Commit abb9013e authored by Guus der Kinderen's avatar Guus der Kinderen

OF-892: Different mutual authentication requirements for different types of connections.

parent ca2d61ef
...@@ -88,6 +88,8 @@ public final class HttpBindManager { ...@@ -88,6 +88,8 @@ public final class HttpBindManager {
public static final String HTTP_BIND_THREADS = "httpbind.client.processing.threads"; public static final String HTTP_BIND_THREADS = "httpbind.client.processing.threads";
public static final String HTTP_BIND_AUTH_PER_CLIENTCERT_POLICY = "httpbind.client.cert.policy";
public static final int HTTP_BIND_THREADS_DEFAULT = 8; public static final int HTTP_BIND_THREADS_DEFAULT = 8;
private static final String HTTP_BIND_FORWARDED = "httpbind.forwarded.enabled"; private static final String HTTP_BIND_FORWARDED = "httpbind.forwarded.enabled";
...@@ -258,7 +260,7 @@ public final class HttpBindManager { ...@@ -258,7 +260,7 @@ public final class HttpBindManager {
sslContextFactory.setKeyStoreType(SSLConfig.getStoreType()); sslContextFactory.setKeyStoreType(SSLConfig.getStoreType());
// Set policy for checking client certificates // Set policy for checking client certificates
String certPol = JiveGlobals.getProperty("xmpp.client.cert.policy", "disabled"); String certPol = JiveGlobals.getProperty(HTTP_BIND_AUTH_PER_CLIENTCERT_POLICY, "disabled");
if(certPol.equals("needed")) { if(certPol.equals("needed")) {
sslContextFactory.setNeedClientAuth(true); sslContextFactory.setNeedClientAuth(true);
sslContextFactory.setWantClientAuth(true); sslContextFactory.setWantClientAuth(true);
......
...@@ -23,6 +23,7 @@ import org.dom4j.Element; ...@@ -23,6 +23,7 @@ import org.dom4j.Element;
import org.jivesoftware.openfire.Connection; import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.PacketRouter; import org.jivesoftware.openfire.PacketRouter;
import org.jivesoftware.openfire.auth.UnauthorizedException; import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.session.ConnectionSettings;
import org.jivesoftware.openfire.session.LocalClientSession; import org.jivesoftware.openfire.session.LocalClientSession;
import org.jivesoftware.util.JiveGlobals; import org.jivesoftware.util.JiveGlobals;
import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParser;
...@@ -111,7 +112,7 @@ public class ClientStanzaHandler extends StanzaHandler { ...@@ -111,7 +112,7 @@ public class ClientStanzaHandler extends StanzaHandler {
void startTLS() throws Exception { void startTLS() throws Exception {
Connection.ClientAuth policy; Connection.ClientAuth policy;
try { try {
policy = Connection.ClientAuth.valueOf(JiveGlobals.getProperty("xmpp.client.cert.policy", "disabled")); policy = Connection.ClientAuth.valueOf(JiveGlobals.getProperty(ConnectionSettings.Client.AUTH_PER_CLIENTCERT_POLICY, "disabled"));
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
policy = Connection.ClientAuth.disabled; policy = Connection.ClientAuth.disabled;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment