Smack 4.0.4 - Communigate Pro Login issue

Hi,

I am using Smack to connect to ‘communigate pro’ (6.0) XMPP server running locally. Local JDK is 1.7.0_25. I am not able to make my login work with smack-4.0.4 which works with smack-3.2.2

With 3.2.2

following jars in classpath

smack-3.2.2.jar

smackx-3.2.2.jar

I used following Code

ConnectionConfiguration connConfig = new ConnectionConfiguration(“localhost”, 5222,“test.mydomain.com”);

XMPPConnection connection = new XMPPConnection(connConfig);

System.out.println(“Before Connect”);

connection.connect();

System.out.println("Before Login : "+connection.isConnected());

connection.login(“user1”, “user1123”,“test”);

System.out.println("After Login : "+connection.isAuthenticated());

It did Connect and Loggedin with following exception in between

Before Connect

Before Login : true

javax.security.sasl.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Cannot locate default realm)]

at com.sun.security.sasl.gsskerb.GssKrb5Client.(GssKrb5Client.java:150)

at com.sun.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:63)

at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372)

at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:85)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 319)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)

at com.mycomapany.test.pub.sub.StartChat.main(StartChat.java:36)

Caused by: GSSException: Invalid name provided (Mechanism level: Cannot locate default realm)

at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:127)

at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:95)

at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:202)

at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472)

at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)

at sun.security.jgss.GSSNameImpl.(GSSNameImpl.java:170)

at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137)

at com.sun.security.sasl.gsskerb.GssKrb5Client.(GssKrb5Client.java:108)

… 6 more

After Login : true

When I used following line

connConfig.setSASLAuthenticationEnabled(false);

It worked like charm with Following output

Before Connect

Before Login : true

After Login : true

With 4.0.4

Now I wanted to move to 4.0.4

I used following code

ConnectionConfiguration connConfig = new ConnectionConfiguration(“localhost”, 5222,“test.mydomain.com”);

connConfig.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled);

XMPPConnection connection = new XMPPTCPConnection(connConfig);

System.out.println(“Before Connect”);

connection.connect();

System.out.println("Before Login : "+connection.isConnected());

connection.login(“user1”, “user1123”,“test”);

System.out.println("After Login : "+connection.isAuthenticated());

It resulted with following error while connecting itself

Exception in thread “main” javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:658)

at org.jivesoftware.smack.tcp.PacketReader.parsePackets(PacketReader.java:221)

at org.jivesoftware.smack.tcp.PacketReader.access$000(PacketReader.java:47)

at org.jivesoftware.smack.tcp.PacketReader$1.run(PacketReader.java:81)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

at sun.security.validator.Validator.validate(Validator.java:260)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:23 1)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.j ava:126)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)

… 11 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilde r.java:196)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

… 17 more

Oct 16, 2014 10:10:30 AM org.jivesoftware.smack.tcp.PacketWriter writePackets

WARNING: Exception writing closing stream element

java.net.SocketException: Socket closed

at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:116)

at java.net.SocketOutputStream.write(SocketOutputStream.java:153)

at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)

at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)

at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)

at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)

at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)

at java.io.BufferedWriter.flush(BufferedWriter.java:254)

at org.jivesoftware.smack.tcp.PacketWriter.writePackets(PacketWriter.java:190)

at org.jivesoftware.smack.tcp.PacketWriter.access$000(PacketWriter.java:40)

at org.jivesoftware.smack.tcp.PacketWriter$1.run(PacketWriter.java:77)

When I change disabled security mode

connConfig.setSecurityMode(ConnectionConfiguration.SecurityMode.disabled);

No Exception thrown but it never prints “After Login” statement. login call never returns.

Before Connect

Before Login : true

If I have Security Mode disabled and SASLAuthentication explicitly set

connConfig.setSecurityMode(ConnectionConfiguration.SecurityMode.disabled);

SASLAuthentication.supportSASLMechanism(“DIGEST-MD5”,0);

I tried both MD5 and PLAIN I see a warning and exception with small delay while login

Before Connect

Before Login : true

Oct 16, 2014 10:17:56 AM org.jivesoftware.smack.filter.IQReplyFilter accept

WARNING: Rejected potentially spoofed reply to IQ-packet. Filter settings: packetId=KJEN6-0, to=null, local=null, server=test.mydomain.com. Received packet with from=user1@test.mydomain.com

Exception in thread “main” org.jivesoftware.smack.SmackException$NoResponseException

at org.jivesoftware.smack.PacketCollector.nextResultOrThrow(PacketCollector.java:1 91)

at org.jivesoftware.smack.PacketCollector.nextResultOrThrow(PacketCollector.java:1 75)

at org.jivesoftware.smack.XMPPConnection.bindResourceAndEstablishSession(XMPPConne ction.java:530)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.login(XMPPTCPConnection.java:260)

at com.mycomapany.test.pub.sub.StartChat.main(StartChat.java:41)

Any help to make it work on smack version 4.x is appreciated.

Thanks,

Kiran

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Your SSLContext isn’t able to find a valid certification path to the servers TLS certificate.

Hi,

Thanks for the quick response. “5222” port I am connecting to is a plain text port it is not even secure(TLS) port. I don’t see any certificate restriction on this port. Is there anyway I can establish “non secure” connection ?

If connection to same server works with 3.2.2, there should be a way it works with 4.0.4 - just that I might be missing something ?

is there any

connConfig.setSASLAuthenticationEnabled(false);

equivalent ?

Thanks,

Kiran

Is there anyway I can establish “non secure” connection ?
ConnectionConfiguration.setSecurityMode(disabled)

connConfig.setSASLAuthenticationEnabled(false);
SASL is not related to TLS, Non-SASL authentication has been removed in Smack 4.

Hi,

I did some more digging into this.

I connect to server with security mode disabled. connection is successful.

ConnectionConfiguration connConfig = new ConnectionConfiguration(“127.0.0.1”, 5222,“test.mydomain.com”);

connConfig.setSecurityMode(SecurityMode.disabled);

XMPPConnection connection = new XMPPTCPConnection(connConfig);

connection.connect();

System.out.println("Connection Status : "+connection.isConnected());

and my server log says something like this.

15:10:14.634 5 XMPPI-000222([127.0.0.1]) out:+<?xml version="1.0"?><stream:stream version=“1.0” from=“test.mydomain.com” id=“222” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams”>stream:featuresLOGINPLAINCRAM-MD5DIGEST-MD5</mechanis m>GSSAPIMSNNTLM</mechan ism><host

15:10:14.634 5 XMPPI-000222([127.0.0.1]) out: name xmlns=“urn:xmpp:tmp:domain-based-name” mechanism=“GSSAPI”>test.mydomain.com</stream:features>

No Close tag for “stream:stream”

Once I connect successfully if I print

System.out.println("Host : "+connection.getHost());

it prints “null”

If I try to login using

connection.login(“user1”, “user1123”,“test”);

It tries to use GSSAPI as default first mechanism. but fails with following exception

javax.security.sasl.SaslException: Failure to initialize security context [Caused by GSSException: Invalid Name Provided (Mechanism level: Cannot locate default realm)]

When I saw “SASLAuthentication” class following call will happen with “host” value “null”

currentMechanism.authenticate(username, connection.getHost(), serviceName, password);

I am not sure where is the problem

Thanks,

Kiran

Hi,

I tried to using DIGEST-MD5 by setting it to high priority.

SASLAuthentication.supportSASLMechanism(“DIGEST-MD5”,0);

Following Warning and delayed exception

Oct 17, 2014 3:41:05 PM org.jivesoftware.smack.filter.IQReplyFilter accept

WARNING: Rejected potentially spoofed reply to IQ-packet. Filter settings: packetId=1rnMX-0, to=null, local=null, server=test.mydomain.com. Received packet with from=user1@test.mydomain.com

Exception in thread “main” org.jivesoftware.smack.SmackException$NoResponseException

at org.jivesoftware.smack.PacketCollector.nextResultOrThrow(PacketCollector.java:1 91)

at org.jivesoftware.smack.PacketCollector.nextResultOrThrow(PacketCollector.java:1 75)

at org.jivesoftware.smack.XMPPConnection.bindResourceAndEstablishSession(XMPPConne ction.java:530)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.login(XMPPTCPConnection.java:260)

Server Log looks like this

15:41:05.543 5 XMPP [0.0.0.0]:5222 ← [127.0.0.1]:50262 connection request. socket=848

15:41:05.543 5 XMPP new VStream created, 1 total

15:41:05.543 5 XMPP stream thread started

15:41:05.543 4 XMPPI-000230([127.0.0.1]) [127.0.0.1]:5222 ← [127.0.0.1]:50262 incoming connection(test.mydomain.com)

15:41:05.553 5 XMPPI-000230([127.0.0.1]) inp: <stream:stream to=“test.mydomain.com” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0”>

15:41:05.553 4 XMPPI-000230([127.0.0.1]) got connection on (test.mydomain.com)

15:41:05.553 5 XMPPI-000230([127.0.0.1]) out:+<?xml version="1.0"?><stream:stream version=“1.0” from=“test.mydomain.com” id=“230” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams”>stream:featuresLOGINPLAINCRAM-MD5DIGEST-MD5</mechanis m>GSSAPIMSNNTLM</mechan ism><host

15:41:05.553 5 XMPPI-000230([127.0.0.1]) out: name xmlns=“urn:xmpp:tmp:domain-based-name” mechanism=“GSSAPI”>test.mydomain.com</stream:features>

15:41:05.630 5 XMPPI-000230([127.0.0.1]) inp:

15:41:05.630 5 XMPPI-000230([127.0.0.1]) SASL-0(DIGEST-MD5) out: realm=“test.mydomain.com”,nonce=“230a1413556865atest.mydomain.com”,qop=“auth”,c harset=utf-8,algorithm=md5-sess

15:41:05.630 5 XMPPI-000230([127.0.0.1]) out: cmVhbG09InRlc3QubWluZHRyZWUuY29tIixub2 5jZT0iMjMwYTE0MTM1NTY4NjVhdGVzdC5taW5kdHJlZS5jb20iLHFvcD0iYXV0aCIsY2hhcnNldD11dG YtOCxhbGdvcml0aG09bWQ1LXNlc3M=

15:41:05.636 5 XMPPI-000230([127.0.0.1]) inp: Y2hhcnNldD11dGYtOCx1c2VybmFtZT0idXNlcj EiLHJlYWxtPSJ0ZXN0Lm1pbmR0cmVlLmNvbSIsbm9uY2U9IjIzMGExNDEzNTU2ODY1YXRlc3QubWluZH RyZWUuY29tIixuYz0wMDAwMDAwMSxjbm9uY2U9Im5SMmgrK1A4UEo3eGJZeVRGa3hRUWhEOGdpUXhwcV Ywb2h2Z1RNckQiLGRpZ2VzdC11cmk9InhtcHAvdGVzdC5taW5kdHJlZS5jb20iLG1heGJ1Zj02NTUzNi xyZXNwb25zZT1kMTI1NmM3Yjg0ZGJhZDdiY2EyZjRmYTI5NmIwMmFhZCxxb3A9YXV0aA==

15:41:05.636 5 XMPPI-000230([127.0.0.1]) SASL-0(DIGEST-MD5) inp: charset=utf-8,username=“user1”,realm=“test.mydomain.com”,nonce=“230a1413556865a test.mydomain.com”,nc=00000001,cnonce=“nR2h++P8PJ7xbYyTFkxQQhD8giQxpqV0ohvgTMrD” ,digest-uri=“xmpp/test.mydomain.com”,maxbuf=65536,response=d1256c7b84dbad7bca2f4 fa296b02aad,qop=auth

15:41:05.636 2 XMPPI-000230([127.0.0.1]) ‘user1@test.mydomain.com’ connected(DIGEST-MD5) [127.0.0.1]:50262->[127.0.0.1]:5222

15:41:05.636 5 XMPPI-000230([127.0.0.1]) SASL-3(DIGEST-MD5) out: rspauth=0a63ee9a101824d833954dd99e1f39a8

15:41:05.636 5 XMPPI-000230([127.0.0.1]) out: cnNwYXV0aD0wYTYzZWU5YTEwMTgyNGQ4MzM5NT RkZDk5ZTFmMzlhOA==

15:41:05.636 5 XMPPI-000230([127.0.0.1]) inp:

15:41:05.636 5 XMPPI-000230([127.0.0.1]) SASL-3(DIGEST-MD5) inp:

15:41:05.636 2 XMPP-000080(user1) logged in(XMPP) from [127.0.0.1]:50262

15:41:05.636 5 XMPPI-000230([127.0.0.1]) out:

15:41:05.637 5 XMPPI-000230([127.0.0.1]) inp: <stream:stream to=“test.mydomain.com” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0”>

15:41:05.637 4 XMPPI-000230([127.0.0.1]) got connection on (test.mydomain.com)

15:41:05.637 5 XMPPI-000230([127.0.0.1]) out: <?xml version="1.0"?><stream:stream version=“1.0” from=“test.mydomain.com” id=“230” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams”>stream:features</stream:features>

15:41:05.643 5 XMPPS-000230([127.0.0.1]) inp: test

15:41:05.643 2 XMPP-000080(user1) binding as ‘test’

15:41:05.643 5 XMPPS-000230([127.0.0.1]) out: user1@test.mydomain.com/test

15:41:10.970 3 XMPPS-000230([127.0.0.1]) XML stream reading failed. Error Code=connection reset by peer

15:41:10.970 2 XMPPS-000230([127.0.0.1]) quitting

15:41:10.970 2 XMPP-000080(user1) closed ([127.0.0.1]:50262)

15:41:10.971 4 XMPPS-000230([127.0.0.1]) closing connection

Any help is much appreciated !

Thanks,

Kiran

That is actually an issue which is fixed in Smack 4.1. I can not promise that I’ll be able to backport the fix to 4.0, at least not within the next few days/weeks. But if you want, I can only recommend trying out Smack 4.1.0-alpha3, but make sure to read the Smack 4.1 Readme and Upgrade Guide!

Thanks for the response. I will try with 4.1.0-alpha3 and post the results.

That’s the spirit Although it’s an alpha I think alpha3 is pretty good. Alpha4 will have some more changes that have the potential to break things, but with alpha3 you should be fine (but of course, it’s still an alpha version).