/*
* Tigase Jabber/XMPP Server
* Copyright (C) 2004-2012 "Artur Hefczyc" <artur.hefczyc@tigase.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. Look for COPYING file in the top folder.
* If not, see http://www.gnu.org/licenses/.
*
* $Rev$
* Last modified by $Author$
* $Date$
*/
package tigase.xmpp.impl;
//~--- non-JDK imports --------------------------------------------------------
import tigase.db.NonAuthUserRepository;
import tigase.server.Command;
import tigase.server.Packet;
import tigase.xml.Element;
import tigase.xmpp.StanzaType;
import tigase.xmpp.XMPPProcessor;
import tigase.xmpp.XMPPProcessorIfc;
import tigase.xmpp.XMPPResourceConnection;
//~--- JDK imports ------------------------------------------------------------
import java.util.Map;
import java.util.Queue;
import java.util.logging.Level;
import java.util.logging.Logger;
//~--- classes ----------------------------------------------------------------
/**
* Describe class StartTLS here.
*
*
* Created: Fri Mar 24 07:22:57 2006
*
* @author <a href="mailto:artur.hefczyc@tigase.org">Artur Hefczyc</a>
* @version $Rev$
*/
public class StartTLS extends XMPPProcessor implements XMPPProcessorIfc {
private static final Logger log = Logger.getLogger(StartTLS.class.getName());
private static final String XMLNS = "urn:ietf:params:xml:ns:xmpp-tls";
// private static final String TLS_STARTED_KEY = "TLS-Started";
/** Field description */
public static final String TLS_REQUIRED_KEY = "tls-required";
protected static final String ID = "starttls";
private static final String[] ELEMENTS = { "starttls", "proceed", "failure" };
private static final String[] XMLNSS = { XMLNS, XMLNS, XMLNS };
private static final Element[] F_REQUIRED = {
new Element("starttls", new Element[] { new Element("required") }, new String[] { "xmlns" },
new String[] { XMLNS }) };
private static final Element[] F_NOT_REQUIRED = {
new Element("starttls", new String[] { "xmlns" }, new String[] { XMLNS }) };
//~--- fields ---------------------------------------------------------------
private Element proceed = new Element("proceed", new String[] { "xmlns" },
new String[] { XMLNS });
private Element failure = new Element("failure", new String[] { "xmlns" },
new String[] { XMLNS });
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @return
*/
@Override
public String id() {
return ID;
}
/**
* Method description
*
*
* @param packet
* @param session
* @param repo
* @param results
* @param settings
*/
@Override
public void process(final Packet packet, final XMPPResourceConnection session,
final NonAuthUserRepository repo, final Queue<Packet> results,
final Map<String, Object> settings) {
if (session == null) {
return;
} // end of if (session == null)
if (packet.isElement("starttls", XMLNS)) {
if (session.getSessionData(ID) != null) {
// Somebody tries to activate multiple TLS layers.
// This is possible and can even work but this can also be
// a DOS attack. Blocking it now, unless someone requests he wants
// to have multiple layers of TLS for his connection
log.log(Level.WARNING,
"Multiple TLS requests, possible DOS attack, closing connection: {0}", packet);
results.offer(packet.swapFromTo(failure, null, null));
results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set,
session.nextStanzaId()));
return;
}
session.putSessionData(ID, "true");
Packet result = Command.STARTTLS.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set,
session.nextStanzaId(), Command.DataType.submit);
Command.setData(result, proceed);
results.offer(result);
} else {
log.log(Level.WARNING, "Unknown TLS element: {0}", packet);
results.offer(packet.swapFromTo(failure, null, null));
results.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set,
session.nextStanzaId()));
} // end of if (packet.getElement().getName().equals("starttls")) else
}
/**
* Method description
*
*
* @return
*/
@Override
public String[] supElements() {
return ELEMENTS;
}
/**
* Method description
*
*
* @return
*/
@Override
public String[] supNamespaces() {
return XMLNSS;
}
/**
* Method description
*
*
* @param session
*
* @return
*/
@Override
public Element[] supStreamFeatures(final XMPPResourceConnection session) {
// If session does not exist, just return null, we don't provide features
// for non-existen stream
if ((session != null) && (session.getSessionData(ID) == null)) {
if ((session.getSessionData(TLS_REQUIRED_KEY) != null)
&& session.getSessionData(TLS_REQUIRED_KEY).equals("true")) {
return F_REQUIRED;
} else {
return F_NOT_REQUIRED;
}
} // end of if (session.isAuthorized())
else {
return null;
} // end of if (session.isAuthorized()) else
}
} // StartTLS
//~ Formatted in Sun Code Convention
//~ Formatted by Jindent --- http://www.jindent.com