org.mobicents.servlet.sip.security.authentication
Class DigestAuthenticator

java.lang.Object
  org.mobicents.servlet.sip.security.authentication.AuthenticatorBase
      org.mobicents.servlet.sip.security.authentication.DigestAuthenticator

All Implemented Interfaces:

org.apache.catalina.Authenticator

public class DigestAuthenticator
extends AuthenticatorBase

An Authenticator and Valve implementation of HTTP DIGEST Authentication (see RFC 2069). Modified for SIP authentication.

Author:

Craig R. McClanahan, Remy Maucherat, Vladimir Ralev

Field Summary

protected static java.lang.String	INFO Descriptive information about this implementation.
protected java.lang.String	key Private key.
protected static java.security.MessageDigest	md5Helper MD5 message digest provider.

Fields inherited from class org.mobicents.servlet.sip.security.authentication.AuthenticatorBase

algorithm, cache, context, DEFAULT_ALGORITHM, digest, entropy, random, randomClass, STRING_MANAGER

Constructor Summary

DigestAuthenticator()

Method Summary

boolean	authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config)
boolean	authenticate(SipServletRequestImpl request, SipServletResponseImpl response, SipLoginConfig config) Authenticate the user making this request, based on the specified login configuration.
protected static java.security.Principal	findPrincipal(SipServletRequestImpl request, java.lang.String authorization, org.apache.catalina.Realm realm) Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm.
protected java.lang.String	generateNOnce(SipServletRequestImpl request) Generate a unique token.
static javax.sip.header.AuthorizationHeader	getAuthorizationHeader(java.lang.String method, java.lang.String uri, java.lang.String requestBody, javax.sip.header.WWWAuthenticateHeader authHeader, java.lang.String username, java.lang.String password) Generates an authorisation header in response to wwwAuthHeader.
java.lang.String	getInfo() Return descriptive information about this Valve implementation.
java.security.Principal	getPrincipal()
void	login(java.lang.String userName, java.lang.String password, org.apache.catalina.connector.Request request)
void	logout(org.apache.catalina.connector.Request request)
protected java.lang.String	parseUsername(java.lang.String authorization) Parse the username from the specified authorization string.
void	register(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
protected static java.lang.String	removeQuotes(java.lang.String quotedString) Removes the quotes on a string.
protected static java.lang.String	removeQuotes(java.lang.String quotedString, boolean quotesRequired) Removes the quotes on a string.
protected void	setAuthenticateHeader(SipServletRequestImpl request, SipServletResponseImpl response, SipLoginConfig config, java.lang.String nOnce) Generates the WWW-Authenticate header.

Methods inherited from class org.mobicents.servlet.sip.security.authentication.AuthenticatorBase

getAlgorithm, getCache, getContext, getDigest, getEntropy, getRandom, getRandomClass, register, setAlgorithm, setCache, setContext, setEntropy, setRandomClass

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

INFO

protected static final java.lang.String INFO

Descriptive information about this implementation.

See Also:

Constant Field Values

md5Helper

protected static volatile java.security.MessageDigest md5Helper

MD5 message digest provider.

key

protected java.lang.String key

Private key.

Constructor Detail

DigestAuthenticator

public DigestAuthenticator()

Method Detail

getInfo

public java.lang.String getInfo()

Return descriptive information about this Valve implementation.

Overrides:

getInfo in class AuthenticatorBase

authenticate

public boolean authenticate(SipServletRequestImpl request,
                            SipServletResponseImpl response,
                            SipLoginConfig config)
                     throws java.io.IOException

Authenticate the user making this request, based on the specified login configuration. Return true if any specified constraint has been satisfied, or false if we have created a response challenge already.

Specified by:

authenticate in class AuthenticatorBase

Parameters:

request - Request we are processing

response - Response we are creating

config - Login configuration describing how authentication should be performed

Throws:

java.io.IOException - if an input/output error occurs

findPrincipal

protected static java.security.Principal findPrincipal(SipServletRequestImpl request,
                                                       java.lang.String authorization,
                                                       org.apache.catalina.Realm realm)

Parse the specified authorization credentials, and return the associated Principal that these credentials authenticate (if any) from the specified Realm. If there is no such Principal, return null.

Parameters:

request - HTTP servlet request

authorization - Authorization credentials from this request

realm - Realm used to authenticate Principals

parseUsername

protected java.lang.String parseUsername(java.lang.String authorization)

Parse the username from the specified authorization string. If none can be identified, return null

Parameters:

authorization - Authorization string to be parsed

removeQuotes

protected static java.lang.String removeQuotes(java.lang.String quotedString,
                                               boolean quotesRequired)

Removes the quotes on a string. RFC2617 states quotes are optional for all parameters except realm.

removeQuotes

protected static java.lang.String removeQuotes(java.lang.String quotedString)

Removes the quotes on a string.

generateNOnce

protected java.lang.String generateNOnce(SipServletRequestImpl request)

Generate a unique token. The token is generated according to the following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).

Parameters:

request - HTTP Servlet request

setAuthenticateHeader

protected void setAuthenticateHeader(SipServletRequestImpl request,
                                     SipServletResponseImpl response,
                                     SipLoginConfig config,
                                     java.lang.String nOnce)

Generates the WWW-Authenticate header.

The header MUST follow this template :

      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
                            digest-challenge

      digest-challenge    = 1#( realm | [ domain ] | nOnce |
                  [ digest-opaque ] |[ stale ] | [ algorithm ] )

      realm               = "realm" "=" realm-value
      realm-value         = quoted-string
      domain              = "domain" "=" <"> 1#URI <">
      nonce               = "nonce" "=" nonce-value
      nonce-value         = quoted-string
      opaque              = "opaque" "=" quoted-string
      stale               = "stale" "=" ( "true" | "false" )
      algorithm           = "algorithm" "=" ( "MD5" | token )
 

Parameters:

request - HTTP Servlet request

response - HTTP Servlet response

config - Login configuration describing how authentication should be performed

nOnce - nonce token

getAuthorizationHeader

public static javax.sip.header.AuthorizationHeader getAuthorizationHeader(java.lang.String method,
                                                                          java.lang.String uri,
                                                                          java.lang.String requestBody,
                                                                          javax.sip.header.WWWAuthenticateHeader authHeader,
                                                                          java.lang.String username,
                                                                          java.lang.String password)

Generates an authorisation header in response to wwwAuthHeader.

Parameters:

method - method of the request being authenticated

uri - digest-uri

requestBody - the body of the request.

authHeader - the challenge that we should respond to

username -

password -

Returns:

an authorisation header in response to authHeader.

Throws:

OperationFailedException - if auth header was malformated.

getPrincipal

public java.security.Principal getPrincipal()

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                            javax.servlet.http.HttpServletResponse response,
                            org.apache.catalina.deploy.LoginConfig config)
                     throws java.io.IOException

Throws:

java.io.IOException

register

public void register(org.apache.catalina.connector.Request request,
                     javax.servlet.http.HttpServletResponse response,
                     java.security.Principal principal,
                     java.lang.String authType,
                     java.lang.String username,
                     java.lang.String password)

login

public void login(java.lang.String userName,
                  java.lang.String password,
                  org.apache.catalina.connector.Request request)
           throws javax.servlet.ServletException

Throws:

javax.servlet.ServletException

logout

public void logout(org.apache.catalina.connector.Request request)
            throws javax.servlet.ServletException

Throws:

javax.servlet.ServletException