use of com.axway.ats.action.model.ActionException in project ats-framework by Axway.
the class SMimePackageEncryptor method sign.
@PublicAtsApi
public Package sign(Package sourcePackage) throws ActionException {
try {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
KeyStore ks = getKeystore();
// TODO wrap exception with possible causes and add some hint
PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray());
// Get whole certificate chain
Certificate[] certArr = ks.getCertificateChain(aliasOrCN);
// Pre 4.0.6 behavior was not to attach full cert. chain X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN);
if (certArr.length >= 1) {
LOG.debug("Found certificate of alias: " + aliasOrCN + ". Lenght of cert chain: " + certArr.length + ", child cert:" + certArr[0].toString());
}
X509Certificate childCert = (X509Certificate) certArr[0];
/* Create the SMIMESignedGenerator */
ASN1EncodableVector attributes = new ASN1EncodableVector();
attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name(childCert.getIssuerDN().getName()), childCert.getSerialNumber())));
SMIMECapabilityVector capabilities = new SMIMECapabilityVector();
capabilities.addCapability(SMIMECapability.aES128_CBC);
capabilities.addCapability(SMIMECapability.dES_EDE3_CBC);
capabilities.addCapability(SMIMECapability.rC2_CBC, 128);
capabilities.addCapability(SMIMECapability.dES_CBC);
attributes.add(new SMIMECapabilitiesAttribute(capabilities));
if (signatureAlgorithm == null) {
// not specified explicitly
// TODO check defaults to be used
signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
}
SMIMESignedGenerator signer = new SMIMESignedGenerator();
JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder();
signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes));
signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey, childCert));
/* Add the list of certs to the generator */
List<X509Certificate> certList = new ArrayList<X509Certificate>();
for (int i = 0; i < certArr.length; i++) {
// first add child cert, and CAs
certList.add((X509Certificate) certArr[i]);
}
Store<?> certs = new JcaCertStore(certList);
signer.addCertificates(certs);
/* Sign the message */
Session session = Session.getDefaultInstance(System.getProperties(), null);
MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage));
MimeMessage signedMessage = new MimeMessage(session);
/* Set all original MIME headers in the signed message */
Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines();
while (headers.hasMoreElements()) {
signedMessage.addHeaderLine((String) headers.nextElement());
}
/* Set the content of the signed message */
signedMessage.setContent(mm);
signedMessage.saveChanges();
return new MimePackage(signedMessage);
} catch (Exception e) {
throw new ActionException(EXCEPTION_WHILE_SIGNING, e);
}
}
use of com.axway.ats.action.model.ActionException in project ats-framework by Axway.
the class MailSender method send.
/**
* Sends a MIME package by invoking the following actions:
*
* <blockquote> 1. Tags the package, this can be later used for IMAP verification<br>
* 2. Sings the package when a signer is specified<br>
* 3. Encrypts the package when a encryptor is specified<br>
* 4. Sends it </blockquote>
*
* @see com.axway.ats.action.model.PackageSender#send(com.axway.ats.action.objects.model.Package)
*/
@Override
@PublicAtsApi
public void send(Package sourcePackage) throws ActionException {
if (!(sourcePackage instanceof MimePackage)) {
throw new WrongPackageException("Could not send '" + sourcePackage.getClass().getSimpleName() + "' packages. " + MimePackage.class.getSimpleName() + " is expected");
}
// initialize the SMTP session
initSession();
MimePackage mimePackage = (MimePackage) sourcePackage;
// tag the package
mimePackage.tag();
// sign the package if needed
mimePackage = sign(mimePackage);
// encrypt the package if needed
mimePackage = encrypt(mimePackage);
// then send
final DELIVERY_STATE messageDeliveryState;
try {
log.info("Connect to mail server " + mailHost + " at port " + mailPort);
Object messageSendingMutex = new Object();
MailTransportListener transListener = new MailTransportListener(messageSendingMutex);
transport.addTransportListener(transListener);
transport.connect();
log.info("Sending " + mimePackage.getDescription());
transport.sendMessage(mimePackage.getMimeMessage(), extractAllRecipients(mimePackage));
synchronized (messageSendingMutex) {
/*
* Wait some time for message delivery.
*
* We are either notified by the mail transport listener when the send has finished(successfully or not)
* or we have reached the wait timeout
*/
messageSendingMutex.wait(configurator.getMailTimeout());
}
messageDeliveryState = transListener.getDeliveryState();
transport.close();
transport.removeTransportListener(transListener);
} catch (MessagingException e) {
throw new ActionException("Could not send package via SMTP to host '" + mailHost + "' and port " + mailPort, e);
} catch (InterruptedException e) {
throw new ActionException("Could not send package", e);
}
// evaluate the mail send result
if (messageDeliveryState == DELIVERY_STATE.DELIVERED) {
log.info(mimePackage.getDescription() + " " + messageDeliveryState);
} else {
throw new ActionException("Result of sending " + mimePackage.getDescription() + ": " + messageDeliveryState.toString());
}
}
use of com.axway.ats.action.model.ActionException in project ats-framework by Axway.
the class SMimePackageEncryptor method checkSignature.
@SuppressWarnings("unchecked")
private boolean checkSignature(Package sourcePackage, String keystoreLocation, String keystorePassword, String keystoreAlias) throws ActionException {
// for connection management to IMAP store
boolean storeReconnected = false;
if (sourcePackage instanceof MimePackage) {
try {
storeReconnected = ((MimePackage) sourcePackage).reconnectStoreIfClosed();
} catch (MessagingException ex) {
throw new ActionException("Could not reopen IMAP connection", ex);
}
}
SMIMESigned signedMessage = getSMIMESignedMessage(sourcePackage);
if (signedMessage == null) {
throw new ActionException("The message is not signed");
}
try {
// retrieve SignerInformation blocks which contains the signatures
SignerInformationStore signers = signedMessage.getSignerInfos();
Iterator<SignerInformation> it = signers.getSigners().iterator();
if (keystoreLocation == null) {
// extract public keys from the signature
// a Store containing the public key certificates passed in the signature
Store<?> certs = signedMessage.getCertificates();
// Note: mail could be signed by multiple users. Currently we search for one/first signature match
while (it.hasNext()) {
SignerInformation signer = it.next();
// extract the certificate for current signature - with first certificate only
Iterator<?> certIt = certs.getMatches(signer.getSID()).iterator();
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate((X509CertificateHolder) certIt.next());
// verify that the signature is correct and generated with the current certificate
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(cert))) {
return true;
}
}
LOG.debug("No suitable public key found in the signature to verify it.");
} else {
// load public key from the certificate store file
KeyStore ks;
ks = KeyStore.getInstance(PKCS12_KEYSTORE_TYPE, BouncyCastleProvider.PROVIDER_NAME);
ks.load(new FileInputStream(keystoreLocation), keystorePassword.toCharArray());
String keyAlias = null;
if (keystoreAlias == null) {
Enumeration<String> aliases = ks.aliases();
keyAlias = aliases.nextElement();
} else {
keyAlias = keystoreAlias;
}
while (it.hasNext()) {
X509Certificate cert = (X509Certificate) ks.getCertificate(keyAlias);
Key publicKey = cert.getPublicKey();
if (publicKey == null) {
throw new Exception("The key for alias '" + keyAlias + "' was not found in keystore '" + keystoreLocation + "'");
}
// verify that the signature is correct and generated with the provided certificate
if (it.next().verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(cert))) {
return true;
}
}
LOG.debug("Could not verify the signature with the public key alias: " + keyAlias);
}
return false;
} catch (Exception e) {
throw new ActionException(SIGNATURE_EXCEPTION, e);
} finally {
if (storeReconnected) {
// and sourcePackage should be instanceof MimePackage
try {
((MimePackage) sourcePackage).closeStoreConnection(false);
} catch (MessagingException ex) {
// do not hide possible exception thrown in catch block
LOG.debug(ex);
}
}
}
}
Aggregations