/// <summary> /// Continues authentication process. /// </summary> /// <param name="serverResponse">Server sent SASL response.</param> /// <returns>Returns challange request what must be sent to server or null if authentication has completed.</returns> /// <exception cref="ArgumentNullException">Is raised when <b>serverResponse</b> is null reference.</exception> /// <exception cref="InvalidOperationException">Is raised when this method is called when authentication is completed.</exception> public override byte[] Continue(byte[] serverResponse) { if(serverResponse == null){ throw new ArgumentNullException("serverResponse"); } if(m_IsCompleted){ throw new InvalidOperationException("Authentication is completed."); } /* RFC 2831. The base64-decoded version of the SASL exchange is: S: realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth", algorithm=md5-sess,charset=utf-8 C: charset=utf-8,username="******",realm="elwood.innosoft.com", nonce="OA6MG9tEQGm2hh",nc=00000001,cnonce="OA6MHXh6VqTrRk", digest-uri="imap/elwood.innosoft.com", response=d388dad90d4bbd760a152321f2143af7,qop=auth S: rspauth=ea40f60335c427b5527b84dbabcdfffd C: S: ok The password in this example was "secret". */ if(m_State == 0){ m_State++; // Parse server challenge. AUTH_SASL_DigestMD5_Challenge challenge = AUTH_SASL_DigestMD5_Challenge.Parse(Encoding.UTF8.GetString(serverResponse)); // Construct our response to server challenge. m_pResponse = new AUTH_SASL_DigestMD5_Response( challenge, challenge.Realm[0], m_UserName, m_Password, Guid.NewGuid().ToString().Replace("-",""), 1, challenge.QopOptions[0], m_Protocol + "/" + m_ServerName ); return Encoding.UTF8.GetBytes(m_pResponse.ToResponse()); } else if(m_State == 1){ m_State++; m_IsCompleted = true; // Check rspauth value. if(!string.Equals(Encoding.UTF8.GetString(serverResponse),m_pResponse.ToRspauthResponse(m_UserName,m_Password),StringComparison.InvariantCultureIgnoreCase)){ throw new Exception("Server server 'rspauth' value mismatch with local 'rspauth' value."); } return new byte[0]; } else{ throw new InvalidOperationException("Authentication is completed."); } }
public void Authenticate(string userName,string password) { if(this.IsDisposed){ throw new ObjectDisposedException(this.GetType().Name); } if(!this.IsConnected){ throw new InvalidOperationException("You must connect first."); } if(this.IsAuthenticated){ throw new InvalidOperationException("Session is already authenticated."); } if(string.IsNullOrEmpty(userName)){ throw new ArgumentNullException("userName"); } if(password == null){ password = ""; } // Choose authentication method, we consider LOGIN as default. string authMethod = "LOGIN"; List<string> authMethods = new List<string>(this.SaslAuthMethods); if(authMethods.Contains("DIGEST-MD5")){ authMethod = "DIGEST-MD5"; } else if(authMethods.Contains("CRAM-MD5")){ authMethod = "CRAM-MD5"; } #region AUTH LOGIN if(authMethod == "LOGIN"){ /* LOGIN Example: C: AUTH LOGIN<CRLF> S: 334 VXNlcm5hbWU6<CRLF> VXNlcm5hbWU6 = base64("USERNAME") C: base64(username)<CRLF> S: 334 UGFzc3dvcmQ6<CRLF> UGFzc3dvcmQ6 = base64("PASSWORD") C: base64(password)<CRLF> S: 235 Ok<CRLF> */ WriteLine("AUTH LOGIN"); // Read server response. string line = ReadLine(); // Response line must start with 334 or otherwise it's error response. if(!line.StartsWith("334")){ throw new SMTP_ClientException(line); } // Send user name to server. WriteLine(Convert.ToBase64String(Encoding.ASCII.GetBytes(userName))); // Read server response. line = ReadLine(); // Response line must start with 334 or otherwise it's error response. if(!line.StartsWith("334")){ throw new SMTP_ClientException(line); } // Send password to server. WriteLine(Convert.ToBase64String(Encoding.ASCII.GetBytes(password))); // Read server response. line = ReadLine(); // Response line must start with 334 or otherwise it's error response. if(!line.StartsWith("235")){ throw new SMTP_ClientException(line); } m_pAuthdUserIdentity = new GenericIdentity(userName,"LOGIN"); } #endregion #region AUTH CRAM-MD5 else if(authMethod == "CRAM-MD5"){ /* CRAM-M5 Description: HMACMD5 key is "password". Example: C: AUTH CRAM-MD5<CRLF> S: 334 base64(md5_calculation_hash)<CRLF> C: base64(username password_hash)<CRLF> S: 235 Ok<CRLF> */ WriteLine("AUTH CRAM-MD5"); // Read server response. string line = ReadLine(); // Response line must start with 334 or otherwise it's error response. if(!line.StartsWith("334")){ throw new SMTP_ClientException(line); } HMACMD5 kMd5 = new HMACMD5(Encoding.ASCII.GetBytes(password)); string passwordHash = Net_Utils.ToHex(kMd5.ComputeHash(Convert.FromBase64String(line.Split(' ')[1]))).ToLower(); // Send authentication info to server. WriteLine(Convert.ToBase64String(Encoding.ASCII.GetBytes(userName + " " + passwordHash))); // Read server response. line = ReadLine(); // Response line must start with 235 or otherwise it's error response if(!line.StartsWith("235")){ throw new SMTP_ClientException(line); } m_pAuthdUserIdentity = new GenericIdentity(userName,"CRAM-MD5"); } #endregion #region AUTH DIGEST-MD5 else if(authMethod == "DIGEST-MD5"){ /* Example: C: AUTH DIGEST-MD5<CRLF> S: 334 base64(digestChallange)<CRLF> C: base64(digestResponse)<CRLF> S: 334 base64(serverDigestRpAuth)<CRLF> C: <CRLF> S: 235 Ok<CRLF> */ WriteLine("AUTH DIGEST-MD5"); // Read server response. string line = ReadLine(); // Response line must start with 334 or otherwise it's error response. if(!line.StartsWith("334")){ throw new SMTP_ClientException(line); } // Parse server challenge. AUTH_SASL_DigestMD5_Challenge challenge = AUTH_SASL_DigestMD5_Challenge.Parse(Encoding.Default.GetString(Convert.FromBase64String(line.Split(' ')[1]))); // Construct our response to server challenge. AUTH_SASL_DigestMD5_Response response = new AUTH_SASL_DigestMD5_Response( challenge, challenge.Realm[0], userName, password,Guid.NewGuid().ToString().Replace("-",""), 1, challenge.QopOptions[0], "smtp/" + this.RemoteEndPoint.Address.ToString() ); // Send authentication info to server. WriteLine(Convert.ToBase64String(Encoding.Default.GetBytes(response.ToResponse()))); // Read server response. line = ReadLine(); // Response line must start with 334 or otherwise it's error response. if(!line.StartsWith("334")){ throw new SMTP_ClientException(line); } // Check rspauth value. if(!string.Equals(Encoding.Default.GetString(Convert.FromBase64String(line.Split(' ')[1])),response.ToRspauthResponse(userName,password),StringComparison.InvariantCultureIgnoreCase)){ throw new Exception("SMTP server 'rspauth' value mismatch."); } // Send empty line. WriteLine(""); // Read server response. line = ReadLine(); // Response line must start with 235 or otherwise it's error response. if(!line.StartsWith("235")){ throw new SMTP_ClientException(line); } m_pAuthdUserIdentity = new GenericIdentity(userName,"DIGEST-MD5"); } #endregion }
/// <summary> /// Parses DIGEST-MD5 response from response-string. /// </summary> /// <param name="digestResponse">Response string.</param> /// <returns>Returns DIGEST-MD5 response.</returns> /// <exception cref="ArgumentNullException">Is raised when <b>digestResponse</b> isnull reference.</exception> /// <exception cref="ParseException">Is raised when response parsing + validation fails.</exception> public static AUTH_SASL_DigestMD5_Response Parse(string digestResponse) { if(digestResponse == null){ throw new ArgumentNullException(digestResponse); } /* RFC 2831 2.1.2. The client makes note of the "digest-challenge" and then responds with a string formatted and computed according to the rules for a "digest-response" defined as follows: digest-response = 1#( username | realm | nonce | cnonce | nonce-count | qop | digest-uri | response | maxbuf | charset | cipher | authzid | auth-param ) username = "******" "=" <"> username-value <"> username-value = qdstr-val cnonce = "cnonce" "=" <"> cnonce-value <"> cnonce-value = qdstr-val nonce-count = "nc" "=" nc-value nc-value = 8LHEX qop = "qop" "=" qop-value digest-uri = "digest-uri" "=" <"> digest-uri-value <"> digest-uri-value = serv-type "/" host [ "/" serv-name ] serv-type = 1*ALPHA host = 1*( ALPHA | DIGIT | "-" | "." ) serv-name = host response = "response" "=" response-value response-value = 32LHEX LHEX = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f" cipher = "cipher" "=" cipher-value authzid = "authzid" "=" <"> authzid-value <"> authzid-value = qdstr-val */ AUTH_SASL_DigestMD5_Response retVal = new AUTH_SASL_DigestMD5_Response(); // Set default values. retVal.m_Realm = ""; string[] parameters = TextUtils.SplitQuotedString(digestResponse,','); foreach(string parameter in parameters){ string[] name_value = parameter.Split(new char[]{'='},2); string name = name_value[0].Trim(); if(name_value.Length == 2){ if(name.ToLower() == "username"){ retVal.m_UserName = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "realm"){ retVal.m_Realm = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "nonce"){ retVal.m_Nonce = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "cnonce"){ retVal.m_Cnonce = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "nc"){ retVal.m_NonceCount = Int32.Parse(TextUtils.UnQuoteString(name_value[1]),System.Globalization.NumberStyles.HexNumber); } else if(name.ToLower() == "qop"){ retVal.m_Qop = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "digest-uri"){ retVal.m_DigestUri = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "response"){ retVal.m_Response = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "charset"){ retVal.m_Charset = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "cipher"){ retVal.m_Cipher = TextUtils.UnQuoteString(name_value[1]); } else if(name.ToLower() == "authzid"){ retVal.m_Authzid = TextUtils.UnQuoteString(name_value[1]); } } } /* Validate required fields. Per RFC 2831 2.1.2. Only [username nonce cnonce nc response] parameters are required. */ if(string.IsNullOrEmpty(retVal.UserName)){ throw new ParseException("The response-string doesn't contain required parameter 'username' value."); } if(string.IsNullOrEmpty(retVal.Nonce)){ throw new ParseException("The response-string doesn't contain required parameter 'nonce' value."); } if(string.IsNullOrEmpty(retVal.Cnonce)){ throw new ParseException("The response-string doesn't contain required parameter 'cnonce' value."); } if(retVal.NonceCount < 1){ throw new ParseException("The response-string doesn't contain required parameter 'nc' value."); } if(string.IsNullOrEmpty(retVal.Response)){ throw new ParseException("The response-string doesn't contain required parameter 'response' value."); } return retVal; }