Authenticator.java revision 9439a7fe517b858bc5e5c654b459315e4722feb2
1/* 2 * Copyright (c) 2008-2009, Motorola, Inc. 3 * 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * - Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * - Redistributions in binary form must reproduce the above copyright notice, 13 * this list of conditions and the following disclaimer in the documentation 14 * and/or other materials provided with the distribution. 15 * 16 * - Neither the name of the Motorola, Inc. nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33package javax.obex; 34 35/** 36 * This interface provides a way to respond to authentication challenge and 37 * authentication response headers. When a client or server receives an 38 * authentication challenge or authentication response header, the 39 * <code>onAuthenticationChallenge()</code> or 40 * <code>onAuthenticationResponse()</code> will be called, respectively, by 41 * the implementation. 42 * <P> 43 * For more information on how the authentication procedure works in OBEX, 44 * please review the IrOBEX specification at 45 * <A HREF="http://www.irda.org">http://www.irda.org</A>. 46 * <P> 47 * <STRONG>Authentication Challenges</STRONG> 48 * <P> 49 * When a client or server receives an authentication challenge header, the 50 * <code>onAuthenticationChallenge()</code> method will be invoked by the 51 * OBEX API implementation. The application will then return the user name 52 * (if needed) and password via a <code>PasswordAuthentication</code> object. 53 * The password in this object is not sent in the authentication response. 54 * Instead, the 16-byte challenge received in the authentication challenge is 55 * combined with the password returned from the 56 * <code>onAuthenticationChallenge()</code> method and passed through the MD5 57 * hash algorithm. The resulting value is sent in the authentication response 58 * along with the user name if it was provided. 59 * <P> 60 * <STRONG>Authentication Responses</STRONG> 61 * <P> 62 * When a client or server receives an authentication response header, the 63 * <code>onAuthenticationResponse()</code> method is invoked by the API 64 * implementation with the user name received in the authentication response 65 * header. (The user name will be <code>null</code> if no user name was 66 * provided in the authentication response header.) The application must 67 * determine the correct password. This value should be returned from the 68 * <code>onAuthenticationResponse()</code> method. If the authentication 69 * request should fail without the implementation checking the password, 70 * <code>null</code> should 71 * be returned by the application. (This is needed for reasons like not 72 * recognizing the user name, etc.) If the returned value is not 73 * <code>null</code>, the OBEX API implementation will combine the password 74 * returned from the <code>onAuthenticationResponse()</code> method and 75 * challenge sent via the authentication challenge, apply the MD5 hash 76 * algorithm, and compare the result to the response hash received in the 77 * authentication response header. If the values are not equal, an 78 * <code>IOException</code> will be thrown if the client requested authentication. 79 * If the server requested authentication, the 80 * <code>onAuthenticationFailure()</code> method will be called on the 81 * <code>ServerRequestHandler</code> that failed authentication. The 82 * connection is <B>not</B> closed if authentication failed. 83 * 84 * @version 0.3 November 28, 2008 85 */ 86public interface Authenticator { 87 88 /** 89 * Called when a client or a server receives an authentication challenge 90 * header. It should respond to the challenge with a 91 * <code>PasswordAuthentication</code> that contains the correct user name 92 * and password for the challenge. 93 * 94 * @param description the description of which user name and password 95 * should be used; if no description is provided in the authentication 96 * challenge or the description is encoded in an encoding scheme that is 97 * not supported, an empty string will be provided 98 * 99 * @param isUserIdRequired <code>true</code> if the user ID is required; 100 * <code>false</code> if the user ID is not required 101 * 102 * @param isFullAccess <code>true</code> if full access to the server 103 * will be granted; <code>false</code> if read only access will be 104 * granted 105 * 106 * @return a <code>PasswordAuthentication</code> object containing the 107 * user name and password used for authentication 108 */ 109 public PasswordAuthentication onAuthenticationChallenge(String description, 110 boolean isUserIdRequired, boolean isFullAccess); 111 112 /** 113 * Called when a client or server receives an authentication response 114 * header. This method will provide the user name and expect the correct 115 * password to be returned. 116 * 117 * @param userName the user name provided in the authentication response; 118 * may be <code>null</code> 119 * 120 * @return the correct password for the user name provided; if 121 * <code>null</code> is returned then the authentication request failed 122 */ 123 public byte[] onAuthenticationResponse(byte[] userName); 124} 125