public Stanza started()

in server/core/src/main/java/org/apache/vysper/xmpp/authentication/Plain.java [58:115]

• 47 lines of code
• 12 McCabe index (conditional complexity)

    public Stanza started(SessionContext sessionContext, SessionStateHolder sessionStateHolder, Stanza authStanza) {
        // TODO assure, that connection is secured via TLS. if not, reject SASL PLAIN

        List<XMLText> innerTexts = authStanza.getInnerTexts();
        if (innerTexts == null || innerTexts.isEmpty())
            return AUTHENTICATION_RESPONSES.getFailureMalformedRequest();

        // retrieve credential payload and decode from BASE64
        XMLText base64Encoded = innerTexts.get(0);
        byte[] decoded;
        try {
            decoded = Base64.decodeBase64(base64Encoded.getText().getBytes(CHARSET_UTF8));
        } catch (Throwable e) {
            return AUTHENTICATION_RESPONSES.getFailure(SASLFailureType.INCORRECT_ENCODING);
        }

        // parse clear text, extract parts, which are separated by zeros
        List<String> decodedParts = new ArrayList<String>();
        StringBuilder stringBuilder = new StringBuilder();
        for (int i = 0; i < decoded.length; i++) {
            char ch = (char) decoded[i];
            if (ch != 0) {
                stringBuilder.append(ch);
            }
            if (ch == 0 || i == decoded.length - 1) {
                decodedParts.add(stringBuilder.toString());
                stringBuilder = new StringBuilder();
            }
        }

        if (decodedParts.size() != 3) {
            return AUTHENTICATION_RESPONSES.getFailureMalformedRequest();
        }

        String alias = decodedParts.get(0); // "authorization identity (identity to act as)", currently unused
        String username = decodedParts.get(1); // "authentication identity (identity whose password will be used)"
        String password = decodedParts.get(2);

        if (!username.contains("@"))
            username = username + "@" + sessionContext.getServerJID().getDomain();
        EntityImpl initiatingEntity;
        try {
            initiatingEntity = EntityImpl.parse(username);
        } catch (EntityFormatException e) {
            return AUTHENTICATION_RESPONSES.getFailureNotAuthorized();
        }

        boolean authorized = sessionContext.getServerRuntimeContext().getUserAuthentication().verifyCredentials(
        		initiatingEntity, password, null);

        if (authorized) {
            sessionContext.setInitiatingEntity(initiatingEntity);
            sessionStateHolder.setState(SessionState.AUTHENTICATED);
            return AUTHENTICATION_RESPONSES.getSuccess();
        } else {
            return AUTHENTICATION_RESPONSES.getFailureNotAuthorized();
        }
    }