commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sgoes...@apache.org
Subject svn commit: r1296887 - in /commons/proper/email/trunk/src: changes/changes.xml java/org/apache/commons/mail/Email.java site/xdoc/userguide.xml test/org/apache/commons/mail/EmailLiveTest.java test/org/apache/commons/mail/settings/EmailConfiguration.java
Date Sun, 04 Mar 2012 21:59:48 GMT
Author: sgoeschl
Date: Sun Mar  4 21:59:47 2012
New Revision: 1296887

URL: http://svn.apache.org/viewvc?rev=1296887&view=rev
Log:
[EMAIL-105] he patch actually broke sending emails over a secured connection - disabled the
"MAIL_SMTP_SSL_CHECKSERVERIDENTITY" and "MAIL_SMTP_SSL_ENABLE" activation. Tested the functionality
using GMail, GMX and Office365 so the code is at least working for a couple of existing SMTP
servers. Also added 'sslCheckServerIdentity' including setter and getter. Also added a chapter
regarding "Security" to the user manua

Modified:
    commons/proper/email/trunk/src/changes/changes.xml
    commons/proper/email/trunk/src/java/org/apache/commons/mail/Email.java
    commons/proper/email/trunk/src/site/xdoc/userguide.xml
    commons/proper/email/trunk/src/test/org/apache/commons/mail/EmailLiveTest.java
    commons/proper/email/trunk/src/test/org/apache/commons/mail/settings/EmailConfiguration.java

Modified: commons/proper/email/trunk/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/commons/proper/email/trunk/src/changes/changes.xml?rev=1296887&r1=1296886&r2=1296887&view=diff
==============================================================================
--- commons/proper/email/trunk/src/changes/changes.xml (original)
+++ commons/proper/email/trunk/src/changes/changes.xml Sun Mar  4 21:59:47 2012
@@ -23,6 +23,16 @@
 
   <body>
     <release version="1.3" date="as in SVN">
+        <action dev="sgoeschl" type="fix" issue="EMAIL-105" date="2012-02-04" due-to="Siegfried
Goeschl">
+            The patch actually broke sending emails over a secured connection - disabled
the
+            "MAIL_SMTP_SSL_CHECKSERVERIDENTITY" and "MAIL_SMTP_SSL_ENABLE" activation. Tested
+            the functionality using GMail, GMX and Office365 so the code is at least working
for
+            a couple of existing SMTP servers. Also added 'sslCheckServerIdentity' including
+            setter and getter. Also added a chapter regarding "Security" to the user manual.
+        </action>
+        <action dev="sgoeschl" type="add" issue="EMAIL-113" date="2012-02-19" due-to="Peter
Kofler">
+           Maven Site fails with error in Checkstyle configuration.
+        </action>
         <action dev="sgoeschl" type="add" issue="EMAIL-112" date="2012-02-19" due-to="Peter
Kofler">
            DataSourceFileResolverTest fails under IBM JDK 1.4 and 1.6 running on Windows.
         </action>

Modified: commons/proper/email/trunk/src/java/org/apache/commons/mail/Email.java
URL: http://svn.apache.org/viewvc/commons/proper/email/trunk/src/java/org/apache/commons/mail/Email.java?rev=1296887&r1=1296886&r2=1296887&view=diff
==============================================================================
--- commons/proper/email/trunk/src/java/org/apache/commons/mail/Email.java (original)
+++ commons/proper/email/trunk/src/java/org/apache/commons/mail/Email.java Sun Mar  4 21:59:47
2012
@@ -159,25 +159,45 @@ public abstract class Email implements E
 
     /**
      * Does server require TLS encryption for authentication?
-     * @deprecated  since 1.3, use setStartTLSRequired() instead
+     * @deprecated  since 1.3, use setStartTLSEnabled() instead
      */
     protected boolean tls;
 
     /**
-     * Does the current transport use SSL/TLS encryption upon connection?
-     * @deprecated since 1.3, use setSSLOnConnect() instead
+     * If true, enables the use of the STARTTLS command (if supported by
+     * the server) to switch the connection to a TLS-protected connection
+     * before issuing any login commands. Note that an appropriate trust
+     * store must configured so that the client will trust the server's
+     * certificate.
+     * Defaults to false.
      */
-    protected boolean ssl;
-
-    /** does client want STARTTLS encryption */
     private boolean startTlsEnabled;
 
-    /** does client require STARTTLS encryption */
+    /**
+     * If true, requires the use of the STARTTLS command. If the server doesn't
+     * support the STARTTLS command, or the command fails, the connect method
+     * will fail.
+     * Defaults to false.
+     */
     private boolean startTlsRequired;
 
+    /**
+     * Does the current transport use SSL/TLS encryption upon connection?
+     * @deprecated since 1.3, use setSSLOnConnect() instead
+     */
+    protected boolean ssl;
+
     /** does the current transport use SSL/TLS encryption upon connection? */
     private boolean sslOnConnect;
 
+    /**
+     * If set to true, check the server identity as specified by RFC 2595. These
+     * additional checks based on the content of the server's certificate are
+     * intended to prevent man-in-the-middle attacks.
+     * Defaults to false.
+     */
+    private boolean sslCheckServerIdentity;
+
     /** socket I/O timeout value in milliseconds */
     protected int socketTimeout = SOCKET_TIMEOUT_MS;
 
@@ -510,23 +530,22 @@ public abstract class Email implements E
                 properties.setProperty(MAIL_SMTP_AUTH, "true");
             }
 
-            if (isSSLOnConnect() || isStartTLSEnabled() || isStartTLSRequired())
-            {
-                properties.setProperty(MAIL_SMTP_SSL_SOCKET_FACTORY_PORT, this.sslSmtpPort);
-                properties.setProperty(MAIL_SMTP_SSL_SOCKET_FACTORY_CLASS, "javax.net.ssl.SSLSocketFactory");
-                properties.setProperty(MAIL_SMTP_SOCKET_FACTORY_FALLBACK, "false");
-                properties.put(MAIL_SMTP_SSL_CHECKSERVERIDENTITY, Boolean.TRUE);
-            }
-
             if (isSSLOnConnect())
             {
-                properties.put(MAIL_SMTP_SSL_ENABLE, Boolean.TRUE);
                 properties.setProperty(MAIL_PORT, this.sslSmtpPort);
                 properties.setProperty(MAIL_SMTP_SOCKET_FACTORY_PORT, this.sslSmtpPort);
                 properties.setProperty(MAIL_SMTP_SOCKET_FACTORY_CLASS, "javax.net.ssl.SSLSocketFactory");
                 properties.setProperty(MAIL_SMTP_SOCKET_FACTORY_FALLBACK, "false");
             }
 
+            if (isSSLOnConnect() || isStartTLSEnabled())
+            {
+                if(isSSLCheckServerIdentity())
+                {
+                    properties.setProperty(MAIL_SMTP_SSL_CHECKSERVERIDENTITY, "true");
+                }
+            }
+
             if (this.bounceAddress != null)
             {
                 properties.setProperty(MAIL_SMTP_FROM, this.bounceAddress);
@@ -1400,6 +1419,16 @@ public abstract class Email implements E
         return this;
     }
 
+    public boolean isSSLCheckServerIdentity()
+    {
+        return sslCheckServerIdentity;
+    }
+
+    public void setSSLCheckServerIdentity(boolean sslCheckServerIdentity)
+    {
+        this.sslCheckServerIdentity = sslCheckServerIdentity;
+    }
+
     /**
      * Returns the current SSL port used by the SMTP transport.
      *

Modified: commons/proper/email/trunk/src/site/xdoc/userguide.xml
URL: http://svn.apache.org/viewvc/commons/proper/email/trunk/src/site/xdoc/userguide.xml?rev=1296887&r1=1296886&r2=1296887&view=diff
==============================================================================
--- commons/proper/email/trunk/src/site/xdoc/userguide.xml (original)
+++ commons/proper/email/trunk/src/site/xdoc/userguide.xml Sun Mar  4 21:59:47 2012
@@ -32,7 +32,7 @@
       <source>
 <![CDATA[
 Email email = new SimpleEmail();
-email.setHostName("smtp.gmail.com");
+email.setHostName("smtp.googlemail.com");
 email.setSmtpPort(465);
 email.setAuthenticator(new DefaultAuthenticator("username", "password"));
 email.setSSLOnConnect(true);
@@ -223,6 +223,12 @@ import org.apache.commons.mail.HtmlEmail
         of the mail classes by calling setDebug(true).  The debugging output
         will be written to <code>System.out</code>.
       </p>
+      <p>
+        Sometimes you want to experiment with various security setting or
+        features of commons-email. A good starting point is the test class
+        <code>EmailLiveTest</code> and <code>EmailConfiguration</code>
which
+        are used for testing commons-email with real SMTP servers.
+      </p>      
     </section>
     <section name="Authentication">
       <p>
@@ -243,6 +249,46 @@ import org.apache.commons.mail.HtmlEmail
         <code>Email.setAuthenticator</code> method.
       </p>
     </section>
+    <section name="Security">
+      <p>
+        Nowadays you should not use plain SMTP protocol when using public SMTP servers 
+        but there is a some confusion regarding the available options.
+      </p>
+      <p>  
+        Two commons options are using 
+        <ul>
+          <li>STARTTLS on port 25</li>
+          <li>SSL on port 465</li>
+        </ul>
+        The following definitions were taken from Wikipedia
+        <ul>
+          <li>
+            STARTTLS is an extension to plain text communication protocols, which offers
a 
+            way to upgrade a plain text connection to an encrypted (TLS or SSL) connection

+            instead of using a separate port for encrypted communication.
+          </li>
+          <li>
+            Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL),

+            are cryptographic protocols that provide communication security over the 
+            Internet.TLS and SSL encrypt the segments of network connections above the 
+            Transport Layer, using asymmetric cryptography for key exchange, symmetric 
+            encryption for privacy, and message authentication codes for message integrity.
+          </li>
+        </ul>
+        In addition you can force the following security checks (which are disabled by default)
+        <ul>
+          <li>
+            When using a secured transport (STARTTLS or SSL) you can force validating the
server's 
+            certificate by calling <code>Email.setSSLCheckServerIdentity(true). Having
said that
+            this does not seem to work on any of my test servers (GMAIL, GMX).
+          </code>
+          </li>
+          <li>
+            Enforce using STARTTLS by calling <code>Email.setStartTLSRequired(true)</code>
+          </li>
+        </ul>
+      </p>
+    </section>
     <section name="Handling Bounced Messages">
       <p>
         Normally, messages which cannot be delivered to a recipient are returned to the

Modified: commons/proper/email/trunk/src/test/org/apache/commons/mail/EmailLiveTest.java
URL: http://svn.apache.org/viewvc/commons/proper/email/trunk/src/test/org/apache/commons/mail/EmailLiveTest.java?rev=1296887&r1=1296886&r2=1296887&view=diff
==============================================================================
--- commons/proper/email/trunk/src/test/org/apache/commons/mail/EmailLiveTest.java (original)
+++ commons/proper/email/trunk/src/test/org/apache/commons/mail/EmailLiveTest.java Sun Mar
 4 21:59:47 2012
@@ -96,7 +96,9 @@ public class EmailLiveTest extends BaseE
         Email email = (Email) clazz.newInstance();
 
         email.setStartTLSEnabled(EmailConfiguration.MAIL_USE_STARTTLS);
+        email.setStartTLSRequired(EmailConfiguration.MAIL_STARTTLS_REQUIRED);
         email.setSSLOnConnect(EmailConfiguration.MAIL_USE_SSL);
+        email.setSSLCheckServerIdentity(EmailConfiguration.MAIL_SSL_CHECKSERVERIDENTITY);
         email.setHostName(EmailConfiguration.MAIL_SERVER);
         email.setSmtpPort(EmailConfiguration.MAIL_SERVER_PORT);
         email.setBounceAddress(EmailConfiguration.TEST_FROM);

Modified: commons/proper/email/trunk/src/test/org/apache/commons/mail/settings/EmailConfiguration.java
URL: http://svn.apache.org/viewvc/commons/proper/email/trunk/src/test/org/apache/commons/mail/settings/EmailConfiguration.java?rev=1296887&r1=1296886&r2=1296887&view=diff
==============================================================================
--- commons/proper/email/trunk/src/test/org/apache/commons/mail/settings/EmailConfiguration.java
(original)
+++ commons/proper/email/trunk/src/test/org/apache/commons/mail/settings/EmailConfiguration.java
Sun Mar  4 21:59:47 2012
@@ -30,22 +30,32 @@ public final class EmailConfiguration
 {
     // when using GMail for testing the following combination work
     //
-    // port 25      - StartTLS
-    // port 25      - StartTLS & UseSSL
-    // port 465     - UseSSL
-    // port 465     - StartTLS & UseSSL
-
-    public static final boolean MAIL_FORCE_SEND     = false;
-	public static final boolean MAIL_DEBUG          = false;
-	public static final String  MAIL_CHARSET        = EmailConstants.UTF_8;
-    public static final String  MAIL_SERVER         = "localhost";
-    public static final int     MAIL_SERVER_PORT    = 25;
-    public static final String  TEST_FROM           = "test_from@apache.org";
-    public static final String  TEST_TO             = "test_to@apache.org";
-    public static final String  TEST_USER           = "user";
-    public static final String  TEST_PASSWD         = "password";
-    public static final boolean MAIL_USE_SSL        = false;
-    public static final boolean MAIL_USE_STARTTLS   = false;
+    // port 25      - MAIL_USE_STARTTLS, MAIL_STARTTLS_REQUIRED
+    // port 465     - MAIL_USE_SSL
+
+    // when using GMX for testing the following combination work
+    //
+    // port 465     - MAIL_USE_SSL, -Dsun.security.ssl.allowUnsafeRenegotiation=true
+
+    // when using Office 365 for testing the following combination work
+    //
+    // port 25      - MAIL_USE_STARTTLS, MAIL_STARTTLS_REQUIRED
+    // port 587     - MAIL_USE_STARTTLS, MAIL_STARTTLS_REQUIRED
+
+    public static final boolean MAIL_FORCE_SEND                 = false;
+	public static final boolean MAIL_DEBUG                      = false;
+	public static final String  MAIL_CHARSET                    = EmailConstants.UTF_8;
+    public static final String  MAIL_SERVER                     = "localhost";
+    public static final int     MAIL_SERVER_PORT                = 25;
+    public static final String  TEST_FROM                       = "test_from@apache.org";
+    public static final String  TEST_TO                         = "test_to@apache.org";
+    public static final String  TEST_USER                       = "user";
+    public static final String  TEST_PASSWD                     = "password";
+
+    public static final boolean MAIL_USE_SSL                    = false;
+    public static final boolean MAIL_SSL_CHECKSERVERIDENTITY    = false;
+    public static final boolean MAIL_USE_STARTTLS               = true;
+    public static final boolean MAIL_STARTTLS_REQUIRED          = true;
 
     public static final String TEST_URL = EmailConfiguration.class
         .getResource("/images/asf_logo_wide.gif")



Mime
View raw message