/**
    *
    * Copyright 2003-2005 The Apache Software Foundation
    *
    *  Licensed under the Apache License, Version 2.0 (the "License");
    *  you may not use this file except in compliance with the License.
    *  You may obtain a copy of the License at
    *
    *     http://www.apache.org/licenses/LICENSE-2.0
   *
   *  Unless required by applicable law or agreed to in writing, software
   *  distributed under the License is distributed on an "AS IS" BASIS,
   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   *  See the License for the specific language governing permissions and
   *  limitations under the License.
   */
  
  package org.apache.geronimo.javamail.authentication;
  
  import java.io.UnsupportedEncodingException;
  import java.security.MessageDigest;
  import java.security.NoSuchAlgorithmException;
  
  import javax.mail.MessagingException;
  
  import org.apache.geronimo.mail.util.Hex;
  
  public class CramMD5Authenticator implements ClientAuthenticator {
  
      // the user we're authenticating
      protected String username;
  
      // the user's password (the "shared secret")
      protected String password;
  
      // indicates whether we've gone through the entire challenge process.
      protected boolean complete = false;
  
      /**
       * Main constructor.
       * 
       * @param username
       *            The login user name.
       * @param password
       *            The login password.
       */
      public CramMD5Authenticator(String username, String password) {
          this.username = username;
          this.password = password;
      }
  
      /**
       * Respond to the hasInitialResponse query. This mechanism does not have an
       * initial response.
       * 
       * @return Always returns false.
       */
      public boolean hasInitialResponse() {
          return false;
      }
  
      /**
       * Indicate whether the challenge/response process is complete.
       * 
       * @return True if the last challenge has been processed, false otherwise.
       */
      public boolean isComplete() {
          return complete;
      }
  
      /**
       * Retrieve the authenticator mechanism name.
       * 
       * @return Always returns the string "CRAM-MD5"
       */
      public String getMechanismName() {
          return "CRAM-MD5";
      }
  
      /**
       * Evaluate a CRAM-MD5 login challenge, returning the a result string that
       * should satisfy the clallenge.
       * 
       * @param challenge
       *            The decoded challenge data, as a byte array.
       * 
       * @return A formatted challege response, as an array of bytes.
       * @exception MessagingException
       */
      public byte[] evaluateChallenge(byte[] challenge) throws MessagingException {
          // we create the challenge from the userid and password information (the
          // "shared secret").
          byte[] passBytes;
  
          try {
              // get the password in an UTF-8 encoding to create the token
              passBytes = password.getBytes("UTF-8");
              // compute the password digest using the key
              byte[] digest = computeCramDigest(passBytes, challenge);
 
             // create a unified string using the user name and the hex encoded
             // digest
             String responseString = username + " " + new String(Hex.encode(digest));
             complete = true;
             return responseString.getBytes();
         } catch (UnsupportedEncodingException e) {
             // got an error, fail this
             throw new MessagingException("Invalid character encodings");
         }
 
     }
 
     /**
      * Compute a CRAM digest using the hmac_md5 algorithm. See the description
      * of RFC 2104 for algorithm details.
      * 
      * @param key
      *            The key (K) for the calculation.
      * @param input
      *            The encrypted text value.
      * 
      * @return The computed digest, as a byte array value.
      * @exception NoSuchAlgorithmException
      */
     protected byte[] computeCramDigest(byte[] key, byte[] input) throws MessagingException {
         // CRAM digests are computed using the MD5 algorithm.
         MessageDigest digest;
         try {
             digest = MessageDigest.getInstance("MD5");
         } catch (NoSuchAlgorithmException e) {
             throw new MessagingException("Unable to access MD5 message digest", e);
         }
 
         // if the key is longer than 64 bytes, then we get a digest of the key
         // and use that instead.
         // this is required by RFC 2104.
         if (key.length > 64) {
             digest.update(key);
             key = digest.digest();
         }
 
         // now we create two 64 bit padding keys, initialized with the key
         // information.
         byte[] ipad = new byte[64];
         byte[] opad = new byte[64];
 
         System.arraycopy(key, 0, ipad, 0, key.length);
         System.arraycopy(key, 0, opad, 0, key.length);
 
         // and these versions are munged by XORing with "magic" values.
 
         for (int i = 0; i < 64; i++) {
             ipad[i] ^= 0x36;
             opad[i] ^= 0x5c;
         }
 
         // now there are a pair of MD5 operations performed, and inner and an
         // outer. The spec defines this as
         // H(K XOR opad, H(K XOR ipad, text)), where H is the MD5 operation.
 
         // inner operation
         digest.reset();
         digest.update(ipad);
         digest.update(input); // this appends the text to the pad
         byte[] md5digest = digest.digest();
 
         // outer operation
         digest.reset();
         digest.update(opad);
         digest.update(md5digest);
         return digest.digest(); // final result
     }
 }