XMPP binding configuration

[Jaume Nogues Gazquez]

Helow everybody. I'm a newbie in openHab. Iss fantastic for

my project, an IoT Arduino Ethercard ENC28j60 home automations controller

for a room, with 4 relay outputs for power at 230v, 4 digital inputs for wall

pushbuttons, 2 pwm outputs, 1 analog input, temperature and humidity

measure. All coordinated by openHab. In few weeks I publish all the work.

But for 3 days and a lot of hors, I try to setup the XMPP binding 

and now I'm fustrated,it don't work!. I try it with OH 1.6.1 and 1.6.2, 

and with differents jabber providers (jabber.de, jabber.hot-chilli.net, 

suchat.org, and others). I follow all the indications on the binding

website. Somebdy has it working fine? What is the stupid thing then

I forget?

Thanks in advance.

Jaume Nogues

Rambla Prim Tech School

Barcelona

[Thomas Eichstädt-Engelen]

Hi Jaume,

could you please provide some more information?

Please send the relevant parts of your openhab.cfg and the openhab.log after starting openHAB with start_debug.xxx.

Thanks,

Thomas E.-E.

--
You received this message because you are subscribed to the Google Groups "openhab" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openhab+u...@googlegroups.com.
To post to this group, send email to ope...@googlegroups.com.
Visit this group at http://groups.google.com/group/openhab.
To view this discussion on the web visit https://groups.google.com/d/msgid/openhab/be81302e-df89-42b4-af12-058ade0ee417%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jaume Nogues Gazquez]

Hi Thomas. My config is:

openhab.cfg
xmpp:servername=jabber.de
xmpp:username=jnogues@jabber.de
xmpp:password=xxxxx
xmpp:consoleusers=jnogues@jabber.de

In a rule "actualitza estats" I fire this command:

sendXMPP("jno...@suchat.org", "kkk")

And the error is:

 2015-02-06 15:56:46.799 [WARN ] [esoftware.smack.XMPPConnection] - Connection closed with error
java.lang.IllegalStateException: TLS required by server but not allowed by connection configuration
    at org.jivesoftware.smack.tcp.XMPPTCPConnection.startTLSReceived(XMPPTCPConnection.java:561) [smack-tcp-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.tcp.PacketReader.parseFeatures(PacketReader.java:363) [smack-tcp-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.tcp.PacketReader.parsePackets(PacketReader.java:229) [smack-tcp-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.tcp.PacketReader.access$000(PacketReader.java:47) [smack-tcp-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.tcp.PacketReader$1.run(PacketReader.java:81) [smack-tcp-4.0.6.jar:4.0.6]
2015-02-06 15:56:46.803 [ERROR] [tion.xmpp.internal.XMPPConnect] - Could not establish connection to XMPP server 'jabber.de:5222': No non-anonymous SASL authentication mechanism available
2015-02-06 15:56:46.803 [WARN ] [nhab.action.xmpp.internal.XMPP] - Could not send XMPP message as connection is not correctly initialized


Regards,
Jaume

[DmitryV]

Hello everybody,
I have similar problem, cannot get connection to any XMPP server. In my trace file is only the following:

19:42:26.826 [DEBUG] [.a.xmpp.internal.XMPPActivator:34   ] - XMPP action has been started.

and no other mention of XMPP
Config file is as following:

xmpp:servername=jabber.de

# The XMPP Proxyserver to use, e.g. "gmail.com"
xmpp:proxy=proxy.jabber.de

# the server port to use (optional, defaults to 5222)
#xmpp:port=5222

# the username and password for the sending XMPP account
xmpp:username=s*****x
xmpp:password=********

It seems that Openhab is not trying to establish connection. Does anyone has any idea, what could be missing?

[Jaume Nogues Gazquez]

Hi Dimitry. I follow trying to make work xmpp, but I'm frustrated.
If the others users has no problems, I think this is a config problem,
but I read a lot of pages and I can't see the solution.
I wait a response of a user with xmpp working well than want
to share this configuration.

Regards,

Jaume Nogues

[Thomas Eichstädt-Engelen]

Hi,

i’ll have a look at this tomorrow … XMPP should work.

Best, Thomas E.-E.

--
You received this message because you are subscribed to the Google Groups "openhab" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openhab+u...@googlegroups.com.
To post to this group, send email to ope...@googlegroups.com.
Visit this group at http://groups.google.com/group/openhab.

To view this discussion on the web visit https://groups.google.com/d/msgid/openhab/cb240c6f-901c-45e5-9a3b-545fbcc09f35%40googlegroups.com.

[DmitryV]

Dear Jaume,

Most likely XMPP server requires encryption in your case, but your Openhab is connecting without security. Probably, you shell try to search for the following parameters in your configuration

# The Security mode used for the XMPP connection. Can be either 'required', 'enabled'
# or 'disabled'. Defaults to 'disabled', which means that TLS will not be used.
# Warning: If you change this to non-disabled, then you must make sure that your
# TLS server certificate can be validated, otherwhise the connection will fail.
#xmpp:securitymode=disabled
# The TLS Pin used to verify the XMPP service's certificate. Set this in case openhab's
# default SSLContext is unable to verfiy it (e.g. because the XMPP service uses a self-signed
# certificate). The PIN value is bascially the hash of the certificate in hex.
# Make sure to set 'xmpp:securitymode' to 'required' for maximum security when using TLS.
# For information on how to generate the PIN visit https://github.com/Flowdalic/java-pinning
#xmpp:tlspin=SHA256:e3b1812d945da1a2a2c5fa28029d2fe34c7c4142fb098f5cfedff1ff20e98781

I hope it will help you.

Dmitry.

On Friday, February 6, 2015 at 8:16:33 AM UTC+1, Jaume Nogues Gazquez wrote:

Hi Thomas. My config is:

openhab.cfg
xmpp:servername=jabber.de

xmpp:username=jno...@jabber.de
xmpp:password=xxxxx
xmpp:consoleusers=jno...@jabber.de

[Jaume Nogues Gazquez]

Really, it is a problem with security, but my skills aren't enough for configure the tlspin.
I abandon this way and I try it with a php script with the really easy xmpphp library.
I will do a send.php script called by executeCommandLine().
Is a dirty solution but  I don’t have some other idea :-( .

Thanks to all for your help.

Jaume Nogues
VH Tech School
Barcelona  

[DmitryV]

Hello everybody,

Nevertheless, problem still exists, does anybody has any idea?

[Florian Schmaus]

On Monday, February 9, 2015 at 11:12:06 AM UTC+1, Jaume Nogues Gazquez wrote:

Really, it is a problem with security, but my skills aren't enough for configure the tlspin.

You could use xmpp.net to determine the fingerprint of the certificate. Or you could connect with an XMPP client that displays you the certificate information.

For example considering jabber.de you could got to https://xmpp.net/result.php?domain=jabber.de&type=client
then select SHA256 hash of the first certificate, which yields


3F:E2:53:0A:A6:AB:8E:AB:29:E2:5F:B1:FD:1A:6B:EF:2F:D4:87:98:1B:C7:38:B2:5A:3C:EA:80:83:AF:10:AF

then lowercase and remove the semicolons, e.g. using bash

echo "3F:E2:53:0A:A6:AB:8E:AB:29:E2:5F:B1:FD:1A:6B:EF:2F:D4:87:98:1B:C7:38:B2:5A:3C:EA:80:83:AF:10:AF" | tr '[:upper:]' '[:lower:]' | tr -d :

 and you have the CERTSHA256 value

xmpp:tlspin=CERTSHA256:3fe2530aa6ab8eab29e25fb1fd1a6bef2fd487981bc738b25a3

I realize that this is not the easiest process. I think it's possible to make the tools/pin.py script XMPP aware, so that it will resolve SRV records and start the XMPP stream up to the 'starttls' point.

Another alternative would be using a service that does not require encryption.

[Florian Schmaus]

On Saturday, February 7, 2015 at 8:20:54 PM UTC+1, DmitryV wrote:

Hello everybody,
I have similar problem, cannot get connection to any XMPP server. In my trace file is only the following:

19:42:26.826 [DEBUG] [.a.xmpp.internal.XMPPActivator:34   ] - XMPP action has been started.

and no other mention of XMPP
Config file is as following:

xmpp:servername=jabber.de

# The XMPP Proxyserver to use, e.g. "gmail.com"
xmpp:proxy=proxy.jabber.de

# the server port to use (optional, defaults to 5222)
#xmpp:port=5222

# the username and password for the sending XMPP account
xmpp:username=s*****x
xmpp:password=********

Do you really need to use a proxy server? If not, try without. 

[Jaume Nogues Gazquez]

Hi Florian. Thanks for your help. I try your method and I recived the next error

 [WARN ] [esoftware.smack.sasl.SASLError] - Could not transform string 'text' to SASLError
java.lang.IllegalArgumentException: No enum constant org.jivesoftware.smack.sasl.SASLError.text
    at java.lang.Enum.valueOf(Enum.java:238) ~[na:1.8.0_31]
    at org.jivesoftware.smack.sasl.SASLError.valueOf(SASLError.java:22) ~[smack-core-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.sasl.SASLError.fromString(SASLError.java:46) ~[smack-core-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.sasl.SASLMechanism$SASLFailure.<init>(SASLMechanism.java:357) [smack-core-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.util.PacketParserUtils.parseSASLFailure(PacketParserUtils.java:720) [smack-core-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.tcp.PacketReader.parsePackets(PacketReader.java:253) [smack-tcp-4.0.6.jar:4.0.6]

    at org.jivesoftware.smack.tcp.PacketReader.access$000(PacketReader.java:47) [smack-tcp-4.0.6.jar:4.0.6]
    at org.jivesoftware.smack.tcp.PacketReader$1.run(PacketReader.java:81) [smack-tcp-4.0.6.jar:4.0.6]

2015-02-11 20:54:15.967 [ERROR] [tion.xmpp.internal.XMPPConnect] - Could not establish connection to XMPP server 'jabber.de:5222': SASLError using PLAIN: text
2015-02-11 20:54:15.967 [WARN ] [nhab.action.xmpp.internal.XMPP] - Could not send XMPP message as connection is not correctly initialized!

I try it with others xmpp providers and there is the same error.
Is there a xmpp provaider without the need of tlspin?

Regards,

Jaume

[DmitryV]

Hi, Florian, with or without proxy server in the configuration file, result is the same as I showed previously in trace file and there is no XMPP connection. Is there a way to get more detailed traces?

 

 

[Florian Schmaus]

The good news is that, if TLS is used, then the (XMPP) client accepted the server certificate. So it appears the cert was successfully pinned.

The "Could not transform string" IAE is a known bug in Smack 4.0, but it's not really a big deal since we see that there is a SASLError. This usually means that the username or password is wrong.

BTW Future java-pinning versions will have improved support regarding the accepted PIN syntax, so you can for example just take the cert SHA-256 hash from xmpp.net and add it as "CERTSHA256:" + <string>.

[Florian Schmaus]

I think so, see https://github.com/openhab/openhab/blob/master/distribution/openhabhome/configurations/logback_debug.xml for examples on how to increase the log verbosity for an openhab component.

[Jaume Nogues Gazquez]

Well. Now is working!! Thanks for your help.
Here is my config for others, with jabber.de

openhab.cfg
########################## XMPP Action configuration ##################################
xmpp:servername=jabber.de
xmpp:securitymode=enabled
xmpp:tlspin=CERTSHA256:3fe2530aa6ab8eab29e25fb1fd1a6bef2fd487981bc738b25a3cea8083af10af
xmpp:username=myuser  #alert!! without @jabber.de
xmpp:password=xxxxx
xmpp:consoleusers=anoth...@another.de #alert!! different user for console
#*********************************************************

Thats all folk!!

Jaume Nogues
Rambla Prim Tech School
Barcelona

El dijous, 5 febrer de 2015 5:12:44 UTC+1, Jaume Nogues Gazquez va escriure:

[Florian Schmaus]

Please use

xmpp:securitymode=required

to ensure the security of your connection. Otherwise an attacker could MITM you and perform an downgrade attack to an unencrypted connection.

On Friday, February 13, 2015 at 4:11:08 PM UTC+1, Jaume Nogues Gazquez wrote:

Well. Now is working!! Thanks for your help.
Here is my config for others, with jabber.de

openhab.cfg
########################## XMPP Action configuration ##################################
xmpp:servername=jabber.de
xmpp:securitymode=enabled
xmpp:tlspin=CERTSHA256:3fe2530aa6ab8eab29e25fb1fd1a6bef2fd487981bc738b25a3cea8083af10af
xmpp:username=myuser  #alert!! without @jabber.de
xmpp:password=xxxxx

xmpp:consoleusers=myu...@jabber.de
#*********************************************************

Thats all folk!!

Jaume Nogues
Rambla Prim Tech School
Barcelona

El dijous, 5 febrer de 2015 5:12:44 UTC+1, Jaume Nogues Gazquez va escriure:

Helow everybody. I'm a newbie in openHab. Iss fantastic for

[DmitryV]

Well, I have added

    <logger name="org.openhab.action.xmpp" level="DEBUG" />

row in the logback files and still have only

2015-02-13 22:02:11.323 [DEBUG] [.a.xmpp.internal.XMPPActivator] - XMPP action has been started.

row in my log files, but there is no connection to xmpp server. What else could be checked?

[DmitryV]

Hello everybody,

Just in case if someone meets similar situation, upgrade to the version 1.6.2 solved the problem.

[jgeisler0303]

That is interesting, in my org.openhab.action.xmpp-1.6.2.jar from the distribution-1.6.2-addons.zip, the java-pinning-jar-1.0.0.jar is missing. So using a secure connection couldn't work.
Now I have a fresh 1.7.0 jar compiled from source an everything work.