sipsecuritymanager.java

jtapi for telephone

/* ====================================================================
 * The Apache Software License, Version 1.1
 *
 * Copyright (c) 2000 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Apache" and "Apache Software Foundation" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache",
 *    nor may "Apache" appear in their name, without prior written
 *    permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 * Large portions of this software are based upon public domain software
 * https://sip-communicator.dev.java.net/
 *
 */

package net.sourceforge.gjtapi.raw.sipprovider.sip.security;

import javax.sip.*;
import javax.sip.message.*;
import javax.sip.address.*;
import javax.sip.header.*;

import java.util.ListIterator;
import java.util.Properties;

import net.sourceforge.gjtapi.raw.sipprovider.common.Console;
import net.sourceforge.gjtapi.raw.sipprovider.sip.SipManager;
import java.text.*;
import javax.sip.InvalidArgumentException;

/**
 * The class handles authentication challenges, caches user credentials and
 * takes care (through the SecurityAuthority interface) about retrieving
 * passwords.
 *
 * @author Emil Ivov <emcho@dev.java.net>
 * @version 1.0
 */

public class SipSecurityManager
{
    private static final Console console = Console.getConsole(SipSecurityManager.class);

    private SecurityAuthority securityAuthority = null;
    private HeaderFactory     headerFactory = null;
    private SipProvider       transactionCreator = null;
    private SipManager        sipManCallback = null;
    private Properties sipProp;

    /**
     * Credentials cached so far.
     */
    CredentialsCache cachedCredentials = new CredentialsCache();




    public SipSecurityManager(Properties sipProp)
     {
        this.sipProp = new Properties() ;
        this.sipProp.putAll(sipProp);

    }

    /**
     * set the header factory to be used when creating authorization headers
     */
    public void setHeaderFactory(HeaderFactory headerFactory)
    {
        try{
            console.logEntry();

            this.headerFactory = headerFactory;
        }
        finally
        {
            console.logExit();
        }

    }

    /**
     * Verifies whether there are any user credentials registered for the call
     * that "request" belongs to and appends corresponding authorization headers
     * if that is the case.
     *
     * @param request the request that needs to be attached credentials.
     */
    public void appendCredentialsIfNecessary(Request request)
    {
        //TODO IMPLEMENT
    }

    /**
     * Uses securityAuthority to determinie a set of valid user credentials
     * for the specified Response (Challenge) and appends it to the challenged
     * request so that it could be retransmitted.
     *
     * @param challenge the 401/407 challenge response
     * @param challenged the request that caused the challenge and that is to be
     * retransmitted
     * @return the reoriginated request
     * @throws SipSecurityException
     */
    public ClientTransaction handleChallenge(Response challenge,
                                   String branchID,
                                   Request challengedRequest)
        throws SipSecurityException, SipException, InvalidArgumentException, ParseException
    {
       try{
            console.logEntry();

            Request reoriginatedRequest = (Request)challengedRequest.clone();

            ListIterator authHeaders = null;

            if(challenge == null || reoriginatedRequest == null)
                throw new NullPointerException(
                    "A null argument was passed to handle challenge.");

//            CallIdHeader callId =
//                        (CallIdHeader)challenge.getHeader(CallIdHeader.NAME);

            if (challenge.getStatusCode() == Response.UNAUTHORIZED)
                authHeaders = challenge.getHeaders(WWWAuthenticateHeader.NAME);
            else if(challenge.getStatusCode() == Response.PROXY_AUTHENTICATION_REQUIRED)
                authHeaders = challenge.getHeaders(ProxyAuthenticateHeader.NAME);

            if(authHeaders == null)
                throw new SecurityException(
                    "Could not find WWWAuthenticate or ProxyAuthenticate headers");

            //Remove all authorization headers from the request (we'll re-add them
            //from cache)
            reoriginatedRequest.removeHeader(AuthorizationHeader.NAME);
            reoriginatedRequest.removeHeader(ProxyAuthorizationHeader.NAME);

            ClientTransaction retryTran =
                transactionCreator.getNewClientTransaction(reoriginatedRequest);

            WWWAuthenticateHeader authHeader = null;
            while(authHeaders.hasNext())
            {
                authHeader = (WWWAuthenticateHeader)authHeaders.next();
                String realm = authHeader.getRealm();

                //Check whether we have cached credentials for authHeader's realm
                //make sure that if such credentials exist they get removed. The
                //challenge means that there's something wrong with them.
                CredentialsCacheEntry ccEntry =
                    (CredentialsCacheEntry)cachedCredentials.remove(realm);

                //Try to guess user name and facilitate user
                UserCredentials defaultCredentials = new UserCredentials();
                FromHeader from =
                    (FromHeader)reoriginatedRequest.getHeader(FromHeader.NAME);
                URI uri = from.getAddress().getURI();
                if (uri.isSipURI())
                {
                    String user =  ((SipURI) uri).getUser();
                        defaultCredentials.setUserName(
                           user == null
                            ? this.sipProp.getProperty("net.java.sip.communicator.sip.USER_NAME")
                           : user);
                    }

                boolean ccEntryHasSeenTran = false;

                if(ccEntry !=null)