1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

/**
 *  BlueCove - Java library for Bluetooth
 * 
 *  Java docs licensed under the Apache License, Version 2.0
 *  http://www.apache.org/licenses/LICENSE-2.0 
 *   (c) Copyright 2001, 2002 Motorola, Inc.  ALL RIGHTS RESERVED.
 *
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 *  
 *  @version $Id$  
 */
package javax.obex;

/**
 * This interface provides a way to respond to authentication challenge and
 * authentication response headers. When a client or server receives an
 * authentication challenge or authentication response header, the
 * <code>onAuthenticationChallenge()</code> or
 * <code>onAuthenticationResponse()</code> will be called, respectively, by
 * the implementation.
 * <P>
 * For more information on how the authentication procedure works in OBEX,
 * please review the IrOBEX specification at <A
 * HREF="http://www.irda.org">http://www.irda.org</A>.
 * <P>
 * <STRONG>Authentication Challenges</STRONG>
 * <P>
 * When a client or server receives an authentication challenge header, the
 * <code>onAuthenticationChallenge()</code> method will be invoked by the OBEX
 * API implementation. The application will then return the user name (if
 * needed) and password via a <code>PasswordAuthentication</code> object. The
 * password in this object is not sent in the authentication response. Instead,
 * the 16-byte challenge received in the authentication challenge is combined
 * with the password returned from the <code>onAuthenticationChallenge()</code>
 * method and passed through the MD5 hash algorithm. The resulting value is sent
 * in the authentication response along with the user name if it was provided.
 * <P>
 * <STRONG>Authentication Responses</STRONG>
 * <P>
 * When a client or server receives an authentication response header, the
 * <code>onAuthenticationResponse()</code> method is invoked by the API
 * implementation with the user name received in the authentication response
 * header. (The user name will be <code>null</code> if no user name was
 * provided in the authentication response header.) The application must
 * determine the correct password. This value should be returned from the
 * <code>onAuthenticationResponse()</code> method. If the authentication
 * request should fail without the implementation checking the password,
 * <code>null</code> should be returned by the application. (This is needed
 * for reasons like not recognizing the user name, etc.) If the returned value
 * is not <code>null</code>, the OBEX API implementation will combine the
 * password returned from the <code>onAuthenticationResponse()</code> method
 * and challenge sent via the authentication challenge, apply the MD5 hash
 * algorithm, and compare the result to the response hash received in the
 * authentication response header. If the values are not equal, an
 * <code>IOException</code> will be thrown if the client requested
 * authentication. If the server requested authentication, the
 * <code>onAuthenticationFailure()</code> method will be called on the
 * <code>ServerRequestHandler</code> that failed authentication. The
 * connection is <B>not</B> closed if authentication failed.
 * 
 */
public interface Authenticator {

	/**
	 * Called when a client or a server receives an authentication challenge
	 * header. It should respond to the challenge with a
	 * <code>PasswordAuthentication</code> that contains the correct user name
	 * and password for the challenge.
	 * 
	 * @param description
	 *            the description of which user name and password should be
	 *            used; if no description is provided in the authentication
	 *            challenge or the description is encoded in an encoding scheme
	 *            that is not supported, an empty string will be provided
	 * 
	 * @param isUserIdRequired
	 *            <code>true</code> if the user ID is required;
	 *            <code>false</code> if the user ID is not required
	 * 
	 * @param isFullAccess
	 *            <code>true</code> if full access to the server will be
	 *            granted; <code>false</code> if read only access will be
	 *            granted
	 * 
	 * @return a <code>PasswordAuthentication</code> object containing the
	 *         user name and password used for authentication
	 */
	public PasswordAuthentication onAuthenticationChallenge(String description, boolean isUserIdRequired,
			boolean isFullAccess);

	/**
	 * Called when a client or server receives an authentication response
	 * header. This method will provide the user name and expect the correct
	 * password to be returned.
	 * 
	 * @param userName
	 *            the user name provided in the authentication response; may be
	 *            <code>null</code>
	 * 
	 * @return the correct password for the user name provided; if
	 *         <code>null</code> is returned then the authentication request
	 *         failed
	 */
	public byte[] onAuthenticationResponse(byte[] userName);
}