/// <summary>
/// Continues authentication process.
/// </summary>
/// <param name="serverResponse">Server sent SASL response.</param>
/// <returns>Returns challange request what must be sent to server or null if authentication has completed.</returns>
/// <exception cref="ArgumentNullException">Is raised when <b>serverResponse</b> is null reference.</exception>
/// <exception cref="InvalidOperationException">Is raised when this method is called when authentication is completed.</exception>
public override byte[] Continue(byte[] serverResponse)
{
if (serverResponse == null)
{
throw new ArgumentNullException("serverResponse");
}
if (m_IsCompleted)
{
throw new InvalidOperationException("Authentication is completed.");
}
/* RFC 2831.
* The base64-decoded version of the SASL exchange is:
*
* S: realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
* algorithm=md5-sess,charset=utf-8
* C: charset=utf-8,username="******",realm="elwood.innosoft.com",
* nonce="OA6MG9tEQGm2hh",nc=00000001,cnonce="OA6MHXh6VqTrRk",
* digest-uri="imap/elwood.innosoft.com",
* response=d388dad90d4bbd760a152321f2143af7,qop=auth
* S: rspauth=ea40f60335c427b5527b84dbabcdfffd
* C:
* S: ok
*
* The password in this example was "secret".
*/
if (m_State == 0)
{
m_State++;
// Parse server challenge.
AUTH_SASL_DigestMD5_Challenge challenge = AUTH_SASL_DigestMD5_Challenge.Parse(Encoding.UTF8.GetString(serverResponse));
// Construct our response to server challenge.
m_pResponse = new AUTH_SASL_DigestMD5_Response(
challenge,
challenge.Realm[0],
m_UserName,
m_Password,
Guid.NewGuid().ToString().Replace("-", ""),
1,
challenge.QopOptions[0],
m_Protocol + "/" + m_ServerName
);
return(Encoding.UTF8.GetBytes(m_pResponse.ToResponse()));
}
else if (m_State == 1)
{
m_State++;
m_IsCompleted = true;
// Check rspauth value.
if (!string.Equals(Encoding.UTF8.GetString(serverResponse), m_pResponse.ToRspauthResponse(m_UserName, m_Password), StringComparison.InvariantCultureIgnoreCase))
{
throw new Exception("Server server 'rspauth' value mismatch with local 'rspauth' value.");
}
return(new byte[0]);
}
else
{
throw new InvalidOperationException("Authentication is completed.");
}
}
/// <summary>
/// Continues authentication process.
/// </summary>
/// <param name="clientResponse">Client sent SASL response.</param>
/// <returns>Retunrns challange response what must be sent to client or null if authentication has completed.</returns>
/// <exception cref="ArgumentNullException">Is raised when <b>clientResponse</b> is null reference.</exception>
public override byte[] Continue(byte[] clientResponse)
{
if (clientResponse == null)
{
throw new ArgumentNullException("clientResponse");
}
/* RFC 2831.
* The base64-decoded version of the SASL exchange is:
*
* S: realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
* algorithm=md5-sess,charset=utf-8
* C: charset=utf-8,username="******",realm="elwood.innosoft.com",
* nonce="OA6MG9tEQGm2hh",nc=00000001,cnonce="OA6MHXh6VqTrRk",
* digest-uri="imap/elwood.innosoft.com",
* response=d388dad90d4bbd760a152321f2143af7,qop=auth
* S: rspauth=ea40f60335c427b5527b84dbabcdfffd
* C:
* S: ok
*
* The password in this example was "secret".
*/
if (m_State == 0)
{
m_State++;
AUTH_SASL_DigestMD5_Challenge callenge = new AUTH_SASL_DigestMD5_Challenge(new string[] { m_Realm }, m_Nonce, new string[] { "auth" }, false);
return(Encoding.UTF8.GetBytes(callenge.ToChallenge()));
}
else if (m_State == 1)
{
m_State++;
try{
AUTH_SASL_DigestMD5_Response response = AUTH_SASL_DigestMD5_Response.Parse(Encoding.UTF8.GetString(clientResponse));
// Check realm and nonce value.
if (m_Realm != response.Realm || m_Nonce != response.Nonce)
{
return(Encoding.UTF8.GetBytes("rspauth=\"\""));
}
m_UserName = response.UserName;
AUTH_e_UserInfo result = OnGetUserInfo(response.UserName);
if (result.UserExists)
{
if (response.Authenticate(result.UserName, result.Password))
{
m_IsAuthenticated = true;
return(Encoding.UTF8.GetBytes(response.ToRspauthResponse(result.UserName, result.Password)));
}
}
}
catch {
// Authentication failed, just reject request.
}
return(Encoding.UTF8.GetBytes("rspauth=\"\""));
}
else
{
m_IsCompleted = true;
}
return(null);
}