org.jivesoftware.openfire.XMPPServerInfo Java Examples
The following examples show how to use
Example #1
Source File: From Openfire with Apache License 2.0 | 6 votes |
* Transforms XML data storage records into Pubsub node records
* @param oldRecords The records to transform (cannot be null)
* @return Transformed records (never null, can be empty).
private static List<PubsubRecordData> transform( List<PrivateXmlRecord> oldRecords )
{ "Transforming all data from Private XML Storage into Pubsub entities." );
String domain;
domain = JiveGlobals.getProperty(XMPPServerInfo.XMPP_DOMAIN.getKey(), JiveGlobals.getXMLProperty( "fqdn", InetAddress.getLocalHost().getCanonicalHostName() ) ).toLowerCase();
catch ( UnknownHostException e )
domain = "localhost";
final List<PubsubRecordData> result = new ArrayList<>();
for ( final PrivateXmlRecord oldRecord : oldRecords )
final PubsubRecordData newRecord = new PubsubRecordData( oldRecord.username + '@' + domain, oldRecord.namespace, oldRecord.privateData );
result.add( newRecord );
return result;
Example #2
Source File: From Openfire with Apache License 2.0 | 5 votes |
* Constructs a new JDBC admin provider.
public JDBCAdminProvider() {
// Convert XML based provider setup to Database based
xmppDomain = XMPPServerInfo.XMPP_DOMAIN.getValue();
useConnectionProvider = JiveGlobals.getBooleanProperty("jdbcAdminProvider.useConnectionProvider");
// Load database statement for reading admin list
getAdminsSQL = JiveGlobals.getProperty("jdbcAdminProvider.getAdminsSQL");
insertAdminsSQL = JiveGlobals.getProperty("jdbcAdminProvider.insertAdminsSQL", "");
deleteAdminsSQL = JiveGlobals.getProperty("jdbcAdminProvider.deleteAdminsSQL", "");
// Load the JDBC driver and connection string
if (!useConnectionProvider) {
String jdbcDriver = JiveGlobals.getProperty("jdbcProvider.driver");
try {
} catch (Exception e) {
Log.error("Unable to load JDBC driver: " + jdbcDriver, e);
connectionString = JiveGlobals.getProperty("jdbcProvider.connectionString");
Example #3
Source File: From Openfire with Apache License 2.0 | 5 votes |
/** * Returns true if the principal is explicity authorized to the JID * * @param principal The autheticated principal requesting authorization. * @return The name of the default username to use. */ @Override public String map(String principal) { if(principal.contains("@")) { String realm = principal.substring(principal.lastIndexOf('@')+1); String username = principal.substring(0,principal.lastIndexOf('@')); if(realm.length() > 0) { if(realm.equals(XMPPServerInfo.XMPP_DOMAIN.getValue())) { Log.debug("DefaultAuthorizationMapping: realm = " + XMPPServerInfo.XMPP_DOMAIN.getKey()); return username; } else if(realm.equals(JiveGlobals.getProperty("sasl.realm"))) { Log.debug("DefaultAuthorizationMapping: ream = sasl.realm"); return username; } else { for(String approvedRealm : approvedRealms) { if(realm.equals(approvedRealm)) { Log.debug("DefaultAuthorizationMapping: realm ("+realm+") = "+approvedRealm+" which is approved"); return username; } else { Log.debug("DefaultAuthorizationPolicy: realm ("+realm+") != "+approvedRealm+" which is approved"); } } } Log.debug("DefaultAuthorizationMapping: No approved mappings found."); return principal; } else { Log.debug("DefaultAuthorizationMapping: Realm has no length"); } } else { Log.debug("DefaultAuthorizationMapping: No realm found"); } return principal; }
Example #4
Source File: From Openfire with Apache License 2.0 | 4 votes |
/** * Returns true if the principal is explicitly authorized to the JID * * @param username The username requested. * @param authenID The authenticated ID (principal) requesting the username. * @return true if the authenticated ID is authorized to the requested user. */ @Override public boolean authorize(String username, String authenID) { boolean authorized = false; String userUser = username; //I know, I know, dumb variable name... String userRealm = null; String authenUser = authenID; String authenRealm = null; if(username.contains("@")) { userUser = username.substring(0,username.lastIndexOf("@")); userRealm = username.substring((username.lastIndexOf("@")+1)); } if(authenID.contains("@")){ authenUser = authenID.substring(0,(authenID.lastIndexOf("@"))); authenRealm = authenID.substring((authenID.lastIndexOf("@")+1)); } if (!proxyAuth || !AdminManager.getInstance().isUserAdmin(authenUser, true)) { if(!userUser.equals(authenUser)) { //for this policy the user portion of both must match, so lets short circut here if we can if(JiveGlobals.getBooleanProperty("xmpp.auth.ignorecase",true)) { if(!userUser.toLowerCase().equals(authenUser.toLowerCase())){ if (Log.isDebugEnabled()) { Log.debug("DefaultAuthorizationPolicy: usernames don't match ("+userUser+" "+authenUser+")"); } return false; } } else { Log.debug("DefaultAuthorizationPolicy: usernames don't match ("+userUser+" "+authenUser+")"); return false; } } } Log.debug("DefaultAuthorizationPolicy: Checking authenID realm"); // Next up, check if the authenID realm is acceptable. if(authenRealm != null) { if(authenRealm.equals(XMPPServerInfo.XMPP_DOMAIN.getValue())) { Log.debug("DefaultAuthorizationPolicy: authenRealm = " + XMPPServerInfo.XMPP_DOMAIN.getKey()); authorized = true; } else if(authenRealm.equals(JiveGlobals.getProperty("sasl.realm"))) { Log.debug("DefaultAuthorizationPolicy: authenRealm = sasl.realm"); authorized = true; } else { for(String realm : approvedRealms) { if(authenRealm.equals(realm)) { if (Log.isDebugEnabled()) { Log.debug("DefaultAuthorizationPolicy: authenRealm = "+realm+" which is approved"); } authorized = true; } else { if (Log.isDebugEnabled()) { Log.debug("DefaultAuthorizationPolicy: authenRealm != "+realm+" which is approved"); } } } } } else { //no realm in the authenID authorized = true; } if(!authorized) { return false; } else { //reset for next round of tests authorized = false; } //Next up, check if the username realm is acceptable. if(userRealm != null) { if(userRealm.equals(XMPPServerInfo.XMPP_DOMAIN.getValue())) { Log.debug("DefaultAuthorizationPolicy: userRealm = " + XMPPServerInfo.XMPP_DOMAIN.getKey()); authorized = true; } else { if(authenRealm != null && authenRealm.equals(userRealm)) { //authen and username are identical if (Log.isDebugEnabled()) { Log.debug("DefaultAuthorizationPolicy: userRealm = "+authenRealm+" which is approved"); } authorized = true; } } } else { authorized = true; } //no more checks return authorized; }
Example #5
Source File: From Openfire with Apache License 2.0 | 4 votes |
* Populates the key store with a self-signed certificate for the domain of this XMPP service.
* If the 'algorithm' parameter is used, then this method will evaluate only certificates that match that
* certificate.
* @param algorithm An optional algorithm constraint (eg: "RSA"). Can be null, cannot be empty.
* @deprecated Unused as of Openfire 4.3.0. Use 'addSelfSignedDomainCertificate' instead. See OF-1599.
* @throws CertificateStoreConfigException if a self-signed certificate could not be created
public synchronized void addSelfSignedDomainCertificate( String algorithm ) throws CertificateStoreConfigException
if ( algorithm != null && algorithm.isEmpty() )
throw new IllegalArgumentException( "Argument 'algorithm' cannot be empty (but is allowed to be null)." );
final int keySize;
final String signAlgorithm;
if ( algorithm == null ) {
algorithm = JiveGlobals.getProperty( "cert.algorithm", "RSA" );
switch ( algorithm.toUpperCase() )
case "RSA":
keySize = JiveGlobals.getIntProperty( "cert.rsa.keysize", 2048 );
signAlgorithm = JiveGlobals.getProperty( "cert.rsa.algorithm", "SHA256WITHRSAENCRYPTION" );
case "DSA":
keySize = JiveGlobals.getIntProperty( "cert.dsa.keysize", 1024 );
signAlgorithm = JiveGlobals.getProperty( "cert.dsa.algorithm", "SHA256withDSA" );
throw new IllegalArgumentException( "Unsupported algorithm '" + algorithm + "'. Use 'RSA' or 'DSA'." );
final String name = XMPPServerInfo.XMPP_DOMAIN.getValue().toLowerCase();
final String alias = name + "_" + algorithm.toLowerCase();
final int validityInDays = JiveGlobals.getIntProperty( "cert.validity-days", 5*365 );
Set<String> sanDnsNames = CertificateManager.determineSubjectAlternateNameDnsNameValues();
// OF-1605: Check if a wildcard entry is to be used to represent/replace any subdomains of the XMPP domain name.
final boolean useWildcard = JiveGlobals.getBooleanProperty( "cert.wildcard", true );
if ( useWildcard )
final String wildcard = "*." + XMPPServer.getInstance().getServerInfo().getXMPPDomain();
// Remove any names that match the wildcard.
sanDnsNames =
.filter( sanDnsName -> !DNSUtil.isNameCoveredByPattern( sanDnsName, wildcard ) )
.collect( Collectors.toSet() );
// Add the domain and wildcard entries.
sanDnsNames.add( XMPPServer.getInstance().getServerInfo().getXMPPDomain() );
sanDnsNames.add( wildcard );
} "Generating a new private key and corresponding self-signed certificate for domain name '{}', using the {} algorithm (sign-algorithm: {} with a key size of {} bits). Certificate will be valid for {} days.", name, algorithm, signAlgorithm, keySize, validityInDays );
// Generate public and private keys
final KeyPair keyPair = generateKeyPair( algorithm.toUpperCase(), keySize );
// Create X509 certificate with keys and specified domain
final X509Certificate cert = CertificateManager.createX509V3Certificate( keyPair, validityInDays, name, name, name, signAlgorithm, sanDnsNames );
// Store new certificate and private key in the key store
store.setKeyEntry( alias, keyPair.getPrivate(), configuration.getPassword(), new X509Certificate[]{cert} );
// Persist the changes in the store to disk.
catch ( CertificateStoreConfigException | IOException | GeneralSecurityException ex )
reload(); // reset state of the store.
throw new CertificateStoreConfigException( "Unable to generate new self-signed " + algorithm + " certificate.", ex );
// TODO Notify listeners that a new certificate has been created
Example #6
Source File: From Openfire with Apache License 2.0 | 4 votes |
public XMPPServerInfo getServerInfo() {
return getXMPPServer().getServerInfo();
Example #7
Source File: From Openfire with Apache License 2.0 | 4 votes |
public static XMPPServerInfo mockXMPPServerInfo() { final XMPPServerInfo xmppServerInfo = mock(XMPPServerInfo.class, withSettings().lenient()); doReturn(XMPP_DOMAIN).when(xmppServerInfo).getXMPPDomain(); return xmppServerInfo; }
Example #8
Source File: From Openfire with Apache License 2.0 | 2 votes |
/** * Returns the domain associated with this AuthToken. * * @return the domain associated with this AuthToken. * @deprecated As Openfire serves only one domain, there's no need for a domain-specific token. Use {@link XMPPServerInfo#getXMPPDomain()} instead. */ @Deprecated public String getDomain() { return XMPPServerInfo.XMPP_DOMAIN.getValue(); }