Search in sources :

Example 1 with JceKeyTransRecipientId

use of org.bouncycastle.cms.jcajce.JceKeyTransRecipientId in project ats-framework by Axway.

the class SMimePackageEncryptor method decrypt.

@PublicAtsApi
public Package decrypt(Package sourcePackage) throws ActionException {
    // for connection management to IMAP store
    boolean storeReconnected = false;
    if (sourcePackage instanceof MimePackage) {
        try {
            storeReconnected = ((MimePackage) sourcePackage).reconnectStoreIfClosed();
        } catch (MessagingException ex) {
            throw new ActionException("Could not reopen IMAP connection", ex);
        }
    }
    try {
        KeyStore ks = getKeystore();
        RecipientId recId = new JceKeyTransRecipientId((X509Certificate) ks.getCertificate(aliasOrCN));
        MimeMessage msg = getMimeMessage(sourcePackage);
        SMIMEEnveloped m = new SMIMEEnveloped(msg);
        RecipientInformationStore recipients = m.getRecipientInfos();
        RecipientInformation recipient = recipients.get(recId);
        PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray());
        JceKeyTransRecipient jceKey = new JceKeyTransEnvelopedRecipient(privateKey).setProvider(BouncyCastleProvider.PROVIDER_NAME);
        MimeBodyPart result = null;
        try {
            result = SMIMEUtil.toMimeBodyPart(recipient.getContent(jceKey));
            if (LOG.isDebugEnabled()) {
                LOG.debug("Successfully decrypted message with subject '" + msg.getSubject() + "' with private key alias: " + aliasOrCN);
            }
        } catch (SMIMEException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Could not decrypt message with subject '" + sourcePackage.getSubject() + "' with private key alias '" + aliasOrCN + "'", e);
            }
        }
        SMIMESigned signedMessage = null;
        MimeMessage decryptedMsg = new MimeMessage(Session.getInstance(new Properties()));
        if (result != null) {
            Object content = result.getContent();
            Enumeration<?> hLineEnum = msg.getAllHeaderLines();
            while (hLineEnum.hasMoreElements()) {
                decryptedMsg.addHeaderLine((String) hLineEnum.nextElement());
            }
            decryptedMsg.setContent(content, result.getContentType());
            // in order getPlainTextBody getHtmlTextBody to work as they do not work with attachments
            decryptedMsg.removeHeader("Content-Disposition");
            // check if the message is signed
            try {
                if (content instanceof MimeMultipart) {
                    MimeMultipart multipartContent = (MimeMultipart) content;
                    if (multipartContent.getContentType() != null && multipartContent.getContentType().toLowerCase().contains(CONTENT_TYPE_MULTIPART_SIGNED)) {
                        signedMessage = new SMIMESigned(multipartContent);
                    }
                } else if (content instanceof SMIMESigned) {
                    signedMessage = (SMIMESigned) content;
                } else if (content instanceof BASE64DecoderStream) {
                    // com.sun.mail.util.BASE64DecoderStream - JavaMail API dependency. Seems still available
                    // in JavaMail 2.0 so not an issue if using other non-Oracle/OpenJDK JVMs
                    // will throw exception if not signed
                    signedMessage = new SMIMESigned(decryptedMsg);
                }
            } catch (Exception e) {
            // the message is not signed
            // log.debug( "Could not construct signed message instance", e );
            }
        }
        if (signedMessage != null) {
            // remove signature from the message
            decryptedMsg.setContent(signedMessage.getContent().getContent(), signedMessage.getContent().getContentType());
            MimePackage mimePackage = new MimePackage(decryptedMsg);
            // keep the SMIMESigned message for further signature verification
            mimePackage.setSMIMESignedMessage(signedMessage);
            return mimePackage;
        }
        return new MimePackage(decryptedMsg);
    } catch (Exception e) {
        throw new ActionException(DECRYPTION_EXCEPTION, e);
    } finally {
        if (storeReconnected) {
            // and sourcePackage should be instanceof MimePackage
            try {
                ((MimePackage) sourcePackage).closeStoreConnection(true);
            } catch (MessagingException ex) {
                // do not hide possible exception thrown in catch block
                LOG.debug(ex);
            }
        }
    }
}
Also used : JceKeyTransRecipient(org.bouncycastle.cms.jcajce.JceKeyTransRecipient) SMIMESigned(org.bouncycastle.mail.smime.SMIMESigned) JceKeyTransRecipientId(org.bouncycastle.cms.jcajce.JceKeyTransRecipientId) RecipientId(org.bouncycastle.cms.RecipientId) PrivateKey(java.security.PrivateKey) MessagingException(javax.mail.MessagingException) BASE64DecoderStream(com.sun.mail.util.BASE64DecoderStream) JceKeyTransRecipientId(org.bouncycastle.cms.jcajce.JceKeyTransRecipientId) ActionException(com.axway.ats.action.model.ActionException) JceKeyTransEnvelopedRecipient(org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient) Properties(java.util.Properties) KeyStore(java.security.KeyStore) SMIMEEnveloped(org.bouncycastle.mail.smime.SMIMEEnveloped) MessagingException(javax.mail.MessagingException) ActionException(com.axway.ats.action.model.ActionException) SMIMEException(org.bouncycastle.mail.smime.SMIMEException) MimePackage(com.axway.ats.action.objects.MimePackage) RecipientInformation(org.bouncycastle.cms.RecipientInformation) MimeMessage(javax.mail.internet.MimeMessage) MimeMultipart(javax.mail.internet.MimeMultipart) RecipientInformationStore(org.bouncycastle.cms.RecipientInformationStore) SMIMEException(org.bouncycastle.mail.smime.SMIMEException) MimeBodyPart(javax.mail.internet.MimeBodyPart) PublicAtsApi(com.axway.ats.common.PublicAtsApi)

Aggregations

ActionException (com.axway.ats.action.model.ActionException)1 MimePackage (com.axway.ats.action.objects.MimePackage)1 PublicAtsApi (com.axway.ats.common.PublicAtsApi)1 BASE64DecoderStream (com.sun.mail.util.BASE64DecoderStream)1 KeyStore (java.security.KeyStore)1 PrivateKey (java.security.PrivateKey)1 Properties (java.util.Properties)1 MessagingException (javax.mail.MessagingException)1 MimeBodyPart (javax.mail.internet.MimeBodyPart)1 MimeMessage (javax.mail.internet.MimeMessage)1 MimeMultipart (javax.mail.internet.MimeMultipart)1 RecipientId (org.bouncycastle.cms.RecipientId)1 RecipientInformation (org.bouncycastle.cms.RecipientInformation)1 RecipientInformationStore (org.bouncycastle.cms.RecipientInformationStore)1 JceKeyTransEnvelopedRecipient (org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient)1 JceKeyTransRecipient (org.bouncycastle.cms.jcajce.JceKeyTransRecipient)1 JceKeyTransRecipientId (org.bouncycastle.cms.jcajce.JceKeyTransRecipientId)1 SMIMEEnveloped (org.bouncycastle.mail.smime.SMIMEEnveloped)1 SMIMEException (org.bouncycastle.mail.smime.SMIMEException)1 SMIMESigned (org.bouncycastle.mail.smime.SMIMESigned)1