📄 sipsecuritymanager.java
字号:
ccEntryHasSeenTran = ccEntry.processResponse(branchID);
//get a new pass
if(ccEntry == null // we don't have credentials for the relm
|| ( (!authHeader.isStale() && ccEntryHasSeenTran))) // we have already tried with those and this is (!stale) not just a request to reencode
{
console.debug(
"We don't seem to have a good pass! Get one.");
if(ccEntry == null)
ccEntry = new CredentialsCacheEntry();
ccEntry.userCredentials =
getSecurityAuthority().obtainCredentials(
realm,
defaultCredentials);
}
//encode and send what we have
else if(ccEntry != null
&&( !ccEntryHasSeenTran || authHeader.isStale()))
{
console.debug(
"We seem to have a pass in the cache. Let's try with it.");
}
//if user canceled or sth else went wrong
if(ccEntry.userCredentials == null)
throw new SecurityException(
"Unable to authenticate with realm " + realm);
AuthorizationHeader authorization =
this.getAuthorization(
reoriginatedRequest.getMethod(),
reoriginatedRequest.getRequestURI().toString(),
reoriginatedRequest.getContent()==null?"":reoriginatedRequest.getContent().toString(),
authHeader,
ccEntry.userCredentials);
ccEntry.processRequest(retryTran.getBranchId());
cachedCredentials.cacheEntry(realm, ccEntry);
reoriginatedRequest.addHeader(authorization);
//if there was trouble with the user - make sure we fix it
if(uri.isSipURI())
{
((SipURI)uri).setUser(ccEntry.userCredentials.getUserName());
Address add = from.getAddress();
add.setURI(uri);
from.setAddress(add);
reoriginatedRequest.setHeader(from);
if(challengedRequest.getMethod().equals(Request.REGISTER))
{
ToHeader to =
(ToHeader)reoriginatedRequest.getHeader(ToHeader.NAME);
add.setURI(uri);
to.setAddress(add);
reoriginatedRequest.setHeader(to);
}
//very ugly but very necessary
sipManCallback.setCurrentlyUsedURI( uri.toString());
}
//if this is a register - fix to as well
}
CSeqHeader cSeq =
(CSeqHeader) reoriginatedRequest.getHeader( (CSeqHeader.NAME));
cSeq.setSequenceNumber(cSeq.getSequenceNumber() + 1);
return retryTran;
}
finally
{
console.logExit();
}
}
/**
* Sets the SecurityAuthority instance that should be queried for user
* credentials.
*
* @param authority the SecurityAuthority instance that should be queried
* for user credentials.
*/
public void setSecurityAuthority(SecurityAuthority authority)
{
this.securityAuthority = authority;
}
/**
* Returns the SecurityAuthority instance that SipSecurityManager uses to
* obtain user credentials.
*
* @param authority the SecurityAuthority instance that SipSecurityManager
* uses to obtain user credentials.
*/
public SecurityAuthority getSecurityAuthority()
{
return this.securityAuthority;
}
/**
* Generates an authorisation header in response to wwwAuthHeader.
*
* @param method method of the request being authenticated
* @param uri digest-uri
* @param wwwAuthHeader the challenge that we should respond to
* @param userCredentials username and pass
* @return an authorisation header in response to wwwAuthHeader.
*/
private AuthorizationHeader getAuthorization(String method,
String uri,
String requestBody,
WWWAuthenticateHeader authHeader,
UserCredentials userCredentials)
throws SecurityException
{
String response = null;
try
{
response = MessageDigestAlgorithm.calculateResponse(
authHeader.getAlgorithm(),
userCredentials.getUserName(),
authHeader.getRealm(),
new String(userCredentials.getPassword()),
authHeader.getNonce(),
//TODO we should one day implement those two null-s
null,//nc-value
null,//cnonce
method,
uri,
requestBody,
authHeader.getQop());
}catch(NullPointerException exc)
{
throw new SecurityException("The authenticate header was malformatted");
}
AuthorizationHeader authorization = null;
try {
if (authHeader instanceof ProxyAuthenticateHeader) {
authorization = headerFactory.createProxyAuthorizationHeader(
authHeader.getScheme());
}
else {
authorization = headerFactory.createAuthorizationHeader(authHeader.getScheme());
}
authorization.setUsername(userCredentials.getUserName());
authorization.setRealm(authHeader.getRealm());
authorization.setNonce(authHeader.getNonce());
authorization.setParameter("uri",uri);
authorization.setResponse(response);
if( authHeader.getAlgorithm() != null)
authorization.setAlgorithm(authHeader.getAlgorithm());
if( authHeader.getOpaque() != null)
authorization.setOpaque(authHeader.getOpaque());
authorization.setResponse(response);
}
catch (ParseException ex) {
throw new
SecurityException("Failed to create an authorization header!");
}
return authorization;
}
public void cacheCredentials(String realm, UserCredentials credentials)
{
CredentialsCacheEntry ccEntry = new CredentialsCacheEntry();
ccEntry.userCredentials = credentials;
this.cachedCredentials.cacheEntry(realm, ccEntry);
}
/**
* Sets a valid SipProvider that would enable the security manager to map
* credentials to transactionsand thus understand when it is suitable
* to use cached passwords and when it should go ask the user.
* @param transactionCreator a valid SipProvder instance
*/
public void setTransactionCreator(SipProvider transactionCreator)
{
this.transactionCreator = transactionCreator;
}
/**
* If the user name was wrong and the user fixes it here we should
* als notify the sip manager that the currentlyUsedURI it has
* is not valid.
* @param sipManCallback a valid instance of SipMaqnager
*/
public void setSipManCallback(SipManager sipManCallback)
{
this.sipManCallback = sipManCallback;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -