgoingServerSession secureAndAuthenticate(DomainPair domainPair, SocketConnection connection, XMPPPacketReader reader, StringBuilder openingStream) throws Exception {
final Logger log = LoggerFactory.getLogger(Log.getName() + "[Secure connection for: " + domainPair + "]");
Element features;
log.debug("Securing and authenticating connection ...");
log.debug("Indicating we want TLS and wait for response.");
connection.deliverRawText("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
MXParser xpp = reader.getXPPParser();
// Wait for the <proceed> response
Element proceed = reader.parseDocument().getRootElement();
if (proceed != null && proceed.getName().equals("proceed")) {
log.debug("Received 'proceed' from remote server. Negotiating TLS...");
try {
// boolean needed = JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_CERTIFICATE_VERIFY, true) &&
// JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_CERTIFICATE_CHAIN_VERIFY, true) &&
// !JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_ACCEPT_SELFSIGNED_CERTS, false);
connection.startTLS(true, false);
} catch (Exception e) {
log.debug("TLS negotiation failed: " + e.getMessage());
throw e;
}
log.debug("TLS negotiation was successful. Connection secured. Proceeding with authentication...");
if (!SASLAuthentication.verifyCertificates(connection.getPeerCertificates(), domainPair.getRemote(), true)) {
if (ServerDialback.isEnabled() || ServerDialback.isEnabledForSelfSigned()) {
log.debug("SASL authentication failed. Will continue with dialback.");
} else {
log.warn("Unable to authenticated the connection: SASL authentication failed (and dialback is not available).");
return null;
}
}
log.debug("TLS negotiation was successful so initiate a new stream.");
connection.deliverRawText(openingStream.toString());
// Reset the parser to use the new secured reader
xpp.setInput(new InputStreamReader(connection.getTLSStreamHandler().getInputStream(), StandardCharsets.UTF_8));
// Skip new stream element
for (int eventType = xpp.getEventType(); eventType != XmlPullParser.START_TAG; ) {
eventType = xpp.next();
}
// Get the stream ID
String id = xpp.getAttributeValue("", "id");
// Get new stream features
features = reader.parseDocument().getRootElement();
if (features != null) {
return authenticate(domainPair, connection, reader, openingStream, features, id);
} else {
log.debug("Failed to secure and authenticate connection: neither SASL mechanisms nor SERVER DIALBACK were offered by the remote host.");
return null;
}
} else {
log.debug("Failed to secure and authenticate connection: <proceed> was not received!");
return null;
}
}
Also used :
InputStreamReader(java.io.InputStreamReader)
MXParser(org.jivesoftware.openfire.net.MXParser)
Element(org.dom4j.Element)
Logger(org.slf4j.Logger)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
DocumentException(org.dom4j.DocumentException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
IOException(java.io.IOException)
XmlPullParserException(org.xmlpull.v1.XmlPullParserException)
SSLException(javax.net.ssl.SSLException)
Example 2 with MXParser
use of org.jivesoftware.openfire.net.MXParser in project Openfire by igniterealtime.
the class LocalOutgoingServerSession method authenticate.
private static LocalOutgoingServerSession authenticate(final DomainPair domainPair, final SocketConnection connection, final XMPPPacketReader reader, final StringBuilder openingStream, final Element features, final String id) throws DocumentException, IOException, XmlPullParserException {
final Logger log = LoggerFactory.getLogger(Log.getName() + "[Authenticate connection for: " + domainPair + "]");
MXParser xpp = reader.getXPPParser();
// Bookkeeping: determine what functionality the remote server offers.
boolean saslEXTERNALoffered = false;
if (features.element("mechanisms") != null) {
Iterator<Element> it = features.element("mechanisms").elementIterator();
while (it.hasNext()) {
Element mechanism = it.next();
if ("EXTERNAL".equals(mechanism.getTextTrim())) {
saslEXTERNALoffered = true;
break;
}
}
}
final boolean dialbackOffered = features.element("dialback") != null;
log.debug("Remote server is offering dialback: {}, EXTERNAL SASL: {}", dialbackOffered, saslEXTERNALoffered);
LocalOutgoingServerSession result = null;
// first, try SASL
if (saslEXTERNALoffered) {
log.debug("Trying to authenticate with EXTERNAL SASL.");
result = attemptSASLexternal(connection, xpp, reader, domainPair, id, openingStream);
if (result == null) {
log.debug("Failed to authenticate with EXTERNAL SASL.");
} else {
log.debug("Successfully authenticated with EXTERNAL SASL.");
}
}
// SASL unavailable or failed, try dialback.
if (result == null) {
log.debug("Trying to authenticate with dialback.");
result = attemptDialbackOverTLS(connection, reader, domainPair, id);
if (result == null) {
log.debug("Failed to authenticate with dialback.");
} else {
log.debug("Successfully authenticated with dialback.");
}
}
if (result != null) {
log.debug("Successfully secured and authenticated connection!");
return result;
} else {
log.warn("Unable to secure and authenticate connection: Exhausted all options.");
return null;
}
}Aggregations
Element (org.dom4j.Element)2
MXParser (org.jivesoftware.openfire.net.MXParser)2
Logger (org.slf4j.Logger)2
IOException (java.io.IOException)1
InputStreamReader (java.io.InputStreamReader)1
SSLException (javax.net.ssl.SSLException)1
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)1
DocumentException (org.dom4j.DocumentException)1
UnauthorizedException (org.jivesoftware.openfire.auth.UnauthorizedException)1
XmlPullParserException (org.xmlpull.v1.XmlPullParserException)1
