Also change StringUtils.escapeForXML() and Packet.toXML() to return
CharSequence instead of String. XmlStringBuilder now has 'optX' methods.
Remove XmlUtils in favor of XmlStringBuilder
If whitespace (e.g. \n \t) needs to be preserved, then XML elements
should be used instead of attributes. Since we do this now in
DirectoryRosterStore, there is also no longer a need for an
specialized StringUtils.escapeForXML().
Also introduce XmlStringBuilder, which should become the default way
to implement Packet.toXML() and the like.
There is a unsolveable race condition between the connection state and
sendPacket(), i.e. the connection could go down, right after the
method calling sendPacket is called, but before sendPacket() is
invoked. Before this change, sendPacket() has thrown an unchecked
IllegalStateException, which could be ignored by the Smack user, who
would also not notice the race condition. We have decided to throw a
checked Exception in this case now, to make the Smack user aware of
this situation.
SMACK-426
Rework StringUtils.escapeForXML() so that it can be used also for
StringUtils.xmlAttribEncodeBinary(). escapeForXML() now uses a
switch/case statement, which should leave the (JIT) compiler more room
for optimizations.
Removing the "do not escape unicode character references", because
this behavior, introduced with
8264ebdfb5, is incorrect.
ChatManager's Chat instances are now removed by Chat.close(), removing
the need for a Map with Hard to Weak references.
ChatStateManager can simply use WeakHashMap.
Although this was mandatory on RFC 3921, RFC 6120/6121 don't even mention this part of the protocol.
Signed-off-by: Daniele Ricci <daniele.athome@gmail.com>
Also remove the Exceptions from the signature of getRoster().
Extend ConnectionListener with connected() and authenticated()
callbacks, required by Roster to be notified so that the Roster can be
loaded *after* login.
SmackException (and it's subclasses) is for all errors/exceptions not
defined by any XMPP specification. XMPPException is now an abstract
class for all errors defined by the XMPP specifications.
Methods that involve an IQ exchange now either return the result, which
is obtained by IQ response, or they throw an XMPPErrorException if an IQ
error was the result of the IQ set/get. If there was no response from
the server within the default packet timeout, a NoResponseException will
be thrown.
XMPP SASL errors are now also reported accordingly.
SMACK-426
- There is now no longer the need to use reflection for
compression-jzlib.
- compressionHandlers are a global configuration property and therefore
belong in SmackConfiguration.
RFC4616 states that if the authorization identity (authzid) parameter is
null, then it is derived from the authentication
identity (authcid). Smack currently sets both, authzid and authcid, to
the username, resulting in auth attempts of
userid\0userid\0password
instead of
userid\0password
Which are different users on most systems (e.g. Kerberos).
We now set only SASLMechanism.authenticationId to username. The
authenticate(String, CallbackHandler) method does now not longer receive
the username, as it's send by the CallbackHandler.
This fixes issue there on android in XHTMLExtension bodys contained "null" instead of actual xhtml tags
This happened due to difference in XPP implementation in KXmlPullParser (on Android) MXParser (in other cases)
This fix replaces usage of getText method of XPP with restoration of xhtml tags using XPP api.
- Fix "packet.Time is not thread-safe" (SMACK-543)
- Update packet.Time to XEP-0202
Add SDM.supportsFeature(), since this is a pattern that repeats over and
over again in Smack. Also add abstract Manager class, that takes care of
the weak reference to Connection, as this is also a repeating pattern in
Smack.
Prior to this change, Smack processes each RosterPacket (which is not of
type IQ.Type.RESULT) as a roster result.
Any other client on the XMPP network can send such a packet (not only
our server). This allows a malicious party to overwrite our Roster.
This patch changes smack so that a RosterPacket is discarded if it is
not a reply to a roster request.
In the absence of checks on the from address, it is possible for other
clients to fake an answer to an IQ request.
This commit adds an IQReplyFilter, which drops all packets which are not
a valid reply to an IQ request. In particular, it checks for packet id,
from address and packet type.
Most(?) places waiting for a reply to an IQ request are converted to use
the IQReplyFilter.
For a discussion of the issues, see the thread "Spoofing of iq ids and
misbehaving servers" from 2014-01 on the jdev@jabber.org mailing list
and following discussion in February and March.
Smack contains two PacketFilters to filter on the from address.
FromContainsFilter simply does a substring match, which is problematic
as explained in SMACK-71. FromMatchesFilter partially fixes this
weakness, but it still uses String#startsWith to filter on bare
addresses. For example, when setup to match all JIDs with bare JID
"foo@example.co", it will still match "foo@example.com".
This commit changes FromMatchesFilter to test equality with the bare
from instead of startsWith with the full from.
Moreover, we convert all uses of FromContainsFilter to FromMatchesFilter
and remove FromContainsFilter. Additionally, the unused ToContainsFilter
(which as the same weaknesses) is removed, too.