jasync-sql
diff --git a/‎db-async-common/src/main/java/com/github/jasync/sql/db/Configuration.kt
Lines changed: 13 additions & 1 deletion b/‎db-async-common/src/main/java/com/github/jasync/sql/db/Configuration.kt
Lines changed: 13 additions & 1 deletion
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/MySQLConnection.kt
Lines changed: 25 additions & 2 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/MySQLConnection.kt
Lines changed: 25 additions & 2 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLConnectionHandler.kt
Lines changed: 1 addition & 13 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLConnectionHandler.kt
Lines changed: 1 addition & 13 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLHandlerDelegate.kt
Lines changed: 2 additions & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLHandlerDelegate.kt
Lines changed: 2 additions & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/AuthenticationSwitchResponseEncoder.kt
Lines changed: 1 addition & 1 deletion b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/AuthenticationSwitchResponseEncoder.kt
Lines changed: 1 addition & 1 deletion
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/HandshakeResponseEncoder.kt
Lines changed: 1 addition & 1 deletion b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/HandshakeResponseEncoder.kt
Lines changed: 1 addition & 1 deletion
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/AuthenticationMethod.kt
Lines changed: 2 additions & 1 deletion b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/AuthenticationMethod.kt
Lines changed: 2 additions & 1 deletion
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/AuthenticationScrambler.kt
Lines changed: 2 additions & 6 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/AuthenticationScrambler.kt
Lines changed: 2 additions & 6 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/CachingSha2PasswordAuthentication.kt
Lines changed: 5 additions & 10 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/CachingSha2PasswordAuthentication.kt
Lines changed: 5 additions & 10 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/MySQLNativePasswordAuthentication.kt
Lines changed: 3 additions & 2 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/MySQLNativePasswordAuthentication.kt
Lines changed: 3 additions & 2 deletions
@@ -10,10 +10,12 @@ import io.netty.channel.nio.NioEventLoopGroup
 import io.netty.util.CharsetUtil
 import mu.KotlinLogging
 import java.nio.charset.Charset
+import java.nio.file.Path
 import java.time.Duration
 import java.util.concurrent.CompletionStage
 import java.util.concurrent.Executor
 import java.util.function.Supplier
+import kotlin.io.path.notExists
 
 private val logger = KotlinLogging.logger {}
 
@@ -27,6 +29,7 @@ private val logger = KotlinLogging.logger {}
  * @param password password, defaults to no password
  * @param database database name, defaults to no database
  * @param ssl ssl configuration
+ * @param rsaPublicKey path to the RSA public key, used for password encryption over unsafe connections
  * @param charset charset for the connection, defaults to UTF-8, make sure you know what you are doing if you
  *                change this
  * @param maximumMessageSize the maximum size a message from the server could possibly have, this limits possible
@@ -52,6 +55,7 @@ class Configuration @JvmOverloads constructor(
     val password: String? = null,
     val database: String? = null,
     val ssl: SSLConfiguration = SSLConfiguration(),
+    val rsaPublicKey: Path? = null,
     val charset: Charset = CharsetUtil.UTF_8,
     val maximumMessageSize: Int = 16777216,
     val allocator: ByteBufAllocator = PooledByteBufAllocator.DEFAULT,
@@ -72,6 +76,10 @@ class Configuration @JvmOverloads constructor(
                     "Please change eventLoopGroup configuration."
             }
         }
+
+        if (rsaPublicKey != null && rsaPublicKey.notExists()) {
+            throw IllegalArgumentException("Public key file '$rsaPublicKey' does not exist")
+        }
     }
 
     fun resolveCredentials(): CompletionStage<Credentials> = (credentialsProvider ?: StaticCredentialsProvider(username, password)).provide()
@@ -84,6 +92,7 @@ class Configuration @JvmOverloads constructor(
         password: String? = null,
         database: String? = null,
         ssl: SSLConfiguration? = null,
+        rsaPublicKey: Path? = null,
         charset: Charset? = null,
         maximumMessageSize: Int? = null,
         allocator: ByteBufAllocator? = null,
@@ -104,6 +113,7 @@ class Configuration @JvmOverloads constructor(
             password = password ?: this.password,
             database = database ?: this.database,
             ssl = ssl ?: this.ssl,
+            rsaPublicKey = rsaPublicKey ?: this.rsaPublicKey,
             charset = charset ?: this.charset,
             maximumMessageSize = maximumMessageSize ?: this.maximumMessageSize,
             allocator = allocator ?: this.allocator,
@@ -131,6 +141,7 @@ class Configuration @JvmOverloads constructor(
         if (password != other.password) return false
         if (database != other.database) return false
         if (ssl != other.ssl) return false
+        if (rsaPublicKey != other.rsaPublicKey) return false
         if (charset != other.charset) return false
         if (maximumMessageSize != other.maximumMessageSize) return false
         if (allocator != other.allocator) return false
@@ -154,6 +165,7 @@ class Configuration @JvmOverloads constructor(
         result = 31 * result + (password?.hashCode() ?: 0)
         result = 31 * result + (database?.hashCode() ?: 0)
         result = 31 * result + ssl.hashCode()
+        result = 31 * result + rsaPublicKey.hashCode()
         result = 31 * result + charset.hashCode()
         result = 31 * result + maximumMessageSize
         result = 31 * result + allocator.hashCode()
@@ -170,7 +182,7 @@ class Configuration @JvmOverloads constructor(
     }
 
     override fun toString(): String {
-        return "Configuration(username='$username', host='$host', port=$port, password=****, database=$database, ssl=$ssl, charset=$charset, maximumMessageSize=$maximumMessageSize, allocator=$allocator, connectionTimeout=$connectionTimeout, queryTimeout=$queryTimeout, applicationName=$applicationName, interceptors=$interceptors, eventLoopGroup=$eventLoopGroup, executionContext=$executionContext, currentSchema=$currentSchema, socketPath=$socketPath, credentialsProvider=$credentialsProvider)"
+        return "Configuration(username='$username', host='$host', port=$port, password=****, database=$database, ssl=$ssl, rsaPublicKey=$rsaPublicKey, charset=$charset, maximumMessageSize=$maximumMessageSize, allocator=$allocator, connectionTimeout=$connectionTimeout, queryTimeout=$queryTimeout, applicationName=$applicationName, interceptors=$interceptors, eventLoopGroup=$eventLoopGroup, executionContext=$executionContext, currentSchema=$currentSchema, socketPath=$socketPath, credentialsProvider=$credentialsProvider)"
     }
 }
 
 
@@ -13,10 +13,12 @@ import com.github.jasync.sql.db.exceptions.InsufficientParametersException
 import com.github.jasync.sql.db.interceptor.PreparedStatementParams
 import com.github.jasync.sql.db.mysql.codec.MySQLConnectionHandler
 import com.github.jasync.sql.db.mysql.codec.MySQLHandlerDelegate
+import com.github.jasync.sql.db.mysql.encoder.auth.AuthenticationMethod
 import com.github.jasync.sql.db.mysql.exceptions.MySQLException
 import com.github.jasync.sql.db.mysql.message.client.AuthenticationSwitchResponse
 import com.github.jasync.sql.db.mysql.message.client.CapabilityRequestMessage
 import com.github.jasync.sql.db.mysql.message.client.HandshakeResponseMessage
+import com.github.jasync.sql.db.mysql.message.server.AuthMoreDataMessage
 import com.github.jasync.sql.db.mysql.message.server.AuthenticationSwitchRequest
 import com.github.jasync.sql.db.mysql.message.server.EOFMessage
 import com.github.jasync.sql.db.mysql.message.server.ErrorMessage
@@ -93,6 +95,8 @@ class MySQLConnection @JvmOverloads constructor(
     private var connected = false
     private var lastException: Throwable? = null
     private var serverVersion: Version? = null
+    private var authenticationMethod: String? = null
+    private var authenticationSeed: ByteArray? = null
 
     object StatusFlags {
         // https://dev.mysql.com/doc/internals/en/status-flags.html
@@ -259,6 +263,8 @@ class MySQLConnection @JvmOverloads constructor(
     override fun onHandshake(message: HandshakeMessage) {
         this.serverVersion = parseVersion(message.serverVersion)
         this.serverStatus = message.statusFlags
+        this.authenticationMethod = message.authenticationMethod
+        this.authenticationSeed = message.seed
 
         val switchToSsl = when (this.configuration.ssl.mode) {
             SSLConfiguration.Mode.Disable -> false
@@ -298,7 +304,8 @@ class MySQLConnection @JvmOverloads constructor(
             message.authenticationMethod,
             database = configuration.database,
             password = configuration.password,
-            appName = configuration.applicationName
+            appName = configuration.applicationName,
+            configuration = configuration,
         )
 
         if (!switchToSsl) {
@@ -336,7 +343,23 @@ class MySQLConnection @JvmOverloads constructor(
     }
 
     override fun switchAuthentication(message: AuthenticationSwitchRequest) {
-        this.connectionHandler.write(AuthenticationSwitchResponse(configuration.password, message))
+        this.connectionHandler.write(AuthenticationSwitchResponse(configuration, message))
+    }
+
+    override fun onAuthMoreData(message: AuthMoreDataMessage) {
+        if (message.isSuccess()) {
+            // Do nothing. This message will be followed by an `OkMessage`.
+            return
+        }
+
+        if (authenticationMethod != AuthenticationMethod.CachingSha2) {
+            throw IllegalStateException(
+                "AuthMoreDataMessage is only supported for '${AuthenticationMethod.CachingSha2}' method"
+            )
+        }
+
+        val m = AuthenticationSwitchRequest(AuthenticationMethod.Sha256, authenticationSeed!!)
+        this.connectionHandler.write(AuthenticationSwitchResponse(configuration, m))
     }
 
     override fun sendQueryDirect(query: String): CompletableFuture<QueryResult> {
 
@@ -4,7 +4,6 @@ import com.github.jasync.sql.db.Configuration
 import com.github.jasync.sql.db.exceptions.DatabaseException
 import com.github.jasync.sql.db.general.MutableResultSet
 import com.github.jasync.sql.db.mysql.binary.BinaryRowDecoder
-import com.github.jasync.sql.db.mysql.encoder.auth.AuthenticationMethod
 import com.github.jasync.sql.db.mysql.message.client.AuthenticationSwitchResponse
 import com.github.jasync.sql.db.mysql.message.client.CapabilityRequestMessage
 import com.github.jasync.sql.db.mysql.message.client.CloseStatementMessage
@@ -132,18 +131,7 @@ class MySQLConnectionHandler(
                         this.handleEOF(message)
                     }
                     ServerMessage.AuthMoreData -> {
-                        val m = message as AuthMoreDataMessage
-
-                        if (!m.isSuccess()) {
-                            if (!sslEstablished) {
-                                throw IllegalStateException(
-                                    "Full authentication mode for ${AuthenticationMethod.CachingSha2} requires SSL"
-                                )
-                            }
-
-                            val request = AuthenticationSwitchRequest(AuthenticationMethod.CachingSha2, null)
-                            handlerDelegate.switchAuthentication(request)
-                        }
+                        handlerDelegate.onAuthMoreData(message as AuthMoreDataMessage)
                     }
                     ServerMessage.ColumnDefinition -> {
                         val m = message as ColumnDefinitionMessage
 
@@ -1,6 +1,7 @@
 package com.github.jasync.sql.db.mysql.codec
 
 import com.github.jasync.sql.db.ResultSet
+import com.github.jasync.sql.db.mysql.message.server.AuthMoreDataMessage
 import com.github.jasync.sql.db.mysql.message.server.AuthenticationSwitchRequest
 import com.github.jasync.sql.db.mysql.message.server.EOFMessage
 import com.github.jasync.sql.db.mysql.message.server.ErrorMessage
@@ -18,5 +19,6 @@ interface MySQLHandlerDelegate {
     fun connected(ctx: ChannelHandlerContext)
     fun onResultSet(resultSet: ResultSet, message: EOFMessage)
     fun switchAuthentication(message: AuthenticationSwitchRequest)
+    fun onAuthMoreData(message: AuthMoreDataMessage)
     fun unregistered()
 }
@@ -21,7 +21,7 @@ class AuthenticationSwitchResponseEncoder(val charset: Charset) : MessageEncoder
         val buffer = ByteBufferUtils.packetBuffer()
 
         val bytes =
-            authenticator.generateAuthentication(charset, switch.password, switch.request.seed)
+            authenticator.generateAuthentication(charset, switch.configuration, switch.request.seed)
         buffer.writeBytes(bytes)
 
         return buffer
 
@@ -31,7 +31,7 @@ class HandshakeResponseEncoder(private val charset: Charset, private val headerE
             val authenticator = this.authenticationMethods.getOrElse(
                 method
             ) { throw UnsupportedAuthenticationMethodException(method) }
-            val bytes = authenticator.generateAuthentication(charset, m.password, m.seed)
+            val bytes = authenticator.generateAuthentication(charset, m.configuration, m.seed)
             buffer.writeByte(bytes.length)
             buffer.writeBytes(bytes)
         } else {
 
@@ -1,10 +1,11 @@
 package com.github.jasync.sql.db.mysql.encoder.auth
 
+import com.github.jasync.sql.db.Configuration
 import java.nio.charset.Charset
 
 interface AuthenticationMethod {
 
-    fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray?): ByteArray
+    fun generateAuthentication(charset: Charset, configuration: Configuration, seed: ByteArray): ByteArray
 
     companion object {
         const val CachingSha2 = "caching_sha2_password"
 
@@ -1,6 +1,5 @@
 package com.github.jasync.sql.db.mysql.encoder.auth
 
-import com.github.jasync.sql.db.util.length
 import java.nio.charset.Charset
 import java.security.MessageDigest
 import kotlin.experimental.xor
@@ -32,11 +31,8 @@ object AuthenticationScrambler {
         }
 
         val result = messageDigest.digest()
-        var counter = 0
-
-        while (counter < result.length) {
-            result[counter] = (result[counter] xor initialDigest[counter])
-            counter += 1
+        for ((index, byte) in result.withIndex()) {
+            result[index] = byte xor initialDigest[index]
         }
 
         return result
 
@@ -1,22 +1,17 @@
 package com.github.jasync.sql.db.mysql.encoder.auth
 
+import com.github.jasync.sql.db.Configuration
 import java.nio.charset.Charset
 
 object CachingSha2PasswordAuthentication : AuthenticationMethod {
 
     private val EmptyArray = ByteArray(0)
 
-    override fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray?): ByteArray {
+    override fun generateAuthentication(charset: Charset, configuration: Configuration, seed: ByteArray): ByteArray {
+        val password = configuration.password
+
         return if (password != null) {
-            if (seed != null) {
-                // Fast authentication mode. Requires seed, but not SSL.
-                AuthenticationScrambler.scramble411("SHA-256", password, charset, seed, false)
-            } else {
-                // Full authentication mode.
-                // Since this sends the plaintext password, SSL is required.
-                // Without SSL, the server always rejects the password.
-                Sha256PasswordAuthentication.generateAuthentication(charset, password, null)
-            }
+            AuthenticationScrambler.scramble411("SHA-256", password, charset, seed, false)
         } else {
             EmptyArray
         }
 
@@ -1,13 +1,14 @@
 package com.github.jasync.sql.db.mysql.encoder.auth
 
+import com.github.jasync.sql.db.Configuration
 import java.nio.charset.Charset
 
 object MySQLNativePasswordAuthentication : AuthenticationMethod {
 
     private val EmptyArray = ByteArray(0)
 
-    override fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray?): ByteArray {
-        requireNotNull(seed) { "Seed should not be null" }
+    override fun generateAuthentication(charset: Charset, configuration: Configuration, seed: ByteArray): ByteArray {
+        val password = configuration.password
 
         return if (password != null) {
             AuthenticationScrambler.scramble411("SHA-1", password, charset, seed, true)