Merge branch 'smtps'

Author: jrivard

Diff for: build/checkstyle-import.xml

@@ -86,7 +86,7 @@
     <allow pkg="javax.net"/>
     <allow pkg="javax.crypto"/>
     <allow pkg="javax.mail"/>
-    <allow class="com.sun.mail.smtp.SMTPSendFailedException"/>
+    <allow pkg="com.sun.mail"/>
     <allow pkg="org.xeustechnologies"/>
     <allow pkg="net.glxn"/>
     <allow pkg="org.webjars"/>

Diff for: data-service/pom.xml

@@ -136,8 +136,8 @@
         </dependency>
         <dependency>
             <groupId>com.sun.mail</groupId>
-            <artifactId>javax.mail</artifactId>
-            <version>1.6.2</version>
+            <artifactId>jakarta.mail</artifactId>
+            <version>1.6.3</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>

Diff for: pom.xml

@@ -264,6 +264,7 @@
                     <excludeFilterFile>${project.root.basedir}/build/spotbugs-exclude.xml</excludeFilterFile>
                     <includeTests>false</includeTests>
                     <skip>${skipSpotbugs}</skip>
+                    <effort>max</effort>
                 </configuration>
                 <executions>
                     <execution>

Diff for: server/pom.xml

@@ -226,8 +226,8 @@
         </dependency>
         <dependency>
             <groupId>com.sun.mail</groupId>
-            <artifactId>javax.mail</artifactId>
-            <version>1.6.2</version>
+            <artifactId>jakarta.mail</artifactId>
+            <version>1.6.3</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>

Diff for: server/src/main/java/password/pwm/AppProperty.java

@@ -329,6 +329,8 @@ public enum AppProperty
     SECURITY_DEFAULT_EPHEMERAL_BLOCK_ALG            ( "security.defaultEphemeralBlockAlg" ),
     SECURITY_DEFAULT_EPHEMERAL_HASH_ALG             ( "security.defaultEphemeralHashAlg" ),
     SEEDLIST_BUILTIN_PATH                           ( "seedlist.builtin.path" ),
+    SMTP_IO_CONNECT_TIMEOUT                         ( "smtp.io.connectTimeoutMs" ),
+    SMTP_IO_READ_TIMEOUT                            ( "smtp.io.readTimeoutMs" ),
     SMTP_SUBJECT_ENCODING_CHARSET                   ( "smtp.subjectEncodingCharset" ),
     SMTP_RETRYABLE_SEND_RESPONSE_STATUSES           ( "smtp.retryableSendResponseStatus" ),
     TOKEN_CLEANER_INTERVAL_SECONDS                  ( "token.cleaner.intervalSeconds" ),

Diff for: server/src/main/java/password/pwm/config/PwmSetting.java

@@ -310,8 +310,12 @@ public enum PwmSetting
             "email.profile.list", PwmSettingSyntax.PROFILE, PwmSettingCategory.INTERNAL ),
     EMAIL_SERVER_ADDRESS(
             "email.smtp.address", PwmSettingSyntax.STRING, PwmSettingCategory.EMAIL_SERVERS ),
+    EMAIL_SERVER_TYPE(
+            "email.smtp.type", PwmSettingSyntax.SELECT, PwmSettingCategory.EMAIL_SERVERS ),
     EMAIL_SERVER_PORT(
             "email.smtp.port", PwmSettingSyntax.NUMERIC, PwmSettingCategory.EMAIL_SERVERS ),
+    EMAIL_SERVER_CERTS(
+            "email.smtp.serverCerts", PwmSettingSyntax.X509CERT, PwmSettingCategory.EMAIL_SERVERS ),
     EMAIL_USERNAME(
             "email.smtp.username", PwmSettingSyntax.STRING, PwmSettingCategory.EMAIL_SERVERS ),
     EMAIL_PASSWORD(

Diff for: server/src/main/java/password/pwm/config/function/SmtpCertImportFunction.java

@@ -0,0 +1,64 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://www.pwm-project.org
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2019 The PWM Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package password.pwm.config.function;
+
+import password.pwm.bean.UserIdentity;
+import password.pwm.config.Configuration;
+import password.pwm.config.PwmSetting;
+import password.pwm.config.SettingUIFunction;
+import password.pwm.config.stored.StoredConfigurationImpl;
+import password.pwm.config.value.X509CertificateValue;
+import password.pwm.error.PwmUnrecoverableException;
+import password.pwm.http.PwmRequest;
+import password.pwm.http.PwmSession;
+import password.pwm.i18n.Message;
+import password.pwm.svc.email.EmailServerUtil;
+import password.pwm.util.java.JavaHelper;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+public class SmtpCertImportFunction implements SettingUIFunction
+{
+    @Override
+    public String provideFunction(
+            final PwmRequest pwmRequest,
+            final StoredConfigurationImpl storedConfiguration,
+            final PwmSetting setting,
+            final String profile,
+            final String extraData
+    )
+            throws PwmUnrecoverableException
+    {
+        final PwmSession pwmSession = pwmRequest.getPwmSession();
+
+        final Configuration configuration = new Configuration( storedConfiguration );
+        final List<X509Certificate> certs = EmailServerUtil.readCertificates( configuration, profile );
+        if ( !JavaHelper.isEmpty( certs ) )
+        {
+            final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
+            storedConfiguration.writeSetting( PwmSetting.EMAIL_SERVER_CERTS, profile, new X509CertificateValue( certs ), userIdentity );
+        }
+
+        return Message.getLocalizedMessage( pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmRequest.getConfig() );
+    }
+
+}

Diff for: server/src/main/java/password/pwm/config/option/SmtpServerType.java

@@ -0,0 +1,28 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://www.pwm-project.org
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2019 The PWM Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package password.pwm.config.option;
+
+public enum SmtpServerType
+{
+    SMTP,
+    START_TLS,
+    SMTPS,
+}

Diff for: server/src/main/java/password/pwm/http/filter/SessionFilter.java

@@ -157,7 +157,7 @@ private ProcessStatus handleStandardRequestOperations(
         // debug the http session headers
         if ( !pwmSession.getSessionStateBean().isDebugInitialized() )
         {
-            LOGGER.trace( pwmSession, () -> pwmRequest.debugHttpHeaders() );
+            LOGGER.trace( pwmSession, pwmRequest::debugHttpHeaders );
             pwmSession.getSessionStateBean().setDebugInitialized( true );
         }
 
@@ -309,6 +309,13 @@ private static ProcessStatus verifySession(
 
         if ( pwmRequest.getURL().isCommandServletURL() )
         {
+            LOGGER.debug( pwmRequest, () -> "session is unvalidated but can not be validated during a command servlet request, will allow" );
+            return ProcessStatus.Continue;
+        }
+
+        if ( pwmRequest.getURL().isResourceURL() )
+        {
+            LOGGER.debug( pwmRequest, () -> "session is unvalidated but can not be validated during a resource request, will allow" );
             return ProcessStatus.Continue;
         }
 

Diff for: server/src/main/java/password/pwm/svc/email/EmailServer.java

@@ -22,6 +22,7 @@
 
 import lombok.Builder;
 import lombok.Value;
+import password.pwm.config.option.SmtpServerType;
 import password.pwm.util.PasswordData;
 import password.pwm.util.java.StringUtil;
 
@@ -33,19 +34,21 @@
 @Builder
 public class EmailServer
 {
-    private final String id;
-    private final String host;
-    private final int port;
-    private final String username;
-    private final PasswordData password;
-    private final Properties javaMailProps;
-    private final javax.mail.Session session;
+    private String id;
+    private String host;
+    private int port;
+    private String username;
+    private PasswordData password;
+    private Properties javaMailProps;
+    private javax.mail.Session session;
+    private SmtpServerType type;
 
     public String toDebugString()
     {
         final Map<String, String> debugProps = new LinkedHashMap<>(  );
         debugProps.put( "id", id );
         debugProps.put( "host", host );
+        debugProps.put( "type", type.name() );
         debugProps.put( "port", String.valueOf( port ) );
         if ( !StringUtil.isEmpty( username ) )
         {