OF-1309 Move to using DomainPairs exclusively

2e1f93f0 · Dave Cridland · Guus der Kinderen · 528f8cd8 · 2e1f93f0 · 2e1f93f0
Commit 2e1f93f0 authored Sep 07, 2017 by Dave Cridland Committed by Guus der Kinderen Sep 15, 2017
4 changed files
--- a/src/java/org/jivesoftware/openfire/SessionManager.java
+++ b/src/java/org/jivesoftware/openfire/SessionManager.java
@@ -41,20 +41,7 @@ import org.jivesoftware.openfire.http.HttpConnection;
 import org.jivesoftware.openfire.http.HttpSession;
 import org.jivesoftware.openfire.multiplex.ConnectionMultiplexerManager;
 import org.jivesoftware.openfire.server.OutgoingSessionPromise;
-import org.jivesoftware.openfire.session.ClientSession;
+import org.jivesoftware.openfire.session.*;
-import org.jivesoftware.openfire.session.ClientSessionInfo;
-import org.jivesoftware.openfire.session.ComponentSession;
-import org.jivesoftware.openfire.session.ConnectionMultiplexerSession;
-import org.jivesoftware.openfire.session.GetSessionsCountTask;
-import org.jivesoftware.openfire.session.IncomingServerSession;
-import org.jivesoftware.openfire.session.LocalClientSession;
-import org.jivesoftware.openfire.session.LocalComponentSession;
-import org.jivesoftware.openfire.session.LocalConnectionMultiplexerSession;
-import org.jivesoftware.openfire.session.LocalIncomingServerSession;
-import org.jivesoftware.openfire.session.LocalOutgoingServerSession;
-import org.jivesoftware.openfire.session.OutgoingServerSession;
-import org.jivesoftware.openfire.session.RemoteSessionLocator;
-import org.jivesoftware.openfire.session.Session;
 import org.jivesoftware.openfire.spi.BasicStreamIDFactory;
 import org.jivesoftware.openfire.user.UserManager;
 import org.jivesoftware.util.JiveGlobals;
@@ -1321,9 +1308,9 @@ public class SessionManager extends BasicModule implements ClusterEventListener/
        public void onConnectionClose(Object handback) {
            OutgoingServerSession session = (OutgoingServerSession)handback;
            // Remove all the hostnames that were registered for this server session
-            for (String hostname : session.getHostnames()) {
+            for (DomainPair domainPair : session.getOutgoingDomainPairs()) {
                // Remove the route to the session using the hostname
-                server.getRoutingTable().removeServerRoute(new JID(hostname));
+                server.getRoutingTable().removeServerRoute(new JID(null, domainPair.getRemote(), null, true));
            }
        }
    }

--- a/src/java/org/jivesoftware/openfire/session/DomainPair.java
+++ b/src/java/org/jivesoftware/openfire/session/DomainPair.java
@@ -12,18 +12,6 @@ public class DomainPair {
        this.remote = remote;
    }
-    public int hashCode() {
-        return toString().hashCode();
-    }
-    public boolean equals(Object other) {
-        if (other instanceof DomainPair) {
-            DomainPair domainPair = (DomainPair)other;
-            return domainPair.local.equals(this.local) && domainPair.remote.equals(this.remote);
-        }
-        return false;
-    }
    public String toString() {
        return "{" + local + " -> " + remote + "}";
    }
@@ -35,4 +23,22 @@ public class DomainPair {
    public String getRemote() {
        return remote;
    }
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        DomainPair that = (DomainPair) o;
+        if (!local.equals(that.local)) return false;
+        return remote.equals(that.remote);
+    }
+    @Override
+    public int hashCode() {
+        int result = local.hashCode();
+        result = 31 * result + remote.hashCode();
+        return result;
+    }
 }
--- a/src/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java
+++ b/src/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java
@@ -20,10 +20,7 @@ import java.io.IOException;
 import java.io.InputStreamReader;
 import java.net.Socket;
 import java.nio.charset.StandardCharsets;
-import java.util.Collection;
+import java.util.*;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Iterator;
 import java.util.regex.Pattern;
 import javax.net.ssl.SSLHandshakeException;
@@ -85,8 +82,6 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
     */
    private static Pattern pattern = Pattern.compile("[a-zA-Z]");
-    private Collection<String> authenticatedDomains = new HashSet<>();
-    private final Collection<String> hostnames = new HashSet<>();
    private OutgoingServerSocketReader socketReader;
    private Collection<DomainPair> outgoingDomainPairs = new HashSet<>();
@@ -200,11 +195,7 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
                if (session != null) {
                    log.debug( "Created a new session." );
-                    // Add the validated domain as an authenticated domain
+                    session.addOutgoingDomainPair(localDomain, remoteDomain);
-                    session.addAuthenticatedDomain(localDomain);
-                    // Add the new domain to the list of names that the server may have
-                    session.addHostname(remoteDomain);
-                    // Notify the SessionManager that a new session has been created
                    sessionManager.outgoingServerSessionCreated((LocalOutgoingServerSession) session);
                    log.debug( "Authentication successful." );
                    return true;
@@ -572,11 +563,12 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
    @Override
 	boolean canProcess(Packet packet) {
-        String senderDomain = packet.getFrom().getDomain();
+        final String senderDomain = packet.getFrom().getDomain();
+        final String recipDomain = packet.getTo().getDomain();
        boolean processed = true;
-        if (!getAuthenticatedDomains().contains(senderDomain)) {
+        if (!checkOutgoingDomainPair(senderDomain, recipDomain)) {
            synchronized (("Auth::" + senderDomain).intern()) {
-                if (!getAuthenticatedDomains().contains(senderDomain) &&
+                if (!checkOutgoingDomainPair(senderDomain, recipDomain) &&
                        !authenticateSubdomain(senderDomain, packet.getTo().getDomain())) {
                    // Return error since sender domain was not validated by remote server
                    processed = false;
@@ -601,15 +593,12 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
        if (!usingServerDialback) {
            // Using SASL so just assume that the domain was validated
            // (note: this may not be correct)
-            addAuthenticatedDomain(localDomain);
+            addOutgoingDomainPair(localDomain, remoteDomain);
-            addHostname(remoteDomain);
            return true;
        }
        ServerDialback method = new ServerDialback(getConnection(), localDomain);
        if (method.authenticateDomain(socketReader, localDomain, remoteDomain, getStreamID().getID())) {
            // Add the validated domain as an authenticated domain
-            addAuthenticatedDomain(localDomain);
-            addHostname(remoteDomain);
            addOutgoingDomainPair(localDomain, remoteDomain);
            return true;
        }
@@ -669,44 +658,31 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
        }
    }
-    @Override
-    public Collection<String> getAuthenticatedDomains() {
-        return Collections.unmodifiableCollection(authenticatedDomains);
-    }
-    @Override
-    public void addAuthenticatedDomain(String domain) {
-        authenticatedDomains.add(domain);
-    }
-    @Override
-    public Collection<String> getHostnames() {
-        synchronized (hostnames) {
-            return Collections.unmodifiableCollection(hostnames);
-        }
-    }
-    @Override
-    public void addHostname(String hostname) {
-        synchronized (hostnames) {
-            hostnames.add(hostname);
-        }
-        // Add a new route for this new session
-        XMPPServer.getInstance().getRoutingTable().addServerRoute(new JID(null, hostname, null, true), this);
-    }
    @Override
 	public String getAvailableStreamFeatures() {
        // Nothing special to add
        return null;
    }
+    @Override
    public void addOutgoingDomainPair(String localDomain, String remoteDomain) {
        outgoingDomainPairs.add(new DomainPair(localDomain, remoteDomain));
+        boolean found = false;
+        for (DomainPair domainPair : outgoingDomainPairs) {
+            if (domainPair.getRemote().equals(remoteDomain)) found = true;
+        }
+        if (!found) {
+            XMPPServer.getInstance().getRoutingTable().addServerRoute(new JID(null, remoteDomain, null, true), this);
+        }
    }
    @Override
    public boolean checkOutgoingDomainPair(String localDomain, String remoteDomain) {
         return outgoingDomainPairs.contains(new DomainPair(localDomain, remoteDomain));
    }
+    @Override
+    public Collection<DomainPair> getOutgoingDomainPairs() {
+        return outgoingDomainPairs;
+    }
 }
--- a/src/java/org/jivesoftware/openfire/session/OutgoingServerSession.java
+++ b/src/java/org/jivesoftware/openfire/session/OutgoingServerSession.java
@@ -34,51 +34,43 @@ import java.util.Collection;
 */
 public interface OutgoingServerSession extends ServerSession {
    /**
-     * Returns a collection with all the domains, subdomains and virtual hosts that where
+     * Authenticates a subdomain of this server with the specified remote server over an exsiting
-     * authenticated. The remote server will accept packets sent from any of these domains,
+     * outgoing connection. If the existing session was using server dialback then a new db:result
-     * subdomains and virtual hosts.
+     * is going to be sent to the remote server. But if the existing session was TLS+SASL based
+     * then just assume that the subdomain was authenticated by the remote server.
     *
-     * @return domains, subdomains and virtual hosts that where validated.
+     * @param domain the locally domain to authenticate with the remote server.
+     * @param hostname the domain of the remote server.
+     * @return True if the domain was authenticated by the remote server.
     */
-    Collection<String> getAuthenticatedDomains();
+    boolean authenticateSubdomain(String domain, String hostname);
    /**
-     * Adds a new authenticated domain, subdomain or virtual host to the list of
+     * Checks to see if a pair of domains has previously been authenticated.
-     * authenticated domains for the remote server. The remote server will accept packets
-     * sent from this new authenticated domain.
     *
-     * @param domain the new authenticated domain, subdomain or virtual host to add.
+     * Since domains are authenticated as pairs, authenticating A->B does
-     */
+     *  not imply anything about A-->C or D->B.
-    void addAuthenticatedDomain(String domain);
-    /**
-     * Returns the list of hostnames related to the remote server. This tracking is useful for
-     * reusing the same session for the same remote server even if the server has many names.
     *
-     * @return the list of hostnames related to the remote server.
+     * @param local the local domain (previously: authenticated domain)
+     * @param remote the remote domain (previous: hostname)
+     * @return True if the pair of domains has been authenticated.
     */
-    Collection<String> getHostnames();
+    boolean checkOutgoingDomainPair(String local, String remote);
    /**
-     * Adds a new hostname to the list of known hostnames of the remote server. This tracking is
+     * Marks a domain pair as being authenticated.
-     * useful for reusing the same session for the same remote server even if the server has
-     * many names.
     *
-     * @param hostname the new known name of the remote server
+     * @param local the locally hosted domain.
+     * @param remote the remote domain.
     */
-    void addHostname(String hostname);
+    void addOutgoingDomainPair(String local, String remote);
    /**
-     * Authenticates a subdomain of this server with the specified remote server over an exsiting
+     * Obtains all authenticated domain pairs.
-     * outgoing connection. If the existing session was using server dialback then a new db:result
-     * is going to be sent to the remote server. But if the existing session was TLS+SASL based
-     * then just assume that the subdomain was authenticated by the remote server.
     *
-     * @param domain the local subdomain to authenticate with the remote server.
+     * Most callers should avoid accessing this and use a simple check as above.
-     * @param hostname the hostname of the remote server.
+     *
-     * @return True if the subdomain was authenticated by the remote server.
+     * @return collection of authenticated DomainPairs
     */
-    boolean authenticateSubdomain(String domain, String hostname);
+    Collection<DomainPair> getOutgoingDomainPairs();
-    boolean checkOutgoingDomainPair(String local, String remote);
 }