ServerDialback (Openfire 3.10.1 Javadoc)

java.lang.Object
- org.jivesoftware.openfire.server.ServerDialback

```
public class ServerDialback
extends Object
```
Implementation of the Server Dialback method as defined by the RFC3920. The dialback method follows the following logic to validate the remote server:
1. The Originating Server establishes a connection to the Receiving Server.
2. The Originating Server sends a 'key' value over the connection to the Receiving Server.
3. The Receiving Server establishes a connection to the Authoritative Server.
4. The Receiving Server sends the same 'key' value to the Authoritative Server.
5. The Authoritative Server replies that key is valid or invalid.
6. The Receiving Server informs the Originating Server whether it is authenticated or not.
By default a timeout of 20 seconds will be used for reading packets from remote servers. Use the property xmpp.server.read.timeout to change that value. The value should be in milliseconds.
Author:

Gaston Dombiak

Field Summary

Fields
Modifier and Type Field and Description

protected static String CHARSET
The utf-8 charset for decoding and encoding Jabber packet streams.

Fields
Modifier and Type	Field and Description
`protected static String`	`CHARSET` The utf-8 charset for decoding and encoding Jabber packet streams.

Constructor Summary

Constructors
Constructor and Description
`ServerDialback()`
`ServerDialback(Connection connection, String serverName)` Creates a new instance that will be used for creating `IncomingServerSession`, validating subsequent domains or authenticatig new domains.

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`authenticateDomain(OutgoingServerSocketReader socketReader, String domain, String hostname, String id)` Authenticates the Originating Server domain with the Receiving Server.
`LocalIncomingServerSession`	`createIncomingSession(org.dom4j.io.XMPPPacketReader reader)` Returns a new `IncomingServerSession` with a domain validated by the Authoritative Server.
`LocalOutgoingServerSession`	`createOutgoingSession(String localDomain, String remoteDomain, int port)` Creates a new connection from the Originating Server to the Receiving Server for authenticating the specified domain.
`protected void`	`dialbackError(String from, String to, org.xmpp.packet.PacketError err)` Send a dialback error.
`static boolean`	`isEnabled()` Returns true if server dialback is enabled.
`static boolean`	`isEnabledForSelfSigned()` Returns true if server dialback can be used when the remote server presented a self-signed certificate.
`static void`	`setEnabledForSelfSigned(boolean enabled)` Sets if server dialback can be used when the remote server presented a self-signed certificate.
`boolean`	`validateRemoteDomain(org.dom4j.Element doc, StreamID streamID)` Returns true if the domain requested by the remote server was validated by the Authoritative Server.
`static boolean`	`verifyReceivedKey(org.dom4j.Element doc, Connection connection)` Verifies the key sent by a Receiving Server.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - CHARSET
```
protected static String CHARSET
```
    The utf-8 charset for decoding and encoding Jabber packet streams.
- Constructor Detail
  - ServerDialback
```
public ServerDialback(Connection connection,
              String serverName)
```
    Creates a new instance that will be used for creating IncomingServerSession, validating subsequent domains or authenticatig new domains. Use createIncomingSession(org.dom4j.io.XMPPPacketReader) for creating a new server session used for receiving packets from the remote server. Use validateRemoteDomain(org.dom4j.Element, org.jivesoftware.openfire.StreamID) for validating subsequent domains and use authenticateDomain(OutgoingServerSocketReader, String, String, String) for registering new domains that are allowed to send packets to the remote server.
    For validating domains a new TCP connection will be established to the Authoritative Server. The Authoritative Server may be the same Originating Server or some other machine in the Originating Server's network. Once the remote domain gets validated the Originating Server will be allowed for sending packets to this server. However, this server will need to validate its domain/s with the Originating Server if this server needs to send packets to the Originating Server. Another TCP connection will be established for validation this server domain/s and for sending packets to the Originating Server.
    
    Parameters:
    connection - the connection created by the remote server.
    serverName - the name of the local server.
  - ServerDialback
```
public ServerDialback()
```
- Method Detail
  - isEnabled
```
public static boolean isEnabled()
```
    Returns true if server dialback is enabled. When enabled remote servers may connect to this server using the server dialback method and this server may try the server dialback method to connect to remote servers.
    When TLS is enabled between servers and server dialback method is enabled then TLS is going to be tried first, when connecting to a remote server, and if TLS fails then server dialback is going to be used as a last resort. If enabled and the remote server offered server-dialback after TLS and no SASL EXTERNAL then server dialback will be used.
    
    Returns:
    true if server dialback is enabled.
  - isEnabledForSelfSigned
```
public static boolean isEnabledForSelfSigned()
```
    Returns true if server dialback can be used when the remote server presented a self-signed certificate. During TLS the remote server can present a self-signed certificate, if this setting is enabled then the self-signed certificate will be accepted and if SASL EXTERNAL is not offered then server dialback will be used for verifying the remote server.
    If self-signed certificates are accepted then server dialback over TLS is enabled.
    
    Returns:
    true if server dialback can be used when the remote server presented a self-signed certificate.
  - setEnabledForSelfSigned
```
public static void setEnabledForSelfSigned(boolean enabled)
```
    Sets if server dialback can be used when the remote server presented a self-signed certificate. During TLS the remote server can present a self-signed certificate, if this setting is enabled then the self-signed certificate will be accepted and if SASL EXTERNAL is not offered then server dialback will be used for verifying the remote server.
    If self-signed certificates are accepted then server dialback over TLS is enabled.
    
    Parameters:
    enabled - if server dialback can be used when the remote server presented a self-signed certificate.
  - createOutgoingSession
```
public LocalOutgoingServerSession createOutgoingSession(String localDomain,
                                               String remoteDomain,
                                               int port)
```
    Creates a new connection from the Originating Server to the Receiving Server for authenticating the specified domain.
    
    Parameters:
    localDomain - domain of the Originating Server to authenticate with the Receiving Server.
    remoteDomain - IP address or hostname of the Receiving Server.
    port - port of the Receiving Server.
    
    Returns:
    an OutgoingServerSession if the domain was authenticated or null if none.
  - authenticateDomain
```
public boolean authenticateDomain(OutgoingServerSocketReader socketReader,
                         String domain,
                         String hostname,
                         String id)
```
    Authenticates the Originating Server domain with the Receiving Server. Once the domain has been authenticated the Receiving Server will start accepting packets from the Originating Server.
    The Receiving Server will connect to the Authoritative Server to verify the dialback key. Most probably the Originating Server machine will be the Authoritative Server too.
    
    Parameters:
    socketReader - the reader to use for reading the answer from the Receiving Server.
    domain - the domain to authenticate.
    hostname - the hostname of the remote server (i.e. Receiving Server).
    id - the stream id to be used for creating the dialback key.
    
    Returns:
    true if the Receiving Server authenticated the domain with the Authoritative Server.
  - createIncomingSession
```
public LocalIncomingServerSession createIncomingSession(org.dom4j.io.XMPPPacketReader reader)
                                                 throws IOException,
                                                        org.xmlpull.v1.XmlPullParserException
```
    Returns a new IncomingServerSession with a domain validated by the Authoritative Server. New domains may be added to the returned IncomingServerSession after they have been validated. See LocalIncomingServerSession.validateSubsequentDomain(org.dom4j.Element). The remote server will be able to send packets through this session whose domains were previously validated.
    When acting as an Authoritative Server this method will verify the requested key and will return null since the underlying TCP connection will be closed after sending the response to the Receiving Server.
    
    Parameters:
    reader - reader of DOM documents on the connection to the remote server.
    
    Returns:
    an IncomingServerSession that was previously validated against the remote server.
    
    Throws:
    
    IOException - if an I/O error occurs while communicating with the remote server.
    
    org.xmlpull.v1.XmlPullParserException - if an error occurs while parsing XML packets.
  - dialbackError
```
protected void dialbackError(String from,
                 String to,
                 org.xmpp.packet.PacketError err)
```
    Send a dialback error.
    
    Parameters:
    from - From
    to - To
    err - Error type.
  - validateRemoteDomain
```
public boolean validateRemoteDomain(org.dom4j.Element doc,
                           StreamID streamID)
```
    Returns true if the domain requested by the remote server was validated by the Authoritative Server. To validate the domain a new TCP connection will be established to the Authoritative Server. The Authoritative Server may be the same Originating Server or some other machine in the Originating Server's network.
    If the domain was not valid or some error occurred while validating the domain then the underlying TCP connection may be closed.
    
    Parameters:
    doc - the request for validating the new domain.
    streamID - the stream id generated by this server for the Originating Server.
    
    Returns:
    true if the requested domain is valid.
  - verifyReceivedKey
```
public static boolean verifyReceivedKey(org.dom4j.Element doc,
                        Connection connection)
```
    Verifies the key sent by a Receiving Server. This server will be acting as the Authoritative Server when executing this method. The remote server may have established a new connection to the Authoritative Server (i.e. this server) for verifying the key or it may be reusing an existing incoming connection.
    
    Parameters:
    doc - the Element that contains the key to verify.
    connection - the connection to use for sending the verification result
    
    Returns:
    true if the key was verified.

Class ServerDialback

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

CHARSET

Constructor Detail

ServerDialback

ServerDialback

Method Detail

isEnabled

isEnabledForSelfSigned

setEnabledForSelfSigned

createOutgoingSession

authenticateDomain

createIncomingSession

dialbackError

validateRemoteDomain

verifyReceivedKey