feat: Implement Deno-native STARTTLS handler and connection wrapper
- Refactored STARTTLS implementation to use Deno's native TLS via Deno.startTls(). - Introduced ConnectionWrapper to provide a Node.js net.Socket-compatible interface for Deno.Conn and Deno.TlsConn. - Updated TlsHandler to utilize the new STARTTLS implementation. - Added comprehensive SMTP authentication tests for PLAIN and LOGIN mechanisms. - Implemented rate limiting tests for SMTP server connections and commands. - Enhanced error handling and logging throughout the STARTTLS and connection upgrade processes.
This commit is contained in:
@@ -110,100 +110,84 @@ export class TlsHandler implements ITlsHandler {
|
||||
}
|
||||
|
||||
/**
|
||||
* Upgrade a connection to TLS
|
||||
* Upgrade a connection to TLS using Deno-native implementation
|
||||
* @param socket - Client socket
|
||||
*/
|
||||
public async startTLS(socket: plugins.net.Socket): Promise<plugins.tls.TLSSocket> {
|
||||
public async startTLS(socket: plugins.net.Socket): Promise<plugins.tls.TLSSocket | any> {
|
||||
// Get the session for this socket
|
||||
const session = this.smtpServer.getSessionManager().getSession(socket);
|
||||
|
||||
|
||||
try {
|
||||
// Import the enhanced STARTTLS handler
|
||||
// This uses a more robust approach to TLS upgrades
|
||||
// Use the unified STARTTLS implementation (Deno-native)
|
||||
const { performStartTLS } = await import('./starttls-handler.ts');
|
||||
|
||||
SmtpLogger.info('Using enhanced STARTTLS implementation');
|
||||
|
||||
// Use the enhanced STARTTLS handler with better error handling and socket management
|
||||
|
||||
SmtpLogger.info('Starting STARTTLS upgrade', {
|
||||
remoteAddress: socket.remoteAddress,
|
||||
remotePort: socket.remotePort
|
||||
});
|
||||
|
||||
const serverOptions = this.smtpServer.getOptions();
|
||||
const tlsSocket = await performStartTLS(socket, {
|
||||
key: serverOptions.key,
|
||||
cert: serverOptions.cert,
|
||||
ca: serverOptions.ca,
|
||||
session: session,
|
||||
session,
|
||||
sessionManager: this.smtpServer.getSessionManager(),
|
||||
connectionManager: this.smtpServer.getConnectionManager(),
|
||||
// Callback for successful upgrade
|
||||
onSuccess: (secureSocket) => {
|
||||
SmtpLogger.info('TLS connection successfully established via enhanced STARTTLS', {
|
||||
SmtpLogger.info('TLS connection successfully established', {
|
||||
remoteAddress: secureSocket.remoteAddress,
|
||||
remotePort: secureSocket.remotePort,
|
||||
protocol: secureSocket.getProtocol() || 'unknown',
|
||||
cipher: secureSocket.getCipher()?.name || 'unknown'
|
||||
remotePort: secureSocket.remotePort
|
||||
});
|
||||
|
||||
// Log security event
|
||||
|
||||
SmtpLogger.logSecurityEvent(
|
||||
SecurityLogLevel.INFO,
|
||||
SecurityEventType.TLS_NEGOTIATION,
|
||||
'STARTTLS successful with enhanced implementation',
|
||||
{
|
||||
protocol: secureSocket.getProtocol(),
|
||||
cipher: secureSocket.getCipher()?.name
|
||||
},
|
||||
'STARTTLS successful',
|
||||
{},
|
||||
secureSocket.remoteAddress,
|
||||
undefined,
|
||||
true
|
||||
);
|
||||
},
|
||||
// Callback for failed upgrade
|
||||
onFailure: (error) => {
|
||||
SmtpLogger.error(`Enhanced STARTTLS failed: ${error.message}`, {
|
||||
SmtpLogger.error(`STARTTLS failed: ${error.message}`, {
|
||||
sessionId: session?.id,
|
||||
remoteAddress: socket.remoteAddress,
|
||||
error
|
||||
});
|
||||
|
||||
// Log security event
|
||||
|
||||
SmtpLogger.logSecurityEvent(
|
||||
SecurityLogLevel.ERROR,
|
||||
SecurityEventType.TLS_NEGOTIATION,
|
||||
'Enhanced STARTTLS failed',
|
||||
'STARTTLS failed',
|
||||
{ error: error.message },
|
||||
socket.remoteAddress,
|
||||
undefined,
|
||||
false
|
||||
);
|
||||
},
|
||||
// Function to update session state
|
||||
updateSessionState: this.smtpServer.getSessionManager().updateSessionState?.bind(this.smtpServer.getSessionManager())
|
||||
});
|
||||
|
||||
// If STARTTLS failed with the enhanced implementation, log the error
|
||||
|
||||
if (!tlsSocket) {
|
||||
SmtpLogger.warn('Enhanced STARTTLS implementation failed to create TLS socket', {
|
||||
sessionId: session?.id,
|
||||
remoteAddress: socket.remoteAddress
|
||||
});
|
||||
throw new Error('Failed to create TLS socket');
|
||||
}
|
||||
|
||||
|
||||
return tlsSocket;
|
||||
} catch (error) {
|
||||
// Log STARTTLS failure
|
||||
SmtpLogger.error(`Failed to upgrade connection to TLS: ${error instanceof Error ? error.message : String(error)}`, {
|
||||
remoteAddress: socket.remoteAddress,
|
||||
remotePort: socket.remotePort,
|
||||
error: error instanceof Error ? error : new Error(String(error)),
|
||||
stack: error instanceof Error ? error.stack : 'No stack trace available'
|
||||
});
|
||||
|
||||
// Log security event
|
||||
|
||||
SmtpLogger.logSecurityEvent(
|
||||
SecurityLogLevel.ERROR,
|
||||
SecurityEventType.TLS_NEGOTIATION,
|
||||
'Failed to upgrade connection to TLS',
|
||||
{
|
||||
{
|
||||
error: error instanceof Error ? error.message : String(error),
|
||||
stack: error instanceof Error ? error.stack : 'No stack trace available'
|
||||
},
|
||||
@@ -211,8 +195,7 @@ export class TlsHandler implements ITlsHandler {
|
||||
undefined,
|
||||
false
|
||||
);
|
||||
|
||||
// Destroy the socket on error
|
||||
|
||||
socket.destroy();
|
||||
throw error;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user