org.jivesoftware.openfire.XMPPServerInfo Java Examples

The following examples show how to use org.jivesoftware.openfire.XMPPServerInfo. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: OF1515.java    From Openfire with Apache License 2.0 6 votes vote down vote up
/**
 * Transforms XML data storage records into Pubsub node records
 *
 * @param oldRecords The records to transform (cannot be null)
 * @return Transformed records (never null, can be empty).
 */
private static List<PubsubRecordData> transform( List<PrivateXmlRecord> oldRecords )
{
    Log.info( "Transforming all data from Private XML Storage into Pubsub entities." );
    String domain;
    try
    {
        domain = JiveGlobals.getProperty(XMPPServerInfo.XMPP_DOMAIN.getKey(), JiveGlobals.getXMLProperty( "fqdn", InetAddress.getLocalHost().getCanonicalHostName() ) ).toLowerCase();
    }
    catch ( UnknownHostException e )
    {
        domain = "localhost";
    }
    final List<PubsubRecordData> result = new ArrayList<>();
    for ( final PrivateXmlRecord oldRecord : oldRecords )
    {
        final PubsubRecordData newRecord = new PubsubRecordData( oldRecord.username + '@' + domain, oldRecord.namespace, oldRecord.privateData );
        result.add( newRecord );
    }

    return result;
}
 
Example #2
Source File: JDBCAdminProvider.java    From Openfire with Apache License 2.0 5 votes vote down vote up
/**
 * Constructs a new JDBC admin provider.
 */
public JDBCAdminProvider() {
    // Convert XML based provider setup to Database based
    JiveGlobals.migrateProperty("jdbcProvider.driver");
    JiveGlobals.migrateProperty("jdbcProvider.connectionString");
    JiveGlobals.migrateProperty("jdbcAdminProvider.getAdminsSQL");

    xmppDomain = XMPPServerInfo.XMPP_DOMAIN.getValue();
    useConnectionProvider = JiveGlobals.getBooleanProperty("jdbcAdminProvider.useConnectionProvider");

    // Load database statement for reading admin list
    getAdminsSQL = JiveGlobals.getProperty("jdbcAdminProvider.getAdminsSQL");
    insertAdminsSQL = JiveGlobals.getProperty("jdbcAdminProvider.insertAdminsSQL", "");
    deleteAdminsSQL = JiveGlobals.getProperty("jdbcAdminProvider.deleteAdminsSQL", "");

    // Load the JDBC driver and connection string
    if (!useConnectionProvider) {
        String jdbcDriver = JiveGlobals.getProperty("jdbcProvider.driver");
        try {
            Class.forName(jdbcDriver).newInstance();
        } catch (Exception e) {
            Log.error("Unable to load JDBC driver: " + jdbcDriver, e);
            return;
        }
        connectionString = JiveGlobals.getProperty("jdbcProvider.connectionString");
    }
}
 
Example #3
Source File: DefaultAuthorizationMapping.java    From Openfire with Apache License 2.0 5 votes vote down vote up
/**
 * Returns true if the principal is explicity authorized to the JID
 *
 * @param principal The autheticated principal requesting authorization.
 * @return The name of the default username to use.
 */
@Override
public String map(String principal) {
    if(principal.contains("@")) {
        String realm = principal.substring(principal.lastIndexOf('@')+1);
        String username = principal.substring(0,principal.lastIndexOf('@'));

        if(realm.length() > 0) {
            if(realm.equals(XMPPServerInfo.XMPP_DOMAIN.getValue())) {
                Log.debug("DefaultAuthorizationMapping: realm = " + XMPPServerInfo.XMPP_DOMAIN.getKey());
                return username;
            } else if(realm.equals(JiveGlobals.getProperty("sasl.realm"))) {
                Log.debug("DefaultAuthorizationMapping: ream = sasl.realm");
                return username;
            } else {
                for(String approvedRealm : approvedRealms) {
                    if(realm.equals(approvedRealm)) {
                        Log.debug("DefaultAuthorizationMapping: realm ("+realm+") = "+approvedRealm+" which is approved");
                        return username;
                    } else {
                        Log.debug("DefaultAuthorizationPolicy: realm ("+realm+") != "+approvedRealm+" which is approved");
                    }
                }
            }
            Log.debug("DefaultAuthorizationMapping: No approved mappings found.");
            return principal;
        } else {
            Log.debug("DefaultAuthorizationMapping: Realm has no length");
        }
    } else {
        Log.debug("DefaultAuthorizationMapping: No realm found");
    }
    return principal;
}
 
Example #4
Source File: DefaultAuthorizationPolicy.java    From Openfire with Apache License 2.0 4 votes vote down vote up
/**
 * Returns true if the principal is explicitly authorized to the JID
 *
 * @param username  The username requested.
 * @param authenID The authenticated ID (principal) requesting the username.
 * @return true if the authenticated ID is authorized to the requested user.
 */
@Override
public boolean authorize(String username, String authenID) {
    boolean authorized = false;

    String userUser = username; //I know, I know, dumb variable name...
    String userRealm = null;
 
    String authenUser = authenID;
    String authenRealm = null;

    if(username.contains("@")) {
        userUser = username.substring(0,username.lastIndexOf("@"));
        userRealm = username.substring((username.lastIndexOf("@")+1)); 
    }
    if(authenID.contains("@")){
        authenUser = authenID.substring(0,(authenID.lastIndexOf("@")));
        authenRealm = authenID.substring((authenID.lastIndexOf("@")+1));
    }

    if (!proxyAuth || !AdminManager.getInstance().isUserAdmin(authenUser, true)) {
        if(!userUser.equals(authenUser)) {
            //for this policy the user portion of both must match, so lets short circut here if we can
            if(JiveGlobals.getBooleanProperty("xmpp.auth.ignorecase",true)) {
                if(!userUser.toLowerCase().equals(authenUser.toLowerCase())){
                    if (Log.isDebugEnabled()) {
                        Log.debug("DefaultAuthorizationPolicy: usernames don't match ("+userUser+" "+authenUser+")");
                    }
                    return false;
                }
            } else {
                Log.debug("DefaultAuthorizationPolicy: usernames don't match ("+userUser+" "+authenUser+")");
                return false;
            }
        }
    }
    Log.debug("DefaultAuthorizationPolicy: Checking authenID realm");
    // Next up, check if the authenID realm is acceptable. 
    if(authenRealm != null) {
        if(authenRealm.equals(XMPPServerInfo.XMPP_DOMAIN.getValue()))  {
            Log.debug("DefaultAuthorizationPolicy: authenRealm = " + XMPPServerInfo.XMPP_DOMAIN.getKey());
            authorized = true;
        } else if(authenRealm.equals(JiveGlobals.getProperty("sasl.realm")))  {
            Log.debug("DefaultAuthorizationPolicy: authenRealm = sasl.realm");
            authorized = true;
        } else { 
            for(String realm : approvedRealms) {
                if(authenRealm.equals(realm)) {
                    if (Log.isDebugEnabled()) {
                        Log.debug("DefaultAuthorizationPolicy: authenRealm = "+realm+" which is approved");
                    }
                    authorized = true;
                } else {
                    if (Log.isDebugEnabled()) {
                        Log.debug("DefaultAuthorizationPolicy: authenRealm != "+realm+" which is approved");
                    }
                }
            }
        }
    } else {
        //no realm in the authenID
        authorized = true;
    }

    if(!authorized) {
        return false;
    }  else {
        //reset for next round of tests
        authorized = false;
    }
    //Next up, check if the username realm is acceptable.
    if(userRealm != null) {
        if(userRealm.equals(XMPPServerInfo.XMPP_DOMAIN.getValue())) {
            Log.debug("DefaultAuthorizationPolicy: userRealm = " + XMPPServerInfo.XMPP_DOMAIN.getKey());
            authorized = true;
        } else {
            if(authenRealm != null && authenRealm.equals(userRealm)) {
                //authen and username are identical
                if (Log.isDebugEnabled()) {
                    Log.debug("DefaultAuthorizationPolicy: userRealm = "+authenRealm+" which is approved");
                }
                authorized = true;
            }
        }
    } else {
        authorized = true;
    }

    //no more checks
    return authorized;
}
 
Example #5
Source File: IdentityStore.java    From Openfire with Apache License 2.0 4 votes vote down vote up
/**
 * Populates the key store with a self-signed certificate for the domain of this XMPP service.
 *
 * If the 'algorithm' parameter is used, then this method will evaluate only certificates that match that
 * certificate.
 *
 * @param algorithm An optional algorithm constraint (eg: "RSA"). Can be null, cannot be empty.
 * @deprecated Unused as of Openfire 4.3.0. Use 'addSelfSignedDomainCertificate' instead. See OF-1599.
 * @throws CertificateStoreConfigException if a self-signed certificate could not be created
 */
@Deprecated
public synchronized void addSelfSignedDomainCertificate( String algorithm ) throws CertificateStoreConfigException
{
    if ( algorithm != null && algorithm.isEmpty() )
    {
        throw new IllegalArgumentException( "Argument 'algorithm' cannot be empty (but is allowed to be null)." );
    }

    final int keySize;
    final String signAlgorithm;

    if ( algorithm == null ) {
        algorithm = JiveGlobals.getProperty( "cert.algorithm", "RSA" );
    }
    switch ( algorithm.toUpperCase() )
    {
        case "RSA":
            keySize = JiveGlobals.getIntProperty( "cert.rsa.keysize", 2048 );
            signAlgorithm = JiveGlobals.getProperty( "cert.rsa.algorithm", "SHA256WITHRSAENCRYPTION" );
            break;

        case "DSA":
            keySize = JiveGlobals.getIntProperty( "cert.dsa.keysize", 1024 );
            signAlgorithm = JiveGlobals.getProperty( "cert.dsa.algorithm", "SHA256withDSA" );
            break;

        default:
            throw new IllegalArgumentException( "Unsupported algorithm '" + algorithm + "'. Use 'RSA' or 'DSA'." );
    }

    final String name = XMPPServerInfo.XMPP_DOMAIN.getValue().toLowerCase();
    final String alias = name + "_" + algorithm.toLowerCase();
    final int validityInDays = JiveGlobals.getIntProperty( "cert.validity-days", 5*365 );
    Set<String> sanDnsNames = CertificateManager.determineSubjectAlternateNameDnsNameValues();

    // OF-1605: Check if a wildcard entry is to be used to represent/replace any subdomains of the XMPP domain name.
    final boolean useWildcard = JiveGlobals.getBooleanProperty( "cert.wildcard", true );
    if ( useWildcard )
    {
        final String wildcard = "*." + XMPPServer.getInstance().getServerInfo().getXMPPDomain();

        // Remove any names that match the wildcard.
        sanDnsNames = sanDnsNames.stream()
            .filter( sanDnsName -> !DNSUtil.isNameCoveredByPattern( sanDnsName, wildcard )  )
            .collect( Collectors.toSet() );

        // Add the domain and wildcard entries.
        sanDnsNames.add( XMPPServer.getInstance().getServerInfo().getXMPPDomain() );
        sanDnsNames.add( wildcard );
    }

    Log.info( "Generating a new private key and corresponding self-signed certificate for domain name '{}', using the {} algorithm (sign-algorithm: {} with a key size of {} bits). Certificate will be valid for {} days.", name, algorithm, signAlgorithm, keySize, validityInDays );
    // Generate public and private keys
    try
    {
        final KeyPair keyPair = generateKeyPair( algorithm.toUpperCase(), keySize );

        // Create X509 certificate with keys and specified domain
        final X509Certificate cert = CertificateManager.createX509V3Certificate( keyPair, validityInDays, name, name, name, signAlgorithm, sanDnsNames );

        // Store new certificate and private key in the key store
        store.setKeyEntry( alias, keyPair.getPrivate(), configuration.getPassword(), new X509Certificate[]{cert} );

        // Persist the changes in the store to disk.
        persist();
    }
    catch ( CertificateStoreConfigException | IOException | GeneralSecurityException ex )
    {
        reload(); // reset state of the store.
        throw new CertificateStoreConfigException( "Unable to generate new self-signed " + algorithm + " certificate.", ex );
    }

    // TODO Notify listeners that a new certificate has been created
}
 
Example #6
Source File: WebManager.java    From Openfire with Apache License 2.0 4 votes vote down vote up
public XMPPServerInfo getServerInfo() {
    return getXMPPServer().getServerInfo();
}
 
Example #7
Source File: Fixtures.java    From Openfire with Apache License 2.0 4 votes vote down vote up
public static XMPPServerInfo mockXMPPServerInfo() {
    final XMPPServerInfo xmppServerInfo = mock(XMPPServerInfo.class, withSettings().lenient());
    doReturn(XMPP_DOMAIN).when(xmppServerInfo).getXMPPDomain();
    return xmppServerInfo;
}
 
Example #8
Source File: AuthToken.java    From Openfire with Apache License 2.0 2 votes vote down vote up
/**
 * Returns the domain associated with this AuthToken.
 *
 * @return the domain associated with this AuthToken.
 * @deprecated As Openfire serves only one domain, there's no need for a domain-specific token. Use {@link XMPPServerInfo#getXMPPDomain()} instead.
 */
@Deprecated
public String getDomain() {
    return XMPPServerInfo.XMPP_DOMAIN.getValue();
}