This is an automated email from the ASF dual-hosted git repository.
rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new cba9f013e8 JAMES-4063 Update SMIMECheckSignature to use Filesystem to
load crypto materials
cba9f013e8 is described below
commit cba9f013e8a1f3da4650d6d8ce3740e69687b4bb
Author: hung phan <[email protected]>
AuthorDate: Fri Aug 23 17:21:58 2024 +0700
JAMES-4063 Update SMIMECheckSignature to use Filesystem to load crypto
materials
---
mailet/crypto/pom.xml | 4 +++
.../transport/KeyStoreHolderConfiguration.java | 11 ++++---
.../james/transport/KeyStoreHolderFactory.java | 38 +++++++++++++++++-----
.../java/org/apache/james/transport/PemReader.java | 4 +--
.../transport/mailets/SMIMECheckSignature.java | 10 +++++-
.../apache/james/mailets/TemporaryJamesServer.java | 4 +--
...ckSignatureWithKeyStoreFileIntegrationTest.java | 3 +-
...MECheckSignatureWithPemFileIntegrationTest.java | 3 +-
8 files changed, 55 insertions(+), 22 deletions(-)
diff --git a/mailet/crypto/pom.xml b/mailet/crypto/pom.xml
index 44820e7ae7..bc7c11e2e5 100644
--- a/mailet/crypto/pom.xml
+++ b/mailet/crypto/pom.xml
@@ -41,6 +41,10 @@
<groupId>${james.groupId}</groupId>
<artifactId>apache-mailet-base</artifactId>
</dependency>
+ <dependency>
+ <groupId>${james.groupId}</groupId>
+ <artifactId>james-server-core</artifactId>
+ </dependency>
<dependency>
<groupId>${james.groupId}</groupId>
<artifactId>james-server-data-api</artifactId>
diff --git
a/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolderConfiguration.java
b/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolderConfiguration.java
index ae65bdebcb..3ef0e070c3 100644
---
a/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolderConfiguration.java
+++
b/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolderConfiguration.java
@@ -22,6 +22,7 @@ package org.apache.james.transport;
import java.security.KeyStore;
import java.util.Optional;
+import org.apache.james.filesystem.api.FileSystem;
import org.apache.mailet.MailetConfig;
import com.google.common.base.Preconditions;
@@ -118,8 +119,8 @@ public abstract class KeyStoreHolderConfiguration {
}
@Override
- public KeyStoreHolderFactory.FileLoader getFileLoader() {
- return new KeyStoreHolderFactory.KeyStoreFileLoader();
+ public KeyStoreHolderFactory.FileLoader getFileLoader(FileSystem
fileSystem) {
+ return new KeyStoreHolderFactory.KeyStoreFileLoader(fileSystem);
}
}
@@ -135,10 +136,10 @@ public abstract class KeyStoreHolderConfiguration {
}
@Override
- public KeyStoreHolderFactory.FileLoader getFileLoader() {
- return new KeyStoreHolderFactory.PemFileLoader();
+ public KeyStoreHolderFactory.FileLoader getFileLoader(FileSystem
fileSystem) {
+ return new KeyStoreHolderFactory.PemFileLoader(fileSystem);
}
}
- public abstract KeyStoreHolderFactory.FileLoader getFileLoader();
+ public abstract KeyStoreHolderFactory.FileLoader getFileLoader(FileSystem
fileSystem);
}
diff --git
a/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolderFactory.java
b/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolderFactory.java
index a0500fcff9..38e5ee3af3 100644
---
a/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolderFactory.java
+++
b/mailet/crypto/src/main/java/org/apache/james/transport/KeyStoreHolderFactory.java
@@ -20,7 +20,6 @@
package org.apache.james.transport;
import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.KeyStore;
@@ -32,6 +31,7 @@ import java.security.cert.CertificateException;
import jakarta.mail.MessagingException;
import org.apache.commons.io.input.UnsynchronizedBufferedInputStream;
+import org.apache.james.filesystem.api.FileSystem;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -39,12 +39,19 @@ import com.github.fge.lambdas.Throwing;
public class KeyStoreHolderFactory {
private static final Logger LOGGER =
LoggerFactory.getLogger(KeyStoreHolderFactory.class);
+ private static final String DEFAULT_KEYSTORE_FILE_PATH =
FileSystem.FILE_PROTOCOL + System.getProperty("java.home") +
"/lib/security/cacerts".replace('/', File.separatorChar);
interface FileLoader {
KeyStoreHolder load(KeyStoreHolderConfiguration config) throws
Exception;
}
static class KeyStoreFileLoader implements FileLoader {
+ private final FileSystem fileSystem;
+
+ public KeyStoreFileLoader(FileSystem fileSystem) {
+ this.fileSystem = fileSystem;
+ }
+
@Override
public KeyStoreHolder load(KeyStoreHolderConfiguration config) {
KeyStoreHolderConfiguration.KeyStoreConfiguration keyStoreConfig =
(KeyStoreHolderConfiguration.KeyStoreConfiguration) config;
@@ -52,19 +59,16 @@ public class KeyStoreHolderFactory {
.map(Throwing.function(fileName ->
createFromKeyStoreFile(fileName, keyStoreConfig.getKeyStorePassword(),
keyStoreConfig.getKeyStoreType())))
.orElseGet(Throwing.supplier(() -> {
LOGGER.info("No trusted store path specified, using
default store.");
- return
createFromKeyStoreFile(System.getProperty("java.home") +
"/lib/security/cacerts".replace('/', File.separatorChar),
- keyStoreConfig.getKeyStorePassword(),
- KeyStore.getDefaultType());
+ return createFromKeyStoreFile(DEFAULT_KEYSTORE_FILE_PATH,
keyStoreConfig.getKeyStorePassword(), KeyStore.getDefaultType());
}));
}
private KeyStoreHolder createFromKeyStoreFile(String keyStoreFileName,
String keyStorePassword, String keyStoreType)
throws KeyStoreException, NoSuchAlgorithmException,
CertificateException, IOException {
-
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(UnsynchronizedBufferedInputStream
.builder()
- .setInputStream(new FileInputStream(keyStoreFileName))
+ .setInputStream(fileSystem.getResource(keyStoreFileName))
.get(), keyStorePassword.toCharArray());
if (keyStore.size() == 0) {
throw new KeyStoreException("The keystore must be not empty");
@@ -74,10 +78,16 @@ public class KeyStoreHolderFactory {
}
static class PemFileLoader implements FileLoader {
+ private final FileSystem fileSystem;
+
+ public PemFileLoader(FileSystem fileSystem) {
+ this.fileSystem = fileSystem;
+ }
+
@Override
public KeyStoreHolder load(KeyStoreHolderConfiguration config) throws
Exception {
KeyStoreHolderConfiguration.PemConfiguration pemConfig =
(KeyStoreHolderConfiguration.PemConfiguration) config;
- KeyStore keyStore =
PemReader.loadTrustStore(pemConfig.getPemFileName());
+ KeyStore keyStore =
PemReader.loadTrustStore(fileSystem.getFile(pemConfig.getPemFileName()));
if (keyStore.size() == 0) {
throw new KeyStoreException("The keystore must be not empty");
}
@@ -85,10 +95,20 @@ public class KeyStoreHolderFactory {
}
}
- public static KeyStoreHolder
createKeyStoreHolder(KeyStoreHolderConfiguration config) throws
MessagingException {
+ public static KeyStoreHolderFactory from(FileSystem fileSystem) {
+ return new KeyStoreHolderFactory(fileSystem);
+ }
+
+ private final FileSystem fileSystem;
+
+ private KeyStoreHolderFactory(FileSystem fileSystem) {
+ this.fileSystem = fileSystem;
+ }
+
+ public KeyStoreHolder createKeyStoreHolder(KeyStoreHolderConfiguration
config) throws MessagingException {
try {
initJCE();
- return config.getFileLoader().load(config);
+ return config.getFileLoader(fileSystem).load(config);
} catch (Exception e) {
throw new MessagingException("Error loading the trusted
certificate store", e);
}
diff --git
a/mailet/crypto/src/main/java/org/apache/james/transport/PemReader.java
b/mailet/crypto/src/main/java/org/apache/james/transport/PemReader.java
index 589fe6da17..e9fe1b4032 100644
--- a/mailet/crypto/src/main/java/org/apache/james/transport/PemReader.java
+++ b/mailet/crypto/src/main/java/org/apache/james/transport/PemReader.java
@@ -68,11 +68,11 @@ public class PemReader {
"-+END\\s+.*PRIVATE\\s+KEY[^-]*-+", // Footer
CASE_INSENSITIVE);
- public static KeyStore loadTrustStore(String certificateChainFile) throws
IOException, GeneralSecurityException {
+ public static KeyStore loadTrustStore(File certificateChainFile) throws
IOException, GeneralSecurityException {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
- List<X509Certificate> certificateChain = readCertificateChain(new
File(certificateChainFile));
+ List<X509Certificate> certificateChain =
readCertificateChain(certificateChainFile);
for (X509Certificate certificate : certificateChain) {
X500Principal principal = certificate.getSubjectX500Principal();
keyStore.setCertificateEntry(principal.getName("RFC2253"),
certificate);
diff --git
a/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMECheckSignature.java
b/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMECheckSignature.java
index 1cd45756d4..7dfa7c072d 100644
---
a/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMECheckSignature.java
+++
b/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMECheckSignature.java
@@ -26,12 +26,14 @@ import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
+import jakarta.inject.Inject;
import jakarta.mail.MessagingException;
import jakarta.mail.Multipart;
import jakarta.mail.internet.MimeBodyPart;
import jakarta.mail.internet.MimeMessage;
import jakarta.mail.internet.MimeMultipart;
+import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.transport.KeyStoreHolder;
import org.apache.james.transport.KeyStoreHolderConfiguration;
import org.apache.james.transport.KeyStoreHolderFactory;
@@ -112,11 +114,17 @@ public class SMIMECheckSignature extends GenericMailet {
private static final String SMIME_STATUS_HEADER = "X-SMIME-Status";
+ private final FileSystem fileSystem;
private KeyStoreHolder trustedCertificateStore;
private boolean stripSignature = false;
private boolean onlyTrusted = true;
private AttributeName mailAttribute =
AttributeName.of("org.apache.james.SMIMECheckSignature");
+ @Inject
+ public SMIMECheckSignature(FileSystem fileSystem) {
+ this.fileSystem = fileSystem;
+ }
+
@Override
public void init() throws MessagingException {
MailetConfig config = getMailetConfig();
@@ -136,7 +144,7 @@ public class SMIMECheckSignature extends GenericMailet {
mailAttribute = AttributeName.of(mailAttributeConf);
}
- trustedCertificateStore =
KeyStoreHolderFactory.createKeyStoreHolder(KeyStoreHolderConfiguration.from(config));
+ trustedCertificateStore =
KeyStoreHolderFactory.from(fileSystem).createKeyStoreHolder(KeyStoreHolderConfiguration.from(config));
}
@Override
diff --git
a/server/mailet/integration-testing/src/main/java/org/apache/james/mailets/TemporaryJamesServer.java
b/server/mailet/integration-testing/src/main/java/org/apache/james/mailets/TemporaryJamesServer.java
index 81139fae44..1f136009cd 100644
---
a/server/mailet/integration-testing/src/main/java/org/apache/james/mailets/TemporaryJamesServer.java
+++
b/server/mailet/integration-testing/src/main/java/org/apache/james/mailets/TemporaryJamesServer.java
@@ -139,9 +139,7 @@ public class TemporaryJamesServer {
"pop3server.xml",
"recipientrewritetable.xml",
"usersrepository.xml",
- "smime.p12",
- "trusted_cert_keystore",
- "trusted_certificate.pem");
+ "smime.p12");
private final GuiceJamesServer jamesServer;
diff --git
a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureWithKeyStoreFileIntegrationTest.java
b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureWithKeyStoreFileIntegrationTest.java
index d730acd0b1..1e0bdc0806 100644
---
a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureWithKeyStoreFileIntegrationTest.java
+++
b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureWithKeyStoreFileIntegrationTest.java
@@ -24,6 +24,7 @@ import static
org.apache.james.mailets.configuration.Constants.DEFAULT_DOMAIN;
import java.io.File;
import org.apache.james.MemoryJamesServerMain;
+import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.mailets.TemporaryJamesServer;
import org.apache.james.mailets.configuration.CommonProcessors;
import org.apache.james.mailets.configuration.MailetConfiguration;
@@ -59,7 +60,7 @@ public class
SMIMECheckSignatureWithKeyStoreFileIntegrationTest extends SMIMEChe
.mailet(SMIMECheckSignature.class)
.matcher(All.class)
.addProperty("fileType", "keystore")
- .addProperty("keyStoreFileName",
temporaryFolder.toPath().resolve("conf").resolve("trusted_cert_keystore").toAbsolutePath().toString())
+ .addProperty("keyStoreFileName",
FileSystem.CLASSPATH_PROTOCOL + "trusted_cert_keystore")
.addProperty("keyStorePassword", "secret")
.addProperty("keyStoreType", "PKCS12")
.addProperty("debug", "true"))
diff --git
a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureWithPemFileIntegrationTest.java
b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureWithPemFileIntegrationTest.java
index e850c0cd77..1c33661c59 100644
---
a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureWithPemFileIntegrationTest.java
+++
b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMECheckSignatureWithPemFileIntegrationTest.java
@@ -24,6 +24,7 @@ import static
org.apache.james.mailets.configuration.Constants.DEFAULT_DOMAIN;
import java.io.File;
import org.apache.james.MemoryJamesServerMain;
+import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.mailets.TemporaryJamesServer;
import org.apache.james.mailets.configuration.CommonProcessors;
import org.apache.james.mailets.configuration.MailetConfiguration;
@@ -59,7 +60,7 @@ public class SMIMECheckSignatureWithPemFileIntegrationTest
extends SMIMECheckSig
.mailet(SMIMECheckSignature.class)
.matcher(All.class)
.addProperty("fileType", "pem")
- .addProperty("pemFileName",
temporaryFolder.toPath().resolve("conf").resolve("trusted_certificate.pem").toAbsolutePath().toString())
+ .addProperty("pemFileName", FileSystem.CLASSPATH_PROTOCOL
+ "trusted_certificate.pem")
.addProperty("debug", "true"))
.addMailet(MailetConfiguration.LOCAL_DELIVERY))
.build();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
