Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package gov.nist.javax.sip.clientauthutils;
  
  /*
   *
   * This code has been contributed with permission from:
   *
   * SIP Communicator, the OpenSource Java VoIP and Instant Messaging client but has been significantly changed.
   * It is donated to the JAIN-SIP project as it is common code that many sip clients
   * need to perform class and others will consitute a set of utility functions
  * that will implement common operations that ease the life of the developer.
  *
  * Acknowledgements:
  * ----------------
  *
  * Fredrik Wickstrom reported that dialog cseq counters are not incremented
  * when resending requests. He later uncovered additional problems and
  * proposed a way to fix them (his proposition was taken into account).
  */
 
 
 
The class handles authentication challenges, caches user credentials and takes care (through the SecurityAuthority interface) about retrieving passwords.

Author(s):
Emil Ivov
Jeroen van Bemmel
M. Ranganathan
Since:
2.0
 
 
 public class AuthenticationHelperImpl implements AuthenticationHelper {

    
Credentials cached so far.
 
     private CredentialsCache cachedCredentials;

    
The account manager for the system. Stores user credentials.
 
     private Object accountManager = null;
 
     /*
      * Header factory for this security manager.
      */
     private HeaderFactory headerFactory;
 
     private SIPTransactionStack sipStack;
 
     Timer timer;

    
Default constructor for the security manager. There is one Account manager. There is one SipSecurity manager for every user name,

Parameters:
sipStack -- our stack.
accountManager -- an implementation of the AccountManager interface.
headerFactory -- header factory.
 
     public AuthenticationHelperImpl(SIPTransactionStack sipStackAccountManager accountManager,
             HeaderFactory headerFactory) {
         this. = accountManager;
         this. = headerFactory;
         this. = sipStack;
 
         this. = new CredentialsCache(((SIPTransactionStacksipStack).getTimer());
     }
    
    
Default constructor for the security manager. There is one Account manager. There is one SipSecurity manager for every user name,

Parameters:
sipStack -- our stack.
accountManager -- an implementation of the AccountManager interface.
headerFactory -- header factory.
    public AuthenticationHelperImpl(SIPTransactionStack sipStackSecureAccountManager accountManager,
            HeaderFactory headerFactory) {
        this. = accountManager;
        this. = headerFactory;
        this. = sipStack;
        this. = new CredentialsCache(((SIPTransactionStacksipStack).getTimer());
    }
    
    /*
     * (non-Javadoc)
     *
     * @see gov.nist.javax.sip.clientauthutils.AuthenticationHelper#handleChallenge(javax.sip.message.Response,
     *      javax.sip.ClientTransaction, javax.sip.SipProvider)
     */
    public ClientTransaction handleChallenge(Response challenge,
            ClientTransaction challengedTransactionSipProvider transactionCreatorint cacheTime)
            throws SipExceptionNullPointerException {
        try {
            if (.isLoggingEnabled()) {
                .getStackLogger().logDebug("handleChallenge: " + challenge);
            }
            SIPRequest challengedRequest = ((SIPRequestchallengedTransaction.getRequest());
            Request reoriginatedRequest = null;
            /*
             * If the challenged request is part of a Dialog and the
             * Dialog is confirmed the re-originated request should be
             * generated as an in-Dialog request.
             */
            if (  challengedRequest.getToTag() != null  ||
                    challengedTransaction.getDialog() == null ||
                    challengedTransaction.getDialog().getState() != .)  {
                reoriginatedRequest = (RequestchallengedRequest.clone();
            } else {
                /*
                 * Re-originate the request by consulting the dialog. In particular
                 * the route set could change between the original request and the 
                 * in-dialog challenge.
                 */
                reoriginatedRequest =
                    challengedTransaction.getDialog().createRequest(challengedRequest.getMethod());
                Iterator<StringheaderNames = challengedRequest.getHeaderNames();
                while (headerNames.hasNext()) {
                    String headerName = headerNames.next();
                    if ( reoriginatedRequest.getHeader(headerName) != null) {
                        ListIterator<Headeriterator = reoriginatedRequest.getHeaders(headerName);
                        while (iterator.hasNext()) {
                            reoriginatedRequest.addHeader(iterator.next());
                        }
                    }
                }
            }
            // remove the branch id so that we could use the request in a new
            // transaction
            removeBranchID(reoriginatedRequest);
            if (challenge == null || reoriginatedRequest == null) {
                throw new NullPointerException("A null argument was passed to handle challenge.");
            }
            ListIterator authHeaders = null;
            if (challenge.getStatusCode() == .) {
                authHeaders = challenge.getHeaders(.);
            } else if (challenge.getStatusCode() == .) {
                authHeaders = challenge.getHeaders(.);
            } else {
                throw new IllegalArgumentException("Unexpected status code ");
            }
            if (authHeaders == null) {
                throw new IllegalArgumentException(
                        "Could not find WWWAuthenticate or ProxyAuthenticate headers");
            }
            // Remove all authorization headers from the request (we'll re-add them
            // from cache)
            reoriginatedRequest.removeHeader(.);
            reoriginatedRequest.removeHeader(.);
            // rfc 3261 says that the cseq header should be augmented for the new
            // request. do it here so that the new dialog (created together with
            // the new client transaction) takes it into account.
            // Bug report - Fredrik Wickstrom
            CSeqHeader cSeq = (CSeqHeaderreoriginatedRequest.getHeader((.));
            try {
                cSeq.setSeqNumber(cSeq.getSeqNumber() + 1l);
            } catch (InvalidArgumentException ex) {
                throw new SipException("Invalid CSeq -- could not increment : "
                        + cSeq.getSeqNumber());
            }
            /* Resolve this to the next hop based on the previous lookup. If we are not using
             * lose routing (RFC2543) then just attach hop as a maddr param.
             */
            if ( challengedRequest.getRouteHeaders() == null ) {
                Hop hop   = ((SIPClientTransactionchallengedTransaction).getNextHop();
                SipURI sipUri = (SipURIreoriginatedRequest.getRequestURI();
                sipUri.setMAddrParam(hop.getHost());
                if ( hop.getPort() != -1 ) sipUri.setPort(hop.getPort());
            }
            ClientTransaction retryTran = transactionCreator
            .getNewClientTransaction(reoriginatedRequest);
            WWWAuthenticateHeader authHeader = null;
            SipURI requestUri = (SipURIchallengedTransaction.getRequest().getRequestURI();
            while (authHeaders.hasNext()) {
                authHeader = (WWWAuthenticateHeaderauthHeaders.next();
                String realm = authHeader.getRealm();
                AuthorizationHeader authorization = null;
                String sipDomain;
                if ( this. instanceof SecureAccountManager ) {
                    UserCredentialHash credHash =
                        ((SecureAccountManager)this.).getCredentialHash(challengedTransaction,realm);
                    URI uri = reoriginatedRequest.getRequestURI();
                    sipDomain = credHash.getSipDomain();
                    authorization = this.getAuthorization(reoriginatedRequest
                            .getMethod(), uri.toString(),
                            (reoriginatedRequest.getContent() == null) ? "" : new String(
                            reoriginatedRequest.getRawContent()), authHeadercredHash);
                } else {
                    UserCredentials userCreds = ((AccountManagerthis.).getCredentials(challengedTransactionrealm);
                    sipDomain = userCreds.getSipDomain();
                    if (userCreds == null)
                         throw new SipException(
                            "Cannot find user creds for the given user name and realm");
                    // we haven't yet authenticated this realm since we were
                    // started.
                       authorization = this.getAuthorization(reoriginatedRequest
                                .getMethod(), reoriginatedRequest.getRequestURI().toString(),
                                (reoriginatedRequest.getContent() == null) ? "" : new String(
                                reoriginatedRequest.getRawContent()), authHeaderuserCreds);
                }
                if (.isLoggingEnabled())
                	.getStackLogger().logDebug(
                        "Created authorization header: " + authorization.toString());
                if (cacheTime != 0)
                    .cacheAuthorizationHeader(sipDomain,
                            authorizationcacheTime);
                reoriginatedRequest.addHeader(authorization);
            }
            if (.isLoggingEnabled()) {
                .getStackLogger().logDebug(
                        "Returning authorization transaction." + retryTran);
            }
            return retryTran;
        } catch (SipException ex) {
            throw ex;
        } catch (Exception ex) {
            .getStackLogger().logError("Unexpected exception "ex);
            throw new SipException("Unexpected exception "ex);
        }
    }
    
    
   

    
Generates an authorisation header in response to wwwAuthHeader.

Parameters:
method method of the request being authenticated
uri digest-uri
requestBody the body of the request.
authHeader the challenge that we should respond to
userCredentials username and pass
Returns:
an authorisation header in response to authHeader.
Throws:
OperationFailedException if auth header was malformated.
    private AuthorizationHeader getAuthorization(String methodString uriString requestBody,
            WWWAuthenticateHeader authHeaderUserCredentials userCredentials) {
        String response = null;
        // JvB: authHeader.getQop() is a quoted _list_ of qop values
        // (e.g. "auth,auth-int") Client is supposed to pick one
        String qopList = authHeader.getQop();
        String qop = (qopList != null) ? "auth" : null;
        String nc_value = "00000001";
        String cnonce = "xyz";
        response = MessageDigestAlgorithm.calculateResponse(authHeader.getAlgorithm(),
                userCredentials.getUserName(), authHeader.getRealm(), userCredentials
                        .getPassword(), authHeader.getNonce(), nc_value// JvB added
                cnonce// JvB added
                methodurirequestBodyqop,.getStackLogger());// jvb changed
        AuthorizationHeader authorization = null;
        try {
            if (authHeader instanceof ProxyAuthenticateHeader) {
                authorization = .createProxyAuthorizationHeader(authHeader
                        .getScheme());
            } else {
                authorization = .createAuthorizationHeader(authHeader.getScheme());
            }
            authorization.setUsername(userCredentials.getUserName());
            authorization.setRealm(authHeader.getRealm());
            authorization.setNonce(authHeader.getNonce());
            authorization.setParameter("uri"uri);
            authorization.setResponse(response);
            if (authHeader.getAlgorithm() != null) {
                authorization.setAlgorithm(authHeader.getAlgorithm());
            }
            if (authHeader.getOpaque() != null) {
                authorization.setOpaque(authHeader.getOpaque());
            }
            // jvb added
            if (qop != null) {
                authorization.setQop(qop);
                authorization.setCNonce(cnonce);
                authorization.setNonceCount(Integer.parseInt(nc_value));
            }
            authorization.setResponse(response);
        } catch (ParseException ex) {
            throw new RuntimeException("Failed to create an authorization header!");
        }
        return authorization;
    }
    
Generates an authorisation header in response to wwwAuthHeader.

Parameters:
method method of the request being authenticated
uri digest-uri
requestBody the body of the request.
authHeader the challenge that we should respond to
userCredentials username and pass
Returns:
an authorisation header in response to authHeader.
Throws:
OperationFailedException if auth header was malformated.
    private AuthorizationHeader getAuthorization(String methodString uriString requestBody,
            WWWAuthenticateHeader authHeaderUserCredentialHash userCredentials) {
        String response = null;
        // JvB: authHeader.getQop() is a quoted _list_ of qop values
        // (e.g. "auth,auth-int") Client is supposed to pick one
        String qopList = authHeader.getQop();
        String qop = (qopList != null) ? "auth" : null;
        String nc_value = "00000001";
        String cnonce = "xyz";
        response = MessageDigestAlgorithm.calculateResponse(authHeader.getAlgorithm(),
              userCredentials.getHashUserDomainPassword(), authHeader.getNonce(), nc_value// JvB added
                cnonce// JvB added
                methodurirequestBodyqop,.getStackLogger());// jvb changed
        AuthorizationHeader authorization = null;
        try {
            if (authHeader instanceof ProxyAuthenticateHeader) {
                authorization = .createProxyAuthorizationHeader(authHeader
                        .getScheme());
            } else {
                authorization = .createAuthorizationHeader(authHeader.getScheme());
            }
            authorization.setUsername(userCredentials.getUserName());
            authorization.setRealm(authHeader.getRealm());
            authorization.setNonce(authHeader.getNonce());
            authorization.setParameter("uri"uri);
            authorization.setResponse(response);
            if (authHeader.getAlgorithm() != null) {
                authorization.setAlgorithm(authHeader.getAlgorithm());
            }
            if (authHeader.getOpaque() != null) {
                authorization.setOpaque(authHeader.getOpaque());
            }
            // jvb added
            if (qop != null) {
                authorization.setQop(qop);
                authorization.setCNonce(cnonce);
                authorization.setNonceCount(Integer.parseInt(nc_value));
            }
            authorization.setResponse(response);
        } catch (ParseException ex) {
            throw new RuntimeException("Failed to create an authorization header!");
        }
        return authorization;
    }
    
Removes all via headers from request and replaces them with a new one, equal to the one that was top most.

Parameters:
request the Request whose branchID we'd like to remove.
    private void removeBranchID(Request request) {
        ViaHeader viaHeader = (ViaHeaderrequest.getHeader(.);
        viaHeader.removeParameter("branch");
    }
    /*
     * (non-Javadoc)
     *
     * @see gov.nist.javax.sip.clientauthutils.AuthenticationHelper#attachAuthenticationHeaders(javax.sip.message.Request)
     */
    public void setAuthenticationHeaders(Request request) {
        SIPRequest sipRequest = (SIPRequestrequest;
        String callId = sipRequest.getCallId().getCallId();
        request.removeHeader(.);
        Collection<AuthorizationHeaderauthHeaders = this.
                .getCachedAuthorizationHeaders(callId);
        if (authHeaders == null) {
        	if (.isLoggingEnabled())
        		.getStackLogger().logDebug(
                    "Could not find authentication headers for " + callId);
            return;
        }
        for (AuthorizationHeader authHeader : authHeaders) {
            request.addHeader(authHeader);
        }
    }
    /*
     * (non-Javadoc)
     *
     * @see gov.nist.javax.sip.clientauthutils.AuthenticationHelper#removeCachedAuthenticationHeaders(java.lang.String)
     */
    public void removeCachedAuthenticationHeaders(String callId) {
        if (callId == null)
            throw new NullPointerException("Null callId argument ");
        this..removeAuthenticationHeader(callId);
    }
New to GrepCode? Check out our FAQ X