FileDocCategorySizeDatePackage
DigestMD5.javaAPI DocGlassfish v2 API7522Mon May 14 15:28:46 BST 2007com.sun.mail.smtp

DigestMD5

public class DigestMD5 extends Object
DIGEST-MD5 authentication support.
author
Dean Gibson
author
Bill Shannon

Fields Summary
private PrintStream
debugout
private MessageDigest
md5
private String
uri
private String
clientResponse
private static char[]
digits
Constructors Summary
public DigestMD5(PrintStream debugout)

	this.debugout = debugout;
	if (debugout != null)
	    debugout.println("DEBUG DIGEST-MD5: Loaded");
Methods Summary
public byte[]authClient(java.lang.String host, java.lang.String user, java.lang.String passwd, java.lang.String realm, java.lang.String serverChallenge)
Return client's authentication response to server's challenge.

return
byte array with client's response

	ByteArrayOutputStream bos = new ByteArrayOutputStream();
	OutputStream b64os = new BASE64EncoderStream(bos, Integer.MAX_VALUE);
	SecureRandom random;
	try {
	    //random = SecureRandom.getInstance("SHA1PRNG");
	    random = new SecureRandom();
	    md5 = MessageDigest.getInstance("MD5");
	} catch (NoSuchAlgorithmException ex) {
	    if (debugout != null)
		debugout.println("DEBUG DIGEST-MD5: " + ex);
	    throw new IOException(ex.toString());
	}
	StringBuffer result = new StringBuffer();

	uri = "smtp/" + host;
	String nc = "00000001";
	String qop = "auth";
	byte[] bytes = new byte[32];	// arbitrary size ...
	int resp;

	if (debugout != null)
	    debugout.println("DEBUG DIGEST-MD5: Begin authentication ...");

	// Code based on http://www.ietf.org/rfc/rfc2831.txt
	Hashtable map = tokenize(serverChallenge);

	if (realm == null) {
	    String text = (String)map.get("realm");
	    realm = text != null ? new StringTokenizer(text, ",").nextToken()
				 : host;
	}

	// server challenge random value
	String nonce = (String)map.get("nonce");

	random.nextBytes(bytes);
	b64os.write(bytes);
	b64os.flush();

	// client challenge random value
	String cnonce = bos.toString();
	bos.reset();

	// DIGEST-MD5 computation, common portion (order critical)
	md5.update(md5.digest(
		ASCIIUtility.getBytes(user + ":" + realm + ":" + passwd)));
	md5.update(ASCIIUtility.getBytes(":" + nonce + ":" + cnonce));
	clientResponse = toHex(md5.digest())
		+ ":" + nonce  + ":" + nc + ":" + cnonce + ":" + qop + ":";
	
	// DIGEST-MD5 computation, client response (order critical)
	md5.update(ASCIIUtility.getBytes("AUTHENTICATE:" + uri));
	md5.update(ASCIIUtility.getBytes(clientResponse + toHex(md5.digest())));

	// build response text (order not critical)
	result.append("username=\"" + user + "\"");
	result.append(",realm=\"" + realm + "\"");
	result.append(",qop=" + qop);
	result.append(",nc=" + nc);
	result.append(",nonce=\"" + nonce + "\"");
	result.append(",cnonce=\"" + cnonce + "\"");
	result.append(",digest-uri=\"" + uri + "\"");
	result.append(",response=" + toHex(md5.digest()));

	if (debugout != null)
	    debugout.println("DEBUG DIGEST-MD5: Response => "
			 + result.toString());
	b64os.write(ASCIIUtility.getBytes(result.toString()));
	b64os.flush();
	return bos.toByteArray();
public booleanauthServer(java.lang.String serverResponse)
Allow the client to authenticate the server based on its response.

return
true if server is authenticated

	Hashtable map = tokenize(serverResponse);
	// DIGEST-MD5 computation, server response (order critical)
	md5.update(ASCIIUtility.getBytes(":" + uri));
	md5.update(ASCIIUtility.getBytes(clientResponse + toHex(md5.digest())));
	String text = toHex(md5.digest());
	if (!text.equals((String)map.get("rspauth"))) {
	    if (debugout != null)
		debugout.println("DEBUG DIGEST-MD5: " +
			    "Expected => rspauth=" + text);
	    return false;	// server NOT authenticated by client !!!
	}
	return true;
private static java.lang.StringtoHex(byte[] bytes)
Convert a byte array to a string of hex digits representing the bytes.


                      
         
	char[] result = new char[bytes.length * 2];

	for (int index = 0, i = 0; index < bytes.length; index++) {
	    int temp = bytes[index] & 0xFF;
	    result[i++] = digits[temp >> 4];
	    result[i++] = digits[temp & 0xF];
	}
	return new String(result);
private java.util.Hashtabletokenize(java.lang.String serverResponse)
Tokenize a response from the server.

return
Hashtable containing key/value pairs from server

	Hashtable map	= new Hashtable();
	byte[] bytes = serverResponse.getBytes();
	String key = null;
	int ttype;
	StreamTokenizer	tokens
		= new StreamTokenizer(
		    new InputStreamReader(
		      new BASE64DecoderStream(
			new ByteArrayInputStream(bytes, 4, bytes.length - 4)
		 )));

	tokens.ordinaryChars('0", '9");	// reset digits
	tokens.wordChars('0", '9");	// digits may start words
	while ((ttype = tokens.nextToken()) != StreamTokenizer.TT_EOF) {
	    switch (ttype) {
	    case StreamTokenizer.TT_WORD:
		if (key == null) {
		    key = tokens.sval;
		    break;
		}
		// fall-thru
	    case '"":
		if (debugout != null)
		    debugout.println("DEBUG DIGEST-MD5: Received => "
			 	 + key + "='" + tokens.sval + "'");
		if (map.containsKey(key)) {  // concatenate multiple values
		    map.put(key, map.get(key) + "," + tokens.sval);
		} else {
		    map.put(key, tokens.sval);
		}
		key = null;
		break;
	    }
	}
	return map;