Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add XEP-0070: Verifying HTTP Requests via XMPP support #557

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add XEP-0070: Verifying HTTP Requests via XMPP support #557

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8c18f54
Add XEP-0070: Verifying HTTP Requests via XMPP support
cmeng-git Feb 28, 2023
85c6003
Add XEP-0070: Verifying HTTP Requests via XMPP support
cmeng-git Mar 24, 2023
360953f
Update per PR review (partial)
cmeng-git Mar 25, 2023
dd74778
Update HttpAuthorizationRequestManager to handle multiple authRequest…
cmeng-git Mar 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions ...va/org/jivesoftware/smackx/httpauthorizationrequest/HttpAuthorizationRequestListener.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
/**
*
* Copyright 2019-2023 Eng Chong Meng
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.httpauthorizationrequest;

import org.jivesoftware.smackx.httpauthorizationrequest.element.ConfirmExtension;

import org.jxmpp.jid.DomainBareJid;

/**
* Interface for listen on receive of HTTP Request IQ or Message.
* XEP-0070: Verifying HTTP Requests via XMPP (1.0.1 (2016-12-09))
*/
public interface HttpAuthorizationRequestListener {
void onHttpAuthorizationRequest(DomainBareJid from, ConfirmExtension confirmExtension, String instruction);
}
230 changes: 230 additions & 0 deletions ...ava/org/jivesoftware/smackx/httpauthorizationrequest/HttpAuthorizationRequestManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,230 @@
/**
*
* Copyright 2019-2023 Eng Chong Meng
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.httpauthorizationrequest;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.logging.Level;
import java.util.logging.Logger;

import org.jivesoftware.smack.Manager;
import org.jivesoftware.smack.SmackException;
import org.jivesoftware.smack.XMPPConnection;
import org.jivesoftware.smack.filter.AndFilter;
import org.jivesoftware.smack.filter.FromTypeFilter;
import org.jivesoftware.smack.filter.MessageTypeFilter;
import org.jivesoftware.smack.filter.StanzaExtensionFilter;
import org.jivesoftware.smack.filter.StanzaFilter;
import org.jivesoftware.smack.iqrequest.AbstractIqRequestHandler;
import org.jivesoftware.smack.iqrequest.IQRequestHandler;
import org.jivesoftware.smack.packet.IQ;
import org.jivesoftware.smack.packet.Message;
import org.jivesoftware.smack.packet.Message.Body;
import org.jivesoftware.smack.packet.MessageBuilder;
import org.jivesoftware.smack.packet.StanzaBuilder;
import org.jivesoftware.smack.packet.StanzaError;
import org.jivesoftware.smackx.httpauthorizationrequest.element.ConfirmExtension;
import org.jivesoftware.smackx.httpauthorizationrequest.packet.ConfirmIQ;

import org.jxmpp.jid.DomainBareJid;
import org.jxmpp.jid.Jid;

/**
* The HTTP Request manager for HTTP Request. The manager handles both the HTTP Request via:
* IQ : when the request is via EntityFullJid
* Message: When request is via EntityBareJid
*
* XEP-0070: Verifying HTTP Requests via XMPP (1.0.1 (2016-12-09))
*
* @see HttpAuthorizationRequestListener on callback
*/
public final class HttpAuthorizationRequestManager extends Manager {
private static final StanzaFilter MESSAGE_FILTER = new AndFilter(
MessageTypeFilter.NORMAL_OR_CHAT,
new StanzaExtensionFilter(ConfirmExtension.ELEMENT, ConfirmExtension.NAMESPACE)
);

private static final StanzaFilter INCOMING_MESSAGE_FILTER = new AndFilter(
MESSAGE_FILTER,
FromTypeFilter.DOMAIN_BARE_JID
);

private static final Logger LOGGER = Logger.getLogger(HttpAuthorizationRequestManager.class.getName());

private static final Map<XMPPConnection, HttpAuthorizationRequestManager> INSTANCES = new WeakHashMap<>();

/**
* Map of all the current active HttpAuthorizationRequests.
*/
private static final Map<String, Object> mAuthRequests = new HashMap<>();

private final Set<HttpAuthorizationRequestListener> incomingListeners = new CopyOnWriteArraySet<>();

public static synchronized HttpAuthorizationRequestManager getInstanceFor(XMPPConnection connection) {
HttpAuthorizationRequestManager httpResponseManager = INSTANCES.get(connection);
if (httpResponseManager == null) {
httpResponseManager = new HttpAuthorizationRequestManager(connection);
INSTANCES.put(connection, httpResponseManager);
}
return httpResponseManager;
}

private HttpAuthorizationRequestManager(final XMPPConnection connection) {
super(connection);

// Listen for message HTTP request
connection.addSyncStanzaListener(stanza -> {
final Message message = (Message) stanza;
ConfirmExtension confirmExtension = ConfirmExtension.from(message);

String id = confirmExtension.getId();
mAuthRequests.put(id, message);

final Jid from = message.getFrom();
DomainBareJid bareFrom = from.asDomainBareJid();

Body bodyExt = message.getExtension(Body.class);
String instruction = null;
if (bodyExt != null) {
instruction = bodyExt.getMessage();
}

for (HttpAuthorizationRequestListener listener : incomingListeners) {
listener.onHttpAuthorizationRequest(bareFrom, confirmExtension, instruction);
}
}, INCOMING_MESSAGE_FILTER);

// Handler for IQ HTTP request
connection.registerIQRequestHandler(new AbstractIqRequestHandler(ConfirmIQ.ELEMENT, ConfirmIQ.NAMESPACE,
IQ.Type.get, IQRequestHandler.Mode.async) {
@Override
public IQ handleIQRequest(IQ iqRequest) {
ConfirmIQ iqHttpRequest = (ConfirmIQ) iqRequest;
ConfirmExtension confirmExtension = iqHttpRequest.getConfirmExtension();

String id = confirmExtension.getId();
mAuthRequests.put(id, iqRequest);

final Jid from = iqHttpRequest.getFrom();
DomainBareJid bareFrom = from.asDomainBareJid();

for (HttpAuthorizationRequestListener listener : incomingListeners) {
listener.onHttpAuthorizationRequest(bareFrom, confirmExtension, null);
}
// let us handle the reply
return null;
}
});
}

/**
* Add a new listener for incoming HTTP request via IQ/Message.
*
* @param listener the listener to add.
*
* @return <code>true</code> if the listener was not already added.
*/
public boolean addIncomingListener(HttpAuthorizationRequestListener listener) {
return incomingListeners.add(listener);
}

/**
* Remove an incoming HTTP Request listener.
*
* @param listener the listener to remove.
*
* @return <code>true</code> if the listener was active and got removed.
*/
public boolean removeIncomingListener(HttpAuthorizationRequestListener listener) {
return incomingListeners.remove(listener);
}

/**
* Accept the HTTP Authorization Request for the given id.
*
* The actual reply can be in IQ or Message pending on the Request Stanza
* @param id accept authRequest for the given id.
*/
public void acceptId(String id) {
Object authRequest = mAuthRequests.get(id);
if (authRequest == null) {
LOGGER.log(Level.WARNING, "Unknown http authorization id: ", id);
return;
}

try {
if (authRequest instanceof Message) {
Message msgRequest = (Message) authRequest;

MessageBuilder messageAccept = StanzaBuilder.buildMessage()
.to(msgRequest.getFrom())
.ofType(msgRequest.getType())
.setThread(msgRequest.getThread())
.addExtension(ConfirmExtension.from(msgRequest));
connection().sendStanza(messageAccept.build());
}
else if (authRequest instanceof ConfirmIQ) {
connection().sendStanza(ConfirmIQ.createAuthRequestAccept((ConfirmIQ) authRequest));
}
} catch (SmackException.NotConnectedException | InterruptedException e) {
LOGGER.log(Level.WARNING, "Failed to send http authorization accept: ", e.getMessage());
}
mAuthRequests.remove(id);
}

/**
* Reject the HTTP Authorization Request for the given id.
*
* The actual reply can be in IQ or Message pending on the Request Stanza
* @param id reject authRequest for the given id.
*/
public void rejectId(String id) {
Object authRequest = mAuthRequests.get(id);
if (authRequest == null) {
LOGGER.log(Level.WARNING, "Unknown http authorization id: ", id);
return;
}

StanzaError stanzaError = StanzaError.getBuilder()
.setType(StanzaError.Type.AUTH)
.setCondition(StanzaError.Condition.not_authorized).build();

try {
if (authRequest instanceof Message) {
Message msgRequest = (Message) authRequest;

MessageBuilder messageDeny = StanzaBuilder.buildMessage()
.to(msgRequest.getFrom())
.ofType(Message.Type.error)
.setThread(msgRequest.getThread())
.addExtension(ConfirmExtension.from(msgRequest))
.addExtension(stanzaError);
connection().sendStanza(messageDeny.build());
}
else if (authRequest instanceof ConfirmIQ) {
IQ iqDeny = ConfirmIQ.createErrorResponse((ConfirmIQ) authRequest, stanzaError);
connection().sendStanza(iqDeny);
}
} catch (SmackException.NotConnectedException | InterruptedException e) {
LOGGER.log(Level.WARNING, "Failed to send http authorization reject: ", e.getMessage());
}
mAuthRequests.remove(id);
}
}
110 changes: 110 additions & 0 deletions .../main/java/org/jivesoftware/smackx/httpauthorizationrequest/element/ConfirmExtension.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
/**
*
* Copyright 2019-2023 Eng Chong Meng
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.httpauthorizationrequest.element;

import javax.xml.namespace.QName;

import org.jivesoftware.smack.packet.ExtensionElement;
import org.jivesoftware.smack.packet.Message;
import org.jivesoftware.smack.util.XmlStringBuilder;

/**
* ExtensionElement <code>Conform</code> for HTTP Request.
* XEP-0070: Verifying HTTP Requests via XMPP (1.0.1 (2016-12-09))
*/
public class ConfirmExtension implements ExtensionElement {
public static final String ELEMENT = "confirm";
public static final String NAMESPACE = "http://jabber.org/protocol/http-auth";

public static final QName QNAME = new QName(NAMESPACE, ELEMENT);

public static final String ATTR_ID = "id";
public static final String ATTR_METHOD = "method";
public static final String ATTR_URL = "url";

private final String id;
private final String method;
private final String url;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private final String url;
private final URI url;

I believe this member should be of type URI.

Copy link
Contributor Author

@cmeng-git cmeng-git Mar 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this variable be handled as a string all the ways. Otherwise need to do extract steps during xml phrase() and in toXML() method.
In aTalk app implementation, the value is used as string in prompting user to accept or reject the auth request. Do not see the need for app to access the URL directly.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URI class is not intended to be in fields. So please keep as a string

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URI class is not intended to be in fields.

Care to elaborate on that?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URI class has a lot of internal fields, the object size itself is 80 bytes and each internal string adds more and more e.g. URI.create("https://github.com/igniterealtime/Smack/pull/557") took 400 bytes in memory (checked with JOL).
And the parsing itself also needs for CPU.
But there is no any logic that needs the parsed URI. We just need to show the link to a user.


/**
* Create a new IdleElement with the current date as date of last user interaction.
*
* @param id Stanza Id
* @param method HTTP method
* @param url requested URL
*/
public ConfirmExtension(String id, String method, String url) {
this.id = id;
this.method = method;
this.url = url;
}

/**
* Return the Id attr-value of confirm extension.
*
* @return id of attr-value confirm extension
*/
public String getId() {
return id;
}

/**
* Return the method attr-value of confirm extension.
*
* @return the method attr-value of confirm extension
*/
public String getMethod() {
return method;
}

/**
* Return the url attr-value of confirm extension.
*
* @return the url attr-value of confirm extension
*/
public String getUrl() {
return url;
}

@Override
public String getNamespace() {
return NAMESPACE;
}

@Override
public String getElementName() {
return ELEMENT;
}

/**
* Extraction of Confirm Extension from message.
* @param message received message
* @return Confirm extension
*/
public static ConfirmExtension from(Message message) {
return message.getExtension(ConfirmExtension.class);
}

@Override
public XmlStringBuilder toXML(org.jivesoftware.smack.packet.XmlEnvironment enclosingNamespace) {
return new XmlStringBuilder(this)
.attribute(ATTR_ID, id)
.attribute(ATTR_METHOD, method)
.attribute(ATTR_URL, url)
.closeEmptyElement();
}
}
21 changes: 21 additions & 0 deletions .../src/main/java/org/jivesoftware/smackx/httpauthorizationrequest/element/package-info.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/**
*
* Copyright 2017 Paul Schaub
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

/**
* Smack's API for XEP-0070: Verifying HTTP Requests via XMPP.
*/
package org.jivesoftware.smackx.httpauthorizationrequest.element;
Loading