Author: btellier Date: Thu Dec 17 14:56:39 2015 New Revision: 1720576 URL: http://svn.apache.org/viewvc?rev=1720576&view=rev Log: JAMES-1618 Add a STARTTLS command - RFC-5804 compliant
Added: james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/testsuite/StartTlsTest.java james/project/trunk/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test Modified: james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/host/ManageSieveSession.java james/project/trunk/mpt/impl/managesieve/file/src/test/java/org/apache/james/mpt/managesieve/file/ManageSieveFileTest.java james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/Session.java james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/CoreCommands.java james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/StartTLS.java james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCore.java james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCoreToLine.java james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/util/SettableSession.java james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java Modified: james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/host/ManageSieveSession.java URL: http://svn.apache.org/viewvc/james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/host/ManageSieveSession.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/host/ManageSieveSession.java (original) +++ james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/host/ManageSieveSession.java Thu Dec 17 14:56:39 2015 @@ -65,6 +65,10 @@ public class ManageSieveSession implemen out.write(response); isReadLast = true; } + if (settableSession.getState() == org.apache.james.managesieve.api.Session.State.SSL_NEGOCIATION) { + settableSession.setState(org.apache.james.managesieve.api.Session.State.UNAUTHENTICATED); + settableSession.setSslEnabled(true); + } return out.nextLine(); } Added: james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/testsuite/StartTlsTest.java URL: http://svn.apache.org/viewvc/james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/testsuite/StartTlsTest.java?rev=1720576&view=auto ============================================================================== --- james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/testsuite/StartTlsTest.java (added) +++ james/project/trunk/mpt/impl/managesieve/core/src/main/java/org/apache/james/mpt/testsuite/StartTlsTest.java Thu Dec 17 14:56:39 2015 @@ -0,0 +1,47 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.mpt.testsuite; + +import com.google.inject.Inject; +import org.apache.james.mpt.host.ManageSieveHostSystem; +import org.junit.Before; +import org.junit.Test; + +import java.util.Locale; + +public class StartTlsTest extends ManageSieveMPTTest { + + @Inject + private static ManageSieveHostSystem hostSystem; + + public StartTlsTest() throws Exception { + super(hostSystem); + } + + @Before + public void setUp() throws Exception { + super.setUp(); + } + + @Test + public void noopShouldWork() throws Exception { + scriptTest("starttls", Locale.US); + } +} Added: james/project/trunk/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test URL: http://svn.apache.org/viewvc/james/project/trunk/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test?rev=1720576&view=auto ============================================================================== --- james/project/trunk/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test (added) +++ james/project/trunk/mpt/impl/managesieve/core/src/main/resources/org/apache/james/managesieve/scripts/starttls.test Thu Dec 17 14:56:39 2015 @@ -0,0 +1,34 @@ +################################################################ +# Licensed to the Apache Software Foundation (ASF) under one # +# or more contributor license agreements. See the NOTICE file # +# distributed with this work for additional information # +# regarding copyright ownership. The ASF licenses this file # +# to you under the Apache License, Version 2.0 (the # +# "License"); you may not use this file except in compliance # +# with the License. You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, # +# software distributed under the License is distributed on an # +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # +# KIND, either express or implied. See the License for the # +# specific language governing permissions and limitations # +# under the License. # +################################################################ + +C: STARTTLS +S: OK + +C: STARTTLS +S: NO You can't enable two time SSL encryption + +C: AUTHENTICATE "PLAIN" +S: \+ "" +C: user password +S: OK authentication successfull + +C: STARTTLS +S: NO command STARTTLS is issued in the wrong state. It must be issued as you are unauthenticated + +C: LOGOUT \ No newline at end of file Modified: james/project/trunk/mpt/impl/managesieve/file/src/test/java/org/apache/james/mpt/managesieve/file/ManageSieveFileTest.java URL: http://svn.apache.org/viewvc/james/project/trunk/mpt/impl/managesieve/file/src/test/java/org/apache/james/mpt/managesieve/file/ManageSieveFileTest.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/mpt/impl/managesieve/file/src/test/java/org/apache/james/mpt/managesieve/file/ManageSieveFileTest.java (original) +++ james/project/trunk/mpt/impl/managesieve/file/src/test/java/org/apache/james/mpt/managesieve/file/ManageSieveFileTest.java Thu Dec 17 14:56:39 2015 @@ -22,6 +22,7 @@ package org.apache.james.mpt.managesieve import org.apache.james.mpt.testsuite.AuthenticateTest; import org.apache.james.mpt.testsuite.LogoutTest; import org.apache.james.mpt.testsuite.NoopTest; +import org.apache.james.mpt.testsuite.StartTlsTest; import org.apache.james.mpt.testsuite.UnauthenticatedTest; import org.apache.onami.test.OnamiSuite; import org.apache.onami.test.annotation.GuiceModules; @@ -34,7 +35,8 @@ import org.junit.runners.Suite; NoopTest.class, UnauthenticatedTest.class, LogoutTest.class, - AuthenticateTest.class + AuthenticateTest.class, + StartTlsTest.class }) public class ManageSieveFileTest { } Modified: james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/Session.java URL: http://svn.apache.org/viewvc/james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/Session.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/Session.java (original) +++ james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/Session.java Thu Dec 17 14:56:39 2015 @@ -28,7 +28,8 @@ public interface Session { UNAUTHENTICATED, AUTHENTICATION_IN_PROGRESS, AUTHENTICATED, - TERMINATED + TERMINATED, + SSL_NEGOCIATION } boolean isAuthenticated(); @@ -45,4 +46,8 @@ public interface Session { void setChoosedAuthenticationMechanism(Authenticate.SupportedMechanism choosedAuthenticationMechanism); + void setSslEnabled(boolean sslEnabled); + + boolean isSslEnabled(); + } Modified: james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/CoreCommands.java URL: http://svn.apache.org/viewvc/james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/CoreCommands.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/CoreCommands.java (original) +++ james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/CoreCommands.java Thu Dec 17 14:56:39 2015 @@ -26,6 +26,6 @@ package org.apache.james.managesieve.api * @see <a href=http://tools.ietf.org/html/rfc5804#section-2>RFC 5804 Commands</a> */ public interface CoreCommands extends Capability, CheckScript, DeleteScript, GetScript, HaveSpace, - ListScripts, PutScript, RenameScript, SetActive, GetActive, Noop, Unauthenticate, Logout, Authenticate { + ListScripts, PutScript, RenameScript, SetActive, GetActive, Noop, Unauthenticate, Logout, Authenticate, StartTLS { } Modified: james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/StartTLS.java URL: http://svn.apache.org/viewvc/james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/StartTLS.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/StartTLS.java (original) +++ james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/api/commands/StartTLS.java Thu Dec 17 14:56:39 2015 @@ -20,11 +20,13 @@ package org.apache.james.managesieve.api.commands; +import org.apache.james.managesieve.api.Session; + /** * @see <a href=http://tools.ietf.org/html/rfc5804#section-2.2>RFC 5804 STARTTLS Command</a> */ public interface StartTLS { - void startTLS(); + String startTLS(Session session); } Modified: james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java URL: http://svn.apache.org/viewvc/james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java (original) +++ james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/core/CoreProcessor.java Thu Dec 17 14:56:39 2015 @@ -239,6 +239,19 @@ public class CoreProcessor implements Co throw new SessionTerminatedException(); } + @Override + public String startTLS(Session session) { + if (session.getState() == Session.State.UNAUTHENTICATED) { + if (session.isSslEnabled()) { + return "NO You can't enable two time SSL encryption"; + } + session.setState(Session.State.SSL_NEGOCIATION); + return "OK"; + } else { + return "NO command STARTTLS is issued in the wrong state. It must be issued as you are unauthenticated"; + } + } + protected void authenticationCheck(Session session) throws AuthenticationRequiredException { if (!session.isAuthenticated()) { throw new AuthenticationRequiredException(); Modified: james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCore.java URL: http://svn.apache.org/viewvc/james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCore.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCore.java (original) +++ james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCore.java Thu Dec 17 14:56:39 2015 @@ -198,6 +198,10 @@ public class LineToCore{ throw new ArgumentException("Too many arguments: " + scanner.next()); } return core.getActive(session); - } + } + + public String startTLS(Session session) { + return core.startTLS(session); + } } Modified: james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCoreToLine.java URL: http://svn.apache.org/viewvc/james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCoreToLine.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCoreToLine.java (original) +++ james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/LineToCoreToLine.java Thu Dec 17 14:56:39 2015 @@ -266,4 +266,8 @@ public class LineToCoreToLine { } } + public String startTLS(Session session) { + return lineToCore.startTLS(session); + } + } Modified: james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java URL: http://svn.apache.org/viewvc/james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java (original) +++ james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/transcode/ManageSieveProcessor.java Thu Dec 17 14:56:39 2015 @@ -111,7 +111,7 @@ public class ManageSieveProcessor { } else if (command.equals(SETACTIVE)) { return lineToCoreToLine.setActive(session, arguments); } else if (command.equals(STARTTLS)) { - return "NO STARTTLS command not yet implemented"; + return lineToCoreToLine.startTLS(session); } else if (command.equals(UNAUTHENTICATE)) { return lineToCoreToLine.unauthenticate(session, arguments); } Modified: james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/util/SettableSession.java URL: http://svn.apache.org/viewvc/james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/util/SettableSession.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/util/SettableSession.java (original) +++ james/project/trunk/protocols/managesieve/src/main/java/org/apache/james/managesieve/util/SettableSession.java Thu Dec 17 14:56:39 2015 @@ -28,9 +28,11 @@ public class SettableSession implements private String user; private State state; private Authenticate.SupportedMechanism choosedAuthenticationMechanism; + private boolean sslEnabled; public SettableSession() { this.state = State.UNAUTHENTICATED; + this.sslEnabled = false; } public String getUser() { @@ -62,4 +64,12 @@ public class SettableSession implements public void setChoosedAuthenticationMechanism(Authenticate.SupportedMechanism choosedAuthenticationMechanism) { this.choosedAuthenticationMechanism = choosedAuthenticationMechanism; } + + public void setSslEnabled(boolean sslEnabled) { + this.sslEnabled = sslEnabled; + } + + public boolean isSslEnabled() { + return sslEnabled; + } } Modified: james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java URL: http://svn.apache.org/viewvc/james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java (original) +++ james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveChannelUpstreamHandler.java Thu Dec 17 14:56:39 2015 @@ -36,20 +36,28 @@ import org.jboss.netty.channel.Exception import org.jboss.netty.channel.MessageEvent; import org.jboss.netty.channel.SimpleChannelUpstreamHandler; import org.jboss.netty.handler.codec.frame.TooLongFrameException; +import org.jboss.netty.handler.ssl.SslHandler; import org.slf4j.Logger; +import javax.net.ssl.SSLContext; import java.net.InetSocketAddress; public class ManageSieveChannelUpstreamHandler extends SimpleChannelUpstreamHandler { + final static String SSL_HANDLER = "sslHandler"; + private final Logger logger; private final ChannelLocal<Session> attributes; private final ManageSieveProcessor manageSieveProcessor; + private final SSLContext sslContext; + private final String[] enabledCipherSuites; - public ManageSieveChannelUpstreamHandler(ManageSieveProcessor manageSieveProcessor, Logger logger) { + public ManageSieveChannelUpstreamHandler(ManageSieveProcessor manageSieveProcessor, SSLContext sslContext, String[] enabledCipherSuites, Logger logger) { this.logger = logger; this.attributes = new ChannelLocal<Session>(); this.manageSieveProcessor = manageSieveProcessor; + this.sslContext = sslContext; + this.enabledCipherSuites = enabledCipherSuites; } @Override @@ -105,4 +113,17 @@ public class ManageSieveChannelUpstreamH private Logger getLogger(Channel channel) { return new Slf4jLoggerAdapter(new ProtocolSessionLogger("" + channel.getId(), new ProtocolLoggerAdapter(logger))); } + + private void turnSSLon(Channel channel) { + channel.setReadable(false); + + SslHandler filter = new SslHandler(sslContext.createSSLEngine(), false); + filter.getEngine().setUseClientMode(false); + if (enabledCipherSuites != null && enabledCipherSuites.length > 0) { + filter.getEngine().setEnabledCipherSuites(enabledCipherSuites); + } + channel.getPipeline().addFirst(SSL_HANDLER, filter); + + channel.setReadable(true); + } } Modified: james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java URL: http://svn.apache.org/viewvc/james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java?rev=1720576&r1=1720575&r2=1720576&view=diff ============================================================================== --- james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java (original) +++ james/project/trunk/server/protocols/protocols-managesieve/src/main/java/org/apache/james/managesieveserver/netty/ManageSieveServer.java Thu Dec 17 14:56:39 2015 @@ -79,7 +79,7 @@ public class ManageSieveServer extends A @Override protected ChannelUpstreamHandler createCoreHandler() { - return new ManageSieveChannelUpstreamHandler(manageSieveProcessor, LOGGER); + return new ManageSieveChannelUpstreamHandler(manageSieveProcessor, getEncryption().getContext(), getEnabledCipherSuites(), LOGGER); } @Override --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org