OK, it’s hard to be sure, but I think I’ve got it “working.”
I could not get my simple login smack client working on :5223. Scanning through other forum postings noted that the Socket might not be right – try using the default SSL Socket:
config.setSocketFactory(SSLSocketFactory.getDefault());
This moved me forward. However, the
So, with an empty client.truststore:
SocketAcceptorIoProcessor-1.0, fatal error: 80: problem unwrapping net record
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
SocketAcceptorIoProcessor-1.0, SEND TLSv1 ALERT: fatal, description = internal_error
SocketAcceptorIoProcessor-1.0, WRITE: TLSv1 Alert, length = 2
valid client.truststore:
successful login; see client certificate in server’s debug output
HOWEVER The callback stuff appears not to be working – if I disable setting the default keystorePassword property, but have a CallbackHandler set, I still get:
Logging into tester@localhost
XMPPError connecting to localhost:5223.: remote-server-error(502) XMPPError connecting to localhost:5223.
– caused by: java.net.SocketException: password can’t be null
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection. java:900)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1415)
at TestClient.main(TestClient.java:60)
Nested Exception:
java.net.SocketException: password can’t be null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:156)
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection. java:888)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1415)
at TestClient.main(TestClient.java:60)
Presumably this is because the default SSLSocketFactory is not passing out to callbacks. However, I’ve been completely unsuccessful finding any more useful documentation regarding what SSLSocketFactory to use with Smack. Is there an openfire specific SocketFactory? One that works with TLS as well?
Likewise, trying to use TLS (instead of SSL) on :5222 (or even :5223, which probably isn’t expected to work) totally as we’ve seen before:
javax.net.ssl.SSLProtocolException: Handshake message sequence violation, 2
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.j ava:86)
So, at this point, nothing has really worked:
o The RPM installed a somehow-broken implementation such that the server would not even advertize valid CAs;
- the tar.gz (and .deb) did, but
o none of the clients really work with the callback stuff.
- since there’s some other stuff going on in Spark, it seems impossible to do anything but rely on the (broken?) callback handling.
o Of course, none of it works with TLS, only old-style SSL on :5223.
I still have to believe there is some other trick going on – or are the PCKS#11 handling class(es) different from the JKS handling ones? I.e., could there be a difference in the callback propogation code in the JKS-handling one(s)?
Also: why it’s trying to dial home:
2009.05.01 07:33:59 Retrying request
2009.05.01 07:33:59 Open connection to www.igniterealtime.org:80
2009.05.01 07:33:59 Closing the connection.
2009.05.01 07:33:59 Method retry handler returned false. Automatic recovery will not be attempted
I’m not sure. Can this be killed? Is it just the ‘check for updates’ piece?
My client is as follows, minus setting the properties to things like ‘tester’ and ‘localhost’:
public static void main(String[] args) {
System.setProperty("javax.net.ssl.keyStore", KEYSTORE_PATH);
System.setProperty("javax.net.ssl.trustStore", TRUSTSTORE_PATH);
System.setProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
System.setProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
ConnectionConfiguration config = new ConnectionConfiguration(SERVER, 5222);
config.setSASLAuthenticationEnabled(true);
// config.setSASLAuthenticationEnabled(false);
config.setKeystorePath(KEYSTORE_PATH);
config.setKeystoreType(“jks”);
config.setTruststorePath(TRUSTSTORE_PATH);
config.setTruststorePassword(TRUSTSTORE_PASSWORD);
config.setTruststoreType(“jks”);
config.setCallbackHandler(new CallbackHandler());
config.setSecurityMode(SecurityMode.enabled);
// config.setSecurityMode(SecurityMode.required);
SASLAuthentication.supportSASLMechanism("PLAIN", 0);
SASLAuthentication.supportSASLMechanism("DIGEST-MD5", 1);
SASLAuthentication.supportSASLMechanism("EXTERNAL", 2);
// config.setSocketFactory(SSLSocketFactory.getDefault());
System.out.println("Logging into " + USERNAME + "@" + SERVER);
try {
XMPPConnection conn1 = new XMPPConnection(config, new CallbackHandler());
conn1.connect();
String usingTLS = (conn1.isUsingTLS() == true) ? "" : " *NOT* ";
String secure = (conn1.isSecureConnection() == true) ? "" : " *NOT* ";
System.out.println("Connection is "
+ usingTLS
+ "using TLS and therefore is: "
+ secure
+ "secure.");
Thread.sleep(3 * 1000); // Something about timing in the forums
conn1.login(USERNAME, PASSWORD, “smack test client”);
System.out.println(“Logged " + USERNAME + “@” + SERVER + " in.”);
Thread.sleep(15 * 1000); //leave it connected for a bit, then disconnect.
conn1.disconnect();
System.out.println("Disconnected " + USERNAME + “@” + SERVER);
} catch (XMPPException xe) {
// TODO Auto-generated catch block
xe.printStackTrace();
} catch (InterruptedException ie) {
// TODO Auto-generated catch block
ie.printStackTrace();
}
}