public void execute(AbstractPop3Handler handler, AbstractPop3Connection conn, String cmd) {
try {
if (!handler.isUsingAPOPAuthMethod(conn)) conn.println("-ERR APOP not authorized");
else {
String[] cmdLine = StringUtilities.split(cmd);
if (cmdLine.length < 3) {
conn.println("-ERR Required syntax: APOP <name> <digest>");
return;
}
String username = cmdLine[1];
Pop3State state = conn.getState();
state.setUser(state.getUser(username));
byte[] uniqueKey =
(state.getGeneratedAPOPBanner() + state.getUser().getPassword())
.getBytes(MailsterConstants.DEFAULT_CHARSET_NAME);
String hash = null;
synchronized (md5) {
md5.Init();
md5.Update(uniqueKey);
hash = md5.asHex();
}
if (hash.equals(cmdLine[2])) tryLockingMailbox(conn);
else conn.println("-ERR permission denied");
}
} catch (Exception ex) {
// Shouldn't append cause we automatically create the mailbox.
// RFC 1939 states it is a security threat to respond -ERR
// as it is giving potential attackers clues about which names are
// valid
conn.println("-ERR " + ex.getMessage());
}
}
public boolean isValidForState(Pop3State state) {
return !state.isAuthenticated();
}
