jan/bcsmime_demo
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

rename packages

Browse source
This commit is contained in:
Jan Dittberner 2014-10-12 14:23:08 +02:00
parent f60f53a70f
commit a1245cf4ae
5 changed files with 158 additions and 122 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pom.xml
View file

@ -44,11 +44,16 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.bouncycastle</groupId> <groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk16</artifactId> <artifactId>bcmail-jdk15on</artifactId>
<version>1.46</version> <version>1.50</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>javax.mail</groupId> <groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.50</version>
</dependency>
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId> <artifactId>mail</artifactId>
<version>1.4.4</version> <version>1.4.4</version>
<scope>compile</scope> <scope>compile</scope>
@ -62,8 +67,8 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
<artifactId>maven-compiler-plugin</artifactId> <artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version> <version>2.3.2</version>
<configuration> <configuration>
<source>1.6</source> <source>1.7</source>
<target>1.6</target> <target>1.7</target>
<showDeprecation>false</showDeprecation> <showDeprecation>false</showDeprecation>
<!--<encoding>UTF-8</encoding>--> <!--<encoding>UTF-8</encoding>-->

24
src/main/java/de/communardo/jdi/bcsmime_demo/SMIMEDecrypt.java → src/main/java/info/dittberner/bcsmime_demo/SMIMEDecrypt.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2011 Jan Dittberner * Copyright (c) 2011-2014 Jan Dittberner
* *
* Permission is hereby granted, free of charge, to any person obtaining * Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the * a copy of this software and associated documentation files (the
@ -20,17 +20,7 @@
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
package de.communardo.jdi.bcsmime_demo; package info.dittberner.bcsmime_demo;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import org.bouncycastle.cms.RecipientInformation; import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore; import org.bouncycastle.cms.RecipientInformationStore;
@ -38,6 +28,14 @@ import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId; import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.mail.smime.SMIMEEnveloped; import org.bouncycastle.mail.smime.SMIMEEnveloped;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
/** /**
* S/MIME encryption using the new BouncyCastle 1.46 APIs. * S/MIME encryption using the new BouncyCastle 1.46 APIs.
* *
@ -66,7 +64,7 @@ public class SMIMEDecrypt {
* if an error occurs * if an error occurs
*/ */
public MimeMessage decryptMessage(MimeMessage encrypted) public MimeMessage decryptMessage(MimeMessage encrypted)
throws MessagingException, Exception { throws Exception {
SMIMEEnveloped message = new SMIMEEnveloped(encrypted); SMIMEEnveloped message = new SMIMEEnveloped(encrypted);
RecipientInformationStore recinfos = message.getRecipientInfos(); RecipientInformationStore recinfos = message.getRecipientInfos();

65
src/main/java/de/communardo/jdi/bcsmime_demo/SMIMEEncrypt.java → src/main/java/info/dittberner/bcsmime_demo/SMIMEEncrypt.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2011 Jan Dittberner * Copyright (c) 2011-2014 Jan Dittberner
* *
* Permission is hereby granted, free of charge, to any person obtaining * Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the * a copy of this software and associated documentation files (the
@ -20,32 +20,28 @@
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
package de.communardo.jdi.bcsmime_demo; package info.dittberner.bcsmime_demo;
import java.security.KeyStore; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import java.security.cert.CertStore; import org.bouncycastle.asn1.pkcs.RSAESOAEPparams;
import java.security.cert.CertStoreParameters; import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import java.security.cert.Certificate; import org.bouncycastle.asn1.x509.GeneralName;
import java.security.cert.CollectionCertStoreParameters; import org.bouncycastle.cms.CMSAlgorithm;
import java.security.cert.X509CertSelector; import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import java.security.cert.X509Certificate; import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import java.util.ArrayList; import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import java.util.Collection; import org.bouncycastle.operator.OutputEncryptor;
import java.util.Enumeration;
import java.util.List;
import javax.mail.Address; import javax.mail.Address;
import javax.mail.internet.InternetAddress; import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart; import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage; import javax.mail.internet.MimeMessage;
import java.security.KeyStore;
import org.bouncycastle.asn1.x509.GeneralName; import java.security.cert.*;
import org.bouncycastle.cms.CMSAlgorithm; import java.util.ArrayList;
import org.bouncycastle.cms.RecipientInfoGenerator; import java.util.Collection;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; import java.util.Enumeration;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; import java.util.List;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.operator.OutputEncryptor;
/** /**
* S/MIME encryption using the new BouncyCastle 1.46 APIs. * S/MIME encryption using the new BouncyCastle 1.46 APIs.
@ -57,12 +53,11 @@ public class SMIMEEncrypt {
/** /**
* Creates a new SMIMEEncrypt instance. * Creates a new SMIMEEncrypt instance.
* *
* @param keystore * @param keystore key store to use for recipient certificates
* key store to use for recipient certificates
*/ */
public SMIMEEncrypt(KeyStore keystore) { public SMIMEEncrypt(KeyStore keystore) {
List<Certificate> certificates = new ArrayList<Certificate>(); List<Certificate> certificates = new ArrayList<>();
try { try {
Enumeration<String> aliases = keystore.aliases(); Enumeration<String> aliases = keystore.aliases();
@ -85,19 +80,19 @@ public class SMIMEEncrypt {
/** /**
* Encrypts a MimeMessage to all its recipients. * Encrypts a MimeMessage to all its recipients.
* *
* @param message * @param message MIME message to encrypt
* MIME message to encrypt
* @return encrypted S/MIME message * @return encrypted S/MIME message
* @throws Exception * @throws Exception if an error occurs
* if an error occurs
*/ */
public MimeMessage encryptMessage(MimeMessage message) throws Exception { public MimeMessage encryptMessage(MimeMessage message) throws Exception {
SMIMEEnvelopedGenerator smeg = new SMIMEEnvelopedGenerator(); SMIMEEnvelopedGenerator smeg = new SMIMEEnvelopedGenerator();
for (Address recipient : message.getAllRecipients()) { for (Address recipient : message.getAllRecipients()) {
Collection<? extends Certificate> certificates = getCertificates((InternetAddress) recipient); Collection<? extends Certificate> certificates = getCertificates((InternetAddress) recipient);
for (Certificate cert : certificates) { for (Certificate cert : certificates) {
RecipientInfoGenerator recipientInfoGen = new JceKeyTransRecipientInfoGenerator( RSAESOAEPparams params = new RSAESOAEPparams();
(X509Certificate) cert); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, params);
JceKeyTransRecipientInfoGenerator recipientInfoGen = new JceKeyTransRecipientInfoGenerator((X509Certificate) cert, algorithmIdentifier);
recipientInfoGen.setAlgorithmMapping(PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA/OAEP");
smeg.addRecipientInfoGenerator(recipientInfoGen); smeg.addRecipientInfoGenerator(recipientInfoGen);
} }
} }
@ -113,12 +108,10 @@ public class SMIMEEncrypt {
/** /**
* Helper method for getting certificates from a keystore. * Helper method for getting certificates from a keystore.
* *
* @param recipient * @param recipient recipient address
* recipient address
* @return X.509 certificate for recipient * @return X.509 certificate for recipient
* @throws Exception * @throws Exception if an error occurs
* if an error occurs
*/ */
private Collection<? extends Certificate> getCertificates( private Collection<? extends Certificate> getCertificates(
InternetAddress recipient) throws Exception { InternetAddress recipient) throws Exception {

27
src/main/java/info/dittberner/jcajceprovidertest/sectest/ListAlgorithmNames.java Normal file
View file

@ -0,0 +1,27 @@
package info.dittberner.jcajceprovidertest.sectest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.security.Provider;
import java.security.Security;
/**
* Utility to list all available Security providers and their implemented algorithm names.
*
* @author Jan Dittberner &lt;<a href="mailto:jan@dittberner.info>jan@dittberner.info</a>&gt;
*/
public class ListAlgorithmNames {
public static void main(String[] args) {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
for (Provider provider : Security.getProviders()) {
System.out.println("Provider: " + provider.getName());
for (Provider.Service service : provider.getServices()) {
System.out.println(" Algorithm: " + service.getAlgorithm());
}
}
}
}

149
src/test/java/de/communardo/jdi/bcsmime_demo/EncryptDecryptTest.java → src/test/java/info/dittberner/bcsmime_demo/EncryptDecryptTest.java
View file

@ -20,8 +20,30 @@
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
package de.communardo.jdi.bcsmime_demo; package info.dittberner.bcsmime_demo;
import junit.framework.TestCase;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import javax.mail.BodyPart;
import javax.mail.Message.RecipientType;
import javax.mail.MessagingException;
import javax.mail.Multipart;
import javax.mail.Session;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import java.io.IOException; import java.io.IOException;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.KeyPair; import java.security.KeyPair;
@ -29,49 +51,63 @@ import java.security.KeyPairGenerator;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.Security; import java.security.Security;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Date; import java.util.Date;
import javax.mail.BodyPart;
import javax.mail.MessagingException;
import javax.mail.Multipart;
import javax.mail.Session;
import javax.mail.Message.RecipientType;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import junit.framework.TestCase;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
/** /**
* Test Encryption and Decryption. * Test Encryption and Decryption.
* *
* @author Jan Dittberner &lt;<a href= * @author Jan Dittberner &lt;<a href=
* "mailto:jan.dittberner@t-systems.com>jan.dittberner@t-systems.com</a> * "mailto:jan.dittberner@t-systems.com>jan.dittberner@t-systems.com</a>
* & g t ; * & g t ;
*/ */
public class EncryptDecryptTest extends TestCase { public class EncryptDecryptTest extends TestCase {
String[][] testEntries = new String[][]{
new String[]{"test1", "testrecpt1@example.org", "Test Recipient 1"},
new String[]{"test2", "testrecpt2@example.org", "Test Recipient 2"}
};
private KeyStore keystore; private KeyStore keystore;
private class KeyEntryData {
private final X509CertificateHolder certificateHolder;
KeyPair keyPair;
private KeyEntryData(KeyPairGenerator kpg, String address) throws CertIOException, OperatorCreationException {
this.keyPair = kpg.generateKeyPair();
X500Name issuer = new X500Name(
String.format("CN=Test Recipient,emailAddress=%s", address));
//noinspection UnnecessaryLocalVariable
X500Name subject = issuer;
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
issuer, BigInteger.valueOf(System.currentTimeMillis()),
new Date(System.currentTimeMillis() - 50000), new Date(
System.currentTimeMillis() + 50000), subject,
keyPair.getPublic());
certificateBuilder.addExtension(Extension.basicConstraints, true,
new BasicConstraints(true));
certificateBuilder.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature
| KeyUsage.keyEncipherment));
certificateBuilder.addExtension(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(KeyPurposeId.id_kp_emailProtection));
certificateBuilder.addExtension(Extension.subjectAlternativeName,
false, new GeneralNames(new GeneralName(
GeneralName.rfc822Name, address)));
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA")
.build(keyPair.getPrivate());
this.certificateHolder = certificateBuilder.build(signer);
}
private Certificate getCertificate() throws CertificateException, CertIOException, OperatorCreationException {
return (new JcaX509CertificateConverter()).getCertificate(certificateHolder);
}
}
/** /**
* {@inheritDoc} * {@inheritDoc}
* *
* @see junit.framework.TestCase#setUp() * @see junit.framework.TestCase#setUp()
*/ */
@Override @Override
@ -86,35 +122,12 @@ public class EncryptDecryptTest extends TestCase {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048); kpg.initialize(2048);
KeyPair keypair = kpg.generateKeyPair();
X500Name issuer = new X500Name( for (String[] entry : testEntries) {
"CN=Test Recipient,emailAddress=testrecpt@example.org"); KeyEntryData keyEntryData = new KeyEntryData(kpg, entry[1]);
X500Name subject = issuer; keystore.setKeyEntry(entry[0], keyEntryData.keyPair.getPrivate(), "changeit".toCharArray(), new Certificate[]{keyEntryData.getCertificate()});
X509v3CertificateBuilder certbuilder = new JcaX509v3CertificateBuilder( }
issuer, BigInteger.valueOf(System.currentTimeMillis()),
new Date(System.currentTimeMillis() - 50000), new Date(
System.currentTimeMillis() + 50000), subject,
keypair.getPublic());
certbuilder.addExtension(X509Extension.basicConstraints, true,
new BasicConstraints(true));
certbuilder.addExtension(X509Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature
| KeyUsage.keyEncipherment));
certbuilder.addExtension(X509Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(KeyPurposeId.id_kp_emailProtection));
certbuilder.addExtension(X509Extension.subjectAlternativeName,
false, new GeneralNames(new GeneralName(
GeneralName.rfc822Name, "testrecpt@example.org")));
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA")
.build(keypair.getPrivate());
X509CertificateHolder certholder = certbuilder.build(signer);
keystore.setKeyEntry("test", keypair.getPrivate(), "changeit"
.toCharArray(),
new Certificate[] { (new JcaX509CertificateConverter())
.getCertificate(certholder) });
} }
} }
@ -137,11 +150,10 @@ public class EncryptDecryptTest extends TestCase {
} }
/** /**
* Creates a new MimeMessage with one Bodypart. * Creates a new MimeMessage with one body part.
* *
* @return MimeMessage instance * @return MimeMessage instance
* @throws MessagingException * @throws MessagingException on error creating the message
* on error creating the message
*/ */
private MimeMessage getNewMultipartMessage() throws MessagingException, private MimeMessage getNewMultipartMessage() throws MessagingException,
IOException { IOException {
@ -149,14 +161,15 @@ public class EncryptDecryptTest extends TestCase {
.getProperties())); .getProperties()));
message.setFrom(new InternetAddress("testsender@example.org", message.setFrom(new InternetAddress("testsender@example.org",
"Test Sender")); "Test Sender"));
message.addRecipient(RecipientType.TO, new InternetAddress( for (String[] entry : testEntries) {
"testrecpt@example.org", "Test Recipient")); message.addRecipient(RecipientType.TO, new InternetAddress(entry[1], entry[2]));
}
message.setSubject("Test subject"); message.setSubject("Test subject");
Multipart multipart = new MimeMultipart(); Multipart multipart = new MimeMultipart();
BodyPart textpart = new MimeBodyPart(); BodyPart textPart = new MimeBodyPart();
textpart.setText("Das ist ein Text"); textPart.setText("Das ist ein Text");
multipart.addBodyPart(textpart); multipart.addBodyPart(textPart);
message.setContent(multipart); message.setContent(multipart);
return message; return message;
} }
} }