Example 1 with SASLGSSAPIv3CompatMechanism
use of org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism in project Spark by igniterealtime.
the class LoginDialog method retrieveConnectionConfiguration.
protected XMPPTCPConnectionConfiguration retrieveConnectionConfiguration() {
int port = localPref.getXmppPort();
int checkForPort = loginServer.indexOf(":");
if (checkForPort != -1) {
String portString = loginServer.substring(checkForPort + 1);
if (ModelUtil.hasLength(portString)) {
// Set new port.
port = Integer.parseInt(portString);
}
}
ConnectionConfiguration.SecurityMode securityMode = localPref.getSecurityMode();
boolean useOldSSL = localPref.isSSL();
boolean hostPortConfigured = localPref.isHostAndPortConfigured();
ProxyInfo proxyInfo = null;
if (localPref.isProxyEnabled()) {
ProxyInfo.ProxyType pType = localPref.getProtocol().equals("SOCKS") ? ProxyInfo.ProxyType.SOCKS5 : ProxyInfo.ProxyType.HTTP;
String pHost = ModelUtil.hasLength(localPref.getHost()) ? localPref.getHost() : null;
int pPort = ModelUtil.hasLength(localPref.getPort()) ? Integer.parseInt(localPref.getPort()) : 0;
String pUser = ModelUtil.hasLength(localPref.getProxyUsername()) ? localPref.getProxyUsername() : null;
String pPass = ModelUtil.hasLength(localPref.getProxyPassword()) ? localPref.getProxyPassword() : null;
if (pHost != null && pPort != 0) {
if (pUser == null || pPass == null) {
proxyInfo = new ProxyInfo(pType, pHost, pPort, null, null);
} else {
proxyInfo = new ProxyInfo(pType, pHost, pPort, pUser, pPass);
}
} else {
Log.error("No proxy info found but proxy type is enabled!");
}
}
DomainBareJid xmppDomain;
try {
xmppDomain = JidCreate.domainBareFrom(loginServer);
} catch (XmppStringprepException e) {
throw new IllegalStateException(e);
}
final XMPPTCPConnectionConfiguration.Builder builder = XMPPTCPConnectionConfiguration.builder().setUsernameAndPassword(loginUsername, loginPassword).setXmppDomain(xmppDomain).setPort(port).setSendPresence(false).setCompressionEnabled(localPref.isCompressionEnabled()).setSecurityMode(securityMode);
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && localPref.isDisableHostnameVerification()) {
TLSUtils.disableHostnameVerificationForTlsCertificates(builder);
}
if (localPref.isDebuggerEnabled()) {
builder.enableDefaultDebugger();
}
if (hostPortConfigured) {
builder.setHost(localPref.getXmppHost());
}
if (localPref.isProxyEnabled()) {
builder.setProxyInfo(proxyInfo);
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && !useOldSSL) {
// This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
// plain connections which is 5222.
SparkSSLContextCreator.Options options;
if (localPref.isAllowClientSideAuthentication()) {
options = SparkSSLContextCreator.Options.BOTH;
} else {
options = SparkSSLContextCreator.Options.ONLY_SERVER_SIDE;
}
try {
SSLContext context = SparkSSLContextCreator.setUpContext(options);
builder.setSslContextFactory(() -> {
return context;
});
builder.setSecurityMode(securityMode);
builder.setCustomX509TrustManager(new SparkTrustManager());
} catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | NoSuchProviderException e) {
Log.warning("Couldnt establish secured connection", e);
}
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && useOldSSL) {
if (!hostPortConfigured) {
// SMACK 4.1.9 does not support XEP-0368, and does not apply a port change, if the host is not changed too.
// Here, we force the host to be set (by doing a DNS lookup), and force the port to 5223 (which is the
// default 'old-style' SSL port).
DnsName serverNameDnsName = DnsName.from(loginServer);
java.util.List<InetAddress> resolvedAddresses = DNSUtil.getDNSResolver().lookupHostAddress(serverNameDnsName, null, DnssecMode.disabled);
if (resolvedAddresses.isEmpty()) {
throw new RuntimeException("Could not resolve " + serverNameDnsName);
}
builder.setHost(resolvedAddresses.get(0).getHostName());
builder.setPort(5223);
}
SparkSSLContextCreator.Options options;
if (localPref.isAllowClientSideAuthentication()) {
options = SparkSSLContextCreator.Options.BOTH;
} else {
options = SparkSSLContextCreator.Options.ONLY_SERVER_SIDE;
}
builder.setSocketFactory(new SparkSSLSocketFactory(options));
// SMACK 4.1.9 does not recognize an 'old-style' SSL socket as being secure, which will cause a failure when
// the 'required' Security Mode is defined. Here, we work around this by replacing that security mode with an
// 'if-possible' setting.
builder.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled) {
SASLAuthentication.registerSASLMechanism(new SASLExternalMechanism());
}
// SPARK-1747: Don't use the GSS-API SASL mechanism when SSO is disabled.
SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIMechanism.class.getName());
SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIv3CompatMechanism.class.getName());
// Add the mechanism only when SSO is enabled (which allows us to register the correct one).
if (localPref.isSSOEnabled()) {
// SPARK-1740: Register a mechanism that's compatible with Smack 3, when requested.
if (localPref.isSaslGssapiSmack3Compatible()) {
// SPARK-1747: Don't use the GSSAPI mechanism when SSO is disabled.
SASLAuthentication.registerSASLMechanism(new SASLGSSAPIv3CompatMechanism());
} else {
SASLAuthentication.registerSASLMechanism(new SASLGSSAPIMechanism());
}
}
if (localPref.isLoginAnonymously() && !localPref.isSSOEnabled()) {
// later login() is called without arguments
builder.performSaslAnonymousAuthentication();
}
// }
return builder.build();
}
Also used :
XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)
XmppStringprepException(org.jxmpp.stringprep.XmppStringprepException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManagementException(java.security.KeyManagementException)
ProxyInfo(org.jivesoftware.smack.proxy.ProxyInfo)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
DomainBareJid(org.jxmpp.jid.DomainBareJid)
DnsName(org.minidns.dnsname.DnsName)
SSLContext(javax.net.ssl.SSLContext)
KeyStoreException(java.security.KeyStoreException)
XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)
org.jivesoftware.spark.util(org.jivesoftware.spark.util)
java.util(java.util)
SASLGSSAPIv3CompatMechanism(org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism)
NoSuchProviderException(java.security.NoSuchProviderException)
InetAddress(java.net.InetAddress)
SASLExternalMechanism(org.jivesoftware.smack.sasl.javax.SASLExternalMechanism)
SASLGSSAPIMechanism(org.jivesoftware.smack.sasl.javax.SASLGSSAPIMechanism)
Example 2 with SASLGSSAPIv3CompatMechanism
use of org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism in project Spark by igniterealtime.
the class LoginUIPanel method retrieveConnectionConfiguration.
protected XMPPTCPConnectionConfiguration retrieveConnectionConfiguration() {
int port = localPref.getXmppPort();
int checkForPort = loginServer.indexOf(":");
if (checkForPort != -1) {
String portString = loginServer.substring(checkForPort + 1);
if (ModelUtil.hasLength(portString)) {
// Set new port.
port = Integer.valueOf(portString);
}
}
ConnectionConfiguration.SecurityMode securityMode = localPref.getSecurityMode();
boolean useOldSSL = localPref.isSSL();
boolean hostPortConfigured = localPref.isHostAndPortConfigured();
ProxyInfo proxyInfo = null;
if (localPref.isProxyEnabled()) {
ProxyInfo.ProxyType pType = localPref.getProtocol().equals("SOCKS") ? ProxyInfo.ProxyType.SOCKS5 : ProxyInfo.ProxyType.HTTP;
String pHost = ModelUtil.hasLength(localPref.getHost()) ? localPref.getHost() : null;
int pPort = ModelUtil.hasLength(localPref.getPort()) ? Integer.parseInt(localPref.getPort()) : 0;
String pUser = ModelUtil.hasLength(localPref.getProxyUsername()) ? localPref.getProxyUsername() : null;
String pPass = ModelUtil.hasLength(localPref.getProxyPassword()) ? localPref.getProxyPassword() : null;
if (pHost != null && pPort != 0) {
if (pUser == null || pPass == null) {
proxyInfo = new ProxyInfo(pType, pHost, pPort, null, null);
} else {
proxyInfo = new ProxyInfo(pType, pHost, pPort, pUser, pPass);
}
} else {
Log.error("No proxy info found but proxy type is enabled!");
}
}
DomainBareJid xmppDomain;
try {
xmppDomain = JidCreate.domainBareFrom(loginServer);
} catch (XmppStringprepException e) {
throw new IllegalStateException(e);
}
final XMPPTCPConnectionConfiguration.Builder builder = XMPPTCPConnectionConfiguration.builder().setUsernameAndPassword(loginUsername, loginPassword).setXmppDomain(xmppDomain).setPort(port).setSendPresence(false).setCompressionEnabled(localPref.isCompressionEnabled()).setSecurityMode(securityMode);
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && localPref.isDisableHostnameVerification()) {
TLSUtils.disableHostnameVerificationForTlsCertificates(builder);
}
if (localPref.isDebuggerEnabled()) {
builder.enableDefaultDebugger();
}
if (hostPortConfigured) {
builder.setHost(localPref.getXmppHost());
}
if (localPref.isProxyEnabled()) {
builder.setProxyInfo(proxyInfo);
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && !useOldSSL) {
// This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
// plain connections which is 5222.
SparkSSLContextCreator.Options options;
if (localPref.isAllowClientSideAuthentication()) {
options = SparkSSLContextCreator.Options.BOTH;
} else {
options = SparkSSLContextCreator.Options.ONLY_SERVER_SIDE;
}
try {
SSLContext context = SparkSSLContextCreator.setUpContext(options);
builder.setSslContextFactory(() -> {
return context;
});
builder.setSecurityMode(securityMode);
builder.setCustomX509TrustManager(new SparkTrustManager());
} catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | NoSuchProviderException e) {
Log.warning("Couldnt establish secured connection", e);
}
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && useOldSSL) {
if (!hostPortConfigured) {
// SMACK 4.1.9 does not support XEP-0368, and does not apply a port change, if the host is not changed too.
// Here, we force the host to be set (by doing a DNS lookup), and force the port to 5223 (which is the
// default 'old-style' SSL port).
DnsName serverNameDnsName = DnsName.from(loginServer);
java.util.List<InetAddress> resolvedAddresses = DNSUtil.getDNSResolver().lookupHostAddress(serverNameDnsName, null, DnssecMode.disabled);
if (resolvedAddresses.isEmpty()) {
throw new RuntimeException("Could not resolve " + serverNameDnsName);
}
builder.setHost(resolvedAddresses.get(0).getHostName());
builder.setPort(5223);
}
SparkSSLContextCreator.Options options;
if (localPref.isAllowClientSideAuthentication()) {
options = SparkSSLContextCreator.Options.BOTH;
} else {
options = SparkSSLContextCreator.Options.ONLY_SERVER_SIDE;
}
builder.setSocketFactory(new SparkSSLSocketFactory(options));
// SMACK 4.1.9 does not recognize an 'old-style' SSL socket as being secure, which will cause a failure when
// the 'required' Security Mode is defined. Here, we work around this by replacing that security mode with an
// 'if-possible' setting.
builder.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled) {
SASLAuthentication.registerSASLMechanism(new SASLExternalMechanism());
}
// SPARK-1747: Don't use the GSS-API SASL mechanism when SSO is disabled.
SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIMechanism.class.getName());
SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIv3CompatMechanism.class.getName());
// Add the mechanism only when SSO is enabled (which allows us to register the correct one).
if (localPref.isSSOEnabled()) {
// SPARK-1740: Register a mechanism that's compatible with Smack 3, when requested.
if (localPref.isSaslGssapiSmack3Compatible()) {
// SPARK-1747: Don't use the GSSAPI mechanism when SSO is disabled.
SASLAuthentication.registerSASLMechanism(new SASLGSSAPIv3CompatMechanism());
} else {
SASLAuthentication.registerSASLMechanism(new SASLGSSAPIMechanism());
}
}
if (localPref.isLoginAnonymously() && !localPref.isSSOEnabled()) {
// later login() is called without arguments
builder.performSaslAnonymousAuthentication();
}
// }
return builder.build();
}
Also used :
XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)
SparkSSLSocketFactory(org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory)
XmppStringprepException(org.jxmpp.stringprep.XmppStringprepException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SparkSSLContextCreator(org.jivesoftware.sparkimpl.certificates.SparkSSLContextCreator)
KeyManagementException(java.security.KeyManagementException)
ProxyInfo(org.jivesoftware.smack.proxy.ProxyInfo)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SparkTrustManager(org.jivesoftware.sparkimpl.certificates.SparkTrustManager)
DomainBareJid(org.jxmpp.jid.DomainBareJid)
DnsName(org.minidns.dnsname.DnsName)
SSLContext(javax.net.ssl.SSLContext)
KeyStoreException(java.security.KeyStoreException)
XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)
ConnectionConfiguration(org.jivesoftware.smack.ConnectionConfiguration)
SASLGSSAPIv3CompatMechanism(org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism)
NoSuchProviderException(java.security.NoSuchProviderException)
InetAddress(java.net.InetAddress)
SASLExternalMechanism(org.jivesoftware.smack.sasl.javax.SASLExternalMechanism)
SASLGSSAPIMechanism(org.jivesoftware.smack.sasl.javax.SASLGSSAPIMechanism)
Aggregations
InetAddress (java.net.InetAddress)2
KeyManagementException (java.security.KeyManagementException)2
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
NoSuchProviderException (java.security.NoSuchProviderException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
SSLContext (javax.net.ssl.SSLContext)2
ProxyInfo (org.jivesoftware.smack.proxy.ProxyInfo)2
SASLExternalMechanism (org.jivesoftware.smack.sasl.javax.SASLExternalMechanism)2
SASLGSSAPIMechanism (org.jivesoftware.smack.sasl.javax.SASLGSSAPIMechanism)2
XMPPTCPConnectionConfiguration (org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)2
SASLGSSAPIv3CompatMechanism (org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism)2
DomainBareJid (org.jxmpp.jid.DomainBareJid)2
XmppStringprepException (org.jxmpp.stringprep.XmppStringprepException)2
DnsName (org.minidns.dnsname.DnsName)2
java.util (java.util)1
ConnectionConfiguration (org.jivesoftware.smack.ConnectionConfiguration)1
org.jivesoftware.spark.util (org.jivesoftware.spark.util)1
SparkSSLContextCreator (org.jivesoftware.sparkimpl.certificates.SparkSSLContextCreator)1
SparkSSLSocketFactory (org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory)1
