Authenticator.java revision 3998bf009acaf8cde4d7f837f8b8e41ae0a65141 
1/*
2 * Copyright (c) 2008-2009, Motorola, Inc.
3 *
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * - Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 *
12 * - Redistributions in binary form must reproduce the above copyright notice,
13 * this list of conditions and the following disclaimer in the documentation
14 * and/or other materials provided with the distribution.
15 *
16 * - Neither the name of the Motorola, Inc. nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33package javax.obex;
34
35/**
36 * This interface provides a way to respond to authentication challenge and
37 * authentication response headers.  When a client or server receives an
38 * authentication challenge or authentication response header, the
39 * <code>onAuthenticationChallenge()</code> or
40 * <code>onAuthenticationResponse()</code> will be called, respectively, by
41 * the implementation.
42 * <P>
43 * For more information on how the authentication procedure works in OBEX,
44 * please review the IrOBEX specification at
45 * <A HREF="http://www.irda.org">http://www.irda.org</A>.
46 * <P>
47 * <STRONG>Authentication Challenges</STRONG>
48 * <P>
49 * When a client or server receives an authentication challenge header, the
50 * <code>onAuthenticationChallenge()</code> method will be invoked by the
51 * OBEX API implementation.  The application will then return the user name
52 * (if needed) and password via a <code>PasswordAuthentication</code> object.
53 * The password in this object is not sent in the authentication response.
54 * Instead, the 16-byte challenge received in the authentication challenge is
55 * combined with the password returned from the
56 * <code>onAuthenticationChallenge()</code> method and passed through the MD5
57 * hash algorithm.  The resulting value is sent in the authentication response
58 * along with the user name if it was provided.
59 * <P>
60 * <STRONG>Authentication Responses</STRONG>
61 * <P>
62 * When a client or server receives an authentication response header, the
63 * <code>onAuthenticationResponse()</code> method is invoked by the API
64 * implementation with the user name received in the authentication response
65 * header.  (The user name will be <code>null</code> if no user name was
66 * provided in the authentication response header.)  The application must
67 * determine the correct password.  This value should be returned from the
68 * <code>onAuthenticationResponse()</code> method.  If the authentication
69 * request should fail without the implementation checking the password,
70 * <code>null</code> should
71 * be returned by the application.  (This is needed for reasons like not
72 * recognizing the user name, etc.)  If the returned value is not
73 * <code>null</code>, the OBEX API implementation will combine the password
74 * returned from the <code>onAuthenticationResponse()</code> method and
75 * challenge sent via the authentication challenge, apply the MD5 hash
76 * algorithm, and compare the result to the response hash received in the
77 * authentication response header.  If the values are not equal, an
78 * <code>IOException</code> will be thrown if the client requested authentication.
79 * If the server requested authentication, the
80 * <code>onAuthenticationFailure()</code> method will be called on the
81 * <code>ServerRequestHandler</code> that failed authentication.  The
82 * connection is <B>not</B> closed if authentication failed.
83 *
84 * @hide
85 */
86public interface Authenticator {
87
88    /**
89     * Called when a client or a server receives an authentication challenge
90     * header. It should respond to the challenge with a
91     * <code>PasswordAuthentication</code> that contains the correct user name
92     * and password for the challenge.
93     *
94     * @param description the description of which user name and password
95     * should be used; if no description is provided in the authentication
96     * challenge or the description is encoded in an encoding scheme that is
97     * not supported, an empty string will be provided
98     *
99     * @param isUserIdRequired <code>true</code> if the user ID is required;
100     * <code>false</code> if the user ID is not required
101     *
102     * @param isFullAccess <code>true</code> if full access to the server
103     * will be granted; <code>false</code> if read only access will be
104     * granted
105     *
106     * @return a <code>PasswordAuthentication</code> object containing the
107     * user name and password used for authentication
108     */
109    PasswordAuthentication onAuthenticationChallenge(String description, boolean isUserIdRequired,
110            boolean isFullAccess);
111
112    /**
113     * Called when a client or server receives an authentication response
114     * header.  This method will provide the user name and expect the correct
115     * password to be returned.
116     *
117     * @param userName the user name provided in the authentication response;
118     * may be <code>null</code>
119     *
120     * @return the correct password for the user name provided; if
121     * <code>null</code> is returned then the authentication request failed
122     */
123    byte[] onAuthenticationResponse(byte[] userName);
124}
125