Age | Commit message (Collapse) | Author |
|
As per patch 'Fix swiften handling when client certificate is
missing' (8405fa16b738b6ef6a5920cd9d0f5735f8b62369).
Change-Id: Iec5036213d8432a3af78647470381485bfcc01e3
Test-information: Code inspection. Unit tests still pass.
|
|
As per patch 'Mark removed contacts as unavailable in Swift'
(9e6ee0f262e7dc663f4c706b16a346a268f425aa) added an XMPPRoster to the
member variables and constructor arguments for PresenceOracle.
Test-information: Unit tests pass.
Change-Id: I062d256c088a968e061d864fbd1386f850b614a7
|
|
As per swiften patch 'Fix notification logic for signals in BlockListImpl'
(4455c20085834098f6d9aa872db3115d466e7004). Fix the logic in the BlockListImpl
class and add a unit test for it.
Test-information: Unit tests pass ok.
Change-Id: I739d1febb2cf728ff00c132a00adb2f7f144b739
|
|
S5BTransport Session still needs generic T.
FileTransfer, OutgoingFileTransfer and IncomingFileTransfer are made an interface due to the need of multiple inheritance in
IncomingJingleFileTransfer and OutgoingJingleFileTransfer. Corresponding documentation has been updated.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
None.
Change-Id: If44cf387767865c37492d871c12d623f94ebaa3a
|
|
Adds ProxyProviders, DomainNameResolvers and DummyConnection.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Tests added for ChainedConnector, Connector and HostAddress.
Test also added for ComponentConnector, which needed bits of Network.
Five assertions are commented in ConnectorTest, which fails and will be updated after review.
Change-Id: I8a62841eb2f9c109bc3a94865b7a003b33493e11
|
|
Missing initialisation for client authenticator for SASL external was
causing null pointer exceptions. This patch corrects it by initialising
the authenticator as is done in swiften.
Test-information:
tested using an XMPP admin client that does SASL External
Change-Id: I321b425c1c28e0424effd9cb974980c392e48b68
|
|
The default, clean finish() method needs to set up no error, not a null
instance of Error.Type (with type field == null).
Change-Id: I6912392b226dd84c411e2369844b9aee656d2e6f
|
|
Change-Id: I41924cdd6d32deb9d47b47a3fc7ffb3b55947029
|
|
Updates all bits of Client to be in parity with Swiften.
Some part of code which depends on Network is commented.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Tests added for: ClientBlockListManager, ClientSession and NickResolver.
All tests pass.
Change-Id: I5b9b0e5ae5b2df58202e2349ba24e4544d9a4614
|
|
Adds TLSError and TLSOptions.
Updates BasicSessionStream, SessionStream and Session.
Updates Client and Components to accomodate changes in TLS.
Also completes TLSLayer in StreamStack which was pending due to TLS port.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Tests added for Certificate and ServerIdentityVerifier.
Test updated for ComponentSession.
All tests pass.
Change-Id: I34a8fe068c1e8af5348cc4ab49d3d1ed118ae833
|
|
Adds DIGESTMD5ClientAuthenticator, DIGESTMD5Properties, ExternalClientAuthenticator, PLAINMessage.
Updates Client, ClientSession, CoreClient, ConnectDisconnect, StrokeGUI to reflect changes made in SASL.
Updates ClientAuthenticator, SCRAMSHA1ClientAuthenticator, PBKDF2.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Added tests for DIGESTMD5ClientAuthenticator, DIGESTMD5Properties, PLAINClientAuthenticator, PLAINMessage.
Update test for SCRAMSHA1ClientAuthenticatorTest.
All tests pass.
Change-Id: I4fd38f922cab7e4c4548d9706f6ad3b9e1506e81
|
|
Adds Component, ComponentConnector, ComponentError, ComponentSession, ComponentXMLTracer, CoreComponent,
ComponentSessionStanzaChannel, ComponentXMTracer, CoreComponent.
Updates CoreClient, StrokeGUI, BasicSessionStream and SessionStream and Client, so that signal definition can be changed.
Updates ComponentHandshake element, Entity.
Updates OutgoingAdHocCommandSession to have feature parity with Swiften.
This patch does not port Client or Session fully, which will be done in separate future patches.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Test added for ComponentSession, which passes.
Test for ComponentConnector cannot be ported right now and will be done in future patches,
as it requires some bits of Network to be ported.
Change-Id: I7138a2041fe28a2be7ac57cb47b15365f9334b24
|
|
Updates Serializers and Parsers along with one minor change in XMPPlayer.
Update Non Payload Serializers to return SafeByteArray.
Updates SafeByteArray to return SafeByteArray on append and plus method.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
None.
Change-Id: I6fe665a26b10cac37b3e3acd9ec15c211ac9b8ab
|
|
Stroke was brought in line with swiften as a result of which strong
(certificate based bind) authentication between client and xmpp server
stopped working. This was happening because of missing "=" in the
<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='EXTERNAL'>=</auth>
The AuthRequestSerialiser was not adding "=" because the ByteArray object
that was passed was null.
This patch fixes the ClientSession class to pass empty ByteArray object as
is done in existing swiften code.
Test-information:
strong bind works using java client to xmpp server
Change-Id: Ide2d61723d92df19a251db7f1eb9f1581329f782
|
|
Change-Id: I03fa68c567250d938112ea9a0c236be100ac82e3
|
|
MemoryStorages, Storages
NickManager, NickResolver
CryptoProvider, Hash, SafeByteArray, JavaCryptoProvider
CapsInfoGenerator, CapsManager, CapsMemoryStorage, CapsProvider,
CapsStorage, CapsInfo
CapsInfoSerializer, CapsInfoParser
ClientDiscoManager, DiscoInfoResponder, EntityCapsManager,
EntityCapsProvider
GetDiscoInfoRequest
ChatState, Idle
Presence, PayloadAddingPresenceSender, PresenceOracle,
SubscriptionManager
StatusSerializer, StatusShowSerializer, StatusParser, StatusShowParser,
Replace, ReplaceParser, ReplaceSerializer
SecurityLabel, SecurityLabelsCatalog, GetSecurityLabelsCatalogRequest
VCard, GetVCardRequest, SetVCardRequest, VCardManager,
VCardMemoryStorage, VCardStorage
RosterMemoryStorage, RosterPushResponder, RosterStorage,
SetRosterRequest
XMPPRoster, XMPPRosterController, XMPPRosterImpl, XMPPRosterItem
GetRosterRequest, SetResponder
Add parsers and serializers for Idle, VCard, PrivateStorage & Stroage.
Add
parser for Subject.
Add impromptu flag to MUCInvitation.
Update copyrights.
Change-Id: I9949f506b70e60b3a64f1dadde8f9b235b322e1d
|
|
This patch updates Stroke as per the Swiften code to get peerCertificate chain.
Test-information:
tested using M-Link Console (XMPP client) to look at the certificate and chain
Change-Id: I2662511b72f9ca6d176a9f4c1e02d10b5df5d2c7
|
|
Since the initial Stroke TLS implementation was done, some changes
were made in Swiften, starting with
"Show Certificate dialog from certificate error window."
159e773b156f531575d0d7e241e2d20c85ee6d7cA
which mean that certificate verification uses the peer's certificate
chain, and not just the peer's EE certificate.
This change updates Stroke so that its API now more closely matches
what Swiften does.
Note that any current Stroke clients that implement the
"CertificateTrustChecker" interface will break, as this patch makes an
incompatible change to that interface, requiring implementing classes
to handle a certificate chain rather than a single certificate.
Isode copyright notices are updated; Remko copyright notices are
updated to reflect the current copyright notices in any equivalent
Swiften source files.
Test-information:
Used MLC (after having patched it for CertificateTrustChecker changes)
and verified that it sees the entire certificate chain coming back.
Ran self-tests for Stroke and saw no junit failures
Change-Id: I3d863f929bfed3324446cadf3bb4d6b9ff916660
|
|
The Connector class had "_xmpp-client._tcp." hard-coded in it, which
meant that it was not suitable for non XMPP clients.
This change means that Connector could now be used by clients who are
interested in arbitrary SRV records; the CoreClient class is updated
accordingly.
Test-information:
Built and tested using MLC.
Also tested with a client that is interested in IMAP SRV records
Change-Id: Ia23c148fd8afdd7b3271c47b1c96d086d57a44bd
|
|
Change-Id: Ie8ca77ba8dbcd83926d46307ad0e73d804ff7422
|
|
This patch corresponds with the Swiften commit
5f1cb0d768265347bc80862c33f5967f07759b10 whose comment reads
Release-Notes: Fixed a bug whereby the sender of an iq wasn't being
checked before matching it to a request.
Note that since the Swiften change, other modifications have been made
to the affected files, and these modifications are not reflected in
this patch.
Test-information:
Code builds. Ran with MLC to make sure things all seem to work OK.
Change-Id: Ife96925d4d728bc0fe749d6b5b849fbe4e866315
|
|
This change moves responsibility for creating the TLSContextFactory
from CoreClient into NetworkFactories, which is in line with the
Swiften implementation.
This means that a caller may now provide his own concrete
TLSContextFactory using code of the form:
NetworkFactories myNetworkFactories;
.
.
myNetworkFactories = new JavaNetworkFactories(eventLoop()) {
@Override
public TLSContextFactory getTLSContextFactory() {
return new MyTLSContextFactory();
}
};
Test-information:
I implemented separate TLSContextFactory and TLSContext classes that
used OpenSSL via JNI) to provide SSL functionality. I was able to
switch to using these with the mechanism that this patch provides.
I also verified that existing code which doesn't try to provide its
own NetworkFactories subclass still works as before (i.e. this patch
doesn't break existing applications).
Change-Id: Ibf07ddbbb4a4d39e4bb30a28be9aa0c43afe005f
Signed-off-by: Nick Hudson <nick.hudson@isode.com>
|
|
Change-Id: I862e11dc293ce84e0311f1ad470293e07735aeaf
|
|
Change-Id: Ib02394df2c7bb818c2409b1d6f2fc3ad0d938224
|
|
Change-Id: Id2710c674abc19cdf2b37f97fe53288b86c7f367
|
|
Change-Id: Iab58df1cf6a3b8b9461b71fd3f27476214e07286
|
|
|
|
|
|
|
|
Makes ClientOptions do more.
|
|
|
|
|
|
In order to make it available to clients.
Test-information:
tested using an XMPP Admin tool to display connection type error
|
|
This change ports the MUC Administration related classes from
Swiften to stroke. Also includes the MUC initialisation code in
the CoreClient.
Test-information:
tested the ported unit tests
|
|
The javadoc for the method was not in line with its behaviour, so you
could get a NullPointerException if you asked for a session
certificate when the session wasn't TLS.
This patch makes the code do what the javadoc says (and what clients
most likely want)
Test-information:
Returns null rather than crashing when I ask for a certificate on a
non-TLS stream.
|
|
Corresponding with change in Swiften (assuming that is approved; it's
not yet been integrated at the time of writing)
Test-information:
Works as expected in my test applications
|
|
This change
- renames the "onError" signal to be "onDisconnected" (as per change
59be74ec6 in Swiften)
- adds "setCertificateTrustChecker()" method and uses the supplied checker
when configuring TLS
Test-information:
My applications still work.
When I configure my server with a certificate that doesn't correspond
to the requirements in RFC 6120, my CertificateTrustChecker gets
called, and the session is either dropped or maintained depending on
what my checker returns.
|
|
This change provides the functionality to allow clients to specify a
PKCS#12 file containing client certificate/key for use when starting
TLS sessions.
The PKCS12Certificate class now subclasses "CertificateWithKey"
(matching the Swiften implementation).
Swiften also has "CAPICertificate", which is another subclass of
CertificateWithKey. This has not been provided in this patch.
From a client's point of view, all that's necessary to specify a
certificate to be used for TLS is to do something like
CertificateWithKey myCert = new PKCS12Certificate(
"/home/fred/myp12file.p12",
"secret".toCharArray());
coreClient.setCertificate(myCert);
before calling "CoreClient.connect".
Matching the Swiften functionality, constructing a new
PKCS12Certificate does not actually perform validation of the P12
file/passphrase; that takes place when the p12 file is used.
There is limited scope for returning to the caller errors describing
possible problems, but JSSEContext uses the "emitError" method which
does maintain error information, which is available in a debugger, or
from the JSSEContext.toString() method.
Test-information:
Set up an M-Link server with TLS verified that
- when I specify a client certificate with suitable SAN, the client
sends it and the server reports authentication using the certificate
- when I specify a client certificate without a suitable SAN, the
client sends it but the server rejects it
|
|
|
|
Also fixed up some incorrect Remko copyrights
|
|
Also made "Stanza" be an abstract class and had its ".toString()" include
the name of the subclass which is involved, so that the subclasses don't
have to do that themselves.
Also added null check to existing HostAddress.toString() method
Also fixed Remko copyright in Connector class
Test-information:
Stuff is displayed as expected in debugger.
|
|
Test-information:
Looks okay.
|
|
|
|
|
|
|