[GitHub] [james-project] quantranhong1999 edited a comment on pull request #810: JAMES-3680 SMTP enable OAUTHBEARER authentication

Tue, 28 Dec 2021 20:46:10 -0800 


quantranhong1999 edited a comment on pull request #810:
URL: https://github.com/apache/james-project/pull/810#issuecomment-1002393822


   openssl client test:
   - Success case:
   <pre><span style="background-color:#2E3436"> </span><span 
style="background-color:#2E3436"><font color="#CC0000">✘</font></span><span 
style="background-color:#2E3436"> hp@hp-quanth </span><span 
style="background-color:#3465A4"><font color="#2E3436"> ~ </font></span><font 
color="#3465A4"></font> <font color="#4E9A06">openssl</font> s_client 
-starttls smtp -crlf -connect localhost:39983 
   CONNECTED(00000003)
   Can&apos;t use SSL_get_servername
   depth=0 C = FR, ST = Unknown, L = Puteaux, O = James, OU = Linagora, CN = 
Benoit Tellier
   verify error:num=18:self signed certificate
   verify return:1
   depth=0 C = FR, ST = Unknown, L = Puteaux, O = James, OU = Linagora, CN = 
Benoit Tellier
   verify error:num=10:certificate has expired
   notAfter=Nov 24 07:32:55 2015 GMT
   verify return:1
   depth=0 C = FR, ST = Unknown, L = Puteaux, O = James, OU = Linagora, CN = 
Benoit Tellier
   notAfter=Nov 24 07:32:55 2015 GMT
   verify return:1
   ---
   Certificate chain
    0 s:C = FR, ST = Unknown, L = Puteaux, O = James, OU = Linagora, CN = 
Benoit Tellier
      i:C = FR, ST = Unknown, L = Puteaux, O = James, OU = Linagora, CN = 
Benoit Tellier
   ---
   Server certificate
   -----BEGIN CERTIFICATE-----
   MIIDeTCCAmGgAwIBAgIEXaLC/zANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJG
   UjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHUHV0ZWF1eDEOMAwGA1UEChMF
   SmFtZXMxETAPBgNVBAsTCExpbmFnb3JhMRcwFQYDVQQDEw5CZW5vaXQgVGVsbGll
   cjAeFw0xNTA4MjYwNzMyNTVaFw0xNTExMjQwNzMyNTVaMG0xCzAJBgNVBAYTAkZS
   MRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdQdXRlYXV4MQ4wDAYDVQQKEwVK
   YW1lczERMA8GA1UECxMITGluYWdvcmExFzAVBgNVBAMTDkJlbm9pdCBUZWxsaWVy
   MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhW0GWSgkK44XQpwLn8KX
   q9kJ3zgDYllEX7W8p+3sBYMAP0JC+lzh42mX/8XHti0vkmv/vjk0paAsB9s5uYhv
   /W94sdqjexi3L213+OD5Kcy+2tTgXN1ucF65d/dDeqGHAyBs1rm6LgyRwQ5ye8Cl
   OtXbSkz5qujmnFDDzrDIgzefxFsTHHIBTsdyttq2Atqzgdg2LHaFbIntwr6lfl9v
   puXr8p+CY6PfehX8mdmaJ7J/gfAll3zzdgeNUoAW0eDvcsphJ06elsDahieo0n/o
   XVhy+TGWtAQRDZQDjeK2BX/vVSPAlGOW7hVTv7WycAolzKlXZyiJMnwTWJl6YoUP
   vQIDAQABoyEwHzAdBgNVHQ4EFgQU7tDLswRlOJqoX4aVgrXRQbmOYbIwDQYJKoZI
   hvcNAQELBQADggEBAGmzK2i2H5D6xITyN1iNQhXbABQ/3rz9K5dEvy0ZLgYOUqyw
   1WD43Do/A3eZuEZbuuYAlbvDEUNgS7rJ5HCrwIKFbPHWmfRX2j59UX+R8fI6G9wB
   qqcRYWpert347rGT/7MFLHk55LL6Tf//fwoWu6GWRj3wTvosVuunUiiC6zTS4MN9
   moJp+IF03Q6JOPWu7/tfaKfXQHxG/hK492oV2vBG2r29UUJW6YO1S0DK+/cU0cCu
   +jqbY1ZOIAk906onRUFoPGuypOm3vmbE6mo5o49rNtp+VmZagZ7GsjJ4KWJB1c6d
   SFNIFlH2VlS8Lywr2tesClWO5tqtMswRsoA9GeU=
   -----END CERTIFICATE-----
   subject=C = FR, ST = Unknown, L = Puteaux, O = James, OU = Linagora, CN = 
Benoit Tellier
   
   issuer=C = FR, ST = Unknown, L = Puteaux, O = James, OU = Linagora, CN = 
Benoit Tellier
   
   ---
   No client certificate CA names sent
   Peer signing digest: SHA256
   Peer signature type: RSA-PSS
   Server Temp Key: X25519, 253 bits
   ---
   SSL handshake has read 1613 bytes and written 396 bytes
   Verification error: certificate has expired
   ---
   New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
   Server public key is 2048 bit
   Secure Renegotiation IS NOT supported
   Compression: NONE
   Expansion: NONE
   No ALPN negotiated
   Early data was not sent
   Verify return code: 10 (certificate has expired)
   ---
   250 STARTTLS
   ---
   Post-Handshake New Session Ticket arrived:
   SSL-Session:
       Protocol  : TLSv1.3
       Cipher    : TLS_AES_256_GCM_SHA384
       Session-ID: 
F9B28D6A7E1BD26A6F5781FC63A042C884917BF323202D126A332CEF94820310
       Session-ID-ctx: 
       Resumption PSK: 
6BBC0ACE586E5DF5328C23F7E5FFE602FEB4B0AD9175A1A80E670A5F24001A354676D2B275BC1874541F2AF0199F60C3
       PSK identity: None
       PSK identity hint: None
       SRP username: None
       TLS session ticket lifetime hint: 86400 (seconds)
       TLS session ticket:
       0000 - 30 8d f3 6d b9 e8 72 3a-56 f1 6b bf 0b 2f 6d e6   0..m..r:V.k../m.
       0010 - 8d 3a 27 1d c8 06 8f d8-79 1b a1 bf 49 90 d0 f7   
.:&apos;.....y...I...
   
       Start Time: 1640752217
       Timeout   : 7200 (sec)
       Verify return code: 10 (certificate has expired)
       Extended master secret: no
       Max Early Data: 0
   ---
   read R BLOCK
   EHLO localhost
   250-hp-quanth Hello localhost [127.0.0.1])
   250-AUTH OAUTHBEARER
   250-AUTH=OAUTHBEARER
   250-PIPELINING
   250-ENHANCEDSTATUSCODES
   250 8BITMIME
   AUTH OAUTHBEARER 
bixhPXVzZXJAZG9tYWluLm9yZwFhdXRoPWV5SmhiR2NpT2lKU1V6STFOaUlzSW5SNWNDSTZJa3BYVkNJc0ltdHBaQ0k2SW5jNE1GQnpOVWxoYzI0dFlVZFhiWGN5VkhKNFJHbE9ZMkZvY0VneWMxaDZOWEJ4WkdoQmJEbElXR01pZlEuZXlKbGVIQWlPak01TXprMU1EWXhOamNzSW1saGRDSTZNVFl6T1RVd05UZzJOeXdpWVhWMGFGOTBhVzFsSWpvek5qTTVOVEExT0RReExDSnFkR2tpT2lKak1qUTVaVEJrTmkxalkySmlMVFJtWkRBdE9ESTVZaTA0T1RNMU1qY3pOMll6WkdJaUxDSnBjM01pT2lKb2RIUndPaTh2Ykc5allXeG9iM04wT2pnd09EQXZZWFYwYUM5eVpXRnNiWE12Y21WaGJHMHhJaXdpWVhWa0lqb2lZV05qYjNWdWRDSXNJbk4xWWlJNklqSXdORFV5TnpGaUxXTXhZbUl0TkRKaU9DMWhNVGt3TFRobFlXSTFNbVl6WW1Fd09TSXNJblI1Y0NJNklrSmxZWEpsY2lJc0ltRjZjQ0k2SW1GalkyOTFiblF0WTI5dWMyOXNaU0lzSW01dmJtTmxJam9pTldVeU9HSmpOVEF0T0RFNU5TMDBOak0zTFRobU1XRXRZV1V6TldGbFlUazBOVGMxSWl3aWMyVnpjMmx2Ymw5emRHRjBaU0k2SW1NeFl6STNNbVl3TFdNd01qQXROR1ptTUMxaE16WXdMVFEzTUdKbFlXVmxOV1V3TUNJc0ltRmpjaUk2SWpBaUxDSnlaWE52ZFhKalpWOWhZMk5sYzNNaU9uc2lZV05qYjNWdWRDSTZleUp5YjJ4bGN5STZXeUp0WVc1aFoyVXRZV05qYjNWdWRDSXNJbTFoYm1GblpTMWhZMk52ZFc1MExXeHBibXR6SWwxOWZTd2ljMk52Y0
 
dVaU9pSnZjR1Z1YVdRZ1pXMWhhV3dnY0hKdlptbHNaU0lzSW5OcFpDSTZJbU14WXpJM01tWXdMV013TWpBdE5HWm1NQzFoTXpZd0xUUTNNR0psWVdWbE5XVXdNQ0lzSW1WdFlXbHNYM1psY21sbWFXVmtJanBtWVd4elpTd2ljSEpsWm1WeWNtVmtYM1Z6WlhKdVlXMWxJam9pYW1GdFpYTWlMQ0psYldGcGJGOWhaR1J5WlhOeklqb2lkWE5sY2tCa2IyMWhhVzR1YjNKbkluMC5icUhzWDN5bmdYd1h5Vlc3TGVuS3pIYmRxWnkxQW1DakUzUVdycDdZMXNkX3pjUUV1NVdBQndMSU9BenJYaU5GZUd3eXd3OHRhR0pCZFlhMEtUQkNZNk1Za0FIQUVhMXZ5eU8xTGZKZ3IzY0lmUVQ2V0NmM2cyQkpxSFJqVXNxTmdUX1NpdDlkcnVNUmtlMDFtMVYwRW16cUlkTExIcDhWbC11NFIzSlNEeDFic1ExdzNXQ1JsY2dyX2szRUo3ak5pdU5ua2xDSDhfbzU5eTRjN1J6ZHBsLVk4dGNBMDduR2plSl83cVBnTlpYNmxnd3ZyMEVocFFwYlZESFh3UWxwMk5EemtXd0JMSlIwLVY1MFEwYS1MMFFENjl3cWVFYXFpMXhhUkFmeDJHd24yRmdDZ01VV3pLZVdfcWtFQlAwdG5OLXB6bDdqMzFFT25tS2hzaGxPdHcBAQ==
   235 Authentication successful.
   </pre>
   - Fail case:
   <pre><span style="background-color:#2E3436"> hp@hp-quanth </span><span 
style="background-color:#3465A4"><font color="#2E3436"> ~ </font></span><font 
color="#3465A4"></font> <font color="#4E9A06">openssl</font> s_client 
-starttls smtp -crlf -connect localhost:39983
   CONNECTED(00000003)
   ...
   EHLO localhost               
   250-hp-quanth Hello localhost [127.0.0.1])
   250-AUTH OAUTHBEARER
   250-AUTH=OAUTHBEARER
   250-PIPELINING
   250-ENHANCEDSTATUSCODES
   250 8BITMIME
   AUTH OAUTHBEARER invalidtoken
   334 
eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NvcGUiOiJzY29wZSIsInNjaGVtZXMiOiJodHRwczovL2V4YW1wbGUuY29tL2p3a3MifQ==
   AQ==
   535 Authentication Failed
   </pre>
   - Telnet try to do OAUTHBEARER when not STARTTLS should fail:
   <pre><span style="background-color:#2E3436"> hp@hp-quanth </span><span 
style="background-color:#3465A4"><font color="#2E3436"> ~ </font></span><font 
color="#3465A4"></font> <font color="#4E9A06">telnet</font> localhost 39983
   Trying 127.0.0.1...
   Connected to localhost.
   Escape character is &apos;^]&apos;.
   220 Apache JAMES awesome SMTP Server
   EHLO localhost
   250-hp-quanth Hello localhost [127.0.0.1])
   250-PIPELINING
   250-ENHANCEDSTATUSCODES
   250-8BITMIME
   250 STARTTLS
   AUTH OAUTHBEARER 
bixhPXVzZXJAZG9tYWluLm9yZwFhdXRoPWV5SmhiR2NpT2lKU1V6STFOaUlzSW5SNWNDSTZJa3BYVkNJc0ltdHBaQ0k2SW5jNE1GQnpOVWxoYzI0dFlVZFhiWGN5VkhKNFJHbE9ZMkZvY0VneWMxaDZOWEJ4WkdoQmJEbElXR01pZlEuZXlKbGVIQWlPak01TXprMU1EWXhOamNzSW1saGRDSTZNVFl6T1RVd05UZzJOeXdpWVhWMGFGOTBhVzFsSWpvek5qTTVOVEExT0RReExDSnFkR2tpT2lKak1qUTVaVEJrTmkxalkySmlMVFJtWkRBdE9ESTVZaTA0T1RNMU1qY3pOMll6WkdJaUxDSnBjM01pT2lKb2RIUndPaTh2Ykc5allXeG9iM04wT2pnd09EQXZZWFYwYUM5eVpXRnNiWE12Y21WaGJHMHhJaXdpWVhWa0lqb2lZV05qYjNWdWRDSXNJbk4xWWlJNklqSXdORFV5TnpGaUxXTXhZbUl0TkRKaU9DMWhNVGt3TFRobFlXSTFNbVl6WW1Fd09TSXNJblI1Y0NJNklrSmxZWEpsY2lJc0ltRjZjQ0k2SW1GalkyOTFiblF0WTI5dWMyOXNaU0lzSW01dmJtTmxJam9pTldVeU9HSmpOVEF0T0RFNU5TMDBOak0zTFRobU1XRXRZV1V6TldGbFlUazBOVGMxSWl3aWMyVnpjMmx2Ymw5emRHRjBaU0k2SW1NeFl6STNNbVl3TFdNd01qQXROR1ptTUMxaE16WXdMVFEzTUdKbFlXVmxOV1V3TUNJc0ltRmpjaUk2SWpBaUxDSnlaWE52ZFhKalpWOWhZMk5sYzNNaU9uc2lZV05qYjNWdWRDSTZleUp5YjJ4bGN5STZXeUp0WVc1aFoyVXRZV05qYjNWdWRDSXNJbTFoYm1GblpTMWhZMk52ZFc1MExXeHBibXR6SWwxOWZTd2ljMk52Y0
 
dVaU9pSnZjR1Z1YVdRZ1pXMWhhV3dnY0hKdlptbHNaU0lzSW5OcFpDSTZJbU14WXpJM01tWXdMV013TWpBdE5HWm1NQzFoTXpZd0xUUTNNR0psWVdWbE5XVXdNQ0lzSW1WdFlXbHNYM1psY21sbWFXVmtJanBtWVd4elpTd2ljSEpsWm1WeWNtVmtYM1Z6WlhKdVlXMWxJam9pYW1GdFpYTWlMQ0psYldGcGJGOWhaR1J5WlhOeklqb2lkWE5sY2tCa2IyMWhhVzR1YjNKbkluMC5icUhzWDN5bmdYd1h5Vlc3TGVuS3pIYmRxWnkxQW1DakUzUVdycDdZMXNkX3pjUUV1NVdBQndMSU9BenJYaU5GZUd3eXd3OHRhR0pCZFlhMEtUQkNZNk1Za0FIQUVhMXZ5eU8xTGZKZ3IzY0lmUVQ2V0NmM2cyQkpxSFJqVXNxTmdUX1NpdDlkcnVNUmtlMDFtMVYwRW16cUlkTExIcDhWbC11NFIzSlNEeDFic1ExdzNXQ1JsY2dyX2szRUo3ak5pdU5ua2xDSDhfbzU5eTRjN1J6ZHBsLVk4dGNBMDduR2plSl83cVBnTlpYNmxnd3ZyMEVocFFwYlZESFh3UWxwMk5EemtXd0JMSlIwLVY1MFEwYS1MMFFENjl3cWVFYXFpMXhhUkFmeDJHd24yRmdDZ01VV3pLZVdfcWtFQlAwdG5OLXB6bDdqMzFFT25tS2hzaGxPdHcBAQ==
   504 Unrecognized Authentication Type
   </pre>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to