Commit 950aa766 authored by Dave Cridland's avatar Dave Cridland

Merge pull request #398 from sco0ter/unused

Delete unused classes
parents 4d6a8055 cdd9ac28
/**
* $RCSfile$
* $Revision: $
* $Date: $
*
* Copyright (C) 2005-2008 Jive Software. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.openfire.net;
import org.jivesoftware.util.JiveGlobals;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
/**
* Thread pool to be used for processing incoming packets when using non-blocking
* connections.
*
* // TODO Change thead pool configuration. Would be nice to have something that can be
* // TODO dynamically adjusted to demand and circumstances.
*
* @author Daniele Piras
*/
class IOExecutor {
// SingleTon ...
protected static IOExecutor instance = new IOExecutor();
// Pool obj
protected ThreadPoolExecutor executeMsgPool;
// Internal queue for the pool
protected LinkedBlockingQueue<Runnable> executeQueue;
/*
* Simple constructor that initialize the main executor structure.
*
*/
protected IOExecutor() {
// Read poolsize parameter...
int poolSize = JiveGlobals.getIntProperty("tiscali.pool.size", 15);
// Create queue for executor
executeQueue = new LinkedBlockingQueue<>(10000);
// Create executor
executeMsgPool =
new ThreadPoolExecutor(poolSize, poolSize, 60, TimeUnit.SECONDS, executeQueue);
}
public static void execute(Runnable task) {
instance.executeMsgPool.execute(task);
}
}
package org.jivesoftware.openfire.net;
import org.jivesoftware.openfire.keystore.IdentityStoreConfig;
import org.jivesoftware.openfire.keystore.Purpose;
import org.jivesoftware.openfire.keystore.TrustStoreConfig;
import org.jivesoftware.util.CertificateEventListener;
import org.jivesoftware.util.CertificateManager;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.*;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.*;
import java.security.cert.X509Certificate;
import java.util.List;
/**
* A factory object for creating server sockets based on Openfire's SSL configuration.
*
* This implementation distinguishes between server sockets created for server-to-server ('s2s') and for
* client-to-server ('c2s') communication. The primary difference between the two is the set of key and trust stores
* that are used.
*
* @author Guus der Kinderen, guus.der.kinderen@gmail.com
*/
// TODO: This code was split off from SSLConfig, but does not appear to be used! Remove?
public class SSLConfigSocketFactory
{
private static final Logger Log = LoggerFactory.getLogger( SSLConfigSocketFactory.class );
/**
* The factory used for server-to-server connections.
*/
private static SSLServerSocketFactory s2sFactory;
/**
* The factory used for client-to-server connections.
*/
private static SSLServerSocketFactory c2sFactory;
static
{
// Initial instantiation
resetFactory();
// Reset SSL factory when certificates are modified
CertificateManager.addListener( new CertificateEventListener()
{
// Reset SSL factory since key stores have changed
@Override
public void certificateCreated( KeyStore keyStore, String alias, X509Certificate cert )
{
resetFactory();
}
@Override
public void certificateDeleted( KeyStore keyStore, String alias )
{
resetFactory();
}
@Override
public void certificateSigned( KeyStore keyStore, String alias, List<X509Certificate> certificates )
{
resetFactory();
}
} );
}
private static void resetFactory()
{
Log.debug( "(Re)setting the SSL-based socket factories." );
try
{
final KeyStore s2sTrustStore = SSLConfig.getStore( Purpose.SOCKETBASED_S2S_TRUSTSTORE );
final KeyStore c2sTrustStore = SSLConfig.getStore( Purpose.SOCKETBASED_C2S_TRUSTSTORE );
s2sFactory = createS2SServerSocketFactory();
if ( s2sTrustStore == c2sTrustStore )
{
c2sFactory = s2sFactory;
}
else
{
c2sFactory = createC2SServerSocketFactory();
}
}
catch ( Exception e )
{
Log.error( "An exception occurred while (re)setting the SSL-based socket factories. Factories will be unavailable.", e );
s2sFactory = null;
c2sFactory = null;
}
}
static SSLServerSocketFactory createC2SServerSocketFactory() throws NoSuchAlgorithmException, KeyManagementException
{
final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
final TrustStoreConfig trustStoreConfig = (TrustStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_C2S_TRUSTSTORE );
final String algorithm = JiveGlobals.getProperty( "xmpp.socket.ssl.algorithm", "TLS" );
final SSLContext context = SSLContext.getInstance( algorithm );
context.init( identityStoreConfig.getKeyManagers(), trustStoreConfig.getTrustManagers(), new java.security.SecureRandom() );
return context.getServerSocketFactory();
}
static SSLServerSocketFactory createS2SServerSocketFactory() throws NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException, KeyStoreException, IOException
{
final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
final TrustStoreConfig trustStoreConfig = (TrustStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_S2S_TRUSTSTORE );
final String algorithm = JiveGlobals.getProperty( "xmpp.socket.ssl.algorithm", "TLS" );
final SSLContext context = SSLContext.getInstance( algorithm );
context.init( identityStoreConfig.getKeyManagers(), trustStoreConfig.getTrustManagers(), new java.security.SecureRandom() );
return context.getServerSocketFactory();
}
/**
* Create a ServerSocket for server-to-server connections. This method will throw an IOException if it fails to
* create a socket.
*
* @return the ServerSocket for a server-to-server connection (never null).
* @throws IOException Failed to create a socket.
*/
public static ServerSocket createS2SServerSocket( int port, InetAddress ifAddress ) throws IOException
{
if ( s2sFactory == null )
{
throw new IOException( "S2S server socket factory has not been initialized successfully." );
}
return s2sFactory.createServerSocket( port, -1, ifAddress );
}
/**
* Create a ServerSocket for client-to-server connections. This method will throw an IOException if it fails to
* create a socket.
*
* @return the ServerSocket for a client-to-server connection (never null).
* @throws IOException Failed to create a socket.
*/
public static ServerSocket createC2SServerSocket( int port, InetAddress ifAddress ) throws IOException
{
if ( c2sFactory == null )
{
throw new IOException( "C2S server socket factory has not been initialized successfully." );
}
return c2sFactory.createServerSocket( port, -1, ifAddress );
}
/**
* Get the SSLServerSocketFactory for server-to-server connections. When the factory has not been initialized
* successfully, this method returns null.
*
* @return the SSLServerSocketFactory for server-to-server connections (possibly null).
*/
public static SSLServerSocketFactory getS2SServerSocketFactory()
{
return s2sFactory;
}
/**
* Get the SSLServerSocketFactory for client-to-server connections. When the factory has not been initialized
* successfully, this method returns null.
*
* @return the SSLServerSocketFactory for client-to-server connections (possibly null).
*/
public static SSLServerSocketFactory getC2SServerSocketFactory()
{
return c2sFactory;
}
/**
* Returns an array of cipher suite names that are enabled by default for server-to-server communication. When no
* cipher suite names cannot be determined (ie: when the socket factory has not been initialized) this method
* returns an empty array.
*
* @return array of cipher suites names, possibly empty, but never null.
* @see SSLServerSocketFactory#getDefaultCipherSuites()
*/
public static String[] getS2SDefaultCipherSuites()
{
if ( s2sFactory == null )
{
return new String[ 0 ];
}
return s2sFactory.getDefaultCipherSuites();
}
/**
* Returns an array of cipher suite names that are available (but not necessarily enabled) for server-to-server
* communication. When cipher suite names cannot be determined (ie: when the socket factory has not been
* initialized) this method returns an empty array.
*
* @return array of cipher suites names, possibly empty, but never null.
* @see SSLServerSocketFactory#getSupportedCipherSuites()
*/
public static String[] getS2SSupportedCipherSuites()
{
if ( s2sFactory == null )
{
return new String[ 0 ];
}
return s2sFactory.getSupportedCipherSuites();
}
/**
* Returns an array of cipher suite names that are enabled by default for client-to-server communication. When
* cipher suite names cannot be determined (ie: when the socket factory has not been initialized) this method
* returns an empty array.
*
* @return array of cipher suites names, possibly empty, but never null.
* @see SSLServerSocketFactory#getDefaultCipherSuites()
*/
public static String[] getC2SDefaultCipherSuites()
{
if ( c2sFactory == null )
{
return new String[ 0 ];
}
return c2sFactory.getDefaultCipherSuites();
}
/**
* Returns an array of cipher suite names that are available (but not necessarily enabled) for client-to-server
* communication. When cipher suite names cannot be determined (ie: when the socket factory has not been
* initialized) this method returns an empty array.
*
* @return array of cipher suites names, possibly empty, but never null.
* @see SSLServerSocketFactory#getSupportedCipherSuites()
*/
public static String[] getC2SSupportedCipherSuites()
{
if ( c2sFactory == null )
{
return new String[ 0 ];
}
return c2sFactory.getSupportedCipherSuites();
}
}
/**
* $RCSfile$
* $Revision: 128 $
* $Date: 2004-10-25 20:42:00 -0300 (Mon, 25 Oct 2004) $
*
* Copyright (C) 2004-2008 Jive Software. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.openfire.net;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import org.jivesoftware.util.LocaleUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.X509TrustManager;
/**
* Trust manager which accepts certificates without any validation
* except date validation.
* <p>
* A skeleton placeholder for developers wishing to implement their own custom
* trust manager. In future revisions we may expand the skeleton code if customers
* request assistance in creating custom trust managers.</p>
* <p>
* You only need a trust manager if your server will require clients
* to authenticated with the server (typically only the server authenticates
* with the client).</p>
*
* @author Iain Shigeoka
*/
public class SSLJiveTrustManager implements X509TrustManager {
private static final Logger Log = LoggerFactory.getLogger(SSLJiveTrustManager.class);
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
public boolean isClientTrusted(X509Certificate[] x509Certificates) {
return true;
}
public boolean isServerTrusted(X509Certificate[] x509Certificates) {
boolean trusted = true;
try {
x509Certificates[0].checkValidity();
}
catch (CertificateExpiredException | CertificateNotYetValidException e) {
Log.error(LocaleUtils.getLocalizedString("admin.error"), e);
trusted = false;
}
return trusted;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
/**
* $RCSfile$
* $Revision: $
* $Date: $
*
* Copyright (C) 2005-2008 Jive Software. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.openfire.net;
import java.io.IOException;
import java.nio.channels.SelectionKey;
/**
* @author Daniele Piras
*/
interface SelectorAction
{
public abstract void read( SelectionKey key ) throws IOException;
public abstract void connect( SelectionKey key ) throws IOException;
}
/**
* $Revision: $
* $Date: $
*
* Copyright (C) 2005-2008 Jive Software. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.openfire.net;
import org.dom4j.Element;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.PacketRouter;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.session.ConnectionSettings;
import org.jivesoftware.openfire.session.LocalIncomingServerSession;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmpp.packet.IQ;
import org.xmpp.packet.Message;
import org.xmpp.packet.Packet;
import org.xmpp.packet.Presence;
import org.xmpp.packet.StreamError;
/**
* Handler of XML stanzas sent by remote servers. Remote servers that send stanzas
* with no TO or FROM will get their connections closed. Moreover, remote servers
* that try to send stanzas from a not validated domain will also get their connections
* closed.<p>
*
* Server-to-server communication requires two TCP connections between the servers where
* one is used for sending packets whilst the other connection is used for receiving packets.
* The connection used for receiving packets will use a ServerStanzaHandler since the other
* connection will not receive packets.<p>
*
* TODO Finish migration of s2s to use NIO instead of blocking threads. Migrate from ServerSocketReader.
*
* @author Gaston Dombiak
*/
public class ServerStanzaHandler extends StanzaHandler {
private static final Logger Log = LoggerFactory.getLogger(ServerStanzaHandler.class);
public ServerStanzaHandler(PacketRouter router, String serverName, Connection connection) {
super(router, serverName, connection);
}
@Override
boolean processUnknowPacket(Element doc) throws UnauthorizedException {
// Handle subsequent db:result packets
if ("db".equals(doc.getNamespacePrefix()) && "result".equals(doc.getName())) {
if (!((LocalIncomingServerSession) session).validateSubsequentDomain(doc)) {
throw new UnauthorizedException("Failed to validate domain when using piggyback.");
}
return true;
}
else if ("db".equals(doc.getNamespacePrefix()) && "verify".equals(doc.getName())) {
// The Receiving Server is reusing an existing connection for sending the
// Authoritative Server a request for verification of a key
((LocalIncomingServerSession) session).verifyReceivedKey(doc);
return true;
}
return false;
}
@Override
String getNamespace() {
return "jabber:server";
}
@Override
boolean validateHost() {
return true;
}
@Override
boolean validateJIDs() {
// TODO Should we trust other servers???
return false;
}
@Override
boolean createSession(String namespace, String serverName, XmlPullParser xpp, Connection connection)
throws XmlPullParserException {
// TODO Finish implementation
/*if ("jabber:server".equals(namespace)) {
// The connected client is a server so create an IncomingServerSession
session = LocalIncomingServerSession.createSession(serverName, reader, connection);
return true;
}*/
return false;
}
@Override
void startTLS() throws Exception {
// TODO Finish implementation. We need to get the name of the remote server if we want to validate certificates of the remote server that requested TLS
boolean needed = JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_CERTIFICATE_VERIFY, true) &&
JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_CERTIFICATE_CHAIN_VERIFY, true) &&
!JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_ACCEPT_SELFSIGNED_CERTS, false);
connection.startTLS(false, "IMPLEMENT_ME", needed ? Connection.ClientAuth.needed : Connection.ClientAuth.wanted);
}
@Override
protected void processIQ(IQ packet) throws UnauthorizedException {
packetReceived(packet);
// Actually process the packet
super.processIQ(packet);
}
@Override
protected void processPresence(Presence packet) throws UnauthorizedException {
packetReceived(packet);
// Actually process the packet
super.processPresence(packet);
}
@Override
protected void processMessage(Message packet) throws UnauthorizedException {
packetReceived(packet);
// Actually process the packet
super.processMessage(packet);
}
/**
* Make sure that the received packet has a TO and FROM values defined and that it was sent
* from a previously validated domain. If the packet does not matches any of the above
* conditions then a PacketRejectedException will be thrown.
*
* @param packet the received packet.
* @throws UnauthorizedException if the packet does not include a TO or FROM or if the packet
* was sent from a domain that was not previously validated.
*/
private void packetReceived(Packet packet) throws UnauthorizedException {
if (packet.getTo() == null || packet.getFrom() == null) {
Log.debug("ServerStanzaHandler: Closing IncomingServerSession due to packet with no TO or FROM: " +
packet.toXML());
// Send a stream error saying that the packet includes no TO or FROM
StreamError error = new StreamError(StreamError.Condition.improper_addressing);
connection.deliverRawText(error.toXML());
throw new UnauthorizedException("Packet with no TO or FROM attributes");
}
else if (!((LocalIncomingServerSession) session).isValidDomain(packet.getFrom().getDomain())) {
Log.debug("ServerStanzaHandler: Closing IncomingServerSession due to packet with invalid domain: " +
packet.toXML());
// Send a stream error saying that the packet includes an invalid FROM
StreamError error = new StreamError(StreamError.Condition.invalid_from);
connection.deliverRawText(error.toXML());
throw new UnauthorizedException("Packet with no TO or FROM attributes");
}
}
}
/**
* $RCSfile$
* $Revision: 3144 $
* $Date: 2005-12-01 14:20:11 -0300 (Thu, 01 Dec 2005) $
*
* Copyright (C) 2004-2008 Jive Software. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.util;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.concurrent.Callable;
/**
* Callable which will read from an input stream and write to an output stream.
*
* @author Alexander Wenckus
*/
public class InputOutputStreamWrapper implements Callable {
private static final int DEFAULT_BUFFER_SIZE = 8000;
private long amountWritten = 0;
private int bufferSize;
private InputStream in;
private OutputStream out;
public InputOutputStreamWrapper(InputStream in, OutputStream out, int bufferSize) {
if(bufferSize <= 0) {
bufferSize = DEFAULT_BUFFER_SIZE;
}
this.bufferSize = bufferSize;
this.in = in;
this.out = out;
}
public InputOutputStreamWrapper(InputStream in, OutputStream out) {
this(in, out, DEFAULT_BUFFER_SIZE);
}
@Override
public Object call() throws Exception {
final byte[] b = new byte[bufferSize];
int count = 0;
amountWritten = 0;
do {
// write to the output stream
out.write(b, 0, count);
amountWritten += count;
// read more bytes from the input stream
count = in.read(b);
} while (count >= 0);
return amountWritten;
}
public long getAmountWritten() {
return amountWritten;
}
}
/**
* $RCSfile$
* $Revision: 3144 $
* $Date: 2005-12-01 14:20:11 -0300 (Thu, 01 Dec 2005) $
*
* Copyright (C) 2004-2008 Jive Software. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.util;
/**
* A generic exception for when errors occur in the system.
*/
public class InternalServerErrorException extends RuntimeException {
public InternalServerErrorException(String s, Exception e) {
super(s, e);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment