Java Code Examples for org.jivesoftware.util.JiveGlobals#getBooleanProperty()

public LdapAuthProvider() {
    // Convert XML based provider setup to Database based
    JiveGlobals.migrateProperty("ldap.authCache.enabled");

    manager = LdapManager.getInstance();
    if (JiveGlobals.getBooleanProperty("ldap.authCache.enabled", false)) {
        String cacheName = "LDAP Authentication";
        authCache = CacheFactory.createCache(cacheName);
    }
}
 

/**
 * Constructor of the JDBCGroupProvider class.
 */
public JDBCGroupProvider() {
    // Convert XML based provider setup to Database based
    JiveGlobals.migrateProperty("jdbcProvider.driver");
    JiveGlobals.migrateProperty("jdbcProvider.connectionString");
    JiveGlobals.migrateProperty("jdbcGroupProvider.groupCountSQL");
    JiveGlobals.migrateProperty("jdbcGroupProvider.allGroupsSQL");
    JiveGlobals.migrateProperty("jdbcGroupProvider.userGroupsSQL");
    JiveGlobals.migrateProperty("jdbcGroupProvider.descriptionSQL");
    JiveGlobals.migrateProperty("jdbcGroupProvider.loadMembersSQL");
    JiveGlobals.migrateProperty("jdbcGroupProvider.loadAdminsSQL");

    useConnectionProvider = JiveGlobals.getBooleanProperty("jdbcGroupProvider.useConnectionProvider");

    if (!useConnectionProvider) {
        // Load the JDBC driver and connection string.
        String jdbcDriver = JiveGlobals.getProperty("jdbcProvider.driver");
        try {
            Class.forName(jdbcDriver).newInstance();
        }
        catch (Exception e) {
            Log.error("Unable to load JDBC driver: " + jdbcDriver, e);
            return;
        }
        connectionString = JiveGlobals.getProperty("jdbcProvider.connectionString");
    }

    // Load SQL statements
    groupCountSQL = JiveGlobals.getProperty("jdbcGroupProvider.groupCountSQL");
    allGroupsSQL = JiveGlobals.getProperty("jdbcGroupProvider.allGroupsSQL");
    userGroupsSQL = JiveGlobals.getProperty("jdbcGroupProvider.userGroupsSQL");
    descriptionSQL = JiveGlobals.getProperty("jdbcGroupProvider.descriptionSQL");
    loadMembersSQL = JiveGlobals.getProperty("jdbcGroupProvider.loadMembersSQL");
    loadAdminsSQL = JiveGlobals.getProperty("jdbcGroupProvider.loadAdminsSQL");
}
 

@Override
public void initialize(XMPPServer server) {
    super.initialize(server);

    // Check if we need to configure MINA to use Direct or Heap Buffers
    // Note: It has been reported that heap buffers are 50% faster than direct buffers
    if (JiveGlobals.getBooleanProperty("xmpp.socket.heapBuffer", true)) {
        IoBuffer.setUseDirectBuffer(false);
        IoBuffer.setAllocator(new SimpleBufferAllocator());
    }
}
 

/**
 * Closes the session. After a session has been closed it will no longer accept new connections
 * on the session ID.
 */
@Override
public void close() {
    if (isClosed) {
        return;
    }
    if (JiveGlobals.getBooleanProperty("log.httpbind.enabled", false)) {
        Log.info("Session " + getStreamID() + " being closed");
    }
    conn.close();
}
 

/**
 * Return if the configuration allows this listener to be enabled (but does not verify that the listener is
 * indeed active).
 *
 * @return true if configuration allows this listener to be enabled, otherwise false.
 */
public boolean isEnabled()
{
    // Not providing a property name indicates that availability cannot be toggled. The listener is 'always on'.
    if (isEnabledPropertyName == null )
    {
        return true;
    }
    // TODO if this is an SSL connection, legacy code required the existence of at least one certificate in the identity store in addition to the property value (although no such requirement is enforced for a TLS connection that might or might not be elevated to encrypted).
    return JiveGlobals.getBooleanProperty( isEnabledPropertyName, true );
}
 

private static StringBuilder getSecure(StringBuilder builder) {
    if (JiveGlobals.getBooleanProperty(CROSS_DOMAIN_SECURE_ENABLED,CROSS_DOMAIN_SECURE_DEFAULT)) {
        builder.append("true");
    } else {
        builder.append("false");
    }
    return builder;
}
 

public boolean getP2pDisableH264()
{
    return JiveGlobals.getBooleanProperty( "ofmeet.p2p.disableH264", true );
}
 

public boolean checkPassword(String username, String testPassword) throws UserNotFoundException {
    Connection con = null;
    PreparedStatement pstmt = null;
    ResultSet rs = null;
    if (username.contains("@")) {
        // Check that the specified domain matches the server's domain
        int index = username.indexOf("@");
        String domain = username.substring(index + 1);
        if (domain.equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
            username = username.substring(0, index);
        } else {
            // Unknown domain.
            throw new UserNotFoundException();
        }
    }
    try {
        con = DbConnectionManager.getConnection();
        pstmt = con.prepareStatement(TEST_PASSWORD);
        pstmt.setString(1, username);
        rs = pstmt.executeQuery();
        if (!rs.next()) {
            throw new UserNotFoundException(username);
        }
        String plainText = rs.getString(1);
        String encrypted = rs.getString(2);
        int iterations = rs.getInt(3);
        String salt = rs.getString(4);
        String storedKey = rs.getString(5);
        if (encrypted != null) {
            try {
                plainText = AuthFactory.decryptPassword(encrypted);
            }
            catch (UnsupportedOperationException uoe) {
                // Ignore and return plain password instead.
            }
        }
        if (plainText != null) {
            boolean scramOnly = JiveGlobals.getBooleanProperty("user.scramHashedPasswordOnly");
            if (scramOnly) {
                // If we have a password here, but we're meant to be scramOnly, we should reset it.
                setPassword(username, plainText);
            }
            return testPassword.equals(plainText);
        }
        // Don't have either plain or encrypted, so test SCRAM hash.
        if (salt == null || iterations == 0 || storedKey == null) {
            Log.warn("No available credentials for checkPassword.");
            return false;
        }
        byte[] saltShaker = DatatypeConverter.parseBase64Binary(salt);
        byte[] saltedPassword = null, clientKey = null, testStoredKey = null;
        try {
               saltedPassword = ScramUtils.createSaltedPassword(saltShaker, testPassword, iterations);
               clientKey = ScramUtils.computeHmac(saltedPassword, "Client Key");
               testStoredKey = MessageDigest.getInstance("SHA-1").digest(clientKey);
        } catch(SaslException | NoSuchAlgorithmException e) {
            Log.warn("Unable to check SCRAM values for PLAIN authentication.");
            return false;
        }
        return DatatypeConverter.printBase64Binary(testStoredKey).equals(storedKey);
    }
    catch (SQLException sqle) {
        Log.error("User SQL failure:", sqle);
        throw new UserNotFoundException(sqle);
    }
    finally {
        DbConnectionManager.closeConnection(rs, pstmt, con);
    }
}
 

@Override
public boolean supportsPasswordRetrieval() {
    boolean scramOnly = JiveGlobals.getBooleanProperty("user.scramHashedPasswordOnly");
    return !scramOnly;
}
 

public boolean isUseStun() {
    if (stunPort == null && stunServer == null) {
        return JiveGlobals.getBooleanProperty("phone.stunEnabled", false);
    }
    return useStun;
}
 

/**
 * Populates the key store with a self-signed certificate for the domain of this XMPP service.
 *
 * If the 'algorithm' parameter is used, then this method will evaluate only certificates that match that
 * certificate.
 *
 * @param algorithm An optional algorithm constraint (eg: "RSA"). Can be null, cannot be empty.
 * @deprecated Unused as of Openfire 4.3.0. Use 'addSelfSignedDomainCertificate' instead. See OF-1599.
 * @throws CertificateStoreConfigException if a self-signed certificate could not be created
 */
@Deprecated
public synchronized void addSelfSignedDomainCertificate( String algorithm ) throws CertificateStoreConfigException
{
    if ( algorithm != null && algorithm.isEmpty() )
    {
        throw new IllegalArgumentException( "Argument 'algorithm' cannot be empty (but is allowed to be null)." );
    }

    final int keySize;
    final String signAlgorithm;

    if ( algorithm == null ) {
        algorithm = JiveGlobals.getProperty( "cert.algorithm", "RSA" );
    }
    switch ( algorithm.toUpperCase() )
    {
        case "RSA":
            keySize = JiveGlobals.getIntProperty( "cert.rsa.keysize", 2048 );
            signAlgorithm = JiveGlobals.getProperty( "cert.rsa.algorithm", "SHA256WITHRSAENCRYPTION" );
            break;

        case "DSA":
            keySize = JiveGlobals.getIntProperty( "cert.dsa.keysize", 1024 );
            signAlgorithm = JiveGlobals.getProperty( "cert.dsa.algorithm", "SHA256withDSA" );
            break;

        default:
            throw new IllegalArgumentException( "Unsupported algorithm '" + algorithm + "'. Use 'RSA' or 'DSA'." );
    }

    final String name = XMPPServerInfo.XMPP_DOMAIN.getValue().toLowerCase();
    final String alias = name + "_" + algorithm.toLowerCase();
    final int validityInDays = JiveGlobals.getIntProperty( "cert.validity-days", 5*365 );
    Set<String> sanDnsNames = CertificateManager.determineSubjectAlternateNameDnsNameValues();

    // OF-1605: Check if a wildcard entry is to be used to represent/replace any subdomains of the XMPP domain name.
    final boolean useWildcard = JiveGlobals.getBooleanProperty( "cert.wildcard", true );
    if ( useWildcard )
    {
        final String wildcard = "*." + XMPPServer.getInstance().getServerInfo().getXMPPDomain();

        // Remove any names that match the wildcard.
        sanDnsNames = sanDnsNames.stream()
            .filter( sanDnsName -> !DNSUtil.isNameCoveredByPattern( sanDnsName, wildcard )  )
            .collect( Collectors.toSet() );

        // Add the domain and wildcard entries.
        sanDnsNames.add( XMPPServer.getInstance().getServerInfo().getXMPPDomain() );
        sanDnsNames.add( wildcard );
    }

    Log.info( "Generating a new private key and corresponding self-signed certificate for domain name '{}', using the {} algorithm (sign-algorithm: {} with a key size of {} bits). Certificate will be valid for {} days.", name, algorithm, signAlgorithm, keySize, validityInDays );
    // Generate public and private keys
    try
    {
        final KeyPair keyPair = generateKeyPair( algorithm.toUpperCase(), keySize );

        // Create X509 certificate with keys and specified domain
        final X509Certificate cert = CertificateManager.createX509V3Certificate( keyPair, validityInDays, name, name, name, signAlgorithm, sanDnsNames );

        // Store new certificate and private key in the key store
        store.setKeyEntry( alias, keyPair.getPrivate(), configuration.getPassword(), new X509Certificate[]{cert} );

        // Persist the changes in the store to disk.
        persist();
    }
    catch ( CertificateStoreConfigException | IOException | GeneralSecurityException ex )
    {
        reload(); // reset state of the store.
        throw new CertificateStoreConfigException( "Unable to generate new self-signed " + algorithm + " certificate.", ex );
    }

    // TODO Notify listeners that a new certificate has been created
}
 

/**
 * Creates a new TLSStreamHandler and secures the plain socket connection. When connecting
 * to a remote server then {@code clientMode} will be <code>true</code> and
 * {@code remoteServer} is the server name of the remote server. Otherwise {@code clientMode}
 * will be <code>false</code> and  {@code remoteServer} null.
 *
 * @param socket the plain socket connection to secure
 * @param configuration the configuration for the connection
 * @param clientMode boolean indicating if this entity is a client or a server.
 * @throws java.io.IOException if an exception occurs
 */
public TLSStreamHandler(Socket socket, ConnectionConfiguration configuration, boolean clientMode) throws IOException {
    wrapper = new TLSWrapper(configuration, clientMode);
    tlsEngine = wrapper.getTlsEngine();
    reader = new TLSStreamReader(wrapper, socket);
    writer = new TLSStreamWriter(wrapper, socket);

    // DANIELE: Add code to use directly the socket-channel.
    if (socket.getChannel() != null) {
        rbc = socket.getChannel();
        wbc = socket.getChannel();
    }
    else {
        rbc = Channels.newChannel(socket.getInputStream());
        wbc = Channels.newChannel(socket.getOutputStream());
    }
    initialHSStatus = HandshakeStatus.NEED_UNWRAP;
    initialHSComplete = false;

    netBBSize = tlsEngine.getSession().getPacketBufferSize();
    appBBSize = tlsEngine.getSession().getApplicationBufferSize();

    incomingNetBB = ByteBuffer.allocate(netBBSize);
    outgoingNetBB = ByteBuffer.allocate(netBBSize);
    outgoingNetBB.position(0);
    outgoingNetBB.limit(0);

    appBB = ByteBuffer.allocate(appBBSize);

    if (clientMode) {
        socket.setSoTimeout(0);
        socket.setKeepAlive(true);
        initialHSStatus = HandshakeStatus.NEED_WRAP;
        tlsEngine.beginHandshake();
    }
    else if (configuration.getClientAuth() == Connection.ClientAuth.needed) {
        // Only REQUIRE client authentication if we are fully verifying certificates
        if (JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_CERTIFICATE_VERIFY, true) &&
                JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_CERTIFICATE_CHAIN_VERIFY, true) &&
                !JiveGlobals
                        .getBooleanProperty(ConnectionSettings.Server.TLS_ACCEPT_SELFSIGNED_CERTS, false))
        {
            tlsEngine.setNeedClientAuth(true);
        }
        else {
            // Just indicate that we would like to authenticate the client but if client
            // certificates are self-signed or have no certificate chain then we are still
            // good
            tlsEngine.setWantClientAuth(true);
        }
    }
}
 

@Override
public void initialize(XMPPServer server) {
    super.initialize(server);
    userManager = server.getUserManager();
    rosterManager = server.getRosterManager();

    if (probeResult == null) {
        // Create the basic element of the probeResult which contains the basic registration
        // information (e.g. username, passoword and email)
        probeResult = DocumentHelper.createElement(QName.get("query", "jabber:iq:register"));
        probeResult.addElement("username");
        probeResult.addElement("password");
        probeResult.addElement("email");
        probeResult.addElement("name");

        // Create the registration form to include in the probeResult. The form will include
        // the basic information plus name and visibility of name and email.
        // TODO Future versions could allow plugin modules to add new fields to the form 
        final DataForm registrationForm = new DataForm(DataForm.Type.form);
        registrationForm.setTitle("XMPP Client Registration");
        registrationForm.addInstruction("Please provide the following information");

        final FormField fieldForm = registrationForm.addField();
        fieldForm.setVariable("FORM_TYPE");
        fieldForm.setType(FormField.Type.hidden);
        fieldForm.addValue("jabber:iq:register");

        final FormField fieldUser = registrationForm.addField();
        fieldUser.setVariable("username");
        fieldUser.setType(FormField.Type.text_single);
        fieldUser.setLabel("Username");
        fieldUser.setRequired(true);

        final FormField fieldName = registrationForm.addField(); 
        fieldName.setVariable("name");
        fieldName.setType(FormField.Type.text_single);
        fieldName.setLabel("Full name");
        if (UserManager.getUserProvider().isNameRequired()) {
            fieldName.setRequired(true);
        }

        final FormField fieldMail = registrationForm.addField();
        fieldMail.setVariable("email");
        fieldMail.setType(FormField.Type.text_single);
        fieldMail.setLabel("Email");
        if (UserManager.getUserProvider().isEmailRequired()) {
            fieldMail.setRequired(true);
        }

        final FormField fieldPwd = registrationForm.addField();
        fieldPwd.setVariable("password");
        fieldPwd.setType(FormField.Type.text_private);
        fieldPwd.setLabel("Password");
        fieldPwd.setRequired(true);

        // Add the registration form to the probe result.
        probeResult.add(registrationForm.getElement());
    }
    
    JiveGlobals.migrateProperty("register.inband");
    JiveGlobals.migrateProperty("register.password");
    
    // See if in-band registration should be enabled (default is true).
    registrationEnabled = JiveGlobals.getBooleanProperty("register.inband", true);
    // See if users can change their passwords (default is true).
    canChangePassword = JiveGlobals.getBooleanProperty("register.password", true);
}
 

private boolean isSubjectChangeStrict() {
    return JiveGlobals.getBooleanProperty("xmpp.muc.subject.change.strict", true);
}
 

private boolean isHttpBindServiceEnabled() {
    return JiveGlobals.getBooleanProperty(HTTP_BIND_ENABLED, HTTP_BIND_ENABLED_DEFAULT);
}
 

public boolean getAdaptiveSimulcast()
{
    return JiveGlobals.getBooleanProperty("org.jitsi.videobridge.ofmeet.adaptive.simulcast", false );
}
 

/**
 * Constructs a new JDBC authentication provider.
 */
public JDBCAuthProvider() {
    // Convert XML based provider setup to Database based
    JiveGlobals.migrateProperty("jdbcProvider.driver");
    JiveGlobals.migrateProperty("jdbcProvider.connectionString");
    JiveGlobals.migrateProperty("jdbcAuthProvider.passwordSQL");
    JiveGlobals.migrateProperty("jdbcAuthProvider.passwordType");
    JiveGlobals.migrateProperty("jdbcAuthProvider.setPasswordSQL");
    JiveGlobals.migrateProperty("jdbcAuthProvider.allowUpdate");
    JiveGlobals.migrateProperty("jdbcAuthProvider.bcrypt.cost");
    JiveGlobals.migrateProperty("jdbcAuthProvider.useConnectionProvider");
    JiveGlobals.migrateProperty("jdbcAuthProvider.acceptPreHashedPassword");
    
    useConnectionProvider = JiveGlobals.getBooleanProperty("jdbcAuthProvider.useConnectionProvider");
    
    if (!useConnectionProvider) {
        // Load the JDBC driver and connection string.
        String jdbcDriver = JiveGlobals.getProperty("jdbcProvider.driver");
        try {
           Class.forName(jdbcDriver).newInstance();
        }
        catch (Exception e) {
            Log.error("Unable to load JDBC driver: " + jdbcDriver, e);
            return;
        }
        connectionString = JiveGlobals.getProperty("jdbcProvider.connectionString");
    }

    // Load SQL statements.
    passwordSQL = JiveGlobals.getProperty("jdbcAuthProvider.passwordSQL");
    setPasswordSQL = JiveGlobals.getProperty("jdbcAuthProvider.setPasswordSQL");

    allowUpdate = JiveGlobals.getBooleanProperty("jdbcAuthProvider.allowUpdate",false);

    setPasswordTypes(JiveGlobals.getProperty("jdbcAuthProvider.passwordType", "plain"));
    bcryptCost = JiveGlobals.getIntProperty("jdbcAuthProvider.bcrypt.cost", -1);
    PropertyEventDispatcher.addListener(this);
    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
        java.security.Security.addProvider(new BouncyCastleProvider());
    }
}
 

/**
 * Returns true if the file transfer proxy is currently enabled and false if it is not.
 *
 * @return Returns true if the file transfer proxy is currently enabled and false if it is not.
 */
public boolean isProxyEnabled() {
    return connectionManager.isRunning() &&
            JiveGlobals.getBooleanProperty(JIVEPROPERTY_PROXY_ENABLED, DEFAULT_IS_PROXY_ENABLED);
}
 

/**
 * Returns true if the roster service is enabled. When disabled it is not possible to
 * retrieve users rosters or broadcast presence packets to roster contacts.
 *
 * @return true if the roster service is enabled.
 */
public static boolean isRosterServiceEnabled() {
    return JiveGlobals.getBooleanProperty("xmpp.client.roster.active", true);
}
 

/**
 * XMPP disallows some characters in identifiers, requiring them to be escaped.
 *
 * This implementation assumes that the database returns properly escaped identifiers,
 * but can apply escaping by setting the value of the 'jdbcUserProvider.isEscaped'
 * property to 'false'.
 *
 * @return 'false' if this implementation needs to escape database content before processing.
 */
protected boolean assumePersistedDataIsEscaped()
{
    return JiveGlobals.getBooleanProperty( "jdbcUserProvider.isEscaped", true );
}