Skip to content

O
Openfire
Commit 1f4d6288 authored by Guus der Kinderen's avatar Guus der Kinderen
Browse files
Options

CertificateStoreManager should be a proper module.

parent 953b85af
Hide whitespace changes
Inline Side-by-side
Showing with 288 additions and 197 deletions
src/conf/modules.xml
View file @ 1f4d6288
......@@ -28,7 +28,8 @@
<module interface="org.jivesoftware.openfire.OfflineMessageStrategy" implementation="org.jivesoftware.openfire.OfflineMessageStrategy" />
<module interface="org.jivesoftware.openfire.OfflineMessageStore" implementation="org.jivesoftware.openfire.OfflineMessageStore" />
<module interface="org.jivesoftware.openfire.vcard.VCardManager" implementation="org.jivesoftware.openfire.vcard.VCardManager" />
<module interface="org.jivesoftware.openfire.keystore.CertificateStoreManager"" implementation="org.jivesoftware.openfire.keystore.CertificateStoreManager" />
<!-- Standard Modules -->
<module interface="org.jivesoftware.openfire.handler.IQBindHandler" implementation="org.jivesoftware.openfire.handler.IQBindHandler" />
<module interface="org.jivesoftware.openfire.handler.IQSessionEstablishmentHandler" implementation="org.jivesoftware.openfire.handler.IQSessionEstablishmentHandler" />
......
src/java/org/jivesoftware/openfire/XMPPServer.java
View file @ 1f4d6288
......@@ -373,13 +373,22 @@ public class XMPPServer {
// Set default SASL SCRAM-SHA-1 iteration count
JiveGlobals.setProperty("sasl.scram-sha-1.iteration-count", Integer.toString(ScramUtils.DEFAULT_ITERATION_COUNT));
// Update certificates (if required)
// Check if keystore (that out-of-the-box is a fallback for all keystores) already has certificates for current domain.
CertificateStoreManager certificateStoreManager = null; // Will be a module after finishing setup.
try {
// Check if keystore (that out-of-the-box is a fallback for all keystores) already has certificates for current domain.
final IdentityStore storeConfig = CertificateStoreManager.getIdentityStore( ConnectionType.SOCKET_C2S );
storeConfig.ensureDomainCertificates( "DSA", "RSA" );
certificateStoreManager = new CertificateStoreManager();
certificateStoreManager.initialize( this );
certificateStoreManager.start();
final IdentityStore identityStore = certificateStoreManager.getIdentityStore( ConnectionType.SOCKET_C2S );
identityStore.ensureDomainCertificates( "DSA", "RSA" );
} catch (Exception e) {
logger.error("Error generating self-signed certificates", e);
} finally {
if (certificateStoreManager != null)
{
certificateStoreManager.stop();
certificateStoreManager.destroy();
}
}
// Initialize list of admins now (before we restart Jetty)
......@@ -1408,6 +1417,16 @@ public class XMPPServer {
return (InternalComponentManager) modules.get(InternalComponentManager.class.getName());
}
/**
* Returns the <code>CertificateStoreManager</code> registered with this server. The
* <code>CertificateStoreManager</code> was registered with the server as a module while starting up
* the server.
*
* @return the <code>CertificateStoreManager</code> registered with this server.
*/
public CertificateStoreManager getCertificateStoreManager() {
return (CertificateStoreManager) modules.get( CertificateStoreManager.class.getName() );
}
/**
* Returns the locator to use to find sessions hosted in other cluster nodes. When not running
* in a cluster a <tt>null</tt> value is returned.
......
src/java/org/jivesoftware/openfire/clearspace/SSLProtocolSocketFactory.java
View file @ 1f4d6288
......@@ -35,6 +35,7 @@ import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.keystore.CertificateStoreManager;
import org.jivesoftware.openfire.spi.ConnectionType;
import org.slf4j.Logger;
......@@ -70,7 +71,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
new ClearspaceX509TrustManager(
host,
manager.getProperties(),
CertificateStoreManager.getTrustStore( ConnectionType.SOCKET_S2S ).getStore() )
XMPPServer.getInstance().getCertificateStoreManager().getTrustStore( ConnectionType.SOCKET_S2S ).getStore() )
},
null);
return context;
......
src/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java
View file @ 1f4d6288
......@@ -141,7 +141,7 @@ public class AdminConsolePlugin implements Plugin {
// Create a connector for https traffic if it's enabled.
sslEnabled = false;
try {
final IdentityStore identityStore = CertificateStoreManager.getIdentityStore( ConnectionType.WEBADMIN );
final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.WEBADMIN );
if (adminSecurePort > 0 )
{
if ( identityStore.getAllCertificates().isEmpty() )
......
src/java/org/jivesoftware/openfire/http/HttpBindManager.java
View file @ 1f4d6288
......@@ -248,7 +248,7 @@ public final class HttpBindManager {
private void createSSLConnector(int securePort, int bindThreads) {
httpsConnector = null;
try {
final IdentityStore identityStore = CertificateStoreManager.getIdentityStore( ConnectionType.BOSH_C2S );
final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.BOSH_C2S );
if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements() ) {
if ( !identityStore.containsDomainCertificate( "RSA" ) ) {
......
src/java/org/jivesoftware/openfire/keystore/CertificateStoreManager.java
View file @ 1f4d6288
package org.jivesoftware.openfire.keystore;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.container.BasicModule;
import org.jivesoftware.openfire.spi.ConnectionListener;
import org.jivesoftware.openfire.spi.ConnectionManagerImpl;
import org.jivesoftware.openfire.spi.ConnectionType;
......@@ -19,7 +20,7 @@ import java.util.concurrent.ConcurrentMap;
*/
// TODO Code duplication should be reduced.
// TODO Allow changing the store type.
public class CertificateStoreManager
public class CertificateStoreManager extends BasicModule
{
private final static Logger Log = LoggerFactory.getLogger( CertificateStoreManager.class );
......@@ -28,17 +29,16 @@ public class CertificateStoreManager
private final ConcurrentMap<CertificateStoreConfiguration, IdentityStore> identityStores = new ConcurrentHashMap<>();
private final ConcurrentMap<CertificateStoreConfiguration, TrustStore> trustStores = new ConcurrentHashMap<>();
private static CertificateStoreManager INSTANCE;
static synchronized CertificateStoreManager getInstance( ) {
if (INSTANCE == null) {
INSTANCE = new CertificateStoreManager();
}
return INSTANCE;
public CertificateStoreManager( )
{
super( "Certificate Store Manager" );
}
private CertificateStoreManager( )
@Override
public synchronized void initialize( XMPPServer server )
{
super.initialize( server );
for ( ConnectionType type : ConnectionType.values() )
{
try
......@@ -73,21 +73,29 @@ public class CertificateStoreManager
}
}
public static IdentityStore getIdentityStore( ConnectionType type )
@Override
public synchronized void destroy()
{
final CertificateStoreManager manager = getInstance();
final CertificateStoreConfiguration configuration = manager.typeToIdentityStore.get( type );
return manager.identityStores.get( configuration );
typeToIdentityStore.clear();
typeToTrustStore.clear();
identityStores.clear();
trustStores.clear();
super.destroy();
}
public static TrustStore getTrustStore( ConnectionType type )
public IdentityStore getIdentityStore( ConnectionType type )
{
final CertificateStoreManager manager = getInstance();
final CertificateStoreConfiguration configuration = manager.typeToTrustStore.get( type );
return manager.trustStores.get( configuration );
final CertificateStoreConfiguration configuration = typeToIdentityStore.get( type );
return identityStores.get( configuration );
}
public static void replaceIdentityStore( ConnectionType type, CertificateStoreConfiguration configuration ) throws CertificateStoreConfigException
public TrustStore getTrustStore( ConnectionType type )
{
final CertificateStoreConfiguration configuration = typeToTrustStore.get( type );
return trustStores.get( configuration );
}
public void replaceIdentityStore( ConnectionType type, CertificateStoreConfiguration configuration ) throws CertificateStoreConfigException
{
if ( type == null)
{
......@@ -98,27 +106,25 @@ public class CertificateStoreManager
throw new IllegalArgumentException( "Argument 'configuration' cannot be null." );
}
final CertificateStoreManager manager = getInstance();
final CertificateStoreConfiguration oldConfig = manager.typeToIdentityStore.get( type ); // can be null if persisted properties are invalid
final CertificateStoreConfiguration oldConfig = typeToIdentityStore.get( type ); // can be null if persisted properties are invalid
if ( oldConfig == null || !oldConfig.equals( configuration ) )
{
// If the new store is not already being used by any other type, it'll need to be registered.
if ( !manager.identityStores.containsKey( configuration ) )
if ( !identityStores.containsKey( configuration ) )
{
// This constructor can throw an exception. If it does, the state of the manager should not have already changed.
final IdentityStore store = new IdentityStore( configuration, true );
manager.identityStores.put( configuration, store );
identityStores.put( configuration, store );
}
manager.typeToIdentityStore.put( type, configuration );
typeToIdentityStore.put( type, configuration );
// If the old store is not used by any other type, it can be shut down.
if ( oldConfig != null && !manager.typeToIdentityStore.containsValue( oldConfig ) )
if ( oldConfig != null && !typeToIdentityStore.containsValue( oldConfig ) )
{
manager.identityStores.remove( oldConfig );
identityStores.remove( oldConfig );
}
// Update all connection listeners that were using the old configuration.
......@@ -137,7 +143,7 @@ public class CertificateStoreManager
JiveGlobals.setProperty( type.getPrefix() + "keypass", new String( configuration.getPassword() ) );
}
public static void replaceTrustStore( ConnectionType type, CertificateStoreConfiguration configuration ) throws CertificateStoreConfigException
public void replaceTrustStore( ConnectionType type, CertificateStoreConfiguration configuration ) throws CertificateStoreConfigException
{
if ( type == null)
{
......@@ -148,27 +154,25 @@ public class CertificateStoreManager
throw new IllegalArgumentException( "Argument 'configuration' cannot be null." );
}
final CertificateStoreManager manager = getInstance();
final CertificateStoreConfiguration oldConfig = manager.typeToTrustStore.get( type ); // can be null if persisted properties are invalid
final CertificateStoreConfiguration oldConfig = typeToTrustStore.get( type ); // can be null if persisted properties are invalid
if ( oldConfig == null || !oldConfig.equals( configuration ) )
{
// If the new store is not already being used by any other type, it'll need to be registered.
if ( !manager.trustStores.containsKey( configuration ) )
if ( !trustStores.containsKey( configuration ) )
{
// This constructor can throw an exception. If it does, the state of the manager should not have already changed.
final TrustStore store = new TrustStore( configuration, true );
manager.trustStores.put( configuration, store );
trustStores.put( configuration, store );
}
manager.typeToTrustStore.put( type, configuration );
typeToTrustStore.put( type, configuration );
// If the old store is not used by any other type, it can be shut down.
if ( oldConfig != null && !manager.typeToTrustStore.containsValue( oldConfig ) )
if ( oldConfig != null && !typeToTrustStore.containsValue( oldConfig ) )
{
manager.trustStores.remove( oldConfig );
trustStores.remove( oldConfig );
}
// Update all connection listeners that were using the old configuration.
......@@ -188,7 +192,7 @@ public class CertificateStoreManager
JiveGlobals.setProperty( type.getPrefix() + "trustpass", new String( configuration.getPassword() ) );
}
public static CertificateStoreConfiguration getIdentityStoreConfiguration( ConnectionType type ) throws IOException
public CertificateStoreConfiguration getIdentityStoreConfiguration( ConnectionType type ) throws IOException
{
// Getting individual properties might use fallbacks. It is assumed (but not asserted) that each property value
// is obtained from the same connectionType (which is either the argument to this method, or one of its
......@@ -201,7 +205,7 @@ public class CertificateStoreManager
return new CertificateStoreConfiguration( keyStoreType, file, password.toCharArray() );
}
public static CertificateStoreConfiguration getTrustStoreConfiguration( ConnectionType type ) throws IOException
public CertificateStoreConfiguration getTrustStoreConfiguration( ConnectionType type ) throws IOException
{
// Getting individual properties might use fallbacks. It is assumed (but not asserted) that each property value
// is obtained from the same connectionType (which is either the argument to this method, or one of its
......
src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
View file @ 1f4d6288
......@@ -656,9 +656,10 @@ public class SASLAuthentication {
}
public static boolean verifyCertificates(Certificate[] chain, String hostname, boolean isS2S) {
final CertificateStoreManager certificateStoreManager = XMPPServer.getInstance().getCertificateStoreManager();
final ConnectionType connectionType = isS2S ? ConnectionType.SOCKET_S2S : ConnectionType.SOCKET_C2S;
final KeyStore keyStore = CertificateStoreManager.getIdentityStore( connectionType ).getStore();
final KeyStore trustStore = CertificateStoreManager.getTrustStore( connectionType ).getStore();
final KeyStore keyStore = certificateStoreManager.getIdentityStore( connectionType ).getStore();
final KeyStore trustStore = certificateStoreManager.getTrustStore( connectionType ).getStore();
final X509Certificate trusted = CertificateManager.getEndEntityCertificate( chain, keyStore, trustStore );
if (trusted != null) {
return verifyCertificate(trusted, hostname);
......
src/java/org/jivesoftware/openfire/session/LocalIncomingServerSession.java
View file @ 1f4d6288
......@@ -34,6 +34,7 @@ import org.dom4j.io.XMPPPacketReader;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.keystore.CertificateStoreManager;
import org.jivesoftware.openfire.net.SASLAuthentication;
......@@ -153,7 +154,7 @@ public class LocalIncomingServerSession extends LocalServerSession implements In
Connection.TLSPolicy.required;
boolean hasCertificates = false;
try {
hasCertificates = CertificateStoreManager.getIdentityStore( ConnectionType.SOCKET_S2S ).getStore().size() > 0;
hasCertificates = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.SOCKET_S2S ).getStore().size() > 0;
}
catch (Exception e) {
Log.error(e.getMessage(), e);
......@@ -374,7 +375,7 @@ public class LocalIncomingServerSession extends LocalServerSession implements In
usingSelfSigned = true;
} else {
try {
final KeyStore keyStore = CertificateStoreManager.getIdentityStore( ConnectionType.SOCKET_S2S ).getStore();
final KeyStore keyStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.SOCKET_S2S ).getStore();
usingSelfSigned = CertificateManager.isSelfSignedCertificate(keyStore, (X509Certificate) chain[0]);
} catch (KeyStoreException ex) {
Log.warn("Exception occurred while trying to determine whether local certificate is self-signed. Proceeding as if it is.", ex);
......
src/java/org/jivesoftware/openfire/spi/ConnectionConfiguration.java
View file @ 1f4d6288
......@@ -3,6 +3,7 @@ package org.jivesoftware.openfire.spi;
import org.apache.mina.filter.ssl.SslFilter;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.keystore.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -375,8 +376,9 @@ public class ConnectionConfiguration
this.cipherSuitesEnabled = Collections.unmodifiableSet( suitesEnabled );
this.cipherSuitesDisabled = Collections.unmodifiableSet( cipherSuitesDisabled );
this.identityStore = CertificateStoreManager.getIdentityStore( type );
this.trustStore = CertificateStoreManager.getTrustStore( type );
final CertificateStoreManager certificateStoreManager = XMPPServer.getInstance().getCertificateStoreManager();
this.identityStore = certificateStoreManager.getIdentityStore( type );
this.trustStore = certificateStoreManager.getTrustStore( type );
this.Log = LoggerFactory.getLogger( this.getClass().getName() + "["+port+"-"+type+"]" );
}
......
src/java/org/jivesoftware/openfire/spi/ConnectionManagerImpl.java
View file @ 1f4d6288
......@@ -85,6 +85,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
Log.warn( "Unable to resolve bind address: ", e );
}
final CertificateStoreManager certificateStoreManager = XMPPServer.getInstance().getCertificateStoreManager();
// client-to-server
clientListener = new ConnectionListener(
ConnectionType.SOCKET_C2S,
......@@ -96,8 +98,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
ConnectionSettings.Client.TLS_POLICY,
ConnectionSettings.Client.AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.SOCKET_C2S ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.SOCKET_C2S )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.SOCKET_C2S ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.SOCKET_C2S )
);
clientSslListener = new ConnectionListener(
ConnectionType.SOCKET_C2S,
......@@ -109,8 +111,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
Connection.TLSPolicy.legacyMode.name(), // force legacy mode
ConnectionSettings.Client.AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.SOCKET_C2S ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.SOCKET_C2S )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.SOCKET_C2S ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.SOCKET_C2S )
);
// BOSH / HTTP-bind
boshListener = new ConnectionListener(
......@@ -123,8 +125,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
Connection.TLSPolicy.disabled.name(), // StartTLS over HTTP? Should use boshSslListener instead.
HttpBindManager.HTTP_BIND_AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.BOSH_C2S ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.BOSH_C2S )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.BOSH_C2S ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.BOSH_C2S )
);
boshSslListener = new ConnectionListener(
ConnectionType.BOSH_C2S,
......@@ -136,8 +138,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
Connection.TLSPolicy.legacyMode.name(),
HttpBindManager.HTTP_BIND_AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.BOSH_C2S ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.BOSH_C2S )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.BOSH_C2S ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.BOSH_C2S )
);
// server-to-server (federation)
serverListener = new ConnectionListener(
......@@ -150,8 +152,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
ConnectionSettings.Server.TLS_POLICY,
ConnectionSettings.Server.AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.SOCKET_S2S ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.SOCKET_S2S )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.SOCKET_S2S ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.SOCKET_S2S )
);
// external components (XEP 0114)
componentListener = new ConnectionListener(
......@@ -164,8 +166,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
ConnectionSettings.Component.TLS_POLICY,
ConnectionSettings.Component.AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.COMPONENT ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.COMPONENT )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.COMPONENT ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.COMPONENT )
);
componentSslListener = new ConnectionListener(
ConnectionType.COMPONENT,
......@@ -177,8 +179,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
Connection.TLSPolicy.legacyMode.name(), // force legacy mode
ConnectionSettings.Component.AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.COMPONENT ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.COMPONENT )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.COMPONENT ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.COMPONENT )
);
// Multiplexers (our propertietary connection manager implementation)
......@@ -192,8 +194,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
ConnectionSettings.Multiplex.TLS_POLICY,
ConnectionSettings.Multiplex.AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.CONNECTION_MANAGER ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.CONNECTION_MANAGER )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.CONNECTION_MANAGER ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.CONNECTION_MANAGER )
);
connectionManagerSslListener = new ConnectionListener(
ConnectionType.CONNECTION_MANAGER,
......@@ -205,23 +207,23 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
Connection.TLSPolicy.legacyMode.name(), // force legacy mode
ConnectionSettings.Multiplex.AUTH_PER_CLIENTCERT_POLICY,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.CONNECTION_MANAGER ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.CONNECTION_MANAGER )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.CONNECTION_MANAGER ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.CONNECTION_MANAGER )
);
// Admin console (the Openfire web-admin) // TODO these use the XML properties instead of normal properties!
webAdminListener = new ConnectionListener(
ConnectionType.WEBADMIN,
"adminConsole.port",
9090,
null,
"adminConsole.serverThreads",
null,
Connection.TLSPolicy.disabled.name(), // StartTLS over HTTP? Should use webAdminSslListener instead.
null,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.WEBADMIN ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.WEBADMIN )
ConnectionType.WEBADMIN,
"adminConsole.port",
9090,
null,
"adminConsole.serverThreads",
null,
Connection.TLSPolicy.disabled.name(), // StartTLS over HTTP? Should use webAdminSslListener instead.
null,
bindAddress,
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.WEBADMIN ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.WEBADMIN )
);
webAdminSslListener = new ConnectionListener(
......@@ -234,8 +236,8 @@ public class ConnectionManagerImpl extends BasicModule implements ConnectionMana
Connection.TLSPolicy.legacyMode.name(),
null,
bindAddress,
CertificateStoreManager.getIdentityStoreConfiguration( ConnectionType.WEBADMIN ),
CertificateStoreManager.getTrustStoreConfiguration( ConnectionType.WEBADMIN )
certificateStoreManager.getIdentityStoreConfiguration( ConnectionType.WEBADMIN ),
certificateStoreManager.getTrustStoreConfiguration( ConnectionType.WEBADMIN )
);
}
......
src/resources/jar/admin-sidebar.xml
View file @ 1f4d6288
......@@ -141,28 +141,99 @@
url="security-certificate-store-management.jsp"
description="Manage Openfire Certificate stores">
<!--&lt;!&ndash; Certificate key stores ("Openfire Certificates") &ndash;&gt;-->
<sidebar id="sidebar-certificate-store-socket-c2s" name="${sidebar.client-connections-settings}">
<item id="sidebar-certificate-store-SOCKET_C2S-identity-store" name="Identity Store"
url="security-keystore.jsp?connectionType=SOCKET_C2S"
description="Contains key and certificate that serve as identification of Openfire."/>
<item id="sidebar-certificate-store-SOCKET_C2S-trust-store" name="Trust Store"
url="security-truststore.jsp?connectionType=SOCKET_C2S"
description="Contains certificates that are used to verify the identity of peers."/>
</sidebar>
<sidebar id="sidebar-certificate-store-socket-s2s" name="${sidebar.server2server-settings}">
<item id="sidebar-certificate-store-SOCKET_S2S-identity-store" name="Identity Store"
url="security-keystore.jsp?connectionType=SOCKET_S2S"
description="Contains key and certificate that serve as identification of Openfire."/>
<item id="sidebar-certificate-store-SOCKET_S2S-trust-store" name="Trust Store"
url="security-truststore.jsp?connectionType=SOCKET_S2S"
description="Contains certificates that are used to verify the identity of peers."/>
</sidebar>
<sidebar id="sidebar-certificate-store-bosh-c2s" name="${sidebar.http-bind}">
<item id="sidebar-certificate-store-BOSH_C2S-identity-store" name="Identity Store"
url="security-keystore.jsp?connectionType=BOSH_C2S"
description="Contains key and certificate that serve as identification of Openfire."/>
<item id="sidebar-certificate-store-BOSH_C2S-trust-store" name="Trust Store"
url="security-truststore.jsp?connectionType=BOSH_C2S"
description="Contains certificates that are used to verify the identity of peers."/>
</sidebar>
<sidebar id="sidebar-certificate-store-component" name="${sidebar.external-components-settings}">
<item id="sidebar-certificate-store-COMPONENT-identity-store" name="Identity Store"
url="security-keystore.jsp?connectionType=COMPONENT"
description="Contains key and certificate that serve as identification of Openfire."/>
<item id="sidebar-certificate-store-COMPONENT-trust-store" name="Trust Store"
url="security-truststore.jsp?connectionType=COMPONENT"
description="Contains certificates that are used to verify the identity of peers."/>
</sidebar>
<sidebar id="sidebar-certificate-store-connection-manager" name="${sidebar.connection-managers-settings}">
<item id="sidebar-certificate-store-CONNECTION_MANAGER-identity-store" name="Identity Store"
url="security-keystore.jsp?connectionType=CONNECTION_MANAGER"
description="Contains key and certificate that serve as identification of Openfire."/>
<item id="sidebar-certificate-store-CONNECTION_MANAGER-trust-store" name="Trust Store"
url="security-truststore.jsp?connectionType=CONNECTION_MANAGER"
description="Contains certificates that are used to verify the identity of peers."/>
</sidebar>
<sidebar id="sidebar-certificate-store-webadmin" name="${admin.console}">
<item id="sidebar-certificate-store-WEBADMIN-identity-store" name="Identity Store"
url="security-keystore.jsp?connectionType=WEBADMIN"
description="Contains key and certificate that serve as identification of Openfire."/>
<item id="sidebar-certificate-store-WEBADMIN-trust-store" name="Trust Store"
url="security-truststore.jsp?connectionType=WEBADMIN"
description="Contains certificates that are used to verify the identity of peers."/>
</sidebar>
<!--&lt;!&ndash; Certificate key stores ("Openfire Certificates") &ndash;&gt;-->
<!--<item id="sidebar-certificates-keys" name="${sidebar.sidebar-certificates-keys}"-->
<!--url="security-keystore.jsp">-->
<sidebar id="sidebar-certificates-keys-submenu" name="${sidebar.sidebar-certificates-keys-submenu}">
<!--<sidebar id="sidebar-certificates-keys-submenu" name="${sidebar.sidebar-certificates-keys-submenu}">-->
<!-- Socket Server Certificates -->
<item id="security-keystore-socket" name="${sidebar.security-keystore-socket}"
url="security-keystore.jsp?connectivityType=socket"
description="${sidebar.security-keystore-socket.descr}"/>
<!--&lt;!&ndash; Socket Server Certificates &ndash;&gt;-->
<!--<item id="security-keystore-socket" name="${sidebar.security-keystore-socket}"-->
<!--url="security-keystore.jsp?connectivityType=socket"-->
<!--description="${sidebar.security-keystore-socket.descr}"/>-->
<!-- BOSH Server Certificates -->
<item id="security-keystore-bosh" name="${sidebar.security-keystore-bosh}"
url="security-keystore.jsp?connectivityType=bosh"
description="${sidebar.security-keystore-bosh.descr}"/>
<!--&lt;!&ndash; BOSH Server Certificates &ndash;&gt;-->
<!--<item id="security-keystore-bosh" name="${sidebar.security-keystore-bosh}"-->
<!--url="security-keystore.jsp?connectivityType=bosh"-->
<!--description="${sidebar.security-keystore-bosh.descr}"/>-->
<!-- Administrative Server Certificates -->
<item id="security-keystore-administrative" name="${sidebar.security-keystore-administrative}"
url="security-keystore.jsp?connectivityType=administrative"
description="${sidebar.security-keystore-administrative.descr}"/>
<!--&lt;!&ndash; Administrative Server Certificates &ndash;&gt;-->
<!--<item id="security-keystore-administrative" name="${sidebar.security-keystore-administrative}"-->
<!--url="security-keystore.jsp?connectivityType=administrative"-->
<!--description="${sidebar.security-keystore-administrative.descr}"/>-->
</sidebar>
<!--</sidebar>-->
</item>
......
src/web/import-keystore-certificate.jsp
View file @ 1f4d6288
<%@ page errorPage="error.jsp" %>
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager" %>
<%@ page import="org.jivesoftware.openfire.keystore.IdentityStore" %>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionType" %>
<%@ page import="org.jivesoftware.util.ParamUtils" %>
......@@ -42,7 +41,7 @@
}
if (errors.isEmpty()) {
try {
final IdentityStore identityStore = CertificateStoreManager.getIdentityStore( storeConnectionType );
final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( storeConnectionType );
// Create an alias for the signed certificate
String domain = XMPPServer.getInstance().getServerInfo().getXMPPDomain();
......
src/web/import-truststore-certificate.jsp
View file @ 1f4d6288
<%@ page errorPage="error.jsp"%>
<%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager"%>
<%@ page import="org.jivesoftware.openfire.keystore.TrustStore"%>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionType"%>
<%@ page import="org.jivesoftware.util.ParamUtils"%>
<%@ page import="java.util.HashMap" %>
<%@ page import="java.util.Map" %>
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ taglib uri="admin" prefix="admin" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
......@@ -33,7 +33,7 @@
if (save && errors.isEmpty())
{
final TrustStore trustStoreConfig = CertificateStoreManager.getTrustStore( storeConnectionType );
final TrustStore trustStoreConfig = XMPPServer.getInstance().getCertificateStoreManager().getTrustStore( storeConnectionType );
if (alias == null || "".equals(alias))
{
......
src/web/index.jsp
View file @ 1f4d6288
......@@ -32,7 +32,6 @@
<%@ page import="org.jivesoftware.openfire.container.AdminConsolePlugin" %>
<%@ page import="org.jivesoftware.openfire.filetransfer.proxy.FileTransferProxy" %>
<%@ page import="org.jivesoftware.openfire.http.HttpBindManager" %>
<%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager" %>
<%@ page import="org.jivesoftware.openfire.keystore.IdentityStore" %>
<%@ page import="org.jivesoftware.openfire.mediaproxy.MediaProxyService" %>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionListener" %>
......@@ -243,7 +242,7 @@
<fmt:message key="index.server_name" />
</td>
<td class="c2">
<% final IdentityStore identityStore = CertificateStoreManager.getIdentityStore( ConnectionType.SOCKET_C2S ); %>
<% final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.SOCKET_C2S ); %>
<% try { %>
<% if (!identityStore.containsDomainCertificate( "RSA" )) {%>
<img src="images/warning-16x16.gif" width="16" height="16" border="0" alt="<fmt:message key="index.certificate-warning" />" title="<fmt:message key="index.certificate-warning" />">&nbsp;
......
src/web/security-certificate-details.jsp
View file @ 1f4d6288
......@@ -9,6 +9,7 @@
<%@ page import="java.security.cert.X509Certificate" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="java.util.Map" %>
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ taglib uri="admin" prefix="admin" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
......@@ -43,11 +44,12 @@
{
try
{
final CertificateStoreManager certificateStoreManager = XMPPServer.getInstance().getCertificateStoreManager();
final CertificateStore store;
if (isTrustStore) {
store = CertificateStoreManager.getTrustStore( storeConnectionType );
store = certificateStoreManager.getTrustStore( storeConnectionType );
} else {
store = CertificateStoreManager.getIdentityStore( storeConnectionType );
store = certificateStoreManager.getIdentityStore( storeConnectionType );
}
// Get the certificate
......
src/web/security-certificate-store-management.jsp
View file @ 1f4d6288
<%@ page errorPage="error.jsp"%>
>
<%@ page import="java.util.HashMap" %>
<%@ page import="org.jivesoftware.util.ParamUtils" %>
<%@ page import="java.util.Map" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionType" %>
<%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager" %>
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ taglib uri="admin" prefix="admin" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager" />
<% webManager.init( request, response, session, application, out );
<jsp:useBean id="now" class="java.util.Date"/>
<% webManager.init(request, response, session, application, out );
// Read parameters
final boolean save = request.getParameter("save") != null;
// TODO actually save something!
// Pre-update property values
final Map<String, String> errors = new HashMap<>();
pageContext.setAttribute( "errors", errors );
pageContext.setAttribute( "connectionTypes", ConnectionType.values() );
pageContext.setAttribute( "certificateStoreManager", XMPPServer.getInstance().getCertificateStoreManager());
%>
<html>
<head>
<title>Certificate Stores</title>
<meta name="pageID" content="security-certificate-store-management"/>
</head>
<>
<c:forEach var="err" items="${errors}">
<admin:infobox type="error">
<c:if test="${not empty err.value}">
<fmt:message key="admin.error"/>: <c:out value="${err.value}"/>
</c:if>
(<c:out value="${err.key}"/>)
<c:choose>
<!--Use the template below for specific error messages. -->
<c:when test="${err.key eq 'template'}">
An unexpected error occurred.
</c:when>
<c:otherwise>
<c:if test="${not empty err.value}">
<fmt:message key="admin.error"/>: <c:out value="${err.value}"/>
</c:if>
(<c:out value="${err.key}"/>)
</c:otherwise>
</c:choose>
</admin:infobox>
</c:forEach>
<c:if test="${param.success}">
<admin:infobox type="success">Settings Updated Successfully</admin:infobox>
</c:if>
<c:if test="${param.noChange}">
<admin:infobox type="info">The provided settings were no different than before. Nothing changed.</admin:infobox>
</c:if>
<p>
Certificates are used (through TLS and SSL protocols) to establish secure connections between servers and clients.
When a secured connection is being created, parties can retrieve a certificate from the other party and (amongst
......@@ -66,46 +64,37 @@
<p>
This section of the admin panel is dedicated to management of the various key and trust stores that act as
repositories for sets of security certificates. By default, a small set of stores is re-used for various purposes,
but Openfire allows you to configure a distinct set of stores for each type. To do so, please change the store
locations below.
but Openfire allows you to configure a distinct set of stores for each connection type.
</p>
<form action="security-certificate-store-management.jsp" method="post">
<c:forEach items="${connectionTypes}" var="connectionType">
<div class="jive-contentBoxHeader">
Regular XMPP connection Stores
</div>
<div class="jive-contentBox">
<p>
These stores are used for regular, TCP-based XMPP communication. Three stores are provided: one identity store
and two trust stores. One of the trust stores applies to server-to-server federation. The other trust store
applies to the optional client-based mutual authentication feature in Openfire.
</p>
<c:set var="trustStore" value="${certificateStoreManager.
<admin:contentBox title="XMPP Client Connection Stores">
<p>
Openfire ships with an empty client trust store, as in typical environments, certificate-based authentication of
clients is not required.
These stores are used for regular, TCP-based client-to-server XMPP communication. Two stores are provided:
one identity store and a trust store. Openfire ships with an empty client trust store, as in typical
environments, certificate-based authentication of clients is not required.
</p>
<table cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td><label for="loc-key-socket">Identity Store:</label></td>
<td><input id="loc-key-socket" name="loc-key-socket" type="text" size="40" value="${locKeySocket}"/></td>
<td><a href="security-keystore.jsp?storeConnectionType=SOCKETBASED_IDENTITYSTORE">Manage Store Contents</a></td>
</tr>
<tr>
<td><label for="loc-trust-socket-s2s">Server Trust Store:</label></td>
<td><input id="loc-trust-socket-s2s" name="loc-trust-socket-s2s" type="text" size="40" value="${locTrustSocketS2S}"/></td>
<td><a href="security-truststore.jsp?storeConnectionType=SOCKETBASED_S2S_TRUSTSTORE">Manage Store Contents</a></td>
</tr>
<tr>
<td><label for="loc-trust-socket-c2s">Client Trust Store:</label></td>
<td><input id="loc-trust-socket-c2s" name="loc-trust-socket-c2s" type="text" size="40" value="${locTrustSocketC2S}"/></td>
<td><a href="security-truststore.jsp?storeConnectionType=SOCKETBASED_C2S_TRUSTSTORE">Manage Store Contents</a></td>
</tr>
<tr>
<td><label for="loc-key-socket">Identity Store:</label></td>
<td><input id="loc-key-socket" name="loc-key-socket" type="text" size="40" value="${locKeySocket}"/></td>
<td><a href="security-keystore.jsp?connectionType=${connectionType}">Manage Store Contents</a></td>
</tr>
<tr>
<td><label for="loc-trust-socket-c2s">Trust Store:</label></td>
<td><input id="loc-trust-socket-c2s" name="loc-trust-socket-c2s" type="text" size="40" value="${locTrustSocketC2S}"/></td>
<td><a href="security-truststore.jsp?storeConnectionType=${connectionType}">Manage Store Contents</a></td>
</tr>
</tbody>
</table>
</div>
</admin:contentBox>
</c:forEach>
<div class="jive-contentBoxHeader">
BOSH (HTTP Binding) connection Stores
......@@ -188,8 +177,8 @@
</table>
</div>
<!-- TODO enable me <input type="submit" name="save" value="<fmt:message key="global.save_settings" />"> -->
</form>
-->
</body>
</html>
src/web/security-keystore.jsp
View file @ 1f4d6288
......@@ -2,7 +2,6 @@
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ page import="org.jivesoftware.openfire.container.AdminConsolePlugin" %>
<%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager" %>
<%@ page import="org.jivesoftware.openfire.keystore.IdentityStore" %>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionType" %>
<%@ page import="org.jivesoftware.util.ParamUtils" %>
......@@ -15,26 +14,27 @@
<%@ taglib uri="admin" prefix="admin" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<jsp:useBean id="now" class="java.util.Date"/>
<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager"/>
<% webManager.init(request, response, session, application, out); %>
<% // Get parameters:
final boolean generate = ParamUtils.getBooleanParameter(request, "generate");
final boolean delete = ParamUtils.getBooleanParameter(request, "delete");
final boolean importReply = ParamUtils.getBooleanParameter(request, "importReply");
final String alias = ParamUtils.getParameter( request, "alias" );
final String storePurposeText = ParamUtils.getParameter( request, "storeConnectionType" );
final boolean generate = ParamUtils.getBooleanParameter(request, "generate");
final boolean delete = ParamUtils.getBooleanParameter(request, "delete");
final boolean importReply = ParamUtils.getBooleanParameter(request, "importReply");
final String alias = ParamUtils.getParameter( request, "alias" );
final String connectionTypeText = ParamUtils.getParameter( request, "connectionType" );
final Map<String, String> errors = new HashMap<String, String>();
final Map<String, String> errors = new HashMap<>();
ConnectionType storeConnectionType = null;
ConnectionType connectionType = null;
IdentityStore identityStore = null;
try
{
storeConnectionType = ConnectionType.valueOf( storePurposeText );
identityStore = CertificateStoreManager.getIdentityStore( storeConnectionType );
connectionType = ConnectionType.valueOf( connectionTypeText );
identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( connectionType );
if ( identityStore == null )
{
errors.put( "identityStore", "Unable to get an instance." );
......@@ -42,15 +42,15 @@
}
catch (RuntimeException ex)
{
errors.put( "storeConnectionType", ex.getMessage() );
errors.put( "connectionType", ex.getMessage() );
}
if ( errors.isEmpty() )
{
pageContext.setAttribute( "storeConnectionType", storeConnectionType );
pageContext.setAttribute( "connectionType", connectionType );
pageContext.setAttribute( "identityStore", identityStore );
final Set<ConnectionType> sameStoreConnectionTypes = Collections.EMPTY_SET; // TODO FIXME: SSLConfig.getInstance().getOtherPurposesForSameStore( storeConnectionType );
final Set<ConnectionType> sameStoreConnectionTypes = Collections.EMPTY_SET; // TODO FIXME: SSLConfig.getInstance().getOtherPurposesForSameStore( connectionType );
pageContext.setAttribute( "sameStoreConnectionTypes", sameStoreConnectionTypes );
final Map<String, X509Certificate> certificates = identityStore.getAllCertificates();
......@@ -72,8 +72,8 @@
identityStore.delete( alias );
// Log the event
webManager.logEvent( "deleted SSL cert from " + storePurposeText + " with alias " + alias, null );
response.sendRedirect( "security-keystore.jsp?storeConnectionType=" + storePurposeText + "&deletesuccess=true" );
webManager.logEvent( "deleted SSL cert from " + connectionType + " with alias " + alias, null );
response.sendRedirect( "security-keystore.jsp?connectionType=" + connectionType+ "&deletesuccess=true" );
return;
}
catch ( Exception e )
......@@ -141,13 +141,13 @@
<html>
<head>
<title><fmt:message key="ssl.certificates.keystore.title"/></title>
<meta name="pageID" content="security-keystore"/>
<meta name="subPageID" content="sidebar-certificate-store-${fn:toLowerCase(connectionType)}-identity-store"/>
</head>
<body>
<c:if test="${restartNeeded}">
<admin:infobox type="warning">
<fmt:message key="ssl.certificates.keystore.restart_server">
<fmt:param value="<a href='server-restart.jsp?page=security-keystore.jsp&storeConnectionType=${storeConnectionType}'>"/>
<fmt:param value="<a href='server-restart.jsp?page=security-keystore.jsp&connectionType=${connectionType}'>"/>
<fmt:param value="</a>"/>
</fmt:message>
</admin:infobox>
......@@ -175,9 +175,9 @@
<c:if test="${not validDSACert or not validRSACert}">
<admin:infobox type="warning">
<fmt:message key="ssl.certificates.keystore.no_installed">
<fmt:param value="<a href='security-keystore.jsp?generate=true&storeConnectionType=${storeConnectionType}'>"/>
<fmt:param value="<a href='security-keystore.jsp?generate=true&connectionType=${connectionType}'>"/>
<fmt:param value="</a>"/>
<fmt:param value="<a href='import-keystore-certificate.jsp?storeConnectionType=${storeConnectionType}'>"/>
<fmt:param value="<a href='import-keystore-certificate.jsp?connectionType=${connectionType}'>"/>
<fmt:param value="</a>"/>
</fmt:message>
</admin:infobox>
......@@ -200,7 +200,7 @@
<p>
<fmt:message key="ssl.certificates.keystore.info">
<fmt:param value="<a href='import-keystore-certificate.jsp?storeConnectionType=${storeConnectionType}'>"/>
<fmt:param value="<a href='import-keystore-certificate.jsp?connectionType=${connectionType}'>"/>
<fmt:param value="</a>"/>
</fmt:message>
</p>
......@@ -274,7 +274,7 @@
%>
<tr valign="top">
<td>
<a href="security-certificate-details.jsp?storeConnectionType=${storeConnectionType}&alias=${alias}" title="<fmt:message key='session.row.cliked'/>">
<a href="security-certificate-details.jsp?connectionType=${connectionType}&alias=${alias}" title="<fmt:message key='session.row.cliked'/>">
<c:forEach items="${identities}" var="currentItem" varStatus="stat">
<c:out value="${stat.first ? '' : ','} ${currentItem}"/>
</c:forEach>
......@@ -326,7 +326,7 @@
<c:out value="${certificate.publicKey.algorithm}"/>
</td>
<td width="1" align="center">
<a href="security-keystore.jsp?alias=${alias}&storeConnectionType=${storeConnectionType}&delete=true"
<a href="security-keystore.jsp?alias=${alias}&connectionType=${connectionType}&delete=true"
title="<fmt:message key="global.click_delete"/>"
onclick="return confirm('<fmt:message key="ssl.certificates.confirm_delete"/>');"
><img src="images/delete-16x16.gif" width="16" height="16" border="0" alt=""></a>
......
src/web/security-truststore.jsp
View file @ 1f4d6288
<%@ page errorPage="error.jsp"%>
<%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager"%>
<%@ page import="org.jivesoftware.openfire.keystore.TrustStore"%>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionType"%>
<%@ page import="org.jivesoftware.util.ParamUtils"%>
......@@ -8,6 +7,7 @@
<%@ page import="java.util.Map" %>
<%@ page import="java.util.Set" %>
<%@ page import="java.security.cert.X509Certificate" %>
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ taglib uri="admin" prefix="admin" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
......@@ -20,29 +20,29 @@
final boolean delete = ParamUtils.getBooleanParameter( request, "delete" );
final String alias = ParamUtils.getParameter( request, "alias" );
final String storePurposeText = ParamUtils.getParameter(request, "storeConnectionType");
final String connectionTypeText = ParamUtils.getParameter( request, "connectionType" );
final Map<String, String> errors = new HashMap<>();
ConnectionType storeConnectionType = null;
ConnectionType connectionType = null;
TrustStore trustStore = null;
try
{
storeConnectionType = ConnectionType.valueOf( storePurposeText );
trustStore = CertificateStoreManager.getTrustStore( storeConnectionType );
connectionType = ConnectionType.valueOf( connectionTypeText );
trustStore = XMPPServer.getInstance().getCertificateStoreManager().getTrustStore( connectionType );
if ( trustStore == null )
{
errors.put( "trustStore", "Unable to get an instance." );
}
}
catch (RuntimeException ex)
catch ( RuntimeException ex )
{
errors.put( "storeConnectionType", ex.getMessage() );
errors.put( "connectionType", ex.getMessage() );
}
if ( errors.isEmpty() )
{
pageContext.setAttribute( "storeConnectionType", storeConnectionType );
pageContext.setAttribute( "connectionType", connectionType );
pageContext.setAttribute( "trustStore", trustStore );
final Set<ConnectionType> sameStoreConnectionTypes = Collections.EMPTY_SET; // TODO FIXME: SSLConfig.getInstance().getOtherPurposesForSameStore( storeConnectionType );
......@@ -64,8 +64,8 @@
trustStore.delete( alias );
// Log the event
webManager.logEvent( "deleted SSL cert from " + storePurposeText + " with alias " + alias, null );
response.sendRedirect( "security-truststore.jsp?storeConnectionType=" + storePurposeText + "&deletesuccess=true" );
webManager.logEvent( "deleted SSL cert from " + connectionType + " with alias " + alias, null );
response.sendRedirect( "security-keystore.jsp?connectionType=" + connectionType+ "&deletesuccess=true" );
return;
}
catch ( Exception e )
......@@ -81,7 +81,7 @@
<html>
<head>
<title><fmt:message key="certificate-management.connectionType.${storeConnectionType}.title"/></title>
<title><fmt:message key="certificate-management.connectionType.${connectionType}.title"/></title>
<meta name="pageID" content="security-truststore"/>
<style>
.info-header {
......@@ -133,9 +133,9 @@
<admin:infobox type="success"><fmt:message key="ssl.certificates.added_updated"/></admin:infobox>
</c:if>
<c:if test="${storeConnectionType != null}">
<c:if test="${connectionType != null}">
<p>
<fmt:message key="certificate-management.connectionType.${storeConnectionType}.description"/>
<fmt:message key="certificate-management.connectionType.${connectionType}.description"/>
</p>
<table border="0" width="100%">
......@@ -177,7 +177,7 @@
<p>
<fmt:message key="ssl.certificates.truststore.link-to-import">
<fmt:param value="<a href='import-truststore-certificate.jsp?storeConnectionType=${storeConnectionType}'>"/>
<fmt:param value="<a href='import-truststore-certificate.jsp?connectionType=${connectionType}'>"/>
<fmt:param value="</a>"/>
</fmt:message>
</p>
......@@ -230,7 +230,7 @@
<tr valign="top">
<td>
<a href="security-certificate-details.jsp?storeConnectionType=${storeConnectionType}&alias=${alias}" title="<fmt:message key='session.row.cliked'/>">
<a href="security-certificate-details.jsp?connectionType=${connectionType}&alias=${alias}" title="<fmt:message key='session.row.cliked'/>">
<c:choose>
<c:when test="${empty fn:trim(organization)}">
<c:out value="${commonname}"/>
......@@ -264,7 +264,7 @@
<c:out value="${certificate.publicKey.algorithm}"/>
</td>
<td width="1" align="center">
<a href="security-truststore.jsp?storeConnectionType=${storeConnectionType}&alias=${alias}&delete=true"
<a href="security-truststore.jsp?connectionType=${connectionType}&alias=${alias}&delete=true"
title="<fmt:message key="global.click_delete"/>"
onclick="return confirm('<fmt:message key="ssl.certificates.confirm_delete"/>');"
><img src="images/delete-16x16.gif" width="16" height="16" border="0" alt=""></a>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023