vincenzo 2004/08/21 08:01:03
Modified: src/java/org/apache/james/security KeyHolder.java
src/java/org/apache/james/transport/mailets
SMIMEAbstractSign.java
Log:
1) Better exception management.
2) Enhanced javadoc.
Revision Changes Path
1.4 +76 -12 james-server/src/java/org/apache/james/security/KeyHolder.java
Index: KeyHolder.java
===================================================================
RCS file: /home/cvs/james-server/src/java/org/apache/james/security/KeyHolder.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- KeyHolder.java 9 Aug 2004 08:09:09 -0000 1.3
+++ KeyHolder.java 21 Aug 2004 15:01:03 -0000 1.4
@@ -27,10 +27,11 @@
import org.bouncycastle.mail.smime.*;
/* the following 3 imports are needed if support for both jdk 1.3 and jdk 1.4+ is
needed */
-import java.security.cert.X509Certificate; // needed if jdk 1.3+, not needed if
jdk 1.4+
-import org.bouncycastle.jce.*; // needed for jdk 1.3
-import org.bouncycastle.jce.cert.*; // needed for jdk 1.3
-/* the following import should be used instead of the 3 above if no support for jdk
1.3 is needed, but only for jdk 1.4+ */
+import java.security.cert.X509Certificate; // needed for jdk 1.3
+import java.security.cert.CertificateException; // needed for jdk 1.3
+import org.bouncycastle.jce.*; // needed for jdk 1.3
+import org.bouncycastle.jce.cert.*; // needed for jdk 1.3
+/* the following import should be used instead of the 4 above if no support for jdk
1.3 is needed, but only for jdk 1.4+ */
//import java.security.cert.*;
import org.bouncycastle.mail.smime.*;
@@ -41,7 +42,6 @@
* <p>It has the role of being a simpler intermediate to the crypto libraries.
* Uses specifically the <a href="http://www.bouncycastle.org/";>Legion of the
Bouncy Castle</a>
* libraries, particularly for the SMIME activity.</p>
- * <b>Requires JDK 1.4+</b>
* @version CVS $Revision$ $Date$
* @since 2.2.1
*/
@@ -65,10 +65,13 @@
*
<code>security.provider.<i>n</i>=org.bouncycastle.jce.provider.BouncyCastleProvider</code>.
**/
public static class InitJCE {
- public static java.security.Provider bouncyCastleProvider = new
org.bouncycastle.jce.provider.BouncyCastleProvider();
+ private static java.security.Provider bouncyCastleProvider = new
org.bouncycastle.jce.provider.BouncyCastleProvider();
static {
java.security.Security.addProvider(bouncyCastleProvider);
}
+ /**
+ * Dummy static method to call in order to trigger the initialization by
the class loader.
+ */
public static void init() {
// NOP
}
@@ -94,9 +97,29 @@
}
/**
- * Creates a new instance of <CODE>KeyHolder</CODE> from [EMAIL PROTECTED]
java.security.KeyStore} related parameters.
- */
- public KeyHolder(String keyStoreFileName, String keyStorePassword, String
keyAlias, String keyAliasPassword, String keyStoreType) throws Exception {
+ * Creates a new instance of <CODE>KeyHolder</CODE> using [EMAIL PROTECTED]
java.security.KeyStore} related parameters.
+ * @param keyStoreFileName The (absolute) file name of the .keystore file to
load the keystore from.
+ * @param keyStorePassword The (optional) password used to check the integrity
of the keystore.
+ * If given, it is used to check the integrity of the keystore data,
+ * otherwise, if null, the integrity of the keystore is not checked.
+ * @param keyAlias The alias name of the key.
+ * If missing (is null) and if there is only one key in the keystore, will
default to it.
+ * @param keyAliasPassword The password of the alias for recovering the key.
+ * If missing (is null) will default to <I>keyStorePassword</I>. At least
one of the passwords must be provided.
+ * @param keyStoreType The type of keystore.
+ * If missing (is null) will default to the keystore type as specified in
the Java security properties file,
+ * or the string "jks" (acronym for "Java keystore") if no such property
exists.
+ * @throws java.security.KeyStoreException Thrown when the <I>keyAlias</I> is
specified and not found,
+ * or is not specified and either no alias is found or more than one is
found.
+ * @see java.security.KeyStore#getDefaultType
+ * @see java.security.KeyStore#getInstance(String)
+ * @see java.security.KeyStore#load
+ * @see java.security.KeyStore#getKey
+ * @see java.security.KeyStore#getCertificate
+ */
+ public KeyHolder(String keyStoreFileName, String keyStorePassword, String
keyAlias, String keyAliasPassword, String keyStoreType)
+ throws KeyStoreException, FileNotFoundException, IOException,
NoSuchAlgorithmException, InvalidAlgorithmParameterException,
+ CertificateException, UnrecoverableKeyException, NoSuchProviderException {
InitJCE.init();
@@ -112,10 +135,10 @@
if (aliases.hasMoreElements()) {
keyAlias = (String) aliases.nextElement();
} else {
- throw new KeyStoreException("No alias found in keystore.");
+ throw new KeyStoreException("No alias was found in keystore.");
}
if (aliases.hasMoreElements()) {
- throw new KeyStoreException("No <keyAlias> was given and more than
one alias found in keystore.");
+ throw new KeyStoreException("No <keyAlias> was given and more than
one alias was found in keystore.");
}
}
@@ -124,7 +147,13 @@
}
this.privateKey = (PrivateKey) keyStore.getKey(keyAlias,
keyAliasPassword.toCharArray());
+ if (this.privateKey == null) {
+ throw new KeyStoreException("The \"" + keyAlias + "\" PrivateKey alias
was not found in keystore.");
+ }
this.certificate = (X509Certificate) keyStore.getCertificate(keyAlias);
+ if (this.certificate == null) {
+ throw new KeyStoreException("The \"" + keyAlias + "\" X509Certificate
alias was not found in keystore.");
+ }
java.security.cert.Certificate[] certificateChain =
keyStore.getCertificateChain(keyAlias);
ArrayList certList = new ArrayList();
if (certificateChain == null) {
@@ -166,6 +195,11 @@
return this.certStore;
}
+ /**
+ * Creates an <CODE>SMIMESignedGenerator</CODE>. Includes a signer private key
and certificate,
+ * and a pool of certs and cerls (if any) to go with the signature.
+ * @return The generated SMIMESignedGenerator.
+ */
public SMIMESignedGenerator createGenerator() throws CertStoreException,
SMIMEException {
// create the generator for creating an smime/signed message
@@ -182,6 +216,11 @@
}
+ /**
+ * Generates a signed MimeMultipart from a MimeMessage.
+ * @param message The message to sign.
+ * @return The signed <CODE>MimeMultipart</CODE>.
+ */
public MimeMultipart generate(MimeMessage message) throws CertStoreException,
NoSuchAlgorithmException, NoSuchProviderException, SMIMEException {
@@ -193,6 +232,11 @@
}
+ /**
+ * Generates a signed MimeMultipart from a MimeBodyPart.
+ * @param content The content to sign.
+ * @return The signed <CODE>MimeMultipart</CODE>.
+ */
public MimeMultipart generate(MimeBodyPart content) throws CertStoreException,
NoSuchAlgorithmException, NoSuchProviderException, SMIMEException {
@@ -203,19 +247,36 @@
return generator.generate(content, "BC");
}
-
+
+ /**
+ * Extracts the signer <I>distinguished name</I> (DN) from an
<CODE>X509Certificate</CODE>.
+ * @param certificate The certificate to extract the information from.
+ * @return The requested information.
+ */
public static String getSignerDistinguishedName(X509Certificate certificate) {
return certificate.getSubjectDN().toString();
}
+ /**
+ * Extracts the signer <I>common name</I> (CN=) from an
<CODE>X509Certificate</CODE> <I>distinguished name</I>.
+ * @param certificate The certificate to extract the information from.
+ * @return The requested information.
+ * @see getSignerDistinguishedName(X509Certificate)
+ */
public static String getSignerCN(X509Certificate certificate) {
return extractAttribute(certificate.getSubjectDN().toString(), "CN=");
}
+ /**
+ * Extracts the signer <I>email address</I> (EMAILADDRESS=) from an
<CODE>X509Certificate</CODE> <I>distinguished name</I>.
+ * @param certificate The certificate to extract the information from.
+ * @return The requested information.
+ * @see getSignerDistinguishedName(X509Certificate)
+ */
public static String getSignerAddress(X509Certificate certificate) {
return extractAttribute(certificate.getSubjectDN().toString(),
"EMAILADDRESS=");
@@ -225,6 +286,7 @@
/**
* Getter for property signerDistinguishedName.
* @return Value of property signerDistinguishedName.
+ * @see getSignerDistinguishedName(X509Certificate)
*/
public String getSignerDistinguishedName() {
return getSignerDistinguishedName(getCertificate());
@@ -233,6 +295,7 @@
/**
* Getter for property signerCN.
* @return Value of property signerCN.
+ * @see getSignerCN(X509Certificate)
*/
public String getSignerCN() {
return getSignerCN(getCertificate());
@@ -241,6 +304,7 @@
/**
* Getter for property signerAddress.
* @return Value of property signerMailAddress.
+ * @see getSignerAddress(X509Certificate)
*/
public String getSignerAddress() {
return getSignerAddress(getCertificate());
1.4 +5 -2
james-server/src/java/org/apache/james/transport/mailets/SMIMEAbstractSign.java
Index: SMIMEAbstractSign.java
===================================================================
RCS file:
/home/cvs/james-server/src/java/org/apache/james/transport/mailets/SMIMEAbstractSign.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SMIMEAbstractSign.java 9 Aug 2004 08:09:10 -0000 1.3
+++ SMIMEAbstractSign.java 21 Aug 2004 15:01:03 -0000 1.4
@@ -55,11 +55,14 @@
* <li><debug>: if <CODE>true</CODE> some useful information is logged.
* The default is <CODE>false</CODE>.</li>
* <li><keyStoreFileName>: the [EMAIL PROTECTED] java.security.KeyStore} full
file name.</li>
- * <li><keyStorePassword>: the <CODE>KeyStore</CODE> password.</li>
+ * <li><keyStorePassword>: the <CODE>KeyStore</CODE> password.
+ * If given, it is used to check the integrity of the keystore data,
+ * otherwise, if null, the integrity of the keystore is not checked.</li>
* <li><keyAlias>: the alias name to use to search the Key using [EMAIL
PROTECTED] java.security.KeyStore#getKey}.
* The default is to look for the first and only alias in the keystore;
* if zero or more than one is found a [EMAIL PROTECTED]
java.security.KeyStoreException} is thrown.</li>
- * <li><keyAliasPassword>: the alias password. The default is to use the
<CODE>KeyStore</CODE> password.</li>
+ * <li><keyAliasPassword>: the alias password. The default is to use the
<CODE>KeyStore</CODE> password.
+ * At least one of the passwords must be provided.</li>
* <li><keyStoreType>: the type of the keystore. The default will use [EMAIL
PROTECTED] java.security.KeyStore#getDefaultType}.</li>
* <li><postmasterSigns>: if <CODE>true</CODE> the message will be signed
even if the sender is the Postmaster.
* The default is <CODE>false</CODE>.</li></li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
