You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by ba...@apache.org on 2010/09/13 21:42:41 UTC
svn commit: r996664 - in /james/jdkim/trunk/main/src:
main/java/org/apache/james/jdkim/DKIMVerifier.java
main/java/org/apache/james/jdkim/tagvalue/SignatureRecordImpl.java
test/resources/org/apache/james/jdkim/corpus/FAIL_illegalargumentexception.eml
Author: bago
Date: Mon Sep 13 19:42:40 2010
New Revision: 996664
URL: http://svn.apache.org/viewvc?rev=996664&view=rev
Log:
Catch IllegalArgumentExceptions on signature parsing (validation) and throws a permerror with a meaningfull description (DKIM-20)
Added:
james/jdkim/trunk/main/src/test/resources/org/apache/james/jdkim/corpus/FAIL_illegalargumentexception.eml
Modified:
james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java
james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/tagvalue/SignatureRecordImpl.java
Modified: james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java
URL: http://svn.apache.org/viewvc/james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java?rev=996664&r1=996663&r2=996664&view=diff
==============================================================================
--- james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java (original)
+++ james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java Mon Sep 13 19:42:40 2010
@@ -140,6 +140,8 @@ public class DKIMVerifier extends DKIMCo
"AUID in subdomain of SDID is not allowed by the public key record.", sign.getIdentity().toString());
}
}
+ } catch (IllegalArgumentException e) {
+ throw new PermFailException("Invalid public key: "+e.getMessage(), sign.getIdentity().toString());
} catch (IllegalStateException e) {
throw new PermFailException("Invalid public key: "+e.getMessage(), sign.getIdentity().toString());
}
@@ -213,11 +215,11 @@ public class DKIMVerifier extends DKIMCo
Message message;
try {
message = new Message(is);
- try {
- return verify(message, message.getBodyInputStream());
- } finally {
- message.dispose();
- }
+ try {
+ return verify(message, message.getBodyInputStream());
+ } finally {
+ message.dispose();
+ }
} catch (MimeException e1) {
throw new PermFailException("Mime parsing exception: "
+ e1.getMessage(), e1);
@@ -267,7 +269,7 @@ public class DKIMVerifier extends DKIMCo
// validate
signatureRecord.validate();
} catch (IllegalStateException e) {
- throw new PermFailException(e.getMessage());
+ throw new PermFailException("Invalid signature record: "+e.getMessage(), e);
}
// Specification say we MAY refuse to verify the signature.
Modified: james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/tagvalue/SignatureRecordImpl.java
URL: http://svn.apache.org/viewvc/james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/tagvalue/SignatureRecordImpl.java?rev=996664&r1=996663&r2=996664&view=diff
==============================================================================
--- james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/tagvalue/SignatureRecordImpl.java (original)
+++ james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/tagvalue/SignatureRecordImpl.java Mon Sep 13 19:42:40 2010
@@ -64,7 +64,15 @@ public class SignatureRecordImpl extends
+ getValue("v"));
if (getValue("h").length() == 0)
throw new IllegalStateException("Tag h= cannot be empty.");
- if (!getIdentity().toString().toLowerCase().endsWith(
+
+ CharSequence identity;
+ try {
+ identity = getIdentity();
+ } catch (IllegalArgumentException e) {
+ throw new IllegalStateException("Identity (i=) declaration cannot be parsed. Probably due to missing quoted printable encoding", e);
+ }
+
+ if (!identity.toString().toLowerCase().endsWith(
("@" + getValue("d")).toLowerCase())
&& !getIdentity().toString().toLowerCase().endsWith(
("." + getValue("d")).toLowerCase()))
@@ -141,6 +149,12 @@ public class SignatureRecordImpl extends
return identity.subSequence(0, pAt);
}
+ /**
+ * This may throws IllegalArgumentException on invalid "i" content,
+ * but should always happen during validation!
+ *
+ * @see org.apache.james.jdkim.api.SignatureRecord#getIdentity()
+ */
public CharSequence getIdentity() {
return dkimQuotedPrintableDecode(getValue("i"));
}
Added: james/jdkim/trunk/main/src/test/resources/org/apache/james/jdkim/corpus/FAIL_illegalargumentexception.eml
URL: http://svn.apache.org/viewvc/james/jdkim/trunk/main/src/test/resources/org/apache/james/jdkim/corpus/FAIL_illegalargumentexception.eml?rev=996664&view=auto
==============================================================================
--- james/jdkim/trunk/main/src/test/resources/org/apache/james/jdkim/corpus/FAIL_illegalargumentexception.eml (added)
+++ james/jdkim/trunk/main/src/test/resources/org/apache/james/jdkim/corpus/FAIL_illegalargumentexception.eml Mon Sep 13 19:42:40 2010
@@ -0,0 +1,8 @@
+DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ci; d=mail00.mothernature.com;
+ i=verpprefix-marianlock=40myway.com-41-=-bounce@mail00.mothernature.com;
+ h=content-type:mime-version:subject:reply-to:to:from:date:message-id;
+ bh=ekMAA3CEnMULLuaou7f1rwNKOWE=;
+ b=RitHFsttMnawzJ+R3MxiUQBLbLGIiNiKg/eYQauu6nykqV56zHW9ra4yXt3a5r3P5KZYkunzuvqeGH/YJn9OIg==;
+Subject: IllegalArgumentException on invalid i attribute qp encoding.
+
+Mangled body.
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org