Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add JitsiXmppStringprep #105

Merged
merged 13 commits into from
Apr 26, 2024
Merged

Add JitsiXmppStringprep #105

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
58b2245
minor: Fix log message, formatting.
bgrozev Apr 23, 2024
e6bd67f
Add JitsiXmppStringprep.
bgrozev Apr 23, 2024
4cfc3e7
test: Move JidTest from jicofo.
bgrozev Apr 23, 2024
894500b
Add tests for JIDs with _, allow in any position.
bgrozev Apr 23, 2024
b97e588
test: Add XmlStringBuilderPerfTest.
bgrozev Apr 23, 2024
0d826aa
chore: Update to smack 4.4.8.
bgrozev Apr 23, 2024
caa39a9
test:Add another invalid JID.
bgrozev Apr 23, 2024
6b23236
squash: Fix typo.
bgrozev Apr 24, 2024
fdbbe55
feat: Implement the LDHU test explicitly, test IDNs.
bgrozev Apr 25, 2024
5582784
Add some more test cases.
bgrozev Apr 25, 2024
d14f2ee
Also accept % in domain labels.
bgrozev Apr 25, 2024
9d0d4bd
Add a flag to control the use of JitsiXmppStringprep.
bgrozev Apr 25, 2024
29be535
squash: Add a P to function name and log message.
bgrozev Apr 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
<packaging>bundle</packaging>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Make sure this matches the version of the jxmpp artifacts inheriteb from smack. -->
bgrozev marked this conversation as resolved.
Show resolved Hide resolved
<jxmpp.version>1.0.3</jxmpp.version>
<smack.version>4.4.6</smack.version>
<junit.version>5.10.0</junit.version>
<kotlin.version>1.9.10</kotlin.version>
Expand Down Expand Up @@ -39,6 +41,11 @@
<artifactId>smack-xmlparser-stax</artifactId>
<version>${smack.version}</version>
</dependency>
<dependency>
<groupId>org.jxmpp</groupId>
<artifactId>jxmpp-stringprep-rocksxmppprecis</artifactId>
<version>${jxmpp.version}</version>
</dependency>
<dependency>
<groupId>org.jitsi</groupId>
<artifactId>jitsi-utils</artifactId>
Expand Down
49 changes: 49 additions & 0 deletions src/main/kotlin/org/jitsi/xmpp/Smack.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
/*
* Copyright @ 2024 - present 8x8, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jitsi.xmpp

import org.jitsi.utils.logging2.createLogger
import org.jitsi.xmpp.stringprep.JitsiXmppStringprep
import org.jivesoftware.smack.SmackConfiguration
import org.jivesoftware.smack.parsing.ExceptionLoggingCallback
import org.jivesoftware.smackx.bytestreams.socks5.Socks5Proxy
import org.jxmpp.JxmppContext
import org.jxmpp.jid.impl.JidCreate

object Smack {
val logger = createLogger()

fun initialize() {
logger.info("Setting XML parsing limits.")
System.setProperty("jdk.xml.entityExpansionLimit", "0")
System.setProperty("jdk.xml.maxOccurLimit", "0")
System.setProperty("jdk.xml.elementAttributeLimit", "524288")
System.setProperty("jdk.xml.totalEntitySizeLimit", "0")
System.setProperty("jdk.xml.maxXMLNameLimit", "524288")
System.setProperty("jdk.xml.entityReplacementLimit", "0")

// Force XmppStringPrepUtil to load before we override the context, otherwise it gets reverted.
// https://github.com/igniterealtime/jxmpp/pull/44
JidCreate.from("example.com")
logger.info("Using JitsiXmppStringprep.")
JxmppContext.setDefaultXmppStringprep(JitsiXmppStringprep.INSTANCE)

// if there is a parsing error, do not break the connection to the server(the default behaviour) as we need
// it for the other conferences.
SmackConfiguration.setDefaultParsingExceptionCallback(ExceptionLoggingCallback())
Socks5Proxy.setLocalSocks5ProxyEnabled(false)
}
}
76 changes: 76 additions & 0 deletions src/main/kotlin/org/jitsi/xmpp/stringprep/JitsiXmppStringprep.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
/*
* Copyright @ 2024 - present 8x8, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jitsi.xmpp.stringprep

import org.jxmpp.stringprep.XmppStringprep
import org.jxmpp.stringprep.XmppStringprepException
import org.jxmpp.stringprep.rocksxmppprecis.RocksXmppPrecisStringprep
import rocks.xmpp.precis.PrecisProfile
import java.net.IDN
import java.text.Normalizer
import java.util.regex.Pattern

/**
* Extends [RocksXmppPrecisStringprep] to allow underscores (_) in the domain part.
*
* This is needed because jitsi-meet URLs of the form https://domain/tenant/room get translated into a JID of the
* form [email protected], and the tenant field has been allowed to use underscores for a long time (in
* fact '.' in the tenant is translated into '_').
*/
class JitsiXmppStringprep : XmppStringprep by RocksXmppPrecisStringprep.INSTANCE {
override fun domainprep(string: String?): String {
try {
return idnWithUnderscoreProfile.enforce(string)
} catch (e: IllegalArgumentException) {
throw XmppStringprepException(string, e)
}
}

companion object {
val INSTANCE = JitsiXmppStringprep()
private val idnWithUnderscoreProfile = IDNWithUnderscoreProfile()
}
}

/**
* Based on [PrecisProfiles.IDN], but allows underscores.
*/
class IDNWithUnderscoreProfile : PrecisProfile(false) {
override fun prepare(input: CharSequence): String {
val str = input.toString()
val strNoUnderscore = str.trim('_').trimEnd('_').replace('_', '-')

// Throws if [strNoUnderscore] contains invalid characters
IDN.toASCII(strNoUnderscore, IDN.USE_STD3_ASCII_RULES)

return IDN.toUnicode(IDN.toASCII(str), IDN.USE_STD3_ASCII_RULES)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand what this will do with actual IDNs (domains that have unicode and/or the IDN encoding --xn--). Do we want to write tests for this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what's going here, but please be careful with Java and IDN, as per this comment: dnsjava/dnsjava#207 (comment) (disregard the specifics for dnsjava).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! It does indeed convert "ß" to "ss" under the few openjdk versions I tried. I've added a test to document it, but I think it should be fine for our purpose here.

For context: we're adding stricter validation of the JIDs used in jicofo (and the other components) to prevent obviously invalid JIDs to be processed. But we've been using _ and % as part of the "tenant" for years and prefer to continue accepting to prevent breaking conference URLs that used to work. Unicode characters in the URL are urlencoded before they are used in JIDs, so in practice this shouldn't affect URLs that use unicode.

As an example the URL https://meet.jit.si/fuß.ball/foo ends up using the following MUC JID: [email protected]%c3%9f_ball.meet.jit.si. The domain part is invalid due to % and _, but we want to allow it anyway.

}

override fun applyWidthMappingRule(charSequence: CharSequence) = widthMap(charSequence)
override fun applyAdditionalMappingRule(charSequence: CharSequence) =
LABEL_SEPARATOR.matcher(charSequence).replaceAll(".")
override fun applyCaseMappingRule(charSequence: CharSequence) = charSequence.toString().lowercase()

override fun applyNormalizationRule(charSequence: CharSequence) =
Normalizer.normalize(charSequence, Normalizer.Form.NFC)

override fun applyDirectionalityRule(charSequence: CharSequence) = charSequence

companion object {
private const val DOTS: String = "[.\u3002\uFF0E\uFF61]"
private val LABEL_SEPARATOR: Pattern = Pattern.compile(DOTS)
}
}