Properly split api regarding trusting hosts (non-SSL related) and verifying hosts (SSL related)

bbottema · bbottema · commit 191351d19f39 · 2019-08-18T16:48:30.000+02:00
diff --git a/src/main/java/org/simplejavamail/mailer/MailerGenericBuilder.java b/src/main/java/org/simplejavamail/mailer/MailerGenericBuilder.java
@@ -54,7 +54,7 @@ public abstract class MailerGenericBuilder<T extends MailerGenericBuilder> {
 	public static final int DEFAULT_PROXY_BRIDGE_PORT = 1081;
 	
 	/**
-	 * Defaults to {@value DEFAULT_TRANSPORT_MODE_LOGGING_ONLY}, sending mails rather than just only logging the mails.
+	 * Defaults to {@value}, sending mails rather than just only logging the mails.
 	 */
 	public static final boolean DEFAULT_TRANSPORT_MODE_LOGGING_ONLY = false;
 	
@@ -113,6 +113,11 @@ public abstract class MailerGenericBuilder<T extends MailerGenericBuilder> {
 	 */
 	private Boolean trustAllSSLHost;
 	
+	/**
+	 * @see #verifyingServerIdentity(Boolean)
+	 */
+	private Boolean verifyingServerIdentity;
+	
 	/**
 	 * @see #withProperties(Properties)
 	 */
@@ -150,6 +155,7 @@ public abstract class MailerGenericBuilder<T extends MailerGenericBuilder> {
 		
 		withEmailAddressCriteria(EmailAddressCriteria.RFC_COMPLIANT);
 		trustingAllHosts(true);
+		verifyingServerIdentity(true);
 	}
 	
 	/**
@@ -178,7 +184,7 @@ private void validateProxy() {
 	 */
 	OperationalConfig buildOperationalConfig() {
 		return new OperationalConfig(getProperties(), getSessionTimeout(), getThreadPoolSize(), getTransportModeLoggingOnly(), getDebugLogging(),
-				getSslHostsToTrust(), getTrustAllSSLHost());
+				getSslHostsToTrust(), getTrustAllSSLHost(), getVerifyingServerIdentity());
 	}
 	
 	/**
@@ -335,17 +341,34 @@ public T trustingSSLHosts(String... sslHostsToTrust) {
 	}
 	
 	/**
-	 * Configures the current session to trust all hosts and don't validate any SSL keys. The property "mail.smtp(s).ssl.trust" is set to "*".
+	 * Configures the current session to trust all hosts. Defaults to true, but this allows you to white list <em>only</em> certain hosts.
 	 * <p>
-	 * Refer to https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html#mail.smtp.ssl.trust
+	 * Note that this is <em>not</em> the same as server identity verification, which is an SSL feature enabled through {@link #verifyingServerIdentity(Boolean)}.
+	 * It would be prudent to have at least one of these features turned on, lest you be vulnerable to man-in-the-middle attacks.
 	 *
+	 * @see <a href="https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html#mail.smtp.ssl.trust">mail.smtp.ssl.trust</a>
 	 * @see #trustingSSLHosts(String...)
 	 */
 	public T trustingAllHosts(@Nonnull final Boolean trustAllHosts) {
 		this.trustAllSSLHost = trustAllHosts;
 		return (T) this;
 	}
 	
+	/**
+	 * Configures the current session to not verify the server's identity on an SSL connection. Defaults to true.
+	 * <p>
+	 * Note that this is <em>not</em> the same as {@link #trustingAllHosts(Boolean)} or {@link #trustingSSLHosts(String...)}, which are not related to SSL connections.
+	 * It would be prudent to have at least one of these features turned on, lest you be vulnerable to man-in-the-middle attacks.
+	 *
+	 * @see <a href="https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html#mail.smtp.ssl.checkserveridentity">mail.smtp.ssl.checkserveridentity</a>
+	 * @see #trustingAllHosts(Boolean)
+	 * @see #trustingSSLHosts(String...)
+	 */
+	public T verifyingServerIdentity(@Nonnull final Boolean verifyingServerIdentity) {
+		this.verifyingServerIdentity = verifyingServerIdentity;
+		return (T) this;
+	}
+	
 	/**
 	 * Adds the given properties to the total list applied to the {@link Session} when building a mailer.
 	 *
@@ -535,6 +558,13 @@ public Boolean getTrustAllSSLHost() {
 		return trustAllSSLHost;
 	}
 	
+	/**
+	 * @see #verifyingServerIdentity(Boolean)
+	 */
+	public Boolean getVerifyingServerIdentity() {
+		return verifyingServerIdentity;
+	}
+	
 	/**
 	 * @see #withTransportModeLoggingOnly(Boolean)
 	 */
diff --git a/src/main/java/org/simplejavamail/mailer/config/TransportStrategy.java b/src/main/java/org/simplejavamail/mailer/config/TransportStrategy.java
@@ -39,8 +39,6 @@ public enum TransportStrategy {
 	 *     <li>Only {@code mail.smtp} properties are set.</li>
 	 *     <li>STARTTLS is enabled by setting {@code mail.smtp.starttls.enable} to {@code true}.</li>
 	 *     <li>STARTTLS plaintext fallback is enabled by setting {@code mail.smtp.starttls.required} to {@code false}.</li>
-	 *     <li>Certificate issuer checks are disabled by setting {@code mail.smtp.ssl.trust} to {@code "*"}.</li>
-	 *     <li>Certificate identity checks are disabled by setting {@code mail.smtp.ssl.checkserveridentity} to {@code false}.</li>
      * </ul>
 	 */
 	SMTP {
@@ -71,8 +69,6 @@ public Properties generateProperties() {
 				LOGGER.debug("Opportunistic TLS mode enabled for SMTP plain protocol.");
 				props.put("mail.smtp.starttls.enable", "true");
 				props.put("mail.smtp.starttls.required", "false");
-				props.put("mail.smtp.ssl.trust", "*");
-				props.put("mail.smtp.ssl.checkserveridentity", "false");
 			}
 			return props;
 		}
@@ -165,6 +161,14 @@ public String propertyNameSSLTrust() {
 			return "mail.smtp.ssl.trust";
 		}
 		
+		/**
+		 * @return "mail.smtp.ssl.checkserveridentity"
+		 */
+		@Override
+		public String propertyNameCheckServerIdentity() {
+			throw new AssertionError("This property is not relevant for plain SMTP");
+		}
+		
 		/**
 		 * Sets {@link #opportunisticTLS}. Setting <code>null</code> will revert to property value if available or default to {@value
 		 * DEFAULT_OPPORTUNISTIC_TLS}
@@ -184,7 +188,6 @@ public void setOpportunisticTLS(@Nullable final Boolean opportunisticTLS) {
 	 * <ul>
 	 *     <li>The transport protocol is explicitly set to {@code smtps}.</li>
 	 *     <li>Only {@code mail.smtps} properties are set.</li>
-	 *     <li>Certificate identity checks are enabled by setting {@code mail.smtp.ssl.checkserveridentity} to {@code true}.</li>
 	 *     <li>
 	 * {@code mail.smtps.quitwait} is set to {@code false} to get rid of a strange SSLException:
 	 * <pre>
@@ -206,7 +209,6 @@ public void setOpportunisticTLS(@Nullable final Boolean opportunisticTLS) {
 		public Properties generateProperties() {
 			final Properties properties = super.generateProperties();
 			properties.put("mail.transport.protocol", "smtps");
-			properties.put("mail.smtps.ssl.checkserveridentity", "true");
 			properties.put("mail.smtps.quitwait", "false");
 			return properties;
 		}
@@ -298,6 +300,14 @@ public String propertyNameEnvelopeFrom() {
 		public String propertyNameSSLTrust() {
 			return "mail.smtps.ssl.trust";
 		}
+		
+		/**
+		 * @return "mail.smtps.ssl.checkserveridentity"
+		 */
+		@Override
+		public String propertyNameCheckServerIdentity() {
+			return "mail.smtps.ssl.checkserveridentity";
+		}
 	},
 	/**
 	 * Plaintext SMTP with a mandatory, authenticated STARTTLS upgrade.
@@ -311,7 +321,6 @@ public String propertyNameSSLTrust() {
 	 *     <li>Only {@code mail.smtp} properties are set.</li>
 	 *     <li>STARTTLS is enabled by setting {@code mail.smtp.starttls.enable} to {@code true}.</li>
 	 *     <li>STARTTLS plaintext fallback is disabled by setting {@code mail.smtp.starttls.required} to {@code true}.</li>
-	 *     <li>Certificate identity checks are enabled by setting {@code mail.smtp.ssl.checkserveridentity} to {@code true}.</li>
 	 * </ul>
 	 */
 	SMTP_TLS {
@@ -324,7 +333,6 @@ public Properties generateProperties() {
 			props.put("mail.transport.protocol", "smtp");
 			props.put("mail.smtp.starttls.enable", "true");
 			props.put("mail.smtp.starttls.required", "true");
-			props.put("mail.smtp.ssl.checkserveridentity", "true");
 			return props;
 		}
 
@@ -415,6 +423,14 @@ public String propertyNameEnvelopeFrom() {
 		public String propertyNameSSLTrust() {
 			return "mail.smtp.ssl.trust";
 		}
+		
+		/**
+		 * @return "mail.smtp.ssl.checkserveridentity"
+		 */
+		@Override
+		public String propertyNameCheckServerIdentity() {
+			return "mail.smtp.ssl.checkserveridentity";
+		}
 	};
 	
 	private static final Logger LOGGER = LoggerFactory.getLogger(TransportStrategy.class);
@@ -476,6 +492,10 @@ public Properties generateProperties() {
 	 * For internal use only.
 	 */
 	public abstract String propertyNameSSLTrust();
+	/**
+	 * For internal use only.
+	 */
+	public abstract String propertyNameCheckServerIdentity();
 	/**
 	 * For internal use only.
 	 */
diff --git a/src/main/java/org/simplejavamail/mailer/internal/mailsender/MailSender.java b/src/main/java/org/simplejavamail/mailer/internal/mailsender/MailSender.java
@@ -97,10 +97,10 @@ public MailSender(@Nonnull final Session session,
 		this.operationalConfig = operationalConfig;
 		this.transportStrategy = transportStrategy;
 		this.proxyServer = configureSessionWithProxy(proxyConfig, session, transportStrategy);
-		init(operationalConfig);
+		init(transportStrategy, operationalConfig);
 	}
 	
-	private void init(@Nonnull OperationalConfig operationalConfig) {
+	private void init(@Nullable TransportStrategy transportStrategy, @Nonnull OperationalConfig operationalConfig) {
 		session.setDebug(operationalConfig.isDebugLogging());
 		session.getProperties().putAll(operationalConfig.getProperties());
 		if (transportStrategy != null) {
@@ -109,6 +109,14 @@ private void init(@Nonnull OperationalConfig operationalConfig) {
 			} else {
 				trustHosts(operationalConfig.getSslHostsToTrust());
 			}
+			configureServerVerification(transportStrategy, operationalConfig);
+		}
+	}
+	
+	private void configureServerVerification(@Nonnull TransportStrategy transportStrategy, @Nonnull OperationalConfig operationalConfig) {
+		if (transportStrategy != TransportStrategy.SMTP) {
+			session.getProperties().setProperty(transportStrategy.propertyNameCheckServerIdentity(),
+					Boolean.toString(operationalConfig.isVerifyingServerIdentity()));
 		}
 	}
 	
diff --git a/src/main/java/org/simplejavamail/mailer/internal/mailsender/OperationalConfig.java b/src/main/java/org/simplejavamail/mailer/internal/mailsender/OperationalConfig.java
@@ -49,17 +49,23 @@ public class OperationalConfig {
 	 */
 	private final boolean trustAllSSLHost;
 	
+	/**
+	 * @see org.simplejavamail.mailer.MailerBuilder.MailerRegularBuilder#verifyingServerIdentity(Boolean)
+	 */
+	private final boolean verifyingServerIdentity;
+	
 	/**
 	 * For internal use only.
 	 */
-	public OperationalConfig(@Nonnull Properties properties, int sessionTimeout, int threadPoolSize, boolean transportModeLoggingOnly, boolean debugLogging, List<String> sslHostsToTrust, boolean trustAllSSLHost) {
+	public OperationalConfig(@Nonnull Properties properties, int sessionTimeout, int threadPoolSize, boolean transportModeLoggingOnly, boolean debugLogging, List<String> sslHostsToTrust, boolean trustAllSSLHost, boolean verifyingServerIdentity) {
 		this.properties = properties;
 		this.sessionTimeout = sessionTimeout;
 		this.threadPoolSize = threadPoolSize;
 		this.transportModeLoggingOnly = transportModeLoggingOnly;
 		this.debugLogging = debugLogging;
 		this.sslHostsToTrust = Collections.unmodifiableList(sslHostsToTrust);
 		this.trustAllSSLHost = trustAllSSLHost;
+		this.verifyingServerIdentity = verifyingServerIdentity;
 	}
 	
 	/**
@@ -104,6 +110,13 @@ public boolean isTrustAllSSLHost() {
 		return trustAllSSLHost;
 	}
 	
+	/**
+	 * @see org.simplejavamail.mailer.MailerBuilder.MailerRegularBuilder#verifyingServerIdentity(Boolean)
+	 */
+	public boolean isVerifyingServerIdentity() {
+		return verifyingServerIdentity;
+	}
+	
 	/**
 	 * @see org.simplejavamail.mailer.MailerBuilder.MailerRegularBuilder#withProperties(Properties)
 	 */
diff --git a/src/test/java/org/simplejavamail/mailer/MailerTest.java b/src/test/java/org/simplejavamail/mailer/MailerTest.java
@@ -62,7 +62,7 @@ public void createMailSession_MinimalConstructor_WithoutConfig()
 		assertThat(session.getProperty("mail.smtp.starttls.enable")).isEqualTo("true");
 		assertThat(session.getProperty("mail.smtp.starttls.required")).isEqualTo("false");
 		assertThat(session.getProperty("mail.smtp.ssl.trust")).isEqualTo("*");
-		assertThat(session.getProperty("mail.smtp.ssl.checkserveridentity")).isEqualTo("false");
+		assertThat(session.getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
 		
 		assertThat(session.getProperty("mail.smtp.username")).isNull();
 		assertThat(session.getProperty("mail.smtp.auth")).isNull();
@@ -191,7 +191,7 @@ public void createMailSession_MinimalConstructor_WithConfig_OPPORTUNISTIC_TLS_Ma
 		assertThat(session.getProperty("mail.smtp.starttls.enable")).isEqualTo("true");
 		assertThat(session.getProperty("mail.smtp.starttls.required")).isEqualTo("false");
 		assertThat(session.getProperty("mail.smtp.ssl.trust")).isEqualTo("*");
-		assertThat(session.getProperty("mail.smtp.ssl.checkserveridentity")).isEqualTo("false");
+		assertThat(session.getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
 		
 		assertThat(session.getProperty("mail.smtp.username")).isEqualTo("username smtp");
 		assertThat(session.getProperty("mail.smtp.auth")).isEqualTo("true");
@@ -283,6 +283,7 @@ private Mailer createFullyConfiguredMailer(boolean authenticateProxy, String pre
 		MailerRegularBuilder mailerBuilder = MailerBuilder
 				.withSMTPServer(prefix + "smtp host", 25, prefix + "username smtp", prefix + "password smtp")
 				.withTransportStrategy(transportStrategy)
+				.verifyingServerIdentity(true)
 				.withDebugLogging(true);
 		
 		if (transportStrategy == SMTP_TLS) {
diff --git a/src/test/java/org/simplejavamail/mailer/internal/mailsender/MailSenderTest.java b/src/test/java/org/simplejavamail/mailer/internal/mailsender/MailSenderTest.java
@@ -15,6 +15,7 @@
 import static org.mockito.Mockito.when;
 import static org.simplejavamail.mailer.config.TransportStrategy.SMTP;
 import static org.simplejavamail.mailer.config.TransportStrategy.SMTPS;
+import static org.simplejavamail.mailer.config.TransportStrategy.SMTP_TLS;
 
 public class MailSenderTest {
 	
@@ -24,7 +25,7 @@ public class MailSenderTest {
 	
 	@Before
 	public void setup() {
-		session = Session.getDefaultInstance(new Properties());
+		session = Session.getInstance(new Properties());
 	}
 	
 	@Nonnull
@@ -34,41 +35,72 @@ private ProxyConfig createEmptyProxyConfig() {
 	
 	@Test
 	public void trustAllHosts_PLAIN() {
-		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, true), createEmptyProxyConfig(), SMTP);
+		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, true, false), createEmptyProxyConfig(), SMTP);
 		assertThat(session.getProperties().getProperty("mail.smtp.ssl.trust")).isEqualTo("*");
-		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, false), createEmptyProxyConfig(), SMTP);
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isNull();
+		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, false, true), createEmptyProxyConfig(), SMTP);
 		assertThat(session.getProperties().getProperty("mail.smtp.ssl.trust")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isNull();
 	}
 	
 	@Test
 	public void trustAllHosts_SMTPS() {
 		ProxyConfig proxyBypassingMock = mock(ProxyConfig.class);
 		when(proxyBypassingMock.requiresProxy()).thenReturn(false);
-		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, true), proxyBypassingMock, SMTPS);
+		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, true, false), proxyBypassingMock, SMTPS);
 		assertThat(session.getProperties().getProperty("mail.smtps.ssl.trust")).isEqualTo("*");
-		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, false), proxyBypassingMock, SMTPS);
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isEqualTo("false");
+		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, false, true), proxyBypassingMock, SMTPS);
 		assertThat(session.getProperties().getProperty("mail.smtps.ssl.trust")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isEqualTo("true");
+	}
+	
+	@Test
+	public void trustAllHosts_SMTP_TLS() {
+		ProxyConfig proxyBypassingMock = mock(ProxyConfig.class);
+		when(proxyBypassingMock.requiresProxy()).thenReturn(false);
+		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, true, false), proxyBypassingMock, SMTP_TLS);
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.trust")).isEqualTo("*");
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isEqualTo("false");
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isNull();
+		new MailSender(session, createDummyOperationalConfig(EMPTY_LIST, false, true), proxyBypassingMock, SMTP_TLS);
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.trust")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isEqualTo("true");
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isNull();
 	}
 	
 	@Test
 	public void trustHosts() {
-		new MailSender(session, createDummyOperationalConfig(asList(), false), createEmptyProxyConfig(), SMTP);
+		new MailSender(session, createDummyOperationalConfig(asList(), false, false), createEmptyProxyConfig(), SMTP);
 		assertThat(session.getProperties().getProperty("mail.smtp.ssl.trust")).isNull();
-		new MailSender(session, createDummyOperationalConfig(asList("a"), false), createEmptyProxyConfig(), SMTP);
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isNull();
+		new MailSender(session, createDummyOperationalConfig(asList("a"), false, false), createEmptyProxyConfig(), SMTP);
 		assertThat(session.getProperties().getProperty("mail.smtp.ssl.trust")).isEqualTo("a");
-		new MailSender(session, createDummyOperationalConfig(asList("a", "b"), false), createEmptyProxyConfig(), SMTP);
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isNull();
+		new MailSender(session, createDummyOperationalConfig(asList("a", "b"), false, false), createEmptyProxyConfig(), SMTP);
 		assertThat(session.getProperties().getProperty("mail.smtp.ssl.trust")).isEqualTo("a b");
-		new MailSender(session, createDummyOperationalConfig(asList("a", "b", "c"), false), createEmptyProxyConfig(), SMTP);
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isNull();
+		new MailSender(session, createDummyOperationalConfig(asList("a", "b", "c"), false, true), createEmptyProxyConfig(), SMTP);
 		assertThat(session.getProperties().getProperty("mail.smtp.ssl.trust")).isEqualTo("a b c");
+		assertThat(session.getProperties().getProperty("mail.smtp.ssl.checkserveridentity")).isNull();
+		assertThat(session.getProperties().getProperty("mail.smtps.ssl.checkserveridentity")).isNull();
 	}
 	
 	@Nonnull
 	private List<String> asList(String... args) {
 		return Arrays.asList(args);
 	}
 	
+	@SuppressWarnings("SameParameterValue")
 	@Nonnull
-	private OperationalConfig createDummyOperationalConfig(List<String> hostsToTrust, boolean trustAllSSLHost) {
-		return new OperationalConfig(new Properties(), 0, 0, false, false, hostsToTrust, trustAllSSLHost);
+	private OperationalConfig createDummyOperationalConfig(List<String> hostsToTrust, boolean trustAllSSLHost, boolean verifyServerIdentity) {
+		return new OperationalConfig(new Properties(), 0, 0, false, false, hostsToTrust, trustAllSSLHost, verifyServerIdentity);
 	}
 }
