Merge pull request #4 from guusdk/WHACK-21_TLS-support

WHACK-21: Add encryption option
igniterealtime · Nov 29, 2016 · 80297dc · 80297dc
2 parents 5b0c28c + c3ddc1a
commit 80297dc
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 7 deletions.
diff --git a/sample/weather/source/java/org/jivesoftware/weather/ExternalWeatherComponent.java b/sample/weather/source/java/org/jivesoftware/weather/ExternalWeatherComponent.java
@@ -15,7 +15,7 @@ public class ExternalWeatherComponent {
     public static void main(String[] args) {
         // Create a manager for the external components that will connect to the server "localhost"
         // at the port 5225
-        final ExternalComponentManager manager = new ExternalComponentManager("localhost", 5275);
+        final ExternalComponentManager manager = new ExternalComponentManager("localhost", 5275, false);
         // Set the secret key for this component. The server must be using the same secret key
         // otherwise the component won't be able to authenticate with the server. Check that the
         // server has the property "component.external.secretKey" defined and that it is using the

diff --git a/sample/weatherabstract/source/java/org/jivesoftware/weather/ExternalWeatherComponent.java b/sample/weatherabstract/source/java/org/jivesoftware/weather/ExternalWeatherComponent.java
@@ -3,6 +3,14 @@
 import org.jivesoftware.whack.ExternalComponentManager;
 import org.xmpp.component.ComponentException;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
 /**
  * This is an example of how to make a component run as an external component. This examples
  * requires that the server be running in the same computer where this application will run and
@@ -14,8 +22,8 @@ public class ExternalWeatherComponent {
 
     public static void main(String[] args) {
         // Create a manager for the external components that will connect to the server "localhost"
-        // at the port 5225
-        final ExternalComponentManager manager = new ExternalComponentManager("localhost", 5275);
+        // at the port 5276, using encryption.
+        final ExternalComponentManager manager = new ExternalComponentManager("localhost", 5276, true);
         // Set the secret key for this component. The server must be using the same secret key
         // otherwise the component won't be able to authenticate with the server. Check that the
         // server has the property "component.external.secretKey" defined and that it is using the

diff --git a/source/java/org/jivesoftware/whack/ExternalComponent.java b/source/java/org/jivesoftware/whack/ExternalComponent.java
@@ -54,6 +54,8 @@
 import org.xmpp.packet.Packet;
 import org.xmpp.packet.StreamError;
 
+import javax.net.ssl.SSLSocketFactory;
+
 /**
  * ExternalComponents are responsible for connecting and authenticating with a remote server and
  * for sending and processing received packets. In fact, an ExternalComponent is a wrapper on a
@@ -107,6 +109,8 @@ public class ExternalComponent implements Component {
     private String host;
     private int port;
 
+    private boolean startEncrypted;
+
     /**
      * Pool of threads that are available for processing the requests.
      */
@@ -144,10 +148,29 @@ public ExternalComponent(Component component, ExternalComponentManager manager,
      * @param subdomain     the subdomain that this component will be handling.
      * @throws ComponentException if an error happens during the connection and authentication steps.
      */
+    @Deprecated
     public void connect(String host, int port, String subdomain) throws ComponentException {
+        connect(host,port,subdomain,false);
+    }
+
+    /**
+     * Generates a connection with the server and tries to authenticate. If an error occurs in any
+     * of the steps then a ComponentException is thrown.
+     *
+     * @param host            the host to connect with.
+     * @param port            the port to use.
+     * @param subdomain       the subdomain that this component will be handling.
+     * @param startEncrypted  true if sockets are started in TLS/SSL mode, otherwise false.
+     * @throws ComponentException if an error happens during the connection and authentication steps.
+     */
+    public void connect(String host, int port, String subdomain, boolean startEncrypted) throws ComponentException {
         try {
             // Open a socket to the server
-            this.socket = new Socket();
+            if ( startEncrypted ) {
+                this.socket = SSLSocketFactory.getDefault().createSocket();
+            } else {
+                this.socket = new Socket();
+            }
             socket.connect(new InetSocketAddress(host, port), manager.getConnectTimeout());
             if (manager.getServerName() != null) {
                 this.domain = subdomain + "." + manager.getServerName();
@@ -159,6 +182,7 @@ public void connect(String host, int port, String subdomain) throws ComponentExc
             // Keep these variables that will be used in case a reconnection is required
             this.host= host;
             this.port = port;
+            this.startEncrypted = startEncrypted;
 
             try {
                 factory = XmlPullParserFactory.newInstance();
@@ -432,7 +456,7 @@ public void connectionLost() {
         }
         while (!isConnected && !shutdown) {
             try {
-                connect(host, port, subdomain);
+                connect(host, port, subdomain, startEncrypted);
                 isConnected = true;
                 // It may be possible that while a new connection was being established the
                 // component was required to shutdown so in this case we need to close the new

diff --git a/source/java/org/jivesoftware/whack/ExternalComponentManager.java b/source/java/org/jivesoftware/whack/ExternalComponentManager.java
@@ -57,6 +57,12 @@ public class ExternalComponentManager implements ComponentManager {
      * Port of the server used for establishing new connections.
      */
     private int port;
+
+    /**
+     * Defines if sockets are started in encrypted mode ("old-style" TLS/SSL, non-STARTTLS
+     */
+    private boolean startEncrypted;
+
     /**
      * Keeps the domain of the XMPP server. The domain may or may not match the host. The domain
      * will be used mainly for the XMPP packets while the host is used mainly for creating
@@ -117,6 +123,7 @@ public ExternalComponentManager(String host) {
      * @param host the IP address or name of the XMPP server to connect to (e.g. "example.com").
      * @param port the port to connect on.
      */
+    @Deprecated
     public ExternalComponentManager(String host, int port) {
         if (host == null) {
             throw new IllegalArgumentException("Host of XMPP server cannot be null");
@@ -130,6 +137,20 @@ public ExternalComponentManager(String host, int port) {
         ComponentManagerFactory.setComponentManager(this);
     }
 
+    public ExternalComponentManager(String host, int port, boolean startEncrypted) {
+        if (host == null) {
+            throw new IllegalArgumentException("Host of XMPP server cannot be null");
+        }
+        this.host = host;
+        this.port = port;
+        this.startEncrypted = startEncrypted;
+
+        createDummyLogger();
+
+        // Set this ComponentManager as the current component manager
+        ComponentManagerFactory.setComponentManager(this);
+    }
+
     /**
      * Sets a secret key for a sub-domain, for future use by a component
      * connecting to the server. Keys are used as an authentication mechanism
@@ -218,7 +239,7 @@ public void addComponent(String subdomain, Component component, Integer port) th
             componentsByDomain.put(subdomain, externalComponent);
             components.put(component, externalComponent);
             // Ask the ExternalComponent to connect with the remote server
-            externalComponent.connect(host, port, subdomain);
+            externalComponent.connect(host, port, subdomain, startEncrypted);
             // Initialize the component
             JID componentJID = new JID(null, externalComponent.getDomain(), null);
             externalComponent.initialize(componentJID, this);

diff --git a/source/java/org/jivesoftware/whack/container/ServerContainer.java b/source/java/org/jivesoftware/whack/container/ServerContainer.java
@@ -179,7 +179,7 @@ public void start() {
             String xmppServerHost = properties.getProperty("xmppServer.host");
             port = properties.getProperty("xmppServer.port");
             int xmppServerPort = (port == null ? 10015 : Integer.parseInt(port));
-            manager = new ExternalComponentManager(xmppServerHost, xmppServerPort);
+            manager = new ExternalComponentManager(xmppServerHost, xmppServerPort, false);
             String serverDomain = properties.getProperty("xmppServer.domain");
             if (serverDomain != null) {
                 manager.setServerName(serverDomain);