From 790343867a5fe62e5b1e8edc42b1e73a2b55593c Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Wed, 26 Feb 2014 21:57:42 +0100 Subject: [PATCH] Remove non-SASL authentication code (SMACK-446) --- .../jivesoftware/smack/BOSHConfiguration.java | 4 - .../jivesoftware/smack/BOSHConnection.java | 11 +- .../smack/ConnectionConfiguration.java | 25 ----- .../smack/NonSASLAuthentication.java | 102 ------------------ .../jivesoftware/smack/OpenTrustManager.java | 46 -------- .../smack/SASLAuthentication.java | 21 ++-- .../smack/UserAuthentication.java | 76 ------------- .../jivesoftware/smack/XMPPConnection.java | 17 +-- 8 files changed, 18 insertions(+), 284 deletions(-) delete mode 100644 core/src/main/java/org/jivesoftware/smack/NonSASLAuthentication.java delete mode 100644 core/src/main/java/org/jivesoftware/smack/OpenTrustManager.java delete mode 100644 core/src/main/java/org/jivesoftware/smack/UserAuthentication.java diff --git a/bosh/src/main/java/org/jivesoftware/smack/BOSHConfiguration.java b/bosh/src/main/java/org/jivesoftware/smack/BOSHConfiguration.java index bf4ee8061..386c3b082 100644 --- a/bosh/src/main/java/org/jivesoftware/smack/BOSHConfiguration.java +++ b/bosh/src/main/java/org/jivesoftware/smack/BOSHConfiguration.java @@ -37,14 +37,12 @@ public class BOSHConfiguration extends ConnectionConfiguration { public BOSHConfiguration(String xmppDomain) { super(xmppDomain, 7070); - setSASLAuthenticationEnabled(true); ssl = false; file = "/http-bind/"; } public BOSHConfiguration(String xmppDomain, int port) { super(xmppDomain, port); - setSASLAuthenticationEnabled(true); ssl = false; file = "/http-bind/"; } @@ -65,7 +63,6 @@ public class BOSHConfiguration extends ConnectionConfiguration { */ public BOSHConfiguration(boolean https, String host, int port, String filePath, String xmppDomain) { super(host, port, xmppDomain); - setSASLAuthenticationEnabled(true); ssl = https; file = (filePath != null ? filePath : "/"); } @@ -87,7 +84,6 @@ public class BOSHConfiguration extends ConnectionConfiguration { */ public BOSHConfiguration(boolean https, String host, int port, String filePath, ProxyInfo proxy, String xmppDomain) { super(host, port, xmppDomain, proxy); - setSASLAuthenticationEnabled(true); ssl = https; file = (filePath != null ? filePath : "/"); } diff --git a/bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java b/bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java index 3c05e24f3..18ab2d7be 100644 --- a/bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java +++ b/bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java @@ -308,8 +308,7 @@ public class BOSHConnection extends Connection { username = username.toLowerCase().trim(); String response; - if (config.isSASLAuthenticationEnabled() - && saslAuthentication.hasNonAnonymousAuthentication()) { + if (saslAuthentication.hasNonAnonymousAuthentication()) { // Authenticate using SASL if (password != null) { response = saslAuthentication.authenticate(username, password, resource); @@ -317,8 +316,7 @@ public class BOSHConnection extends Connection { response = saslAuthentication.authenticate(username, resource, config.getCallbackHandler()); } } else { - // Authenticate using Non-SASL - response = new NonSASLAuthentication(this).authenticate(username, password, resource); + throw new XMPPException("No non-anonymous SASL authentication mechanism available"); } // Set the user. @@ -370,13 +368,12 @@ public class BOSHConnection extends Connection { } String response; - if (config.isSASLAuthenticationEnabled() && - saslAuthentication.hasAnonymousAuthentication()) { + if (saslAuthentication.hasAnonymousAuthentication()) { response = saslAuthentication.authenticateAnonymously(); } else { // Authenticate using Non-SASL - response = new NonSASLAuthentication(this).authenticateAnonymously(); + throw new XMPPException("No anonymous SASL authentication mechanism available"); } // Set the user value. diff --git a/core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java b/core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java index 7c23f0b32..ae8e227b6 100644 --- a/core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java +++ b/core/src/main/java/org/jivesoftware/smack/ConnectionConfiguration.java @@ -58,7 +58,6 @@ public class ConnectionConfiguration implements Cloneable { private boolean compressionEnabled = false; - private boolean saslAuthenticationEnabled = true; /** * Used to get information from the user */ @@ -367,30 +366,6 @@ public class ConnectionConfiguration implements Cloneable { this.compressionEnabled = compressionEnabled; } - /** - * Returns true if the client is going to use SASL authentication when logging into the - * server. If SASL authenticatin fails then the client will try to use non-sasl authentication. - * By default SASL is enabled. - * - * @return true if the client is going to use SASL authentication when logging into the - * server. - */ - public boolean isSASLAuthenticationEnabled() { - return saslAuthenticationEnabled; - } - - /** - * Sets whether the client will use SASL authentication when logging into the - * server. If SASL authenticatin fails then the client will try to use non-sasl authentication. - * By default, SASL is enabled. - * - * @param saslAuthenticationEnabled if the client is going to use SASL authentication when - * logging into the server. - */ - public void setSASLAuthenticationEnabled(boolean saslAuthenticationEnabled) { - this.saslAuthenticationEnabled = saslAuthenticationEnabled; - } - /** * Returns true if the new connection about to be establish is going to be debugged. By * default the value of {@link Connection#DEBUG_ENABLED} is used. diff --git a/core/src/main/java/org/jivesoftware/smack/NonSASLAuthentication.java b/core/src/main/java/org/jivesoftware/smack/NonSASLAuthentication.java deleted file mode 100644 index 15433b6bf..000000000 --- a/core/src/main/java/org/jivesoftware/smack/NonSASLAuthentication.java +++ /dev/null @@ -1,102 +0,0 @@ -/** - * - * Copyright 2003-2007 Jive Software. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.jivesoftware.smack; - -import org.jivesoftware.smack.packet.Authentication; -import org.jivesoftware.smack.packet.IQ; -import org.jivesoftware.smack.packet.Packet; - -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.callback.Callback; - -/** - * Implementation of JEP-0078: Non-SASL Authentication. Follow the following - * link to obtain more - * information about the JEP. - * - * @author Gaston Dombiak - */ -class NonSASLAuthentication implements UserAuthentication { - - private Connection connection; - - public NonSASLAuthentication(Connection connection) { - super(); - this.connection = connection; - } - - public String authenticate(String username, String resource, CallbackHandler cbh) throws XMPPException { - //Use the callback handler to determine the password, and continue on. - PasswordCallback pcb = new PasswordCallback("Password: ",false); - try { - cbh.handle(new Callback[]{pcb}); - return authenticate(username, String.valueOf(pcb.getPassword()),resource); - } catch (Exception e) { - throw new XMPPException("Unable to determine password.",e); - } - } - - public String authenticate(String username, String password, String resource) throws - XMPPException { - // If we send an authentication packet in "get" mode with just the username, - // the server will return the list of authentication protocols it supports. - Authentication discoveryAuth = new Authentication(); - discoveryAuth.setType(IQ.Type.GET); - discoveryAuth.setUsername(username); - - // Otherwise, no error so continue processing. - Authentication authTypes = (Authentication) connection.createPacketCollectorAndSend( - discoveryAuth).nextResultOrThrow(); - - // Now, create the authentication packet we'll send to the server. - Authentication auth = new Authentication(); - auth.setUsername(username); - - // Figure out if we should use digest or plain text authentication. - if (authTypes.getDigest() != null) { - auth.setDigest(connection.getConnectionID(), password); - } - else if (authTypes.getPassword() != null) { - auth.setPassword(password); - } - else { - throw new XMPPException("Server does not support compatible authentication mechanism."); - } - - auth.setResource(resource); - - Packet response = connection.createPacketCollectorAndSend(auth).nextResultOrThrow(); - - return response.getTo(); - } - - public String authenticateAnonymously() throws XMPPException { - // Create the authentication packet we'll send to the server. - Authentication auth = new Authentication(); - - Packet response = connection.createPacketCollectorAndSend(auth).nextResultOrThrow(); - - if (response.getTo() != null) { - return response.getTo(); - } - else { - return connection.getServiceName() + "/" + ((Authentication) response).getResource(); - } - } -} diff --git a/core/src/main/java/org/jivesoftware/smack/OpenTrustManager.java b/core/src/main/java/org/jivesoftware/smack/OpenTrustManager.java deleted file mode 100644 index 103a72c25..000000000 --- a/core/src/main/java/org/jivesoftware/smack/OpenTrustManager.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - * - * Copyright 2003-2007 Jive Software. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.jivesoftware.smack; - -import javax.net.ssl.X509TrustManager; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -/** - * Dummy trust manager that trust all certificates presented by the server. This class - * is used during old SSL connections. - * - * @author Gaston Dombiak - */ -class OpenTrustManager implements X509TrustManager { - - public OpenTrustManager() { - } - - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[0]; - } - - public void checkClientTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException { - } - - public void checkServerTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException { - } -} diff --git a/core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java b/core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java index 51fe0c0b7..bd6be9f78 100644 --- a/core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java +++ b/core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java @@ -56,7 +56,7 @@ import java.util.*; * @author Gaston Dombiak * @author Jay Kline */ -public class SASLAuthentication implements UserAuthentication { +public class SASLAuthentication { private static Map> implementedMechanisms = new HashMap>(); private static List mechanismsPreferences = new ArrayList(); @@ -348,24 +348,21 @@ public class SASLAuthentication implements UserAuthentication { return bindResourceAndEstablishSession(resource); } else { - // SASL authentication failed so try a Non-SASL authentication - return new NonSASLAuthentication(connection) - .authenticate(username, password, resource); + // SASL authentication failed + throw new XMPPException("SASL authentication failed"); } } catch (XMPPException e) { throw e; } catch (Exception e) { - e.printStackTrace(); - // SASL authentication failed so try a Non-SASL authentication - return new NonSASLAuthentication(connection) - .authenticate(username, password, resource); + // SASL authentication failed + throw new XMPPException("SASL authentication failed", e); } } else { - // No SASL method was found so try a Non-SASL authentication - return new NonSASLAuthentication(connection).authenticate(username, password, resource); + // No SASL method was found, throw an exception + throw new XMPPException("SASL authentication not supported by server"); } } @@ -413,10 +410,10 @@ public class SASLAuthentication implements UserAuthentication { return bindResourceAndEstablishSession(null); } else { - return new NonSASLAuthentication(connection).authenticateAnonymously(); + throw new XMPPException("SASL authentication failed"); } } catch (IOException e) { - return new NonSASLAuthentication(connection).authenticateAnonymously(); + throw new XMPPException("IOException while anonymous SASL authentication", e); } } diff --git a/core/src/main/java/org/jivesoftware/smack/UserAuthentication.java b/core/src/main/java/org/jivesoftware/smack/UserAuthentication.java deleted file mode 100644 index bc6f6369d..000000000 --- a/core/src/main/java/org/jivesoftware/smack/UserAuthentication.java +++ /dev/null @@ -1,76 +0,0 @@ -/** - * - * Copyright 2003-2007 Jive Software. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.jivesoftware.smack; - -import javax.security.auth.callback.CallbackHandler; - -/** - * There are two ways to authenticate a user with a server. Using SASL or Non-SASL - * authentication. This interface makes {@link SASLAuthentication} and - * {@link NonSASLAuthentication} polyphormic. - * - * @author Gaston Dombiak - * @author Jay Kline - */ -interface UserAuthentication { - - /** - * Authenticates the user with the server. This method will return the full JID provided by - * the server. The server may assign a full JID with a username and resource different than - * requested by this method. - * - * Note that using callbacks is the prefered method of authenticating users since it allows - * more flexability in the mechanisms used. - * - * @param username the requested username (authorization ID) for authenticating to the server - * @param resource the requested resource. - * @param cbh the CallbackHandler used to obtain authentication ID, password, or other - * information - * @return the full JID provided by the server while binding a resource for the connection. - * @throws XMPPException if an error occurs while authenticating. - */ - String authenticate(String username, String resource, CallbackHandler cbh) throws - XMPPException; - - /** - * Authenticates the user with the server. This method will return the full JID provided by - * the server. The server may assign a full JID with a username and resource different than - * the requested by this method. - * - * It is recommended that @{link #authenticate(String, String, CallbackHandler)} be used instead - * since it provides greater flexability in authenticaiton and authorization. - * - * @param username the username that is authenticating with the server. - * @param password the password to send to the server. - * @param resource the desired resource. - * @return the full JID provided by the server while binding a resource for the connection. - * @throws XMPPException if an error occures while authenticating. - */ - String authenticate(String username, String password, String resource) throws - XMPPException; - - /** - * Performs an anonymous authentication with the server. The server will created a new full JID - * for this connection. An exception will be thrown if the server does not support anonymous - * authentication. - * - * @return the full JID provided by the server while binding a resource for the connection. - * @throws XMPPException if an error occures while authenticating. - */ - String authenticateAnonymously() throws XMPPException; -} diff --git a/core/src/main/java/org/jivesoftware/smack/XMPPConnection.java b/core/src/main/java/org/jivesoftware/smack/XMPPConnection.java index 24eaef8d2..06d6992d2 100644 --- a/core/src/main/java/org/jivesoftware/smack/XMPPConnection.java +++ b/core/src/main/java/org/jivesoftware/smack/XMPPConnection.java @@ -130,7 +130,6 @@ public class XMPPConnection extends Connection { // Create the configuration for this new connection super(new ConnectionConfiguration(serviceName)); config.setCompressionEnabled(false); - config.setSASLAuthenticationEnabled(true); config.setDebuggerEnabled(DEBUG_ENABLED); config.setCallbackHandler(callbackHandler); } @@ -147,7 +146,6 @@ public class XMPPConnection extends Connection { // Create the configuration for this new connection super(new ConnectionConfiguration(serviceName)); config.setCompressionEnabled(false); - config.setSASLAuthenticationEnabled(true); config.setDebuggerEnabled(DEBUG_ENABLED); } @@ -232,8 +230,7 @@ public class XMPPConnection extends Connection { username = username.toLowerCase().trim(); String response; - if (config.isSASLAuthenticationEnabled() && - saslAuthentication.hasNonAnonymousAuthentication()) { + if (saslAuthentication.hasNonAnonymousAuthentication()) { // Authenticate using SASL if (password != null) { response = saslAuthentication.authenticate(username, password, resource); @@ -242,10 +239,8 @@ public class XMPPConnection extends Connection { response = saslAuthentication .authenticate(username, resource, config.getCallbackHandler()); } - } - else { - // Authenticate using Non-SASL - response = new NonSASLAuthentication(this).authenticate(username, password, resource); + } else { + throw new XMPPException("No non-anonymous SASL authentication mechanism available"); } // Set the user. @@ -305,13 +300,11 @@ public class XMPPConnection extends Connection { } String response; - if (config.isSASLAuthenticationEnabled() && - saslAuthentication.hasAnonymousAuthentication()) { + if (saslAuthentication.hasAnonymousAuthentication()) { response = saslAuthentication.authenticateAnonymously(); } else { - // Authenticate using Non-SASL - response = new NonSASLAuthentication(this).authenticateAnonymously(); + throw new XMPPException("No anonymous SASL authentication mechanism available"); } // Set the user value.