summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-04-11Provide mechanism to allow clients to restrict available ciphersuitesNick Hudson
By default, when a TLS connection is established, the SSLContext will enable all available ciphersuites. This may not be appropriate in situations where export restrictions apply and higher grade ciphersuites are prohibitied. This change allows a caller to configure a restricted set of ciphersuites to be used when establishing TLS connections. Callers use the JSSEContextFactory.setRestrictedCipherSuites() method to configure a list of ciphersuites. Any ciphersuites which are not included in the list will be excluded in subsequent TLS connections. If the JSSEContextFactory.setRestrictedCipherSuites() is never called, or called with a null parameter, then no restriction will apply. Test-information: Validated that by calling the new method to restrict the available ciphers, TLS connections initiated by Stroke only propose ciphersuites in the restricted list, and connections fail when the server fails to find an acceptable cipher. Change-Id: Id0b4b19553a6f386cda27a71f0172410d899218e Signed-off-by: Nick Hudson <nick.hudson@isode.com>
2013-03-26Support TLS use of certificates from CAPI keystoresNick Hudson
This patch adds a new "CAPICertificate" class, which can be used to configure TLS connections that use a client certificate from a Windows CAPI keystore, including certificates on smart cards. The JSSEContext class is updated so that "setClientCertificate()" checks to see whether the CertificateWithKey object that it's been given is a PKCS12Certificate or a CAPICertificate, and initializes the appropriate type of KeyStore. Note that the default behaviour of the KeyStore returned by SunMSCAPI when choosing a client certificate for TLS authentication is for it to choose the "most suitable" certificate it finds. This "most suitable" certificate may not be the one that the user has chosen, and in fact various certificates in CAPI are not considered by SunMSCAPI in this case - for example, certificates issued by CAs who don't appear in the list of acceptable CAs in the server's CertificateRequest (RFC5246 7.4.4). The CAPIKeyManager class provided here allows a caller to override the default behaviour, and force the use of a specific client certificate (whether it's "suitable" or not) based on the value specified by the caller when the CAPICertificate object was created. This also means that it is possible for a user to specify a particular certificate and use that, even if SunMSCAPI would have thought a "more suitable" one was found in CAPI. Test-information: Tested that P12 based TLS still works Tested on Windows that I can specify a "CAPICertificate" which is a reference to a certificate in the Windows keystore whose private key is held on a smartcard, and that I am prompted to insert the card (if necessary() and enter the PIN before the TLS handshake proceeds. Tested on Windows that I can specify a "CAPICertificate" which is a reference to an imported P12 file where certificate and key are in CAPI, and the TLS handshake proceeds without asking me for a PIN Tested that the "CAPIKeyManager" class is correctly forcing use of the certificate specified by the user, rather than the one which would be returned by the default SunMSCAPI implementation. Tested that I can still use "PKCS12Certificate"s to authenticate Tested that if I try and use a CAPICertificate on a non-Windows platform, then I can't authenticate, and get errors emitted from Stroke complaining of "no such provider: SunMSCAPI" Change-Id: Iff38e459f60c0806755820f6989c516be37cbf08 Signed-off-by: Nick Hudson <nick.hudson@isode.com>
2013-01-29Changes to Stroke to make it more amenable to porting to other platformsNick Hudson
Two things - the implementation of JavaTrustManager was attempting to instantiate a TrustManagerFactory with a hard-coded name of "PKIX", which doesn't work on Android. So instead of that, we ask for the TrustManagerFactory's default algorithm - which for the standard JRE still appears to be "PKIX", but which for Android may be something else. - the "hack" which had been in place to force the SSLEngine to perform a TLS handshake has been removed. Calling "SSLEngine.beginHandshake()" is not guaranteed to make the SSLEngine perform the TLS handshake, which it typically only does when it is told to wrap some data from the client. The earlier version of JSSEContext provoked this by asking it to send a "<" character, and then removing the leading "<" from whatever Stroke happened to send next. It turns out that you can force the handshake to start by telling the SSLEngine to wrap 0 bytes of data from the client, and so this change removes the hack, and instead calls "wrapAndSendData()" with an empty buffer as soon as the SSLEngine has been created. Test-information: Ran XMPP client that uses TLS and verified that everything still works as expected. Change-Id: Ie08d76bd2f5a743320a59bad62a09c1f215c48d6 Signed-off-by: Nick Hudson <nick.hudson@isode.com>
2012-11-02Fix a Null Pointer Exception when using the getSince APIGurmeen Bindra
If since_ is null, calling clone on it was causing a NUll Pointer Exception. Adding a check fixes it. Test-information: Tested by creating a room using an XMPP client - no exception seen after the fix Change-Id: I25b151ac8e5b25562b8941eb5532fa9b9ea2de6f
2012-10-18And more cleanupKevin Smith
Change-Id: I49cf4cba01452b291655dfccdc134180270c1ff3
2012-10-18And more cleanupsKevin Smith
Change-Id: I862e11dc293ce84e0311f1ad470293e07735aeaf
2012-10-18Reduce PMD's whining a little furtherKevin Smith
Change-Id: Ib02394df2c7bb818c2409b1d6f2fc3ad0d938224
2012-10-18Trying to quieten down PMD's complaining a little bitKevin Smith
Change-Id: Id2710c674abc19cdf2b37f97fe53288b86c7f367
2012-10-18Enable compression now that zlib worksKevin Smith
Change-Id: Iab58df1cf6a3b8b9461b71fd3f27476214e07286
2012-10-18OK, this one is daftKevin Smith
Change-Id: Ie2ec5f94e0a1ee381ab43c09465571de94e64b6f
2012-10-18Use more PMD rulesKevin Smith
Change-Id: I373469fa7a7ba8d5c639d4a1f2d4e07182eeb953
2012-10-18Include PMD checkingKevin Smith
Change-Id: Ib4717891c591911e68a5b27b7af4e666b6296d48
2012-10-18Add findbugs and cobertura XML results.Kevin Smith
Change-Id: Ic7adcf9790429c23b9493ec22324198bfc474b6f
2012-10-17Allow cobertura coverage generationKevin Smith
Change-Id: I0e333781b140a97788e35d401e054a413af0ab76
2012-10-17Make test results XML for JenkinsKevin Smith
Change-Id: Ia1460c62f0bce645248b2412a60a6ad7420ae849
2012-10-17Fix ZLib unit tests by fixing underlying hexify implementationKevin Smith
Change-Id: Iba3aeab8b0140c32f732ce01b1e2da243e7ec141
2012-10-17Catch xml parser exceptions and fail parsingKevin Smith
Change-Id: If5ef43f2d875f958cd8114b0b3246e6e6f03c95b
2012-10-16Update README with correct dependenciesKevin Smith
Change-Id: Ic7f627d38318c352c7db057c2347d5e617f4078c
2012-10-02Avoid NPEsKevin Smith
2012-10-02Protect against null manual hostnamesKevin Smith
2012-10-02Don't crash when overriding the connect hostKevin Smith
2012-10-02Adding Support for SoftwareVersionResponderKevin Smith
2012-09-21Update some interfaces for consistency with Swiften.Kevin Smith
Makes ClientOptions do more.
2012-09-21Remove superfluous event loopKevin Smith
2012-09-21UseTLS needs to be publicKevin Smith
2012-09-07Fixing whitespaceKevin Smith
2012-09-07Correct the equals method of JID classGurmeen Bindra
The method was comparing the classes instead of instances as a result of which equal JIDs but belonging to different derived class were always unequal. Test-information: Tested using an XMPP client which is using objects of class derived from JID class to compare with raw JID objects
2012-08-28Improve efficiency of FormParserKevin Smith
2012-08-22Increase visibility of Client Error TypeGurmeen Bindra
In order to make it available to clients. Test-information: tested using an XMPP Admin tool to display connection type error
2012-08-20Close socketChannel in finally blockGurmeen Bindra
In one of my testing scenario, socket was not getting closed. This was happening when an XMPP client was connecting to a domain which was different from the domain in the jabber ID of the connection user. Moving the close call to a finally block ensures that socket gets closed in all scenarios. Test-information: I created an IM domain j.com on my XMPP Server and then added a user with that domain (user@j.com). Then I tried connecting to my Primary domain using this new user. After removing j.com, I could an increase in number of sockets after every poll (coreclient.connect()) but not after this patch.
2012-08-16Close DirectoryContext after receiving resultsGurmeen Bindra
If I leave an Application using Stroke running for a few hours(making periodic connection attempts), the JVM would throw an Exception saying "Too Many Open Files". On doing an "lsof -p <pid_of_jvm>", I noticed that there were number of open sockets in CLOSE_WAIT state and these went up after every attempt to do a connect on CoreClient object. Closing of DirContext object fixes this bug and the number of open sockets does not increase. Test-information: Ran MLC and kept on monitoring the result of "lsof -p <pid>". It would not increase after this patch.
2012-07-17Move DNS resolution into a thread to make the API asyncronous.Kevin Smith
2012-06-01Don't send non-integer 'h' attributes on 'a' elementsKevin Smith
2012-05-29Don't throw exceptions for receiving illegal XMLKevin Smith
2012-05-21Use the Aalto XML parser instead of XPPKevin Smith
Also adds a 'make test' target for the Makefile. Set the JUNIT environment variable to point to your jar if it doesn't find it.
2012-04-27MUC Administration related classesGurmeen Bindra
This change ports the MUC Administration related classes from Swiften to stroke. Also includes the MUC initialisation code in the CoreClient. Test-information: tested the ported unit tests
2012-04-27Port Classes for Storage/Private StorageGurmeen Bindra
This patch ports the classes for Storage, PrivateStorage and PrivateStorage requests from Swiften to Stroke. Test-information: junit test for GetPrivateStorageRequestTest is also ported and tested
2012-04-27Remove "max" limit on buffer size for SSL connectionsNick Hudson
The original implementation of JSSEContext allocated buffers for the SSL data which started off at a size determined using information from the SSLSession, and which were allowed to grow to up to ten times their original size. When testing with jabber.org it was fairly easy to exceed this size (e.g. requiring a buffer of ~650K where the maximum value had been around 160K), meaning that applications would fail. This change removes the upper limit altogether. Now, the buffer will grow to whatever is required, so long as free memory is available. I also renamed "enlargeBuffer" in response to a previous review comment Test-information: No longer see problems when talking to jabber.org over SSL. Instrumentation shows that buffer is growing as expected.
2012-04-23Basic exampleKevin Smith
2012-04-20Also emit onDisconnected after a manual disconnectKevin Smith
2012-04-19Update parsing factories to allow empty namespaces, in line with SwiftenKevin Smith
2012-04-19Port MUC Payload Parsers from Swiften to StrokeGurmeen Bindra
This patch ports the MUC Payload parsers from swiften to stroke. Test-information: ported junits work fine
2012-04-19Port MUC Payload Serializers from Swiften to StrokeGurmeen Bindra
All the serializers for different kind of MUC payloads have been ported from swiften to stroke. Test-information: There is a junit test that's ported which tests the admin payload serialiser. Also executed the other MUC Junits.
2012-04-19Port elements for MUC AdministrationGurmeen Bindra
This patch ports basic elements from swiftern to stroke. This includes various types od MUC Payloads. Test-information: the junits for the parsers (still WIP) code works fine.
2012-04-19Port Presence Sender from Swiften to StrokeGurmeen Bindra
The porting includes Directed and Stanza Channel Presence senders. Test-information: tested with Work In Progress MUC Admin Port's Unit tests
2012-04-19Add Signal and Slot classes with 3 parametersGurmeen Bindra
MUC Admin requires Signals and Slots with 3 parameters so this patch adds Signal/Slot classes which cater to 3 parameter values Test-information: tested with Work In Progress MUC Admin code
2012-04-19Add a copy constructor to Presence and Stanza + compare method in JIDGurmeen Bindra
This patch adds a copy constructor to the Presence class(and hence base class Staza as well). It also ports the compare method to JID class. Also added javadocs to Presence and Stanza classes. Test-information: tested using the Work In Progress code that ports MUC Admin to stroke Reviewer: Kevin Smith <kevin.smith@isode.com>
2012-04-19Port Error parser Tests to stroke from SwiftenGurmeen Bindra
Junit tests ported from Swiften to stroke. Test-information: ran the tests from Eclipse IDE
2012-03-29Make CoreClient.getSessionCertificate more robustNick Hudson
The javadoc for the method was not in line with its behaviour, so you could get a NullPointerException if you asked for a session certificate when the session wasn't TLS. This patch makes the code do what the javadoc says (and what clients most likely want) Test-information: Returns null rather than crashing when I ask for a certificate on a non-TLS stream.
2012-03-29Port Error Parser to strokeGurmeen Bindra
After this change, the error payload object should be populated in case of error. The condtion, type and text field will be from the payload rather than Undefined, Cancel and empty. Test-information: tested by executing adhoc-commands on an XMPP clinet in a way to result in an error. I do see the error text and condition set as per the XMPP streams. Reviewer: Kevin Smith <kevin.smith@isode.com>