ComponentStanzaHandler.java 9.36 KB
Newer Older
1
/**
2 3
 * $Revision: $
 * $Date: $
4
 *
5
 * Copyright (C) 2005-2008 Jive Software. All rights reserved.
6
 *
7 8 9 10 11 12 13 14 15 16 17
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
18 19
 */

20
package org.jivesoftware.openfire.net;
21 22

import org.dom4j.Element;
23
import org.jivesoftware.openfire.Connection;
24 25 26 27
import org.jivesoftware.openfire.PacketRouter;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.component.InternalComponentManager;
import org.jivesoftware.openfire.session.ComponentSession;
28
import org.jivesoftware.openfire.session.LocalComponentSession;
29
import org.jivesoftware.openfire.session.Session;
30 31
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
32
import org.xmlpull.v1.XmlPullParser;
33
import org.xmlpull.v1.XmlPullParserException;
34
import org.xmpp.component.ComponentException;
35 36
import org.xmpp.packet.IQ;
import org.xmpp.packet.Message;
37
import org.xmpp.packet.PacketError;
38
import org.xmpp.packet.Presence;
39 40

/**
41 42 43 44 45 46
 * Handler of XML stanzas sent by external components connected directly to the server. Received packet will
 * have their FROM attribute overriden to avoid spoofing.<p>
 *
 * This is an implementation of the XEP-114. In the future we will add support for XEP-225 now that
 * we are using MINA things should be easier. Since we are now using MINA incoming traffic is handled
 * by a set of worker threads.
47 48 49
 *
 * @author Gaston Dombiak
 */
50
public class ComponentStanzaHandler extends StanzaHandler {
51

52 53
	private static final Logger Log = LoggerFactory.getLogger(ComponentStanzaHandler.class);

54 55
    public ComponentStanzaHandler(PacketRouter router, String serverName, Connection connection) {
        super(router, serverName, connection);
56 57
    }

58 59
    @Override
	boolean processUnknowPacket(Element doc) throws UnauthorizedException {
60 61 62 63 64 65 66 67 68 69 70 71
        String tag = doc.getName();
        if ("handshake".equals(tag)) {
            // External component is trying to authenticate
            if (!((LocalComponentSession) session).authenticate(doc.getStringValue())) {
                session.close();
            }
            return true;
        } else if ("error".equals(tag) && "stream".equals(doc.getNamespacePrefix())) {
            session.close();
            return true;
        } else if ("bind".equals(tag)) {
            // Handle subsequent bind packets
72
            LocalComponentSession componentSession = (LocalComponentSession) session;
73 74 75 76
            // Get the external component of this session
            ComponentSession.ExternalComponent component = componentSession.getExternalComponent();
            String initialDomain = component.getInitialSubdomain();
            String extraDomain = doc.attributeValue("name");
77
            String allowMultiple = doc.attributeValue("allowMultiple");
78 79 80 81 82 83
            if (extraDomain == null || "".equals(extraDomain)) {
                // No new bind domain was specified so return a bad_request error
                Element reply = doc.createCopy();
                reply.add(new PacketError(PacketError.Condition.bad_request).getElement());
                connection.deliverRawText(reply.asXML());
            }
84 85 86 87 88
            else if (extraDomain.equals(initialDomain)) {
                // Component is binding initial domain that is already registered
                // Send confirmation that the new domain has been registered
                connection.deliverRawText("<bind/>");
            }
89 90
            else if (extraDomain.endsWith(initialDomain)) {
                // Only accept subdomains under the initial registered domain
91
                if (allowMultiple != null && component.getSubdomains().contains(extraDomain)) {
92 93 94 95 96 97 98
                    // Domain already in use so return a conflict error
                    Element reply = doc.createCopy();
                    reply.add(new PacketError(PacketError.Condition.conflict).getElement());
                    connection.deliverRawText(reply.asXML());
                }
                else {
                    try {
99 100 101 102 103 104 105
                        // Get the requested subdomain
                        String subdomain = extraDomain;
                        int index = extraDomain.indexOf(serverName);
                        if (index > -1) {
                            subdomain = extraDomain.substring(0, index -1);
                        }
                        InternalComponentManager.getInstance().addComponent(subdomain, component);
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
                        // Send confirmation that the new domain has been registered
                        connection.deliverRawText("<bind/>");
                    }
                    catch (ComponentException e) {
                        Log.error("Error binding extra domain: " + extraDomain + " to component: " +
                                component, e);
                        // Return internal server error
                        Element reply = doc.createCopy();
                        reply.add(new PacketError(
                                PacketError.Condition.internal_server_error).getElement());
                        connection.deliverRawText(reply.asXML());
                    }
                }
            }
            else {
                // Return forbidden error since we only allow subdomains of the intial domain
                // to be used by the same external component
                Element reply = doc.createCopy();
                reply.add(new PacketError(PacketError.Condition.forbidden).getElement());
                connection.deliverRawText(reply.asXML());
            }
            return true;
        }
129 130 131
        return false;
    }

132 133
    @Override
	protected void processIQ(IQ packet) throws UnauthorizedException {
134 135 136 137 138 139 140 141 142 143
        if (session.getStatus() != Session.STATUS_AUTHENTICATED) {
            // Session is not authenticated so return error
            IQ reply = new IQ();
            reply.setChildElement(packet.getChildElement().createCopy());
            reply.setID(packet.getID());
            reply.setTo(packet.getFrom());
            reply.setFrom(packet.getTo());
            reply.setError(PacketError.Condition.not_authorized);
            session.process(reply);
            return;
144
        }
145 146 147 148 149 150 151 152 153
        // Keep track of the component that sent an IQ get/set
        if (packet.getType() == IQ.Type.get || packet.getType() == IQ.Type.set) {
            // Handle subsequent bind packets
            LocalComponentSession componentSession = (LocalComponentSession) session;
            // Get the external component of this session
            LocalComponentSession.LocalExternalComponent component =
                    (LocalComponentSession.LocalExternalComponent) componentSession.getExternalComponent();
            component.track(packet);
        }
154 155 156
        super.processIQ(packet);
    }

157 158
    @Override
	protected void processPresence(Presence packet) throws UnauthorizedException {
159 160 161 162 163 164 165 166 167 168 169 170 171
        if (session.getStatus() != Session.STATUS_AUTHENTICATED) {
            // Session is not authenticated so return error
            Presence reply = new Presence();
            reply.setID(packet.getID());
            reply.setTo(packet.getFrom());
            reply.setFrom(packet.getTo());
            reply.setError(PacketError.Condition.not_authorized);
            session.process(reply);
            return;
        }
        super.processPresence(packet);
    }

172 173
    @Override
	protected void processMessage(Message packet) throws UnauthorizedException {
174 175 176 177 178 179 180 181 182 183 184 185 186
        if (session.getStatus() != Session.STATUS_AUTHENTICATED) {
            // Session is not authenticated so return error
            Message reply = new Message();
            reply.setID(packet.getID());
            reply.setTo(packet.getFrom());
            reply.setFrom(packet.getTo());
            reply.setError(PacketError.Condition.not_authorized);
            session.process(reply);
            return;
        }
        super.processMessage(packet);
    }

187 188
    @Override
	void startTLS() throws Exception {
189 190
        // TODO Finish implementation. We need to get the name of the CM if we want to validate certificates of the CM that requested TLS
        connection.startTLS(false, "IMPLEMENT_ME", Connection.ClientAuth.disabled);
191 192
    }

193 194
    @Override
	String getNamespace() {
195 196 197
        return "jabber:component:accept";
    }

198 199
    @Override
	boolean validateHost() {
200
        return false;
201 202
    }

203 204
    @Override
	boolean validateJIDs() {
205 206 207
        return false;
    }

208 209
    @Override
	boolean createSession(String namespace, String serverName, XmlPullParser xpp, Connection connection)
210 211 212 213 214 215
            throws XmlPullParserException {
        if (getNamespace().equals(namespace)) {
            // The connected client is a connection manager so create a ConnectionMultiplexerSession
            session = LocalComponentSession.createSession(serverName, xpp, connection);
            return true;
        }
216 217 218
        return false;
    }
}