/** * $RCSfile$ * $Revision: $ * $Date: $ * * Copyright 2003-2004 Jive Software. * * All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.jivesoftware.smack; import org.jivesoftware.smack.filter.PacketIDFilter; import org.jivesoftware.smack.packet.Bind; import org.jivesoftware.smack.packet.IQ; import org.jivesoftware.smack.packet.Session; import org.jivesoftware.smack.sasl.SASLAnonymous; import org.jivesoftware.smack.sasl.SASLMechanism; import org.jivesoftware.smack.sasl.SASLPlainMechanism; import java.io.IOException; import java.lang.reflect.Constructor; import java.util.*; /** * This class is responsible authenticating the user using SASL, binding the resource * to the connection and establishing a session with the server.
* * Once TLS has been negotiated (i.e. the connection has been secured) it is possible to * register with the server, authenticate using Non-SASL or authenticate using SASL. If the * server supports SASL then Smack will first try to authenticate using SASL. But if that * fails then Non-SASL will be tried.
* * The server may support many SASL mechanisms to use for authenticating. Out of the box * Smack provides SASL PLAIN but it is possible to register new SASL Mechanisms. Use * {@link #registerSASLMechanism(int, String, Class)} to add new mechanisms. See * {@link SASLMechanism}.
* * Once the user has been authenticated with SASL, it is necessary to bind a resource for * the connection. If no resource is passed in {@link #authenticate(String, String, String)} * then the server will assign a resource for the connection. In case a resource is passed * then the server will receive the desired resource but may assign a modified resource for * the connection.
* * Once a resource has been binded and if the server supports sessions then Smack will establish * a session so that instant messaging and presence functionalities may be used. * * @author Gaston Dombiak */ public class SASLAuthentication implements UserAuthentication { private static Map implementedMechanisms = new HashMap(); private static List mechanismsPreferences = new ArrayList(); private XMPPConnection connection; private Collection serverMechanisms = new ArrayList(); private SASLMechanism currentMechanism = null; /** * Boolean indicating if SASL negotiation has finished and was successful. */ private boolean saslNegotiated = false; /** * Boolean indication if SASL authentication has failed. When failed the server may end * the connection. */ private boolean saslFailed = false; private boolean resourceBinded = false; private boolean sessionSupported = false; static { // Register SASL mechanisms supported by Smack registerSASLMechanism(0, "PLAIN", SASLPlainMechanism.class); } /** * Registers a new SASL mechanism in the specified preference position. The client will try * to authenticate using the most prefered SASL mechanism that is also supported by the server. *
* * Use the index parameter to set the level of preference of the new SASL mechanism. * A value of 0 means that the mechanism is the most prefered one. * * @param index preference position amongst all the implemented SASL mechanism. Starts with 0. * @param name common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or KERBEROS_V4. * @param mClass a SASLMechanism subclass. */ public static void registerSASLMechanism(int index, String name, Class mClass) { implementedMechanisms.put(name, mClass); mechanismsPreferences.add(index, name); } /** * Unregisters an existing SASL mechanism. Once the mechanism has been unregistered it won't * be possible to authenticate users using the removed SASL mechanism. * * @param name common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or KERBEROS_V4. */ public static void unregisterSASLMechanism(String name) { implementedMechanisms.remove(name); mechanismsPreferences.remove(name); } /** * Returns the registerd SASLMechanism classes sorted by the level of preference. * * @return the registerd SASLMechanism classes sorted by the level of preference. */ public static List getRegisterSASLMechanisms() { List answer = new ArrayList(); for (Iterator it = mechanismsPreferences.iterator(); it.hasNext();) { answer.add(implementedMechanisms.get(it.next())); } return answer; } SASLAuthentication(XMPPConnection connection) { super(); this.connection = connection; } /** * Returns true if the server offered ANONYMOUS SASL as a way to authenticate users. * * @return true if the server offered ANONYMOUS SASL as a way to authenticate users. */ public boolean hasAnonymousAuthentication() { return serverMechanisms.contains("ANONYMOUS"); } /** * Returns true if the server offered SASL authentication besides ANONYMOUS SASL. * * @return true if the server offered SASL authentication besides ANONYMOUS SASL. */ public boolean hasNonAnonymousAuthentication() { if (!serverMechanisms.isEmpty()) { // Check that anonymous sasl is not the only supported mechanism if (serverMechanisms.size() == 1) { return !hasAnonymousAuthentication(); } return true; } return false; } /** * Performs SASL authentication of the specified user. If SASL authentication was successful * then resource binding and session establishment will be performed. This method will return * the full JID provided by the server while binding a resource to the connection.* * The server may assign a full JID with a username or resource different than the requested * by this method. * * @param username the username that is authenticating with the server. * @param password the password to send to the server. * @param resource the desired resource. * @return the full JID provided by the server while binding a resource to the connection. * @throws XMPPException if an error occures while authenticating. */ public String authenticate(String username, String password, String resource) throws XMPPException { // Locate the SASLMechanism to use Class selected = null; for (Iterator it = mechanismsPreferences.iterator(); it.hasNext();) { String mechanism = (String) it.next(); if (implementedMechanisms.containsKey(mechanism) && serverMechanisms.contains(mechanism)) { selected = (Class) implementedMechanisms.get(mechanism); break; } } if (selected != null) { // A SASL mechanism was found. Authenticate using the selected mechanism and then // proceed to bind a resource try { Constructor constructor = selected .getConstructor(new Class[]{SASLAuthentication.class}); currentMechanism = (SASLMechanism) constructor.newInstance(new Object[]{this}); // Trigger SASL authentication with the selected mechanism currentMechanism.authenticate(username, connection.getServiceName(), password); // Wait until SASL negotiation finishes synchronized (this) { if (!saslNegotiated && !saslFailed) { try { wait(30000); } catch (InterruptedException e) { } } } if (saslFailed) { // SASL authentication failed and the server may have closed the connection // so throw an exception throw new XMPPException("SASL authentication failed"); } if (saslNegotiated) { // Bind a resource for this connection and return bindResourceAndEstablishSession(resource); } else { // SASL authentication failed so try a Non-SASL authentication return new NonSASLAuthentication(connection) .authenticate(username, password, resource); } } catch (XMPPException e) { throw e; } catch (Exception e) { e.printStackTrace(); // SASL authentication failed so try a Non-SASL authentication return new NonSASLAuthentication(connection) .authenticate(username, password, resource); } } else { // No SASL method was found so try a Non-SASL authentication return new NonSASLAuthentication(connection).authenticate(username, password, resource); } } /** * Performs ANONYMOUS SASL authentication. If SASL authentication was successful * then resource binding and session establishment will be performed. This method will return * the full JID provided by the server while binding a resource to the connection.
*
* The server will assign a full JID with a randomly generated resource and possibly with
* no username.
*
* @return the full JID provided by the server while binding a resource to the connection.
* @throws XMPPException if an error occures while authenticating.
*/
public String authenticateAnonymously() throws XMPPException {
try {
currentMechanism = new SASLAnonymous(this);
currentMechanism.authenticate(null, null, null);
// Wait until SASL negotiation finishes
synchronized (this) {
if (!saslNegotiated && !saslFailed) {
try {
wait(5000);
} catch (InterruptedException e) {
}
}
}
if (saslFailed) {
// SASL authentication failed and the server may have closed the connection
// so throw an exception
throw new XMPPException("SASL authentication failed");
}
if (saslNegotiated) {
// Bind a resource for this connection and
return bindResourceAndEstablishSession(null);
}
else {
return new NonSASLAuthentication(connection).authenticateAnonymously();
}
} catch (IOException e) {
return new NonSASLAuthentication(connection).authenticateAnonymously();
}
}
private String bindResourceAndEstablishSession(String resource) throws IOException,
XMPPException {
// We now need to bind a resource for the connection
// Open a new stream and wait for the response
connection.packetWriter.openStream();
// Wait until server sends response containing the