You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bt...@apache.org on 2018/06/26 09:13:16 UTC
[20/20] james-project git commit: JAMES-2437 When the publickey is
missing in the keystore a NPE is thrown
JAMES-2437 When the publickey is missing in the keystore a NPE is thrown
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/b10fa18a
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/b10fa18a
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/b10fa18a
Branch: refs/heads/master
Commit: b10fa18aa252624ce178e064919d92c7929d7d50
Parents: 25e9a11
Author: Gautier DI FOLCO <gd...@linagora.com>
Authored: Thu Jun 21 12:58:44 2018 +0200
Committer: benwa <bt...@linagora.com>
Committed: Tue Jun 26 16:12:07 2018 +0700
----------------------------------------------------------------------
.../jmap/crypto/JamesSignatureHandler.java | 16 ++++++---
.../crypto/JamesSignatureHandlerProvider.java | 33 ++++++++++++-------
.../jmap/crypto/JamesSignatureHandlerTest.java | 17 +++++++++-
.../jmap/src/test/resources/badAliasKeystore | Bin 0 -> 2246 bytes
4 files changed, 50 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/james-project/blob/b10fa18a/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java b/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java
index 5ba69b9..5d3dd4f 100644
--- a/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java
+++ b/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java
@@ -23,11 +23,14 @@ import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
+import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
+import java.security.cert.Certificate;
+import java.util.Optional;
import javax.inject.Inject;
@@ -65,11 +68,16 @@ public class JamesSignatureHandler implements SignatureHandler {
public void init() throws Exception {
KeyStore keystore = KeyStore.getInstance(JKS);
InputStream fis = fileSystem.getResource(jmapConfiguration.getKeystore());
- keystore.load(fis, jmapConfiguration.getSecret().toCharArray());
- publicKey = keystore.getCertificate(ALIAS).getPublicKey();
- Key key = keystore.getKey(ALIAS, jmapConfiguration.getSecret().toCharArray());
+ char[] secret = jmapConfiguration.getSecret().toCharArray();
+ keystore.load(fis, secret);
+ Certificate aliasCertificate = Optional
+ .ofNullable(keystore.getCertificate(ALIAS))
+ .orElseThrow(() -> new KeyStoreException("Alias '" + ALIAS + "' keystore can't be found"));
+
+ publicKey = aliasCertificate.getPublicKey();
+ Key key = keystore.getKey(ALIAS, secret);
if (! (key instanceof PrivateKey)) {
- throw new Exception("Provided key is not a PrivateKey");
+ throw new KeyStoreException("Provided key is not a PrivateKey");
}
privateKey = (PrivateKey) key;
}
http://git-wip-us.apache.org/repos/asf/james-project/blob/b10fa18a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
index b2b84bf..c531581 100644
--- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
+++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java
@@ -27,8 +27,10 @@ import java.util.Optional;
import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.jmap.JMAPConfiguration;
+import org.apache.james.jmap.JMAPConfiguration.Builder;
public class JamesSignatureHandlerProvider {
+
private static final String JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlChO/nlVP27MpdkG0Bh\n" +
"16XrMRf6M4NeyGa7j5+1UKm42IKUf3lM28oe82MqIIRyvskPc11NuzSor8HmvH8H\n" +
@@ -39,11 +41,29 @@ public class JamesSignatureHandlerProvider {
"kwIDAQAB\n" +
"-----END PUBLIC KEY-----";
+ public JamesSignatureHandlerProvider() {
+ }
+
public JamesSignatureHandler provide() throws Exception {
- FileSystem fileSystem = new FileSystem() {
+ JamesSignatureHandler signatureHandler = new JamesSignatureHandler(newFileSystem(),
+ newConfigurationBuilder().build());
+ signatureHandler.init();
+ return signatureHandler;
+ }
+
+ public static Builder newConfigurationBuilder() {
+ return JMAPConfiguration.builder()
+ .enable()
+ .keystore("keystore")
+ .secret("james72laBalle")
+ .jwtPublicKeyPem(Optional.of(JWT_PUBLIC_KEY));
+ }
+
+ public static FileSystem newFileSystem() {
+ return new FileSystem() {
@Override
public InputStream getResource(String url) throws IOException {
- return ClassLoader.getSystemResourceAsStream("keystore");
+ return ClassLoader.getSystemResourceAsStream(url);
}
@Override
@@ -56,15 +76,6 @@ public class JamesSignatureHandlerProvider {
return null;
}
};
- JamesSignatureHandler signatureHandler = new JamesSignatureHandler(fileSystem,
- JMAPConfiguration.builder()
- .enable()
- .keystore("keystore")
- .secret("james72laBalle")
- .jwtPublicKeyPem(Optional.of(JWT_PUBLIC_KEY))
- .build());
- signatureHandler.init();
- return signatureHandler;
}
}
http://git-wip-us.apache.org/repos/asf/james-project/blob/b10fa18a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java
index 7aec75f..e885f41 100644
--- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java
+++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java
@@ -21,6 +21,9 @@ package org.apache.james.jmap.crypto;
import static org.assertj.core.api.Assertions.assertThat;
+import java.security.KeyStoreException;
+
+import org.apache.james.jmap.JMAPConfiguration;
import org.junit.Before;
import org.junit.Test;
@@ -34,7 +37,19 @@ public class JamesSignatureHandlerTest {
@Before
public void setUp() throws Exception {
- signatureHandler = new JamesSignatureHandlerProvider().provide();
+ signatureHandler = new JamesSignatureHandlerProvider().provide();
+ }
+
+ @Test(expected = KeyStoreException.class)
+ public void initShouldThrowOnUnknownKeystore() throws Exception {
+ JMAPConfiguration jmapConfiguration = JamesSignatureHandlerProvider.newConfigurationBuilder()
+ .keystore("badAliasKeystore")
+ .secret("password")
+ .build();
+
+ JamesSignatureHandler signatureHandler = new JamesSignatureHandler(JamesSignatureHandlerProvider.newFileSystem(),
+ jmapConfiguration);
+ signatureHandler.init();
}
@Test
http://git-wip-us.apache.org/repos/asf/james-project/blob/b10fa18a/server/protocols/jmap/src/test/resources/badAliasKeystore
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/test/resources/badAliasKeystore b/server/protocols/jmap/src/test/resources/badAliasKeystore
new file mode 100644
index 0000000..0a4de22
Binary files /dev/null and b/server/protocols/jmap/src/test/resources/badAliasKeystore differ
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org