Example 1 with SparkSSLSocketFactory
use of org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory in project Spark by igniterealtime.
the class LoginDialog method retrieveConnectionConfiguration.
protected XMPPTCPConnectionConfiguration retrieveConnectionConfiguration() {
int port = localPref.getXmppPort();
int checkForPort = loginServer.indexOf(":");
if (checkForPort != -1) {
String portString = loginServer.substring(checkForPort + 1);
if (ModelUtil.hasLength(portString)) {
// Set new port.
port = Integer.valueOf(portString);
}
}
ConnectionConfiguration.SecurityMode securityMode = localPref.getSecurityMode();
boolean useOldSSL = localPref.isSSL();
boolean hostPortConfigured = localPref.isHostAndPortConfigured();
ProxyInfo proxyInfo = null;
if (localPref.isProxyEnabled()) {
ProxyInfo.ProxyType pType = localPref.getProtocol().equals("SOCKS") ? ProxyInfo.ProxyType.SOCKS5 : ProxyInfo.ProxyType.HTTP;
String pHost = ModelUtil.hasLength(localPref.getHost()) ? localPref.getHost() : null;
int pPort = ModelUtil.hasLength(localPref.getPort()) ? Integer.parseInt(localPref.getPort()) : 0;
String pUser = ModelUtil.hasLength(localPref.getProxyUsername()) ? localPref.getProxyUsername() : null;
String pPass = ModelUtil.hasLength(localPref.getProxyPassword()) ? localPref.getProxyPassword() : null;
if (pHost != null && pPort != 0) {
if (pUser == null || pPass == null) {
proxyInfo = new ProxyInfo(pType, pHost, pPort, null, null);
} else {
proxyInfo = new ProxyInfo(pType, pHost, pPort, pUser, pPass);
}
} else {
Log.error("No proxy info found but proxy type is enabled!");
}
}
final XMPPTCPConnectionConfiguration.Builder builder = XMPPTCPConnectionConfiguration.builder().setUsernameAndPassword(loginUsername, loginPassword).setServiceName(loginServer).setPort(port).setSendPresence(false).setCompressionEnabled(localPref.isCompressionEnabled()).setSecurityMode(securityMode);
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && localPref.isDisableHostnameVerification()) {
TLSUtils.disableHostnameVerificationForTlsCertificicates(builder);
}
if (localPref.isDebuggerEnabled()) {
builder.setDebuggerEnabled(true);
}
if (hostPortConfigured) {
builder.setHost(localPref.getXmppHost());
}
if (localPref.isProxyEnabled()) {
builder.setProxyInfo(proxyInfo);
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && !useOldSSL) {
// This use STARTTLS which starts initially plain connection to upgrade it to TLS, it use the same port as
// plain connections which is 5222.
SparkSSLContext.Options options;
if (localPref.isAllowClientSideAuthentication()) {
options = SparkSSLContext.Options.BOTH;
} else {
options = SparkSSLContext.Options.ONLY_SERVER_SIDE;
}
try {
SSLContext context = SparkSSLContext.setUpContext(options);
builder.setCustomSSLContext(context);
builder.setSecurityMode(securityMode);
} catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | NoSuchProviderException e) {
Log.warning("Couldnt establish secured connection", e);
}
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && useOldSSL) {
if (!hostPortConfigured) {
// SMACK 4.1.9 does not support XEP-0368, and does not apply a port change, if the host is not changed too.
// Here, we force the host to be set (by doing a DNS lookup), and force the port to 5223 (which is the
// default 'old-style' SSL port).
builder.setHost(DNSUtil.resolveXMPPDomain(loginServer, null).get(0).getFQDN());
builder.setPort(5223);
}
SparkSSLContext.Options options;
if (localPref.isAllowClientSideAuthentication()) {
options = SparkSSLContext.Options.BOTH;
} else {
options = SparkSSLContext.Options.ONLY_SERVER_SIDE;
}
builder.setSocketFactory(new SparkSSLSocketFactory(options));
// SMACK 4.1.9 does not recognize an 'old-style' SSL socket as being secure, which will cause a failure when
// the 'required' Security Mode is defined. Here, we work around this by replacing that security mode with an
// 'if-possible' setting.
builder.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && localPref.isPKIEnabled()) {
SASLAuthentication.registerSASLMechanism(new SASLExternalMechanism());
builder.setKeystoreType(localPref.getPKIStore());
if (localPref.getPKIStore().equals("PKCS11")) {
builder.setPKCS11Library(localPref.getPKCS11Library());
} else if (localPref.getPKIStore().equals("JKS")) {
builder.setKeystoreType("JKS");
builder.setKeystorePath(localPref.getJKSPath());
} else if (localPref.getPKIStore().equals("X509")) {
// do something
} else if (localPref.getPKIStore().equals("Apple")) {
builder.setKeystoreType("Apple");
}
}
// SPARK-1747: Don't use the GSS-API SASL mechanism when SSO is disabled.
SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIMechanism.class.getName());
SASLAuthentication.unregisterSASLMechanism(SASLGSSAPIv3CompatMechanism.class.getName());
// Add the mechanism only when SSO is enabled (which allows us to register the correct one).
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && localPref.isSSOEnabled()) {
// SPARK-1740: Register a mechanism that's compatible with Smack 3, when requested.
if (localPref.isSaslGssapiSmack3Compatible()) {
// SPARK-1747: Don't use the GSSAPI mechanism when SSO is disabled.
SASLAuthentication.registerSASLMechanism(new SASLGSSAPIv3CompatMechanism());
} else {
SASLAuthentication.registerSASLMechanism(new SASLGSSAPIMechanism());
}
}
// }
return builder.build();
}
Also used :
XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)
SparkSSLSocketFactory(org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory)
SSLContext(javax.net.ssl.SSLContext)
SparkSSLContext(org.jivesoftware.sparkimpl.certificates.SparkSSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
SparkSSLContext(org.jivesoftware.sparkimpl.certificates.SparkSSLContext)
KeyManagementException(java.security.KeyManagementException)
ProxyInfo(org.jivesoftware.smack.proxy.ProxyInfo)
XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SASLGSSAPIv3CompatMechanism(org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism)
NoSuchProviderException(java.security.NoSuchProviderException)
SASLExternalMechanism(org.jivesoftware.smack.sasl.javax.SASLExternalMechanism)
SASLGSSAPIMechanism(org.jivesoftware.smack.sasl.javax.SASLGSSAPIMechanism)
Example 2 with SparkSSLSocketFactory
use of org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory in project Spark by igniterealtime.
the class AccountCreationWizard method getConnection.
/**
* Creates an XMPPConnection based on the users settings.
*
* @return the XMPPConnection created.
*/
private XMPPConnection getConnection() throws SmackException, IOException, XMPPException {
final LocalPreferences localPreferences = SettingsManager.getLocalPreferences();
int port = localPreferences.getXmppPort();
String serverName = getServer();
int checkForPort = serverName.indexOf(":");
if (checkForPort != -1) {
String portString = serverName.substring(checkForPort + 1);
if (ModelUtil.hasLength(portString)) {
// Set new port.
port = Integer.valueOf(portString);
}
}
ConnectionConfiguration.SecurityMode securityMode = localPreferences.getSecurityMode();
boolean useOldSSL = localPreferences.isSSL();
boolean hostPortConfigured = localPreferences.isHostAndPortConfigured();
final XMPPTCPConnectionConfiguration.Builder builder = XMPPTCPConnectionConfiguration.builder().setUsernameAndPassword("username", "password").setServiceName(serverName).setPort(port).setCompressionEnabled(localPreferences.isCompressionEnabled()).setSecurityMode(securityMode);
if (hostPortConfigured) {
builder.setHost(localPreferences.getXmppHost());
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && !useOldSSL) {
// plain connections which is 5222.
try {
SSLContext context = SparkSSLContext.setUpContext(SparkSSLContext.Options.ONLY_SERVER_SIDE);
builder.setCustomSSLContext(context);
builder.setSecurityMode(securityMode);
} catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | NoSuchProviderException e) {
Log.warning("Couldnt establish secured connection", e);
}
}
if (securityMode != ConnectionConfiguration.SecurityMode.disabled && useOldSSL) {
if (!hostPortConfigured) {
// SMACK 4.1.9 does not support XEP-0368, and does not apply a port change, if the host is not changed too.
// Here, we force the host to be set (by doing a DNS lookup), and force the port to 5223 (which is the
// default 'old-style' SSL port).
builder.setHost(DNSUtil.resolveXMPPDomain(serverName, null).get(0).getFQDN());
builder.setPort(5223);
}
builder.setSocketFactory(new SparkSSLSocketFactory(SparkSSLContext.Options.ONLY_SERVER_SIDE));
// SMACK 4.1.9 does not recognize an 'old-style' SSL socket as being secure, which will cause a failure when
// the 'required' Security Mode is defined. Here, we work around this by replacing that security mode with an
// 'if-possible' setting.
builder.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);
}
final XMPPTCPConnectionConfiguration configuration = builder.build();
final AbstractXMPPConnection connection = new XMPPTCPConnection(configuration);
connection.setParsingExceptionCallback(new ExceptionLoggingCallback());
connection.connect();
return connection;
}
Also used :
XMPPTCPConnection(org.jivesoftware.smack.tcp.XMPPTCPConnection)
XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)
SparkSSLSocketFactory(org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory)
SSLContext(javax.net.ssl.SSLContext)
SparkSSLContext(org.jivesoftware.sparkimpl.certificates.SparkSSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyManagementException(java.security.KeyManagementException)
XMPPTCPConnectionConfiguration(org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ExceptionLoggingCallback(org.jivesoftware.smack.parsing.ExceptionLoggingCallback)
LocalPreferences(org.jivesoftware.sparkimpl.settings.local.LocalPreferences)
NoSuchProviderException(java.security.NoSuchProviderException)
Aggregations
KeyManagementException (java.security.KeyManagementException)2
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
NoSuchProviderException (java.security.NoSuchProviderException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
SSLContext (javax.net.ssl.SSLContext)2
XMPPTCPConnectionConfiguration (org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration)2
SparkSSLContext (org.jivesoftware.sparkimpl.certificates.SparkSSLContext)2
SparkSSLSocketFactory (org.jivesoftware.sparkimpl.certificates.SparkSSLSocketFactory)2
ExceptionLoggingCallback (org.jivesoftware.smack.parsing.ExceptionLoggingCallback)1
ProxyInfo (org.jivesoftware.smack.proxy.ProxyInfo)1
SASLExternalMechanism (org.jivesoftware.smack.sasl.javax.SASLExternalMechanism)1
SASLGSSAPIMechanism (org.jivesoftware.smack.sasl.javax.SASLGSSAPIMechanism)1
XMPPTCPConnection (org.jivesoftware.smack.tcp.XMPPTCPConnection)1
SASLGSSAPIv3CompatMechanism (org.jivesoftware.spark.sasl.SASLGSSAPIv3CompatMechanism)1
LocalPreferences (org.jivesoftware.sparkimpl.settings.local.LocalPreferences)1
