Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Timesheets
Builds
Packages
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #1309
Avoid generating certificates for unknown VHosts (#1309)
Closed
wojciech.kapcia@tigase.net opened 3 years ago

Recently there are a lot of requests to non-existent VHosts causing generation of certificates. Those should be rejected:

[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.processSocketData(): READ:<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' to='54.184.47.243' version='1.0'> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.otherXML() : Other XML content: ?xml version='1.0'?
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Start element name: stream:stream
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Element attributes names: [xmlns:stream, xmlns, xml:lang, to, version, null]
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Element attributes values: [http://etherx.jabber.org/streams, jabber:client, en, 54.184.47.243, 1.0, null]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Namespace found: http://etherx.jabber.org/streams
[2022-02-14 08:49:20:753] [FINER   ] [      pool-35-thread-8 ] S2SConnectionManager.xmppStreamOpened(): Stream opened: {xmlns:stream=http://etherx.jabber.org/streams, xmlns=jabber:client, xml:lang=en, to=54.184.47.243, version=1.0} [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] StreamOpen.streamOpened()        : Accept Stream opened for unknown CID, session id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7 [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] SaslExternal.canAddSaslToFeatures(): Not adding SASL-EXTERNAL feature, tlsEstablished: false (result: null), skipDomain: false, localCertTrusted: false (result: null) [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] AuthenticatorSelectorManager.getAuthenticationProcessors(): preparing empty processor list!
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] StreamFeatures.streamOpened()    : Sending stream features: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.addPacketToSend()  : Added packet to send: from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features>, SIZE=132, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null, STABLE_ID=null [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINER   ] [      pool-35-thread-8 ] S2SConnectionManager.xmppStreamOpened(): Sending stream open: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7' version='1.0'> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.xmppStreamOpened() : Sending data: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7' version='1.0'> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:754] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.processWaitingPackets(): Sending packet: from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features>, SIZE=132, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null, STABLE_ID=null [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:754] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.processWaitingPackets(): SENT: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.processSocketData(): READ:<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Start element name: starttls
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Element attributes names: [xmlns, null, null, null, null, null]
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Element attributes values: [urn:ietf:params:xml:ns:xmpp-tls, null, null, null, null, null]
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.endElement(): End element name: starttls
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.endElement(): Adding new request: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.moveParsedPacketsToReceived(): Read packet: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] S2SConnectionManager.processSocketData(): Processing socket data: from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>, SIZE=51, XMLNS=urn:ietf:params:xml:ns:xmpp-tls, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null, STABLE_ID=null [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] StartTLS.process()               : Sending packet: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] StartTLS.process()               : Starting TLS handshaking server side. [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:070] [INFO    ] [      pool-35-thread-8 ] SSLContextContainerAbstract.createContextHolder(): Key manager for hostname: 54.184.47.243 doesnt exist, generating new one
[2022-02-14 08:49:21:251] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Adding certificate entry for alias: *.54.184.47.243. Saving to disk: true, entry: Private key: SunRsaSign RSA private CRT key, 1024 bits
  params: null
  modulus: 91985168568720945475609275604488353657287216690298060085376129690808612286513675633953461470157504816337877166114662366304275121003174753669525619481800163849374485563791226647518231145115297969298188232251299129588251195753092735347785539911509382561827367434706741740542567409849699902897116278141460986183
  private exponent: 68137265870227917345300027366151816785123902855596222361485414223568288021439688989821089469006305275095573262526548350315201184433527955073329428008048427942125033226791192467067367329722598320694705340675525095290330769771414186463466903197406965299855327260168866032855722485342810865862633264164352049073
[
[
  Version: V1
  Subject: CN=*.54.184.47.243, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  params: null
  modulus: 91985168568720945475609275604488353657287216690298060085376129690808612286513675633953461470157504816337877166114662366304275121003174753669525619481800163849374485563791226647518231145115297969298188232251299129588251195753092735347785539911509382561827367434706741740542567409849699902897116278141460986183
  public exponent: 65537
  Validity: [From: Mon Feb 14 08:49:21 UTC 2022,
               To: Tue Feb 14 08:49:21 UTC 2023]
  Issuer: CN=*.54.184.47.243, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  SerialNumber: [    620a1791]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 2D 36 E3 A5 8F FB BB 73   2E DD FC 48 3B 18 26 7C  -6.....s...H;.&.
0010: AA 19 44 22 FA 6F 30 3B   4E 1A B6 C5 92 DD 87 0C  ..D".o0;N.......
0020: AF 0C 0C AB B8 D5 86 37   CF 86 37 85 79 4A 47 7D  .......7..7.yJG.
0030: 19 2F E7 71 17 E5 79 CC   F8 1A E3 EB E8 C2 16 A2  ./.q..y.........
0040: E0 BF 43 99 91 CC 82 27   8C 1D B4 61 C2 AE A6 67  ..C....'...a...g
0050: 08 2F D8 28 8C C3 33 A7   8A C9 CC D5 DB 29 E8 5E  ./.(..3......).^
0060: B3 BA 1D 71 D8 68 61 06   0D FA F8 3C E9 B2 F7 7B  ...q.ha....<....
0070: B5 34 8B BD F7 3F BA 12   95 C8 D8 4C D2 5E BB 6D  .4...?.....L.^.m

]
[2022-02-14 08:49:21:252] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Removing RootCA from certificate chain.
[2022-02-14 08:49:21:258] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Certificate present with domains: [*.54.184.47.243]. Replacing in collections, kmfs domains: […]. Certificate: [
[
  Version: V1
  Subject: CN=*.54.184.47.243, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  params: null
  modulus: 91985168568720945475609275604488353657287216690298060085376129690808612286513675633953461470157504816337877166114662366304275121003174753669525619481800163849374485563791226647518231145115297969298188232251299129588251195753092735347785539911509382561827367434706741740542567409849699902897116278141460986183
  public exponent: 65537
  Validity: [From: Mon Feb 14 08:49:21 UTC 2022,
               To: Tue Feb 14 08:49:21 UTC 2023]
  Issuer: CN=*.54.184.47.243, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  SerialNumber: [    620a1791]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 2D 36 E3 A5 8F FB BB 73   2E DD FC 48 3B 18 26 7C  -6.....s...H;.&.
0010: AA 19 44 22 FA 6F 30 3B   4E 1A B6 C5 92 DD 87 0C  ..D".o0;N.......
0020: AF 0C 0C AB B8 D5 86 37   CF 86 37 85 79 4A 47 7D  .......7..7.yJG.
0030: 19 2F E7 71 17 E5 79 CC   F8 1A E3 EB E8 C2 16 A2  ./.q..y.........
0040: E0 BF 43 99 91 CC 82 27   8C 1D B4 61 C2 AE A6 67  ..C....'...a...g
0050: 08 2F D8 28 8C C3 33 A7   8A C9 CC D5 DB 29 E8 5E  ./.(..3......).^
0060: B3 BA 1D 71 D8 68 61 06   0D FA F8 3C E9 B2 F7 7B  ...q.ha....<....
0070: B5 34 8B BD F7 3F BA 12   95 C8 D8 4C D2 5E BB 6D  .4...?.....L.^.m

]
[2022-02-14 08:49:21:259] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Certificate present with domains: [*.54.184.47.243]. Collections after domain removal, kmfs domains: […]
[2022-02-14 08:49:21:263] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Storing to repository, certificate entry for alias: *.54.184.47.243 with SerialNumber: Optional[620a1791]
[2022-02-14 08:49:21:264] [FINEST  ] [      pool-35-thread-8 ] ConfigRepository.addItem()       : Adding item: CertificateItem{alias='54.184.47.243', fingerprint='ccdd8ad68dbf0ffe2b43142dbca539b91ed058d1', isDefault=false, serialNumber='620a1791'}
[2022-02-14 08:49:21:264] [FINEST  ] [      pool-35-thread-8 ] ConfigRepository.addItemNoStore(): No repoChangeListener for: CertificateItem{alias='54.184.47.243', fingerprint='ccdd8ad68dbf0ffe2b43142dbca539b91ed058d1', isDefault=false, serialNumber='620a1791'}
[2022-02-14 08:49:21:283] [WARNING ] [      pool-35-thread-8 ] CertificateContainer.createCertificate(): Auto-generated certificate for domain: 54.184.47.243
wojciech.kapcia@tigase.net commented 3 years ago 
[2021-11-09 03:34:56:808] [FINEST  ] [      pool-35-thread-9 ] IOService.readData()             : Decoded character data: <?xml version='1.0' ?>
<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='ec2-44-239-220-13.us-west-2.compute.amazonaws.com' version='1.0'>
 [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:808] [FINEST  ] [      pool-35-thread-9 ] IOService.isConnected()          : Connected: true [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:808] [FINER   ] [      pool-35-thread-9 ] S2SConnectionManager.xmppStreamOpened(): Stream opened: {xmlns:stream=http://etherx.jabber.org/streams, xmlns=jabber:client, to=ec2-44-239-220-13.us-west-2.compute.amazonaws.com, version=1.0} [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 402c0a9c-07da-4ae9-b022-3d42a0bea689, jid: null, S2SIOService, UniqueId: 172.24.0.2_5269_172.31.40.134_29908, type: <- incoming (accept), SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:808] [FINEST  ] [      pool-35-thread-9 ] StreamOpen.streamOpened()        : Accept Stream opened for unknown CID, session id: 402c0a9c-07da-4ae9-b022-3d42a0bea689 [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 402c0a9c-07da-4ae9-b022-3d42a0bea689, jid: null, S2SIOService, UniqueId: 172.24.0.2_5269_172.31.40.134_29908, type: <- incoming (accept), SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:808] [FINEST  ] [      pool-35-thread-9 ] SaslExternal.canAddSaslToFeatures(): Not adding SASL-EXTERNAL feature, tlsEstablished: false (result: null), skipDomain: false, localCertTrusted: false (result: null) [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 402c0a9c-07da-4ae9-b022-3d42a0bea689, jid: null, S2SIOService, UniqueId: 172.24.0.2_5269_172.31.40.134_29908, type: <- incoming (accept), SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:809] [FINEST  ] [      pool-35-thread-9 ] AuthenticatorSelectorManager.getAuthenticationProcessors(): preparing empty processor list!
[2021-11-09 03:34:56:809] [FINEST  ] [      pool-35-thread-9 ] StreamFeatures.streamOpened()    : Sending stream features: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 402c0a9c-07da-4ae9-b022-3d42a0bea689, jid: null, S2SIOService, UniqueId: 172.24.0.2_5269_172.31.40.134_29908, type: <- incoming (accept), SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:809] [FINER   ] [      pool-35-thread-9 ] S2SConnectionManager.xmppStreamOpened(): Sending stream open: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='402c0a9c-07da-4ae9-b022-3d42a0bea689' version='1.0'> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 402c0a9c-07da-4ae9-b022-3d42a0bea689, jid: null, S2SIOService, UniqueId: 172.24.0.2_5269_172.31.40.134_29908, type: <- incoming (accept), SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:809] [FINEST  ] [      pool-35-thread-9 ] IOService.writeData()            : Writing data (175): <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='402c0a9c-07da-4ae9-b022-3d42a0bea689' version='1.0'> [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:809] [FINER   ] [      pool-35-thread-9 ] SocketIO.write()                 : SOCKET - Writing data, remaining: 175 [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:809] [FINER   ] [      pool-35-thread-9 ] SocketIO.write()                 : Wrote to channel 175 bytes [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:809] [FINEST  ] [      pool-35-thread-9 ] IOService.writeData()            : Wrote: 175 [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:809] [FINEST  ] [      pool-35-thread-9 ] IOService.writeData()            : Writing data (132): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features> [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:810] [FINER   ] [      pool-35-thread-9 ] SocketIO.write()                 : SOCKET - Writing data, remaining: 132 [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:810] [FINER   ] [      pool-35-thread-9 ] SocketIO.write()                 : Wrote to channel 132 bytes [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:810] [FINEST  ] [      pool-35-thread-9 ] IOService.writeData()            : Wrote: 132 [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:810] [FINEST  ] [      pool-35-thread-9 ] IOUtil$BufferCache.get()         : allocating buffer with size = 65,536
[2021-11-09 03:34:56:810] [FINER   ] [      pool-35-thread-9 ] SocketIO.read()                  : Read from channel 0 bytes [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:810] [FINEST  ] [      pool-35-thread-9 ] IOService.isConnected()          : Connected: true [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:810] [FINEST  ] [      pool-35-thread-9 ] IOService.isConnected()          : Connected: true [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:811] [FINEST  ] [      pool-35-thread-9 ] IOService.isConnected()          : Connected: true [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:811] [FINEST  ] [      pool-35-thread-9 ] IOService.isConnected()          : Connected: true [SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]]
[2021-11-09 03:34:56:811] [FINEST  ] [      pool-35-thread-9 ] SocketThread$ResultsListener.run(): COMPLETED: SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]
[2021-11-09 03:34:56:811] [FINEST  ] [      pool-35-thread-9 ] SocketThread.addSocketServicePriv(): Adding to waiting: CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 402c0a9c-07da-4ae9-b022-3d42a0bea689, jid: null, S2SIOService, UniqueId: 172.24.0.2_5269_172.31.40.134_29908, type: <- incoming (accept), SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]
[2021-11-09 03:34:56:811] [FINEST  ] [      pool-35-thread-9 ] SocketThread.run()               : Selector AWAKE: sun.nio.ch.EPollSelectorImpl@41b5bca5
[2021-11-09 03:34:56:811] [FINEST  ] [      pool-35-thread-9 ] SocketThread.addAllWaiting()     : waiting.size(): 1
[2021-11-09 03:34:56:811] [FINEST  ] [      pool-35-thread-9 ] SocketThread.addAllWaiting()     : ADDED OP_READ: SocketIO, ID: 172.24.0.2_5269_172.31.40.134_29908/3de8d535-1027-49da-82ae-b8d5c868b2f2, connected Socket[addr=/172.31.40.134,port=29908,localport=5269]
[2021-11-09 03:34:56:851] [FINEST  ] [      pool-35-thread-9 ] CertificateContainer.addCertificateEntry(): Adding certificate entry for alias: *.ec2-44-239-220-13.us-west-2.compute.amazonaws.com. Saving to disk: true, entry: Private key: SunRsaSign RSA private CRT key, 1024 bits
  params: null
  modulus: 132514634057419788103688578370694418842067759023296270776150929137157167969840569757123996266222048922350929400962599154498558992352224525019214417164257795953052585014928465658767849241482502512166402279068024907246402190314421856065336947615111510855900881455715339307490225911512696157209991471836190971803
  private exponent: 48537677808693745722706933850931832770859767083544058775676382103810943697697832934369310929256149722767811469400601075785249685084992442789359325022933729577213601980697782114710443185950584001902769604586918346835957321825672582009536649921397597181654183586114273324737028892836902908952631674674690771273
[
[
  Version: V1
  Subject: CN=*.ec2-44-239-220-13.us-west-2.compute.amazonaws.com, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  params: null
  modulus: 132514634057419788103688578370694418842067759023296270776150929137157167969840569757123996266222048922350929400962599154498558992352224525019214417164257795953052585014928465658767849241482502512166402279068024907246402190314421856065336947615111510855900881455715339307490225911512696157209991471836190971803
  public exponent: 65537
  Validity: [From: Tue Nov 09 03:34:56 UTC 2021,
               To: Wed Nov 09 03:34:56 UTC 2022]
  Issuer: CN=*.ec2-44-239-220-13.us-west-2.compute.amazonaws.com, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  SerialNumber: [    6189ec60]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 37 A1 05 47 F5 73 07 68   73 FB 3E 1F 3A 24 F6 05  7..G.s.hs.>.:$..
0010: 07 DF BF 4D 16 A7 DE 71   0E 7E C4 E8 A7 7E 7F EE  ...M...q........
0020: DE F9 19 2E 30 23 53 B1   8F 32 96 3C 82 AC 94 67  ....0#S..2.<...g
0030: 57 5D 0A 82 80 E7 EA 3D   56 79 11 4C AB D5 CA 2F  W].....=Vy.L.../
0040: C2 7B A5 1C F2 25 83 84   15 A1 40 1D A9 8E 4B 15  .....%....@...K.
0050: 70 99 9A 13 C4 CB 1E 77   18 1B 13 63 90 4C EA B4  p......w...c.L..
0060: C4 23 32 C5 04 82 59 2E   3E F2 84 B1 09 AB 12 E1  .#2...Y.>.......
0070: 31 4E C2 B2 BF BE 4B E6   B2 53 86 F9 82 75 7E B9  1N....K..S...u..

]
[2021-11-09 03:34:56:851] [FINEST  ] [      pool-35-thread-9 ] CertificateContainer.addCertificateEntry(): Removing RootCA from certificate chain.
[2021-11-09 03:34:56:852] [FINEST  ] [      pool-35-thread-9 ] CertificateContainer.addCertificateEntry(): Certificate present with domains: [*.ec2-44-239-220-13.us-west-2.compute.amazonaws.com]. Replacing in collections, kmfs domains: [*., *.314.im, *.beagle.im, *.choffee.co.uk, *.convorb.im, *.default, *.ec2-44-230-220-3.us-west-2.compute.amazonaws.com, *.ec2-44-239-220-13.us-west-2.compute.amazonaws.com, *.ec2-52-34-238-31.us-west-2.compute.amazonaws.com, *.ec2-52-40-51-241.us-west-2.compute.amazonaws.com, *.ec2-54-201-227-188.us-west-2.compute.amazonaws.com, *.ec2-54-213-203-36.us-west-2.compute.amazonaws.com, *.ec2-54-214-213-158.us-west-2.compute.amazonaws.com, *.foramina.net, *.heyden.eu, *.hubbitus.info, *.im.flosoft.biz, *.jabber.me, *.jabber.one, *.jabber.stv-fian.ru, *.jabber.today, *.kapcia.info, *.logbox.pl, *.marsjanin.tk, *.pandion.im, *.pandion.im., *.siskin.im, *.sure.im, *.tigase.chat, *.tigase.eu, *.tigase.im, *.tigase.me, *.trina.nl, *.xmpp.cloud, 314.im, beagle.im, blog.traeblain.com, choffee.co.uk, connyolivier.nl, convorb.im, default, ec2-44-230-220-3.us-west-2.compute.amazonaws.com, ec2-52-34-238-31.us-west-2.compute.amazonaws.com, ec2-52-40-51-241.us-west-2.compute.amazonaws.com, ec2-54-213-203-36.us-west-2.compute.amazonaws.com, ec2-54-214-213-158.us-west-2.compute.amazonaws.com, eikeland.se, flosoft.biz, heyden.eu, hubbitus.info, im.flosoft.biz, jabber.connyolivier.nl, jabber.me, jabber.one, jabber.stv-fian.ru, jabber.today, kapcia.info, marsjanin.tk, muc.jabber.today, muc.sure.im, muc.tigase.im, muc.xmpp.cloud, pandion.im, pubsub.hubbitus.info, pubsub.jabber.today, pubsub.tigase.im, push.tigase.im, siskin.im, sure.im, tigase.chat, tigase.eu, tigase.im, tigase.me, traeblain.com, trina.nl, xmpp.cloud], cens domains: [*., *.314.im, *.beagle.im, *.choffee.co.uk, *.convorb.im, *.default, *.ec2-44-230-220-3.us-west-2.compute.amazonaws.com, *.ec2-44-239-220-13.us-west-2.compute.amazonaws.com, *.ec2-52-34-238-31.us-west-2.compute.amazonaws.com, *.ec2-52-40-51-241.us-west-2.compute.amazonaws.com, *.ec2-54-201-227-188.us-west-2.compute.amazonaws.com, *.ec2-54-213-203-36.us-west-2.compute.amazonaws.com, *.ec2-54-214-213-158.us-west-2.compute.amazonaws.com, *.foramina.net, *.heyden.eu, *.hubbitus.info, *.im.flosoft.biz, *.jabber.me, *.jabber.one, *.jabber.stv-fian.ru, *.jabber.today, *.kapcia.info, *.logbox.pl, *.marsjanin.tk, *.pandion.im, *.pandion.im., *.siskin.im, *.sure.im, *.tigase.chat, *.tigase.eu, *.tigase.im, *.tigase.me, *.trina.nl, *.xmpp.cloud, 314.im, beagle.im, blog.traeblain.com, choffee.co.uk, connyolivier.nl, convorb.im, default, ec2-44-230-220-3.us-west-2.compute.amazonaws.com, ec2-52-34-238-31.us-west-2.compute.amazonaws.com, ec2-52-40-51-241.us-west-2.compute.amazonaws.com, ec2-54-213-203-36.us-west-2.compute.amazonaws.com, ec2-54-214-213-158.us-west-2.compute.amazonaws.com, eikeland.se, flosoft.biz, heyden.eu, hubbitus.info, im.flosoft.biz, jabber.connyolivier.nl, jabber.me, jabber.one, jabber.stv-fian.ru, jabber.today, kapcia.info, marsjanin.tk, pandion.im, siskin.im, sure.im, tigase.chat, tigase.eu, tigase.im, tigase.me, traeblain.com, trina.nl, xmpp.cloud]. Certificate: [
[
  Version: V1
  Subject: CN=*.ec2-44-239-220-13.us-west-2.compute.amazonaws.com, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  params: null
  modulus: 132514634057419788103688578370694418842067759023296270776150929137157167969840569757123996266222048922350929400962599154498558992352224525019214417164257795953052585014928465658767849241482502512166402279068024907246402190314421856065336947615111510855900881455715339307490225911512696157209991471836190971803
  public exponent: 65537
  Validity: [From: Tue Nov 09 03:34:56 UTC 2021,
               To: Wed Nov 09 03:34:56 UTC 2022]
  Issuer: CN=*.ec2-44-239-220-13.us-west-2.compute.amazonaws.com, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  SerialNumber: [    6189ec60]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 37 A1 05 47 F5 73 07 68   73 FB 3E 1F 3A 24 F6 05  7..G.s.hs.>.:$..
0010: 07 DF BF 4D 16 A7 DE 71   0E 7E C4 E8 A7 7E 7F EE  ...M...q........
0020: DE F9 19 2E 30 23 53 B1   8F 32 96 3C 82 AC 94 67  ....0#S..2.<...g
0030: 57 5D 0A 82 80 E7 EA 3D   56 79 11 4C AB D5 CA 2F  W].....=Vy.L.../
0040: C2 7B A5 1C F2 25 83 84   15 A1 40 1D A9 8E 4B 15  .....%....@...K.
0050: 70 99 9A 13 C4 CB 1E 77   18 1B 13 63 90 4C EA B4  p......w...c.L..
0060: C4 23 32 C5 04 82 59 2E   3E F2 84 B1 09 AB 12 E1  .#2...Y.>.......
0070: 31 4E C2 B2 BF BE 4B E6   B2 53 86 F9 82 75 7E B9  1N....K..S...u..

]
[2021-11-09 03:34:56:853] [FINEST  ] [      pool-35-thread-9 ] CertificateContainer.addCertificateEntry(): Certificate present with domains: [*.ec2-44-239-220-13.us-west-2.compute.amazonaws.com]. Collections after domain removal, kmfs domains: [*., *.314.im, *.beagle.im, *.choffee.co.uk, *.convorb.im, *.default, *.ec2-44-230-220-3.us-west-2.compute.amazonaws.com, *.ec2-44-239-220-13.us-west-2.compute.amazonaws.com, *.ec2-52-34-238-31.us-west-2.compute.amazonaws.com, *.ec2-52-40-51-241.us-west-2.compute.amazonaws.com, *.ec2-54-201-227-188.us-west-2.compute.amazonaws.com, *.ec2-54-213-203-36.us-west-2.compute.amazonaws.com, *.ec2-54-214-213-158.us-west-2.compute.amazonaws.com, *.foramina.net, *.heyden.eu, *.hubbitus.info, *.im.flosoft.biz, *.jabber.me, *.jabber.one, *.jabber.stv-fian.ru, *.jabber.today, *.kapcia.info, *.logbox.pl, *.marsjanin.tk, *.pandion.im, *.pandion.im., *.siskin.im, *.sure.im, *.tigase.chat, *.tigase.eu, *.tigase.im, *.tigase.me, *.trina.nl, *.xmpp.cloud, 314.im, beagle.im, blog.traeblain.com, choffee.co.uk, connyolivier.nl, convorb.im, default, ec2-44-230-220-3.us-west-2.compute.amazonaws.com, ec2-52-34-238-31.us-west-2.compute.amazonaws.com, ec2-52-40-51-241.us-west-2.compute.amazonaws.com, ec2-54-213-203-36.us-west-2.compute.amazonaws.com, ec2-54-214-213-158.us-west-2.compute.amazonaws.com, eikeland.se, flosoft.biz, heyden.eu, hubbitus.info, im.flosoft.biz, jabber.connyolivier.nl, jabber.me, jabber.one, jabber.stv-fian.ru, jabber.today, kapcia.info, marsjanin.tk, muc.jabber.today, muc.sure.im, muc.tigase.im, muc.xmpp.cloud, pandion.im, pubsub.hubbitus.info, pubsub.jabber.today, pubsub.tigase.im, push.tigase.im, siskin.im, sure.im, tigase.chat, tigase.eu, tigase.im, tigase.me, traeblain.com, trina.nl, xmpp.cloud], cens domains: [*., *.314.im, *.beagle.im, *.choffee.co.uk, *.convorb.im, *.default, *.ec2-44-230-220-3.us-west-2.compute.amazonaws.com, *.ec2-44-239-220-13.us-west-2.compute.amazonaws.com, *.ec2-52-34-238-31.us-west-2.compute.amazonaws.com, *.ec2-52-40-51-241.us-west-2.compute.amazonaws.com, *.ec2-54-201-227-188.us-west-2.compute.amazonaws.com, *.ec2-54-213-203-36.us-west-2.compute.amazonaws.com, *.ec2-54-214-213-158.us-west-2.compute.amazonaws.com, *.foramina.net, *.heyden.eu, *.hubbitus.info, *.im.flosoft.biz, *.jabber.me, *.jabber.one, *.jabber.stv-fian.ru, *.jabber.today, *.kapcia.info, *.logbox.pl, *.marsjanin.tk, *.pandion.im, *.pandion.im., *.siskin.im, *.sure.im, *.tigase.chat, *.tigase.eu, *.tigase.im, *.tigase.me, *.trina.nl, *.xmpp.cloud, 314.im, beagle.im, blog.traeblain.com, choffee.co.uk, connyolivier.nl, convorb.im, default, ec2-44-230-220-3.us-west-2.compute.amazonaws.com, ec2-52-34-238-31.us-west-2.compute.amazonaws.com, ec2-52-40-51-241.us-west-2.compute.amazonaws.com, ec2-54-213-203-36.us-west-2.compute.amazonaws.com, ec2-54-214-213-158.us-west-2.compute.amazonaws.com, eikeland.se, flosoft.biz, heyden.eu, hubbitus.info, im.flosoft.biz, jabber.connyolivier.nl, jabber.me, jabber.one, jabber.stv-fian.ru, jabber.today, kapcia.info, marsjanin.tk, pandion.im, siskin.im, sure.im, tigase.chat, tigase.eu, tigase.im, tigase.me, traeblain.com, trina.nl, xmpp.cloud]
[2021-11-09 03:34:56:853] [FINEST  ] [      pool-35-thread-9 ] CertificateContainer.addCertificateEntry(): Storing to repository, certificate entry for alias: *.ec2-44-239-220-13.us-west-2.compute.amazonaws.com with SerialNumber: Optional[6189ec60]
[2021-11-09 03:34:56:853] [FINEST  ] [      pool-35-thread-9 ] ConfigRepository.addItem()       : Adding item: CertificateItem{alias='ec2-44-239-220-13.us-west-2.compute.amazonaws.com', fingerprint='fb1e990bb573d87bf62598ddc0fcc50e68a27534', isDefault=false, serialNumber='6189ec60'}
[2021-11-09 03:34:56:853] [FINEST  ] [      pool-35-thread-9 ] ConfigRepository.addItemNoStore(): No repoChangeListener for: CertificateItem{alias='ec2-44-239-220-13.us-west-2.compute.amazonaws.com', fingerprint='fb1e990bb573d87bf62598ddc0fcc50e68a27534', isDefault=false, serialNumber='6189ec60'}
[2021-11-09 03:34:56:857] [FINEST  ] [      pool-35-thread-9 ] JDBCRepository.getNodeNID()      : select nid as nid1 from tig_nodes where (uid = 181693) AND (parent_nid is null) AND (node = 'root')
[2021-11-09 03:34:56:859] [FINEST  ] [      pool-35-thread-9 ] JDBCRepository.setData()         : Saving data setting data, user_id: certificate-manager, subnode: null, key: items-lists, uid: 181,693, nid: 669,465, value: <certificate is-default="false" alias="*." fingerprint="8a7e88d04fd18ef85ef220886807d3941103a525" serial-number="5ea6dba1">…
</certificate>
[2021-11-09 03:34:56:895] [WARNING ] [      pool-35-thread-9 ] CertificateContainer.createCertificate(): Auto-generated certificate for domain: ec2-44-239-220-13.us-west-2.compute.amazonaws.com
wojciech.kapcia@tigase.net commented 3 years ago 
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.processSocketData(): READ:<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' to='54.184.47.243' version='1.0'> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.otherXML() : Other XML content: ?xml version='1.0'?
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Start element name: stream:stream
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Element attributes names: [xmlns:stream, xmlns, xml:lang, to, version, null]
[2022-02-14 08:49:20:752] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Element attributes values: [http://etherx.jabber.org/streams, jabber:client, en, 54.184.47.243, 1.0, null]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Namespace found: http://etherx.jabber.org/streams
[2022-02-14 08:49:20:753] [FINER   ] [      pool-35-thread-8 ] S2SConnectionManager.xmppStreamOpened(): Stream opened: {xmlns:stream=http://etherx.jabber.org/streams, xmlns=jabber:client, xml:lang=en, to=54.184.47.243, version=1.0} [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] StreamOpen.streamOpened()        : Accept Stream opened for unknown CID, session id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7 [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] SaslExternal.canAddSaslToFeatures(): Not adding SASL-EXTERNAL feature, tlsEstablished: false (result: null), skipDomain: false, localCertTrusted: false (result: null) [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] AuthenticatorSelectorManager.getAuthenticationProcessors(): preparing empty processor list!
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] StreamFeatures.streamOpened()    : Sending stream features: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.addPacketToSend()  : Added packet to send: from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features>, SIZE=132, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null, STABLE_ID=null [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINER   ] [      pool-35-thread-8 ] S2SConnectionManager.xmppStreamOpened(): Sending stream open: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7' version='1.0'> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:753] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.xmppStreamOpened() : Sending data: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7' version='1.0'> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:754] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.processWaitingPackets(): Sending packet: from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features>, SIZE=132, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null, STABLE_ID=null [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:20:754] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.processWaitingPackets(): SENT: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/></stream:features> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.processSocketData(): READ:<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Start element name: starttls
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Element attributes names: [xmlns, null, null, null, null, null]
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.startElement(): Element attributes values: [urn:ietf:params:xml:ns:xmpp-tls, null, null, null, null, null]
[2022-02-14 08:49:21:069] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.endElement(): End element name: starttls
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] XMPPDomBuilderHandler.endElement(): Adding new request: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] XMPPIOService.moveParsedPacketsToReceived(): Read packet: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] S2SConnectionManager.processSocketData(): Processing socket data: from=null, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>, SIZE=51, XMLNS=urn:ietf:params:xml:ns:xmpp-tls, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null, STABLE_ID=null [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] StartTLS.process()               : Sending packet: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:070] [FINEST  ] [      pool-35-thread-8 ] StartTLS.process()               : Starting TLS handshaking server side. [CID: null, IN: 0, OUT: 0, authenticated: false, remote-session-id: 4b96b0a2-5fab-4aee-8b42-692ad1b2c2d7, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.26.0.3_5269_185.180.143.146_53514, type: <- incoming (accept), SocketIO, ID: 172.26.0.3_5269_185.180.143.146_53514/d8ed5dfc-db66-4867-9c36-c01b75f11699, connected Socket[addr=/185.180.143.146,port=53514,localport=5269]]
[2022-02-14 08:49:21:070] [INFO    ] [      pool-35-thread-8 ] SSLContextContainerAbstract.createContextHolder(): Key manager for hostname: 54.184.47.243 doesnt exist, generating new one
[2022-02-14 08:49:21:251] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Adding certificate entry for alias: *.54.184.47.243. Saving to disk: true, entry: Private key: SunRsaSign RSA private CRT key, 1024 bits
  params: null
  modulus: 91985168568720945475609275604488353657287216690298060085376129690808612286513675633953461470157504816337877166114662366304275121003174753669525619481800163849374485563791226647518231145115297969298188232251299129588251195753092735347785539911509382561827367434706741740542567409849699902897116278141460986183
  private exponent: 68137265870227917345300027366151816785123902855596222361485414223568288021439688989821089469006305275095573262526548350315201184433527955073329428008048427942125033226791192467067367329722598320694705340675525095290330769771414186463466903197406965299855327260168866032855722485342810865862633264164352049073
[
[
  Version: V1
  Subject: CN=*.54.184.47.243, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  params: null
  modulus: 91985168568720945475609275604488353657287216690298060085376129690808612286513675633953461470157504816337877166114662366304275121003174753669525619481800163849374485563791226647518231145115297969298188232251299129588251195753092735347785539911509382561827367434706741740542567409849699902897116278141460986183
  public exponent: 65537
  Validity: [From: Mon Feb 14 08:49:21 UTC 2022,
               To: Tue Feb 14 08:49:21 UTC 2023]
  Issuer: CN=*.54.184.47.243, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  SerialNumber: [    620a1791]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 2D 36 E3 A5 8F FB BB 73   2E DD FC 48 3B 18 26 7C  -6.....s...H;.&.
0010: AA 19 44 22 FA 6F 30 3B   4E 1A B6 C5 92 DD 87 0C  ..D".o0;N.......
0020: AF 0C 0C AB B8 D5 86 37   CF 86 37 85 79 4A 47 7D  .......7..7.yJG.
0030: 19 2F E7 71 17 E5 79 CC   F8 1A E3 EB E8 C2 16 A2  ./.q..y.........
0040: E0 BF 43 99 91 CC 82 27   8C 1D B4 61 C2 AE A6 67  ..C....'...a...g
0050: 08 2F D8 28 8C C3 33 A7   8A C9 CC D5 DB 29 E8 5E  ./.(..3......).^
0060: B3 BA 1D 71 D8 68 61 06   0D FA F8 3C E9 B2 F7 7B  ...q.ha....<....
0070: B5 34 8B BD F7 3F BA 12   95 C8 D8 4C D2 5E BB 6D  .4...?.....L.^.m

]
[2022-02-14 08:49:21:252] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Removing RootCA from certificate chain.
[2022-02-14 08:49:21:258] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Certificate present with domains: [*.54.184.47.243]. Replacing in collections, kmfs domains: [*.54.184.47.243, *.ec2-52-40-253-84.us-west-2.compute.amazonaws.com, *.ec2-54-184-47-243.us-west-2.compute.amazonaws.com, *.malkowscy.net, *.tigase.cloud, *.tigase.net, *.tigase.org, *.xmpp.tigase.tech, default, ec2-52-40-253-84.us-west-2.compute.amazonaws.com, ec2-54-184-47-243.us-west-2.compute.amazonaws.com, malkowscy.net, muc.tigase.org, pubsub.malkowscy.net, pubsub.tigase.org, tigase.cloud, tigase.net, tigase.org, xmpp.tigase.tech], cens domains: [*.54.184.47.243, *.ec2-52-40-253-84.us-west-2.compute.amazonaws.com, *.ec2-54-184-47-243.us-west-2.compute.amazonaws.com, *.malkowscy.net, *.tigase.cloud, *.tigase.net, *.tigase.org, *.xmpp.tigase.tech, default, ec2-52-40-253-84.us-west-2.compute.amazonaws.com, ec2-54-184-47-243.us-west-2.compute.amazonaws.com, malkowscy.net, tigase.cloud, tigase.net, tigase.org, xmpp.tigase.tech]. Certificate: [
[
  Version: V1
  Subject: CN=*.54.184.47.243, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  params: null
  modulus: 91985168568720945475609275604488353657287216690298060085376129690808612286513675633953461470157504816337877166114662366304275121003174753669525619481800163849374485563791226647518231145115297969298188232251299129588251195753092735347785539911509382561827367434706741740542567409849699902897116278141460986183
  public exponent: 65537
  Validity: [From: Mon Feb 14 08:49:21 UTC 2022,
               To: Tue Feb 14 08:49:21 UTC 2023]
  Issuer: CN=*.54.184.47.243, EMAILADDRESS=admin@tigase.org, OU=XMPP Service, O=Tigase.org
  SerialNumber: [    620a1791]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 2D 36 E3 A5 8F FB BB 73   2E DD FC 48 3B 18 26 7C  -6.....s...H;.&.
0010: AA 19 44 22 FA 6F 30 3B   4E 1A B6 C5 92 DD 87 0C  ..D".o0;N.......
0020: AF 0C 0C AB B8 D5 86 37   CF 86 37 85 79 4A 47 7D  .......7..7.yJG.
0030: 19 2F E7 71 17 E5 79 CC   F8 1A E3 EB E8 C2 16 A2  ./.q..y.........
0040: E0 BF 43 99 91 CC 82 27   8C 1D B4 61 C2 AE A6 67  ..C....'...a...g
0050: 08 2F D8 28 8C C3 33 A7   8A C9 CC D5 DB 29 E8 5E  ./.(..3......).^
0060: B3 BA 1D 71 D8 68 61 06   0D FA F8 3C E9 B2 F7 7B  ...q.ha....<....
0070: B5 34 8B BD F7 3F BA 12   95 C8 D8 4C D2 5E BB 6D  .4...?.....L.^.m

]
[2022-02-14 08:49:21:259] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Certificate present with domains: [*.54.184.47.243]. Collections after domain removal, kmfs domains: [*.54.184.47.243, *.ec2-52-40-253-84.us-west-2.compute.amazonaws.com, *.ec2-54-184-47-243.us-west-2.compute.amazonaws.com, *.malkowscy.net, *.tigase.cloud, *.tigase.net, *.tigase.org, *.xmpp.tigase.tech, default, ec2-52-40-253-84.us-west-2.compute.amazonaws.com, ec2-54-184-47-243.us-west-2.compute.amazonaws.com, malkowscy.net, muc.tigase.org, pubsub.malkowscy.net, pubsub.tigase.org, tigase.cloud, tigase.net, tigase.org, xmpp.tigase.tech], cens domains: [*.54.184.47.243, *.ec2-52-40-253-84.us-west-2.compute.amazonaws.com, *.ec2-54-184-47-243.us-west-2.compute.amazonaws.com, *.malkowscy.net, *.tigase.cloud, *.tigase.net, *.tigase.org, *.xmpp.tigase.tech, default, ec2-52-40-253-84.us-west-2.compute.amazonaws.com, ec2-54-184-47-243.us-west-2.compute.amazonaws.com, malkowscy.net, tigase.cloud, tigase.net, tigase.org, xmpp.tigase.tech]
[2022-02-14 08:49:21:263] [FINEST  ] [      pool-35-thread-8 ] CertificateContainer.addCertificateEntry(): Storing to repository, certificate entry for alias: *.54.184.47.243 with SerialNumber: Optional[620a1791]
[2022-02-14 08:49:21:264] [FINEST  ] [      pool-35-thread-8 ] ConfigRepository.addItem()       : Adding item: CertificateItem{alias='54.184.47.243', fingerprint='ccdd8ad68dbf0ffe2b43142dbca539b91ed058d1', isDefault=false, serialNumber='620a1791'}
[2022-02-14 08:49:21:264] [FINEST  ] [      pool-35-thread-8 ] ConfigRepository.addItemNoStore(): No repoChangeListener for: CertificateItem{alias='54.184.47.243', fingerprint='ccdd8ad68dbf0ffe2b43142dbca539b91ed058d1', isDefault=false, serialNumber='620a1791'}
[2022-02-14 08:49:21:283] [WARNING ] [      pool-35-thread-8 ] CertificateContainer.createCertificate(): Auto-generated certificate for domain: 54.184.47.243
wojciech.kapcia@tigase.net commented 3 years ago

Caused by incoming request not having from in stream opening stanza that weren't rejected. Included additional checking.
wojciech.kapcia@tigase.net commented 3 years ago

The change causes issue with s2s. It seems that attribs map doesn't have complete set of attributes from the payload (namely to and from seem to be missing causing the error). Happens only in outgoing connections

[2022-02-21 05:35:22.868] [DEBUG] [ConnectionOpenThread] tigase.server.ConnectionManager.serviceStarted(): [[s2s]] Connection started: CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.25.0.2_58576_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: null, connected Socket[addr=/172.104.234.182,port=5269,localport=58576]
[2022-02-21 05:35:22.869] [INFO ] [ConnectionOpenThread] tigase.server.xmppserver.S2SConnectionManager.serviceStarted(): s2s connection opened: CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.25.0.2_58576_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/0dd6c0b2-7924-46d7-9e57-c76bd3062a27, connected Socket[addr=/172.104.234.182,port=5269,localport=58576]
[2022-02-21 05:35:22.869] [TRACE] [ConnectionOpenThread] tigase.server.xmppserver.proc.StreamOpen.serviceStarted(): Sending: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' from='tigase.im' to='jabber.ru' version='1.0'> [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.25.0.2_58576_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/0dd6c0b2-7924-46d7-9e57-c76bd3062a27, connected Socket[addr=/172.104.234.182,port=5269,localport=58576]]
[2022-02-21 05:35:22.869] [TRACE] [ConnectionOpenThread] tigase.server.xmppserver.proc.AuthenticationProcessor.serviceStarted(): s2s connection opened, isHandshaking: false [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.25.0.2_58576_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/0dd6c0b2-7924-46d7-9e57-c76bd3062a27, connected Socket[addr=/172.104.234.182,port=5269,localport=58576]]
[2022-02-21 05:35:22.869] [TRACE] [ConnectionOpenThread] tigase.server.xmppserver.proc.AuthenticationProcessor.serviceStarted(): s2s connection opened, isHandshaking: false [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.25.0.2_58576_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/0dd6c0b2-7924-46d7-9e57-c76bd3062a27, connected Socket[addr=/172.104.234.182,port=5269,localport=58576]]
[2022-02-21 05:35:23.058] [DEBUG] [    pool-30-thread-6] tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(): Stream opened: {xmlns:stream=http://etherx.jabber.org/streams, xmlns=jabber:server, id=14106649002987162488, version=1.0, xmlns:db=jabber:server:dialback} [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.25.0.2_58576_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/0dd6c0b2-7924-46d7-9e57-c76bd3062a27, connected Socket[addr=/172.104.234.182,port=5269,localport=58576]]
[2022-02-21 05:35:23.059] [TRACE] [    pool-30-thread-6] tigase.server.xmppserver.proc.S2SAbstract.generateStreamError(): Sending stream error: improper-addressing: <stream:error><improper-addressing xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream> [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.25.0.2_58576_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/0dd6c0b2-7924-46d7-9e57-c76bd3062a27, connected Socket[addr=/172.104.234.182,port=5269,localport=58576]]
java.lang.Throwable: null
        at tigase.server.xmppserver.proc.S2SAbstract.generateStreamError(S2SAbstract.java:81)
        at tigase.server.xmppserver.proc.StreamOpen.streamOpened(StreamOpen.java:126)
        at tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(S2SConnectionManager.java:460)
        at tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(S2SConnectionManager.java:52)
        at tigase.xmpp.XMPPIOService.xmppStreamOpened(XMPPIOService.java:600)
        at tigase.xmpp.XMPPDomBuilderHandler.startElement(XMPPDomBuilderHandler.java:236)
        at tigase.xml.SimpleParser.parse(SimpleParser.java:293)
        at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:514)
        at tigase.net.IOService.call(IOService.java:205)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:155)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:54)
        at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)
wojciech.kapcia@tigase.net commented 3 years ago

After some more digging in: it affects only outgoing connections and it seems that only jabber.ru is affected... because it doesn't send from in response to stream opening, and per RFC6120: "For response stream headers in both client-to-server and server-to-server communication, the receiving entity MUST include the 'from' attribute and MUST set its value to one of the receiving entity's FQDNs (which MAY be an FQDN other than that specified in the 'to' attribute of the initial stream header, as described under Section 4.9.1.3 and Section 4.9.3.6). " though there's a note: "Interoperability Note: It is possible that implementations based on [RFC3920] will not include the 'from' address on any stream headers (even ones whose confidentiality and integrity are protected); an entity SHOULD be liberal in accepting such stream headers. "

Added exception for this case.

[2022-02-21 12:59:22.703] [DEBUG] [ConnectionOpenThread] tigase.server.ConnectionManager.serviceStarted(): [[s2s]] Connection started: CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: null, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: null, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]
[2022-02-21 12:59:22.703] [INFO ] [ConnectionOpenThread] tigase.server.xmppserver.S2SConnectionManager.serviceStarted(): s2s connection opened: CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.org@jabber.ru, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: tigase.org@jabber.ru/042e2b57-db30-489d-9568-97d976dd7c54, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]
[2022-02-21 12:59:22.703] [TRACE] [ConnectionOpenThread] tigase.server.xmppserver.proc.StreamOpen.serviceStarted(): Sending: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' from='tigase.org' to='jabber.ru' version='1.0'> [CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.org@jabber.ru, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: tigase.org@jabber.ru/042e2b57-db30-489d-9568-97d976dd7c54, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]]
[2022-02-21 12:59:22.704] [TRACE] [ConnectionOpenThread] tigase.xmpp.XMPPIOService.xmppStreamOpen(): Sending data: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' from='tigase.org' to='jabber.ru' version='1.0'> [CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.org@jabber.ru, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: tigase.org@jabber.ru/042e2b57-db30-489d-9568-97d976dd7c54, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]]
[2022-02-21 12:59:22.704] [TRACE] [ConnectionOpenThread] tigase.server.xmppserver.proc.AuthenticationProcessor.serviceStarted(): s2s connection opened, isHandshaking: false [CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.org@jabber.ru, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: tigase.org@jabber.ru/042e2b57-db30-489d-9568-97d976dd7c54, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]]
[2022-02-21 12:59:22.704] [TRACE] [ConnectionOpenThread] tigase.server.xmppserver.proc.AuthenticationProcessor.serviceStarted(): s2s connection opened, isHandshaking: false [CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.org@jabber.ru, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: tigase.org@jabber.ru/042e2b57-db30-489d-9568-97d976dd7c54, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]]
[2022-02-21 12:59:22.895] [TRACE] [    pool-35-thread-3] tigase.xmpp.XMPPIOService.processSocketData(): READ:<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='8725757630333250849' version='1.0'><stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='FCFOhNhFLEkQRjI8LiDmfRvdV1w='/></stream:features> [CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.org@jabber.ru, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: tigase.org@jabber.ru/042e2b57-db30-489d-9568-97d976dd7c54, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]]
[2022-02-21 12:59:22.895] [TRACE] [    pool-35-thread-3] tigase.xmpp.XMPPDomBuilderHandler.otherXML(): Other XML content: ?xml version='1.0'?
[2022-02-21 12:59:22.895] [TRACE] [    pool-35-thread-3] tigase.xmpp.XMPPDomBuilderHandler.startElement(): Start element name: stream:stream
[2022-02-21 12:59:22.895] [TRACE] [    pool-35-thread-3] tigase.xmpp.XMPPDomBuilderHandler.startElement(): Element attributes names: [xmlns:stream, xmlns, xmlns:db, id, version, null]
[2022-02-21 12:59:22.895] [TRACE] [    pool-35-thread-3] tigase.xmpp.XMPPDomBuilderHandler.startElement(): Element attributes values: [http://etherx.jabber.org/streams, jabber:server, jabber:server:dialback, 8725757630333250849, 1.0, null]
[2022-02-21 12:59:22.895] [TRACE] [    pool-35-thread-3] tigase.xmpp.XMPPDomBuilderHandler.startElement(): Namespace found: http://etherx.jabber.org/streams
[2022-02-21 12:59:22.895] [TRACE] [    pool-35-thread-3] tigase.xmpp.XMPPDomBuilderHandler.startElement(): Namespace found: jabber:server:dialback
[2022-02-21 12:59:22.895] [DEBUG] [    pool-35-thread-3] tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(): Stream opened: {xmlns:stream=http://etherx.jabber.org/streams, xmlns=jabber:server, id=8725757630333250849, version=1.0, xmlns:db=jabber:server:dialback} [CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.org@jabber.ru, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: tigase.org@jabber.ru/042e2b57-db30-489d-9568-97d976dd7c54, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]]
[2022-02-21 12:59:22.895] [TRACE] [    pool-35-thread-3] tigase.server.xmppserver.proc.S2SAbstract.generateStreamError(): Sending stream error: improper-addressing: <stream:error><improper-addressing xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream> [CID: tigase.org@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.org@jabber.ru, S2SIOService, UniqueId: 172.27.0.3_52992_172.104.226.29_5269, type: -> outgoing (connect), SocketIO, ID: tigase.org@jabber.ru/042e2b57-db30-489d-9568-97d976dd7c54, connected Socket[addr=/172.104.226.29,port=5269,localport=52992]]
java.lang.Throwable: null
        at tigase.server.xmppserver.proc.S2SAbstract.generateStreamError(S2SAbstract.java:81)
        at tigase.server.xmppserver.proc.StreamOpen.streamOpened(StreamOpen.java:126)
        at tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(S2SConnectionManager.java:460)
        at tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(S2SConnectionManager.java:52)
        at tigase.xmpp.XMPPIOService.xmppStreamOpened(XMPPIOService.java:600)
        at tigase.xmpp.XMPPDomBuilderHandler.startElement(XMPPDomBuilderHandler.java:236)
        at tigase.xml.SimpleParser.parse(SimpleParser.java:293)
        at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:514)
        at tigase.net.IOService.call(IOService.java:205)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:155)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:54)
wojciech.kapcia@tigase.net commented 3 years ago

One side effect: it's currently not possible to connect to Tigase's s2s ports with openssl as it is sending stream opening without "from" attribute.
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
wojciech.kapcia@tigase.net
Version
tigase-server-8.2.0
Spent time
3h 30m
Related
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#1309
Please wait...
Page is in error, reload to recover