1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
package eu.siacs.conversations.crypto.sasl;
import com.google.common.base.Strings;
import java.util.Collection;
import javax.net.ssl.SSLSocket;
import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.xml.Element;
import eu.siacs.conversations.xml.Namespace;
public abstract class SaslMechanism {
protected final Account account;
protected SaslMechanism(final Account account) {
this.account = account;
}
public static String namespace(final Version version) {
if (version == Version.SASL) {
return Namespace.SASL;
} else {
return Namespace.SASL_2;
}
}
/**
* The priority is used to pin the authentication mechanism. If authentication fails, it MAY be
* retried with another mechanism of the same priority, but MUST NOT be tried with a mechanism
* of lower priority (to prevent downgrade attacks).
*
* @return An arbitrary int representing the priority
*/
public abstract int getPriority();
public abstract String getMechanism();
public String getClientFirstMessage() {
return "";
}
public String getResponse(final String challenge, final SSLSocket sslSocket)
throws AuthenticationException {
return "";
}
protected enum State {
INITIAL,
AUTH_TEXT_SENT,
RESPONSE_SENT,
VALID_SERVER_RESPONSE,
}
public enum Version {
SASL,
SASL_2;
public static Version of(final Element element) {
switch (Strings.nullToEmpty(element.getNamespace())) {
case Namespace.SASL:
return SASL;
case Namespace.SASL_2:
return SASL_2;
default:
throw new IllegalArgumentException("Unrecognized SASL namespace");
}
}
}
public static class AuthenticationException extends Exception {
public AuthenticationException(final String message) {
super(message);
}
public AuthenticationException(final Exception inner) {
super(inner);
}
public AuthenticationException(final String message, final Exception exception) {
super(message, exception);
}
}
public static class InvalidStateException extends AuthenticationException {
public InvalidStateException(final String message) {
super(message);
}
public InvalidStateException(final State state) {
this("Invalid state: " + state.toString());
}
}
public static final class Factory {
private final Account account;
public Factory(final Account account) {
this.account = account;
}
public SaslMechanism of(
final Collection<String> mechanisms, final Collection<ChannelBinding> bindings) {
final ChannelBinding channelBinding = ChannelBinding.best(bindings);
if (mechanisms.contains(External.MECHANISM) && account.getPrivateKeyAlias() != null) {
return new External(account);
} else if (mechanisms.contains(ScramSha512Plus.MECHANISM) && channelBinding != null) {
return new ScramSha512Plus(account, channelBinding);
} else if (mechanisms.contains(ScramSha256Plus.MECHANISM) && channelBinding != null) {
return new ScramSha256Plus(account, channelBinding);
} else if (mechanisms.contains(ScramSha1Plus.MECHANISM) && channelBinding != null) {
return new ScramSha1Plus(account, channelBinding);
} else if (mechanisms.contains(ScramSha512.MECHANISM)) {
return new ScramSha512(account);
} else if (mechanisms.contains(ScramSha256.MECHANISM)) {
return new ScramSha256(account);
} else if (mechanisms.contains(ScramSha1.MECHANISM)) {
return new ScramSha1(account);
} else if (mechanisms.contains(Plain.MECHANISM)
&& !account.getServer().equals("nimbuzz.com")) {
return new Plain(account);
} else if (mechanisms.contains(DigestMd5.MECHANISM)) {
return new DigestMd5(account);
} else if (mechanisms.contains(Anonymous.MECHANISM)) {
return new Anonymous(account);
} else {
return null;
}
}
}
}
|
