OF-1309 Move to using DomainPairs exclusively

src/java/org/jivesoftware/openfire/SessionManager.java

@@ -41,20 +41,7 @@ import org.jivesoftware.openfire.http.HttpConnection;
 import org.jivesoftware.openfire.http.HttpSession;
 import org.jivesoftware.openfire.multiplex.ConnectionMultiplexerManager;
 import org.jivesoftware.openfire.server.OutgoingSessionPromise;
-import org.jivesoftware.openfire.session.ClientSession;
-import org.jivesoftware.openfire.session.ClientSessionInfo;
-import org.jivesoftware.openfire.session.ComponentSession;
-import org.jivesoftware.openfire.session.ConnectionMultiplexerSession;
-import org.jivesoftware.openfire.session.GetSessionsCountTask;
-import org.jivesoftware.openfire.session.IncomingServerSession;
-import org.jivesoftware.openfire.session.LocalClientSession;
-import org.jivesoftware.openfire.session.LocalComponentSession;
-import org.jivesoftware.openfire.session.LocalConnectionMultiplexerSession;
-import org.jivesoftware.openfire.session.LocalIncomingServerSession;
-import org.jivesoftware.openfire.session.LocalOutgoingServerSession;
-import org.jivesoftware.openfire.session.OutgoingServerSession;
-import org.jivesoftware.openfire.session.RemoteSessionLocator;
-import org.jivesoftware.openfire.session.Session;
+import org.jivesoftware.openfire.session.*;
 import org.jivesoftware.openfire.spi.BasicStreamIDFactory;
 import org.jivesoftware.openfire.user.UserManager;
 import org.jivesoftware.util.JiveGlobals;
@@ -1321,9 +1308,9 @@ public class SessionManager extends BasicModule implements ClusterEventListener/
         public void onConnectionClose(Object handback) {
             OutgoingServerSession session = (OutgoingServerSession)handback;
             // Remove all the hostnames that were registered for this server session
-            for (String hostname : session.getHostnames()) {
+            for (DomainPair domainPair : session.getOutgoingDomainPairs()) {
                 // Remove the route to the session using the hostname
-                server.getRoutingTable().removeServerRoute(new JID(hostname));
+                server.getRoutingTable().removeServerRoute(new JID(null, domainPair.getRemote(), null, true));
             }
         }
     }

src/java/org/jivesoftware/openfire/session/DomainPair.java

@@ -12,18 +12,6 @@ public class DomainPair {
         this.remote = remote;
     }
 
-    public int hashCode() {
-        return toString().hashCode();
-    }
-
-    public boolean equals(Object other) {
-        if (other instanceof DomainPair) {
-            DomainPair domainPair = (DomainPair)other;
-            return domainPair.local.equals(this.local) && domainPair.remote.equals(this.remote);
-        }
-        return false;
-    }
-
     public String toString() {
         return "{" + local + " -> " + remote + "}";
     }
@@ -35,4 +23,22 @@ public class DomainPair {
     public String getRemote() {
         return remote;
     }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        DomainPair that = (DomainPair) o;
+
+        if (!local.equals(that.local)) return false;
+        return remote.equals(that.remote);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = local.hashCode();
+        result = 31 * result + remote.hashCode();
+        return result;
+    }
 }

src/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java

@@ -20,10 +20,7 @@ import java.io.IOException;
 import java.io.InputStreamReader;
 import java.net.Socket;
 import java.nio.charset.StandardCharsets;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Iterator;
+import java.util.*;
 import java.util.regex.Pattern;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -85,8 +82,6 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
      */
     private static Pattern pattern = Pattern.compile("[a-zA-Z]");
 
-    private Collection<String> authenticatedDomains = new HashSet<>();
-    private final Collection<String> hostnames = new HashSet<>();
     private OutgoingServerSocketReader socketReader;
     private Collection<DomainPair> outgoingDomainPairs = new HashSet<>();
 
@@ -200,11 +195,7 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
                 if (session != null) {
                     log.debug( "Created a new session." );
 
-                    // Add the validated domain as an authenticated domain
-                    session.addAuthenticatedDomain(localDomain);
-                    // Add the new domain to the list of names that the server may have
-                    session.addHostname(remoteDomain);
-                    // Notify the SessionManager that a new session has been created
+                    session.addOutgoingDomainPair(localDomain, remoteDomain);
                     sessionManager.outgoingServerSessionCreated((LocalOutgoingServerSession) session);
                     log.debug( "Authentication successful." );
                     return true;
@@ -572,11 +563,12 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
 
     @Override
 	boolean canProcess(Packet packet) {
-        String senderDomain = packet.getFrom().getDomain();
+        final String senderDomain = packet.getFrom().getDomain();
+        final String recipDomain = packet.getTo().getDomain();
         boolean processed = true;
-        if (!getAuthenticatedDomains().contains(senderDomain)) {
+        if (!checkOutgoingDomainPair(senderDomain, recipDomain)) {
             synchronized (("Auth::" + senderDomain).intern()) {
-                if (!getAuthenticatedDomains().contains(senderDomain) &&
+                if (!checkOutgoingDomainPair(senderDomain, recipDomain) &&
                         !authenticateSubdomain(senderDomain, packet.getTo().getDomain())) {
                     // Return error since sender domain was not validated by remote server
                     processed = false;
@@ -601,15 +593,12 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
         if (!usingServerDialback) {
             // Using SASL so just assume that the domain was validated
             // (note: this may not be correct)
-            addAuthenticatedDomain(localDomain);
-            addHostname(remoteDomain);
+            addOutgoingDomainPair(localDomain, remoteDomain);
             return true;
         }
         ServerDialback method = new ServerDialback(getConnection(), localDomain);
         if (method.authenticateDomain(socketReader, localDomain, remoteDomain, getStreamID().getID())) {
             // Add the validated domain as an authenticated domain
-            addAuthenticatedDomain(localDomain);
-            addHostname(remoteDomain);
             addOutgoingDomainPair(localDomain, remoteDomain);
             return true;
         }
@@ -669,44 +658,31 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
         }
     }
 
-    @Override
-    public Collection<String> getAuthenticatedDomains() {
-        return Collections.unmodifiableCollection(authenticatedDomains);
-    }
-
-    @Override
-    public void addAuthenticatedDomain(String domain) {
-        authenticatedDomains.add(domain);
-    }
-
-    @Override
-    public Collection<String> getHostnames() {
-        synchronized (hostnames) {
-            return Collections.unmodifiableCollection(hostnames);
-        }
-    }
-
-    @Override
-    public void addHostname(String hostname) {
-        synchronized (hostnames) {
-            hostnames.add(hostname);
-        }
-        // Add a new route for this new session
-        XMPPServer.getInstance().getRoutingTable().addServerRoute(new JID(null, hostname, null, true), this);
-    }
-
     @Override
 	public String getAvailableStreamFeatures() {
         // Nothing special to add
         return null;
     }
 
+    @Override
     public void addOutgoingDomainPair(String localDomain, String remoteDomain) {
         outgoingDomainPairs.add(new DomainPair(localDomain, remoteDomain));
+        boolean found = false;
+        for (DomainPair domainPair : outgoingDomainPairs) {
+            if (domainPair.getRemote().equals(remoteDomain)) found = true;
+        }
+        if (!found) {
+            XMPPServer.getInstance().getRoutingTable().addServerRoute(new JID(null, remoteDomain, null, true), this);
+        }
     }
 
     @Override
     public boolean checkOutgoingDomainPair(String localDomain, String remoteDomain) {
          return outgoingDomainPairs.contains(new DomainPair(localDomain, remoteDomain));
     }
+
+    @Override
+    public Collection<DomainPair> getOutgoingDomainPairs() {
+        return outgoingDomainPairs;
+    }
 }

src/java/org/jivesoftware/openfire/session/OutgoingServerSession.java

@@ -34,51 +34,43 @@ import java.util.Collection;
  */
 public interface OutgoingServerSession extends ServerSession {
     /**
-     * Returns a collection with all the domains, subdomains and virtual hosts that where
-     * authenticated. The remote server will accept packets sent from any of these domains,
-     * subdomains and virtual hosts.
+     * Authenticates a subdomain of this server with the specified remote server over an exsiting
+     * outgoing connection. If the existing session was using server dialback then a new db:result
+     * is going to be sent to the remote server. But if the existing session was TLS+SASL based
+     * then just assume that the subdomain was authenticated by the remote server.
      *
-     * @return domains, subdomains and virtual hosts that where validated.
+     * @param domain the locally domain to authenticate with the remote server.
+     * @param hostname the domain of the remote server.
+     * @return True if the domain was authenticated by the remote server.
      */
-    Collection<String> getAuthenticatedDomains();
+    boolean authenticateSubdomain(String domain, String hostname);
 
     /**
-     * Adds a new authenticated domain, subdomain or virtual host to the list of
-     * authenticated domains for the remote server. The remote server will accept packets
-     * sent from this new authenticated domain.
+     * Checks to see if a pair of domains has previously been authenticated.
      *
-     * @param domain the new authenticated domain, subdomain or virtual host to add.
-     */
-    void addAuthenticatedDomain(String domain);
-
-    /**
-     * Returns the list of hostnames related to the remote server. This tracking is useful for
-     * reusing the same session for the same remote server even if the server has many names.
+     * Since domains are authenticated as pairs, authenticating A->B does
+     *  not imply anything about A-->C or D->B.
      *
-     * @return the list of hostnames related to the remote server.
+     * @param local the local domain (previously: authenticated domain)
+     * @param remote the remote domain (previous: hostname)
+     * @return True if the pair of domains has been authenticated.
      */
-    Collection<String> getHostnames();
+    boolean checkOutgoingDomainPair(String local, String remote);
 
     /**
-     * Adds a new hostname to the list of known hostnames of the remote server. This tracking is
-     * useful for reusing the same session for the same remote server even if the server has
-     * many names.
+     * Marks a domain pair as being authenticated.
      *
-     * @param hostname the new known name of the remote server
+     * @param local the locally hosted domain.
+     * @param remote the remote domain.
      */
-    void addHostname(String hostname);
+    void addOutgoingDomainPair(String local, String remote);
 
     /**
-     * Authenticates a subdomain of this server with the specified remote server over an exsiting
-     * outgoing connection. If the existing session was using server dialback then a new db:result
-     * is going to be sent to the remote server. But if the existing session was TLS+SASL based
-     * then just assume that the subdomain was authenticated by the remote server.
+     * Obtains all authenticated domain pairs.
      *
-     * @param domain the local subdomain to authenticate with the remote server.
-     * @param hostname the hostname of the remote server.
-     * @return True if the subdomain was authenticated by the remote server.
+     * Most callers should avoid accessing this and use a simple check as above.
+     *
+     * @return collection of authenticated DomainPairs
      */
-    boolean authenticateSubdomain(String domain, String hostname);
-
-    boolean checkOutgoingDomainPair(String local, String remote);
+    Collection<DomainPair> getOutgoingDomainPairs();
 }