1d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** 2d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * $RCSfile$ 3d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * $Revision$ 4d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * $Date$ 5d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 6d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 7d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); 8d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * you may not use this file except in compliance with the License. 9d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * You may obtain a copy of the License at 10d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 11d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * http://www.apache.org/licenses/LICENSE-2.0 12d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 13d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Unless required by applicable law or agreed to in writing, software 14d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * distributed under the License is distributed on an "AS IS" BASIS, 15d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * See the License for the specific language governing permissions and 17d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * limitations under the License. 18d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen */ 19d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 20d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpackage org.jivesoftware.smack.sasl; 21d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 22d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenimport org.jivesoftware.smack.SASLAuthentication; 23d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 24d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** 25d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Implementation of the SASL EXTERNAL mechanism. 26d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 27d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * To effectively use this mechanism, Java must be configured to properly 28d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * supply a client SSL certificate (of some sort) to the server. It is up 29d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * to the implementer to determine how to do this. Here is one method: 30d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 31d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Create a java keystore with your SSL certificate in it: 32d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * keytool -genkey -alias username -dname "cn=username,ou=organizationalUnit,o=organizationaName,l=locality,s=state,c=country" 33d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 34d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Next, set the System Properties: 35d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * <ul> 36d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * <li>javax.net.ssl.keyStore to the location of the keyStore 37d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * <li>javax.net.ssl.keyStorePassword to the password of the keyStore 38d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * <li>javax.net.ssl.trustStore to the location of the trustStore 39d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * <li>javax.net.ssl.trustStorePassword to the the password of the trustStore 40d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * </ul> 41d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 42d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Then, when the server requests or requires the client certificate, java will 43d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * simply provide the one in the keyStore. 44d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 45d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Also worth noting is the EXTERNAL mechanism in Smack is not enabled by default. 46d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * To enable it, the implementer will need to call SASLAuthentication.supportSASLMechamism("EXTERNAL"); 47d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 48d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * @author Jay Kline 49d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen */ 50d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic class SASLExternalMechanism extends SASLMechanism { 51d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 52d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public SASLExternalMechanism(SASLAuthentication saslAuthentication) { 53d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen super(saslAuthentication); 54d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen } 55d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 56d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen protected String getName() { 57d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen return "EXTERNAL"; 58d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen } 59d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 60