vanitasvitae
/
Smack
mirror of https://github.com/vanitasvitae/Smack.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove non-SASL authentication code (SMACK-446)

This commit is contained in:
Florian Schmaus 2014-02-26 21:57:42 +01:00
parent 3a4e6c6d39
commit 790343867a
8 changed files with 18 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bosh/src/main/java/org/jivesoftware/smack/BOSHConfiguration.java
View File

@ -37,14 +37,12 @@ public class BOSHConfiguration extends ConnectionConfiguration {
public BOSHConfiguration(String xmppDomain) {
super(xmppDomain, 7070);
setSASLAuthenticationEnabled(true);
ssl = false;
file = "/http-bind/";
}
public BOSHConfiguration(String xmppDomain, int port) {
super(xmppDomain, port);
setSASLAuthenticationEnabled(true);
ssl = false;
file = "/http-bind/";
}
@ -65,7 +63,6 @@ public class BOSHConfiguration extends ConnectionConfiguration {
*/
public BOSHConfiguration(boolean https, String host, int port, String filePath, String xmppDomain) {
super(host, port, xmppDomain);
setSASLAuthenticationEnabled(true);
ssl = https;
file = (filePath != null ? filePath : "/");
}
@ -87,7 +84,6 @@ public class BOSHConfiguration extends ConnectionConfiguration {
*/
public BOSHConfiguration(boolean https, String host, int port, String filePath, ProxyInfo proxy, String xmppDomain) {
super(host, port, xmppDomain, proxy);
setSASLAuthenticationEnabled(true);
ssl = https;
file = (filePath != null ? filePath : "/");
}

11
bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java
View File

@ -308,8 +308,7 @@ public class BOSHConnection extends Connection {
username = username.toLowerCase().trim();
String response;
if (config.isSASLAuthenticationEnabled()
&& saslAuthentication.hasNonAnonymousAuthentication()) {
if (saslAuthentication.hasNonAnonymousAuthentication()) {
// Authenticate using SASL
if (password != null) {
response = saslAuthentication.authenticate(username, password, resource);
@ -317,8 +316,7 @@ public class BOSHConnection extends Connection {
response = saslAuthentication.authenticate(username, resource, config.getCallbackHandler());
}
} else {
// Authenticate using Non-SASL
response = new NonSASLAuthentication(this).authenticate(username, password, resource);
throw new XMPPException("No non-anonymous SASL authentication mechanism available");
}
// Set the user.
@ -370,13 +368,12 @@ public class BOSHConnection extends Connection {
}
String response;
if (config.isSASLAuthenticationEnabled() &&
saslAuthentication.hasAnonymousAuthentication()) {
if (saslAuthentication.hasAnonymousAuthentication()) {
response = saslAuthentication.authenticateAnonymously();
}
else {
// Authenticate using Non-SASL
response = new NonSASLAuthentication(this).authenticateAnonymously();
throw new XMPPException("No anonymous SASL authentication mechanism available");
}
// Set the user value.

25
core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java
View File

@ -58,7 +58,6 @@ public class ConnectionConfiguration implements Cloneable {
private boolean compressionEnabled = false;
private boolean saslAuthenticationEnabled = true;
/**
* Used to get information from the user
*/
@ -367,30 +366,6 @@ public class ConnectionConfiguration implements Cloneable {
this.compressionEnabled = compressionEnabled;
}
/**
* Returns true if the client is going to use SASL authentication when logging into the
* server. If SASL authenticatin fails then the client will try to use non-sasl authentication.
* By default SASL is enabled.
*
* @return true if the client is going to use SASL authentication when logging into the
* server.
*/
public boolean isSASLAuthenticationEnabled() {
return saslAuthenticationEnabled;
}
/**
* Sets whether the client will use SASL authentication when logging into the
* server. If SASL authenticatin fails then the client will try to use non-sasl authentication.
* By default, SASL is enabled.
*
* @param saslAuthenticationEnabled if the client is going to use SASL authentication when
* logging into the server.
*/
public void setSASLAuthenticationEnabled(boolean saslAuthenticationEnabled) {
this.saslAuthenticationEnabled = saslAuthenticationEnabled;
}
/**
* Returns true if the new connection about to be establish is going to be debugged. By
* default the value of {@link Connection#DEBUG_ENABLED} is used.

102
core/src/main/java/org/jivesoftware/smack/NonSASLAuthentication.java
View File

@ -1,102 +0,0 @@
/**
*
* Copyright 2003-2007 Jive Software.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack;
import org.jivesoftware.smack.packet.Authentication;
import org.jivesoftware.smack.packet.IQ;
import org.jivesoftware.smack.packet.Packet;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.Callback;
/**
* Implementation of JEP-0078: Non-SASL Authentication. Follow the following
* <a href=http://www.jabber.org/jeps/jep-0078.html>link</a> to obtain more
* information about the JEP.
*
* @author Gaston Dombiak
*/
class NonSASLAuthentication implements UserAuthentication {
private Connection connection;
public NonSASLAuthentication(Connection connection) {
super();
this.connection = connection;
}
public String authenticate(String username, String resource, CallbackHandler cbh) throws XMPPException {
//Use the callback handler to determine the password, and continue on.
PasswordCallback pcb = new PasswordCallback("Password: ",false);
try {
cbh.handle(new Callback[]{pcb});
return authenticate(username, String.valueOf(pcb.getPassword()),resource);
} catch (Exception e) {
throw new XMPPException("Unable to determine password.",e);
}
}
public String authenticate(String username, String password, String resource) throws
XMPPException {
// If we send an authentication packet in "get" mode with just the username,
// the server will return the list of authentication protocols it supports.
Authentication discoveryAuth = new Authentication();
discoveryAuth.setType(IQ.Type.GET);
discoveryAuth.setUsername(username);
// Otherwise, no error so continue processing.
Authentication authTypes = (Authentication) connection.createPacketCollectorAndSend(
discoveryAuth).nextResultOrThrow();
// Now, create the authentication packet we'll send to the server.
Authentication auth = new Authentication();
auth.setUsername(username);
// Figure out if we should use digest or plain text authentication.
if (authTypes.getDigest() != null) {
auth.setDigest(connection.getConnectionID(), password);
}
else if (authTypes.getPassword() != null) {
auth.setPassword(password);
}
else {
throw new XMPPException("Server does not support compatible authentication mechanism.");
}
auth.setResource(resource);
Packet response = connection.createPacketCollectorAndSend(auth).nextResultOrThrow();
return response.getTo();
}
public String authenticateAnonymously() throws XMPPException {
// Create the authentication packet we'll send to the server.
Authentication auth = new Authentication();
Packet response = connection.createPacketCollectorAndSend(auth).nextResultOrThrow();
if (response.getTo() != null) {
return response.getTo();
}
else {
return connection.getServiceName() + "/" + ((Authentication) response).getResource();
}
}
}

46
core/src/main/java/org/jivesoftware/smack/OpenTrustManager.java
View File

@ -1,46 +0,0 @@
/**
*
* Copyright 2003-2007 Jive Software.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* Dummy trust manager that trust all certificates presented by the server. This class
* is used during old SSL connections.
*
* @author Gaston Dombiak
*/
class OpenTrustManager implements X509TrustManager {
public OpenTrustManager() {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
}

21
core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java
View File

@ -56,7 +56,7 @@ import java.util.*;
* @author Gaston Dombiak
* @author Jay Kline
*/
public class SASLAuthentication implements UserAuthentication {
public class SASLAuthentication {
private static Map<String, Class<? extends SASLMechanism>> implementedMechanisms = new HashMap<String, Class<? extends SASLMechanism>>();
private static List<String> mechanismsPreferences = new ArrayList<String>();
@ -348,24 +348,21 @@ public class SASLAuthentication implements UserAuthentication {
return bindResourceAndEstablishSession(resource);
}
else {
// SASL authentication failed so try a Non-SASL authentication
return new NonSASLAuthentication(connection)
.authenticate(username, password, resource);
// SASL authentication failed
throw new XMPPException("SASL authentication failed");
}
}
catch (XMPPException e) {
throw e;
}
catch (Exception e) {
e.printStackTrace();
// SASL authentication failed so try a Non-SASL authentication
return new NonSASLAuthentication(connection)
.authenticate(username, password, resource);
// SASL authentication failed
throw new XMPPException("SASL authentication failed", e);
}
}
else {
// No SASL method was found so try a Non-SASL authentication
return new NonSASLAuthentication(connection).authenticate(username, password, resource);
// No SASL method was found, throw an exception
throw new XMPPException("SASL authentication not supported by server");
}
}
@ -413,10 +410,10 @@ public class SASLAuthentication implements UserAuthentication {
return bindResourceAndEstablishSession(null);
}
else {
return new NonSASLAuthentication(connection).authenticateAnonymously();
throw new XMPPException("SASL authentication failed");
}
} catch (IOException e) {
return new NonSASLAuthentication(connection).authenticateAnonymously();
throw new XMPPException("IOException while anonymous SASL authentication", e);
}
}

76
core/src/main/java/org/jivesoftware/smack/UserAuthentication.java
View File

@ -1,76 +0,0 @@
/**
*
* Copyright 2003-2007 Jive Software.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack;
import javax.security.auth.callback.CallbackHandler;
/**
* There are two ways to authenticate a user with a server. Using SASL or Non-SASL
* authentication. This interface makes {@link SASLAuthentication} and
* {@link NonSASLAuthentication} polyphormic.
*
* @author Gaston Dombiak
* @author Jay Kline
*/
interface UserAuthentication {
/**
* Authenticates the user with the server. This method will return the full JID provided by
* the server. The server may assign a full JID with a username and resource different than
* requested by this method.
*
* Note that using callbacks is the prefered method of authenticating users since it allows
* more flexability in the mechanisms used.
*
* @param username the requested username (authorization ID) for authenticating to the server
* @param resource the requested resource.
* @param cbh the CallbackHandler used to obtain authentication ID, password, or other
* information
* @return the full JID provided by the server while binding a resource for the connection.
* @throws XMPPException if an error occurs while authenticating.
*/
String authenticate(String username, String resource, CallbackHandler cbh) throws
XMPPException;
/**
* Authenticates the user with the server. This method will return the full JID provided by
* the server. The server may assign a full JID with a username and resource different than
* the requested by this method.
*
* It is recommended that @{link #authenticate(String, String, CallbackHandler)} be used instead
* since it provides greater flexability in authenticaiton and authorization.
*
* @param username the username that is authenticating with the server.
* @param password the password to send to the server.
* @param resource the desired resource.
* @return the full JID provided by the server while binding a resource for the connection.
* @throws XMPPException if an error occures while authenticating.
*/
String authenticate(String username, String password, String resource) throws
XMPPException;
/**
* Performs an anonymous authentication with the server. The server will created a new full JID
* for this connection. An exception will be thrown if the server does not support anonymous
* authentication.
*
* @return the full JID provided by the server while binding a resource for the connection.
* @throws XMPPException if an error occures while authenticating.
*/
String authenticateAnonymously() throws XMPPException;
}

17
core/src/main/java/org/jivesoftware/smack/XMPPConnection.java
View File

@ -130,7 +130,6 @@ public class XMPPConnection extends Connection {
// Create the configuration for this new connection
super(new ConnectionConfiguration(serviceName));
config.setCompressionEnabled(false);
config.setSASLAuthenticationEnabled(true);
config.setDebuggerEnabled(DEBUG_ENABLED);
config.setCallbackHandler(callbackHandler);
}
@ -147,7 +146,6 @@ public class XMPPConnection extends Connection {
// Create the configuration for this new connection
super(new ConnectionConfiguration(serviceName));
config.setCompressionEnabled(false);
config.setSASLAuthenticationEnabled(true);
config.setDebuggerEnabled(DEBUG_ENABLED);
}
@ -232,8 +230,7 @@ public class XMPPConnection extends Connection {
username = username.toLowerCase().trim();
String response;
if (config.isSASLAuthenticationEnabled() &&
saslAuthentication.hasNonAnonymousAuthentication()) {
if (saslAuthentication.hasNonAnonymousAuthentication()) {
// Authenticate using SASL
if (password != null) {
response = saslAuthentication.authenticate(username, password, resource);
@ -242,10 +239,8 @@ public class XMPPConnection extends Connection {
response = saslAuthentication
.authenticate(username, resource, config.getCallbackHandler());
}
}
else {
// Authenticate using Non-SASL
response = new NonSASLAuthentication(this).authenticate(username, password, resource);
} else {
throw new XMPPException("No non-anonymous SASL authentication mechanism available");
}
// Set the user.
@ -305,13 +300,11 @@ public class XMPPConnection extends Connection {
}
String response;
if (config.isSASLAuthenticationEnabled() &&
saslAuthentication.hasAnonymousAuthentication()) {
if (saslAuthentication.hasAnonymousAuthentication()) {
response = saslAuthentication.authenticateAnonymously();
}
else {
// Authenticate using Non-SASL
response = new NonSASLAuthentication(this).authenticateAnonymously();
throw new XMPPException("No anonymous SASL authentication mechanism available");
}
// Set the user value.