You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by GitBox <gi...@apache.org> on 2020/10/02 18:07:39 UTC
[GitHub] [geronimo-javamail] cesarhernandezgt commented on a change in pull request #1: GERONIMO-6780 added Oauth2 support for geronimo Java Mail Provider
cesarhernandezgt commented on a change in pull request #1:
URL: https://github.com/apache/geronimo-javamail/pull/1#discussion_r498972528
##########
File path: geronimo-javamail_1.6/geronimo-javamail_1.6_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java
##########
@@ -0,0 +1,628 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.geronimo.javamail.authentication;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.ArrayList;
+
+import javax.mail.AuthenticationFailedException;
+import javax.mail.MessagingException;
+
+import org.apache.geronimo.mail.util.Base64;
+import org.apache.geronimo.mail.util.Hex;
+
+/**
+ * Process a DIGEST-MD5 authentication, using the challenge/response mechanisms.
+ */
+public class DigestMD5Authenticator implements ClientAuthenticator {
+
+ protected static final int AUTHENTICATE_CLIENT = 0;
+
+ protected static final int AUTHENTICATE_SERVER = 1;
+
+ protected static final int AUTHENTICATION_COMPLETE = 2;
+
+ // the host server name
+ protected String host;
+
+ // the user we're authenticating
+ protected String username;
+
+ // the user's password (the "shared secret")
+ protected String password;
+
+ // the target login realm
+ protected String realm;
+
+ // our message digest for processing the challenges.
+ MessageDigest digest;
Review comment:
MD5 was not updated in this PR. I don't know they why's on MD5 implementation. This class was not modified and the access to that field is the same in the [1.3](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.3.1/geronimo-javamail_1.3.1_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java),[ 1.4](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java) and [1.5](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.5/geronimo-javamail_1.5_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java) currently has.
##########
File path: geronimo-javamail_1.6/geronimo-javamail_1.6_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java
##########
@@ -0,0 +1,628 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.geronimo.javamail.authentication;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.ArrayList;
+
+import javax.mail.AuthenticationFailedException;
+import javax.mail.MessagingException;
+
+import org.apache.geronimo.mail.util.Base64;
+import org.apache.geronimo.mail.util.Hex;
+
+/**
+ * Process a DIGEST-MD5 authentication, using the challenge/response mechanisms.
+ */
+public class DigestMD5Authenticator implements ClientAuthenticator {
+
+ protected static final int AUTHENTICATE_CLIENT = 0;
+
+ protected static final int AUTHENTICATE_SERVER = 1;
+
+ protected static final int AUTHENTICATION_COMPLETE = 2;
+
+ // the host server name
+ protected String host;
+
+ // the user we're authenticating
+ protected String username;
+
+ // the user's password (the "shared secret")
+ protected String password;
+
+ // the target login realm
+ protected String realm;
+
+ // our message digest for processing the challenges.
+ MessageDigest digest;
+
+ // the string we send to the server on the first challenge.
+ protected String clientResponse;
+
+ // the response back from an authentication challenge.
+ protected String authenticationResponse = null;
+
+ // our list of realms received from the server (normally just one).
+ protected ArrayList realms;
+
+ // the nonce value sent from the server
+ protected String nonce;
+
+ // indicates whether we've gone through the entire challenge process.
+ protected int stage = AUTHENTICATE_CLIENT;
+
+ /**
+ * Main constructor.
+ *
+ * @param host
+ * The server host name.
+ * @param username
+ * The login user name.
+ * @param password
+ * The login password.
+ * @param realm
+ * The target login realm (can be null).
+ */
+ public DigestMD5Authenticator(String host, String username, String password, String realm) {
+ this.host = host;
+ this.username = username;
+ this.password = password;
+ this.realm = realm;
+ }
+
+ /**
+ * Respond to the hasInitialResponse query. This mechanism does not have an
+ * initial response.
+ *
+ * @return Always returns false.
+ */
+ public boolean hasInitialResponse() {
+ return false;
+ }
+
+ /**
+ * Indicate whether the challenge/response process is complete.
+ *
+ * @return True if the last challenge has been processed, false otherwise.
+ */
+ public boolean isComplete() {
+ return stage == AUTHENTICATION_COMPLETE;
+ }
+
+ /**
+ * Retrieve the authenticator mechanism name.
+ *
+ * @return Always returns the string "DIGEST-MD5"
+ */
+ public String getMechanismName() {
+ return "DIGEST-MD5";
+ }
+
+ /**
+ * Evaluate a DIGEST-MD5 login challenge, returning the a result string that
+ * should satisfy the clallenge.
+ *
+ * @param challenge
+ * The decoded challenge data, as a string.
+ *
+ * @return A formatted challege response, as an array of bytes.
+ * @exception MessagingException
+ */
+ public byte[] evaluateChallenge(byte[] challenge) throws MessagingException {
+
+ // DIGEST-MD5 authentication goes in two stages. First state involves us
+ // validating with the
+ // server, the second stage is the server validating with us, using the
+ // shared secret.
+ switch (stage) {
+ // stage one of the process.
+ case AUTHENTICATE_CLIENT: {
+ // get the response and advance the processing stage.
+ byte[] response = authenticateClient(challenge);
+ stage = AUTHENTICATE_SERVER;
+ return response;
+ }
+
+ // stage two of the process.
+ case AUTHENTICATE_SERVER: {
+ // get the response and advance the processing stage to completed.
+ byte[] response = authenticateServer(challenge);
+ stage = AUTHENTICATION_COMPLETE;
+ return response;
+ }
+
+ // should never happen.
+ default:
+ throw new MessagingException("Invalid LOGIN challenge");
+ }
+ }
+
+ /**
+ * Evaluate a DIGEST-MD5 login server authentication challenge, returning
+ * the a result string that should satisfy the clallenge.
+ *
+ * @param challenge
+ * The decoded challenge data, as a string.
+ *
+ * @return A formatted challege response, as an array of bytes.
+ * @exception MessagingException
+ */
+ public byte[] authenticateServer(byte[] challenge) throws MessagingException {
+ // parse the challenge string and validate.
+ if (!parseChallenge(challenge)) {
+ return null;
+ }
+
+ try {
+ // like all of the client validation steps, the following is order
+ // critical.
+ // first add in the URI information.
+ digest.update((":smtp/" + host).getBytes("US-ASCII"));
+ // now mix in the response we sent originally
+ String responseString = clientResponse + new String(Hex.encode(digest.digest()), "US-ASCII");
+ digest.update(responseString.getBytes("US-ASCII"));
+
+ // now convert that into a hex encoded string.
+ String validationText = new String(Hex.encode(digest.digest()), "US-ASCII");
+
+ // if everything went well, this calculated value should match what
+ // we got back from the server.
+ // our response back is just a null string....
+ if (validationText.equals(authenticationResponse)) {
+ return new byte[0];
+ }
+ throw new AuthenticationFailedException("Invalid DIGEST-MD5 response from server");
+ } catch (UnsupportedEncodingException e) {
+ throw new MessagingException("Invalid character encodings");
+ }
+
+ }
+
+ /**
+ * Evaluate a DIGEST-MD5 login client authentication challenge, returning
+ * the a result string that should satisfy the clallenge.
+ *
+ * @param challenge
+ * The decoded challenge data, as a string.
+ *
+ * @return A formatted challege response, as an array of bytes.
+ * @exception MessagingException
+ */
+ public byte[] authenticateClient(byte[] challenge) throws MessagingException {
+ // parse the challenge string and validate.
+ if (!parseChallenge(challenge)) {
+ return null;
+ }
+
+ SecureRandom randomGenerator;
+ // before doing anything, make sure we can get the required crypto
Review comment:
MD5 was not updated in this PR. I don't know they why's on MD5 implementation. This class was not modified and the access to that field is the same in the [1.3](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.3.1/geronimo-javamail_1.3.1_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java),[ 1.4](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java) and [1.5](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.5/geronimo-javamail_1.5_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java) currently has.
##########
File path: geronimo-javamail_1.6/geronimo-javamail_1.6_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java
##########
@@ -0,0 +1,628 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.geronimo.javamail.authentication;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.ArrayList;
+
+import javax.mail.AuthenticationFailedException;
+import javax.mail.MessagingException;
+
+import org.apache.geronimo.mail.util.Base64;
+import org.apache.geronimo.mail.util.Hex;
+
+/**
+ * Process a DIGEST-MD5 authentication, using the challenge/response mechanisms.
+ */
+public class DigestMD5Authenticator implements ClientAuthenticator {
+
+ protected static final int AUTHENTICATE_CLIENT = 0;
+
+ protected static final int AUTHENTICATE_SERVER = 1;
+
+ protected static final int AUTHENTICATION_COMPLETE = 2;
+
+ // the host server name
+ protected String host;
+
+ // the user we're authenticating
+ protected String username;
+
+ // the user's password (the "shared secret")
+ protected String password;
+
+ // the target login realm
+ protected String realm;
+
+ // our message digest for processing the challenges.
+ MessageDigest digest;
+
+ // the string we send to the server on the first challenge.
+ protected String clientResponse;
+
+ // the response back from an authentication challenge.
+ protected String authenticationResponse = null;
+
+ // our list of realms received from the server (normally just one).
+ protected ArrayList realms;
+
+ // the nonce value sent from the server
+ protected String nonce;
+
+ // indicates whether we've gone through the entire challenge process.
+ protected int stage = AUTHENTICATE_CLIENT;
+
+ /**
+ * Main constructor.
+ *
+ * @param host
+ * The server host name.
+ * @param username
+ * The login user name.
+ * @param password
+ * The login password.
+ * @param realm
+ * The target login realm (can be null).
+ */
+ public DigestMD5Authenticator(String host, String username, String password, String realm) {
+ this.host = host;
+ this.username = username;
+ this.password = password;
+ this.realm = realm;
+ }
+
+ /**
+ * Respond to the hasInitialResponse query. This mechanism does not have an
+ * initial response.
+ *
+ * @return Always returns false.
+ */
+ public boolean hasInitialResponse() {
+ return false;
+ }
+
+ /**
+ * Indicate whether the challenge/response process is complete.
+ *
+ * @return True if the last challenge has been processed, false otherwise.
+ */
+ public boolean isComplete() {
+ return stage == AUTHENTICATION_COMPLETE;
+ }
+
+ /**
+ * Retrieve the authenticator mechanism name.
+ *
+ * @return Always returns the string "DIGEST-MD5"
+ */
+ public String getMechanismName() {
+ return "DIGEST-MD5";
+ }
+
+ /**
+ * Evaluate a DIGEST-MD5 login challenge, returning the a result string that
+ * should satisfy the clallenge.
+ *
+ * @param challenge
+ * The decoded challenge data, as a string.
+ *
+ * @return A formatted challege response, as an array of bytes.
+ * @exception MessagingException
+ */
+ public byte[] evaluateChallenge(byte[] challenge) throws MessagingException {
+
+ // DIGEST-MD5 authentication goes in two stages. First state involves us
+ // validating with the
+ // server, the second stage is the server validating with us, using the
+ // shared secret.
+ switch (stage) {
+ // stage one of the process.
+ case AUTHENTICATE_CLIENT: {
+ // get the response and advance the processing stage.
+ byte[] response = authenticateClient(challenge);
+ stage = AUTHENTICATE_SERVER;
+ return response;
+ }
+
+ // stage two of the process.
+ case AUTHENTICATE_SERVER: {
+ // get the response and advance the processing stage to completed.
+ byte[] response = authenticateServer(challenge);
+ stage = AUTHENTICATION_COMPLETE;
+ return response;
+ }
+
+ // should never happen.
+ default:
+ throw new MessagingException("Invalid LOGIN challenge");
+ }
+ }
+
+ /**
+ * Evaluate a DIGEST-MD5 login server authentication challenge, returning
+ * the a result string that should satisfy the clallenge.
+ *
+ * @param challenge
+ * The decoded challenge data, as a string.
+ *
+ * @return A formatted challege response, as an array of bytes.
+ * @exception MessagingException
+ */
+ public byte[] authenticateServer(byte[] challenge) throws MessagingException {
+ // parse the challenge string and validate.
+ if (!parseChallenge(challenge)) {
+ return null;
+ }
+
+ try {
+ // like all of the client validation steps, the following is order
+ // critical.
+ // first add in the URI information.
+ digest.update((":smtp/" + host).getBytes("US-ASCII"));
+ // now mix in the response we sent originally
+ String responseString = clientResponse + new String(Hex.encode(digest.digest()), "US-ASCII");
+ digest.update(responseString.getBytes("US-ASCII"));
+
+ // now convert that into a hex encoded string.
+ String validationText = new String(Hex.encode(digest.digest()), "US-ASCII");
+
+ // if everything went well, this calculated value should match what
+ // we got back from the server.
+ // our response back is just a null string....
+ if (validationText.equals(authenticationResponse)) {
+ return new byte[0];
+ }
+ throw new AuthenticationFailedException("Invalid DIGEST-MD5 response from server");
+ } catch (UnsupportedEncodingException e) {
+ throw new MessagingException("Invalid character encodings");
+ }
+
+ }
+
+ /**
+ * Evaluate a DIGEST-MD5 login client authentication challenge, returning
+ * the a result string that should satisfy the clallenge.
+ *
+ * @param challenge
+ * The decoded challenge data, as a string.
+ *
+ * @return A formatted challege response, as an array of bytes.
+ * @exception MessagingException
+ */
+ public byte[] authenticateClient(byte[] challenge) throws MessagingException {
+ // parse the challenge string and validate.
+ if (!parseChallenge(challenge)) {
+ return null;
+ }
+
+ SecureRandom randomGenerator;
+ // before doing anything, make sure we can get the required crypto
+ // support.
+ try {
+ randomGenerator = new SecureRandom();
+ digest = MessageDigest.getInstance("MD5");
+ } catch (NoSuchAlgorithmException e) {
+ throw new MessagingException("Unable to access cryptography libraries");
+ }
+
+ // if not configured for a realm, take the first realm from the list, if
+ // any
+ if (realm == null) {
+ // if not handed any realms, just use the host name.
+ if (realms.isEmpty()) {
+ realm = host;
+ } else {
+ // pretty arbitrary at this point, so just use the first one.
+ realm = (String) realms.get(0);
+ }
+ }
+
+ // use secure random to generate a collection of bytes. that is our
+ // cnonce value.
+ byte[] cnonceBytes = new byte[32];
+
+ randomGenerator.nextBytes(cnonceBytes);
+
+ try {
+ // and get this as a base64 encoded string.
+ String cnonce = new String(Base64.encode(cnonceBytes), "US-ASCII");
Review comment:
MD5 was not updated in this PR. I don't know they why's on MD5 implementation. This class was not modified and the access to that field is the same in the [1.3](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.3.1/geronimo-javamail_1.3.1_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java),[ 1.4](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.4/geronimo-javamail_1.4_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java) and [1.5](https://github.com/apache/geronimo-javamail/blob/trunk/geronimo-javamail_1.5/geronimo-javamail_1.5_provider/src/main/java/org/apache/geronimo/javamail/authentication/DigestMD5Authenticator.java) currently has.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org