1283 lines
51 KiB
Java
1283 lines
51 KiB
Java
/**
|
|
*
|
|
* Copyright 2003-2007 Jive Software, 2017-2020 Florian Schmaus.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package org.jivesoftware.smack;
|
|
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.FileInputStream;
|
|
import java.io.IOException;
|
|
import java.io.InputStream;
|
|
import java.lang.reflect.Constructor;
|
|
import java.lang.reflect.InvocationTargetException;
|
|
import java.net.InetAddress;
|
|
import java.net.UnknownHostException;
|
|
import java.nio.charset.StandardCharsets;
|
|
import java.security.KeyManagementException;
|
|
import java.security.KeyStore;
|
|
import java.security.KeyStoreException;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.security.NoSuchProviderException;
|
|
import java.security.Provider;
|
|
import java.security.Security;
|
|
import java.security.UnrecoverableKeyException;
|
|
import java.security.cert.CertificateException;
|
|
import java.util.Arrays;
|
|
import java.util.Collection;
|
|
import java.util.Collections;
|
|
import java.util.HashSet;
|
|
import java.util.Locale;
|
|
import java.util.Set;
|
|
import java.util.logging.Level;
|
|
import java.util.logging.Logger;
|
|
|
|
import javax.net.SocketFactory;
|
|
import javax.net.ssl.HostnameVerifier;
|
|
import javax.net.ssl.KeyManager;
|
|
import javax.net.ssl.KeyManagerFactory;
|
|
import javax.net.ssl.SSLContext;
|
|
import javax.net.ssl.TrustManager;
|
|
import javax.net.ssl.X509TrustManager;
|
|
import javax.security.auth.callback.Callback;
|
|
import javax.security.auth.callback.CallbackHandler;
|
|
import javax.security.auth.callback.PasswordCallback;
|
|
import javax.security.auth.callback.UnsupportedCallbackException;
|
|
|
|
import org.jivesoftware.smack.datatypes.UInt16;
|
|
import org.jivesoftware.smack.debugger.SmackDebuggerFactory;
|
|
import org.jivesoftware.smack.internal.SmackTlsContext;
|
|
import org.jivesoftware.smack.packet.id.StandardStanzaIdSource;
|
|
import org.jivesoftware.smack.packet.id.StanzaIdSource;
|
|
import org.jivesoftware.smack.packet.id.StanzaIdSourceFactory;
|
|
import org.jivesoftware.smack.proxy.ProxyInfo;
|
|
import org.jivesoftware.smack.sasl.SASLMechanism;
|
|
import org.jivesoftware.smack.sasl.core.SASLAnonymous;
|
|
import org.jivesoftware.smack.util.CloseableUtil;
|
|
import org.jivesoftware.smack.util.CollectionUtil;
|
|
import org.jivesoftware.smack.util.DNSUtil;
|
|
import org.jivesoftware.smack.util.Objects;
|
|
import org.jivesoftware.smack.util.SslContextFactory;
|
|
import org.jivesoftware.smack.util.StringUtils;
|
|
import org.jivesoftware.smack.util.TLSUtils;
|
|
import org.jivesoftware.smack.util.dns.SmackDaneProvider;
|
|
import org.jivesoftware.smack.util.dns.SmackDaneVerifier;
|
|
|
|
import org.jxmpp.jid.DomainBareJid;
|
|
import org.jxmpp.jid.EntityBareJid;
|
|
import org.jxmpp.jid.impl.JidCreate;
|
|
import org.jxmpp.jid.parts.Resourcepart;
|
|
import org.jxmpp.stringprep.XmppStringprepException;
|
|
import org.minidns.dnsname.DnsName;
|
|
import org.minidns.dnsname.InvalidDnsNameException;
|
|
import org.minidns.util.InetAddressUtil;
|
|
|
|
/**
|
|
* The connection configuration used for XMPP client-to-server connections. A well configured XMPP service will
|
|
* typically only require you to provide two parameters: The XMPP address, also known as the JID, of the user and the
|
|
* password. All other configuration parameters could ideally be determined automatically by Smack. Hence it is often
|
|
* enough to call {@link Builder#setXmppAddressAndPassword(CharSequence, String)}.
|
|
* <p>
|
|
* Technically there are typically at least two parameters required: Some kind of credentials for authentication. And
|
|
* the XMPP service domain. The credentials often consists of a username and password use for the SASL authentication.
|
|
* But there are also other authentication mechanisms, like client side certificates, which do not require a particular
|
|
* username and password.
|
|
* </p>
|
|
* <p>
|
|
* There are some misconceptions about XMPP client-to-server parameters: The first is that the username used for
|
|
* authentication will be equal to the localpart of the bound XMPP address after authentication. While this is usually
|
|
* true, it is not required. Technically the username used for authentication and the resulting XMPP address are
|
|
* completely independent from each other. The second common misconception steers from the terms "XMPP host" and "XMPP
|
|
* service domain": An XMPP service host is a system which hosts one or multiple XMPP domains. The "XMPP service domain"
|
|
* will be usually the domainpart of the bound JID. This domain is used to verify the remote endpoint, typically using
|
|
* TLS. This third misconception is that the XMPP service domain is required to become the domainpart of the bound JID.
|
|
* Again, while this is very common to be true, it is not strictly required.
|
|
* </p>
|
|
*
|
|
* @author Gaston Dombiak
|
|
* @author Florian Schmaus
|
|
*/
|
|
public abstract class ConnectionConfiguration {
|
|
|
|
static {
|
|
// Ensure that Smack is initialized when ConnectionConfiguration is used, or otherwise e.g.
|
|
// SmackConfiguration.DEBUG may not be initialized yet.
|
|
SmackConfiguration.getVersion();
|
|
}
|
|
|
|
private static final Logger LOGGER = Logger.getLogger(ConnectionConfiguration.class.getName());
|
|
|
|
/**
|
|
* The XMPP domain of the XMPP Service. Usually servers use the same service name as the name
|
|
* of the server. However, there are some servers like google where host would be
|
|
* talk.google.com and the serviceName would be gmail.com.
|
|
*/
|
|
protected final DomainBareJid xmppServiceDomain;
|
|
|
|
protected final DnsName xmppServiceDomainDnsName;
|
|
|
|
protected final InetAddress hostAddress;
|
|
protected final DnsName host;
|
|
protected final UInt16 port;
|
|
|
|
/**
|
|
* Used to get information from the user
|
|
*/
|
|
private final CallbackHandler callbackHandler;
|
|
|
|
private final SmackDebuggerFactory debuggerFactory;
|
|
|
|
// Holds the socket factory that is used to generate the socket in the connection
|
|
private final SocketFactory socketFactory;
|
|
|
|
private final CharSequence username;
|
|
private final String password;
|
|
private final Resourcepart resource;
|
|
|
|
private final Locale language;
|
|
|
|
/**
|
|
* The optional SASL authorization identity (see RFC 6120 § 6.3.8).
|
|
*/
|
|
private final EntityBareJid authzid;
|
|
|
|
/**
|
|
* Initial presence as of RFC 6121 § 4.2
|
|
* @see <a href="http://xmpp.org/rfcs/rfc6121.html#presence-initial">RFC 6121 § 4.2 Initial Presence</a>
|
|
*/
|
|
private final boolean sendPresence;
|
|
|
|
private final SecurityMode securityMode;
|
|
|
|
final SmackTlsContext smackTlsContext;
|
|
|
|
private final DnssecMode dnssecMode;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
private final String[] enabledSSLProtocols;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
private final String[] enabledSSLCiphers;
|
|
|
|
private final HostnameVerifier hostnameVerifier;
|
|
|
|
// Holds the proxy information (such as proxyhost, proxyport, username, password etc)
|
|
protected final ProxyInfo proxy;
|
|
|
|
protected final boolean allowNullOrEmptyUsername;
|
|
|
|
private final Set<String> enabledSaslMechanisms;
|
|
|
|
private final boolean compressionEnabled;
|
|
|
|
private final StanzaIdSourceFactory stanzaIdSourceFactory;
|
|
|
|
protected ConnectionConfiguration(Builder<?, ?> builder) {
|
|
try {
|
|
smackTlsContext = getSmackTlsContext(builder.dnssecMode, builder.sslContextFactory,
|
|
builder.customX509TrustManager, builder.keystoreType, builder.keystorePath,
|
|
builder.callbackHandler, builder.pkcs11Library);
|
|
} catch (UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException | CertificateException
|
|
| KeyStoreException | NoSuchProviderException | IOException | NoSuchMethodException
|
|
| SecurityException | ClassNotFoundException | InstantiationException | IllegalAccessException
|
|
| IllegalArgumentException | InvocationTargetException | UnsupportedCallbackException e) {
|
|
throw new IllegalArgumentException(e);
|
|
}
|
|
|
|
authzid = builder.authzid;
|
|
username = builder.username;
|
|
password = builder.password;
|
|
callbackHandler = builder.callbackHandler;
|
|
|
|
// Resource can be null, this means that the server must provide one
|
|
resource = builder.resource;
|
|
|
|
language = builder.language;
|
|
|
|
xmppServiceDomain = builder.xmppServiceDomain;
|
|
if (xmppServiceDomain == null) {
|
|
throw new IllegalArgumentException("Must define the XMPP domain");
|
|
}
|
|
|
|
DnsName xmppServiceDomainDnsName;
|
|
try {
|
|
xmppServiceDomainDnsName = DnsName.from(xmppServiceDomain);
|
|
} catch (InvalidDnsNameException e) {
|
|
LOGGER.log(Level.INFO,
|
|
"Could not transform XMPP service domain '" + xmppServiceDomain
|
|
+ "' to a DNS name. TLS X.509 certificate validiation may not be possible.",
|
|
e);
|
|
xmppServiceDomainDnsName = null;
|
|
}
|
|
this.xmppServiceDomainDnsName = xmppServiceDomainDnsName;
|
|
|
|
hostAddress = builder.hostAddress;
|
|
host = builder.host;
|
|
port = builder.port;
|
|
|
|
proxy = builder.proxy;
|
|
socketFactory = builder.socketFactory;
|
|
|
|
dnssecMode = builder.dnssecMode;
|
|
|
|
securityMode = builder.securityMode;
|
|
enabledSSLProtocols = builder.enabledSSLProtocols;
|
|
enabledSSLCiphers = builder.enabledSSLCiphers;
|
|
hostnameVerifier = builder.hostnameVerifier;
|
|
sendPresence = builder.sendPresence;
|
|
debuggerFactory = builder.debuggerFactory;
|
|
allowNullOrEmptyUsername = builder.allowEmptyOrNullUsername;
|
|
enabledSaslMechanisms = builder.enabledSaslMechanisms;
|
|
|
|
compressionEnabled = builder.compressionEnabled;
|
|
|
|
stanzaIdSourceFactory = builder.stanzaIdSourceFactory;
|
|
|
|
// If the enabledSaslmechanisms are set, then they must not be empty
|
|
assert enabledSaslMechanisms == null || !enabledSaslMechanisms.isEmpty();
|
|
}
|
|
|
|
private static SmackTlsContext getSmackTlsContext(DnssecMode dnssecMode, SslContextFactory sslContextFactory,
|
|
X509TrustManager trustManager, String keystoreType, String keystorePath,
|
|
CallbackHandler callbackHandler, String pkcs11Library) throws NoSuchAlgorithmException,
|
|
CertificateException, IOException, KeyStoreException, NoSuchProviderException,
|
|
UnrecoverableKeyException, KeyManagementException, UnsupportedCallbackException,
|
|
NoSuchMethodException, SecurityException, ClassNotFoundException, InstantiationException,
|
|
IllegalAccessException, IllegalArgumentException, InvocationTargetException {
|
|
final SSLContext context;
|
|
if (sslContextFactory != null) {
|
|
context = sslContextFactory.createSslContext();
|
|
} else {
|
|
// If the user didn't specify a SslContextFactory, use the default one
|
|
context = SSLContext.getInstance("TLS");
|
|
}
|
|
|
|
KeyStore ks = null;
|
|
PasswordCallback pcb = null;
|
|
KeyManager[] kms = null;
|
|
|
|
if ("PKCS11".equals(keystoreType)) {
|
|
Constructor<?> c = Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class);
|
|
String pkcs11Config = "name = SmartCard\nlibrary = " + pkcs11Library;
|
|
ByteArrayInputStream config = new ByteArrayInputStream(pkcs11Config.getBytes(StandardCharsets.UTF_8));
|
|
Provider p = (Provider) c.newInstance(config);
|
|
Security.addProvider(p);
|
|
ks = KeyStore.getInstance("PKCS11", p);
|
|
pcb = new PasswordCallback("PKCS11 Password: ", false);
|
|
callbackHandler.handle(new Callback[] { pcb });
|
|
ks.load(null, pcb.getPassword());
|
|
} else if ("Apple".equals(keystoreType)) {
|
|
ks = KeyStore.getInstance("KeychainStore", "Apple");
|
|
ks.load(null, null);
|
|
// pcb = new PasswordCallback("Apple Keychain",false);
|
|
// pcb.setPassword(null);
|
|
} else if (keystoreType != null) {
|
|
ks = KeyStore.getInstance(keystoreType);
|
|
if (callbackHandler != null && StringUtils.isNotEmpty(keystorePath)) {
|
|
pcb = new PasswordCallback("Keystore Password: ", false);
|
|
callbackHandler.handle(new Callback[] { pcb });
|
|
ks.load(new FileInputStream(keystorePath), pcb.getPassword());
|
|
} else {
|
|
InputStream stream = TLSUtils.getDefaultTruststoreStreamIfPossible();
|
|
try {
|
|
// Note that PKCS12 keystores need a password one some Java platforms. Hence we try the famous
|
|
// 'changeit' here. See https://bugs.openjdk.java.net/browse/JDK-8194702
|
|
char[] password = "changeit".toCharArray();
|
|
try {
|
|
ks.load(stream, password);
|
|
} finally {
|
|
CloseableUtil.maybeClose(stream);
|
|
}
|
|
} catch (IOException e) {
|
|
LOGGER.log(Level.FINE, "KeyStore load() threw, attempting 'jks' fallback", e);
|
|
|
|
ks = KeyStore.getInstance("jks");
|
|
// Open the stream again, so that we read it from the beginning.
|
|
stream = TLSUtils.getDefaultTruststoreStreamIfPossible();
|
|
try {
|
|
ks.load(stream, null);
|
|
} finally {
|
|
CloseableUtil.maybeClose(stream);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (ks != null) {
|
|
String keyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
|
|
KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithm);
|
|
if (kmf != null) {
|
|
if (pcb == null) {
|
|
kmf.init(ks, null);
|
|
} else {
|
|
kmf.init(ks, pcb.getPassword());
|
|
pcb.clearPassword();
|
|
}
|
|
kms = kmf.getKeyManagers();
|
|
}
|
|
}
|
|
|
|
SmackDaneVerifier daneVerifier = null;
|
|
if (dnssecMode == DnssecMode.needsDnssecAndDane) {
|
|
SmackDaneProvider daneProvider = DNSUtil.getDaneProvider();
|
|
if (daneProvider == null) {
|
|
throw new UnsupportedOperationException("DANE enabled but no SmackDaneProvider configured");
|
|
}
|
|
daneVerifier = daneProvider.newInstance();
|
|
if (daneVerifier == null) {
|
|
throw new IllegalStateException("DANE requested but DANE provider did not return a DANE verifier");
|
|
}
|
|
|
|
// User requested DANE verification.
|
|
daneVerifier.init(context, kms, trustManager, null);
|
|
} else {
|
|
final TrustManager[] trustManagers;
|
|
if (trustManager != null) {
|
|
trustManagers = new TrustManager[] { trustManager };
|
|
} else {
|
|
// Ensure trustManagers is null in case there was no explicit trust manager provided, so that the
|
|
// default one is used.
|
|
trustManagers = null;
|
|
}
|
|
|
|
context.init(kms, trustManagers, null);
|
|
}
|
|
|
|
return new SmackTlsContext(context, daneVerifier);
|
|
}
|
|
|
|
public DnsName getHost() {
|
|
return host;
|
|
}
|
|
|
|
public InetAddress getHostAddress() {
|
|
return hostAddress;
|
|
}
|
|
|
|
public UInt16 getPort() {
|
|
return port;
|
|
}
|
|
|
|
/**
|
|
* Returns the server name of the target server.
|
|
*
|
|
* @return the server name of the target server.
|
|
* @deprecated use {@link #getXMPPServiceDomain()} instead.
|
|
*/
|
|
@Deprecated
|
|
public DomainBareJid getServiceName() {
|
|
return xmppServiceDomain;
|
|
}
|
|
|
|
/**
|
|
* Returns the XMPP domain used by this configuration.
|
|
*
|
|
* @return the XMPP domain.
|
|
*/
|
|
public DomainBareJid getXMPPServiceDomain() {
|
|
return xmppServiceDomain;
|
|
}
|
|
|
|
/**
|
|
* Returns the XMPP service domain as DNS name if possible. Note that since not every XMPP address domainpart is a
|
|
* valid DNS name, this method may return <code>null</code>.
|
|
*
|
|
* @return the XMPP service domain as DNS name or <code>null</code>.
|
|
* @since 4.3.4
|
|
*/
|
|
public DnsName getXmppServiceDomainAsDnsNameIfPossible() {
|
|
return xmppServiceDomainDnsName;
|
|
}
|
|
|
|
/**
|
|
* Returns the TLS security mode used when making the connection. By default,
|
|
* the mode is {@link SecurityMode#ifpossible}.
|
|
*
|
|
* @return the security mode.
|
|
*/
|
|
public SecurityMode getSecurityMode() {
|
|
return securityMode;
|
|
}
|
|
|
|
public DnssecMode getDnssecMode() {
|
|
return dnssecMode;
|
|
}
|
|
|
|
/**
|
|
* Return the enabled SSL/TLS protocols.
|
|
*
|
|
* @return the enabled SSL/TLS protocols
|
|
*/
|
|
public String[] getEnabledSSLProtocols() {
|
|
return enabledSSLProtocols;
|
|
}
|
|
|
|
/**
|
|
* Return the enabled SSL/TLS ciphers.
|
|
*
|
|
* @return the enabled SSL/TLS ciphers
|
|
*/
|
|
public String[] getEnabledSSLCiphers() {
|
|
return enabledSSLCiphers;
|
|
}
|
|
|
|
/**
|
|
* Returns the configured HostnameVerifier of this ConnectionConfiguration or the Smack default
|
|
* HostnameVerifier configured with
|
|
* {@link SmackConfiguration#setDefaultHostnameVerifier(HostnameVerifier)}.
|
|
*
|
|
* @return a configured HostnameVerifier or <code>null</code>
|
|
*/
|
|
public HostnameVerifier getHostnameVerifier() {
|
|
if (hostnameVerifier != null)
|
|
return hostnameVerifier;
|
|
return SmackConfiguration.getDefaultHostnameVerifier();
|
|
}
|
|
|
|
/**
|
|
* Returns the Smack debugger factory.
|
|
*
|
|
* @return the Smack debugger factory or <code>null</code>
|
|
*/
|
|
public SmackDebuggerFactory getDebuggerFactory() {
|
|
return debuggerFactory;
|
|
}
|
|
|
|
/**
|
|
* Returns a CallbackHandler to obtain information, such as the password or
|
|
* principal information during the SASL authentication. A CallbackHandler
|
|
* will be used <b>ONLY</b> if no password was specified during the login while
|
|
* using SASL authentication.
|
|
*
|
|
* @return a CallbackHandler to obtain information, such as the password or
|
|
* principal information during the SASL authentication.
|
|
*/
|
|
public CallbackHandler getCallbackHandler() {
|
|
return callbackHandler;
|
|
}
|
|
|
|
/**
|
|
* Returns the socket factory used to create new xmppConnection sockets.
|
|
* This is useful when connecting through SOCKS5 proxies.
|
|
*
|
|
* @return socketFactory used to create new sockets.
|
|
*/
|
|
public SocketFactory getSocketFactory() {
|
|
return this.socketFactory;
|
|
}
|
|
|
|
/**
|
|
* Get the configured proxy information (if any).
|
|
*
|
|
* @return the configured proxy information or <code>null</code>.
|
|
*/
|
|
public ProxyInfo getProxyInfo() {
|
|
return proxy;
|
|
}
|
|
|
|
/**
|
|
* An enumeration for TLS security modes that are available when making a connection
|
|
* to the XMPP server.
|
|
*/
|
|
public enum SecurityMode {
|
|
|
|
/**
|
|
* Security via TLS encryption is required in order to connect. If the server
|
|
* does not offer TLS or if the TLS negotiation fails, the connection to the server
|
|
* will fail.
|
|
*/
|
|
required,
|
|
|
|
/**
|
|
* Security via TLS encryption is used whenever it's available. This is the
|
|
* default setting.
|
|
* <p>
|
|
* <b>Do not use this setting</b> unless you can't use {@link #required}. An attacker could easily perform a
|
|
* Man-in-the-middle attack and prevent TLS from being used, leaving you with an unencrypted (and
|
|
* unauthenticated) connection.
|
|
* </p>
|
|
*/
|
|
ifpossible,
|
|
|
|
/**
|
|
* Security via TLS encryption is disabled and only un-encrypted connections will
|
|
* be used. If only TLS encryption is available from the server, the connection
|
|
* will fail.
|
|
*/
|
|
disabled
|
|
}
|
|
|
|
/**
|
|
* Determines the requested DNSSEC security mode.
|
|
* <b>Note that Smack's support for DNSSEC/DANE is experimental!</b>
|
|
* <p>
|
|
* The default '{@link #disabled}' means that neither DNSSEC nor DANE verification will be performed. When
|
|
* '{@link #needsDnssec}' is used, then the connection will not be established if the resource records used to connect
|
|
* to the XMPP service are not authenticated by DNSSEC. Additionally, if '{@link #needsDnssecAndDane}' is used, then
|
|
* the XMPP service's TLS certificate is verified using DANE.
|
|
*
|
|
*/
|
|
public enum DnssecMode {
|
|
|
|
/**
|
|
* Do not perform any DNSSEC authentication or DANE verification.
|
|
*/
|
|
disabled,
|
|
|
|
/**
|
|
* <b>Experimental!</b>
|
|
* Require all DNS information to be authenticated by DNSSEC.
|
|
*/
|
|
needsDnssec,
|
|
|
|
/**
|
|
* <b>Experimental!</b>
|
|
* Require all DNS information to be authenticated by DNSSEC and require the XMPP service's TLS certificate to be verified using DANE.
|
|
*/
|
|
needsDnssecAndDane,
|
|
|
|
}
|
|
|
|
/**
|
|
* Returns the username to use when trying to reconnect to the server.
|
|
*
|
|
* @return the username to use when trying to reconnect to the server.
|
|
*/
|
|
public CharSequence getUsername() {
|
|
return this.username;
|
|
}
|
|
|
|
/**
|
|
* Returns the password to use when trying to reconnect to the server.
|
|
*
|
|
* @return the password to use when trying to reconnect to the server.
|
|
*/
|
|
public String getPassword() {
|
|
return this.password;
|
|
}
|
|
|
|
/**
|
|
* Returns the resource to use when trying to reconnect to the server.
|
|
*
|
|
* @return the resource to use when trying to reconnect to the server.
|
|
*/
|
|
public Resourcepart getResource() {
|
|
return resource;
|
|
}
|
|
|
|
/**
|
|
* Returns the stream language to use when connecting to the server.
|
|
*
|
|
* @return the stream language to use when connecting to the server.
|
|
*/
|
|
public Locale getLanguage() {
|
|
return language;
|
|
}
|
|
|
|
/**
|
|
* Returns the xml:lang string of the stream language to use when connecting to the server.
|
|
*
|
|
* <p>If the developer sets the language to null, this will also return null, leading to
|
|
* the removal of the xml:lang tag from the stream. If a Locale("") is configured, this will
|
|
* return "", which can be used as an override.</p>
|
|
*
|
|
* @return the stream language to use when connecting to the server.
|
|
*/
|
|
public String getXmlLang() {
|
|
// TODO: Change to Locale.toLanguageTag() once Smack's minimum Android API level is 21 or higher.
|
|
// This will need a workaround for new Locale("").getLanguageTag() returning "und". Expected
|
|
// behavior of this function:
|
|
// - returns null if language is null
|
|
// - returns "" if language.getLanguage() returns the empty string
|
|
// - returns language.toLanguageTag() otherwise
|
|
return language != null ? language.toString().replace("_", "-") : null;
|
|
}
|
|
|
|
/**
|
|
* Returns the optional XMPP address to be requested as the SASL authorization identity.
|
|
*
|
|
* @return the authorization identifier.
|
|
* @see <a href="http://tools.ietf.org/html/rfc6120#section-6.3.8">RFC 6120 § 6.3.8. Authorization Identity</a>
|
|
* @since 4.2
|
|
*/
|
|
public EntityBareJid getAuthzid() {
|
|
return authzid;
|
|
}
|
|
|
|
/**
|
|
* Returns true if an available presence should be sent when logging in while reconnecting.
|
|
*
|
|
* @return true if an available presence should be sent when logging in while reconnecting
|
|
*/
|
|
public boolean isSendPresence() {
|
|
return sendPresence;
|
|
}
|
|
|
|
/**
|
|
* Returns true if the connection is going to use stream compression. Stream compression
|
|
* will be requested after TLS was established (if TLS was enabled) and only if the server
|
|
* offered stream compression. With stream compression network traffic can be reduced
|
|
* up to 90%. By default compression is disabled.
|
|
*
|
|
* @return true if the connection is going to use stream compression.
|
|
*/
|
|
public boolean isCompressionEnabled() {
|
|
return compressionEnabled;
|
|
}
|
|
|
|
/**
|
|
* Check if the given SASL mechansism is enabled in this connection configuration.
|
|
*
|
|
* @param saslMechanism TODO javadoc me please
|
|
* @return true if the given SASL mechanism is enabled, false otherwise.
|
|
*/
|
|
public boolean isEnabledSaslMechanism(String saslMechanism) {
|
|
// If enabledSaslMechanisms is not set, then all mechanisms which are not blacklisted are enabled per default.
|
|
if (enabledSaslMechanisms == null) {
|
|
return !SASLAuthentication.getBlacklistedSASLMechanisms().contains(saslMechanism);
|
|
}
|
|
return enabledSaslMechanisms.contains(saslMechanism);
|
|
}
|
|
|
|
/**
|
|
* Return the explicitly enabled SASL mechanisms. May return <code>null</code> if no SASL mechanisms where
|
|
* explicitly enabled, i.e. all SALS mechanisms supported and announced by the service will be considered.
|
|
*
|
|
* @return the enabled SASL mechanisms or <code>null</code>.
|
|
*/
|
|
public Set<String> getEnabledSaslMechanisms() {
|
|
if (enabledSaslMechanisms == null) {
|
|
return null;
|
|
}
|
|
return Collections.unmodifiableSet(enabledSaslMechanisms);
|
|
}
|
|
|
|
StanzaIdSource constructStanzaIdSource() {
|
|
return stanzaIdSourceFactory.constructStanzaIdSource();
|
|
}
|
|
|
|
/**
|
|
* A builder for XMPP connection configurations.
|
|
* <p>
|
|
* This is an abstract class that uses the builder design pattern and the "getThis() trick" to recover the type of
|
|
* the builder in a class hierarchies with a self-referential generic supertype. Otherwise chaining of build
|
|
* instructions from the superclasses followed by build instructions of a subclass would not be possible, because
|
|
* the superclass build instructions would return the builder of the superclass and not the one of the subclass. You
|
|
* can read more about it a Angelika Langer's Generics FAQ, especially the entry <a
|
|
* href="http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html#FAQ206">What is the
|
|
* "getThis()" trick?</a>.
|
|
* </p>
|
|
*
|
|
* @param <B> the builder type parameter.
|
|
* @param <C> the resulting connection configuration type parameter.
|
|
*/
|
|
public abstract static class Builder<B extends Builder<B, C>, C extends ConnectionConfiguration> {
|
|
private SecurityMode securityMode = SecurityMode.required;
|
|
private DnssecMode dnssecMode = DnssecMode.disabled;
|
|
private String keystorePath;
|
|
private String keystoreType;
|
|
private String pkcs11Library = "pkcs11.config";
|
|
private SslContextFactory sslContextFactory;
|
|
private String[] enabledSSLProtocols;
|
|
private String[] enabledSSLCiphers;
|
|
private HostnameVerifier hostnameVerifier;
|
|
private EntityBareJid authzid;
|
|
private CharSequence username;
|
|
private String password;
|
|
private Resourcepart resource;
|
|
private Locale language = Locale.getDefault();
|
|
private boolean sendPresence = true;
|
|
private ProxyInfo proxy;
|
|
private CallbackHandler callbackHandler;
|
|
private SmackDebuggerFactory debuggerFactory;
|
|
private SocketFactory socketFactory;
|
|
private DomainBareJid xmppServiceDomain;
|
|
private InetAddress hostAddress;
|
|
private DnsName host;
|
|
private UInt16 port = UInt16.from(5222);
|
|
private boolean allowEmptyOrNullUsername = false;
|
|
private boolean saslMechanismsSealed;
|
|
private Set<String> enabledSaslMechanisms;
|
|
private X509TrustManager customX509TrustManager;
|
|
private boolean compressionEnabled = false;
|
|
private StanzaIdSourceFactory stanzaIdSourceFactory = new StandardStanzaIdSource.Factory();
|
|
|
|
protected Builder() {
|
|
if (SmackConfiguration.DEBUG) {
|
|
enableDefaultDebugger();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Convenience method to configure the username, password and XMPP service domain.
|
|
*
|
|
* @param jid the XMPP address of the user.
|
|
* @param password the password of the user.
|
|
* @return a reference to this builder.
|
|
* @throws XmppStringprepException in case the XMPP address is not valid.
|
|
* @see #setXmppAddressAndPassword(EntityBareJid, String)
|
|
* @since 4.4.0
|
|
*/
|
|
public B setXmppAddressAndPassword(CharSequence jid, String password) throws XmppStringprepException {
|
|
return setXmppAddressAndPassword(JidCreate.entityBareFrom(jid), password);
|
|
}
|
|
|
|
/**
|
|
* Convenience method to configure the username, password and XMPP service domain. The localpart of the provided
|
|
* JID is used as username and the domanipart is used as XMPP service domain.
|
|
* <p>
|
|
* Please note that this does and can not configure the client XMPP address. XMPP services are not required to
|
|
* assign bound JIDs where the localpart matches the username and the domainpart matches the verified domainpart.
|
|
* Although most services will follow that pattern.
|
|
* </p>
|
|
*
|
|
* @param jid TODO javadoc me please
|
|
* @param password TODO javadoc me please
|
|
* @return a reference to this builder.
|
|
* @since 4.4.0
|
|
*/
|
|
public B setXmppAddressAndPassword(EntityBareJid jid, String password) {
|
|
setUsernameAndPassword(jid.getLocalpart(), password);
|
|
return setXmppDomain(jid.asDomainBareJid());
|
|
}
|
|
|
|
/**
|
|
* Set the XMPP entities username and password.
|
|
* <p>
|
|
* The username is usually the localpart of the clients JID. But some SASL mechanisms or services may require a different
|
|
* format (e.g. the full JID) as used authorization identity.
|
|
* </p>
|
|
*
|
|
* @param username the username or authorization identity
|
|
* @param password the password or token used to authenticate
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setUsernameAndPassword(CharSequence username, String password) {
|
|
this.username = username;
|
|
this.password = password;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the XMPP domain. The XMPP domain is what follows after the '@' sign in XMPP addresses (JIDs).
|
|
*
|
|
* @param serviceName the service name
|
|
* @return a reference to this builder.
|
|
* @deprecated use {@link #setXmppDomain(DomainBareJid)} instead.
|
|
*/
|
|
@Deprecated
|
|
public B setServiceName(DomainBareJid serviceName) {
|
|
return setXmppDomain(serviceName);
|
|
}
|
|
|
|
/**
|
|
* Set the XMPP domain. The XMPP domain is what follows after the '@' sign in XMPP addresses (JIDs).
|
|
*
|
|
* @param xmppDomain the XMPP domain.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setXmppDomain(DomainBareJid xmppDomain) {
|
|
this.xmppServiceDomain = xmppDomain;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the XMPP domain. The XMPP domain is what follows after the '@' sign in XMPP addresses (JIDs).
|
|
*
|
|
* @param xmppServiceDomain the XMPP domain.
|
|
* @return a reference to this builder.
|
|
* @throws XmppStringprepException if the given string is not a domain bare JID.
|
|
*/
|
|
public B setXmppDomain(String xmppServiceDomain) throws XmppStringprepException {
|
|
this.xmppServiceDomain = JidCreate.domainBareFrom(xmppServiceDomain);
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the resource we are requesting from the server.
|
|
* <p>
|
|
* If <code>resource</code> is <code>null</code>, the default, then the server will automatically create a
|
|
* resource for the client. Note that XMPP clients only suggest this resource to the server. XMPP servers are
|
|
* allowed to ignore the client suggested resource and instead assign a completely different
|
|
* resource (see RFC 6120 § 7.7.1).
|
|
* </p>
|
|
*
|
|
* @param resource the resource to use.
|
|
* @return a reference to this builder.
|
|
* @see <a href="https://tools.ietf.org/html/rfc6120#section-7.7.1">RFC 6120 § 7.7.1</a>
|
|
*/
|
|
public B setResource(Resourcepart resource) {
|
|
this.resource = resource;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the stream language.
|
|
*
|
|
* @param language the language to use.
|
|
* @return a reference to this builder.
|
|
* @see <a href="https://tools.ietf.org/html/rfc6120#section-4.7.4">RFC 6120 § 4.7.4</a>
|
|
* @see <a href="https://www.w3.org/TR/xml/#sec-lang-tag">XML 1.0 § 2.12 Language Identification</a>
|
|
*/
|
|
public B setLanguage(Locale language) {
|
|
this.language = language;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the resource we are requesting from the server.
|
|
*
|
|
* @param resource the non-null CharSequence to use a resource.
|
|
* @return a reference ot this builder.
|
|
* @throws XmppStringprepException if the CharSequence is not a valid resourcepart.
|
|
* @see #setResource(Resourcepart)
|
|
*/
|
|
public B setResource(CharSequence resource) throws XmppStringprepException {
|
|
Objects.requireNonNull(resource, "resource must not be null");
|
|
return setResource(Resourcepart.from(resource.toString()));
|
|
}
|
|
|
|
/**
|
|
* Set the Internet address of the host providing the XMPP service. If set, then this will overwrite anything
|
|
* set via {@link #setHost(CharSequence)}.
|
|
*
|
|
* @param address the Internet address of the host providing the XMPP service.
|
|
* @return a reference to this builder.
|
|
* @since 4.2
|
|
*/
|
|
public B setHostAddress(InetAddress address) {
|
|
this.hostAddress = address;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the name of the host providing the XMPP service. This method takes DNS names and
|
|
* IP addresses.
|
|
*
|
|
* @param host the DNS name of the host providing the XMPP service.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setHost(CharSequence host) {
|
|
String fqdnOrIpString = host.toString();
|
|
if (InetAddressUtil.isIpAddress(fqdnOrIpString)) {
|
|
InetAddress hostInetAddress;
|
|
try {
|
|
hostInetAddress = InetAddress.getByName(fqdnOrIpString);
|
|
}
|
|
catch (UnknownHostException e) {
|
|
// Should never happen.
|
|
throw new AssertionError(e);
|
|
}
|
|
setHostAddress(hostInetAddress);
|
|
} else {
|
|
DnsName dnsName = DnsName.from(fqdnOrIpString);
|
|
setHost(dnsName);
|
|
}
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the name of the host providing the XMPP service. Note that this method does only allow DNS names and not
|
|
* IP addresses. Use {@link #setHostAddress(InetAddress)} if you want to explicitly set the Internet address of
|
|
* the host providing the XMPP service.
|
|
*
|
|
* @param host the DNS name of the host providing the XMPP service.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setHost(DnsName host) {
|
|
this.host = host;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the host to connect to by either its fully qualified domain name (FQDN) or its IP.
|
|
*
|
|
* @param fqdnOrIp a CharSequence either representing the FQDN or the IP of the host.
|
|
* @return a reference to this builder.
|
|
* @see #setHost(DnsName)
|
|
* @see #setHostAddress(InetAddress)
|
|
* @since 4.3.2
|
|
* @deprecated use {@link #setHost(CharSequence)} instead.
|
|
*/
|
|
@Deprecated
|
|
// TODO: Remove in Smack 4.5.
|
|
public B setHostAddressByNameOrIp(CharSequence fqdnOrIp) {
|
|
return setHost(fqdnOrIp);
|
|
}
|
|
|
|
public B setPort(int port) {
|
|
if (port < 0 || port > 65535) {
|
|
throw new IllegalArgumentException(
|
|
"Port must be a 16-bit unsigned integer (i.e. between 0-65535. Port was: " + port);
|
|
}
|
|
UInt16 portUint16 = UInt16.from(port);
|
|
return setPort(portUint16);
|
|
}
|
|
|
|
public B setPort(UInt16 port) {
|
|
this.port = Objects.requireNonNull(port);
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets a CallbackHandler to obtain information, such as the password or
|
|
* principal information during the SASL authentication. A CallbackHandler
|
|
* will be used <b>ONLY</b> if no password was specified during the login while
|
|
* using SASL authentication.
|
|
*
|
|
* @param callbackHandler to obtain information, such as the password or
|
|
* principal information during the SASL authentication.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setCallbackHandler(CallbackHandler callbackHandler) {
|
|
this.callbackHandler = callbackHandler;
|
|
return getThis();
|
|
}
|
|
|
|
public B setDnssecMode(DnssecMode dnssecMode) {
|
|
this.dnssecMode = Objects.requireNonNull(dnssecMode, "DNSSEC mode must not be null");
|
|
return getThis();
|
|
}
|
|
|
|
public B setCustomX509TrustManager(X509TrustManager x509TrustManager) {
|
|
this.customX509TrustManager = x509TrustManager;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets the TLS security mode used when making the connection. By default,
|
|
* the mode is {@link SecurityMode#ifpossible}.
|
|
*
|
|
* @param securityMode the security mode.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setSecurityMode(SecurityMode securityMode) {
|
|
this.securityMode = securityMode;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets the path to the keystore file. The key store file contains the
|
|
* certificates that may be used to authenticate the client to the server,
|
|
* in the event the server requests or requires it.
|
|
*
|
|
* @param keystorePath the path to the keystore file.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setKeystorePath(String keystorePath) {
|
|
this.keystorePath = keystorePath;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets the keystore type.
|
|
*
|
|
* @param keystoreType the keystore type.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setKeystoreType(String keystoreType) {
|
|
this.keystoreType = keystoreType;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets the PKCS11 library file location, needed when the
|
|
* Keystore type is PKCS11.
|
|
*
|
|
* @param pkcs11Library the path to the PKCS11 library file.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setPKCS11Library(String pkcs11Library) {
|
|
this.pkcs11Library = pkcs11Library;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets a custom SSLContext for creating SSL sockets.
|
|
* <p>
|
|
* For more information on how to create a SSLContext see <a href=
|
|
* "http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager"
|
|
* >Java Secure Socket Extension (JSEE) Reference Guide: Creating Your Own X509TrustManager</a>
|
|
*
|
|
* @param context the custom SSLContext for new sockets.
|
|
* @return a reference to this builder.
|
|
* @deprecated use {@link #setSslContextFactory(SslContextFactory)} instead}.
|
|
*/
|
|
// TODO: Remove in Smack 4.5.
|
|
@Deprecated
|
|
public B setCustomSSLContext(SSLContext context) {
|
|
return setSslContextFactory(() -> {
|
|
return context;
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Sets a custom SSLContext for creating SSL sockets.
|
|
* <p>
|
|
* For more information on how to create a SSLContext see <a href=
|
|
* "http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager"
|
|
* >Java Secure Socket Extension (JSEE) Reference Guide: Creating Your Own X509TrustManager</a>
|
|
*
|
|
* @param sslContextFactory the custom SSLContext for new sockets.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setSslContextFactory(SslContextFactory sslContextFactory) {
|
|
this.sslContextFactory = Objects.requireNonNull(sslContextFactory, "The provided SslContextFactory must not be null");
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the enabled SSL/TLS protocols.
|
|
*
|
|
* @param enabledSSLProtocols TODO javadoc me please
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setEnabledSSLProtocols(String[] enabledSSLProtocols) {
|
|
this.enabledSSLProtocols = enabledSSLProtocols;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the enabled SSL/TLS ciphers.
|
|
*
|
|
* @param enabledSSLCiphers the enabled SSL/TLS ciphers
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setEnabledSSLCiphers(String[] enabledSSLCiphers) {
|
|
this.enabledSSLCiphers = enabledSSLCiphers;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the HostnameVerifier used to verify the hostname of SSLSockets used by XMPP connections
|
|
* created with this ConnectionConfiguration.
|
|
*
|
|
* @param verifier TODO javadoc me please
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setHostnameVerifier(HostnameVerifier verifier) {
|
|
hostnameVerifier = verifier;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets if an initial available presence will be sent to the server. By default
|
|
* an available presence will be sent to the server indicating that this presence
|
|
* is not online and available to receive messages. If you want to log in without
|
|
* being 'noticed' then pass a <code>false</code> value.
|
|
*
|
|
* @param sendPresence true if an initial available presence will be sent while logging in.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setSendPresence(boolean sendPresence) {
|
|
this.sendPresence = sendPresence;
|
|
return getThis();
|
|
}
|
|
|
|
public B enableDefaultDebugger() {
|
|
this.debuggerFactory = SmackConfiguration.getDefaultSmackDebuggerFactory();
|
|
assert this.debuggerFactory != null;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the Smack debugger factory used to construct Smack debuggers.
|
|
*
|
|
* @param debuggerFactory the Smack debugger factory.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setDebuggerFactory(SmackDebuggerFactory debuggerFactory) {
|
|
this.debuggerFactory = debuggerFactory;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets the socket factory used to create new xmppConnection sockets.
|
|
* This is useful when connecting through SOCKS5 proxies.
|
|
*
|
|
* @param socketFactory used to create new sockets.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setSocketFactory(SocketFactory socketFactory) {
|
|
this.socketFactory = socketFactory;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the information about the Proxy used for the connection.
|
|
*
|
|
* @param proxyInfo the Proxy information.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B setProxyInfo(ProxyInfo proxyInfo) {
|
|
this.proxy = proxyInfo;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Allow <code>null</code> or the empty String as username.
|
|
*
|
|
* Some SASL mechanisms (e.g. SASL External) may also signal the username (as "authorization identity"), in
|
|
* which case Smack should not throw an IllegalArgumentException when the username is not set.
|
|
*
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B allowEmptyOrNullUsernames() {
|
|
allowEmptyOrNullUsername = true;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Perform anonymous authentication using SASL ANONYMOUS. Your XMPP service must support this authentication
|
|
* mechanism. This method also calls {@link #addEnabledSaslMechanism(String)} with "ANONYMOUS" as argument.
|
|
*
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B performSaslAnonymousAuthentication() {
|
|
if (!SASLAuthentication.isSaslMechanismRegistered(SASLAnonymous.NAME)) {
|
|
throw new IllegalArgumentException("SASL " + SASLAnonymous.NAME + " is not registered");
|
|
}
|
|
throwIfEnabledSaslMechanismsSet();
|
|
|
|
allowEmptyOrNullUsernames();
|
|
addEnabledSaslMechanism(SASLAnonymous.NAME);
|
|
saslMechanismsSealed = true;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Perform authentication using SASL EXTERNAL. Your XMPP service must support this
|
|
* authentication mechanism. This method also calls {@link #addEnabledSaslMechanism(String)} with "EXTERNAL" as
|
|
* argument. It also calls {@link #allowEmptyOrNullUsernames()} and {@link #setSecurityMode(ConnectionConfiguration.SecurityMode)} to
|
|
* {@link SecurityMode#required}.
|
|
*
|
|
* @param sslContext custom SSLContext to be used.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B performSaslExternalAuthentication(SSLContext sslContext) {
|
|
if (!SASLAuthentication.isSaslMechanismRegistered(SASLMechanism.EXTERNAL)) {
|
|
throw new IllegalArgumentException("SASL " + SASLMechanism.EXTERNAL + " is not registered");
|
|
}
|
|
setCustomSSLContext(sslContext);
|
|
throwIfEnabledSaslMechanismsSet();
|
|
|
|
allowEmptyOrNullUsernames();
|
|
setSecurityMode(SecurityMode.required);
|
|
addEnabledSaslMechanism(SASLMechanism.EXTERNAL);
|
|
saslMechanismsSealed = true;
|
|
return getThis();
|
|
}
|
|
|
|
private void throwIfEnabledSaslMechanismsSet() {
|
|
if (enabledSaslMechanisms != null) {
|
|
throw new IllegalStateException("Enabled SASL mechanisms found");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Add the given mechanism to the enabled ones. See {@link #addEnabledSaslMechanism(Collection)} for a discussion about enabled SASL mechanisms.
|
|
*
|
|
* @param saslMechanism the name of the mechanism to enable.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B addEnabledSaslMechanism(String saslMechanism) {
|
|
return addEnabledSaslMechanism(Arrays.asList(StringUtils.requireNotNullNorEmpty(saslMechanism,
|
|
"saslMechanism must not be null nor empty")));
|
|
}
|
|
|
|
/**
|
|
* Enable the given SASL mechanisms. If you never add a mechanism to the set of enabled ones, <b>all mechanisms
|
|
* known to Smack</b> will be enabled. Only explicitly enable particular SASL mechanisms if you want to limit
|
|
* the used mechanisms to the enabled ones.
|
|
*
|
|
* @param saslMechanisms a collection of names of mechanisms to enable.
|
|
* @return a reference to this builder.
|
|
*/
|
|
public B addEnabledSaslMechanism(Collection<String> saslMechanisms) {
|
|
if (saslMechanismsSealed) {
|
|
throw new IllegalStateException("The enabled SASL mechanisms are sealed, you can not add new ones");
|
|
}
|
|
CollectionUtil.requireNotEmpty(saslMechanisms, "saslMechanisms");
|
|
Set<String> blacklistedMechanisms = SASLAuthentication.getBlacklistedSASLMechanisms();
|
|
for (String mechanism : saslMechanisms) {
|
|
if (!SASLAuthentication.isSaslMechanismRegistered(mechanism)) {
|
|
throw new IllegalArgumentException("SASL " + mechanism + " is not available. Consider registering it with Smack");
|
|
}
|
|
if (blacklistedMechanisms.contains(mechanism)) {
|
|
throw new IllegalArgumentException("SALS " + mechanism + " is blacklisted.");
|
|
}
|
|
}
|
|
if (enabledSaslMechanisms == null) {
|
|
enabledSaslMechanisms = new HashSet<>(saslMechanisms.size());
|
|
}
|
|
enabledSaslMechanisms.addAll(saslMechanisms);
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the XMPP address to be used as authorization identity.
|
|
* <p>
|
|
* In XMPP, authorization identities are bare jids. In general, callers should allow the server to select the
|
|
* authorization identifier automatically, and not call this. Note that setting the authzid does not set the XMPP
|
|
* service domain, which should typically match.
|
|
* Calling this will also SASL CRAM, since this mechanism does not support authzid.
|
|
* </p>
|
|
*
|
|
* @param authzid The BareJid to be requested as the authorization identifier.
|
|
* @return a reference to this builder.
|
|
* @see <a href="http://tools.ietf.org/html/rfc6120#section-6.3.8">RFC 6120 § 6.3.8. Authorization Identity</a>
|
|
* @since 4.2
|
|
*/
|
|
public B setAuthzid(EntityBareJid authzid) {
|
|
this.authzid = authzid;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Sets if the connection is going to use compression (default false).
|
|
*
|
|
* Compression is only activated if the server offers compression. With compression network
|
|
* traffic can be reduced up to 90%. By default compression is disabled.
|
|
*
|
|
* @param compressionEnabled if the connection is going to use compression on the HTTP level.
|
|
* @return a reference to this object.
|
|
*/
|
|
public B setCompressionEnabled(boolean compressionEnabled) {
|
|
this.compressionEnabled = compressionEnabled;
|
|
return getThis();
|
|
}
|
|
|
|
/**
|
|
* Set the factory for stanza ID sources to use.
|
|
*
|
|
* @param stanzaIdSourceFactory the factory for stanza ID sources to use.
|
|
* @return a reference to this builder.
|
|
* @since 4.4
|
|
*/
|
|
public B setStanzaIdSourceFactory(StanzaIdSourceFactory stanzaIdSourceFactory) {
|
|
this.stanzaIdSourceFactory = Objects.requireNonNull(stanzaIdSourceFactory);
|
|
return getThis();
|
|
}
|
|
|
|
public abstract C build();
|
|
|
|
protected abstract B getThis();
|
|
}
|
|
}
|