Recently the DoD converted from using DCO to using DCS for collaboration and chat services. While both still support XMPP chat, DCS now requires PKI authentication. Because of the way the certificates are generated, more than one certificate in a user’s keystore match the server’s requirements; however, only one actually works…
The “preferred” client for DCS is … terrible at best… so I spent some time getting Spark to work with DCS. I had to make a number of modifications to (a) add a “Windows Certificate Store” option to the PKI store type list, and (b) make minor modifications to the legacy smack library being used by Spark [I needed a certificate selection callback]. I now have Spark working “cleanly” with DCS (with minimal configuration required by users), but I wanted to offer the changes/suggestions to the community for addition to Spark.
Is there any interest in getting into further details?
You can always post this as a document with detailed instructions and attach your custom files or libraries.
As about addition to the official Spark. Spark is open for additional features as long as they don’t break current ones. I don’t know much about these DCO and DCS. But does your modification make it only work with DCS, or is there an option to still use DCO? Another thing is “minor modification to legacy smack”. I don’t really want to add custom Smack modifications to Spark code. Even if Spark is still using older Smack version. But if in the future Smack is updated to the latest, will it break your modification and require to modify Smack again?
Can you post how you or what you had to change on spark/OF to get DCS working? You are correct the existing transverse client is abysmal and the SWIFT client, although works, is buggy and resource intensive we have found. Thanks
The modifications I made were “hackish” but ultimately resulted in a pleasant experience for non-technical users. I didn’t like having to ask that audience to deal with creating a keystore loaded with DOD root certificates for the trust store, and pointing the keystore to the actice client dll… (that works, but its just too much for the average user).
I essentially added another option to the dropdown list on the PKI tab in the settings. I called the setting “Windows Certificate Store”. Then, I modified the legacy smack library that Spark uses, and when it is performing the authentication and does a switch based on the PKI Store Type, I used the “Windows-My” and “Windows-ROOT” keystore providers. I additionally had to create a special handler for the SSL connection such that when a certificate is requested, if more than 1 is available, I raise a callback for a certificate selection to be made, and I handle this back in Spark. In Spark, it’s handled with a simple dialog that lists the certificates available.
I’ll post the code snippets as soon as I get a chance! The overall approach was quick and hackish, but I just wanted it to work for now… I just couldn’t handle any more minutes with Transverse…
Again, I’ll post the code snippets in the next day or so.
OK, I’ve created a plugin, and it seems to be working. Want to give it a shot, @Andy ?
I’ve attached the compiled plugin, along with the source. The approach I took this time is MUCH simpler. A simple spark plugin that adds a custom SSLContext to the XMPPConnection configuration when the LoginDialog derives it. That way I didn’t have to modify the baseline of Spark at all. Drop the plugin into your plugins directory that that’s all you need to do. Ensure that your username and servername are set. Select the arrow to the right of the password field and select “Client Certificate”. Your password field should then convert to a certificate selection box. Select your cert and login. The PKI settings in the preferences are not used either, so whatever you set them to will be ignored (in other words, all you need is the username/server/plugin and you’re ready to roll w/ DCS).
Let me know how it goes!
** Updated with a newer version of the plugin. Confirmed that it works with 2.7.2 ** spark-windows-pki.jar (42288 Bytes)
Been looking for something like this for months! Transverse and DCS both are a huge step backwards from what DCO provided. Is the source available for this plugin? You said that you uploaded it but only the compiled plugin is attached. If you could provide the source, I would appreciate it.