Author: bago
Date: Fri Sep 17 21:01:53 2010
New Revision: 998322
URL: http://svn.apache.org/viewvc?rev=998322&view=rev
Log:
Return null on no DKIM-Signature found (JDKIM-22)
Better error reporting for signatures having signature times in the future.
Modified:
james/jdkim/trunk/mailets/src/test/java/org/apache/james/jdkim/mailets/DKIMSignTest.java
james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java
james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/FileBasedTest.java
james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/PerlDKIMTest.java
Modified:
james/jdkim/trunk/mailets/src/test/java/org/apache/james/jdkim/mailets/DKIMSignTest.java
URL:
http://svn.apache.org/viewvc/james/jdkim/trunk/mailets/src/test/java/org/apache/james/jdkim/mailets/DKIMSignTest.java?rev=998322&r1=998321&r2=998322&view=diff
==============================================================================
---
james/jdkim/trunk/mailets/src/test/java/org/apache/james/jdkim/mailets/DKIMSignTest.java
(original)
+++
james/jdkim/trunk/mailets/src/test/java/org/apache/james/jdkim/mailets/DKIMSignTest.java
Fri Sep 17 21:01:53 2010
@@ -137,7 +137,7 @@ public class DKIMSignTest extends TestCa
"v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYDaYKXzwVYwqWbLhmuJ66aTAN8wmDR+rfHE8HfnkSOax0oIoTM5zquZrTLo30870YMfYzxwfB6j/Nz3QdwrUD/t0YMYJiUKyWJnCKfZXHJBJ+yfRHr7oW+UW3cVo9CG2bBfIxsInwYe175g9UjyntJpWueqdEIo1c2bhv9Mp66QIDAQAB;",
"selector", "example.com");
try {
- new DKIMVerifier(mockPublicKeyRecordRetriever)
+ List<SignatureRecord> sr = new
DKIMVerifier(mockPublicKeyRecordRetriever)
.verify(new ByteArrayInputStream(res.getBytes()));
fail("Expecting signature to be ignored");
} catch (PermFailException e) {
Modified:
james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java
URL:
http://svn.apache.org/viewvc/james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java?rev=998322&r1=998321&r2=998322&view=diff
==============================================================================
---
james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java
(original)
+++
james/jdkim/trunk/main/src/main/java/org/apache/james/jdkim/DKIMVerifier.java
Fri Sep 17 21:01:53 2010
@@ -242,18 +242,15 @@ public class DKIMVerifier extends DKIMCo
*/
public List<SignatureRecord> verify(Headers messageHeaders,
InputStream bodyInputStream) throws IOException, FailException {
- // System.out.println(message.getFields("DKIM-Signature"));
List<String> fields = messageHeaders.getFields("DKIM-Signature");
- // if (fields.size() > 1) throw new RuntimeException("here we are!");
if (fields == null || fields.isEmpty()) {
- throw new PermFailException("DKIM-Signature field not found");
+ return null;
}
// For each DKIM-signature we prepare an hashjob.
// We calculate all hashes concurrently so to read
// the inputstream only once.
Map<String, BodyHasher> bodyHashJobs = new HashMap<String,
BodyHasher>();
- List<OutputStream> outputStreams = new LinkedList<OutputStream>();
Hashtable<String, FailException> signatureExceptions = new
Hashtable<String, FailException>();
for (Iterator<String> i = fields.iterator(); i.hasNext();) {
String signatureField = i.next();
@@ -275,10 +272,24 @@ public class DKIMVerifier extends DKIMCo
if (signatureRecord.getSignatureTimestamp() != null) {
long signedTime =
signatureRecord.getSignatureTimestamp().longValue();
long elapsed = (System.currentTimeMillis()/1000 -
signedTime);
- if (elapsed < 0) {
- // throw new IllegalStateException("Signature date
is "
- // + getTimeMeasure(elapsed) + " in the
future.");
- break;
+ if (elapsed < -3600*24*365*3) {
+ throw new PermFailException("Signature date is
more than "
+ + -elapsed/(3600*24*365) + " years in the
future.");
+ } else if (elapsed < -3600*24*30*3) {
+ throw new PermFailException("Signature date is
more than "
+ + -elapsed/(3600*24*30) + " months in the
future.");
+ } else if (elapsed < -3600*24*3) {
+ throw new PermFailException("Signature date is
more than "
+ + -elapsed/(3600*24) + " days in the
future.");
+ } else if (elapsed < -3600*3) {
+ throw new PermFailException("Signature date is
more than "
+ + -elapsed/3600 + " hours in the future.");
+ } else if (elapsed < -60*3) {
+ throw new PermFailException("Signature date is
more than "
+ + -elapsed/60 + " minutes in the future.");
+ } else if (elapsed < 0) {
+ throw new PermFailException("Signature date is "
+ + elapsed + " seconds in the future.");
}
}
@@ -300,7 +311,6 @@ public class DKIMVerifier extends DKIMCo
BodyHasher bhj = newBodyHasher(signatureRecord);
bodyHashJobs.put(signatureField, bhj);
- outputStreams.add(bhj.getOutputStream());
} else {
throw new PermFailException(
@@ -319,16 +329,27 @@ public class DKIMVerifier extends DKIMCo
} catch (SignatureException e) {
signatureExceptions.put(signatureField, new PermFailException(e
.getMessage(), e));
+ } catch (RuntimeException e) {
+ signatureExceptions.put(signatureField, new PermFailException(
+ "Unexpected exception processing signature", e));
}
}
OutputStream o;
if (bodyHashJobs.isEmpty()) {
- throw prepareException(signatureExceptions);
+ if (signatureExceptions.size() > 0) {
+ throw prepareException(signatureExceptions);
+ } else {
+ throw new PermFailException("Unexpected condition with
"+fields);
+ }
} else if (bodyHashJobs.size() == 1) {
o = ((BodyHasher) bodyHashJobs.values().iterator().next())
.getOutputStream();
} else {
+ List<OutputStream> outputStreams = new LinkedList<OutputStream>();
+ for (BodyHasher bhj : bodyHashJobs.values()) {
+ outputStreams.add(bhj.getOutputStream());
+ }
o = new CompoundOutputStream(outputStreams);
}
Modified:
james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/FileBasedTest.java
URL:
http://svn.apache.org/viewvc/james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/FileBasedTest.java?rev=998322&r1=998321&r2=998322&view=diff
==============================================================================
---
james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/FileBasedTest.java
(original)
+++
james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/FileBasedTest.java
Fri Sep 17 21:01:53 2010
@@ -19,6 +19,7 @@
package org.apache.james.jdkim;
+import org.apache.james.jdkim.api.SignatureRecord;
import org.apache.james.jdkim.exceptions.PermFailException;
import java.io.File;
@@ -27,6 +28,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URISyntaxException;
import java.net.URL;
+import java.util.List;
import junit.framework.Test;
import junit.framework.TestCase;
@@ -242,11 +244,12 @@ public class FileBasedTest extends TestC
"k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChRebhcm4h8BkIYHRxg1GlKLsDkwdrqkFJ8f88xHQ5Gf3NH4I4e06M3XQ+B4tWWK/rX0srwXFgrJPzKZK+x7gN89nmqyM+NNaM+Wm2C0GjTpx6639zK3bAAGYCm0L9lGD7PgDxpWok+YogH0Ml4acEwDw/cnhErAWAnX8doPliawIDAQAB");
try {
- new DKIMVerifier(pkr).verify(is);
+ List<SignatureRecord> res = new DKIMVerifier(pkr).verify(is);
+ if (getName().startsWith("NONE_"))
+ assertNull(res);
if (getName().startsWith("FAIL_"))
fail("Expected failure");
} catch (PermFailException e) {
- e.printStackTrace();
if (!getName().startsWith("FAIL_"))
fail(e.getMessage());
}
Modified:
james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/PerlDKIMTest.java
URL:
http://svn.apache.org/viewvc/james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/PerlDKIMTest.java?rev=998322&r1=998321&r2=998322&view=diff
==============================================================================
---
james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/PerlDKIMTest.java
(original)
+++
james/jdkim/trunk/main/src/test/java/org/apache/james/jdkim/PerlDKIMTest.java
Fri Sep 17 21:01:53 2010
@@ -27,11 +27,13 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URISyntaxException;
import java.net.URL;
+import java.util.List;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
+import org.apache.james.jdkim.api.SignatureRecord;
import org.apache.james.jdkim.exceptions.FailException;
/**
@@ -90,9 +92,10 @@ public class PerlDKIMTest extends TestCa
pkr = getPublicRecordRetriever();
boolean expectFailure = false;
+ boolean expectNull = false;
// DomainKey files
if (getName().indexOf("dk_") != -1)
- expectFailure = true;
+ expectNull = true;
// older spec version
else if (getName().indexOf("_ietf") != -1)
expectFailure = true;
@@ -109,7 +112,9 @@ public class PerlDKIMTest extends TestCa
expectFailure = true;
try {
- new DKIMVerifier(pkr).verify(is);
+ List<SignatureRecord> res = new DKIMVerifier(pkr).verify(is);
+ if (expectNull)
+ assertNull(res);
if (expectFailure)
fail("Failure expected!");
} catch (FailException e) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
