• Home
• com.github.pandafw
• panda-nets
• 1.5.0
• source code
• IMAPSClient.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

panda.net.imap.IMAPSClient Maven / Gradle / Ivy

package panda.net.imap;

import java.io.BufferedWriter;
import java.io.InputStreamReader;
import java.io.IOException;
import java.io.OutputStreamWriter;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

import panda.net.io.CRLFLineReader;
import panda.net.ssl.SSLContexts;
import panda.net.ssl.SSLSockets;

/**
 * The IMAPSClient class provides SSL/TLS connection encryption to IMAPClient. Copied from
 * FTPSClient.java and modified to suit IMAP. If implicit mode is selected (NOT the default),
 * SSL/TLS negotiation starts right after the connection has been established. In explicit mode (the
 * default), SSL/TLS negotiation starts when the user calls execTLS() and the server accepts the
 * command. Implicit usage: IMAPSClient c = new IMAPSClient(true); c.connect("127.0.0.1", 993);
 * Explicit usage: IMAPSClient c = new IMAPSClient(); c.connect("127.0.0.1", 143); if (c.execTLS())
 * { /rest of the commands here/ } Warning: the hostname is not verified against the certificate by
 * default, use {@link #setHostnameVerifier(HostnameVerifier)} or
 * {@link #setEndpointCheckingEnabled(boolean)} (on Java 1.7+) to enable verification.
 */
public class IMAPSClient extends IMAPClient {
	/** The default IMAP over SSL port. */
	public static final int DEFAULT_IMAPS_PORT = 993;

	/** Default secure socket protocol name. */
	public static final String DEFAULT_PROTOCOL = "TLS";

	/** The security mode. True - Implicit Mode / False - Explicit Mode. */
	private final boolean isImplicit;
	/** The secure socket protocol to be used, like SSL/TLS. */
	private final String protocol;
	/** The context object. */
	private SSLContext context = null;
	/**
	 * The cipher suites. SSLSockets have a default set of these anyway, so no initialization
	 * required.
	 */
	private String[] suites = null;
	/** The protocol versions. */
	private String[] protocols = // null;
	null;// {"SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "SSLv2Hello"};

	/** The IMAPS {@link TrustManager} implementation, default null. */
	private TrustManager trustManager = null;

	/** The {@link KeyManager}, default null. */
	private KeyManager keyManager = null;

	/** The {@link HostnameVerifier} to use post-TLS, default null (i.e. no verification). */
	private HostnameVerifier hostnameVerifier = null;

	/** Use Java 1.7+ HTTPS Endpoint Identification Algorithim. */
	private boolean tlsEndpointChecking;

	/**
	 * Constructor for IMAPSClient. Sets security mode to explicit (isImplicit = false).
	 */
	public IMAPSClient() {
		this(DEFAULT_PROTOCOL, false);
	}

	/**
	 * Constructor for IMAPSClient.
	 * 
	 * @param implicit The security mode (Implicit/Explicit).
	 */
	public IMAPSClient(boolean implicit) {
		this(DEFAULT_PROTOCOL, implicit);
	}

	/**
	 * Constructor for IMAPSClient.
	 * 
	 * @param proto the protocol.
	 */
	public IMAPSClient(String proto) {
		this(proto, false);
	}

	/**
	 * Constructor for IMAPSClient.
	 * 
	 * @param proto the protocol.
	 * @param implicit The security mode(Implicit/Explicit).
	 */
	public IMAPSClient(String proto, boolean implicit) {
		this(proto, implicit, null);
	}

	/**
	 * Constructor for IMAPSClient.
	 * 
	 * @param proto the protocol.
	 * @param implicit The security mode(Implicit/Explicit).
	 * @param ctx the SSL context
	 */
	public IMAPSClient(String proto, boolean implicit, SSLContext ctx) {
		super();
		setDefaultPort(DEFAULT_IMAPS_PORT);
		protocol = proto;
		isImplicit = implicit;
		context = ctx;
	}

	/**
	 * Constructor for IMAPSClient.
	 * 
	 * @param implicit The security mode(Implicit/Explicit).
	 * @param ctx A pre-configured SSL Context.
	 */
	public IMAPSClient(boolean implicit, SSLContext ctx) {
		this(DEFAULT_PROTOCOL, implicit, ctx);
	}

	/**
	 * Constructor for IMAPSClient.
	 * 
	 * @param context A pre-configured SSL Context.
	 */
	public IMAPSClient(SSLContext context) {
		this(false, context);
	}

	/**
	 * Because there are so many connect() methods, the _connectAction_() method is provided as a
	 * means of performing some action immediately after establishing a connection, rather than
	 * reimplementing all of the connect() methods.
	 * 
	 * @throws IOException If it is thrown by _connectAction_().
	 * @see panda.net.SocketClient#_connectAction_()
	 */
	@Override
	protected void _connectAction_() throws IOException {
		// Implicit mode.
		if (isImplicit) {
			performSSLNegotiation();
		}
		super._connectAction_();
		// Explicit mode - don't do anything. The user calls execTLS()
	}

	/**
	 * Performs a lazy init of the SSL context.
	 * 
	 * @throws IOException When could not initialize the SSL context.
	 */
	private void initSSLContext() throws IOException {
		if (context == null) {
			context = SSLContexts.createSSLContext(protocol, getKeyManager(), getTrustManager());
		}
	}

	/**
	 * SSL/TLS negotiation. Acquires an SSL socket of a connection and carries out handshake
	 * processing.
	 * 
	 * @throws IOException If server negotiation fails.
	 */
	private void performSSLNegotiation() throws IOException {
		initSSLContext();

		SSLSocketFactory ssf = context.getSocketFactory();
		String host = (_hostname_ != null) ? _hostname_ : getRemoteAddress().getHostAddress();
		int port = getRemotePort();
		SSLSocket socket = (SSLSocket)ssf.createSocket(_socket_, host, port, true);
		socket.setEnableSessionCreation(true);
		socket.setUseClientMode(true);

		if (tlsEndpointChecking) {
			SSLSockets.enableEndpointNameVerification(socket);
		}

		if (protocols != null) {
			socket.setEnabledProtocols(protocols);
		}
		if (suites != null) {
			socket.setEnabledCipherSuites(suites);
		}
		socket.startHandshake();

		// TODO the following setup appears to duplicate that in the super class methods
		_socket_ = socket;
		_input_ = socket.getInputStream();
		_output_ = socket.getOutputStream();
		_reader = new CRLFLineReader(new InputStreamReader(_input_, __DEFAULT_ENCODING));
		__writer = new BufferedWriter(new OutputStreamWriter(_output_, __DEFAULT_ENCODING));

		if (hostnameVerifier != null && !hostnameVerifier.verify(host, socket.getSession())) {
			throw new SSLHandshakeException("Hostname doesn't match certificate");
		}
	}

	/**
	 * Get the {@link KeyManager} instance.
	 * 
	 * @return The current {@link KeyManager} instance.
	 */
	private KeyManager getKeyManager() {
		return keyManager;
	}

	/**
	 * Set a {@link KeyManager} to use.
	 * 
	 * @param newKeyManager The KeyManager implementation to set.
	 * @see panda.net.ssl.KeyManagers
	 */
	public void setKeyManager(KeyManager newKeyManager) {
		keyManager = newKeyManager;
	}

	/**
	 * Controls which particular cipher suites are enabled for use on this connection. Called before
	 * server negotiation.
	 * 
	 * @param cipherSuites The cipher suites.
	 */
	public void setEnabledCipherSuites(String[] cipherSuites) {
		suites = new String[cipherSuites.length];
		System.arraycopy(cipherSuites, 0, suites, 0, cipherSuites.length);
	}

	/**
	 * Returns the names of the cipher suites which could be enabled for use on this connection.
	 * When the underlying {@link java.net.Socket Socket} is not an {@link SSLSocket} instance,
	 * returns null.
	 * 
	 * @return An array of cipher suite names, or null.
	 */
	public String[] getEnabledCipherSuites() {
		if (_socket_ instanceof SSLSocket) {
			return ((SSLSocket)_socket_).getEnabledCipherSuites();
		}
		return null;
	}

	/**
	 * Controls which particular protocol versions are enabled for use on this connection. I perform
	 * setting before a server negotiation.
	 * 
	 * @param protocolVersions The protocol versions.
	 */
	public void setEnabledProtocols(String[] protocolVersions) {
		protocols = new String[protocolVersions.length];
		System.arraycopy(protocolVersions, 0, protocols, 0, protocolVersions.length);
	}

	/**
	 * Returns the names of the protocol versions which are currently enabled for use on this
	 * connection. When the underlying {@link java.net.Socket Socket} is not an {@link SSLSocket}
	 * instance, returns null.
	 * 
	 * @return An array of protocols, or null.
	 */
	public String[] getEnabledProtocols() {
		if (_socket_ instanceof SSLSocket) {
			return ((SSLSocket)_socket_).getEnabledProtocols();
		}
		return null;
	}

	/**
	 * The TLS command execution.
	 * 
	 * @throws SSLException If the server reply code is not positive.
	 * @throws IOException If an I/O error occurs while sending the command or performing the
	 *             negotiation.
	 * @return TRUE if the command and negotiation succeeded.
	 */
	public boolean execTLS() throws SSLException, IOException {
		if (sendCommand(IMAPCommand.getCommand(IMAPCommand.STARTTLS)) != IMAPReply.OK) {
			return false;
			// throw new SSLException(getReplyString());
		}
		performSSLNegotiation();
		return true;
	}

	/**
	 * Get the currently configured {@link TrustManager}.
	 * 
	 * @return A TrustManager instance.
	 */
	public TrustManager getTrustManager() {
		return trustManager;
	}

	/**
	 * Override the default {@link TrustManager} to use.
	 * 
	 * @param newTrustManager The TrustManager implementation to set.
	 * @see panda.net.ssl.TrustManagers
	 */
	public void setTrustManager(TrustManager newTrustManager) {
		trustManager = newTrustManager;
	}

	/**
	 * Get the currently configured {@link HostnameVerifier}.
	 * 
	 * @return A HostnameVerifier instance.
	 */
	public HostnameVerifier getHostnameVerifier() {
		return hostnameVerifier;
	}

	/**
	 * Override the default {@link HostnameVerifier} to use.
	 * 
	 * @param newHostnameVerifier The HostnameVerifier implementation to set or null to
	 *            disable.
	 */
	public void setHostnameVerifier(HostnameVerifier newHostnameVerifier) {
		hostnameVerifier = newHostnameVerifier;
	}

	/**
	 * Return whether or not endpoint identification using the HTTPS algorithm on Java 1.7+ is
	 * enabled. The default behaviour is for this to be disabled.
	 * 
	 * @return True if enabled, false if not.
	 */
	public boolean isEndpointCheckingEnabled() {
		return tlsEndpointChecking;
	}

	/**
	 * Automatic endpoint identification checking using the HTTPS algorithm is supported on Java
	 * 1.7+. The default behaviour is for this to be disabled.
	 * 
	 * @param enable Enable automatic endpoint identification checking using the HTTPS algorithm on
	 *            Java 1.7+.
	 */
	public void setEndpointCheckingEnabled(boolean enable) {
		tlsEndpointChecking = enable;
	}
}
/* kate: indent-width 4; replace-tabs on; */