This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit ed81e1374b8a2d2347b02f785deca5d6868251ad
Author: Benoit Tellier <btell...@linagora.com>
AuthorDate: Wed Mar 23 10:15:11 2022 +0700
JAMES-3738 Encryption should be able to create Ssl handler
---
.../netty/AbstractSSLAwareChannelPipelineFactory.java | 10 +---------
.../james/protocols/netty/BasicChannelInboundHandler.java | 11 ++---------
.../java/org/apache/james/protocols/netty/Encryption.java | 12 +++++++++++-
.../james/protocols/netty/NettyProtocolTransport.java | 14 +++++---------
.../java/org/apache/james/imapserver/netty/IMAPServer.java | 10 +---------
.../apache/james/imapserver/netty/NettyImapSession.java | 6 +-----
.../netty/ManageSieveChannelUpstreamHandler.java | 5 +----
.../james/managesieveserver/netty/ManageSieveServer.java | 12 ++----------
8 files changed, 24 insertions(+), 56 deletions(-)
diff --git
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/AbstractSSLAwareChannelPipelineFactory.java
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/AbstractSSLAwareChannelPipelineFactory.java
index 16b49f2790..74770856f1 100644
---
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/AbstractSSLAwareChannelPipelineFactory.java
+++
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/AbstractSSLAwareChannelPipelineFactory.java
@@ -18,12 +18,9 @@
****************************************************************/
package org.apache.james.protocols.netty;
-import javax.net.ssl.SSLEngine;
-
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.SocketChannel;
-import io.netty.handler.ssl.SslHandler;
import io.netty.util.concurrent.EventExecutorGroup;
@@ -55,12 +52,7 @@ public abstract class
AbstractSSLAwareChannelPipelineFactory<C extends SocketCha
super.initChannel(channel);
if (isSSLSocket()) {
- ChannelPipeline pipeline = channel.pipeline();
- // We need to set clientMode to false.
- // See https://issues.apache.org/jira/browse/JAMES-1025
- SSLEngine engine = secure.createSSLEngine();
- engine.setUseClientMode(false);
- pipeline.addFirst(HandlerConstants.SSL_HANDLER, new
SslHandler(engine));
+ channel.pipeline().addFirst(HandlerConstants.SSL_HANDLER,
secure.sslHandler());
}
}
diff --git
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/BasicChannelInboundHandler.java
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/BasicChannelInboundHandler.java
index 9a8c2a4b46..2333a79b81 100644
---
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/BasicChannelInboundHandler.java
+++
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/BasicChannelInboundHandler.java
@@ -28,8 +28,6 @@ import java.util.List;
import java.util.Optional;
import java.util.concurrent.ConcurrentLinkedDeque;
-import javax.net.ssl.SSLEngine;
-
import org.apache.james.protocols.api.CommandDetectionSession;
import org.apache.james.protocols.api.Protocol;
import org.apache.james.protocols.api.ProtocolSession;
@@ -198,13 +196,8 @@ public class BasicChannelInboundHandler extends
ChannelInboundHandlerAdapter imp
- protected ProtocolSession createSession(ChannelHandlerContext ctx) throws
Exception {
- SSLEngine engine = null;
- if (secure != null) {
- engine = secure.createSSLEngine();
- }
-
- return protocol.newSession(new NettyProtocolTransport(ctx.channel(),
engine));
+ protected ProtocolSession createSession(ChannelHandlerContext ctx) {
+ return protocol.newSession(new NettyProtocolTransport(ctx.channel(),
secure));
}
@Override
diff --git
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/Encryption.java
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/Encryption.java
index 5841a75f0f..09982d5fe6 100644
---
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/Encryption.java
+++
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/Encryption.java
@@ -25,6 +25,8 @@ import javax.net.ssl.SSLEngine;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.james.protocols.api.ClientAuth;
+import io.netty.handler.ssl.SslHandler;
+
/**
* This class should be used to setup encrypted protocol handling
*/
@@ -117,7 +119,7 @@ public final class Encryption {
* Create a new {@link SSLEngine} configured according to this class.
* @return sslengine
*/
- public SSLEngine createSSLEngine() {
+ private SSLEngine createSSLEngine() {
SSLEngine engine = context.createSSLEngine();
// We need to copy the String array because of possible security
issues.
@@ -135,4 +137,12 @@ public final class Encryption {
}
return engine;
}
+
+ public SslHandler sslHandler() {
+ SSLEngine engine = createSSLEngine();
+ // We need to set clientMode to false.
+ // See https://issues.apache.org/jira/browse/JAMES-1025
+ engine.setUseClientMode(false);
+ return new SslHandler(engine);
+ }
}
diff --git
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/NettyProtocolTransport.java
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/NettyProtocolTransport.java
index c7509383ea..05a8aa6821 100644
---
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/NettyProtocolTransport.java
+++
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/NettyProtocolTransport.java
@@ -25,8 +25,6 @@ import java.io.InputStream;
import java.net.InetSocketAddress;
import java.nio.channels.FileChannel;
-import javax.net.ssl.SSLEngine;
-
import org.apache.james.protocols.api.AbstractProtocolTransport;
import org.apache.james.protocols.api.ProtocolSession;
import org.apache.james.protocols.api.handler.LineHandler;
@@ -45,11 +43,11 @@ import io.netty.handler.stream.ChunkedStream;
public class NettyProtocolTransport extends AbstractProtocolTransport {
private final Channel channel;
- private final SSLEngine engine;
+ private final Encryption encryption;
- public NettyProtocolTransport(Channel channel, SSLEngine engine) {
+ public NettyProtocolTransport(Channel channel, Encryption encryption) {
this.channel = channel;
- this.engine = engine;
+ this.encryption = encryption;
}
@Override
@@ -69,7 +67,7 @@ public class NettyProtocolTransport extends
AbstractProtocolTransport {
@Override
public boolean isStartTLSSupported() {
- return engine != null;
+ return encryption != null && encryption.isStartTLS();
}
@@ -84,9 +82,7 @@ public class NettyProtocolTransport extends
AbstractProtocolTransport {
* Add the {@link SslHandler} to the pipeline and start encrypting after
the next written message
*/
private void prepareStartTLS() {
- SslHandler filter = new SslHandler(engine, true);
- filter.engine().setUseClientMode(false);
- channel.pipeline().addFirst(HandlerConstants.SSL_HANDLER, filter);
+ channel.pipeline().addFirst(HandlerConstants.SSL_HANDLER,
encryption.sslHandler());
}
@Override
diff --git
a/server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
b/server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
index 0540a41012..fa73574494 100644
---
a/server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
+++
b/server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
@@ -22,8 +22,6 @@ import java.net.MalformedURLException;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
-import javax.net.ssl.SSLEngine;
-
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.configuration2.tree.ImmutableNode;
@@ -51,7 +49,6 @@ import com.google.common.collect.ImmutableSet;
import io.netty.channel.Channel;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelPipeline;
-import io.netty.handler.ssl.SslHandler;
import io.netty.handler.stream.ChunkedWriteHandler;
@@ -235,12 +232,7 @@ public class IMAPServer extends
AbstractConfigurableAsyncServer implements ImapC
Encryption secure = getEncryption();
if (secure != null && !secure.isStartTLS()) {
- // We need to set clientMode to false.
- // See https://issues.apache.org/jira/browse/JAMES-1025
- SSLEngine engine = secure.createSSLEngine();
- engine.setUseClientMode(false);
- pipeline.addFirst(SSL_HANDLER, new SslHandler(engine));
-
+ pipeline.addFirst(SSL_HANDLER, secure.sslHandler());
}
pipeline.addLast(CHUNK_WRITE_HANDLER, new
ChunkedWriteHandler());
diff --git
a/server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapSession.java
b/server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapSession.java
index 0099d20af5..c8845ebc24 100644
---
a/server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapSession.java
+++
b/server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapSession.java
@@ -47,7 +47,6 @@ import io.netty.handler.codec.compression.JZlibEncoder;
import io.netty.handler.codec.compression.ZlibDecoder;
import io.netty.handler.codec.compression.ZlibEncoder;
import io.netty.handler.codec.compression.ZlibWrapper;
-import io.netty.handler.ssl.SslHandler;
public class NettyImapSession implements ImapSession, NettyConstants {
private static final int BUFFER_SIZE = 2048;
@@ -161,10 +160,7 @@ public class NettyImapSession implements ImapSession,
NettyConstants {
channel.config().setAutoRead(false);
write(statusResponse);
- SslHandler filter = new SslHandler(secure.createSSLEngine(), false);
-
- filter.engine().setUseClientMode(false);
- channel.pipeline().addFirst(SSL_HANDLER, filter);
+ channel.pipeline().addFirst(SSL_HANDLER, secure.sslHandler());
stopDetectingCommandInjection();
channel.config().setAutoRead(true);
diff --git
a/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
b/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
index 8687f8df18..2a1098b041 100644
---
a/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
+++
b/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java
@@ -38,7 +38,6 @@ import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.TooLongFrameException;
-import io.netty.handler.ssl.SslHandler;
@ChannelHandler.Sharable
public class ManageSieveChannelUpstreamHandler extends
ChannelInboundHandlerAdapter {
@@ -144,9 +143,7 @@ public class ManageSieveChannelUpstreamHandler extends
ChannelInboundHandlerAdap
private void turnSSLon(Channel channel) {
if (secure != null) {
channel.config().setAutoRead(false);
- SslHandler filter = new SslHandler(secure.createSSLEngine(),
false);
- filter.engine().setUseClientMode(false);
- channel.pipeline().addFirst(SSL_HANDLER, filter);
+ channel.pipeline().addFirst(SSL_HANDLER, secure.sslHandler());
channel.config().setAutoRead(true);
}
}
diff --git
a/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java
b/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java
index 492dd1172f..93ab6ab22c 100644
---
a/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java
+++
b/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java
@@ -25,8 +25,6 @@ import static
org.apache.james.protocols.netty.HandlerConstants.CONNECTION_LIMIT
import java.util.Optional;
-import javax.net.ssl.SSLEngine;
-
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.configuration2.tree.ImmutableNode;
@@ -46,7 +44,6 @@ import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.string.StringDecoder;
import io.netty.handler.codec.string.StringEncoder;
-import io.netty.handler.ssl.SslHandler;
import io.netty.handler.stream.ChunkedWriteHandler;
import io.netty.util.CharsetUtil;
@@ -103,16 +100,11 @@ public class ManageSieveServer extends
AbstractConfigurableAsyncServer implement
}
@Override
- public void initChannel(Channel channel) throws Exception {
+ public void initChannel(Channel channel) {
ChannelPipeline pipeline = channel.pipeline();
Encryption secure = getEncryption();
if (secure != null && !secure.isStartTLS()) {
- // We need to set clientMode to false.
- // See https://issues.apache.org/jira/browse/JAMES-1025
- SSLEngine engine = secure.createSSLEngine();
- engine.setUseClientMode(false);
- pipeline.addFirst(SSL_HANDLER, new SslHandler(engine));
-
+ pipeline.addFirst(SSL_HANDLER, secure.sslHandler());
}
connectionLimitUpstreamHandler.ifPresent(handler ->
pipeline.addLast(CONNECTION_LIMIT_HANDLER, handler));
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org
