This is an automated email from the ASF dual-hosted git repository.
rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new 1005b543fc JAMES-4056 Update SMIMECheckSignature for case mail with
multiple certs
1005b543fc is described below
commit 1005b543fc485ec7ac0ede2df6a89cfb89d403de
Author: hung phan <[email protected]>
AuthorDate: Thu Aug 22 16:10:18 2024 +0700
JAMES-4056 Update SMIMECheckSignature for case mail with multiple certs
---
.../org/apache/james/transport/KeyStoreHolder.java | 8 +--
.../smime-test-resource-set/instruction.md | 5 ++
.../mail-with-signature-and-multi-certs.eml | 71 ++++++++++++++++++++++
.../crypto/SMIMECheckSignatureIntegrationTest.java | 14 +++++
4 files changed, 94 insertions(+), 4 deletions(-)
diff --git
a/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolder.java
b/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolder.java
index 34db4aa8ce..062f30ba67 100644
--- a/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolder.java
+++ b/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolder.java
@@ -17,8 +17,6 @@
* under the License. *
****************************************************************/
-
-
package org.apache.james.transport;
import java.security.InvalidAlgorithmParameterException;
@@ -34,6 +32,7 @@ import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Iterator;
import java.util.List;
import jakarta.mail.MessagingException;
@@ -98,8 +97,9 @@ public class KeyStoreHolder {
X509CertSelector certSelector = new
JcaX509CertSelectorConverter().getCertSelector(x509CertificateHolderSelector);
@SuppressWarnings("unchecked")
Collection<X509Certificate> certCollection =
(Collection<X509Certificate>) certs.getCertificates(certSelector);
- if (!certCollection.isEmpty()) {
- X509Certificate signerCert = certCollection.iterator().next();
+ Iterator<X509Certificate> iterator = certCollection.iterator();
+ while (iterator.hasNext()) {
+ X509Certificate signerCert = iterator.next();
// The issuer's certifcate is searched in the list of trusted
certificate.
CertPath path = verifyCertificate(signerCert, certs, keyStore);
diff --git
a/server/mailet/integration-testing/src/main/resources/smime-test-resource-set/instruction.md
b/server/mailet/integration-testing/src/main/resources/smime-test-resource-set/instruction.md
index a136c9aca1..228f64f3d3 100644
---
a/server/mailet/integration-testing/src/main/resources/smime-test-resource-set/instruction.md
+++
b/server/mailet/integration-testing/src/main/resources/smime-test-resource-set/instruction.md
@@ -26,6 +26,11 @@
mail_with_signaturemail_with_signature_and_content_type_xpkcs7mime.eml was based
openssl smime -sign -in message -out signed-message -signer certificate.crt
-inkey private.key -text -nodetach
```
+mail-with-signature-and-multi-certs.eml was based on the result of the
following command:
+```
+openssl smime -sign -in message -out signed-message-multi-cert -signer
certificate.crt -inkey private.key -certfile rootCA.crt -nodetach
+```
+
For more detail: https://certificate.nikhef.nl/info/smime-manual.html
password for everything: secret
diff --git
a/server/mailet/integration-testing/src/main/resources/smime-test-resource-set/mail-with-signature-and-multi-certs.eml
b/server/mailet/integration-testing/src/main/resources/smime-test-resource-set/mail-with-signature-and-multi-certs.eml
new file mode 100644
index 0000000000..966624e051
--- /dev/null
+++
b/server/mailet/integration-testing/src/main/resources/smime-test-resource-set/mail-with-signature-and-multi-certs.eml
@@ -0,0 +1,71 @@
+From: [email protected]
+To: [email protected]
+Subject: test
+Message-ID: <[email protected]>
+Date: Fri, 1 Nov 2019 10:21:39 +070
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/x-pkcs7-mime; smime-type=signed-data;
name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIILFAYJKoZIhvcNAQcCoIILBTCCCwECAQExDzANBglghkgBZQMEAgEFADCBwQYJ
+KoZIhvcNAQcBoIGzBIGwRnJvbTogdXNlckBqYW1lcy5vcmcNClRvOiB1c2VyMkBq
+YW1lcy5vcmcNClN1YmplY3Q6IHRlc3QNCk1lc3NhZ2UtSUQ6IDxkZjczYzA1YS0y
+ZTE4LTNlMjItMDQwYy05ZWRhNmFiZTAyYWVAb3Blbi1wYWFzLm9yZz4NCkRhdGU6
+IEZyaSwgMSBOb3YgMjAxOSAxMDoyMTozOSArMDcwMA0KDQp0ZXN0IFNNSU1FDQqg
+ggd1MIID5TCCAs2gAwIBAgIUASoDQ2Wf0Mef+y9bfCqSMy6hFfMwDQYJKoZIhvcN
+AQELBQAwgYAxCzAJBgNVBAYTAlZOMQ4wDAYDVQQIDAVIYW5vaTEOMAwGA1UEBwwF
+SGFub2kxETAPBgNVBAoMCExpbmFnb3JhMQ4wDAYDVQQLDAVKYW1lczEOMAwGA1UE
+AwwFYWRtaW4xHjAcBgkqhkiG9w0BCQEWD2FkbWluQGphbWVzLm9yZzAgFw0yNDA4
+MTUwODQzNDBaGA8yMjk4MDUzMTA4NDM0MFowgYAxCzAJBgNVBAYTAlZOMQ4wDAYD
+VQQIDAVIYW5vaTEOMAwGA1UEBwwFSGFub2kxETAPBgNVBAoMCExpbmFnb3JhMQ4w
+DAYDVQQLDAVKYW1lczEOMAwGA1UEAwwFYWRtaW4xHjAcBgkqhkiG9w0BCQEWD2Fk
+bWluQGphbWVzLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSh
+ojs1MXL0IAAjmuLTYoNzXGTjfsmdIi+M9n/I5+QGpixcQzaX5uniP6b+AgsIhRlQ
+PN+WixwWmpnDhZu+bV7bgJKXv0YmoKaGQGDb5N/PfuDpfGuVzQphjjtQP7jmW3wp
+qzNaMBT03z5nK/WBxeMJXE9bYNT5rP28YCDg0f8sSKSZkMUdlYfoUm+vYH9+bmIw
+zaTF6kRc6M+n/ELzDvDS+KevtJ3q4P710qTukH7uXEVEzs/lUSVtHXg/HrJ7tld3
+bnrqASDB0EmPljqjsHJB/f3n4PoT/Ansc4r4vjASQCPzr2yq6e7jHnU+QN4pXGUQ
+v5RdzGqThOSRnyvQSgcCAwEAAaNTMFEwHQYDVR0OBBYEFJLv8+NebeBDDJWLpb3c
+D+kFaIjeMB8GA1UdIwQYMBaAFJLv8+NebeBDDJWLpb3cD+kFaIjeMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFal8TpKaOBESJC9Nhb71Ivw8fV+
+kGdqYySdseOnuXgAorXfs6MK0ko/rbrTJjS9JImbFcxTqHim+kTTsiy3wvYBUi77
+DKoSXVhl5EuNkdkMG1EhR1kC7SUJv5C4o7i1OZIJwf7ATWyo/KbEezIIlvS7Jz9q
+7EOG9zm57k+noY/BvbcRCh0CmOyD5MuyFGw+PitPiWzsWTK0PCBKRKwzRi0hbw/w
+4PHkur+/0bhMVU4kuE7SquRn3pjoxtQqYGy55xEAl/Rkzd5a9PD7vTnf3o2RcA5/
+K/5NHJL1vvH3jMNLXBy/t3Uek5H/6BM8qxtAqNoJcnCfbm7zYz2GFGXThr0wggOI
+MIICcAIUDXdy6XER/kWHK41lTJxVJwXPZQ4wDQYJKoZIhvcNAQELBQAwgYAxCzAJ
+BgNVBAYTAlZOMQ4wDAYDVQQIDAVIYW5vaTEOMAwGA1UEBwwFSGFub2kxETAPBgNV
+BAoMCExpbmFnb3JhMQ4wDAYDVQQLDAVKYW1lczEOMAwGA1UEAwwFYWRtaW4xHjAc
+BgkqhkiG9w0BCQEWD2FkbWluQGphbWVzLm9yZzAgFw0yNDA4MTUwOTI2NDBaGA8y
+Mjk4MDUzMTA5MjY0MFowfjELMAkGA1UEBhMCVk4xDjAMBgNVBAgMBUhhbm9pMQ4w
+DAYDVQQHDAVIYW5vaTERMA8GA1UECgwITGluYWdvcmExDjAMBgNVBAsMBUphbWVz
+MQ0wCwYDVQQDDAR1c2VyMR0wGwYJKoZIhvcNAQkBFg51c2VyQGphbWVzLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLcZwGu1XOd6P/v+GqlOnef
+mH2Y1F0Ge1hRem3+c7//GbRtxXmYyGxW6oKMW7udOPd0bGHCXLk3VH8l08vrSt77
+yh44JSvrjvYdMkhqoTpJ63FZL7+ao1iEKaUdkYrbIK8fVumAYYhzroGOG769sAwM
+MB9WfP/hHQySXNpwbcq0lvSP6Rq4EqcB7Ulwi/5Yn3kFsXISZj33b88YkxQh5I8U
+wQoJrqs6QpgwNBRX5uuWWzeFrWocf54jrWzoRlVwS2w9M5Ur5EZPOtsg7NGKw9Gv
+nQorxz/7Ld0YUxboURgMeTkTunj8jSiNtfuBlVIwYBZeHnwwTv7tQxoYS2dCuIcC
+AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAIOdagiqlQLFR1jNu7owAFeWK52DIIdG/
+NGRzyXWHQntCwueKaF+ZX26NnD67R0HLvba55Oh5yoxGjcJCFXP8p0Y6xcqZEXm4
+6TgDp9YQlynHBU18eYzP30lQ5AWvJmWKsACYlUpZBgcGLNBfY9JEbxsED2lLcaku
+BoD1vaW3ETQH8TkZKK8gR4DYLDBSOE8EVPGmB1NsRgIPCEuFDd3ryLaMvz825QD7
+pGVgRImIm4lrpVeKduXcsSM0IahrDxL4mWfpcy0X4o2kt+Jlxjh8D3aTXydjERhg
+FgcOTYHjnsuWScgcdiUC/BUDzlrY99pG4i4TMm1926LVAe/0lkgovjGCAqwwggKo
+AgEBMIGZMIGAMQswCQYDVQQGEwJWTjEOMAwGA1UECAwFSGFub2kxDjAMBgNVBAcM
+BUhhbm9pMREwDwYDVQQKDAhMaW5hZ29yYTEOMAwGA1UECwwFSmFtZXMxDjAMBgNV
+BAMMBWFkbWluMR4wHAYJKoZIhvcNAQkBFg9hZG1pbkBqYW1lcy5vcmcCFA13culx
+Ef5FhyuNZUycVScFz2UOMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqGSIb3DQEJAzEL
+BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI0MDgyMjA4MTUyN1owLwYJKoZI
+hvcNAQkEMSIEIPAFGsqJYXBFuVNe+woIWC4vkb1UGeqsscNXRpfiRMW3MHkGCSqG
+SIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQME
+AQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG
+BSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAIEKazzjQMNY
+CysCn3a2aMZARZwnPoa9AoWTD6xiUnyl/NUwV0C9Fdfe16TQsNVHKjnCoM487C7P
+1d2oHgvWpYRLYGwOxaTC3Gxkx2JmBc19qMZd0Z5L1nW6bDQogk+Ujg0Yn4vIxrHq
+63PP2L73V8uqhj0NKlqOpBML2xlgnlWtvNkbFz77bT6Gwafb6a23MriamGh9re7r
+034fgys2wV271piKgNf9yLpTAkDpxIEeg16fmo8O3YsOkuhh8A9AvrmX9Ike9RLo
+DVS3xDm7YhvF/iPksprNcx68njWWcVI2WxqGYYBzUXGhh2MC+hfhyPzdLewjW64c
+SU7yaw2BnX0=
+
diff --git
a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureIntegrationTest.java
b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureIntegrationTest.java
index 6576d81207..8d02701f06 100644
---
a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureIntegrationTest.java
+++
b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureIntegrationTest.java
@@ -74,6 +74,20 @@ public abstract class SMIMECheckSignatureIntegrationTest {
assertThat(testIMAPClient().readFirstMessage()).containsSequence("X-SMIME-Status:
Good signature");
}
+ @Test
+ public void
checkSMIMESignatureShouldAddGoodSMIMEStatusWhenSignatureIsGoodAndMailContainsMultiCerts()
throws Exception {
+ messageSender().connect(LOCALHOST_IP,
jamesServer().getProbe(SmtpGuiceProbe.class).getSmtpAuthRequiredPort())
+ .authenticate(FROM, PASSWORD)
+ .sendMessageWithHeaders(FROM, RECIPIENT,
+
ClassLoaderUtils.getSystemResourceAsString("smime-test-resource-set/mail-with-signature-and-multi-certs.eml"));
+
+ testIMAPClient().connect(LOCALHOST_IP,
jamesServer().getProbe(ImapGuiceProbe.class).getImapPort())
+ .login(RECIPIENT, PASSWORD)
+ .select(TestIMAPClient.INBOX)
+ .awaitMessage(awaitAtMostOneMinute);
+
assertThat(testIMAPClient().readFirstMessage()).containsSequence("X-SMIME-Status:
Good signature");
+ }
+
@Test
public void checkSMIMESignatureShouldAddBadSMIMEStatusWhenSignatureIsBad()
throws Exception {
messageSender().connect(LOCALHOST_IP,
jamesServer().getProbe(SmtpGuiceProbe.class).getSmtpAuthRequiredPort())
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
