/** * $RCSfile$ * $Revision: $ * $Date: $ * * Copyright 2003-2004 Jive Software. * * All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.jivesoftware.smack; import org.jivesoftware.smack.filter.PacketIDFilter; import org.jivesoftware.smack.packet.Bind; import org.jivesoftware.smack.packet.IQ; import org.jivesoftware.smack.packet.Session; import org.jivesoftware.smack.sasl.SASLAnonymous; import org.jivesoftware.smack.sasl.SASLMechanism; import org.jivesoftware.smack.sasl.SASLPlainMechanism; import java.io.IOException; import java.lang.reflect.Constructor; import java.util.*; /** * This class is responsible authenticating the user using SASL, binding the resource * to the connection and establishing a session with the server.
* * Once TLS has been negotiated (i.e. the connection has been secured) it is possible to * register with the server, authenticate using Non-SASL or authenticate using SASL. If the * server supports SASL then Smack will first try to authenticate using SASL. But if that * fails then Non-SASL will be tried.
* * The server may support many SASL mechanisms to use for authenticating. Out of the box * Smack provides SASL PLAIN but it is possible to register new SASL Mechanisms. Use * {@link #registerSASLMechanism(int, String, Class)} to add new mechanisms. See * {@link SASLMechanism}.
* * Once the user has been authenticated with SASL, it is necessary to bind a resource for * the connection. If no resource is passed in {@link #authenticate(String, String, String)} * then the server will assign a resource for the connection. In case a resource is passed * then the server will receive the desired resource but may assign a modified resource for * the connection.
* * Once a resource has been binded and if the server supports sessions then Smack will establish * a session so that instant messaging and presence functionalities may be used. * * @author Gaston Dombiak */ public class SASLAuthentication implements UserAuthentication { private static Map implementedMechanisms = new HashMap(); private static List mechanismsPreferences = new ArrayList(); private XMPPConnection connection; private Collection serverMechanisms = new ArrayList(); private SASLMechanism currentMechanism = null; /** * Boolean indicating if SASL negotiation has finished and was successful. */ private boolean saslNegotiated = false; /** * Boolean indication if SASL authentication has failed. When failed the server may end * the connection. */ private boolean saslFailed = false; private boolean resourceBinded = false; private boolean sessionSupported = false; static { // Register SASL mechanisms supported by Smack registerSASLMechanism(0, "PLAIN", SASLPlainMechanism.class); } /** * Registers a new SASL mechanism in the specified preference position. The client will try * to authenticate using the most prefered SASL mechanism that is also supported by the server. *
* * Use the index parameter to set the level of preference of the new SASL mechanism. * A value of 0 means that the mechanism is the most prefered one. * * @param index preference position amongst all the implemented SASL mechanism. Starts with 0. * @param name common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or KERBEROS_V4. * @param mClass a SASLMechanism subclass. */ public static void registerSASLMechanism(int index, String name, Class mClass) { implementedMechanisms.put(name, mClass); mechanismsPreferences.add(index, name); } /** * Unregisters an existing SASL mechanism. Once the mechanism has been unregistered it won't * be possible to authenticate users using the removed SASL mechanism. * * @param name common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or KERBEROS_V4. */ public static void unregisterSASLMechanism(String name) { implementedMechanisms.remove(name); mechanismsPreferences.remove(name); } /** * Returns the registerd SASLMechanism classes sorted by the level of preference. * * @return the registerd SASLMechanism classes sorted by the level of preference. */ public static List getRegisterSASLMechanisms() { List answer = new ArrayList(); for (Iterator it = mechanismsPreferences.iterator(); it.hasNext();) { answer.add(implementedMechanisms.get(it.next())); } return answer; } SASLAuthentication(XMPPConnection connection) { super(); this.connection = connection; } /** * Returns true if the server offered ANONYMOUS SASL as a way to authenticate users. * * @return true if the server offered ANONYMOUS SASL as a way to authenticate users. */ public boolean hasAnonymousAuthentication() { return serverMechanisms.contains("ANONYMOUS"); } /** * Returns true if the server offered SASL authentication besides ANONYMOUS SASL. * * @return true if the server offered SASL authentication besides ANONYMOUS SASL. */ public boolean hasNonAnonymousAuthentication() { if (!serverMechanisms.isEmpty()) { // Check that anonymous sasl is not the only supported mechanism if (serverMechanisms.size() == 1) { return !hasAnonymousAuthentication(); } return true; } return false; } /** * Performs SASL authentication of the specified user. If SASL authentication was successful * then resource binding and session establishment will be performed. This method will return * the full JID provided by the server while binding a resource to the connection.
*
* The server may assign a full JID with a username or resource different than the requested
* by this method.
*
* @param username the username that is authenticating with the server.
* @param password the password to send to the server.
* @param resource the desired resource.
* @return the full JID provided by the server while binding a resource to the connection.
* @throws XMPPException if an error occures while authenticating.
*/
public String authenticate(String username, String password, String resource)
throws XMPPException {
// Locate the SASLMechanism to use
Class selected = null;
for (Iterator it = mechanismsPreferences.iterator(); it.hasNext();) {
String mechanism = (String) it.next();
if (implementedMechanisms.containsKey(mechanism) &&
serverMechanisms.contains(mechanism)) {
selected = (Class) implementedMechanisms.get(mechanism);
break;
}
}
if (selected != null) {
// A SASL mechanism was found. Authenticate using the selected mechanism and then
// proceed to bind a resource
try {
Constructor constructor = selected
.getConstructor(new Class[]{SASLAuthentication.class});
currentMechanism = (SASLMechanism) constructor.newInstance(new Object[]{this});
// Trigger SASL authentication with the selected mechanism
currentMechanism.authenticate(username, connection.getServiceName(), password);
// Wait until SASL negotiation finishes
synchronized (this) {
if (!saslNegotiated && !saslFailed) {
try {
wait(30000);
} catch (InterruptedException e) {
}
}
}
if (saslFailed) {
// SASL authentication failed and the server may have closed the connection
// so throw an exception
throw new XMPPException("SASL authentication failed");
}
if (saslNegotiated) {
// We now need to bind a resource for the connection
// Open a new stream and wait for the response
connection.packetWriter.openStream();
// Wait until server sends response containing the
*
* The server will assign a full JID with a randomly generated resource and possibly with
* no username.
*
* @return the full JID provided by the server while binding a resource to the connection.
* @throws XMPPException if an error occures while authenticating.
*/
public String authenticateAnonymously() throws XMPPException {
try {
currentMechanism = new SASLAnonymous(this);
currentMechanism.authenticate(null, null, null);
// Wait until SASL negotiation finishes
synchronized (this) {
if (!saslNegotiated && !saslFailed) {
try {
wait(5000);
} catch (InterruptedException e) {
}
}
}
if (saslFailed) {
// SASL authentication failed and the server may have closed the connection
// so throw an exception
throw new XMPPException("SASL authentication failed");
}
if (saslNegotiated) {
// Bind a resource for this connection and
return bindResourceAndEstablishSession(null);
}
else {
return new NonSASLAuthentication(connection).authenticateAnonymously();
}
} catch (IOException e) {
return new NonSASLAuthentication(connection).authenticateAnonymously();
}
}
private String bindResourceAndEstablishSession(String resource) throws IOException,
XMPPException {
// We now need to bind a resource for the connection
// Open a new stream and wait for the response
connection.packetWriter.openStream();
// Wait until server sends response containing the