Class NettyConnection
- java.lang.Object
-
- org.jivesoftware.openfire.net.AbstractConnection
-
- org.jivesoftware.openfire.nio.NettyConnection
-
- All Implemented Interfaces:
Closeable
,AutoCloseable
,Connection
public class NettyConnection extends AbstractConnection
Implementation ofConnection
interface specific for Netty connections.- Author:
- Matthew Vivian, Alex Gidman
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.jivesoftware.openfire.Connection
Connection.ClientAuth, Connection.CompressionPolicy, Connection.State, Connection.TLSPolicy
-
-
Field Summary
Fields Modifier and Type Field Description static String
SSL_HANDLER_NAME
-
Fields inherited from class org.jivesoftware.openfire.net.AbstractConnection
closeListeners, session
-
-
Constructor Summary
Constructors Constructor Description NettyConnection(io.netty.channel.ChannelHandlerContext channelHandlerContext, PacketDeliverer packetDeliverer, ConnectionConfiguration configuration)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addCompression()
Adds the compression filter to the connection but only filter incoming traffic.void
close(org.xmpp.packet.StreamError error, boolean networkInterruption)
Close this connection including associated session, optionally citing a stream error.void
deliver(org.xmpp.packet.Packet packet)
Delivers the packet to this connection without checking the recipient.void
deliverRawText(String text)
Delivers raw text to this connection.byte[]
getAddress()
Returns the raw IP address of thisInetAddress
object.Optional<String>
getCipherSuiteName()
Returns the TLS cipher suite name used by the connection of the session, if any.ConnectionConfiguration
getConfiguration()
Returns a representation of the desired state for this connection.String
getHostAddress()
Returns the IP address string in textual presentation.String
getHostName()
Gets the host name for this IP address.Certificate[]
getLocalCertificates()
Returns the local underlyingX509Certificate
chain for the connection.PacketDeliverer
getPacketDeliverer()
Returns the packet deliverer to use when delivering a packet over the socket fails.Certificate[]
getPeerCertificates()
Returns the underlyingX509Certificate
for the connection of the peer.Optional<String>
getTLSProtocolName()
Returns the TLS protocol name used by the connection of the session, if any.boolean
isClosed()
Returns true if the connection/session is closed.boolean
isCompressed()
Returns true if the connection is using compression.boolean
isEncrypted()
Returns true if this connection is encrypted.boolean
isInitialized()
Checks if the connection has finished initialization.boolean
isUsingSelfSignedCertificate()
Returns true if the other peer of this session presented a self-signed certificate.void
reinit(LocalSession owner)
Reinitializes the connection to switch to a different session.void
setEncrypted(boolean encrypted)
void
setUsingSelfSignedCertificate(boolean isSelfSigned)
Keeps track if the other peer of this session presented a self-signed certificate.void
startCompression()
Start compressing outgoing traffic for this connection.void
startTLS(boolean clientMode, boolean directTLS)
Encrypts the plain connection by negotiating TLS with the other peer.void
systemShutdown()
Notification message indicating that the server is being shutdown.String
toString()
boolean
validate()
Verifies that the connection is still live.-
Methods inherited from class org.jivesoftware.openfire.net.AbstractConnection
getAdditionalNamespaces, getMajorXMPPVersion, getMinorXMPPVersion, getSession, init, notifyCloseListeners, registerCloseListener, removeCloseListener, setAdditionalNamespaces, setXMPPVersion
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.jivesoftware.openfire.Connection
close, close
-
-
-
-
Field Detail
-
SSL_HANDLER_NAME
public static final String SSL_HANDLER_NAME
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
NettyConnection
public NettyConnection(io.netty.channel.ChannelHandlerContext channelHandlerContext, @Nullable PacketDeliverer packetDeliverer, ConnectionConfiguration configuration)
-
-
Method Detail
-
validate
public boolean validate()
Description copied from interface:Connection
Verifies that the connection is still live. Typically, this is done by sending a whitespace character between packets.- Returns:
- true if the socket remains valid, false otherwise.
-
getAddress
public byte[] getAddress() throws UnknownHostException
Description copied from interface:Connection
Returns the raw IP address of thisInetAddress
object. The result is in network byte order: the highest order byte of the address is ingetAddress()[0]
.- Returns:
- the raw IP address of this object.
- Throws:
UnknownHostException
- if IP address of host could not be determined.
-
getHostAddress
public String getHostAddress() throws UnknownHostException
Description copied from interface:Connection
Returns the IP address string in textual presentation.- Returns:
- the raw IP address in a string format.
- Throws:
UnknownHostException
- if IP address of host could not be determined.
-
getHostName
public String getHostName() throws UnknownHostException
Description copied from interface:Connection
Gets the host name for this IP address.If this InetAddress was created with a host name, this host name will be remembered and returned; otherwise, a reverse name lookup will be performed and the result will be returned based on the system configured name lookup service. If a lookup of the name service is required, call
getCanonicalHostName
.If there is a security manager, its
checkConnect
method is first called with the hostname and-1
as its arguments to see if the operation is allowed. If the operation is not allowed, it will return the textual representation of the IP address.- Returns:
- the host name for this IP address, or if the operation is not allowed by the security check, the textual representation of the IP address.
- Throws:
UnknownHostException
- if IP address of host could not be determined.- See Also:
InetAddress.getCanonicalHostName()
,SecurityManager.checkConnect(java.lang.String, int)
-
getLocalCertificates
public Certificate[] getLocalCertificates()
Description copied from interface:Connection
Returns the local underlyingX509Certificate
chain for the connection.- Returns:
- an ordered array of certificates, with the local certificate
first followed by any certificate authorities. If no certificates
is present for the connection, then
null
is returned.
-
getPeerCertificates
public Certificate[] getPeerCertificates()
Description copied from interface:Connection
Returns the underlyingX509Certificate
for the connection of the peer.- Returns:
- an ordered array of peer certificates, with the peer's own certificate first followed by any certificate authorities.
-
getTLSProtocolName
public Optional<String> getTLSProtocolName()
Description copied from interface:Connection
Returns the TLS protocol name used by the connection of the session, if any.- Returns:
- a TLS protocol (version) name.
-
getCipherSuiteName
public Optional<String> getCipherSuiteName()
Description copied from interface:Connection
Returns the TLS cipher suite name used by the connection of the session, if any.- Returns:
- cipher suite name.
-
setUsingSelfSignedCertificate
public void setUsingSelfSignedCertificate(boolean isSelfSigned)
Description copied from interface:Connection
Keeps track if the other peer of this session presented a self-signed certificate. When using self-signed certificate for server-2-server sessions then SASL EXTERNAL will not be used and instead server-dialback will be preferred for vcerifying the identify of the remote server.- Parameters:
isSelfSigned
- true if the other peer presented a self-signed certificate.
-
isUsingSelfSignedCertificate
public boolean isUsingSelfSignedCertificate()
Description copied from interface:Connection
Returns true if the other peer of this session presented a self-signed certificate. When using self-signed certificate for server-2-server sessions then SASL EXTERNAL will not be used and instead server-dialback will be preferred for vcerifying the identify of the remote server.- Returns:
- true if the other peer of this session presented a self-signed certificate.
-
getPacketDeliverer
@Nullable public PacketDeliverer getPacketDeliverer()
Description copied from interface:Connection
Returns the packet deliverer to use when delivering a packet over the socket fails. The packet deliverer will retry to send the packet using some other connection or will store the packet offline for later retrieval. When null, packets will just be dropped.- Returns:
- the packet deliverer to use when delivering a packet over the socket fails.
-
close
public void close(@Nullable org.xmpp.packet.StreamError error, boolean networkInterruption)
Description copied from interface:Connection
Close this connection including associated session, optionally citing a stream error. The 'networkInterruption' argument should be set to 'true' if the connection is being closed because it is known or assumed that the network connection between Openfire and the peer was unexpectedly terminated (eg: due to a networking failure). These typically are scenarios where a peer becomes unresponsive (without having terminated its session with a or comparable message). When the 'networkInterruption' argument is set to 'true', then a session is eligible for resumption (if Stream Management was activiated for the session). The events for closing the connection are:- Set closing flag to prevent redundant shutdowns.
- Close the socket.
- Notify all listeners that the channel is shut down.
- Parameters:
error
- If non-null, the end-stream tag will be preceded with this error.
-
systemShutdown
public void systemShutdown()
Description copied from interface:Connection
Notification message indicating that the server is being shutdown. Implementors should send a stream error whose condition is system-shutdown before closing the connection.
-
reinit
public void reinit(LocalSession owner)
Description copied from interface:Connection
Reinitializes the connection to switch to a different session. This allows for XEP-0198 resumption and transport-switching.- Specified by:
reinit
in interfaceConnection
- Overrides:
reinit
in classAbstractConnection
- Parameters:
owner
- The new session now owning the connection.
-
isInitialized
public boolean isInitialized()
Description copied from interface:Connection
Checks if the connection has finished initialization.- Returns:
- true if connection has finished initialization.
-
isClosed
public boolean isClosed()
Description copied from interface:Connection
Returns true if the connection/session is closed.- Returns:
- true if the connection is closed.
-
isEncrypted
public boolean isEncrypted()
Description copied from interface:Connection
Returns true if this connection is encrypted.- Returns:
- true if the connection is encrypted (e.g. uses TLS)
-
setEncrypted
public void setEncrypted(boolean encrypted)
-
deliver
public void deliver(org.xmpp.packet.Packet packet) throws UnauthorizedException
Description copied from interface:Connection
Delivers the packet to this connection without checking the recipient. The method essentially callssocket.send(packet.getWriteBuffer())
. Use with caution! This code is unlikely to be called directly. Instead, ensure that data sent to the entities is sent through the appropriate LocalSession object. For clients, this prevents, for example, synchronisation issues with stanza counts related to Stream Management (XEP-0198).- Parameters:
packet
- the packet to deliver.- Throws:
UnauthorizedException
- if a permission error was detected.
-
deliverRawText
public void deliverRawText(String text)
Description copied from interface:Connection
Delivers raw text to this connection. This is a very low level way for sending XML stanzas to the client. This method should not be used unless you have very good reasons for not usingConnection.deliver(org.xmpp.packet.Packet)
.This method avoids having to get the writer of this connection and mess directly with the writer. Therefore, this method ensures a correct delivery of the stanza even if other threads were sending data concurrently.
- Parameters:
text
- the XML stanzas represented kept in a String.
-
startTLS
public void startTLS(boolean clientMode, boolean directTLS) throws Exception
Description copied from interface:Connection
Encrypts the plain connection by negotiating TLS with the other peer. In a server-2-server connection the server requesting the TLS negotiation will be the client and the other server will be the server during the TLS negotiation. Therefore, the server requesting the TLS negotiation must passtrue
in theclientMode
parameter and the server receiving the TLS request must passfalse
in theclientMode
parameter.In the case of client-2-server the XMPP server must pass
false
in theclientMode
parameter since it will behave as the server in the TLS negotiation.- Parameters:
clientMode
- boolean indicating if this entity is a client or a server in the TLS negotiation.directTLS
- boolean indicating if the negotiation is directTLS (true) or startTLS (false).- Throws:
Exception
- if an error occurred while encrypting the connection.
-
addCompression
public void addCompression()
Description copied from interface:Connection
Adds the compression filter to the connection but only filter incoming traffic. Do not filter outgoing traffic since we still need to send an uncompressed stanza to the client indicating that he can start compressing the traffic. After we sent the uncompresses stanza we can start compression outgoing traffic as well.
-
startCompression
public void startCompression()
Description copied from interface:Connection
Start compressing outgoing traffic for this connection. Compression will only be available after TLS has been negotiated. This means that a connection can never be using compression before TLS. However, it is possible to use compression without TLS.
-
getConfiguration
public ConnectionConfiguration getConfiguration()
Description copied from interface:Connection
Returns a representation of the desired state for this connection. Note that this is different from the current state of the connection. For example, TLS can be required by configuration, but while the connection has yet to be fully initialized, the current state might not be TLS-encrypted.- Returns:
- The desired configuration for the connection (never null).
-
isCompressed
public boolean isCompressed()
Description copied from interface:Connection
Returns true if the connection is using compression.- Returns:
- true if the connection is using compression.
-
-