org.jivesoftware.smack.sasl

Class SASLMechanism

java.lang.Object

org.jivesoftware.smack.sasl.SASLMechanism

All Implemented Interfaces:

Comparable<SASLMechanism>

Direct Known Subclasses:

SASLAnonymous, SASLDigestMD5Mechanism, SASLExternalMechanism, SASLJavaXMechanism, SASLPlainMechanism, SASLXOauth2Mechanism, ScramMechanism

public abstract class SASLMechanism
extends Object
implements Comparable<SASLMechanism>

Base class for SASL mechanisms. Subclasses will likely want to implement their own versions of these methods:

• authenticate(String, String, DomainBareJid, String, EntityBareJid, SSLSession) -- Initiate authentication stanza using the deprecated method.
• authenticate(String, DomainBareJid, CallbackHandler, EntityBareJid, SSLSession) -- Initiate authentication stanza using the CallbackHandler method.
• challengeReceived(String, boolean) -- Handle a challenge from the server.

Field Summary

Fields

Modifier and Type	Field and Description
protected String	authenticationId Then authentication identity (authcid).
protected org.jxmpp.jid.EntityBareJid	authorizationId The authorization identifier (authzid).
protected XMPPConnection	connection
protected ConnectionConfiguration	connectionConfiguration
static String	CRAMMD5
static String	DIGESTMD5
static String	EXTERNAL
static String	GSSAPI
protected String	host
protected String	password The users password
static String	PLAIN
protected org.jxmpp.jid.DomainBareJid	serviceName The name of the XMPP service
protected SSLSession	sslSession The used SSL/TLS session (if any).

Constructor Summary

Constructors

Constructor and Description
SASLMechanism()

Method Summary

Modifier and Type	Method and Description
void	authenticate(String host, org.jxmpp.jid.DomainBareJid serviceName, CallbackHandler cbh, org.jxmpp.jid.EntityBareJid authzid, SSLSession sslSession) Builds and sends the auth stanza to the server.
void	authenticate(String username, String host, org.jxmpp.jid.DomainBareJid serviceName, String password, org.jxmpp.jid.EntityBareJid authzid, SSLSession sslSession) Builds and sends the auth stanza to the server.
protected void	authenticateInternal()
protected abstract void	authenticateInternal(CallbackHandler cbh)
boolean	authzidSupported()
void	challengeReceived(String challengeString, boolean finalChallenge) The server is challenging the SASL mechanism for the stanza he just sent.
abstract void	checkIfSuccessfulOrThrow()
int	compareTo(SASLMechanism other)
protected byte[]	evaluateChallenge(byte[] challenge) Evaluate the SASL challenge.
protected abstract byte[]	getAuthenticationText() Should return the initial response of the SASL mechanism.
abstract String	getName() Returns the common name of the SASL mechanism.
abstract int	getPriority() Get the priority of this SASL mechanism.
SASLMechanism	instanceForAuthentication(XMPPConnection connection, ConnectionConfiguration connectionConfiguration)
protected abstract SASLMechanism	newInstance()
protected static String	saslPrep(String string) SASLprep the given String.
protected static byte[]	toBytes(String string)
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CRAMMD5

public static final String CRAMMD5

See Also:

Constant Field Values

DIGESTMD5

public static final String DIGESTMD5

See Also:

Constant Field Values

EXTERNAL

public static final String EXTERNAL

See Also:

Constant Field Values

GSSAPI

public static final String GSSAPI

See Also:

Constant Field Values

PLAIN

public static final String PLAIN

See Also:

Constant Field Values

connection

protected XMPPConnection connection

connectionConfiguration

protected ConnectionConfiguration connectionConfiguration

authenticationId

protected String authenticationId

Then authentication identity (authcid). RFC 6120 § 6.3.7 informs us that some SASL mechanisms use this as a "simple user name". But the exact form is a matter of the mechanism and that it does not necessarily map to an localpart. But it usually is the localpart of the client JID, although sometimes other formats are used (e.g. the full JID).

Not to be confused with the authzid (see RFC 6120 § 6.3.8).

authorizationId

protected org.jxmpp.jid.EntityBareJid authorizationId

The authorization identifier (authzid). This is always a bare Jid, but can be null.

serviceName

protected org.jxmpp.jid.DomainBareJid serviceName

The name of the XMPP service

password

protected String password

The users password

host

protected String host

sslSession

protected SSLSession sslSession

The used SSL/TLS session (if any).

Constructor Detail

SASLMechanism

public SASLMechanism()

Method Detail

authenticate

public final void authenticate(String username,
                               String host,
                               org.jxmpp.jid.DomainBareJid serviceName,
                               String password,
                               org.jxmpp.jid.EntityBareJid authzid,
                               SSLSession sslSession)
                        throws SmackException,
                               SmackException.NotConnectedException,
                               InterruptedException

Builds and sends the auth stanza to the server. Note that this method of authentication is not recommended, since it is very inflexible. Use authenticate(String, DomainBareJid, CallbackHandler, EntityBareJid, SSLSession) whenever possible. Explanation of auth stanza: The client authentication stanza needs to include the digest-uri of the form: xmpp/serviceName From RFC-2831: digest-uri = "digest-uri" "=" digest-uri-value digest-uri-value = serv-type "/" host [ "/" serv-name ] digest-uri: Indicates the principal name of the service with which the client wishes to connect, formed from the serv-type, host, and serv-name. For example, the FTP service on "ftp.example.com" would have a "digest-uri" value of "ftp/ftp.example.com"; the SMTP server from the example above would have a "digest-uri" value of "smtp/mail3.example.com/example.com". host: The DNS host name or IP address for the service requested. The DNS host name must be the fully-qualified canonical name of the host. The DNS host name is the preferred form; see notes on server processing of the digest-uri. serv-name: Indicates the name of the service if it is replicated. The service is considered to be replicated if the client's service-location process involves resolution using standard DNS lookup operations, and if these operations involve DNS records (such as SRV, or MX) which resolve one DNS name into a set of other DNS names. In this case, the initial name used by the client is the "serv-name", and the final name is the "host" component. For example, the incoming mail service for "example.com" may be replicated through the use of MX records stored in the DNS, one of which points at an SMTP server called "mail3.example.com"; it's "serv-name" would be "example.com", it's "host" would be "mail3.example.com". If the service is not replicated, or the serv-name is identical to the host, then the serv-name component MUST be omitted digest-uri verification is needed for ejabberd 2.0.3 and higher

Parameters:

username - the username of the user being authenticated.

host - the hostname where the user account resides.

serviceName - the xmpp service location - used by the SASL client in digest-uri creation serviceName format is: host [ "/" serv-name ] as per RFC-2831

password - the password for this account.

authzid - the optional authorization identity.

sslSession - the optional SSL/TLS session (if one was established)

Throws:

SmackException - If a network error occurs while authenticating.

SmackException.NotConnectedException

InterruptedException

authenticateInternal

protected void authenticateInternal()
                             throws SmackException

Throws:

SmackException

authenticate

public void authenticate(String host,
                         org.jxmpp.jid.DomainBareJid serviceName,
                         CallbackHandler cbh,
                         org.jxmpp.jid.EntityBareJid authzid,
                         SSLSession sslSession)
                  throws SmackException,
                         SmackException.NotConnectedException,
                         InterruptedException

Builds and sends the auth stanza to the server. The callback handler will handle any additional information, such as the authentication ID or realm, if it is needed.

Parameters:

host - the hostname where the user account resides.

serviceName - the xmpp service location

cbh - the CallbackHandler to obtain user information.

authzid - the optional authorization identity.

sslSession - the optional SSL/TLS session (if one was established)

Throws:

SmackException

SmackException.NotConnectedException

InterruptedException

authenticateInternal

protected abstract void authenticateInternal(CallbackHandler cbh)
                                      throws SmackException

Throws:

SmackException

getAuthenticationText

protected abstract byte[] getAuthenticationText()
                                         throws SmackException

Should return the initial response of the SASL mechanism. The returned byte array will be send base64 encoded to the server. SASL mechanism are free to return null or an empty array here.

Returns:

the initial response or null

Throws:

SmackException

challengeReceived

public final void challengeReceived(String challengeString,
                                    boolean finalChallenge)
                             throws SmackException,
                                    InterruptedException

The server is challenging the SASL mechanism for the stanza he just sent. Send a response to the server's challenge.

Parameters:

challengeString - a base64 encoded string representing the challenge.

finalChallenge - true if this is the last challenge send by the server within the success stanza

Throws:

SmackException - exception

InterruptedException - if the connection is interrupted

evaluateChallenge

protected byte[] evaluateChallenge(byte[] challenge)
                            throws SmackException

Evaluate the SASL challenge.

Parameters:

challenge - challenge to evaluate.

Returns:

null.

Throws:

SmackException - in case of an error.

compareTo

public final int compareTo(SASLMechanism other)

Specified by:

compareTo in interface Comparable<SASLMechanism>

getName

public abstract String getName()

Returns the common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or GSSAPI.

Returns:

the common name of the SASL mechanism.

getPriority

public abstract int getPriority()

Get the priority of this SASL mechanism. Lower values mean higher priority.

Returns:

the priority of this SASL mechanism.

checkIfSuccessfulOrThrow

public abstract void checkIfSuccessfulOrThrow()
                                       throws SmackException

Throws:

SmackException

instanceForAuthentication

public SASLMechanism instanceForAuthentication(XMPPConnection connection,
                                               ConnectionConfiguration connectionConfiguration)

authzidSupported

public boolean authzidSupported()

newInstance

protected abstract SASLMechanism newInstance()

toBytes

protected static byte[] toBytes(String string)

saslPrep

protected static String saslPrep(String string)

SASLprep the given String. The resulting String is in UTF-8.

Parameters:

string - the String to sasl prep.

Returns:

the given String SASL preped

See Also:

RFC 4013 - SASLprep: Stringprep Profile for User Names and Passwords

toString

public final String toString()

Overrides:

toString in class Object