/*
* Copyright (c) 2008-2009, Motorola, Inc.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* - Neither the name of the Motorola, Inc. nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
package javax.obex;
import java.io.IOException;
/**
* The <code>ObexSession</code> interface characterizes the term
* "OBEX Connection" as defined in the IrDA Object Exchange Protocol v1.2, which
* could be the server-side view of an OBEX connection, or the client-side view
* of the same connection, which is established by server's accepting of a
* client issued "CONNECT".
* <P>
* This interface serves as the common super class for
* <CODE>ClientSession</CODE> and <CODE>ServerSession</CODE>.
* @hide
*/
public class ObexSession {
protected Authenticator mAuthenticator;
protected byte[] mChallengeDigest;
/**
* Called when the server received an authentication challenge header. This
* will cause the authenticator to handle the authentication challenge.
* @param header the header with the authentication challenge
* @return <code>true</code> if the last request should be resent;
* <code>false</code> if the last request should not be resent
* @throws IOException
*/
public boolean handleAuthChall(HeaderSet header) throws IOException {
if (mAuthenticator == null) {
return false;
}
/*
* An authentication challenge is made up of one required and two
* optional tag length value triplets. The tag 0x00 is required to be in
* the authentication challenge and it represents the challenge digest
* that was received. The tag 0x01 is the options tag. This tag tracks
* if user ID is required and if full access will be granted. The tag
* 0x02 is the realm, which provides a description of which user name
* and password to use.
*/
byte[] challenge = ObexHelper.getTagValue((byte)0x00, header.mAuthChall);
byte[] option = ObexHelper.getTagValue((byte)0x01, header.mAuthChall);
byte[] description = ObexHelper.getTagValue((byte)0x02, header.mAuthChall);
String realm = null;
if (description != null) {
byte[] realmString = new byte[description.length - 1];
System.arraycopy(description, 1, realmString, 0, realmString.length);
switch (description[0] & 0xFF) {
case ObexHelper.OBEX_AUTH_REALM_CHARSET_ASCII:
// ASCII encoding
// Fall through
case ObexHelper.OBEX_AUTH_REALM_CHARSET_ISO_8859_1:
// ISO-8859-1 encoding
try {
realm = new String(realmString, "ISO8859_1");
} catch (Exception e) {
throw new IOException("Unsupported Encoding Scheme");
}
break;
case ObexHelper.OBEX_AUTH_REALM_CHARSET_UNICODE:
// UNICODE Encoding
realm = ObexHelper.convertToUnicode(realmString, false);
break;
default:
throw new IOException("Unsupported Encoding Scheme");
}
}
boolean isUserIDRequired = false;
boolean isFullAccess = true;
if (option != null) {
if ((option[0] & 0x01) != 0) {
isUserIDRequired = true;
}
if ((option[0] & 0x02) != 0) {
isFullAccess = false;
}
}
PasswordAuthentication result = null;
header.mAuthChall = null;
try {
result = mAuthenticator
.onAuthenticationChallenge(realm, isUserIDRequired, isFullAccess);
} catch (Exception e) {
return false;
}
/*
* If no password is provided then we not resent the request
*/
if (result == null) {
return false;
}
byte[] password = result.getPassword();
if (password == null) {
return false;
}
byte[] userName = result.getUserName();
/*
* Create the authentication response header. It includes 1 required and
* 2 option tag length value triples. The required triple has a tag of
* 0x00 and is the response digest. The first optional tag is 0x01 and
* represents the user ID. If no user ID is provided, then no user ID
* will be sent. The second optional tag is 0x02 and is the challenge
* that was received. This will always be sent
*/
if (userName != null) {
header.mAuthResp = new byte[38 + userName.length];
header.mAuthResp[36] = (byte)0x01;
header.mAuthResp[37] = (byte)userName.length;
System.arraycopy(userName, 0, header.mAuthResp, 38, userName.length);
} else {
header.mAuthResp = new byte[36];
}
// Create the secret String
byte[] digest = new byte[challenge.length + password.length + 1];
System.arraycopy(challenge, 0, digest, 0, challenge.length);
// Insert colon between challenge and password
digest[challenge.length] = (byte)0x3A;
System.arraycopy(password, 0, digest, challenge.length + 1, password.length);
// Add the Response Digest
header.mAuthResp[0] = (byte)0x00;
header.mAuthResp[1] = (byte)0x10;
System.arraycopy(ObexHelper.computeMd5Hash(digest), 0, header.mAuthResp, 2, 16);
// Add the challenge
header.mAuthResp[18] = (byte)0x02;
header.mAuthResp[19] = (byte)0x10;
System.arraycopy(challenge, 0, header.mAuthResp, 20, 16);
return true;
}
/**
* Called when the server received an authentication response header. This
* will cause the authenticator to handle the authentication response.
* @param authResp the authentication response
* @return <code>true</code> if the response passed; <code>false</code> if
* the response failed
*/
public boolean handleAuthResp(byte[] authResp) {
if (mAuthenticator == null) {
return false;
}
// get the correct password from the application
byte[] correctPassword = mAuthenticator.onAuthenticationResponse(ObexHelper.getTagValue(
(byte)0x01, authResp));
if (correctPassword == null) {
return false;
}
byte[] temp = new byte[correctPassword.length + 16];
System.arraycopy(mChallengeDigest, 0, temp, 0, 16);
System.arraycopy(correctPassword, 0, temp, 16, correctPassword.length);
byte[] correctResponse = ObexHelper.computeMd5Hash(temp);
byte[] actualResponse = ObexHelper.getTagValue((byte)0x00, authResp);
// compare the MD5 hash array .
for (int i = 0; i < 16; i++) {
if (correctResponse[i] != actualResponse[i]) {
return false;
}
}
return true;
}
}