sipsecuritymanager.java
来自「java 开发的sip软电话 源码 jain sip」· Java 代码 · 共 445 行 · 第 1/2 页
JAVA
445 行
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* Portions of this software are based upon public domain software
* originally written at the National Center for Supercomputing Applications,
* University of Illinois, Urbana-Champaign.
*/
package net.java.mais.sip.security;
import java.text.ParseException;
import java.util.ListIterator;
import javax.sip.ClientTransaction;
import javax.sip.InvalidArgumentException;
import javax.sip.SipException;
import javax.sip.SipProvider;
import javax.sip.address.Address;
import javax.sip.address.SipURI;
import javax.sip.address.URI;
import javax.sip.header.AuthorizationHeader;
import javax.sip.header.CSeqHeader;
import javax.sip.header.FromHeader;
import javax.sip.header.HeaderFactory;
import javax.sip.header.ProxyAuthenticateHeader;
import javax.sip.header.ProxyAuthorizationHeader;
import javax.sip.header.ToHeader;
import javax.sip.header.WWWAuthenticateHeader;
import javax.sip.message.Request;
import javax.sip.message.Response;
import net.java.mais.common.PropertiesDepot;
import net.java.mais.sip.SipManager;
/**
* <p>Title: Netsite TudoMais</p>
* <p>Description:JAIN-SIP Audio/Video phone application</p>
* <p>Copyright: Copyright (c) 2006</p>
* <p>Organisation: CTBC Telecom / Netsite </p>
* @author Thiago Rocha Camargo (barata7@yahoo.com)
*/
/**
* The class handles authentication challenges, caches user credentials and
* takes care (through the SecurityAuthority interface) about retrieving
* passwords.
*
* @author Emil Ivov <emcho@dev.java.net>
* @version 1.0
*/
public class SipSecurityManager
{
private SecurityAuthority securityAuthority = null;
private HeaderFactory headerFactory = null;
private SipProvider transactionCreator = null;
private SipManager sipManCallback = null;
/**
* Credentials cached so far.
*/
CredentialsCache cachedCredentials = new CredentialsCache();
public SipSecurityManager()
{
}
/**
* set the header factory to be used when creating authorization headers
*/
public void setHeaderFactory(HeaderFactory headerFactory)
{
try{
this.headerFactory = headerFactory;
}
finally
{
}
}
/**
* Verifies whether there are any user credentials registered for the call
* that "request" belongs to and appends corresponding authorization headers
* if that is the case.
*
* @param request the request that needs to be attached credentials.
*/
public void appendCredentialsIfNecessary(Request request)
{
//TODO IMPLEMENT
}
/**
* Uses securityAuthority to determinie a set of valid user credentials
* for the specified Response (Challenge) and appends it to the challenged
* request so that it could be retransmitted.
*
* Fredrik Wickstrom reported that dialog cseq counters are not incremented
* when resending requests. He later uncovered additional problems and proposed
* a way to fix them (his proposition was taken into account).
*
* @param challenge the 401/407 challenge response
* @param challengedTransaction the transaction established by the challenged
* request
*
* @return a transaction containing a reoriginated request with the
* necessary authorization header.
* @throws SipSecurityException
*/
public ClientTransaction handleChallenge(Response challenge,
ClientTransaction challengedTransaction)
throws SipSecurityException, SipException, InvalidArgumentException, ParseException
{
try{
String branchID = challengedTransaction.getBranchId();
Request challengedRequest = challengedTransaction.getRequest();
Request reoriginatedRequest = (Request)challengedRequest.clone();
ListIterator authHeaders = null;
if(challenge == null || reoriginatedRequest == null)
throw new NullPointerException(
"A null argument was passed to handle challenge.");
// CallIdHeader callId =
// (CallIdHeader)challenge.getHeader(CallIdHeader.NAME);
if (challenge.getStatusCode() == Response.UNAUTHORIZED)
authHeaders = challenge.getHeaders(WWWAuthenticateHeader.NAME);
else if(challenge.getStatusCode() == Response.PROXY_AUTHENTICATION_REQUIRED)
authHeaders = challenge.getHeaders(ProxyAuthenticateHeader.NAME);
if(authHeaders == null)
throw new SecurityException(
"Could not find WWWAuthenticate or ProxyAuthenticate headers");
//Remove all authorization headers from the request (we'll re-add them
//from cache)
reoriginatedRequest.removeHeader(AuthorizationHeader.NAME);
reoriginatedRequest.removeHeader(ProxyAuthorizationHeader.NAME);
//rfc 3261 says that the cseq header should be augmented for the new
//request. do it here so that the new dialog (created together with
//the new client transaction) takes it into account.
//Bug report - Fredrik Wickstrom
CSeqHeader cSeq =
(CSeqHeader) reoriginatedRequest.getHeader( (CSeqHeader.NAME));
cSeq.setSequenceNumber(cSeq.getSequenceNumber() + 1);
ClientTransaction retryTran =
transactionCreator.getNewClientTransaction(reoriginatedRequest);
WWWAuthenticateHeader authHeader = null;
CredentialsCacheEntry ccEntry = null;
while(authHeaders.hasNext())
{
authHeader = (WWWAuthenticateHeader)authHeaders.next();
String realm = authHeader.getRealm();
//Check whether we have cached credentials for authHeader's realm
//make sure that if such credentials exist they get removed. The
//challenge means that there's something wrong with them.
ccEntry =
(CredentialsCacheEntry)cachedCredentials.remove(realm);
//Try to guess user name and facilitate user
UserCredentials defaultCredentials = new UserCredentials();
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?