public boolean auth()

in src/main/java/org/apache/commons/net/smtp/AuthenticatingSMTPClient.java [163:203]

• 32 lines of code
• 8 McCabe index (conditional complexity)

    public boolean auth(final AuthenticatingSMTPClient.AUTH_METHOD method, final String user, final String password)
            throws IOException, NoSuchAlgorithmException, InvalidKeyException {
        if (!SMTPReply.isPositiveIntermediate(sendCommand(SMTPCommand.AUTH, AUTH_METHOD.getAuthName(method)))) {
            return false;
        }

        if (method.equals(AUTH_METHOD.PLAIN)) {
            // the server sends an empty response ("334 "), so we don't have to read it.
            return SMTPReply
                    .isPositiveCompletion(sendCommand(Base64.getEncoder().encodeToString(("\000" + user + "\000" + password).getBytes(getCharset()))));
        }
        if (method.equals(AUTH_METHOD.CRAM_MD5)) {
            // get the CRAM challenge
            final byte[] serverChallenge = Base64.getDecoder().decode(getReplyString().substring(4).trim());
            // get the Mac instance
            final Mac hmacMd5 = Mac.getInstance(MAC_ALGORITHM);
            hmacMd5.init(new SecretKeySpec(password.getBytes(getCharset()), MAC_ALGORITHM));
            // compute the result:
            final byte[] hmacResult = convertToHexString(hmacMd5.doFinal(serverChallenge)).getBytes(getCharset());
            // join the byte arrays to form the reply
            final byte[] userNameBytes = user.getBytes(getCharset());
            final byte[] toEncode = new byte[userNameBytes.length + 1 /* the space */ + hmacResult.length];
            System.arraycopy(userNameBytes, 0, toEncode, 0, userNameBytes.length);
            toEncode[userNameBytes.length] = ' ';
            System.arraycopy(hmacResult, 0, toEncode, userNameBytes.length + 1, hmacResult.length);
            // send the reply and read the server code:
            return SMTPReply.isPositiveCompletion(sendCommand(Base64.getEncoder().encodeToString(toEncode)));
        }
        if (method.equals(AUTH_METHOD.LOGIN)) {
            // the server sends fixed responses (base64("UserName") and
            // base64("Password")), so we don't have to read them.
            if (!SMTPReply.isPositiveIntermediate(sendCommand(Base64.getEncoder().encodeToString(user.getBytes(getCharset()))))) {
                return false;
            }
            return SMTPReply.isPositiveCompletion(sendCommand(Base64.getEncoder().encodeToString(password.getBytes(getCharset()))));
        }
        if (method.equals(AUTH_METHOD.XOAUTH) || method.equals(AUTH_METHOD.XOAUTH2)) {
            return SMTPReply.isPositiveIntermediate(sendCommand(Base64.getEncoder().encodeToString(user.getBytes(getCharset()))));
        }
        return false; // safety check
    }