protected String getEncryptionCipherSuitesCommaSeparated() { final String propertyName = type.getPrefix() + "ciphersuites"; final String defaultValue = ""; if ( type.getFallback() == null ) { return JiveGlobals.getProperty( propertyName, defaultValue ); } else { return JiveGlobals.getProperty( propertyName, getConnectionListener( type.getFallback() ).getEncryptionCipherSuitesCommaSeparated() ); } }
@Override public String toString() { final String name = getType().toString().toLowerCase() + ( getTLSPolicy().equals( Connection.TLSPolicy.legacyMode ) ? "-legacyMode" : "" ); return "ConnectionListener{" + "name=" + name + '}'; }
for ( final ConnectionType type : ConnectionType.values() )
static void setKeyStoreType( ConnectionType type, String keyStoreType ) { // Always set the property explicitly even if it appears the equal to the old value (the old value might be a fallback value). JiveGlobals.setProperty( type.getPrefix() + "storeType", keyStoreType ); final String oldKeyStoreType = getKeyStoreType( type ); if ( oldKeyStoreType.equals( keyStoreType ) ) { Log.debug( "Ignoring KeyStore type change request (to '{}'): listener already in this state.", keyStoreType ); return; } Log.debug( "Changing KeyStore type from '{}' to '{}'.", oldKeyStoreType, keyStoreType ); }
CertificateStoreConfiguration c2sTrustStoreConfiguration = null; CertificateStoreConfiguration s2sTrustStoreConfiguration = null; for ( ConnectionType connectionType : ConnectionType.values() ) if ( connectionType == SOCKET_C2S || (connectionType.getFallback() != null && connectionType.getFallback() == SOCKET_C2S) )
/** * Configuresif self-signed peer certificates can be used to establish an encrypted connection. * * @param accept true when self-signed certificates are accepted, otherwise false. */ public void setAcceptSelfSignedCertificates( boolean accept ) { final boolean oldValue = verifyCertificateValidity(); // Always set the property explicitly even if it appears the equal to the old value (the old value might be a fallback value). JiveGlobals.setProperty( type.getPrefix() + "certificate.accept-selfsigned", Boolean.toString( accept ) ); if ( oldValue == accept ) { Log.debug( "Ignoring self-signed certificate acceptance policy change request (to '{}'): listener already in this state.", accept ); return; } Log.debug( "Changing self-signed certificate acceptance policy from '{}' to '{}'.", oldValue, accept ); restart(); }
protected String getEncryptionProtocolsCommaSeparated() { final String propertyName = type.getPrefix() + "protocols"; final String defaultValue = ""; if ( type.getFallback() == null ) { return JiveGlobals.getProperty( propertyName, defaultValue ).trim(); } else { return JiveGlobals.getProperty( propertyName, getConnectionListener( type.getFallback() ).getEncryptionProtocolsCommaSeparated() ).trim(); } }
/** * Configures if the current validity of certificates (based on their 'notBefore' and 'notAfter' property values) is * used when they are used to establish an encrypted connection.. * * @param verify true when certificates are required to be valid to establish a secured connection, otherwise false. */ public void setVerifyCertificateValidity( boolean verify ) { final boolean oldValue = verifyCertificateValidity(); // Always set the property explicitly even if it appears the equal to the old value (the old value might be a fallback value). JiveGlobals.setProperty( type.getPrefix() + "certificate.verify.validity", Boolean.toString( verify ) ); if ( oldValue == verify ) { Log.debug( "Ignoring certificate validity verification configuration change request (to '{}'): listener already in this state.", verify ); return; } Log.debug( "Changing certificate validity verification configuration from '{}' to '{}'.", oldValue, verify ); restart(); }
/** * Instantiates a new connection listener. * * @param isEnabledPropertyName Property name (of a boolean) that toggles availability. Null to indicate that this listener is 'always on' * @param maxPoolSizePropertyName Property name (of an int) that defines maximum IO processing threads. Null causes an unconfigurable default amount to be used. * @param maxReadBufferPropertyName Property name (of an int) that defines maximum amount (in bytes) of IO data can be cached, pending processing. Null to indicate boundless caches. * @param tlsPolicyPropertyName Property name (of a string) that defines the applicable TLS Policy. Or, the value {@link org.jivesoftware.openfire.Connection.TLSPolicy} to indicate unconfigurable TLS Policy. Cannot be null. * @param clientAuthPolicyPropertyName Property name (of an string) that defines maximum IO processing threads. Null causes a unconfigurabel value of 'wanted' to be used. */ public ConnectionListener( ConnectionType type, String tcpPortPropertyName, int defaultPort, String isEnabledPropertyName, String maxPoolSizePropertyName, String maxReadBufferPropertyName, String tlsPolicyPropertyName, String clientAuthPolicyPropertyName, InetAddress bindAddress, CertificateStoreConfiguration identityStoreConfiguration, CertificateStoreConfiguration trustStoreConfiguration, String compressionPolicyPropertyName ) { this.type = type; this.tcpPortPropertyName = tcpPortPropertyName; this.defaultPort = defaultPort; this.isEnabledPropertyName = isEnabledPropertyName; this.maxPoolSizePropertyName = maxPoolSizePropertyName; this.maxReadBufferPropertyName = maxReadBufferPropertyName; this.tlsPolicyPropertyName = tlsPolicyPropertyName; this.clientAuthPolicyPropertyName = clientAuthPolicyPropertyName; this.bindAddress = bindAddress; this.identityStoreConfiguration = identityStoreConfiguration; this.trustStoreConfiguration = trustStoreConfiguration; this.compressionPolicyPropertyName = compressionPolicyPropertyName; // A listener cannot be changed into or from legacy mode. That fact is safe to use in the name of the logger.. final String name = getType().toString().toLowerCase() + ( getTLSPolicy().equals( Connection.TLSPolicy.legacyMode ) ? "-legacyMode" : "" ); this.Log = LoggerFactory.getLogger( ConnectionListener.class.getName() + "[" + name + "]" ); }
for ( final ConnectionType type : ConnectionType.values() )
/** * The password of the identity store for connection created by this listener. * * @return a password (never null). */ static String getIdentityStorePassword( ConnectionType type ) { final String propertyName = type.getPrefix() + "keypass"; final String defaultValue = "changeit"; if ( type.getFallback() == null ) { return JiveGlobals.getProperty( propertyName, defaultValue ).trim(); } else { return JiveGlobals.getProperty( propertyName, getIdentityStorePassword( type.getFallback() ) ).trim(); } }
JiveGlobals.setProperty( type.getPrefix() + "protocols", newValue );
/** * Instantiates, but not starts, a new instance. */ public MINAConnectionAcceptor( ConnectionConfiguration configuration ) { super( configuration ); this.name = configuration.getType().toString().toLowerCase() + ( configuration.getTlsPolicy() == Connection.TLSPolicy.legacyMode ? "_ssl" : "" ); Log = LoggerFactory.getLogger( MINAConnectionAcceptor.class.getName() + "[" + name + "]" ); switch ( configuration.getType() ) { case SOCKET_S2S: connectionHandler = new ServerConnectionHandler( configuration ); break; case SOCKET_C2S: connectionHandler = new ClientConnectionHandler( configuration ); break; case COMPONENT: connectionHandler = new ComponentConnectionHandler( configuration ); break; case CONNECTION_MANAGER: connectionHandler = new MultiplexerConnectionHandler( configuration ); break; default: throw new IllegalStateException( "This implementation does not support the connection type as defined in the provided configuration: " + configuration.getType() ); } this.encryptionArtifactFactory = new EncryptionArtifactFactory( configuration ); }
/** * The password of the trust store for connections created by this listener. * * @return a password (never null). */ static String getTrustStorePassword( ConnectionType type ) { final String propertyName = type.getPrefix() + "trustpass"; final String defaultValue = "changeit"; if ( type.getFallback() == null ) { return JiveGlobals.getProperty( propertyName, defaultValue ).trim(); } else { return JiveGlobals.getProperty( propertyName, getTrustStorePassword( type.getFallback() ) ).trim(); } }
JiveGlobals.setProperty( type.getPrefix() + "ciphersuites", newValue );
@Override public String toString() { final String name = getType().toString().toLowerCase() + ( getTLSPolicy().equals( Connection.TLSPolicy.legacyMode ) ? "-legacyMode" : "" ); return "ConnectionListener{" + "name=" + name + '}'; }
/** * The location (relative to OPENFIRE_HOME) of the identity store for connections created by this listener. * * @return a path (never null). */ static String getIdentityStoreLocation( ConnectionType type ) { final String propertyName = type.getPrefix() + "keystore"; final String defaultValue = "resources" + File.separator + "security" + File.separator + "keystore"; if ( type.getFallback() == null ) { return JiveGlobals.getProperty( propertyName, defaultValue ).trim(); } else { return JiveGlobals.getProperty( propertyName, getIdentityStoreLocation( type.getFallback() ) ).trim(); } }
/** * Instantiates a new connection listener. * * @param isEnabledPropertyName Property name (of a boolean) that toggles availability. Null to indicate that this listener is 'always on' * @param maxPoolSizePropertyName Property name (of an int) that defines maximum IO processing threads. Null causes an unconfigurable default amount to be used. * @param maxReadBufferPropertyName Property name (of an int) that defines maximum amount (in bytes) of IO data can be cached, pending processing. Null to indicate boundless caches. * @param tlsPolicyPropertyName Property name (of a string) that defines the applicable TLS Policy. Or, the value {@link org.jivesoftware.openfire.Connection.TLSPolicy} to indicate unconfigurable TLS Policy. Cannot be null. * @param clientAuthPolicyPropertyName Property name (of an string) that defines maximum IO processing threads. Null causes a unconfigurabel value of 'wanted' to be used. */ public ConnectionListener( ConnectionType type, String tcpPortPropertyName, int defaultPort, String isEnabledPropertyName, String maxPoolSizePropertyName, String maxReadBufferPropertyName, String tlsPolicyPropertyName, String clientAuthPolicyPropertyName, InetAddress bindAddress, CertificateStoreConfiguration identityStoreConfiguration, CertificateStoreConfiguration trustStoreConfiguration, String compressionPolicyPropertyName ) { this.type = type; this.tcpPortPropertyName = tcpPortPropertyName; this.defaultPort = defaultPort; this.isEnabledPropertyName = isEnabledPropertyName; this.maxPoolSizePropertyName = maxPoolSizePropertyName; this.maxReadBufferPropertyName = maxReadBufferPropertyName; this.tlsPolicyPropertyName = tlsPolicyPropertyName; this.clientAuthPolicyPropertyName = clientAuthPolicyPropertyName; this.bindAddress = bindAddress; this.identityStoreConfiguration = identityStoreConfiguration; this.trustStoreConfiguration = trustStoreConfiguration; this.compressionPolicyPropertyName = compressionPolicyPropertyName; // A listener cannot be changed into or from legacy mode. That fact is safe to use in the name of the logger.. final String name = getType().toString().toLowerCase() + ( getTLSPolicy().equals( Connection.TLSPolicy.legacyMode ) ? "-legacyMode" : "" ); this.Log = LoggerFactory.getLogger( ConnectionListener.class.getName() + "[" + name + "]" ); }
/** * The location (relative to OPENFIRE_HOME) of the directory that holds backups for trust stores. * * @return a path (never null). */ public static String getTrustStoreBackupDirectory( ConnectionType type ) { final String propertyName = type.getPrefix() + "backup.truststore.location"; final String defaultValue = "resources" + File.separator + "security" + File.separator + "archive" + File.separator; if ( type.getFallback() == null ) { return JiveGlobals.getProperty( propertyName, defaultValue ).trim(); } else { return JiveGlobals.getProperty( propertyName, getTrustStoreBackupDirectory( type.getFallback() ) ).trim(); } }