From 85e670dea5276d219f706c02110f3592a6625db7 Mon Sep 17 00:00:00 2001
From: Emil Ivov <emcho@jitsi.org>
Date: Fri, 15 Dec 2006 23:15:12 +0000
Subject: [PATCH] added a method for handling 403 FORBIDDEN responses.

---
 .../sip/security/SipSecurityManager.java      | 34 ++++++++++++++++---
 1 file changed, 29 insertions(+), 5 deletions(-)

diff --git a/src/net/java/sip/communicator/impl/protocol/sip/security/SipSecurityManager.java b/src/net/java/sip/communicator/impl/protocol/sip/security/SipSecurityManager.java
index b53f8bac5..0816dc811 100644
--- a/src/net/java/sip/communicator/impl/protocol/sip/security/SipSecurityManager.java
+++ b/src/net/java/sip/communicator/impl/protocol/sip/security/SipSecurityManager.java
@@ -187,6 +187,7 @@ else if (challenge.getStatusCode()
                 {
                     //use the stored password to authenticate
                     ccEntry = createCcEntryWithStoredPassword(storedPassword);
+                    logger.trace("seem to have a stored pass! Try with it.");
                 }
                 else
                 {
@@ -238,7 +239,8 @@ else if (challenge.getStatusCode()
             {
                 throw new OperationFailedException(
                     "Unable to authenticate with realm " + realm
-                    , OperationFailedException.GENERAL_ERROR);
+                    + ". User did not provide credentials."
+                    , OperationFailedException.AUTHENTICATION_FAILED);
             }
 
             AuthorizationHeader authorization =
@@ -288,6 +290,27 @@ public SecurityAuthority getSecurityAuthority()
         return this.securityAuthority;
     }
 
+    /**
+     * Makes sure that the password that was used for this forbidden response,
+     * is removed from the local cache and is not stored for future use.
+     *
+     * @param forbidden the 401/407 challenge response
+     * @param endedTransaction the transaction established by the challenged
+     * request
+     * @param transactionCreator the JAIN SipProvider that we should use to
+     * create the new transaction.
+     */
+    public void handleForbiddenResponse(
+                                    Response          forbidden,
+                                    ClientTransaction endedTransaction,
+                                    SipProvider       transactionCreator)
+    {
+        //a request that we previously sent was mal-authenticated. empty the
+        //credentials cache so that we don't use the same credentials once more.
+        cachedCredentials.clear();
+    }
+
+
     /**
      * Generates an authorisation header in response to wwwAuthHeader.
      *
@@ -439,10 +462,11 @@ private CredentialsCacheEntry createCcEntryWithNewCredentials(String realm)
                 defaultCredentials);
 
         //store the password if the user wants us to
-        if(ccEntry.userCredentials.isPasswordPersistent())
-            SipActivator.getProtocolProviderFactory().storePassword(
-                accountID
-                , ccEntry.userCredentials.getPasswordAsString());
+        if( ccEntry.userCredentials != null
+            && ccEntry.userCredentials.isPasswordPersistent())
+                SipActivator.getProtocolProviderFactory().storePassword(
+                    accountID
+                    , ccEntry.userCredentials.getPasswordAsString());
 
         return ccEntry;
     }