Repository: james-project Updated Branches: refs/heads/master d747e7d24 -> 76cabea09
MAILET-144 The matching of the recipient/certificate should be done by using a bouncycastle certificate holder Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/46afd92f Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/46afd92f Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/46afd92f Branch: refs/heads/master Commit: 46afd92fef4ecf940203241d4ab0c261c803d905 Parents: d747e7d Author: Antoine Duprat <adup...@linagora.com> Authored: Wed Jan 4 13:30:38 2017 +0100 Committer: Antoine Duprat <adup...@linagora.com> Committed: Mon Jan 30 10:33:08 2017 +0100 ---------------------------------------------------------------------- .../james/transport/mailets/SMIMEDecrypt.java | 17 ++- .../mailets/TemporaryFilesystemModule.java | 3 +- .../crypto/SMIMEDecryptIntegrationTest.java | 136 +++++++++++++++++++ .../james/mailets/utils/SMTPMessageSender.java | 11 ++ .../src/test/resources/eml/bad_crypted.eml | 36 +++++ .../src/test/resources/eml/crypted.eml | 29 ++++ .../src/test/resources/smime.p12 | Bin 0 -> 4141 bytes 7 files changed, 229 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/46afd92f/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMEDecrypt.java ---------------------------------------------------------------------- diff --git a/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMEDecrypt.java b/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMEDecrypt.java index 6c08dff..47422ab 100644 --- a/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMEDecrypt.java +++ b/mailet/crypto/src/main/java/org/apache/james/transport/mailets/SMIMEDecrypt.java @@ -23,6 +23,7 @@ package org.apache.james.transport.mailets; import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; @@ -36,6 +37,7 @@ import org.apache.james.transport.SMIMEKeyHolder; import org.apache.mailet.Mail; import org.apache.mailet.MailetConfig; import org.apache.mailet.base.GenericMailet; +import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.RecipientId; import org.bouncycastle.cms.RecipientInformation; @@ -72,6 +74,7 @@ import org.bouncycastle.mail.smime.SMIMEUtil; public class SMIMEDecrypt extends GenericMailet { private SMIMEKeyHolder keyHolder; + private X509CertificateHolder certificateHolder; protected String mailAttribute = "org.apache.james.SMIMEDecrypt"; public void init() throws MessagingException { @@ -100,7 +103,17 @@ public class SMIMEDecrypt extends GenericMailet { throw new MessagingException("Error loading keystore", e); } - + certificateHolder = from(keyHolder.getCertificate()); + } + + private X509CertificateHolder from(X509Certificate certificate) throws MessagingException { + try { + return new X509CertificateHolder(certificate.getEncoded()); + } catch (CertificateEncodingException e) { + throw new MessagingException("Error during the parsing of the certificate",e); + } catch (IOException e) { + throw new MessagingException("Error during the parsing of the certificate",e); + } } /** @@ -118,7 +131,7 @@ public class SMIMEDecrypt extends GenericMailet { Collection<RecipientInformation> recipients = informationStore.getRecipients(); for (RecipientInformation info : recipients) { RecipientId id = info.getRID(); - if (id.match(keyHolder.getCertificate())) { + if (id.match(certificateHolder)) { try { JceKeyTransEnvelopedRecipient recipient = new JceKeyTransEnvelopedRecipient(keyHolder.getPrivateKey()); // strippedMessage contains the decrypted message. http://git-wip-us.apache.org/repos/asf/james-project/blob/46afd92f/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/TemporaryFilesystemModule.java ---------------------------------------------------------------------- diff --git a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/TemporaryFilesystemModule.java b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/TemporaryFilesystemModule.java index e0faf0b..7e6786d 100644 --- a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/TemporaryFilesystemModule.java +++ b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/TemporaryFilesystemModule.java @@ -54,7 +54,8 @@ public class TemporaryFilesystemModule extends AbstractModule { "recipientrewritetable.xml", "smtpserver.xml", "usersrepository.xml", - "smime_1.p12"); + "smime_1.p12", + "smime.p12"); private final Supplier<File> workingDirectory; http://git-wip-us.apache.org/repos/asf/james-project/blob/46afd92f/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMEDecryptIntegrationTest.java ---------------------------------------------------------------------- diff --git a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMEDecryptIntegrationTest.java b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMEDecryptIntegrationTest.java new file mode 100644 index 0000000..e2696e4 --- /dev/null +++ b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/crypto/SMIMEDecryptIntegrationTest.java @@ -0,0 +1,136 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.mailets.crypto; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.apache.commons.io.IOUtils; +import org.apache.james.mailbox.model.MailboxConstants; +import org.apache.james.mailets.TemporaryJamesServer; +import org.apache.james.mailets.configuration.CommonProcessors; +import org.apache.james.mailets.configuration.MailetConfiguration; +import org.apache.james.mailets.configuration.MailetContainer; +import org.apache.james.mailets.configuration.ProcessorConfiguration; +import org.apache.james.mailets.utils.IMAPMessageReader; +import org.apache.james.mailets.utils.SMTPMessageSender; +import org.junit.After; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TemporaryFolder; + +import com.jayway.awaitility.Awaitility; +import com.jayway.awaitility.Duration; +import com.jayway.awaitility.core.ConditionFactory; + +public class SMIMEDecryptIntegrationTest { + + + private static final String LOCALHOST_IP = "127.0.0.1"; + private static final int IMAP_PORT = 1143; + private static final int SMTP_SECURE_PORT = 10465; + + private static final String DEFAULT_DOMAIN = "localdomain"; + private static final String FROM = "sender@" + DEFAULT_DOMAIN; + private static final String PASSWORD = "secret"; + + @Rule + public TemporaryFolder temporaryFolder = new TemporaryFolder(); + + private TemporaryJamesServer jamesServer; + private ConditionFactory calmlyAwait; + + @Before + public void setup() throws Exception { + MailetContainer mailetContainer = MailetContainer.builder() + .postmaster("postmaster@" + DEFAULT_DOMAIN) + .threads(5) + .addProcessor(CommonProcessors.root()) + .addProcessor(CommonProcessors.error()) + .addProcessor(ProcessorConfiguration.builder() + .state("transport") + .enableJmx(true) + .addMailet(MailetConfiguration.builder() + .match("All") + .clazz("RemoveMimeHeader") + .addProperty("name", "bcc") + .build()) + .addMailet(MailetConfiguration.builder() + .match("RecipientIsLocal") + .clazz("org.apache.james.jmap.mailet.VacationMailet") + .build()) + .addMailet(MailetConfiguration.builder() + .clazz("SMIMEDecrypt") + .match("All") + .addProperty("keyStoreFileName", temporaryFolder.getRoot().getAbsoluteFile().getAbsolutePath() + "/conf/smime.p12") + .addProperty("keyStorePassword", "secret") + .addProperty("keyStoreType", "PKCS12") + .addProperty("debug", "true") + .build()) + .addMailet(MailetConfiguration.builder() + .match("RecipientIsLocal") + .clazz("LocalDelivery") + .build()) + .build()) + .build(); + + jamesServer = new TemporaryJamesServer(temporaryFolder, mailetContainer); + Duration slowPacedPollInterval = Duration.FIVE_HUNDRED_MILLISECONDS; + calmlyAwait = Awaitility.with().pollInterval(slowPacedPollInterval).and().with().pollDelay(slowPacedPollInterval).await(); + + jamesServer.getServerProbe().addDomain(DEFAULT_DOMAIN); + jamesServer.getServerProbe().addUser(FROM, PASSWORD); + jamesServer.getServerProbe().createMailbox(MailboxConstants.USER_NAMESPACE, FROM, "INBOX"); + } + + @After + public void tearDown() { + jamesServer.shutdown(); + } + + @Test + public void cryptedMessageShouldBeDecryptedWhenCertificateMatches() throws Exception { + + try (SMTPMessageSender messageSender = SMTPMessageSender.authentication(LOCALHOST_IP, SMTP_SECURE_PORT, DEFAULT_DOMAIN, FROM, PASSWORD); + IMAPMessageReader imapMessageReader = new IMAPMessageReader(LOCALHOST_IP, IMAP_PORT)) { + messageSender.sendMessageWithHeaders(FROM, FROM, IOUtils.toString(ClassLoader.getSystemResourceAsStream("eml/crypted.eml"))); + calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageHasBeenSent); + calmlyAwait.atMost(Duration.ONE_MINUTE).until(() -> imapMessageReader.userReceivedMessage(FROM, PASSWORD)); + + assertThat(imapMessageReader.readFirstMessageInInbox(FROM, PASSWORD)) + .containsSequence("Crypted content"); + } + } + + @Test + public void cryptedMessageShouldNotBeDecryptedWhenCertificateDoesntMatch() throws Exception { + + try (SMTPMessageSender messageSender = SMTPMessageSender.authentication(LOCALHOST_IP, SMTP_SECURE_PORT, DEFAULT_DOMAIN, FROM, PASSWORD); + IMAPMessageReader imapMessageReader = new IMAPMessageReader(LOCALHOST_IP, IMAP_PORT)) { + messageSender.sendMessageWithHeaders(FROM, FROM, IOUtils.toString(ClassLoader.getSystemResourceAsStream("eml/bad_crypted.eml"))); + calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageHasBeenSent); + calmlyAwait.atMost(Duration.ONE_MINUTE).until(() -> imapMessageReader.userReceivedMessage(FROM, PASSWORD)); + + assertThat(imapMessageReader.readFirstMessageInInbox(FROM, PASSWORD)) + .containsSequence("MIAGCSqGSIb3DQEHA6CAMIACAQAxggKpMIICpQIBADCBjDCBhjELMAkGA1UE"); + } + } + +} http://git-wip-us.apache.org/repos/asf/james-project/blob/46afd92f/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/utils/SMTPMessageSender.java ---------------------------------------------------------------------- diff --git a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/utils/SMTPMessageSender.java b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/utils/SMTPMessageSender.java index 5ee5931..a2475eb 100644 --- a/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/utils/SMTPMessageSender.java +++ b/server/mailet/integration-testing/src/test/java/org/apache/james/mailets/utils/SMTPMessageSender.java @@ -76,6 +76,17 @@ public class SMTPMessageSender implements Closeable { } } + public void sendMessageWithHeaders(String from, String recipient, String message) { + try { + smtpClient.helo(senderDomain); + smtpClient.setSender(from); + smtpClient.rcpt("<" + recipient + ">"); + smtpClient.sendShortMessageData(message); + } catch (IOException e) { + throw Throwables.propagate(e); + } + } + public void sendMessage(Mail mail) throws MessagingException { try { String from = mail.getSender().asString(); http://git-wip-us.apache.org/repos/asf/james-project/blob/46afd92f/server/mailet/integration-testing/src/test/resources/eml/bad_crypted.eml ---------------------------------------------------------------------- diff --git a/server/mailet/integration-testing/src/test/resources/eml/bad_crypted.eml b/server/mailet/integration-testing/src/test/resources/eml/bad_crypted.eml new file mode 100644 index 0000000..571e0d4 --- /dev/null +++ b/server/mailet/integration-testing/src/test/resources/eml/bad_crypted.eml @@ -0,0 +1,36 @@ +Return-Path: <bad@localdomain> +MIME-Version: 1.0 +Delivered-To: bad@localdomain +Received: from 172.17.0.1 (EHLO [127.0.0.1]) ([172.17.0.1]) + by HOSTNAME (JAMES SMTP Server ) with ESMTP ID 1133072046 + for <bad@localdomain>; + Wed, 04 Jan 2017 11:00:49 +0000 (UTC) +To: bad@localdomain +From: bad <bad@localdomain> +Subject: test +Message-ID: <6a568227-58c9-a3bc-f0d4-dd3eeb6bce43@localdomain> +Date: Wed, 4 Jan 2017 12:00:49 +0100 +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 + Thunderbird/45.5.1 +Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7m" +Content-Description: =?UTF-8?Q?Message_chiffr=c3=a9_S/MIME?= + +MIAGCSqGSIb3DQEHA6CAMIACAQAxggKpMIICpQIBADCBjDCBhjELMAkGA1UEBhMCRlIxDzAN +BgNVBAgMBkZyYW5jZTENMAsGA1UEBwwETHlvbjERMA8GA1UECgwITGluYWdvcmExDjAMBgNV +BAsMBUphbWVzMRQwEgYDVQQDDAtsb2NhbGRvbWFpbjEeMBwGCSqGSIb3DQEJARYPYmFkQGxv +Y2FsZG9tYWluAgEBMA0GCSqGSIb3DQEBAQUABIICAI1UxuCdpInNJ0BRSWReJNkt1N+hX+dr +JrRlFRT2BnLcpzumGtVr9uEYC6JIkgAg3NVMqI7E9LQG260NSoQfKgDkBli/x9S5DJMtvqCz +wlOj3uyMKXK1rRKvLlVm3wJJHsO2n2oMRsDkf8cStshGBYsvMObxENt5n6X7HGsa9oF8KpwD +WPwdjN6OvFIkfRW+v5y6SLrjH4sZUm2kSIAdDgrZym3ELgUrtus0LMklMzpRiUAuqgRKXoga +DmX/7TrbdZrZPjQi7Pe4jc1A2i8m9xQFcctgcn2IbCxAV9o8wHkmMAOh70SOijMI+kNeyh6r +PiLcRH18EWhv/kdWcRX41wEGhV9RFQObH1CyOBoy5LJIkfITggo4qz4Pa1Z25LM5ma3ajHu8 +6u2TImH/Dx2szQm3FiQ3+zA3WlRQjnN+TbOPvfx0wl+Ve7jDHC0wkW0L5w3c3esUsH1ftk2b +S8hG1RLK3gBSOF0nKPcG0nK7AF0d2sd7FA71ao4PR4de7LE2tABNVDuMWVggwCYL4pfh77VM +kKH7vhA1YWwn7oAo/3ZWoPOWUSJaHJYbb65APjRQ+yVl3ucwl/ok6vrU+YoQZATIcu+kU56e +ZsaJiFyEmv7j9K3sEtjvwkoAYwf5sQmIbtZo+Dux6IisTFNWDQhGSmjfImuoYQ8kLckj2Wx1 +wyv+MIAGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIlSYUQVkU/yqggAR44PWcNvdwIMSxYl/t +ZtCd6BGwHPDRGOKAzsYcRuIWwA2wHQljjqTDiORW7uqVDyiEMDPd2nVXtAbjkZN4sujVbh5q +TNbDUOihMiUn+gXcYq4Go6UD4djqx6K7YT6LIHONtP6zgygeS+EfM/9CaJd/7Z/bfuY4Jcko +BAhb/n3N2DrjfgAAAAAAAAAAAAA= http://git-wip-us.apache.org/repos/asf/james-project/blob/46afd92f/server/mailet/integration-testing/src/test/resources/eml/crypted.eml ---------------------------------------------------------------------- diff --git a/server/mailet/integration-testing/src/test/resources/eml/crypted.eml b/server/mailet/integration-testing/src/test/resources/eml/crypted.eml new file mode 100644 index 0000000..5b70104 --- /dev/null +++ b/server/mailet/integration-testing/src/test/resources/eml/crypted.eml @@ -0,0 +1,29 @@ +To: sender@localdomain +From: sender <sender@localdomain> +Subject: test +Message-ID: <7fe4c217-ab73-d149-9bd0-e6aa3aebfc14@localdomain> +Date: Tue, 3 Jan 2017 16:30:03 +0100 +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 + Thunderbird/45.5.1 +MIME-Version: 1.0 +Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7m" +Content-Description: =?UTF-8?Q?Message_chiffr=c3=a9_S/MIME?= + +MIAGCSqGSIb3DQEHA6CAMIACAQAxggKHMIICgwIBADBrMGYxCzAJBgNVBAYTAkZSMQ8wDQYD +VQQIDAZGcmFuY2UxDTALBgNVBAcMBEx5b24xETAPBgNVBAoMCExpbmFnb3JhMQ4wDAYDVQQL +DAVKYW1lczEUMBIGA1UEAwwLbG9jYWxkb21haW4CAQEwDQYJKoZIhvcNAQEBBQAEggIAjNnW +2EhtDcfG/naGChQPZ2EOiPo5BRabR3dXvLcOPImX97mV51B4sggqpYdUrirD/beRkpbr814i +0LCFbNh3Xm6ojhZGiBHscStNysNjun7MOtUHXs5eDVOthsPVes/YjkHklxtJKH9J7QYwJY/m +L9MgQES2HkALhfqiQDN9UDtn7AE89m70FZfkxJQZSD1NByF7dxiFvhZbd8CFmcV1C0vZRlH9 +opZcVg9AkbDytKO+U4FF9/uGmiIQ99Qng0YqcG7abZqwouJ59yxmKTwrggk1+MyJ0NqB1wVP +w2t1C/8hmvMISiij2bidoTTIYCybwvbuM/35POmDJVsvakLMZLG7aHSKvA+Bj+iR/RBgHHvd +c7UdDMvkH0O8tYDsuAW8uh0H8LkvJ/ZWbOsev8DuAVYTm85Zd8d7islgDqfYmjvPeTHqSSgA +sIFdPikRxtetU3JJKRls2BrKV6gM06++/Su+IFvTMaQYRbiQOeGc0ZfGHtlz3BSAeK32tjZu +OrVrxR+BLP4huBqctvcfgjiqtRB5i06wX4q5v/5UNMq9BAtQEDEhERAoXSOWSu3wvocBWtlX +xY5xw34KoFvsztHewakENjgfBG3ysH031UoOIZD0OvHyQ7BGUiu+lM22rj4Pnp6M2W+V1Jjm +OHmV9siU2YsUBE78Lu+hiOcrbydgptswgAYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAiTtikP +UrH82KCABHhPrx30MofZ4L1e9dmHrvHo32h93dFJpTLqG0E3T8y8Y5fySEu7x3jWtZNIXERs +/SJYDeww9tOi4tjV2z+3OCXMQjy7P9Pzb+sekX9GuVo640q7Z/2F6C1hShqyLVa7eJFZK8Na +1JasVj9lst+HD+A0SBA63Z+90bsECIXa4/tJqoBPAAAAAAAAAAAAAA== http://git-wip-us.apache.org/repos/asf/james-project/blob/46afd92f/server/mailet/integration-testing/src/test/resources/smime.p12 ---------------------------------------------------------------------- diff --git a/server/mailet/integration-testing/src/test/resources/smime.p12 b/server/mailet/integration-testing/src/test/resources/smime.p12 new file mode 100644 index 0000000..9b066d3 Binary files /dev/null and b/server/mailet/integration-testing/src/test/resources/smime.p12 differ --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org