jasync-sql
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLConnectionHandler.kt
Lines changed: 19 additions & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLConnectionHandler.kt
Lines changed: 19 additions & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLFrameDecoder.kt
Lines changed: 9 additions & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLFrameDecoder.kt
Lines changed: 9 additions & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/decoder/AuthMoreDataDecoder.kt
Lines changed: 13 additions & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/decoder/AuthMoreDataDecoder.kt
Lines changed: 13 additions & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/decoder/AuthenticationSwitchRequestDecoder.kt
Lines changed: 3 additions & 9 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/decoder/AuthenticationSwitchRequestDecoder.kt
Lines changed: 3 additions & 9 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/AuthenticationMethod.kt
Lines changed: 8 additions & 4 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/AuthenticationMethod.kt
Lines changed: 8 additions & 4 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/AuthenticationScrambler.kt
Lines changed: 44 additions & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/AuthenticationScrambler.kt
Lines changed: 44 additions & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/CachingSha2PasswordAuthentication.kt
Lines changed: 24 additions & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/CachingSha2PasswordAuthentication.kt
Lines changed: 24 additions & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/MySQLNativePasswordAuthentication.kt
Lines changed: 4 additions & 31 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/MySQLNativePasswordAuthentication.kt
Lines changed: 4 additions & 31 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/OldPasswordAuthentication.kt
Lines changed: 5 additions & 3 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/OldPasswordAuthentication.kt
Lines changed: 5 additions & 3 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/Sha256PasswordAuthentication.kt
Lines changed: 20 additions & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/Sha256PasswordAuthentication.kt
Lines changed: 20 additions & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/message/server/AuthMoreDataMessage.kt
Lines changed: 9 additions & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/message/server/AuthMoreDataMessage.kt
Lines changed: 9 additions & 0 deletions
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/message/server/AuthenticationSwitchRequest.kt
Lines changed: 1 addition & 1 deletion b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/message/server/AuthenticationSwitchRequest.kt
Lines changed: 1 addition & 1 deletion
diff --git a/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/message/server/ServerMessage.kt
Lines changed: 1 addition & 0 deletions b/‎mysql-async/src/main/java/com/github/jasync/sql/db/mysql/message/server/ServerMessage.kt
Lines changed: 1 addition & 0 deletions
@@ -20,6 +20,7 @@ postgresql-async/out/*
 mysql-async/target/*
 pool-async/target/*
 postgis-jasync/target/*
+r2dbc-mysql/target/*
 .rvmrc
 .ruby-version
 .ruby-gemset
 
@@ -4,6 +4,7 @@ import com.github.jasync.sql.db.Configuration
 import com.github.jasync.sql.db.exceptions.DatabaseException
 import com.github.jasync.sql.db.general.MutableResultSet
 import com.github.jasync.sql.db.mysql.binary.BinaryRowDecoder
+import com.github.jasync.sql.db.mysql.encoder.auth.AuthenticationMethod
 import com.github.jasync.sql.db.mysql.message.client.AuthenticationSwitchResponse
 import com.github.jasync.sql.db.mysql.message.client.CapabilityRequestMessage
 import com.github.jasync.sql.db.mysql.message.client.CloseStatementMessage
@@ -13,6 +14,7 @@ import com.github.jasync.sql.db.mysql.message.client.PreparedStatementPrepareMes
 import com.github.jasync.sql.db.mysql.message.client.QueryMessage
 import com.github.jasync.sql.db.mysql.message.client.QuitMessage
 import com.github.jasync.sql.db.mysql.message.client.SendLongDataMessage
+import com.github.jasync.sql.db.mysql.message.server.AuthMoreDataMessage
 import com.github.jasync.sql.db.mysql.message.server.AuthenticationSwitchRequest
 import com.github.jasync.sql.db.mysql.message.server.BinaryRowMessage
 import com.github.jasync.sql.db.mysql.message.server.ColumnDefini
A93C
tionMessage
@@ -23,6 +25,7 @@ import com.github.jasync.sql.db.mysql.message.server.OkMessage
 import com.github.jasync.sql.db.mysql.message.server.PreparedStatementPrepareResponse
 import com.github.jasync.sql.db.mysql.message.server.ResultSetRowMessage
 import com.github.jasync.sql.db.mysql.message.server.ServerMessage
+import com.github.jasync.sql.db.mysql.util.CapabilityFlag
 import com.github.jasync.sql.db.mysql.util.CharsetMapper
 import com.github.jasync.sql.db.util.ExecutorServiceUtils
 import com.github.jasync.sql.db.util.FP
@@ -72,6 +75,7 @@ class MySQLConnectionHandler(
     private val parsedStatements = HashMap<String, PreparedStatementHolder>()
     private val binaryRowDecoder = BinaryRowDecoder()
 
+    private var sslEstablished: Boolean = false
     private var currentPreparedStatementHolder: PreparedStatementHolder? = null
     private var currentPreparedStatement: PreparedStatement? = null
     private var currentQuery: MutableResultSet<ColumnDefinitionMessage>? = null
@@ -127,6 +131,20 @@ class MySQLConnectionHandler(
                     ServerMessage.EOF -> {
                         this.handleEOF(message)
                     }
+                    ServerMessage.AuthMoreData -> {
+                        val m = message as AuthMoreDataMessage
+
+                        if (!m.isSuccess()) {
+                            if (!sslEstablished) {
+                                throw IllegalStateException(
+                                    "Full authentication mode for ${AuthenticationMethod.CachingSha2} requires SSL"
+                                )
+                            }
+
+                            val request = AuthenticationSwitchRequest(AuthenticationMethod.CachingSha2, null)
+                            handlerDelegate.switchAuthentication(request)
+                        }
+                    }
                     ServerMessage.ColumnDefinition -> {
                         val m = message as ColumnDefinitionMessage
 
@@ -278,6 +296,7 @@ class MySQLConnectionHandler(
     fun write(message: CapabilityRequestMessage): ChannelFuture = writeAndHandleError(message)
 
     fun write(message: HandshakeResponseMessage): ChannelFuture {
+        sslEstablished = message.header.flags.contains(CapabilityFlag.CLIENT_SSL)
         decoder.hasDoneHandshake = true
         return writeAndHandleError(message)
     }
 
@@ -3,6 +3,7 @@ package com.github.jasync.sql.db.mysql.codec
 import com.github.jasync.sql.db.exceptions.BufferNotFullyConsumedException
 import com.github.jasync.sql.db.exceptions.NegativeMessageSizeException
 import com.github.jasync.sql.db.exceptions.ParserNotAvailableException
+import com.github.jasync.sql.db.mysql.decoder.AuthMoreDataDecoder
 import com.github.jasync.sql.db.mysql.decoder.AuthenticationSwitchRequestDecoder
 import com.github.jasync.sql.db.mysql.decoder.ColumnDefinitionDecoder
 import com.github.jasync.sql.db.mysql.decoder.ColumnProcessingFinishedDecoder
@@ -39,6 +40,7 @@ class MySQLFrameDecoder(val charset: Charset, private val connectionId: String)
     private val handshakeDecoder = HandshakeV10Decoder()
     private val errorDecoder = ErrorDecoder(charset)
     private val okDecoder = OkDecoder(charset)
+    private val authMoreDataDecoder = AuthMoreDataDecoder()
     private val columnDecoder = ColumnDefinitionDecoder(charset, DecoderRegistry(charset))
     private val authenticationSwitchRequestDecoder = AuthenticationSwitchRequestDecoder(charset)
     private val rowDecoder = ResultSetRowDecoder()
@@ -161,6 +163,13 @@ class MySQLFrameDecoder(val charset: Charset, private val connectionId: String)
                     }
                 }
             }
+                if (!isInQuery) {
+                    this.authMoreDataDecoder
+                } else {
+                    null
+                }
+            }
             else -> {
                 if (this.isInQuery) {
                     null
 
@@ -0,0 +1,13 @@
+package com.github.jasync.sql.db.mysql.decoder
+
+import com.github.jasync.sql.db.mysql.message.server.AuthMoreDataMessage
+import com.github.jasync.sql.db.mysql.message.server.ServerMessage
+import io.netty.buffer.ByteBuf
+
+class AuthMoreDataDecoder : MessageDecoder {
+    override fun decode(buffer: ByteBuf): ServerMessage {
+        return AuthMoreDataMessage(
+            data = buffer.readByte(),
+        )
+    }
+}
@@ -3,20 +3,14 @@ package com.github.jasync.sql.db.mysql.decoder
 import com.github.jasync.sql.db.mysql.message.server.AuthenticationSwitchRequest
 import com.github.jasync.sql.db.mysql.message.server.ServerMessage
 import com.github.jasync.sql.db.util.readCString
+import com.github.jasync.sql.db.util.readUntilEOF
 import io.netty.buffer.ByteBuf
-import io.netty.buffer.ByteBufUtil
 import java.nio.charset.Charset
 
 class AuthenticationSwitchRequestDecoder(val charset: Charset) : MessageDecoder {
     override fun decode(buffer: ByteBuf): ServerMessage {
         val method = buffer.readCString(charset)
-        val bytes: Int = buffer.readableBytes()
-        val terminal = 0.toByte()
-        val salt = if (bytes > 0 && buffer.getByte(buffer.writerIndex() - 1) == terminal) ByteBufUtil.getBytes(
-            buffer,
-            buffer.readerIndex(),
-            bytes - 1
-        ) else ByteBufUtil.getBytes(buffer)
-        return AuthenticationSwitchRequest(method, salt)
+        val seed = buffer.readUntilEOF(charset).toByteArray(charset)
+        return AuthenticationSwitchRequest(method, seed)
     }
 }
@@ -4,15 +4,19 @@ import java.nio.charset.Charset
 
 interface AuthenticationMethod {
 
-    fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray): ByteArray
+    fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray?): ByteArray
 
     companion object {
-        val Native = "mysql_native_password"
-        val Old = "mysql_old_password"
+        const val CachingSha2 = "caching_sha2_password"
+        const val Native = "mysql_native_password"
+        const val Old = "mysql_old_password"
+        const val Sha256 = "sha256_password"
 
         val Availables = mapOf(
+            CachingSha2 to CachingSha2PasswordAuthentication,
             Native to MySQLNativePasswordAuthentication,
-            Old to OldPasswordAuthentication
+            Old to OldPasswordAuthentication,
+            Sha256 to Sha256PasswordAuthentication,
         )
     }
 }
@@ -0,0 +1,44 @@
+package com.github.jasync.sql.db.mysql.encoder.auth
+
+import com.github.jasync.sql.db.util.length
+import java.nio.charset.Charset
+import java.security.MessageDigest
+import kotlin.experimental.xor
+
+object AuthenticationScrambler {
+
+    fun scramble411(
+        algorithm: String,
+        password: String,
+        charset: Charset,
+        seed: ByteArray,
+        seedFirst: Boolean,
+    ): ByteArray {
+        val messageDigest = MessageDigest.getInstance(algorithm)
+        val initialDigest = messageDigest.digest(password.toByteArray(charset))
+
+        messageDigest.reset()
+
+        val finalDigest = messageDigest.digest(initialDigest)
+
+        messageDigest.reset()
+
+        if (seedFirst) {
+            messageDigest.update(seed)
+            messageDigest.update(finalDigest)
+        } else {
+            messageDigest.update(finalDigest)
+            messageDigest.update(seed)
+        }
+
+        val result = messageDigest.digest()
+        var counter = 0
+
+        while (counter < result.length) {
+            result[counter] = (result[counter] xor initialDigest[counter])
+            counter += 1
+        }
+
+        return result
+    }
+}
@@ -0,0 +1,24 @@
+package com.github.jasync.sql.db.mysql.encoder.auth
+
+import java.nio.charset.Charset
+
+object CachingSha2PasswordAuthentication : AuthenticationMethod {
+
+    private val EmptyArray = ByteArray(0)
+
+    override fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray?): ByteArray {
+        return if (password != null) {
+            if (seed != null) {
+                // Fast authentication mode. Requires seed, but not SSL.
+                AuthenticationScrambler.scramble411("SHA-256", password, charset, seed, false)
+            } else {
+                // Full authentication mode.
+                // Since this sends the plaintext password, SSL is required.
+                // Without SSL, the server always rejects the password.
+                Sha256PasswordAuthentication.generateAuthentication(charset, password, null)
+            }
+        } else {
+            EmptyArray
+        }
+    }
+}
@@ -1,45 +1,18 @@
 package com.github.jasync.sql.db.mysql.encoder.auth
 
-import com.github.jasync.sql.db.util.length
 import java.nio.charset.Charset
-import java.security.MessageDigest
-import kotlin.experimental.xor
 
 object MySQLNativePasswordAuthentication : AuthenticationMethod {
 
-    val EmptyArray = ByteArray(0)
+    private val EmptyArray = ByteArray(0)
 
-    override fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray): ByteArray {
+    override fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray?): ByteArray {
+        requireNotNull(seed) { "Seed should not be null" }
 
         return if (password != null) {
-            scramble411(charset, password, seed)
+            AuthenticationScrambler.scramble411("SHA-1", password, charset, seed, true)
         } else {
             EmptyArray
         }
     }
-
-    private fun scramble411(charset: Charset, password: String, seed: ByteArray): ByteArray {
-
-        val messageDigest = MessageDigest.getInstance("SHA-1")
-        val initialDigest = messageDigest.digest(password.toByteArray(charset))
-
-        messageDigest.reset()
-
-        val finalDigest = messageDigest.digest(initialDigest)
-
-        messageDigest.reset()
-
-        messageDigest.update(seed)
-        messageDigest.update(finalDigest)
-
-        val result = messageDigest.digest()
-        var counter = 0
-
-        while (counter < result.length) {
-            result[counter] = (result[counter] xor initialDigest[counter])
-            counter += 1
-        }
-
-        return result
-    }
 }
@@ -7,11 +7,13 @@ import kotlin.math.floor
 @Suppress("RedundantExplicitType", "UNUSED_VALUE", "VARIABLE_WITH_REDUNDANT_INITIALIZER")
 object OldPasswordAuthentication : AuthenticationMethod {
 
-    val EmptyArray = ByteArray(0)
+    private val EmptyArray = ByteArray(0)
+
+    override fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray?): ByteArray {
+        requireNotNull(seed) { "Seed should not be null" }
 
-    override fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray): ByteArray {
         return when {
-            password != null && password.isNotEmpty() -> {
+            !password.isNullOrEmpty() -> {
                 newCrypt(charset, password, String(seed, charset))
             }
             else -> EmptyArray
 
@@ -0,0 +1,20 @@
+package com.github.jasync.sql.db.mysql.encoder.auth
+
+import com.github.jasync.sql.db.util.length
+import java.nio.charset.Charset
+
+object Sha256PasswordAuthentication : AuthenticationMethod {
+
+    private val EmptyArray = ByteArray(0)
+
+    override fun generateAuthentication(charset: Charset, password: String?, seed: ByteArray?): ByteArray {
+        return if (password != null) {
+            val bytes = password.toByteArray(charset)
+            val result = ByteArray(bytes.length + 1)
+            System.arraycopy(bytes, 0, result, 0, bytes.length)
+            result
+        } else {
+            EmptyArray
+        }
+    }
+}
@@ -0,0 +1,9 @@
+package com.github.jasync.sql.db.mysql.message.server
+
+data class AuthMoreDataMessage(
+    val data: Byte,
+) : ServerMessage(AuthMoreData) {
+    fun isSuccess(): Boolean {
+        return data == 3.toByte()
+    }
+}
@@ -2,5 +2,5 @@ package com.github.jasync.sql.db.mysql.message.server
 
 data class AuthenticationSwitchRequest(
     val method: String,
-    val seed: ByteArray
+    val seed: ByteArray?,
 ) : ServerMessage(ServerMessage.EOF)
@@ -8,6 +8,7 @@ abstract class ServerMessage(override val kind: Int) : KindedMessage {
         const val ServerProtocolVersion = 10
         const val Error = -1
         const val Ok = 0
+        const val AuthMoreData = 1
         const val EOF = -2
 
         // these messages don't actually exist