SaslKixmppServerModule.java

package com.kixeye.kixmpp.server.module.auth;

/*
 * #%L
 * KIXMPP
 * %%
 * Copyright (C) 2014 KIXEYE, Inc
 * %%
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * #L%
 */

import io.netty.buffer.ByteBuf;
import io.netty.channel.Channel;
import io.netty.handler.codec.base64.Base64;
import io.netty.util.AttributeKey;

import java.nio.charset.StandardCharsets;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;

import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import org.jdom2.Element;

import com.kixeye.kixmpp.KixmppJid;
import com.kixeye.kixmpp.handler.KixmppStanzaHandler;
import com.kixeye.kixmpp.server.KixmppServer;
import com.kixeye.kixmpp.server.module.KixmppServerModule;
import com.kixeye.kixmpp.server.module.bind.BindKixmppServerModule;

/**
 * Handles SASL auth.
 * 
 * @author ebahtijaragic
 */
public class SaslKixmppServerModule implements KixmppServerModule {
	public static AttributeKey<Boolean> IS_AUTHENTICATED = AttributeKey.valueOf("IS_AUTHENTICATED");
	
	private AuthenticationService authenticationService;
	
	private KixmppServer server;
	
	/**
	 * @see com.kixeye.kixmpp.server.module.KixmppModule#install(com.kixeye.kixmpp.server.KixmppServer)
	 */
	public void install(KixmppServer server) {
		this.server = server;
		this.authenticationService = new InMemoryAuthenticationService(server);
		
		this.server.getEventEngine().registerGlobalStanzaHandler("auth", AUTH_HANDLER);
	}

	/**
	 * @see com.kixeye.kixmpp.server.module.KixmppModule#uninstall(com.kixeye.kixmpp.server.KixmppServer)
	 */
	public void uninstall(KixmppServer server) {
		this.server.getEventEngine().unregisterGlobalStanzaHandler("auth", AUTH_HANDLER);
	}

	/**
	 * @see com.kixeye.kixmpp.server.module.KixmppServerModule#getFeatures(io.netty.channel.Channel)
	 */
	public List<Element> getFeatures(Channel channel) {
		List<Element> features = new LinkedList<>();
		
		Boolean isAuthed = channel.attr(IS_AUTHENTICATED).get();
		
		if (isAuthed == null || isAuthed == false) {
			Element mechanisms = new Element("mechanisms", null, "urn:ietf:params:xml:ns:xmpp-sasl");
			
			Element plainMechanism = new Element("mechanism", "urn:ietf:params:xml:ns:xmpp-sasl");
			plainMechanism.setText("PLAIN");
			
			mechanisms.addContent(plainMechanism);
			
			features.add(mechanisms);
		}
		
		return features;
	}
	
	/**
	 * @return the authenticationService
	 */
	public AuthenticationService getAuthenticationService() {
		return authenticationService;
	}

	/**
	 * @param authenticationService the authenticationService to set
	 */
	public void setAuthenticationService(AuthenticationService authenticationService) {
		this.authenticationService = authenticationService;
	}

	private KixmppStanzaHandler AUTH_HANDLER = new KixmppStanzaHandler() {
		/**
		 * @see com.kixeye.kixmpp.server.KixmppStanzaHandler#handle(io.netty.channel.Channel, org.jdom2.Element)
		 */
		public void handle(final Channel channel, Element stanza) {
			if ("PLAIN".equals(stanza.getAttributeValue("mechanism"))) {
				String base64Encoded = stanza.getText();
				
				ByteBuf encodecCredentials = channel.alloc().buffer().writeBytes(base64Encoded.getBytes(StandardCharsets.UTF_8));
				ByteBuf rawCredentials = Base64.decode(encodecCredentials);
				String raw = rawCredentials.toString(StandardCharsets.UTF_8);
				encodecCredentials.release();
				rawCredentials.release();
				
				String[] credentialsSplit = raw.split("\0");
				if (credentialsSplit.length > 1) {
					final String username = credentialsSplit[1];

					authenticationService.authenticate(username, credentialsSplit[2]).addListener(
						new GenericFutureListener<Future<Boolean>>() {
							@Override
							public void operationComplete(final Future<Boolean> future) throws Exception {
								if (future.isSuccess()) {
									Boolean authResult = future.getNow();
									if (authResult) {
										channel.attr(IS_AUTHENTICATED).set(true);
										channel.attr(BindKixmppServerModule.JID).set(new KixmppJid(username, server.getDomain(), UUID.randomUUID().toString().replace("-", "")));
										Element success = new Element("success", null, "urn:ietf:params:xml:ns:xmpp-sasl");
										channel.writeAndFlush(success);
									} else {
										Element failure = new Element("failure", null, "urn:ietf:params:xml:ns:xmpp-sasl");
										channel.writeAndFlush(failure);
									}
								} else {
									Element failure = new Element("failure", null, "urn:ietf:params:xml:ns:xmpp-sasl");
									channel.writeAndFlush(failure);
								}
							}
						}
					);
				} else {
					Element failure = new Element("failure", null, "urn:ietf:params:xml:ns:xmpp-sasl");
					
					channel.writeAndFlush(failure);
				}
			} else {
				Element failure = new Element("failure", null, "urn:ietf:params:xml:ns:xmpp-sasl");
				
				channel.writeAndFlush(failure);
			}
		}
	};
}