1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-23 12:32:06 +01:00
Commit graph

4515 commits

Author SHA1 Message Date
Florian Schmaus
c1b412c457 [xmlparser-stax] Disable external entities and DTD
Before that, the StAX parser used by Smack for XML parsing had
only external entity replacement disabled. We further harden the
parser by disabling DTDs.

See also:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlinputfactory-a-stax-parser
2020-10-05 08:55:10 +02:00
Florian Schmaus
6d39a4e3ac [bob] Add BoBDataExtension, remove BoBExtension
BoBExtension extending XHTMLExtension was poorly designed and only
worked for a single paragraphy.

Fixes SMACK-770.
2020-09-23 19:57:13 +02:00
Florian Schmaus
15e3d267f6 Add Pair utility class 2020-09-23 19:46:01 +02:00
Florian Schmaus
048226960b Rename smack-java7 to smack-java8
Fixes SMACK-854.
2020-09-23 17:50:11 +02:00
Florian Schmaus
fe7d3bec30 Make Forwarded a generic type
Fixes SMACK-821.
2020-09-23 17:48:04 +02:00
Florian Schmaus
c1b32f8e11 [carbons] Throw SmackParsingException instead of IOException 2020-09-23 17:47:04 +02:00
Florian Schmaus
02341f6330 Smack 4.4.0-beta3-SNAPSHOT 2020-09-20 14:10:53 +02:00
Florian Schmaus
6837c305e8 Smack 4.4.0-beta2 2020-09-20 13:57:09 +02:00
Florian Schmaus
4db7d787f7 [tcp] Add code comment why we have to copy the ByteBuffer 2020-09-20 13:53:13 +02:00
Florian Schmaus
08fc0ba0b4 [tcp] Improve pendingWriteInterestAfterRead code comment 2020-09-20 13:06:02 +02:00
Florian Schmaus
525ee09ea1 [tcp] Do not send SM ack after we send a </stream:stream>
Do net put an ack to the queue if it has already been shutdown. Some
servers, like ejabberd, like to request an ack even after we have send
a stream close (and hance the queue was shutdown). If we would not
check here, then the ack would dangle around in the queue, and be send
on the next re-connection attempt even before the stream open.

See the following trace of the MUC bookmarks integration test. The
fact that it is a MUC test does not matter, but this test does
disconnect the connection and reconnect it. Not how the server,
ejabberd in this case, requests an SM ack by sending an <r/> even
though we already send the </stream:stream>:

22:22:05 SENT (4):
<iq id='MD4UC-61' type='set'>
  <query xmlns='jabber:iq:private'>
    <storage xmlns='storage:bookmarks'>
      <conference name='Smack Inttest: 7in7j' autojoin='true' jid='y9jcn5@conference.salem.geekplace.eu'>
        <nick>
          Nick-P2VXD7
        </nick>
      </conference>
    </storage>
  </query>
</iq>
22:22:05 RECV (4):
<r xmlns='urn:xmpp:sm:3'/>
22:22:05 SENT (4):
<a xmlns='urn:xmpp:sm:3' h='29'/>
22:22:05 RECV (4):
<message to='sinttest-7in7j-4@salem.geekplace.eu' from='sinttest-7in7j-4@salem.geekplace.eu' type='headline'>
  <event xmlns='http://jabber.org/protocol/pubsub#event'>
    <items node='storage:bookmarks'>
      <item id='current'>
        <storage xmlns='storage:bookmarks'>
          <conference name='Smack Inttest: 7in7j' autojoin='true' jid='y9jcn5@conference.salem.geekplace.eu'>
            <nick>
              Nick-P2VXD7
            </nick>
          </conference>
        </storage>
      </item>
    </items>
  </event>
  <addresses xmlns='http://jabber.org/protocol/address'>
    <address jid='sinttest-7in7j-4@salem.geekplace.eu/1415073683806426185213090' type='replyto'/>
  </addresses>
</message>
22:22:05 RECV (4):
<iq xml:lang='en-US' to='sinttest-7in7j-4@salem.geekplace.eu/1415073683806426185213090' from='sinttest-7in7j-4@salem.geekplace.eu' type='result' id='MD4UC-61'/>
22:22:05 SENT (4):
<presence id='6MS6J-20' type='unavailable'/>
<a xmlns='urn:xmpp:sm:3' h='31'/>
<!-- We have closed the stream -->
</stream:stream>
<!-- But the server still requests an SM ack -->
22:22:05 RECV (4):
<r xmlns='urn:xmpp:sm:3'/>
22:22:05 RECV (4):
</stream:stream>
22:22:05 XMPPConnection closed (XMPPTCPConnection[sinttest-7in7j-4@salem.geekplace.eu/1415073683806426185213090] (4))
22:22:05 SENT (4):
<a xmlns='urn:xmpp:sm:3' h='31'/>
22:22:05 SENT (4):
<stream:stream xmlns='jabber:client' to='salem.geekplace.eu' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='sinttest-7in7j-4@salem.geekplace.eu' xml:lang='en-US'>
22:22:05 RECV (4): ?xml version='1.0'?>
<stream:stream id='3379123514446782311' ver
22:22:05 RECV (4): sion='1.0' xml:lang='en' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'>
<stream:error>
  <invalid-xml xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
</stream:error>
</stream:stream>
22:22:05 XMPPConnection closed due to an exception (XMPPTCPConnection[sinttest-7in7j-4@salem.geekplace.eu/1415073683806426185213090] (4))
org.jivesoftware.smack.XMPPException$StreamErrorException: invalid-xml You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
<stream:error><invalid-xml xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error>
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:981)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:913)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:936)
	at java.base/java.lang.Thread.run(Thread.java:834)
2020-09-18 14:36:26 +02:00
Florian Schmaus
488d01796a [tcp] Fix TlsState by aborting the channel selected callback
Instead of breaking in case the SSLEngine signals NEED_WRAP, which
leads to an endless loop while holding the
channelSelectedCallbackLock, we have to return, so that the
asynchronously invoked callback can aquire it, and do its work.
2020-09-17 22:15:30 +02:00
Florian Schmaus
b7824f008d Introduce and use XmlStringBuilder.text()
Smack currently does unnecessary escaping of XML text, where it
escapes e.g. '"' to '&quot;'. This bloats the stanza size, especially
if JSON payloads are involved.

Fixes SMACK-892 (although there are probably still places where
XmlStringBuilder.escape() is used when XmlStringBuild.text() could
have been used).
2020-09-17 14:20:11 +02:00
Florian Schmaus
9e9d30074c
Merge pull request #428 from vanitasvitae/pgpainlessalpha12
Bump pgpainless version to 0.1.0
2020-08-31 09:47:15 +02:00
4cc0f1d129
Bump pgpainless version to 0.1.0 2020-08-30 23:08:26 +02:00
Florian Schmaus
64d3e804a7
Merge pull request #427 from Flowdalic/elements
Add XmppElementUtil.castOrThrow()
2020-08-29 16:38:54 +02:00
Florian Schmaus
1ebe8b0309
Merge pull request #422 from Flowdalic/drop-sm-state-on-clean-shutdown
[tcp] Drop Stream Management state on clean shutdown
2020-08-29 16:33:50 +02:00
Florian Schmaus
b09cd06053 [core] Use XmppElementUtil.castOrThrow() in StanzaView.getExtension(Class)
This means that users get now exceptions with helpful error messages
instead of the dreaded ClassCastException, like

java.lang.ClassCastException: org.jivesoftware.smack.packet.StandardExtensionElement cannot be cast to org.jivesoftware.smackx.mam.element.MamElements$MamResultExtension
at

when StanzaView.getExtension(Class) is used to retrieve the extension.
2020-08-29 16:29:22 +02:00
Florian Schmaus
d06e9499e8 [core] Add XmppElementUtil.castOrThrow(ExtensionElement, Class)
This method throws an IllegalStateException if the provided extension
element is not of the expected type and hints users towards potential
causes.
2020-08-29 16:29:22 +02:00
Florian Schmaus
99297e5a76 [mam] Improve MamResultExtension: use MessageView in from() and add QNAME 2020-08-28 09:47:54 +02:00
Florian Schmaus
1aab0b8aac [core] Add cache to XmppElementUtil.getQNameFor(Class) 2020-08-28 09:47:09 +02:00
Florian Schmaus
cf4c9725b7 [core] Add ProviderManager.getExtensionProvider(QName) 2020-08-28 09:37:29 +02:00
Florian Schmaus
49ebe8c587 [tcp] Drop Stream Management state on clean shutdown
We previously only set the SM session ID to zero, but that is not
enough. On a clean shutdown, i.e. where we send a </stream> close tag,
we also have to nullify the unacknowledgedStanzas queue.
2020-08-17 22:11:50 +02:00
Florian Schmaus
3f3590b42b
Merge pull request #421 from Flowdalic/smack-streammanagement
Add smack-streammanagement project
2020-08-17 15:55:37 +02:00
Florian Schmaus
317e391da5 Create smack-streammanagement project and move o.j.smack.sm code there 2020-08-15 14:03:57 +02:00
Florian Schmaus
f00804ef72
Merge pull request #419 from adiaholic/bugFix
XmlEnvironment: Use correct method to obatain effective namespace.
2020-08-11 14:19:03 +02:00
Aditya Borikar
c9cf4f1541 XmlEnvironment: Use correct method to obatain effective namespace. 2020-08-08 20:14:39 +05:30
Florian Schmaus
89c5895ab3 Smack 4.4.0-beta2-SNAPSHOT 2020-08-07 22:06:32 +02:00
Florian Schmaus
b61426c8d0 Smack 4.4.0-beta1 2020-08-07 21:25:20 +02:00
Florian Schmaus
cf92566e26
Merge pull request #416 from Flowdalic/connected-boolean
Set 'connected' to 'true' as early as possible
2020-08-07 12:43:53 +02:00
Florian Schmaus
36d61d9e52
Merge pull request #413 from adiaholic/xep-0156
HttpLookupMethod: Position parser at START_ELEMENT before parsing
2020-08-07 12:37:04 +02:00
Aditya Borikar
7796b367cc Position parser at START_ELEMENT before parsing
This PR aims to provide parseXrdLinkReferencesFor() method the ability
to parse forward to the first START_ELEMENT tag.The HttpLookupMethodTest
tests the HttpLookupMethod class by parsing String. This makes use of
PacketParserUtils.getParserFor(String), which already does forward
winding to reach START_ELEMENT. However when fetching endpoints from a
remote host meta data, PacketParserUtils.getParserFor(InputStream) is
used which doesn't do winding in any form. And thus, even though
HttpLookupMethodTest tests pass, this implementation would crash while
parsing remote host-meta.
2020-08-07 15:01:53 +05:30
Florian Schmaus
e35175a3d5
Merge pull request #417 from Flowdalic/gradle-dynamic-versions
[build] Use ranged version [1.0.0, 1.0.999] for jXMPP and MiniDNS
2020-08-06 19:58:35 +02:00
Florian Schmaus
92ed777dba
Merge pull request #418 from Flowdalic/rename-waitForCondition
waitForCondition() → waitForConditionOrThrowConnectionException()
2020-08-06 19:58:22 +02:00
Florian Schmaus
ac788592a6 waitForCondition() → waitForConditionOrThrowConnectionException()
The method was already renamed, but not in
ModularXmppClientToServerConnectionInternal.
2020-08-06 18:17:04 +02:00
Florian Schmaus
1a2a613112 Set 'connected' to 'true' as early as possible
We previously only set 'connected' after connectInternal()
returned. This could lead to notifyConnectionError() ignoring stream
error exceptions, e.g. when establishing TLS which happens also in
connectInternal(), because 'connected' was still 'false'.

2020-08-06 13:08:06.265 19830-20423/org.atalk.android D/SMACK: SENT (0):
    <stream:stream xmlns='jabber:client' to='atalk.sytes.net' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
2020-08-06 13:08:06.333 19830-20424/org.atalk.android D/SMACK: RECV (0): ?xml version='1.0'?>
    <stream:stream id='16420577292739412012' version='1.0' xml:lang='en' xmlns:stream='http://etherx.jabber.org/streams' from='atalk.sytes.net' xmlns='jabber:client'>
    <stream:error>
      <policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
      <text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-streams'>
        Too many (20) failed authentications from this IP address (::ffff:42.60.7.13). The address will be unblocked at 05:15:34 06.08.2020 UTC
      </text>
    </stream:error>
    </stream:stream>
2020-08-06 13:08:06.346 19830-20424/org.atalk.android I/aTalk: [241896] org.jivesoftware.smack.AbstractXMPPConnection.notifyConnectionError() Connection was already disconnected when attempting to handle org.jivesoftware.smack.XMPPException$StreamErrorException: policy-violation You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
    <stream:error><policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xml:lang='en'>Too many (20) failed authentications from this IP address (::ffff:42.60.7.13). The address will be unblocked at 05:15:34 06.08.2020 UTC</text></stream:error>
    org.jivesoftware.smack.XMPPException$StreamErrorException: policy-violation You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
    <stream:error><policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xml:lang='en'>Too many (20) failed authentications from this IP address (::ffff:42.60.7.13). The address will be unblocked at 05:15:34 06.08.2020 UTC</text></stream:error>
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:966)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:898)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:921)
        at java.lang.Thread.run(Thread.java:919)

Which eventually leads to a NoResponseException

org.jivesoftware.smack.SmackException$NoResponseException: No response
received within reply timeout. Timeout was 30000ms (~30s). While
waiting for establishing TLS
[XMPPTCPConnection[not-authenticated] (4)]

We now set 'connected' to 'true' as soon as the transport (e.g. TCP,
BOSH, …) is connected. While this is in other ways also sensible, it
also allows notifyConnectionError() to handle exceptions in the early
connection stage.

Thanks to Eng Chong Meng for reporting this.
2020-08-06 16:32:26 +02:00
Florian Schmaus
3c54d5ffcd [build] Use ranged version [1.0.0, 1.0.999] for jXMPP and MiniDNS
This also means that we need to lookup the resovled versions of those
artifacts in order to provide the javadoc link.
2020-08-06 15:19:42 +02:00
Florian Schmaus
a356e91108
Merge pull request #415 from vanitasvitae/NEDEtypo
NoEndpointDiscoveredException: s/Not/No
2020-07-30 08:48:57 +02:00
dd631048a3
NoEndpointDiscoveredException: s/Not/No 2020-07-28 19:00:04 +02:00
Florian Schmaus
d34eda61fe
Merge pull request #414 from Flowdalic/state-string-precedence
StateDescriptor String-based precedence API
2020-07-27 17:13:49 +02:00
Florian Schmaus
ec80d5287b [core] Add String-based StateDescriptor precedence/inferiority declaration methods 2020-07-25 14:27:45 +02:00
Florian Schmaus
64fb47c98b Fix typo in StateDescriptor method: s/Inferiorty/Inferiority/ 2020-07-25 13:55:35 +02:00
Florian Schmaus
3003094130
Merge pull request #412 from Flowdalic/data-form-type-annotations
[xdata] Parse forms of any kind without field type annotations
2020-07-23 17:24:48 +02:00
Florian Schmaus
62b1320643
Merge pull request #410 from adiaholic/integrationTest
Add SimpleXmppConnectionIntegrationTest
2020-07-23 16:10:36 +02:00
Florian Schmaus
1bd097ed9b
Merge pull request #411 from Flowdalic/sasl
SASL / getFeature()
2020-07-23 16:09:57 +02:00
Florian Schmaus
103ffabc08 [xdata] Parse forms of any kind without field type annotations
We previously only looked in the registry for 'submit' type forms. But
also 'result' type forms may be send without field type
annotations. Same is true, but less likely, for 'form' type forms.
2020-07-23 15:47:17 +02:00
Florian Schmaus
329948b442 Add XMPP.(get|has)Feature(Class|QName) and deprecate (String, String) 2020-07-23 14:32:14 +02:00
Florian Schmaus
cbdde0f541
Merge pull request #358 from vanitasvitae/sce
XEP-0420: Stanza Content Encryption
2020-07-23 14:27:08 +02:00
Florian Schmaus
f1e10bc6bc
Merge pull request #409 from vanitasvitae/connectionListenerConnecting
ConnectionListener: Add connecting(XMPPConnection) method.
2020-07-23 14:19:14 +02:00
78f37a909e
Add support for XEP-0420: Stanza Content Encryption 2020-07-23 11:02:28 +02:00