diff --git a/pom.xml b/pom.xml
index 79d263d..8d52dd0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,11 +44,16 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
org.bouncycastle
- bcmail-jdk16
- 1.46
+ bcmail-jdk15on
+ 1.50
- javax.mail
+ org.bouncycastle
+ bcprov-jdk15on
+ 1.50
+
+
+ javax.mail
mail
1.4.4
compile
@@ -62,8 +67,8 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
maven-compiler-plugin
2.3.2
-
- 1.6
+
+ 1.7
false
diff --git a/src/main/java/de/communardo/jdi/bcsmime_demo/SMIMEDecrypt.java b/src/main/java/info/dittberner/bcsmime_demo/SMIMEDecrypt.java
similarity index 95%
rename from src/main/java/de/communardo/jdi/bcsmime_demo/SMIMEDecrypt.java
rename to src/main/java/info/dittberner/bcsmime_demo/SMIMEDecrypt.java
index e5e2023..d6abb0c 100644
--- a/src/main/java/de/communardo/jdi/bcsmime_demo/SMIMEDecrypt.java
+++ b/src/main/java/info/dittberner/bcsmime_demo/SMIMEDecrypt.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011 Jan Dittberner
+ * Copyright (c) 2011-2014 Jan Dittberner
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
@@ -20,17 +20,7 @@
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package de.communardo.jdi.bcsmime_demo;
-
-import java.io.ByteArrayInputStream;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.Enumeration;
-
-import javax.mail.MessagingException;
-import javax.mail.Session;
-import javax.mail.internet.MimeMessage;
+package info.dittberner.bcsmime_demo;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
@@ -38,6 +28,14 @@ import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
+import javax.mail.Session;
+import javax.mail.internet.MimeMessage;
+import java.io.ByteArrayInputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
/**
* S/MIME encryption using the new BouncyCastle 1.46 APIs.
*
@@ -66,7 +64,7 @@ public class SMIMEDecrypt {
* if an error occurs
*/
public MimeMessage decryptMessage(MimeMessage encrypted)
- throws MessagingException, Exception {
+ throws Exception {
SMIMEEnveloped message = new SMIMEEnveloped(encrypted);
RecipientInformationStore recinfos = message.getRecipientInfos();
diff --git a/src/main/java/de/communardo/jdi/bcsmime_demo/SMIMEEncrypt.java b/src/main/java/info/dittberner/bcsmime_demo/SMIMEEncrypt.java
similarity index 79%
rename from src/main/java/de/communardo/jdi/bcsmime_demo/SMIMEEncrypt.java
rename to src/main/java/info/dittberner/bcsmime_demo/SMIMEEncrypt.java
index c3f65a1..59b84ed 100644
--- a/src/main/java/de/communardo/jdi/bcsmime_demo/SMIMEEncrypt.java
+++ b/src/main/java/info/dittberner/bcsmime_demo/SMIMEEncrypt.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011 Jan Dittberner
+ * Copyright (c) 2011-2014 Jan Dittberner
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
@@ -20,32 +20,28 @@
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package de.communardo.jdi.bcsmime_demo;
+package info.dittberner.bcsmime_demo;
-import java.security.KeyStore;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.Certificate;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.List;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.RSAESOAEPparams;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.cms.CMSAlgorithm;
+import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
+import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
+import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
+import org.bouncycastle.operator.OutputEncryptor;
import javax.mail.Address;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
-
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.RecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
-import org.bouncycastle.operator.OutputEncryptor;
+import java.security.KeyStore;
+import java.security.cert.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.List;
/**
* S/MIME encryption using the new BouncyCastle 1.46 APIs.
@@ -57,12 +53,11 @@ public class SMIMEEncrypt {
/**
* Creates a new SMIMEEncrypt instance.
- *
- * @param keystore
- * key store to use for recipient certificates
+ *
+ * @param keystore key store to use for recipient certificates
*/
public SMIMEEncrypt(KeyStore keystore) {
- List certificates = new ArrayList();
+ List certificates = new ArrayList<>();
try {
Enumeration aliases = keystore.aliases();
@@ -85,19 +80,19 @@ public class SMIMEEncrypt {
/**
* Encrypts a MimeMessage to all its recipients.
*
- * @param message
- * MIME message to encrypt
+ * @param message MIME message to encrypt
* @return encrypted S/MIME message
- * @throws Exception
- * if an error occurs
+ * @throws Exception if an error occurs
*/
public MimeMessage encryptMessage(MimeMessage message) throws Exception {
SMIMEEnvelopedGenerator smeg = new SMIMEEnvelopedGenerator();
for (Address recipient : message.getAllRecipients()) {
Collection extends Certificate> certificates = getCertificates((InternetAddress) recipient);
for (Certificate cert : certificates) {
- RecipientInfoGenerator recipientInfoGen = new JceKeyTransRecipientInfoGenerator(
- (X509Certificate) cert);
+ RSAESOAEPparams params = new RSAESOAEPparams();
+ AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, params);
+ JceKeyTransRecipientInfoGenerator recipientInfoGen = new JceKeyTransRecipientInfoGenerator((X509Certificate) cert, algorithmIdentifier);
+ recipientInfoGen.setAlgorithmMapping(PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA/OAEP");
smeg.addRecipientInfoGenerator(recipientInfoGen);
}
}
@@ -113,12 +108,10 @@ public class SMIMEEncrypt {
/**
* Helper method for getting certificates from a keystore.
- *
- * @param recipient
- * recipient address
+ *
+ * @param recipient recipient address
* @return X.509 certificate for recipient
- * @throws Exception
- * if an error occurs
+ * @throws Exception if an error occurs
*/
private Collection extends Certificate> getCertificates(
InternetAddress recipient) throws Exception {
diff --git a/src/main/java/info/dittberner/jcajceprovidertest/sectest/ListAlgorithmNames.java b/src/main/java/info/dittberner/jcajceprovidertest/sectest/ListAlgorithmNames.java
new file mode 100644
index 0000000..06a96e4
--- /dev/null
+++ b/src/main/java/info/dittberner/jcajceprovidertest/sectest/ListAlgorithmNames.java
@@ -0,0 +1,27 @@
+package info.dittberner.jcajceprovidertest.sectest;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * Utility to list all available Security providers and their implemented algorithm names.
+ *
+ * @author Jan Dittberner <jan.dittberner@t-systems.com
* & g t ;
*/
public class EncryptDecryptTest extends TestCase {
+ String[][] testEntries = new String[][]{
+ new String[]{"test1", "testrecpt1@example.org", "Test Recipient 1"},
+ new String[]{"test2", "testrecpt2@example.org", "Test Recipient 2"}
+ };
private KeyStore keystore;
+ private class KeyEntryData {
+ private final X509CertificateHolder certificateHolder;
+ KeyPair keyPair;
+
+ private KeyEntryData(KeyPairGenerator kpg, String address) throws CertIOException, OperatorCreationException {
+ this.keyPair = kpg.generateKeyPair();
+
+ X500Name issuer = new X500Name(
+ String.format("CN=Test Recipient,emailAddress=%s", address));
+ //noinspection UnnecessaryLocalVariable
+ X500Name subject = issuer;
+ X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
+ issuer, BigInteger.valueOf(System.currentTimeMillis()),
+ new Date(System.currentTimeMillis() - 50000), new Date(
+ System.currentTimeMillis() + 50000), subject,
+ keyPair.getPublic());
+ certificateBuilder.addExtension(Extension.basicConstraints, true,
+ new BasicConstraints(true));
+ certificateBuilder.addExtension(Extension.keyUsage, true,
+ new KeyUsage(KeyUsage.digitalSignature
+ | KeyUsage.keyEncipherment));
+ certificateBuilder.addExtension(Extension.extendedKeyUsage, true,
+ new ExtendedKeyUsage(KeyPurposeId.id_kp_emailProtection));
+ certificateBuilder.addExtension(Extension.subjectAlternativeName,
+ false, new GeneralNames(new GeneralName(
+ GeneralName.rfc822Name, address)));
+
+ ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA")
+ .build(keyPair.getPrivate());
+ this.certificateHolder = certificateBuilder.build(signer);
+ }
+
+ private Certificate getCertificate() throws CertificateException, CertIOException, OperatorCreationException {
+ return (new JcaX509CertificateConverter()).getCertificate(certificateHolder);
+ }
+ }
+
/**
* {@inheritDoc}
- *
+ *
* @see junit.framework.TestCase#setUp()
*/
@Override
@@ -86,35 +122,12 @@ public class EncryptDecryptTest extends TestCase {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
- KeyPair keypair = kpg.generateKeyPair();
- X500Name issuer = new X500Name(
- "CN=Test Recipient,emailAddress=testrecpt@example.org");
- X500Name subject = issuer;
- X509v3CertificateBuilder certbuilder = new JcaX509v3CertificateBuilder(
- issuer, BigInteger.valueOf(System.currentTimeMillis()),
- new Date(System.currentTimeMillis() - 50000), new Date(
- System.currentTimeMillis() + 50000), subject,
- keypair.getPublic());
- certbuilder.addExtension(X509Extension.basicConstraints, true,
- new BasicConstraints(true));
- certbuilder.addExtension(X509Extension.keyUsage, true,
- new KeyUsage(KeyUsage.digitalSignature
- | KeyUsage.keyEncipherment));
- certbuilder.addExtension(X509Extension.extendedKeyUsage, true,
- new ExtendedKeyUsage(KeyPurposeId.id_kp_emailProtection));
- certbuilder.addExtension(X509Extension.subjectAlternativeName,
- false, new GeneralNames(new GeneralName(
- GeneralName.rfc822Name, "testrecpt@example.org")));
+ for (String[] entry : testEntries) {
+ KeyEntryData keyEntryData = new KeyEntryData(kpg, entry[1]);
+ keystore.setKeyEntry(entry[0], keyEntryData.keyPair.getPrivate(), "changeit".toCharArray(), new Certificate[]{keyEntryData.getCertificate()});
+ }
- ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA")
- .build(keypair.getPrivate());
- X509CertificateHolder certholder = certbuilder.build(signer);
-
- keystore.setKeyEntry("test", keypair.getPrivate(), "changeit"
- .toCharArray(),
- new Certificate[] { (new JcaX509CertificateConverter())
- .getCertificate(certholder) });
}
}
@@ -137,11 +150,10 @@ public class EncryptDecryptTest extends TestCase {
}
/**
- * Creates a new MimeMessage with one Bodypart.
- *
+ * Creates a new MimeMessage with one body part.
+ *
* @return MimeMessage instance
- * @throws MessagingException
- * on error creating the message
+ * @throws MessagingException on error creating the message
*/
private MimeMessage getNewMultipartMessage() throws MessagingException,
IOException {
@@ -149,14 +161,15 @@ public class EncryptDecryptTest extends TestCase {
.getProperties()));
message.setFrom(new InternetAddress("testsender@example.org",
"Test Sender"));
- message.addRecipient(RecipientType.TO, new InternetAddress(
- "testrecpt@example.org", "Test Recipient"));
+ for (String[] entry : testEntries) {
+ message.addRecipient(RecipientType.TO, new InternetAddress(entry[1], entry[2]));
+ }
message.setSubject("Test subject");
Multipart multipart = new MimeMultipart();
- BodyPart textpart = new MimeBodyPart();
- textpart.setText("Das ist ein Text");
- multipart.addBodyPart(textpart);
+ BodyPart textPart = new MimeBodyPart();
+ textPart.setText("Das ist ein Text");
+ multipart.addBodyPart(textPart);
message.setContent(multipart);
return message;
}
-}
+}
\ No newline at end of file