Merge pull request #2220 from surevine/OF-2559_mina-to-netty

OF-2559: Introduce Netty for S2S & C2S

i18n/src/main/resources/openfire_i18n.properties

@@ -1659,6 +1659,7 @@ system_property.hybridAuthProvider.tertiaryProvider.className=The third class th
 system_property.admin.authorizedJIDs=The bare JID of every admin user for the DefaultAdminProvider
 system_property.xmpp.auth.ssl.context_protocol=The TLS protocol to use for encryption context initialization, overriding the Java default.
 system_property.xmpp.socket.ssl.active=Set to true to enable legacy encrypted connections for clients, otherwise false
+system_property.xmpp.socket.write-timeout-seconds=The write timeout time in seconds to handle stalled sessions and prevent DoS
 system_property.xmpp.component.ssl.active=Set to true to enable legacy encrypted connections for external components, otherwise false
 system_property.xmpp.server.startup.retry.delay=Set to a positive value to allow a retry of a failed startup after the specified duration.
 system_property.sasl.realm=The realm used for SASL authentication, which can be used when realms that are passed through SASL are different from the XMPP domain name.
@@ -1670,7 +1671,7 @@ system_property.sasl.scram-sha-1.iteration-count=The number of iterations when s
 system_property.xmpp.auth.anonymous=Set to true to allow anonymous login, otherwise false
 system_property.xmpp.auth.external.client.skip-cert-revalidation=Set to true to avoid validation of the client-provided PKIX certificate (for mutual authentication) other than the validation that happens when the TLS session is established.
 system_property.xmpp.auth.ssl.default-trustmanager-impl=The class to use as the default SSL/TLS TrustManager (which checks certificates from peers).
-system_property.xmpp.client.idle=How long, in milliseconds, before idle sessions are dropped. Set to -1 to never drop idle sessions.
+system_property.xmpp.client.idle=How long, in milliseconds, before idle client sessions are dropped. Set to -1 to never drop idle sessions.
 system_property.xmpp.client.idle.ping=Set to true to ping idle clients, otherwise false
 system_property.xmpp.client.version-query.enabled=Send a version request query to clients when they connect.
 system_property.xmpp.client.version-query.delay=After this amount of time has passed since a new client connection has been accepted, a version request is being sent to the peer.
@@ -1682,6 +1683,8 @@ system_property.xmpp.server.outgoing.max.threads=Minimum amount of threads in th
 system_property.xmpp.server.outgoing.min.threads=Maximum amount of threads in the thread pool that is used to establish outbound server-to-server connections
 system_property.xmpp.server.outgoing.threads-timeout=Amount of time after which idle, surplus threads are removed from the thread pool that is used to establish outbound server-to-server connections.
 system_property.xmpp.server.outgoing.queue=Maximum amount of outbound server-to-server connections that can be in process of establishment in the thread pool (surplus connections will be created on the calling thread, possibly / gracefully slowing down other operations considerably)
+system_property.xmpp.server.session.initialise-timeout=Maximum amount of time in seconds for an outbound S2S session to be initialised
+system_property.xmpp.server.idle=How long, in milliseconds, before idle inbound server sessions are dropped. Set to -1 to never drop idle sessions.
 system_property.cluster-monitor.service-enabled=Set to true to send messages to admins on cluster events, otherwise false
 system_property.ldap.override.avatar=Set to true to save avatars in the local database, otherwise false
 system_property.xmpp.domain=The XMPP domain of this server. Do not change this property directly, instead re-run the setup process.
@@ -2677,7 +2680,7 @@ ssl.certificates.trust-store.c2s=Trust store used for connections from clients
 
 ssl.certificates.store-management.title=Certificate Stores
 ssl.certificates.store-management.info-1=Certificates are used (through TLS and SSL protocols) to establish secure connections between servers and clients. When a secured connection is being created, parties can retrieve a certificate from the other party and (amongst others) examine the issuer of those certificates. If the issuer is trusted, a secured layer of communication can be established.
-ssl.certificates.store-management.info-2=Certificates are kept in specialized repositories, or &#39;stores&#39;. Openfire provides two types of stores: <ul><li><em>Identity stores</em> are used to store certificates that identify this instance of Openfire. On request, they certificates from these stores are transmitted to other parties which use them to identify your server. </li> <li><em>Trust stores</em> contain certificates that identify parties that you choose to trust. Trust stores often do not include the certificate from the remote party directly, but instead holds certificates from organizations that are trusted to identify the certificate of the remote party. Such organizations are commonly referred to as "Certificate Authorities".</li></ul>
+ssl.certificates.store-management.info-2=Certificates are kept in specialized repositories, or &#39;stores&#39;. Openfire provides two types of stores: <ul><li><em>Identity stores</em> are used to store certificates that identify this instance of Openfire. On request, the certificates from these stores are transmitted to other parties which use them to identify your server. </li> <li><em>Trust stores</em> contain certificates that identify parties that you choose to trust. Trust stores often do not include the certificate from the remote party directly, but instead holds certificates from organizations that are trusted to identify the certificate of the remote party. Such organizations are commonly referred to as "Certificate Authorities".</li></ul>
 ssl.certificates.store-management.info-3=This section of the admin panel is dedicated to management of the various key and trust stores that act as repositories for sets of security certificates.
 ssl.certificates.store-management.info-4=By default, a small set of stores is re-used for various purposes (as shown on this page), but Openfire <a href="security-certificate-store-management.jsp?showAll=true">allows you to configure a distinct set of stores for each connection type</a>.
 ssl.certificates.store-management.combined-stores.title=Certificate Stores

pom.xml

@@ -120,7 +120,7 @@
         <!-- Note; the following jetty.version should be identical to the jetty.version in plugins/pom.xml -->
         <jetty.version>9.4.43.v20210629</jetty.version>
         <standard-taglib.version>1.2.5</standard-taglib.version>
-        <mina.version>2.2.1</mina.version>
+        <netty.version>4.1.94.Final</netty.version>
         <bouncycastle.version>1.70</bouncycastle.version>
         <slf4j.version>1.7.36</slf4j.version>
         <log4j.version>2.17.1</log4j.version>
@@ -345,18 +345,6 @@
                     <fail>true</fail>
                 </configuration>
             </plugin>
-
-            <!--
-            The various MINA dependencies rely on OSGi bundle artifacts rather than standard JAR files.
-            As such, it's necessary to add support for these bundle to Maven using the Apache Felix maven-bundle-plugin.
-            See https://stackoverflow.com/a/5409602 for a good explanation of OSGi bundles, with links to more info.
-            -->
-            <plugin>
-                <groupId>org.apache.felix</groupId>
-                <artifactId>maven-bundle-plugin</artifactId>
-                <version>4.2.0</version>
-                <extensions>true</extensions>
-            </plugin>
         </plugins>
     </build>
 

xmppserver/pom.xml

@@ -285,23 +285,21 @@
             <version>${standard-taglib.version}</version>
         </dependency>
 
-        <!-- Apache MINA -->
+        <!-- Netty -->
         <dependency>
-            <groupId>org.apache.mina</groupId>
-            <artifactId>mina-core</artifactId>
-            <version>${mina.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.mina</groupId>
-            <artifactId>mina-integration-jmx</artifactId>
-            <version>${mina.version}</version>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-all</artifactId>
+            <version>${netty.version}</version>
         </dependency>
+
+        <!-- JZLib -->
         <dependency>
-            <groupId>org.apache.mina</groupId>
-            <artifactId>mina-filter-compression</artifactId>
-            <version>${mina.version}</version>
+            <groupId>com.jcraft</groupId>
+            <artifactId>jzlib</artifactId>
+            <version>1.1.3</version>
         </dependency>
 
+
         <!-- BouncyCastle -->
         <dependency>
             <groupId>org.bouncycastle</groupId>