* A simple SASLPrep StringTransformer would be for example: java.text.Normalizer.normalize(string, Form.NFKC);
*
* Not to be confused with the authzid (see RFC 6120 § 6.3.8). *
*/ protected String authenticationId; /** * The name of the XMPP service */ protected DomainBareJid serviceName; /** * The users password */ protected String password; protected String host; /** * Builds and sends the auth stanza to the server. Note that this method of * authentication is not recommended, since it is very inflexible. Use * {@link #authenticate(String, DomainBareJid, CallbackHandler)} whenever possible. * * Explanation of auth stanza: * * The client authentication stanza needs to include the digest-uri of the form: xmpp/serviceName * From RFC-2831: * digest-uri = "digest-uri" "=" digest-uri-value * digest-uri-value = serv-type "/" host [ "/" serv-name ] * * digest-uri: * Indicates the principal name of the service with which the client * wishes to connect, formed from the serv-type, host, and serv-name. * For example, the FTP service * on "ftp.example.com" would have a "digest-uri" value of "ftp/ftp.example.com"; the SMTP * server from the example above would have a "digest-uri" value of * "smtp/mail3.example.com/example.com". * * host: * The DNS host name or IP address for the service requested. The DNS host name * must be the fully-qualified canonical name of the host. The DNS host name is the * preferred form; see notes on server processing of the digest-uri. * * serv-name: * Indicates the name of the service if it is replicated. The service is * considered to be replicated if the client's service-location process involves resolution * using standard DNS lookup operations, and if these operations involve DNS records (such * as SRV, or MX) which resolve one DNS name into a set of other DNS names. In this case, * the initial name used by the client is the "serv-name", and the final name is the "host" * component. For example, the incoming mail service for "example.com" may be replicated * through the use of MX records stored in the DNS, one of which points at an SMTP server * called "mail3.example.com"; it's "serv-name" would be "example.com", it's "host" would be * "mail3.example.com". If the service is not replicated, or the serv-name is identical to * the host, then the serv-name component MUST be omitted * * digest-uri verification is needed for ejabberd 2.0.3 and higher * * @param username the username of the user being authenticated. * @param host the hostname where the user account resides. * @param serviceName the xmpp service location - used by the SASL client in digest-uri creation * serviceName format is: host [ "/" serv-name ] as per RFC-2831 * @param password the password for this account. * @throws SmackException If a network error occurs while authenticating. * @throws NotConnectedException * @throws InterruptedException */ public final void authenticate(String username, String host, DomainBareJid serviceName, String password) throws SmackException, NotConnectedException, InterruptedException { this.authenticationId = username; this.host = host; this.serviceName = serviceName; this.password = password; authenticateInternal(); authenticate(); } protected void authenticateInternal() throws SmackException { } /** * Builds and sends the auth stanza to the server. The callback handler will handle * any additional information, such as the authentication ID or realm, if it is needed. * * @param host the hostname where the user account resides. * @param serviceName the xmpp service location * @param cbh the CallbackHandler to obtain user information. * @throws SmackException * @throws NotConnectedException * @throws InterruptedException */ public void authenticate(String host, DomainBareJid serviceName, CallbackHandler cbh) throws SmackException, NotConnectedException, InterruptedException { this.host = host; this.serviceName = serviceName; authenticateInternal(cbh); authenticate(); } protected abstract void authenticateInternal(CallbackHandler cbh) throws SmackException; private final void authenticate() throws SmackException, NotConnectedException, InterruptedException { byte[] authenticationBytes = getAuthenticationText(); String authenticationText; if (authenticationBytes != null) { authenticationText = Base64.encodeToString(authenticationBytes); } else { // RFC6120 6.4.2 "If the initiating entity needs to send a zero-length initial response, // it MUST transmit the response as a single equals sign character ("="), which // indicates that the response is present but contains no data." authenticationText = "="; } // Send the authentication to the server connection.send(new AuthMechanism(getName(), authenticationText)); } /** * Should return the initial response of the SASL mechanism. The returned byte array will be * send base64 encoded to the server. SASL mechanism are free to returnnull here.
*
* @return the initial response or null
* @throws SmackException
*/
protected abstract byte[] getAuthenticationText() throws SmackException;
/**
* The server is challenging the SASL mechanism for the stanza he just sent. Send a
* response to the server's challenge.
*
* @param challengeString a base64 encoded string representing the challenge.
* @param finalChallenge true if this is the last challenge send by the server within the success stanza
* @throws NotConnectedException
* @throws SmackException
* @throws InterruptedException
*/
public final void challengeReceived(String challengeString, boolean finalChallenge) throws SmackException, NotConnectedException, InterruptedException {
byte[] challenge = Base64.decode(challengeString);
byte[] response = evaluateChallenge(challenge);
if (finalChallenge) {
return;
}
Response responseStanza;
if (response == null) {
responseStanza = new Response();
}
else {
responseStanza = new Response(Base64.encodeToString(response));
}
// Send the authentication to the server
connection.send(responseStanza);
}
protected byte[] evaluateChallenge(byte[] challenge) throws SmackException {
return null;
}
public final int compareTo(SASLMechanism other) {
return getPriority() - other.getPriority();
}
/**
* Returns the common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or GSSAPI.
*
* @return the common name of the SASL mechanism.
*/
public abstract String getName();
public abstract int getPriority();
public abstract void checkIfSuccessfulOrThrow() throws SmackException;
public SASLMechanism instanceForAuthentication(XMPPConnection connection) {
SASLMechanism saslMechansim = newInstance();
saslMechansim.connection = connection;
return saslMechansim;
}
protected abstract SASLMechanism newInstance();
protected static byte[] toBytes(String string) {
return StringUtils.toBytes(string);
}
/**
* SASLprep the given String.
*
* @param string the String to sasl prep.
* @return the given String SASL preped
* @see RFC 4013 - SASLprep: Stringprep Profile for User Names and Passwords
*/
protected static String saslPrep(String string) {
StringTransformer stringTransformer = saslPrepTransformer;
if (stringTransformer != null) {
return stringTransformer.transform(string);
}
return string;
}
}