001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018package org.apache.commons.net.imap; 019 020import java.io.IOException; 021import java.security.InvalidKeyException; 022import java.security.NoSuchAlgorithmException; 023import java.security.spec.InvalidKeySpecException; 024 025import javax.crypto.Mac; 026import javax.crypto.spec.SecretKeySpec; 027import javax.net.ssl.SSLContext; 028 029import org.apache.commons.net.util.Base64; 030 031/** 032 * An IMAP Client class with authentication support. 033 * @see IMAPSClient 034 */ 035public class AuthenticatingIMAPClient extends IMAPSClient 036{ 037 /** 038 * Constructor for AuthenticatingIMAPClient that delegates to IMAPSClient. 039 * Sets security mode to explicit (isImplicit = false). 040 */ 041 public AuthenticatingIMAPClient() 042 { 043 this(DEFAULT_PROTOCOL, false); 044 } 045 046 /** 047 * Constructor for AuthenticatingIMAPClient that delegates to IMAPSClient. 048 * @param implicit The security mode (Implicit/Explicit). 049 */ 050 public AuthenticatingIMAPClient(final boolean implicit) 051 { 052 this(DEFAULT_PROTOCOL, implicit); 053 } 054 055 /** 056 * Constructor for AuthenticatingIMAPClient that delegates to IMAPSClient. 057 * @param proto the protocol. 058 */ 059 public AuthenticatingIMAPClient(final String proto) 060 { 061 this(proto, false); 062 } 063 064 /** 065 * Constructor for AuthenticatingIMAPClient that delegates to IMAPSClient. 066 * @param proto the protocol. 067 * @param implicit The security mode(Implicit/Explicit). 068 */ 069 public AuthenticatingIMAPClient(final String proto, final boolean implicit) 070 { 071 this(proto, implicit, null); 072 } 073 074 /** 075 * Constructor for AuthenticatingIMAPClient that delegates to IMAPSClient. 076 * @param proto the protocol. 077 * @param implicit The security mode(Implicit/Explicit). 078 * @param ctx the context 079 */ 080 public AuthenticatingIMAPClient(final String proto, final boolean implicit, final SSLContext ctx) 081 { 082 super(proto, implicit, ctx); 083 } 084 085 /** 086 * Constructor for AuthenticatingIMAPClient that delegates to IMAPSClient. 087 * @param implicit The security mode(Implicit/Explicit). 088 * @param ctx A pre-configured SSL Context. 089 */ 090 public AuthenticatingIMAPClient(final boolean implicit, final SSLContext ctx) 091 { 092 this(DEFAULT_PROTOCOL, implicit, ctx); 093 } 094 095 /** 096 * Constructor for AuthenticatingIMAPClient that delegates to IMAPSClient. 097 * @param context A pre-configured SSL Context. 098 */ 099 public AuthenticatingIMAPClient(final SSLContext context) 100 { 101 this(false, context); 102 } 103 104 /** 105 * Authenticate to the IMAP server by sending the AUTHENTICATE command with the 106 * selected mechanism, using the given username and the given password. 107 * 108 * @param method the method name 109 * @param username user 110 * @param password password 111 * @return True if successfully completed, false if not. 112 * @throws IOException If an I/O error occurs while either sending a 113 * command to the server or receiving a reply from the server. 114 * @throws NoSuchAlgorithmException If the CRAM hash algorithm 115 * cannot be instantiated by the Java runtime system. 116 * @throws InvalidKeyException If the CRAM hash algorithm 117 * failed to use the given password. 118 * @throws InvalidKeySpecException If the CRAM hash algorithm 119 * failed to use the given password. 120 */ 121 public boolean authenticate(final AuthenticatingIMAPClient.AUTH_METHOD method, 122 final String username, final String password) 123 throws IOException, NoSuchAlgorithmException, 124 InvalidKeyException, InvalidKeySpecException 125 { 126 return auth(method, username, password); 127 } 128 129 /** 130 * Authenticate to the IMAP server by sending the AUTHENTICATE command with the 131 * selected mechanism, using the given username and the given password. 132 * 133 * @param method the method name 134 * @param username user 135 * @param password password 136 * @return True if successfully completed, false if not. 137 * @throws IOException If an I/O error occurs while either sending a 138 * command to the server or receiving a reply from the server. 139 * @throws NoSuchAlgorithmException If the CRAM hash algorithm 140 * cannot be instantiated by the Java runtime system. 141 * @throws InvalidKeyException If the CRAM hash algorithm 142 * failed to use the given password. 143 * @throws InvalidKeySpecException If the CRAM hash algorithm 144 * failed to use the given password. 145 */ 146 public boolean auth(final AuthenticatingIMAPClient.AUTH_METHOD method, 147 final String username, final String password) 148 throws IOException, NoSuchAlgorithmException, 149 InvalidKeyException, InvalidKeySpecException 150 { 151 if (!IMAPReply.isContinuation(sendCommand(IMAPCommand.AUTHENTICATE, method.getAuthName()))) 152 { 153 return false; 154 } 155 156 switch (method) { 157 case PLAIN: 158 { 159 // the server sends an empty response ("+ "), so we don't have to read it. 160 final int result = sendData( 161 Base64.encodeBase64StringUnChunked(("\000" + username + "\000" + password) 162 .getBytes(getCharset()))); 163 if (result == IMAPReply.OK) 164 { 165 setState(IMAP.IMAPState.AUTH_STATE); 166 } 167 return result == IMAPReply.OK; 168 } 169 case CRAM_MD5: 170 { 171 // get the CRAM challenge (after "+ ") 172 final byte[] serverChallenge = Base64.decodeBase64(getReplyString().substring(2).trim()); 173 // get the Mac instance 174 final Mac hmac_md5 = Mac.getInstance("HmacMD5"); 175 hmac_md5.init(new SecretKeySpec(password.getBytes(getCharset()), "HmacMD5")); 176 // compute the result: 177 final byte[] hmacResult = convertToHexString(hmac_md5.doFinal(serverChallenge)).getBytes(getCharset()); 178 // join the byte arrays to form the reply 179 final byte[] usernameBytes = username.getBytes(getCharset()); 180 final byte[] toEncode = new byte[usernameBytes.length + 1 /* the space */ + hmacResult.length]; 181 System.arraycopy(usernameBytes, 0, toEncode, 0, usernameBytes.length); 182 toEncode[usernameBytes.length] = ' '; 183 System.arraycopy(hmacResult, 0, toEncode, usernameBytes.length + 1, hmacResult.length); 184 // send the reply and read the server code: 185 final int result = sendData(Base64.encodeBase64StringUnChunked(toEncode)); 186 if (result == IMAPReply.OK) 187 { 188 setState(IMAP.IMAPState.AUTH_STATE); 189 } 190 return result == IMAPReply.OK; 191 } 192 case LOGIN: 193 { 194 // the server sends fixed responses (base64("Username") and 195 // base64("Password")), so we don't have to read them. 196 if (sendData(Base64.encodeBase64StringUnChunked(username.getBytes(getCharset()))) != IMAPReply.CONT) 197 { 198 return false; 199 } 200 final int result = sendData(Base64.encodeBase64StringUnChunked(password.getBytes(getCharset()))); 201 if (result == IMAPReply.OK) 202 { 203 setState(IMAP.IMAPState.AUTH_STATE); 204 } 205 return result == IMAPReply.OK; 206 } 207 case XOAUTH: 208 case XOAUTH2: 209 { 210 final int result = sendData(username); 211 if (result == IMAPReply.OK) 212 { 213 setState(IMAP.IMAPState.AUTH_STATE); 214 } 215 return result == IMAPReply.OK; 216 } 217 } 218 return false; // safety check 219 } 220 221 /** 222 * Converts the given byte array to a String containing the hex values of the bytes. 223 * For example, the byte 'A' will be converted to '41', because this is the ASCII code 224 * (and the byte value) of the capital letter 'A'. 225 * @param a The byte array to convert. 226 * @return The resulting String of hex codes. 227 */ 228 private String convertToHexString(final byte[] a) 229 { 230 final StringBuilder result = new StringBuilder(a.length*2); 231 for (final byte element : a) 232 { 233 if ( (element & 0x0FF) <= 15 ) { 234 result.append("0"); 235 } 236 result.append(Integer.toHexString(element & 0x0FF)); 237 } 238 return result.toString(); 239 } 240 241 /** 242 * The enumeration of currently-supported authentication methods. 243 */ 244 public enum AUTH_METHOD 245 { 246 /** The standarised (RFC4616) PLAIN method, which sends the password unencrypted (insecure). */ 247 PLAIN("PLAIN"), 248 /** The standarised (RFC2195) CRAM-MD5 method, which doesn't send the password (secure). */ 249 CRAM_MD5("CRAM-MD5"), 250 /** The unstandarised Microsoft LOGIN method, which sends the password unencrypted (insecure). */ 251 LOGIN("LOGIN"), 252 /** XOAUTH */ 253 XOAUTH("XOAUTH"), 254 /** XOAUTH 2 */ 255 XOAUTH2("XOAUTH2"); 256 257 private final String authName; 258 259 AUTH_METHOD(final String name){ 260 this.authName=name; 261 } 262 /** 263 * Gets the name of the given authentication method suitable for the server. 264 * @return The name of the given authentication method suitable for the server. 265 */ 266 public final String getAuthName() 267 { 268 return authName; 269 } 270 } 271} 272/* kate: indent-width 4; replace-tabs on; */