1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
/*
* SaslCramMD5.java
* Copyright (C) 2004 The Free Software Foundation
*
* This file is part of GNU inetlib, a library.
*
* GNU inetlib is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNU inetlib is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Linking this library statically or dynamically with other modules is
* making a combined work based on this library. Thus, the terms and
* conditions of the GNU General Public License cover the whole
* combination.
*
* As a special exception, the copyright holders of this library give you
* permission to link this library with independent modules to produce an
* executable, regardless of the license terms of these independent
* modules, and to copy and distribute the resulting executable under
* terms of your choice, provided that you also meet, for each linked
* independent module, the terms and conditions of the license of that
* module. An independent module is a module which is not derived from
* or based on this library. If you modify this library, you may extend
* this exception to your version of the library, but you are not
* obliged to do so. If you do not wish to do so, delete this
* exception statement from your version.
*/
package gnu.inet.util;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
/**
* SASL mechanism for CRAM-MD5.
*
* @author <a href='mailto:dog@gnu.org'>Chris Burdess</a>
*/
public class SaslCramMD5
implements SaslClient
{
private String username;
private String password;
private boolean complete;
public SaslCramMD5(String username, String password)
{
this.username = username;
this.password = password;
}
public String getMechanismName()
{
return "CRAM-MD5";
}
public boolean hasInitialResponse()
{
return false;
}
public byte[] evaluateChallenge(byte[] challenge)
throws SaslException
{
try
{
byte[] s = password.getBytes("US-ASCII");
byte[] digest = hmac_md5(s, challenge);
byte[] r0 = username.getBytes("US-ASCII");
byte[] r1 = new byte[r0.length + digest.length + 1];
System.arraycopy(r0, 0, r1, 0, r0.length); // add username
r1[r0.length] = 0x20; // SPACE
System.arraycopy(digest, 0, r1, r0.length+1, digest.length);
complete = true;
return r1;
}
catch (UnsupportedEncodingException e)
{
String msg = "Username or password contains non-ASCII characters";
throw new SaslException(msg, e);
}
catch (NoSuchAlgorithmException e)
{
String msg = "MD5 algorithm not available";
throw new SaslException(msg, e);
}
}
public boolean isComplete()
{
return complete;
}
public byte[] unwrap(byte[] incoming, int off, int len)
throws SaslException
{
byte[] ret = new byte[len - off];
System.arraycopy(incoming, off, ret, 0, len);
return ret;
}
public byte[] wrap(byte[] outgoing, int off, int len)
throws SaslException
{
byte[] ret = new byte[len - off];
System.arraycopy(outgoing, off, ret, 0, len);
return ret;
}
public Object getNegotiatedProperty(String name)
{
return null;
}
public void dispose()
{
}
/**
* Computes a CRAM digest using the HMAC algorithm:
* <pre>
* MD5(key XOR opad, MD5(key XOR ipad, text))
* </pre>.
* <code>secret</code> is null-padded to a length of 64 bytes.
* If the shared secret is longer than 64 bytes, the MD5 digest of the
* shared secret is used as a 16 byte input to the keyed MD5 calculation.
* See RFC 2104 for details.
*/
private static byte[] hmac_md5(byte[] key, byte[] text)
throws NoSuchAlgorithmException
{
byte[] k_ipad = new byte[64];
byte[] k_opad = new byte[64];
byte[] digest;
MessageDigest md5 = MessageDigest.getInstance("MD5");
// if key is longer than 64 bytes reset it to key=MD5(key)
if (key.length>64)
{
md5.update(key);
key = md5.digest();
}
// start out by storing key in pads
System.arraycopy(key, 0, k_ipad, 0, key.length);
System.arraycopy(key, 0, k_opad, 0, key.length);
// XOR key with ipad and opad values
for (int i=0; i<64; i++)
{
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
// perform inner MD5
md5.reset();
md5.update(k_ipad);
md5.update(text);
digest = md5.digest();
// perform outer MD5
md5.reset();
md5.update(k_opad);
md5.update(digest);
digest = md5.digest();
return digest;
}
}
|
