Commit 5eb60080 authored by Dave Cridland's avatar Dave Cridland

Add TLS/Authentication diagnostics

This adds TLS information and Authentication choices to the server session
details page.

In doing so, it factors out a ServerSession interface, and LocalServerSession
class.
parent 2827a330
...@@ -1773,9 +1773,13 @@ server.session.details.info=Below are details about the sessions with the remote ...@@ -1773,9 +1773,13 @@ server.session.details.info=Below are details about the sessions with the remote
server.session.details.hostname=Remote server IP / Hostname: server.session.details.hostname=Remote server IP / Hostname:
server.session.details.incoming_session=Incoming Session Details server.session.details.incoming_session=Incoming Session Details
server.session.details.streamid=Stream ID server.session.details.streamid=Stream ID
server.session.details.incoming_statistics=Statistics (Packets Received) server.session.details.authentication=Authentication
server.session.details.dialback=Dialback
server.session.details.tlsauth=Certificate
server.session.details.cipher=Cipher Suite
server.session.details.incoming_statistics=Packets RX
server.session.details.outgoing_session=Outgoing Session Details server.session.details.outgoing_session=Outgoing Session Details
server.session.details.outgoing_statistics=Statistics (Packets Sent) server.session.details.outgoing_statistics=Packets TX
# External Component Session summary Page # External Component Session summary Page
......
...@@ -43,7 +43,7 @@ import java.util.Collection; ...@@ -43,7 +43,7 @@ import java.util.Collection;
* *
* @author Gaston Dombiak * @author Gaston Dombiak
*/ */
public interface IncomingServerSession extends Session { public interface IncomingServerSession extends ServerSession {
/** /**
* Returns a collection with all the domains, subdomains and virtual hosts that where * Returns a collection with all the domains, subdomains and virtual hosts that where
......
...@@ -68,7 +68,7 @@ import org.xmpp.packet.Packet; ...@@ -68,7 +68,7 @@ import org.xmpp.packet.Packet;
* *
* @author Gaston Dombiak * @author Gaston Dombiak
*/ */
public class LocalIncomingServerSession extends LocalSession implements IncomingServerSession { public class LocalIncomingServerSession extends LocalServerSession implements IncomingServerSession {
private static final Logger Log = LoggerFactory.getLogger(LocalIncomingServerSession.class); private static final Logger Log = LoggerFactory.getLogger(LocalIncomingServerSession.class);
...@@ -373,4 +373,8 @@ public class LocalIncomingServerSession extends LocalSession implements Incoming ...@@ -373,4 +373,8 @@ public class LocalIncomingServerSession extends LocalSession implements Incoming
return sb.toString(); return sb.toString();
} }
public void tlsAuth() {
usingServerDialback = false;
}
} }
...@@ -88,7 +88,7 @@ import com.jcraft.jzlib.ZInputStream; ...@@ -88,7 +88,7 @@ import com.jcraft.jzlib.ZInputStream;
* *
* @author Gaston Dombiak * @author Gaston Dombiak
*/ */
public class LocalOutgoingServerSession extends LocalSession implements OutgoingServerSession { public class LocalOutgoingServerSession extends LocalServerSession implements OutgoingServerSession {
private static final Logger Log = LoggerFactory.getLogger(LocalOutgoingServerSession.class); private static final Logger Log = LoggerFactory.getLogger(LocalOutgoingServerSession.class);
...@@ -100,10 +100,6 @@ public class LocalOutgoingServerSession extends LocalSession implements Outgoing ...@@ -100,10 +100,6 @@ public class LocalOutgoingServerSession extends LocalSession implements Outgoing
private Collection<String> authenticatedDomains = new HashSet<String>(); private Collection<String> authenticatedDomains = new HashSet<String>();
private final Collection<String> hostnames = new HashSet<String>(); private final Collection<String> hostnames = new HashSet<String>();
private OutgoingServerSocketReader socketReader; private OutgoingServerSocketReader socketReader;
/**
* Flag that indicates if the session was created using server-dialback.
*/
private boolean usingServerDialback = true;
/** /**
* Creates a new outgoing connection to the specified hostname if no one exists. The port of * Creates a new outgoing connection to the specified hostname if no one exists. The port of
...@@ -709,8 +705,4 @@ public class LocalOutgoingServerSession extends LocalSession implements Outgoing ...@@ -709,8 +705,4 @@ public class LocalOutgoingServerSession extends LocalSession implements Outgoing
// Nothing special to add // Nothing special to add
return null; return null;
} }
public boolean isUsingServerDialback() {
return usingServerDialback;
}
} }
/**
*
*/
package org.jivesoftware.openfire.session;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.xmpp.packet.Packet;
/**
* @author dwd
*
*/
public class LocalServerSession extends LocalSession implements ServerSession {
protected boolean usingServerDialback = true;
protected boolean outboundAllowed = false;
protected boolean inboundAllowed = false;
public LocalServerSession(String serverName, Connection connection,
StreamID streamID) {
super(serverName, connection, streamID);
}
/* (non-Javadoc)
* @see org.jivesoftware.openfire.session.LocalSession#canProcess(org.xmpp.packet.Packet)
*/
@Override
boolean canProcess(Packet packet) {
// TODO Auto-generated method stub
return false;
}
/* (non-Javadoc)
* @see org.jivesoftware.openfire.session.LocalSession#deliver(org.xmpp.packet.Packet)
*/
@Override
void deliver(Packet packet) throws UnauthorizedException {
// TODO Auto-generated method stub
}
/* (non-Javadoc)
* @see org.jivesoftware.openfire.session.LocalSession#getAvailableStreamFeatures()
*/
@Override
public String getAvailableStreamFeatures() {
// TODO Auto-generated method stub
return null;
}
public boolean isUsingServerDialback() {
return usingServerDialback;
}
}
...@@ -21,6 +21,8 @@ import java.util.Date; ...@@ -21,6 +21,8 @@ import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import javax.net.ssl.SSLSession;
import org.jivesoftware.openfire.Connection; import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.SessionManager; import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.StreamID; import org.jivesoftware.openfire.StreamID;
...@@ -28,6 +30,8 @@ import org.jivesoftware.openfire.XMPPServer; ...@@ -28,6 +30,8 @@ import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.auth.UnauthorizedException; import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.interceptor.InterceptorManager; import org.jivesoftware.openfire.interceptor.InterceptorManager;
import org.jivesoftware.openfire.interceptor.PacketRejectedException; import org.jivesoftware.openfire.interceptor.PacketRejectedException;
import org.jivesoftware.openfire.net.SocketConnection;
import org.jivesoftware.openfire.net.TLSStreamHandler;
import org.jivesoftware.openfire.spi.RoutingTableImpl; import org.jivesoftware.openfire.spi.RoutingTableImpl;
import org.jivesoftware.util.LocaleUtils; import org.jivesoftware.util.LocaleUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
...@@ -387,4 +391,22 @@ public abstract class LocalSession implements Session { ...@@ -387,4 +391,22 @@ public abstract class LocalSession implements Session {
public boolean isUsingSelfSignedCertificate() { public boolean isUsingSelfSignedCertificate() {
return conn.isUsingSelfSignedCertificate(); return conn.isUsingSelfSignedCertificate();
} }
/**
* Returns a String representing the Cipher Suite Name, or "NONE".
* @return String
*/
public String getCipherSuiteName() {
SocketConnection s = (SocketConnection)getConnection();
if (s != null) {
TLSStreamHandler t = s.getTLSStreamHandler();
if (t != null) {
SSLSession ssl = t.getSSLSession();
if (ssl != null) {
return ssl.getCipherSuite();
}
}
}
return "NONE";
}
} }
...@@ -36,8 +36,7 @@ import java.util.Collection; ...@@ -36,8 +36,7 @@ import java.util.Collection;
* *
* @author Gaston Dombiak * @author Gaston Dombiak
*/ */
public interface OutgoingServerSession extends Session { public interface OutgoingServerSession extends ServerSession {
/** /**
* Returns a collection with all the domains, subdomains and virtual hosts that where * Returns a collection with all the domains, subdomains and virtual hosts that where
* authenticated. The remote server will accept packets sent from any of these domains, * authenticated. The remote server will accept packets sent from any of these domains,
...@@ -84,11 +83,4 @@ public interface OutgoingServerSession extends Session { ...@@ -84,11 +83,4 @@ public interface OutgoingServerSession extends Session {
* @return True if the subdomain was authenticated by the remote server. * @return True if the subdomain was authenticated by the remote server.
*/ */
boolean authenticateSubdomain(String domain, String hostname); boolean authenticateSubdomain(String domain, String hostname);
/**
* Returns true if this outgoing session was established using server dialback.
*
* @return true if this outgoing session was established using server dialback.
*/
boolean isUsingServerDialback();
} }
package org.jivesoftware.openfire.session;
public interface ServerSession extends Session {
/**
* Returns true if this outgoing session was established using server dialback.
*
* @return true if this outgoing session was established using server dialback.
*/
boolean isUsingServerDialback();
}
...@@ -195,4 +195,11 @@ public interface Session extends RoutableChannelHandler { ...@@ -195,4 +195,11 @@ public interface Session extends RoutableChannelHandler {
* @return true if the socket remains valid, false otherwise. * @return true if the socket remains valid, false otherwise.
*/ */
public boolean validate(); public boolean validate();
/**
* Returns the TLS cipher suite name, if any.
* Always returns a valid string, though the string may be "NONE"
* @return cipher suite name.
*/
public String getCipherSuiteName();
} }
\ No newline at end of file
...@@ -123,9 +123,12 @@ ...@@ -123,9 +123,12 @@
<table cellpadding="3" cellspacing="1" border="0" width="100%"> <table cellpadding="3" cellspacing="1" border="0" width="100%">
<tr> <tr>
<th width="35%" colspan="2"><fmt:message key="server.session.details.streamid" /></th> <th width="35%" colspan="2"><fmt:message key="server.session.details.streamid" /></th>
<th width="10%"><fmt:message key="server.session.details.authentication"/></th>
<th width="10%"><fmt:message key="server.session.details.cipher"/></th>
<th width="20%"><fmt:message key="server.session.label.creation" /></th> <th width="20%"><fmt:message key="server.session.label.creation" /></th>
<th width="20%"><fmt:message key="server.session.label.last_active" /></th> <th width="20%"><fmt:message key="server.session.label.last_active" /></th>
<th width="25%" nowrap><fmt:message key="server.session.details.incoming_statistics" /></th> <th width="25%" nowrap><fmt:message key="server.session.details.incoming_statistics" /></th>
<th width="25%" nowrap><fmt:message key="server.session.details.outgoing_statistics" /></th>
</tr> </tr>
<tr> <tr>
<% if (inSession.isSecure()) { %> <% if (inSession.isSecure()) { %>
...@@ -151,9 +154,12 @@ ...@@ -151,9 +154,12 @@
boolean sameActiveDay = nowCal.get(Calendar.DAY_OF_YEAR) == lastActiveCal.get(Calendar.DAY_OF_YEAR) && nowCal.get(Calendar.YEAR) == lastActiveCal.get(Calendar.YEAR); boolean sameActiveDay = nowCal.get(Calendar.DAY_OF_YEAR) == lastActiveCal.get(Calendar.DAY_OF_YEAR) && nowCal.get(Calendar.YEAR) == lastActiveCal.get(Calendar.YEAR);
%> %>
<td><%= inSession.getStreamID()%></td> <td><%= inSession.getStreamID()%></td>
<td><% if (inSession.isUsingServerDialback()) { %><fmt:message key="server.session.details.dialback"/><% } else { %><fmt:message key="server.session.details.tlsauth"/><% } %></td>
<td><%= inSession.getCipherSuiteName() %></td>
<td align="center"><%= sameCreationDay ? JiveGlobals.formatTime(creationDate) : JiveGlobals.formatDateTime(creationDate) %></td> <td align="center"><%= sameCreationDay ? JiveGlobals.formatTime(creationDate) : JiveGlobals.formatDateTime(creationDate) %></td>
<td align="center"><%= sameActiveDay ? JiveGlobals.formatTime(lastActiveDate) : JiveGlobals.formatDateTime(lastActiveDate) %></td> <td align="center"><%= sameActiveDay ? JiveGlobals.formatTime(lastActiveDate) : JiveGlobals.formatDateTime(lastActiveDate) %></td>
<td align="center"><%= numFormatter.format(inSession.getNumClientPackets()) %></td> <td align="center"><%= numFormatter.format(inSession.getNumClientPackets()) %></td>
<td align="center"><%= numFormatter.format(inSession.getNumServerPackets()) %></td>
</tr> </tr>
</table> </table>
</div> </div>
...@@ -169,8 +175,11 @@ ...@@ -169,8 +175,11 @@
<table cellpadding="3" cellspacing="1" border="0" width="100%"> <table cellpadding="3" cellspacing="1" border="0" width="100%">
<tr> <tr>
<th width="35%" colspan="2"><fmt:message key="server.session.details.streamid" /></th> <th width="35%" colspan="2"><fmt:message key="server.session.details.streamid" /></th>
<th width="10%"><fmt:message key="server.session.details.authentication"/></th>
<th width="10%"><fmt:message key="server.session.details.cipher"/></th>
<th width="20%"><fmt:message key="server.session.label.creation" /></th> <th width="20%"><fmt:message key="server.session.label.creation" /></th>
<th width="20%"><fmt:message key="server.session.label.last_active" /></th> <th width="20%"><fmt:message key="server.session.label.last_active" /></th>
<th width="25%" nowrap><fmt:message key="server.session.details.incoming_statistics" /></th>
<th width="25%" nowrap><fmt:message key="server.session.details.outgoing_statistics" /></th> <th width="25%" nowrap><fmt:message key="server.session.details.outgoing_statistics" /></th>
</tr> </tr>
<tr> <tr>
...@@ -197,8 +206,11 @@ ...@@ -197,8 +206,11 @@
boolean sameActiveDay = nowCal.get(Calendar.DAY_OF_YEAR) == lastActiveCal.get(Calendar.DAY_OF_YEAR) && nowCal.get(Calendar.YEAR) == lastActiveCal.get(Calendar.YEAR); boolean sameActiveDay = nowCal.get(Calendar.DAY_OF_YEAR) == lastActiveCal.get(Calendar.DAY_OF_YEAR) && nowCal.get(Calendar.YEAR) == lastActiveCal.get(Calendar.YEAR);
%> %>
<td><%= outSession.getStreamID()%></td> <td><%= outSession.getStreamID()%></td>
<td><% if (outSession.isUsingServerDialback()) { %><fmt:message key="server.session.details.dialback"/><% } else { %><fmt:message key="server.session.details.tlsauth"/><% } %></td>
<td><%= outSession.getCipherSuiteName() %></td>
<td align="center"><%= sameCreationDay ? JiveGlobals.formatTime(creationDate) : JiveGlobals.formatDateTime(creationDate) %></td> <td align="center"><%= sameCreationDay ? JiveGlobals.formatTime(creationDate) : JiveGlobals.formatDateTime(creationDate) %></td>
<td align="center"><%= sameActiveDay ? JiveGlobals.formatTime(lastActiveDate) : JiveGlobals.formatDateTime(lastActiveDate) %></td> <td align="center"><%= sameActiveDay ? JiveGlobals.formatTime(lastActiveDate) : JiveGlobals.formatDateTime(lastActiveDate) %></td>
<td align="center"><%= numFormatter.format(outSession.getNumClientPackets()) %></td>
<td align="center"><%= numFormatter.format(outSession.getNumServerPackets()) %></td> <td align="center"><%= numFormatter.format(outSession.getNumServerPackets()) %></td>
</tr> </tr>
</table> </table>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment