Skip to content

Commit 14ba04f

Browse files
JAMES-4210 Add SMTP SASL bridge scaffold
Add a minimal SMTP bridge for the shared SASL SPI. The bridge keeps SMTP-specific AUTH framing outside the generic SPI: it converts SMTP AUTH initial responses to SaslInitialRequest, handles the "=" empty initial response marker, maps SASL challenges to SMTP 334 responses, decodes client continuation lines, and wires abort/close lifecycle handling around SaslExchange. Add unit tests for initial response decoding, SMTP challenge formatting, client response decoding, and exchange cleanup.
1 parent 805483b commit 14ba04f

2 files changed

Lines changed: 239 additions & 0 deletions

File tree

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
/****************************************************************
2+
* Licensed to the Apache Software Foundation (ASF) under one *
3+
* or more contributor license agreements. See the NOTICE file *
4+
* distributed with this work for additional information *
5+
* regarding copyright ownership. The ASF licenses this file *
6+
* to you under the Apache License, Version 2.0 (the *
7+
* "License"); you may not use this file except in compliance *
8+
* with the License. You may obtain a copy of the License at *
9+
* *
10+
* http://www.apache.org/licenses/LICENSE-2.0 *
11+
* *
12+
* Unless required by applicable law or agreed to in writing, *
13+
* software distributed under the License is distributed on an *
14+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
15+
* KIND, either express or implied. See the License for the *
16+
* specific language governing permissions and limitations *
17+
* under the License. *
18+
****************************************************************/
19+
20+
package org.apache.james.protocols.smtp.core.esmtp;
21+
22+
import java.nio.charset.StandardCharsets;
23+
import java.util.Base64;
24+
import java.util.Objects;
25+
import java.util.Optional;
26+
27+
import org.apache.james.protocols.api.sasl.SaslExchange;
28+
import org.apache.james.protocols.api.sasl.SaslInitialRequest;
29+
import org.apache.james.protocols.api.sasl.SaslProtocol;
30+
import org.apache.james.protocols.api.sasl.SaslStep;
31+
import org.apache.james.protocols.smtp.SMTPResponse;
32+
import org.apache.james.protocols.smtp.SMTPRetCode;
33+
34+
public class SmtpSaslBridge {
35+
/**
36+
* Converts an SMTP AUTH request into a protocol-neutral SASL initial request.
37+
*/
38+
public SaslInitialRequest initialRequest(String mechanismName, Optional<String> initialClientResponse) {
39+
return new SaslInitialRequest(SaslProtocol.SMTP, mechanismName,
40+
Objects.requireNonNull(initialClientResponse).map(this::decodeInitialClientResponse));
41+
}
42+
43+
/**
44+
* Encodes a SASL challenge payload as an SMTP AUTH 334 response.
45+
*/
46+
public SMTPResponse challenge(SaslStep.Challenge challenge) {
47+
return new SMTPResponse(SMTPRetCode.AUTH_READY,
48+
challenge.payload()
49+
.map(Base64.getEncoder()::encodeToString)
50+
.orElse(""));
51+
}
52+
53+
/**
54+
* Decodes an SMTP client continuation line and forwards it to the SASL exchange.
55+
*/
56+
public SaslStep onClientResponse(SaslExchange exchange, byte[] line) {
57+
return exchange.onResponse(decodeBase64(stripTrailingCrlf(line)));
58+
}
59+
60+
/**
61+
* Aborts and closes an active SASL exchange.
62+
*/
63+
public void abort(SaslExchange exchange) {
64+
exchange.abort();
65+
exchange.close();
66+
}
67+
68+
/**
69+
* Closes an active SASL exchange.
70+
*/
71+
public void close(SaslExchange exchange) {
72+
exchange.close();
73+
}
74+
75+
private byte[] decodeBase64(String value) {
76+
return Base64.getDecoder().decode(value);
77+
}
78+
79+
private byte[] decodeInitialClientResponse(String value) {
80+
if (value.equals("=")) {
81+
return new byte[0];
82+
}
83+
return decodeBase64(value);
84+
}
85+
86+
private String stripTrailingCrlf(byte[] line) {
87+
String value = new String(line, StandardCharsets.US_ASCII);
88+
if (value.endsWith("\r\n")) {
89+
return value.substring(0, value.length() - 2);
90+
}
91+
return value;
92+
}
93+
}
Lines changed: 146 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,146 @@
1+
/****************************************************************
2+
* Licensed to the Apache Software Foundation (ASF) under one *
3+
* or more contributor license agreements. See the NOTICE file *
4+
* distributed with this work for additional information *
5+
* regarding copyright ownership. The ASF licenses this file *
6+
* to you under the Apache License, Version 2.0 (the *
7+
* "License"); you may not use this file except in compliance *
8+
* with the License. You may obtain a copy of the License at *
9+
* *
10+
* http://www.apache.org/licenses/LICENSE-2.0 *
11+
* *
12+
* Unless required by applicable law or agreed to in writing, *
13+
* software distributed under the License is distributed on an *
14+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
15+
* KIND, either express or implied. See the License for the *
16+
* specific language governing permissions and limitations *
17+
* under the License. *
18+
****************************************************************/
19+
20+
package org.apache.james.protocols.smtp.core.esmtp;
21+
22+
import static org.assertj.core.api.Assertions.assertThat;
23+
24+
import java.nio.charset.StandardCharsets;
25+
import java.util.ArrayList;
26+
import java.util.Base64;
27+
import java.util.List;
28+
import java.util.Optional;
29+
30+
import org.apache.james.core.Username;
31+
import org.apache.james.protocols.api.sasl.SaslExchange;
32+
import org.apache.james.protocols.api.sasl.SaslIdentity;
33+
import org.apache.james.protocols.api.sasl.SaslInitialRequest;
34+
import org.apache.james.protocols.api.sasl.SaslProtocol;
35+
import org.apache.james.protocols.api.sasl.SaslStep;
36+
import org.apache.james.protocols.smtp.SMTPResponse;
37+
import org.apache.james.protocols.smtp.SMTPRetCode;
38+
import org.junit.jupiter.api.Test;
39+
40+
class SmtpSaslBridgeTest {
41+
private static final Username USER = Username.of("user@example.com");
42+
private static final SaslIdentity IDENTITY = new SaslIdentity(USER, USER);
43+
44+
private final SmtpSaslBridge testee = new SmtpSaslBridge();
45+
46+
private static class RecordingExchange implements SaslExchange {
47+
private final List<String> lifecycleEvents;
48+
private byte[] lastClientResponse;
49+
50+
private RecordingExchange() {
51+
this.lifecycleEvents = new ArrayList<>();
52+
}
53+
54+
@Override
55+
public SaslStep firstStep() {
56+
return new SaslStep.Challenge(Optional.of(bytes("challenge")));
57+
}
58+
59+
@Override
60+
public SaslStep onResponse(byte[] clientResponse) {
61+
lastClientResponse = clientResponse.clone();
62+
return new SaslStep.Success(IDENTITY, Optional.empty(), "success");
63+
}
64+
65+
@Override
66+
public void abort() {
67+
lifecycleEvents.add("abort");
68+
}
69+
70+
@Override
71+
public void close() {
72+
lifecycleEvents.add("close");
73+
}
74+
}
75+
76+
@Test
77+
void initialRequestShouldDecodeInitialClientResponse() {
78+
String encodedInitialResponse = Base64.getEncoder().encodeToString(bytes("initial"));
79+
80+
SaslInitialRequest request = testee.initialRequest("PLAIN", Optional.of(encodedInitialResponse));
81+
82+
assertThat(request.protocol()).isEqualTo(SaslProtocol.SMTP);
83+
assertThat(request.mechanismName()).isEqualTo("PLAIN");
84+
assertThat(request.initialResponse()).hasValueSatisfying(value -> assertThat(value).containsExactly(bytes("initial")));
85+
}
86+
87+
@Test
88+
void initialRequestShouldDecodeEqualSignAsEmptyInitialClientResponse() {
89+
SaslInitialRequest request = testee.initialRequest("PLAIN", Optional.of("="));
90+
91+
assertThat(request.initialResponse()).hasValueSatisfying(value -> assertThat(value).isEmpty());
92+
}
93+
94+
@Test
95+
void challengeShouldReturnAuthReadyWithBase64EncodedChallengePayload() {
96+
SaslStep.Challenge challenge = new SaslStep.Challenge(Optional.of(bytes("challenge")));
97+
98+
SMTPResponse response = testee.challenge(challenge);
99+
100+
assertThat(response.getRetCode()).isEqualTo(SMTPRetCode.AUTH_READY);
101+
assertThat(response.getLines()).containsExactly(SMTPRetCode.AUTH_READY + " " + Base64.getEncoder().encodeToString(bytes("challenge")));
102+
}
103+
104+
@Test
105+
void challengeShouldReturnAuthReadyWithEmptyDescriptionWhenChallengeHasNoPayload() {
106+
SaslStep.Challenge challenge = new SaslStep.Challenge(Optional.empty());
107+
108+
SMTPResponse response = testee.challenge(challenge);
109+
110+
assertThat(response.getRetCode()).isEqualTo(SMTPRetCode.AUTH_READY);
111+
assertThat(response.getLines()).containsExactly(SMTPRetCode.AUTH_READY + " ");
112+
}
113+
114+
@Test
115+
void onClientResponseShouldDecodeLineAndContinueExchange() {
116+
RecordingExchange exchange = new RecordingExchange();
117+
byte[] line = (Base64.getEncoder().encodeToString(bytes("response")) + "\r\n").getBytes(StandardCharsets.US_ASCII);
118+
119+
SaslStep step = testee.onClientResponse(exchange, line);
120+
121+
assertThat(((SaslStep.Success) step).identity()).isEqualTo(IDENTITY);
122+
assertThat(exchange.lastClientResponse).containsExactly(bytes("response"));
123+
}
124+
125+
@Test
126+
void abortShouldAbortThenCloseExchange() {
127+
RecordingExchange exchange = new RecordingExchange();
128+
129+
testee.abort(exchange);
130+
131+
assertThat(exchange.lifecycleEvents).containsExactly("abort", "close");
132+
}
133+
134+
@Test
135+
void closeShouldCloseExchange() {
136+
RecordingExchange exchange = new RecordingExchange();
137+
138+
testee.close(exchange);
139+
140+
assertThat(exchange.lifecycleEvents).containsExactly("close");
141+
}
142+
143+
private static byte[] bytes(String value) {
144+
return value.getBytes(StandardCharsets.UTF_8);
145+
}
146+
}

0 commit comments

Comments
 (0)