Merge pull request #98 from deleolajide/master

OF-847: Bouncycastle 1.51 for JitsiVideobridge

Merge pull request #98 from deleolajide/master
OF-847: Bouncycastle 1.51 for JitsiVideobridge
d551da38 · Dave Cridland · e4a50974 · 190398ab · d551da38 · d551da38
Commit d551da38 authored Nov 06, 2014 by Dave Cridland
12 changed files
--- a/build/lib/dist/bcpg-jdk15on.jar
+++ b/build/lib/dist/bcpg-jdk15on.jar
--- a/build/lib/dist/bcpkix-jdk15on.jar
+++ b/build/lib/dist/bcpkix-jdk15on.jar
--- a/build/lib/dist/bcprov-jdk15on.jar
+++ b/build/lib/dist/bcprov-jdk15on.jar
--- a/build/lib/versions.txt
+++ b/build/lib/versions.txt
@@ -3,9 +3,9 @@ Name                                |  Version
 ant.jar                             | Jetty 6.1.0 (1.6.5)                                          | Apache 2.0
 ant-contrib.jar                     | 1.0b1                                                        | Apache 2.0
 ant-subdirtask.jar                  | Revision 1.4 (CVS)                                           |
-bcpg-jdk15on.jar                    | 1.50                                                         | See http://www.bouncycastle.org/licence.html
+bcpg-jdk15on.jar                    | 1.51                                                         | See http://www.bouncycastle.org/licence.html
-bcpkix-jdk15on.jar                  | 1.50                                                         | See http://www.bouncycastle.org/licence.html
+bcpkix-jdk15on.jar                  | 1.51                                                         | See http://www.bouncycastle.org/licence.html
-bcprov-jdk15on.jar                  | 1.50                                                         | See http://www.bouncycastle.org/licence.html
+bcprov-jdk15on.jar                  | 1.51                                                         | See http://www.bouncycastle.org/licence.html
 cglib.jar                           | 2.1.3 (JMock 2.1.0)                                          |
 commons-lang.jar                    | 2.3                                                          | Apache 2.0
 commons-logging.jar                 | Jetty 5.1.10                                                 | Apache 2.0

--- a/src/java/org/jivesoftware/openfire/net/OCSPChecker.java
+++ b/src/java/org/jivesoftware/openfire/net/OCSPChecker.java
@@ -32,6 +32,7 @@ import java.security.cert.PKIXParameters;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Iterator;
@@ -40,21 +41,25 @@ import java.util.Set;
 import javax.security.auth.x500.X500Principal;
-import org.bouncycastle.ocsp.BasicOCSPResp;
+import org.bouncycastle.cert.ocsp.BasicOCSPResp;
-import org.bouncycastle.ocsp.CertificateID;
+import org.bouncycastle.cert.ocsp.CertificateID;
-import org.bouncycastle.ocsp.CertificateStatus;
+import org.bouncycastle.cert.ocsp.CertificateStatus;
-import org.bouncycastle.ocsp.OCSPReq;
+import org.bouncycastle.cert.ocsp.OCSPReq;
-import org.bouncycastle.ocsp.OCSPReqGenerator;
+import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
-import org.bouncycastle.ocsp.OCSPResp;
+import org.bouncycastle.cert.ocsp.OCSPResp;
-import org.bouncycastle.ocsp.SingleResp;
+import org.bouncycastle.cert.ocsp.SingleResp;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
 import org.jivesoftware.util.JiveGlobals;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 /**
- * A <code>PKIXCertPathChecker</code> that uses 
+ * A <code>PKIXCertPathChecker</code> that uses
- * Online Certificate Status Protocol (OCSP) 
+ * Online Certificate Status Protocol (OCSP)
- * 
+ *
 * See <a href="http://www.ietf.org/rfc/rfc2560.txt">RFC 2560</a>.
 *
 * @author Jay Kline
@@ -185,7 +190,7 @@ public class OCSPChecker extends PKIXCertPathChecker {
                        }
                    }
                }
                if (issuerCert == null) {
                    //No trust anchor was found matching the issuer
                    throw new CertPathValidatorException("No trusted certificate for " + currCert.getIssuerDN());
@@ -194,11 +199,11 @@ public class OCSPChecker extends PKIXCertPathChecker {
                // Check cert stores if responder cert has not yet been found
                if (!haveResponderCert) {
                    Log.debug("OCSPChecker: Searching cert stores for responder's certificate");
                    if (responderSubjectName != null) {
                        X509CertSelector filter = new X509CertSelector();
                        filter.setSubject(responderSubjectName.getName());
                        List<CertStore> certStores = pkixParams.getCertStores();
                        for (CertStore certStore : certStores) {
                            Iterator i = certStore.getCertificates(filter).iterator();
@@ -218,11 +223,11 @@ public class OCSPChecker extends PKIXCertPathChecker {
            }
            // Construct an OCSP Request
-            OCSPReqGenerator gen = new OCSPReqGenerator();
+            OCSPReqBuilder gen = new OCSPReqBuilder();
-            CertificateID certID = new CertificateID(CertificateID.HASH_SHA1, issuerCert, currCert.getSerialNumber());
+            CertificateID certID = new CertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), new X509CertificateHolder(issuerCert.getEncoded()), currCert.getSerialNumber());
            gen.addRequest(certID);
-            OCSPReq ocspRequest = gen.generate();
+            OCSPReq ocspRequest = gen.build();
            URL url;
@@ -261,10 +266,10 @@ public class OCSPChecker extends PKIXCertPathChecker {
            BigInteger serialNumber = currCert.getSerialNumber();
            BasicOCSPResp brep = (BasicOCSPResp) ocspResponse.getResponseObject();
            try {
-                if( ! brep.verify(responderCert.getPublicKey(),"BC")) {
+                if( ! brep.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(responderCert.getPublicKey()))) {
                    throw new CertPathValidatorException("OCSP response is not verified");
                }
-            } catch (NoSuchProviderException e) {
+            } catch (Exception e) {
                throw new CertPathValidatorException("OCSP response could not be verified ("+e.getMessage()+")" ,null, cp, certIndex);
            }
            SingleResp[] singleResp = brep.getResponses();
@@ -278,11 +283,11 @@ public class OCSPChecker extends PKIXCertPathChecker {
                                serialNumber.toString() + ") is: good");
                        foundResponse = true;
                        break;
-                    } else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
+                    } else if (status instanceof org.bouncycastle.cert.ocsp.RevokedStatus) {
                        Log.debug("OCSPChecker: Status of certificate (with serial number " +
                                serialNumber.toString() + ") is: revoked");
                        throw new CertPathValidatorException("Certificate has been revoked", null, cp, certIndex);
-                    } else if (status instanceof org.bouncycastle.ocsp.UnknownStatus) {
+                    } else if (status instanceof org.bouncycastle.cert.ocsp.UnknownStatus) {
                        Log.debug("OCSPChecker: Status of certificate (with serial number " +
                                serialNumber.toString() + ") is: unknown");
                        throw new CertPathValidatorException("Certificate's revocation status is unknown", null, cp, certIndex);

--- a/src/java/org/jivesoftware/util/CertificateManager.java
+++ b/src/java/org/jivesoftware/util/CertificateManager.java
@@ -72,6 +72,7 @@ import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.ASN1Sequence;
@@ -386,7 +387,7 @@ public class CertificateManager {
                        ASN1Sequence otherNameSeq = (ASN1Sequence) decoder.readObject();
                        // Check the object identifier
-                        DERObjectIdentifier objectId = (DERObjectIdentifier) otherNameSeq.getObjectAt(0);
+                        ASN1ObjectIdentifier objectId = (ASN1ObjectIdentifier) otherNameSeq.getObjectAt(0);
                    	Log.debug("Parsing otherName for subject alternative names: " + objectId.toString() );
                        if ( !OTHERNAME_XMPP_OID.equals(objectId.getId())) {

--- a/src/plugins/jitsivideobridge/changelog.html
+++ b/src/plugins/jitsivideobridge/changelog.html
@@ -43,6 +43,12 @@
 Jitsi Video Bridge Plugin Changelog
 </h1>
+<p><b>1.3.2</b> -- Oct 30th, 2014</p>
+<ul>
+     <li>Added support for clustering</li>
+</ul>
 <p><b>1.3.1</b> -- May 10th, 2014</p>
 <ul>

--- a/src/plugins/jitsivideobridge/plugin.xml
+++ b/src/plugins/jitsivideobridge/plugin.xml
@@ -4,9 +4,9 @@
    <class>org.jitsi.videobridge.openfire.PluginImpl</class>
    <description>Integrates Jitsi Video Bridge into Openfire.</description>
    <licenseType>LGPL</licenseType>
-    <minServerVersion>3.9.2</minServerVersion>
+    <minServerVersion>3.10.0</minServerVersion>
    <name>Jitsi Video Bridge</name>
-    <version>1.3.1</version>
+    <version>1.3.2</version>
   <adminconsole>
        <tab id="tab-server">

--- a/src/plugins/jitsivideobridge/src/WEB-INF/classes/org/jitsi/videobridge/openfire/Config.class
+++ b/src/plugins/jitsivideobridge/src/WEB-INF/classes/org/jitsi/videobridge/openfire/Config.class
--- a/src/plugins/jitsivideobridge/src/java/org/jitsi/videobridge/openfire/Config.java
+++ b/src/plugins/jitsivideobridge/src/java/org/jitsi/videobridge/openfire/Config.java
@@ -45,7 +45,7 @@ public class Config extends HttpServlet
 			ServletOutputStream out = response.getOutputStream();
 			String iceServers = JiveGlobals.getProperty("org.jitsi.videobridge.ofmeet.iceservers", "");
-			String resolution = JiveGlobals.getProperty("org.jitsi.videobridge.ofmeet.resolution", "720");
+			String resolution = JiveGlobals.getProperty("org.jitsi.videobridge.ofmeet.resolution", "360");
 			String audioBandwidth = JiveGlobals.getProperty("org.jitsi.videobridge.ofmeet.audio.bandwidth", "64");
 			String videoBandwidth = JiveGlobals.getProperty("org.jitsi.videobridge.ofmeet.video.bandwidth", "512");
 			String useNicks = JiveGlobals.getProperty("org.jitsi.videobridge.ofmeet.usenicks", "false");

--- a/src/plugins/jitsivideobridge/src/java/org/jitsi/videobridge/openfire/PluginImpl.java
+++ b/src/plugins/jitsivideobridge/src/java/org/jitsi/videobridge/openfire/PluginImpl.java
@@ -24,6 +24,8 @@ import org.jivesoftware.openfire.container.*;
 import org.jivesoftware.openfire.muc.*;
 import org.jivesoftware.util.*;
 import org.jivesoftware.openfire.http.HttpBindManager;
+import org.jivesoftware.openfire.cluster.ClusterEventListener;
+import org.jivesoftware.openfire.cluster.ClusterManager;
 import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.openfire.handler.IQHandler;
 import org.jivesoftware.openfire.IQHandlerInfo;
@@ -83,7 +85,7 @@ import org.ifsoft.rtp.*;
 * @author Lyubomir Marinov
 * @author Damian Minkov
 */
-public class PluginImpl  implements Plugin, PropertyEventListener
+public class PluginImpl  implements Plugin, PropertyEventListener, ClusterEventListener
 {
 	private static ConcurrentHashMap<String, FocusAgent> sessions;
    /**
@@ -216,9 +218,50 @@ public class PluginImpl  implements Plugin, PropertyEventListener
     */
    private ExecutorService executorService;
+    private File pluginDirectory;
+    /**
+     * Initializes this <tt>Plugin</tt>.
+     *
+     * @param manager the <tt>PluginManager</tt> which loads and manages this
+     * <tt>Plugin</tt>
+     * @param pluginDirectory the directory into which this <tt>Plugin</tt> is
+     * located
+     * @see Plugin#initializePlugin(PluginManager, File)
+     */
+    public void initializePlugin(PluginManager manager, File pluginDirectory)
+    {
+		this.pluginDirectory = pluginDirectory;
+		boolean nodejs = XMPPServer.getInstance().getPluginManager().getPlugin("nodejs") != null;
+		if (nodejs)
+		{
+			Log.info("Jitsi Videobridge - Found NodeJs Plugin. Starting Etherpad");
+			JiveGlobals.setProperty("js.jitsivideobridge.etherpad.path", pluginDirectory.getAbsolutePath() + File.separator + "apps" + File.separator + "ofmeet");
+			JiveGlobals.setProperty("js.jitsivideobridge.etherpad", "node_modules/ep_etherpad-lite/node/server.js");
+		}
+		startComponent();
+        ClusterManager.addListener(this);
+	}
    public void destroyPlugin()
    {
+		Log.info("Jitsi Videobridge - destroyPlugin");
+		stopComponent();
+        ClusterManager.removeListener(this);
+;
+	}
+    public void stopComponent()
+    {
+		Log.info("Jitsi Videobridge - stopComponent");
        PropertyEventDispatcher.removeListener(this);
        executorService.shutdown();
@@ -241,17 +284,10 @@ public class PluginImpl  implements Plugin, PropertyEventListener
 		destroyIQHandlers();
    }
-    /**
+    public void startComponent()
-     * Initializes this <tt>Plugin</tt>.
-     *
-     * @param manager the <tt>PluginManager</tt> which loads and manages this
-     * <tt>Plugin</tt>
-     * @param pluginDirectory the directory into which this <tt>Plugin</tt> is
-     * located
-     * @see Plugin#initializePlugin(PluginManager, File)
-     */
-    public void initializePlugin(final PluginManager manager, final File pluginDirectory)
    {
+		Log.info("Jitsi Videobridge - startComponent");
        PropertyEventDispatcher.addListener(this);
 		System.setProperty("net.java.sip.communicator.SC_HOME_DIR_LOCATION", pluginDirectory.getPath());
@@ -352,22 +388,46 @@ public class PluginImpl  implements Plugin, PropertyEventListener
 				{
 					ce.printStackTrace(System.err);
 				}
-				boolean nodejs = XMPPServer.getInstance().getPluginManager().getPlugin("nodejs") != null;
-				if (nodejs)
-				{
-					Log.info("Found NodeJs Plugin. Starting Etherpad");
-					JiveGlobals.setProperty("js.jitsivideobridge.etherpad.path", pluginDirectory.getAbsolutePath() + File.separator + "apps" + File.separator + "ofmeet");
-					JiveGlobals.setProperty("js.jitsivideobridge.etherpad", "node_modules/ep_etherpad-lite/node/server.js");
-				}
 			}
 		});
    }
-    /**
+	@Override
+	public void joinedCluster()
+	{
+		Log.info("Jitsi Videobridge - joinedCluster");
+		stopComponent();
+	}
+	@Override
+	public void joinedCluster(byte[] arg0)
+	{
+	}
+	@Override
+	public void leftCluster()
+	{
+		Log.info("Jitsi Videobridge - leftCluster");
+		startComponent();
+	}
+	@Override
+	public void leftCluster(byte[] arg0)
+	{
+	}
+	@Override
+	public void markedAsSeniorClusterMember()
+	{
+		Log.info("Jitsi Videobridge - markedAsSeniorClusterMember");
+		startComponent();
+	}
+    /**
     */
    private static final SecurityHandler basicAuth(String username, String password, String realm) {

--- a/src/plugins/jitsivideobridge/src/web/jitsi-videobridge.jsp
+++ b/src/plugins/jitsivideobridge/src/web/jitsi-videobridge.jsp
@@ -174,7 +174,7 @@
 		    <fmt:message key="config.page.configuration.ofmeet.resolution"/>
 		</td>
 		<td><input type="text" size="10" maxlength="100" name="resolution"
-			   value="<%= JiveGlobals.getProperty("org.jitsi.videobridge.ofmeet.resolution", "720") %>">
+			   value="<%= JiveGlobals.getProperty("org.jitsi.videobridge.ofmeet.resolution", "360") %>">
 		</td>
 	    </tr>
 	    <tr>