/** * $RCSfile$ * $Revision: $ * $Date: $ * * Copyright 2003-2007 Jive Software. * * All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.jivesoftware.smack; import org.jivesoftware.smack.filter.PacketIDFilter; import org.jivesoftware.smack.packet.Bind; import org.jivesoftware.smack.packet.IQ; import org.jivesoftware.smack.packet.Packet; import org.jivesoftware.smack.packet.Session; import org.jivesoftware.smack.sasl.*; import javax.security.auth.callback.CallbackHandler; import java.io.IOException; import java.lang.reflect.Constructor; import java.util.*; /** *
This class is responsible authenticating the user using SASL, binding the resource * to the connection and establishing a session with the server.
* *Once TLS has been negotiated (i.e. the connection has been secured) it is possible to * register with the server, authenticate using Non-SASL or authenticate using SASL. If the * server supports SASL then Smack will first try to authenticate using SASL. But if that * fails then Non-SASL will be tried.
* *The server may support many SASL mechanisms to use for authenticating. Out of the box * Smack provides several SASL mechanisms, but it is possible to register new SASL Mechanisms. Use * {@link #registerSASLMechanism(String, Class)} to register a new mechanisms. A registered * mechanism wont be used until {@link #supportSASLMechanism(String, int)} is called. By default, * the list of supported SASL mechanisms is determined from the {@link SmackConfiguration}.
* *Once the user has been authenticated with SASL, it is necessary to bind a resource for * the connection. If no resource is passed in {@link #authenticate(String, String, String)} * then the server will assign a resource for the connection. In case a resource is passed * then the server will receive the desired resource but may assign a modified resource for * the connection.
* *Once a resource has been binded and if the server supports sessions then Smack will establish * a session so that instant messaging and presence functionalities may be used.
* * @see org.jivesoftware.smack.sasl.SASLMechanism * * @author Gaston Dombiak * @author Jay Kline */ public class SASLAuthentication implements UserAuthentication { private static Map* * The server may assign a full JID with a username or resource different than the requested * by this method. * * @param username the username that is authenticating with the server. * @param resource the desired resource. * @param cbh the CallbackHandler used to get information from the user * @return the full JID provided by the server while binding a resource to the connection. * @throws XMPPException if an error occures while authenticating. */ public String authenticate(String username, String resource, CallbackHandler cbh) throws XMPPException { // Locate the SASLMechanism to use String selectedMechanism = null; for (String mechanism : mechanismsPreferences) { if (implementedMechanisms.containsKey(mechanism) && serverMechanisms.contains(mechanism)) { selectedMechanism = mechanism; break; } } if (selectedMechanism != null) { // A SASL mechanism was found. Authenticate using the selected mechanism and then // proceed to bind a resource try { Class extends SASLMechanism> mechanismClass = implementedMechanisms.get(selectedMechanism); Constructor extends SASLMechanism> constructor = mechanismClass.getConstructor(SASLAuthentication.class); currentMechanism = constructor.newInstance(this); // Trigger SASL authentication with the selected mechanism. We use // connection.getHost() since GSAPI requires the FQDN of the server, which // may not match the XMPP domain. currentMechanism.authenticate(username, connection.getHost(), cbh); // Wait until SASL negotiation finishes synchronized (this) { if (!saslNegotiated && !saslFailed) { try { wait(30000); } catch (InterruptedException e) { // Ignore } } } if (saslFailed) { // SASL authentication failed and the server may have closed the connection // so throw an exception if (errorCondition != null) { throw new XMPPException("SASL authentication " + selectedMechanism + " failed: " + errorCondition); } else { throw new XMPPException("SASL authentication failed using mechanism " + selectedMechanism); } } if (saslNegotiated) { // Bind a resource for this connection and return bindResourceAndEstablishSession(resource); } else { // SASL authentication failed } } catch (XMPPException e) { throw e; } catch (Exception e) { e.printStackTrace(); } } else { throw new XMPPException("SASL Authentication failed. No known authentication mechanisims."); } throw new XMPPException("SASL authentication failed"); } /** * Performs SASL authentication of the specified user. If SASL authentication was successful * then resource binding and session establishment will be performed. This method will return * the full JID provided by the server while binding a resource to the connection.
* * The server may assign a full JID with a username or resource different than the requested * by this method. * * @param username the username that is authenticating with the server. * @param password the password to send to the server. * @param resource the desired resource. * @return the full JID provided by the server while binding a resource to the connection. * @throws XMPPException if an error occures while authenticating. */ public String authenticate(String username, String password, String resource) throws XMPPException { // Locate the SASLMechanism to use String selectedMechanism = null; for (String mechanism : mechanismsPreferences) { if (implementedMechanisms.containsKey(mechanism) && serverMechanisms.contains(mechanism)) { selectedMechanism = mechanism; break; } } if (selectedMechanism != null) { // A SASL mechanism was found. Authenticate using the selected mechanism and then // proceed to bind a resource try { Class extends SASLMechanism> mechanismClass = implementedMechanisms.get(selectedMechanism); Constructor extends SASLMechanism> constructor = mechanismClass.getConstructor(SASLAuthentication.class); currentMechanism = constructor.newInstance(this); // Trigger SASL authentication with the selected mechanism. We use // connection.getHost() since GSAPI requires the FQDN of the server, which // may not match the XMPP domain. currentMechanism.authenticate(username, connection.getServiceName(), password); // Wait until SASL negotiation finishes synchronized (this) { if (!saslNegotiated && !saslFailed) { try { wait(30000); } catch (InterruptedException e) { // Ignore } } } if (saslFailed) { // SASL authentication failed and the server may have closed the connection // so throw an exception if (errorCondition != null) { throw new XMPPException("SASL authentication " + selectedMechanism + " failed: " + errorCondition); } else { throw new XMPPException("SASL authentication failed using mechanism " + selectedMechanism); } } if (saslNegotiated) { // Bind a resource for this connection and return bindResourceAndEstablishSession(resource); } else { // SASL authentication failed so try a Non-SASL authentication return new NonSASLAuthentication(connection) .authenticate(username, password, resource); } } catch (XMPPException e) { throw e; } catch (Exception e) { e.printStackTrace(); // SASL authentication failed so try a Non-SASL authentication return new NonSASLAuthentication(connection) .authenticate(username, password, resource); } } else { // No SASL method was found so try a Non-SASL authentication return new NonSASLAuthentication(connection).authenticate(username, password, resource); } } /** * Performs ANONYMOUS SASL authentication. If SASL authentication was successful * then resource binding and session establishment will be performed. This method will return * the full JID provided by the server while binding a resource to the connection.
*
* The server will assign a full JID with a randomly generated resource and possibly with
* no username.
*
* @return the full JID provided by the server while binding a resource to the connection.
* @throws XMPPException if an error occures while authenticating.
*/
public String authenticateAnonymously() throws XMPPException {
try {
currentMechanism = new SASLAnonymous(this);
currentMechanism.authenticate(null,null,"");
// Wait until SASL negotiation finishes
synchronized (this) {
if (!saslNegotiated && !saslFailed) {
try {
wait(5000);
}
catch (InterruptedException e) {
// Ignore
}
}
}
if (saslFailed) {
// SASL authentication failed and the server may have closed the connection
// so throw an exception
if (errorCondition != null) {
throw new XMPPException("SASL authentication failed: " + errorCondition);
}
else {
throw new XMPPException("SASL authentication failed");
}
}
if (saslNegotiated) {
// Bind a resource for this connection and
return bindResourceAndEstablishSession(null);
}
else {
return new NonSASLAuthentication(connection).authenticateAnonymously();
}
} catch (IOException e) {
return new NonSASLAuthentication(connection).authenticateAnonymously();
}
}
private String bindResourceAndEstablishSession(String resource) throws XMPPException {
// Wait until server sends response containing the