Search in sources :

Example 1 with SASLGSSAPIv3CompatMechanism

use of org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism in project Spark by igniterealtime.

the class LoginDialog method retrieveConnectionConfiguration.

protected XMPPTCPConnectionConfiguration retrieveConnectionConfiguration() {
    int port = localPref.getXmppPort();
    int checkForPort = loginServer.indexOf(":");
    if (checkForPort != -1) {
        String portString = loginServer.substring(checkForPort + 1);
        if (ModelUtil.hasLength(portString)) {
            // Set new port.
            port = Integer.parseInt(portString);
        }
    }
    ConnectionConfiguration.SecurityMode securityMode = localPref.getSecurityMode();
    boolean useOldSSL = localPref.isSSL();
    boolean hostPortConfigured = localPref.isHostAndPortConfigured();
    ProxyInfo proxyInfo = null;
    if (localPref.isProxyEnabled()) {
        ProxyInfo.ProxyType pType = localPref.getProtocol().equals("SOCKS") ? ProxyInfo.ProxyType.SOCKS5 : ProxyInfo.ProxyType.HTTP;
        String pHost = ModelUtil.hasLength(localPref.getHost()) ? localPref.getHost() : null;
        int pPort = ModelUtil.hasLength(localPref.getPort()) ? Integer.parseInt(localPref.getPort()) : 0;
        String pUser = ModelUtil.hasLength(localPref.getProxyUsername()) ? localPref.getProxyUsername() : null;
        String pPass = ModelUtil.hasLength(localPref.getProxyPassword()) ? localPref.getProxyPassword() : null;
        if (pHost != null && pPort != 0) {
            if (pUser == null || pPass == null) {
                proxyInfo = new ProxyInfo(pType, pHost, pPort, null, null);
            } else {
                proxyInfo = new ProxyInfo(pType, pHost, pPort, pUser, pPass);
            }
        } else {
            Log.error("No proxy info found but proxy type is enabled!");
        }
    }
    DomainBareJid xmppDomain;
    try {
        xmppDomain = JidCreate.domainBareFrom(loginServer);
    } catch (XmppStringprepException e) {
        throw new IllegalStateException(e);
    }
    final XMPPTCPConnectionConfiguration.Builder builder = XMPPTCPConnectionConfiguration.builder().setUsernameAndPassword(loginUsername, loginPassword).setXmppDomain(xmppDomain).setPort(port).setSendPresence(false).setCompressionEnabled(localPref.isCompressionEnabled()).setSecurityMode(securityMode);
    if (securityMode != ConnectionConfiguration.SecurityMode.disabled && localPref.isDisableHostnameVerification()) {
        TLSUtils.disableHostnameVerificationForTlsCertificates(builder);
    }
    if (localPref.isDebuggerEnabled()) {
        builder.enableDefaultDebugger();
    }
    if (hostPortConfigured) {
        builder.setHost(localPref.getXmppHost());
    }
    if (localPref.isProxyEnabled()) {
        builder.setProxyInfo(proxyInfo);
    }
    if (securityMode != ConnectionConfiguration.SecurityMode.disabled && !useOldSSL) {
        // This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
        // plain connections which is 5222.
        SparkSSLContextCreator.Options options;
        if (localPref.isAllowClientSideAuthentication()) {
            options = SparkSSLContextCreator.Options.BOTH;
        } else {
            options = SparkSSLContextCreator.Options.ONLY_SERVER_SIDE;
        }
        try {
            SSLContext context = SparkSSLContextCreator.setUpContext(options);
            builder.setSslContextFactory(() -> {
                return context;
            });
            builder.setSecurityMode(securityMode);
            builder.setCustomX509TrustManager(new SparkTrustManager());
        } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | NoSuchProviderException e) {
            Log.warning("Couldnt establish secured connection", e);
        }
    }
    if (securityMode != ConnectionConfiguration.SecurityMode.disabled && useOldSSL) {
        if (!hostPortConfigured) {
            // SMACK 4.1.9 does not support XEP-0368, and does not apply a port change, if the host is not changed too.
            // Here, we force the host to be set (by doing a DNS lookup), and force the port to 5223 (which is the
            // default 'old-style' SSL port).
            DnsName serverNameDnsName = DnsName.from(loginServer);
            java.util.List<InetAddress> resolvedAddresses = DNSUtil.getDNSResolver().lookupHostAddress(serverNameDnsName, null, DnssecMode.disabled);
            if (resolvedAddresses.isEmpty()) {
                throw new RuntimeException("Could not resolve " + serverNameDnsName);
            }
            builder.setHost(resolvedAddresses.get(0).getHostName());
            builder.setPort(5223);
        }
        SparkSSLContextCreator.Options options;
        if (localPref.isAllowClientSideAuthentication()) {
            options = SparkSSLContextCreator.Options.BOTH;
        } else {
            options = SparkSSLContextCreator.Options.ONLY_SERVER_SIDE;
        }
        builder.setSocketFactory(new SparkSSLSocketFactory(options));
        // SMACK 4.1.9  does not recognize an 'old-style' SSL socket as being secure, which will cause a failure when
        // the 'required' Security Mode is defined. Here, we work around this by replacing that security mode with an
        // 'if-possible' setting.
        builder.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);
    }
    if (securityMode != ConnectionConfiguration.SecurityMode.disabled) {
        SASLAuthentication.registerSASLMechanism(new SASLExternalMechanism());
    }
    // SPARK-1747: Don't use the GSS-API SASL mechanism when SSO is disabled.
    SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIMechanism.class.getName());
    SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIv3CompatMechanism.class.getName());
    // Add the mechanism only when SSO is enabled (which allows us to register the correct one).
    if (localPref.isSSOEnabled()) {
        // SPARK-1740: Register a mechanism that's compatible with Smack 3, when requested.
        if (localPref.isSaslGssapiSmack3Compatible()) {
            // SPARK-1747: Don't use the GSSAPI mechanism when SSO is disabled.
            SASLAuthentication.registerSASLMechanism(new SASLGSSAPIv3CompatMechanism());
        } else {
            SASLAuthentication.registerSASLMechanism(new SASLGSSAPIMechanism());
        }
    }
    if (localPref.isLoginAnonymously() && !localPref.isSSOEnabled()) {
        // later login() is called without arguments
        builder.performSaslAnonymousAuthentication();
    }
    // }
    return builder.build();
}
Also used : XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration) XmppStringprepException(org.jxmpp.stringprep.XmppStringprepException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyManagementException(java.security.KeyManagementException) ProxyInfo(org.jivesoftware.smack.proxy.ProxyInfo) UnrecoverableKeyException(java.security.UnrecoverableKeyException) DomainBareJid(org.jxmpp.jid.DomainBareJid) DnsName(org.minidns.dnsname.DnsName) SSLContext(javax.net.ssl.SSLContext) KeyStoreException(java.security.KeyStoreException) XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration) org.jivesoftware.spark.util(org.jivesoftware.spark.util) java.util(java.util) SASLGSSAPIv3CompatMechanism(org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism) NoSuchProviderException(java.security.NoSuchProviderException) InetAddress(java.net.InetAddress) SASLExternalMechanism(org.jivesoftware.smack.sasl.javax.SASLExternalMechanism) SASLGSSAPIMechanism(org.jivesoftware.smack.sasl.javax.SASLGSSAPIMechanism)

Example 2 with SASLGSSAPIv3CompatMechanism

use of org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism in project Spark by igniterealtime.

the class LoginUIPanel method retrieveConnectionConfiguration.

protected XMPPTCPConnectionConfiguration retrieveConnectionConfiguration() {
    int port = localPref.getXmppPort();
    int checkForPort = loginServer.indexOf(":");
    if (checkForPort != -1) {
        String portString = loginServer.substring(checkForPort + 1);
        if (ModelUtil.hasLength(portString)) {
            // Set new port.
            port = Integer.valueOf(portString);
        }
    }
    ConnectionConfiguration.SecurityMode securityMode = localPref.getSecurityMode();
    boolean useOldSSL = localPref.isSSL();
    boolean hostPortConfigured = localPref.isHostAndPortConfigured();
    ProxyInfo proxyInfo = null;
    if (localPref.isProxyEnabled()) {
        ProxyInfo.ProxyType pType = localPref.getProtocol().equals("SOCKS") ? ProxyInfo.ProxyType.SOCKS5 : ProxyInfo.ProxyType.HTTP;
        String pHost = ModelUtil.hasLength(localPref.getHost()) ? localPref.getHost() : null;
        int pPort = ModelUtil.hasLength(localPref.getPort()) ? Integer.parseInt(localPref.getPort()) : 0;
        String pUser = ModelUtil.hasLength(localPref.getProxyUsername()) ? localPref.getProxyUsername() : null;
        String pPass = ModelUtil.hasLength(localPref.getProxyPassword()) ? localPref.getProxyPassword() : null;
        if (pHost != null && pPort != 0) {
            if (pUser == null || pPass == null) {
                proxyInfo = new ProxyInfo(pType, pHost, pPort, null, null);
            } else {
                proxyInfo = new ProxyInfo(pType, pHost, pPort, pUser, pPass);
            }
        } else {
            Log.error("No proxy info found but proxy type is enabled!");
        }
    }
    DomainBareJid xmppDomain;
    try {
        xmppDomain = JidCreate.domainBareFrom(loginServer);
    } catch (XmppStringprepException e) {
        throw new IllegalStateException(e);
    }
    final XMPPTCPConnectionConfiguration.Builder builder = XMPPTCPConnectionConfiguration.builder().setUsernameAndPassword(loginUsername, loginPassword).setXmppDomain(xmppDomain).setPort(port).setSendPresence(false).setCompressionEnabled(localPref.isCompressionEnabled()).setSecurityMode(securityMode);
    if (securityMode != ConnectionConfiguration.SecurityMode.disabled && localPref.isDisableHostnameVerification()) {
        TLSUtils.disableHostnameVerificationForTlsCertificates(builder);
    }
    if (localPref.isDebuggerEnabled()) {
        builder.enableDefaultDebugger();
    }
    if (hostPortConfigured) {
        builder.setHost(localPref.getXmppHost());
    }
    if (localPref.isProxyEnabled()) {
        builder.setProxyInfo(proxyInfo);
    }
    if (securityMode != ConnectionConfiguration.SecurityMode.disabled && !useOldSSL) {
        // This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
        // plain connections which is 5222.
        SparkSSLContextCreator.Options options;
        if (localPref.isAllowClientSideAuthentication()) {
            options = SparkSSLContextCreator.Options.BOTH;
        } else {
            options = SparkSSLContextCreator.Options.ONLY_SERVER_SIDE;
        }
        try {
            SSLContext context = SparkSSLContextCreator.setUpContext(options);
            builder.setSslContextFactory(() -> {
                return context;
            });
            builder.setSecurityMode(securityMode);
            builder.setCustomX509TrustManager(new SparkTrustManager());
        } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | NoSuchProviderException e) {
            Log.warning("Couldnt establish secured connection", e);
        }
    }
    if (securityMode != ConnectionConfiguration.SecurityMode.disabled && useOldSSL) {
        if (!hostPortConfigured) {
            // SMACK 4.1.9 does not support XEP-0368, and does not apply a port change, if the host is not changed too.
            // Here, we force the host to be set (by doing a DNS lookup), and force the port to 5223 (which is the
            // default 'old-style' SSL port).
            DnsName serverNameDnsName = DnsName.from(loginServer);
            java.util.List<InetAddress> resolvedAddresses = DNSUtil.getDNSResolver().lookupHostAddress(serverNameDnsName, null, DnssecMode.disabled);
            if (resolvedAddresses.isEmpty()) {
                throw new RuntimeException("Could not resolve " + serverNameDnsName);
            }
            builder.setHost(resolvedAddresses.get(0).getHostName());
            builder.setPort(5223);
        }
        SparkSSLContextCreator.Options options;
        if (localPref.isAllowClientSideAuthentication()) {
            options = SparkSSLContextCreator.Options.BOTH;
        } else {
            options = SparkSSLContextCreator.Options.ONLY_SERVER_SIDE;
        }
        builder.setSocketFactory(new SparkSSLSocketFactory(options));
        // SMACK 4.1.9  does not recognize an 'old-style' SSL socket as being secure, which will cause a failure when
        // the 'required' Security Mode is defined. Here, we work around this by replacing that security mode with an
        // 'if-possible' setting.
        builder.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);
    }
    if (securityMode != ConnectionConfiguration.SecurityMode.disabled) {
        SASLAuthentication.registerSASLMechanism(new SASLExternalMechanism());
    }
    // SPARK-1747: Don't use the GSS-API SASL mechanism when SSO is disabled.
    SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIMechanism.class.getName());
    SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIv3CompatMechanism.class.getName());
    // Add the mechanism only when SSO is enabled (which allows us to register the correct one).
    if (localPref.isSSOEnabled()) {
        // SPARK-1740: Register a mechanism that's compatible with Smack 3, when requested.
        if (localPref.isSaslGssapiSmack3Compatible()) {
            // SPARK-1747: Don't use the GSSAPI mechanism when SSO is disabled.
            SASLAuthentication.registerSASLMechanism(new SASLGSSAPIv3CompatMechanism());
        } else {
            SASLAuthentication.registerSASLMechanism(new SASLGSSAPIMechanism());
        }
    }
    if (localPref.isLoginAnonymously() && !localPref.isSSOEnabled()) {
        // later login() is called without arguments
        builder.performSaslAnonymousAuthentication();
    }
    // }
    return builder.build();
}
Also used : XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration) SparkSSLSocketFactory(org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory) XmppStringprepException(org.jxmpp.stringprep.XmppStringprepException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SparkSSLContextCreator(org.jivesoftware.sparkimpl.certificates.SparkSSLContextCreator) KeyManagementException(java.security.KeyManagementException) ProxyInfo(org.jivesoftware.smack.proxy.ProxyInfo) UnrecoverableKeyException(java.security.UnrecoverableKeyException) SparkTrustManager(org.jivesoftware.sparkimpl.certificates.SparkTrustManager) DomainBareJid(org.jxmpp.jid.DomainBareJid) DnsName(org.minidns.dnsname.DnsName) SSLContext(javax.net.ssl.SSLContext) KeyStoreException(java.security.KeyStoreException) XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration) ConnectionConfiguration(org.jivesoftware.smack.ConnectionConfiguration) SASLGSSAPIv3CompatMechanism(org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism) NoSuchProviderException(java.security.NoSuchProviderException) InetAddress(java.net.InetAddress) SASLExternalMechanism(org.jivesoftware.smack.sasl.javax.SASLExternalMechanism) SASLGSSAPIMechanism(org.jivesoftware.smack.sasl.javax.SASLGSSAPIMechanism)

Aggregations

InetAddress (java.net.InetAddress)2 KeyManagementException (java.security.KeyManagementException)2 KeyStoreException (java.security.KeyStoreException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 NoSuchProviderException (java.security.NoSuchProviderException)2 UnrecoverableKeyException (java.security.UnrecoverableKeyException)2 SSLContext (javax.net.ssl.SSLContext)2 ProxyInfo (org.jivesoftware.smack.proxy.ProxyInfo)2 SASLExternalMechanism (org.jivesoftware.smack.sasl.javax.SASLExternalMechanism)2 SASLGSSAPIMechanism (org.jivesoftware.smack.sasl.javax.SASLGSSAPIMechanism)2 XMPPTCPConnectionConfiguration (org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)2 SASLGSSAPIv3CompatMechanism (org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism)2 DomainBareJid (org.jxmpp.jid.DomainBareJid)2 XmppStringprepException (org.jxmpp.stringprep.XmppStringprepException)2 DnsName (org.minidns.dnsname.DnsName)2 java.util (java.util)1 ConnectionConfiguration (org.jivesoftware.smack.ConnectionConfiguration)1 org.jivesoftware.spark.util (org.jivesoftware.spark.util)1 SparkSSLContextCreator (org.jivesoftware.sparkimpl.certificates.SparkSSLContextCreator)1 SparkSSLSocketFactory (org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory)1