Big change for authentication, which now supports more SASL mechanisms and

callbacks.  This should address issues SMACK-210 and SMACK-142, as well as 
set the stage for SMACK-234. 



git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@9498 b35dd754-fafc-0310-a699-88a17e54d16e

source/org/jivesoftware/smack/sasl/SASLMechanism.java

@@ -20,47 +20,107 @@
 
 package org.jivesoftware.smack.sasl;
 
+import org.jivesoftware.smack.XMPPException;
 import org.jivesoftware.smack.SASLAuthentication;
-import org.jivesoftware.smack.util.StringUtils;
+import org.jivesoftware.smack.util.Base64;
 
 import java.io.IOException;
+import java.util.Map;
+import java.util.HashMap;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.sasl.RealmCallback;
+import javax.security.sasl.RealmChoiceCallback;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
 
 /**
- * Base class for SASL mechanisms. Subclasses must implement three methods:
+ * Base class for SASL mechanisms. Subclasses must implement these methods:
  * <ul>
  *  <li>{@link #getName()} -- returns the common name of the SASL mechanism.</li>
- *  <li>{@link #getAuthenticationText(String, String, String)} -- authentication text to include
- *      in the initial <tt>auth</tt> stanza.</li>
- *  <li>{@link #getChallengeResponse(byte[])} -- to respond challenges made by the server.</li>
+ * </ul>
+ * Subclasses will likely want to implement their own versions of these mthods:
+ *  <li>{@link #authenticate(String, String, String)} -- Initiate authentication stanza using the
+ *  deprecated method.</li>
+ *  <li>{@link #authenticate(String, String, CallbackHandler)} -- Initiate authentication stanza
+ *  using the CallbackHandler method.</li>
+ *  <li>{@link #challengeReceived(String)} -- Handle a challenge from the server.</li>
  * </ul>
  *
- * @author Gaston Dombiak
+ * @author Jay Kline
  */
-public abstract class SASLMechanism {
+public abstract class SASLMechanism implements CallbackHandler {
 
     private SASLAuthentication saslAuthentication;
+    protected SaslClient sc;
+    protected String authenticationId;
+    protected String password;
+
 
     public SASLMechanism(SASLAuthentication saslAuthentication) {
-        super();
         this.saslAuthentication = saslAuthentication;
     }
 
     /**
-     * Builds and sends the <tt>auth</tt> stanza to the server.
+     * Builds and sends the <tt>auth</tt> stanza to the server. Note that this method of
+     * authentication is not recommended, since it is very inflexable.  Use
+     * {@link #authenticate(String, String, CallbackHandler)} whenever possible.
      *
      * @param username the username of the user being authenticated.
      * @param host     the hostname where the user account resides.
-     * @param password the password of the user.
-     * @throws IOException If a network error occures while authenticating.
+     * @param password the password for this account.
+     * @throws IOException If a network error occurs while authenticating.
+     * @throws XMPPException If a protocol error occurs or the user is not authenticated.
      */
-    public void authenticate(String username, String host, String password) throws IOException {
-        // Build the authentication stanza encoding the authentication text
-        StringBuilder stanza = new StringBuilder();
+    public void authenticate(String username, String host, String password) throws IOException, XMPPException {
+        //Since we were not provided with a CallbackHandler, we will use our own with the given
+        //information
+
+        //Set the authenticationID as the username, since they must be the same in this case.
+        this.authenticationId = username;
+        this.password = password;
+
+        String[] mechanisms = { getName() };
+        Map<String,String> props = new HashMap<String,String>();
+        sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, this);
+        authenticate();
+    }
+
+    /**
+     * Builds and sends the <tt>auth</tt> stanza to the server. The callback handler will handle
+     * any additional information, such as the authentication ID or realm, if it is needed.
+     *
+     * @param username the username of the user being authenticated.
+     * @param host     the hostname where the user account resides.
+     * @param cbh      the CallbackHandler to obtain user information.
+     * @throws IOException If a network error occures while authenticating.
+     * @throws XMPPException If a protocol error occurs or the user is not authenticated.
+     */
+    public void authenticate(String username, String host, CallbackHandler cbh) throws IOException, XMPPException {
+        String[] mechanisms = { getName() };
+        Map<String,String> props = new HashMap<String,String>();
+        sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, cbh);
+        authenticate();
+    }
+
+    protected void authenticate() throws IOException, XMPPException {
+        StringBuffer stanza = new StringBuffer();
         stanza.append("<auth mechanism=\"").append(getName());
         stanza.append("\" xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
-        String authenticationText = getAuthenticationText(username, host, password);
-        if (authenticationText != null) {
-            stanza.append(StringUtils.encodeBase64(authenticationText));
+        try {
+            if(sc.hasInitialResponse()) {
+                byte[] response = sc.evaluateChallenge(new byte[0]);
+                String authenticationText = Base64.encodeBytes(response,Base64.DONT_BREAK_LINES);
+                if(authenticationText != null && !authenticationText.equals("")) {
+                    stanza.append(authenticationText);
+                }
+            }
+        } catch (SaslException e) {
+            throw new XMPPException("SASL authentication failed", e);
         }
         stanza.append("</auth>");
 
@@ -68,6 +128,7 @@ public abstract class SASLMechanism {
         getSASLAuthentication().send(stanza.toString());
     }
 
+
     /**
      * The server is challenging the SASL mechanism for the stanza he just sent. Send a
      * response to the server's challenge.
@@ -77,12 +138,22 @@ public abstract class SASLMechanism {
      */
     public void challengeReceived(String challenge) throws IOException {
         // Build the challenge response stanza encoding the response text
-        StringBuilder stanza = new StringBuilder();
-        stanza.append("<response xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
-        String authenticationText = getChallengeResponse(StringUtils.decodeBase64(challenge));
-        if (authenticationText != null) {
-            stanza.append(StringUtils.encodeBase64(authenticationText));
+        StringBuffer stanza = new StringBuffer();
+
+        byte response[];
+        if(challenge != null) {
+            response = sc.evaluateChallenge(Base64.decode(challenge));
+        } else {
+            response = sc.evaluateChallenge(null);
         }
+
+        String authenticationText = Base64.encodeBytes(response,Base64.DONT_BREAK_LINES);
+        if(authenticationText.equals("")) {
+            authenticationText = "=";
+        }
+
+        stanza.append("<response xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
+        stanza.append(authenticationText);
         stanza.append("</response>");
 
         // Send the authentication to the server
@@ -90,34 +161,37 @@ public abstract class SASLMechanism {
     }
 
     /**
-     * Returns the response text to send answering the challenge sent by the server. Mechanisms
-     * that will never receive a challenge may redefine this method returning <tt>null</tt>.
-     *
-     * @param bytes the challenge sent by the server.
-     * @return the response text to send to answer the challenge sent by the server.
-     */
-    protected abstract String getChallengeResponse(byte[] bytes);
-
-    /**
-     * Returns the common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or KERBEROS_V4.
+     * Returns the common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or GSSAPI.
      *
      * @return the common name of the SASL mechanism.
      */
     protected abstract String getName();
 
-    /**
-     * Returns the authentication text to include in the initial <tt>auth</tt> stanza
-     * or <tt>null</tt> if nothing should be added.
-     *
-     * @param username the username of the user being authenticated.
-     * @param host     the hostname where the user account resides.
-     * @param password the password of the user.
-     * @return the authentication text to include in the initial <tt>auth</tt> stanza
-     *         or <tt>null</tt> if nothing should be added.
-     */
-    protected abstract String getAuthenticationText(String username, String host, String password);
 
     protected SASLAuthentication getSASLAuthentication() {
         return saslAuthentication;
     }
+
+    /**
+     * 
+     */
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof NameCallback) {
+                NameCallback ncb = (NameCallback)callbacks[i];
+                ncb.setName(authenticationId);
+            } else if(callbacks[i] instanceof PasswordCallback) {
+                PasswordCallback pcb = (PasswordCallback)callbacks[i];
+                pcb.setPassword(password.toCharArray());
+            } else if(callbacks[i] instanceof RealmCallback) {
+                //unused
+                //RealmCallback rcb = (RealmCallback)callbacks[i];
+            } else if(callbacks[i] instanceof RealmChoiceCallback){
+                //unused
+                //RealmChoiceCallback rccb = (RealmChoiceCallback)callbacks[i];
+            } else {
+               throw new UnsupportedCallbackException(callbacks[i]);
+            }
+         }
+    }
 }