JAMES-1856 Handle virtual users while signing
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/f3a7becb Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/f3a7becb Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/f3a7becb Branch: refs/heads/master Commit: f3a7becb9961ce4fc84647638ced66c78fc4cf68 Parents: 015c00e Author: Benoit Tellier <[email protected]> Authored: Mon Nov 14 14:26:04 2016 +0700 Committer: Benoit Tellier <[email protected]> Committed: Thu Nov 17 15:26:18 2016 +0700 ---------------------------------------------------------------------- .../java/org/apache/mailet/MailAddress.java | 4 +++ mailet/crypto/pom.xml | 9 ++++++ .../james/transport/mailets/AbstractSign.java | 34 ++++++++++++++++---- mailet/pom.xml | 6 ++++ 4 files changed, 46 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/f3a7becb/mailet/api/src/main/java/org/apache/mailet/MailAddress.java ---------------------------------------------------------------------- diff --git a/mailet/api/src/main/java/org/apache/mailet/MailAddress.java b/mailet/api/src/main/java/org/apache/mailet/MailAddress.java index 1416876..1d426d9 100644 --- a/mailet/api/src/main/java/org/apache/mailet/MailAddress.java +++ b/mailet/api/src/main/java/org/apache/mailet/MailAddress.java @@ -270,6 +270,10 @@ public class MailAddress implements java.io.Serializable { return localPart; } + public String asString() { + return localPart + "@" + domain; + } + @Override public String toString() { return localPart + "@" + domain; http://git-wip-us.apache.org/repos/asf/james-project/blob/f3a7becb/mailet/crypto/pom.xml ---------------------------------------------------------------------- diff --git a/mailet/crypto/pom.xml b/mailet/crypto/pom.xml index 5ab267d..07ccb08 100644 --- a/mailet/crypto/pom.xml +++ b/mailet/crypto/pom.xml @@ -44,6 +44,10 @@ <artifactId>mail</artifactId> </dependency> <dependency> + <groupId>javax.inject</groupId> + <artifactId>javax.inject</artifactId> + </dependency> + <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcmail-jdk15on</artifactId> </dependency> @@ -51,6 +55,11 @@ <groupId>org.apache.james</groupId> <artifactId>apache-mailet-base</artifactId> </dependency> + <dependency> + <groupId>org.apache.james</groupId> + <artifactId>james-server-data-api</artifactId> + <version>${project.version}</version> + </dependency> </dependencies> <build> http://git-wip-us.apache.org/repos/asf/james-project/blob/f3a7becb/mailet/crypto/src/main/java/org/apache/james/transport/mailets/AbstractSign.java ---------------------------------------------------------------------- diff --git a/mailet/crypto/src/main/java/org/apache/james/transport/mailets/AbstractSign.java b/mailet/crypto/src/main/java/org/apache/james/transport/mailets/AbstractSign.java index 84f95b6..6f9901b 100644 --- a/mailet/crypto/src/main/java/org/apache/james/transport/mailets/AbstractSign.java +++ b/mailet/crypto/src/main/java/org/apache/james/transport/mailets/AbstractSign.java @@ -23,11 +23,14 @@ package org.apache.james.transport.mailets; import org.apache.james.transport.KeyHolder; import org.apache.james.transport.SMIMEAttributeNames; +import org.apache.james.user.api.UsersRepository; +import org.apache.james.user.api.UsersRepositoryException; import org.apache.mailet.base.GenericMailet; import org.apache.mailet.Mail; import org.apache.mailet.MailAddress; import org.apache.mailet.base.RFC2822Headers; +import javax.inject.Inject; import javax.mail.MessagingException; import javax.mail.Session; import javax.mail.internet.InternetAddress; @@ -40,6 +43,9 @@ import java.io.IOException; import java.util.Enumeration; import java.lang.reflect.Constructor; +import com.google.common.base.Objects; +import com.google.common.base.Throwables; + /** * <P>Abstract mailet providing common SMIME signature services. * It can be subclassed to make authoring signing mailets simple. @@ -142,6 +148,9 @@ public abstract class AbstractSign extends GenericMailet { * Holds value of property signerName. */ private String signerName; + + @Inject + private UsersRepository usersRepository; /** * Gets the expected init parameters. @@ -564,20 +573,19 @@ public abstract class AbstractSign extends GenericMailet { // Is it a bounce? if (reversePath == null) { - log("Can not sign : no sender"); + log("Can not sign: no sender"); return false; } String authUser = (String) mail.getAttribute("org.apache.james.SMTPAuthUser"); // was the sender user SMTP authorized? if (authUser == null) { - log("Can not sign mail for sender " + mail.getSender() + " as he is not a SMTP authenticated user"); + log("Can not sign mail for sender <" + mail.getSender() + "> as he is not a SMTP authenticated user"); return false; } // The sender is the postmaster? - if (getMailetContext().getPostmaster() != null && - getMailetContext().getPostmaster().equals(reversePath)) { + if (Objects.equal(getMailetContext().getPostmaster(), reversePath)) { // should not sign postmaster sent messages? if (!isPostmasterSigns()) { log("Can not sign mails for postmaster"); @@ -585,8 +593,9 @@ public abstract class AbstractSign extends GenericMailet { } } else { // is the reverse-path user different from the SMTP authorized user? - if (!reversePath.getLocalPart().equals(authUser)) { - log("SMTP logged in as " + authUser + " but pretend to be sender " + mail.getSender()); + String username = getUsername(reversePath); + if (!username.equals(authUser)) { + log("SMTP logged in as <" + authUser + "> but pretend to be sender <" + username + ">"); return false; } // is there no "From:" address same as the reverse-path? @@ -606,7 +615,18 @@ public abstract class AbstractSign extends GenericMailet { return !isAlreadySigned; } - + + private String getUsername(MailAddress mailAddress) { + try { + if (usersRepository.supportVirtualHosting()) { + return mailAddress.asString(); + } + return mailAddress.getLocalPart(); + } catch (UsersRepositoryException e) { + throw Throwables.propagate(e); + } + } + /** * Creates the {@link javax.mail.internet.MimeBodyPart} that will be signed. * For example, may attach a text file explaining the meaning of the signature, http://git-wip-us.apache.org/repos/asf/james-project/blob/f3a7becb/mailet/pom.xml ---------------------------------------------------------------------- diff --git a/mailet/pom.xml b/mailet/pom.xml index 1183e55..fe212ca 100644 --- a/mailet/pom.xml +++ b/mailet/pom.xml @@ -40,6 +40,7 @@ <sourceReleaseAssemblyDescriptor>project</sourceReleaseAssemblyDescriptor> <plugin.mailetdocs.version>0.1</plugin.mailetdocs.version> <javax.version>1.4.4</javax.version> + <javax.inject.version>1</javax.inject.version> <junit.version>4.10</junit.version> <activation.version>1.1.1</activation.version> <commons-collections.version>3.2.1</commons-collections.version> @@ -96,6 +97,11 @@ <version>${activation.version}</version> </dependency> <dependency> + <groupId>javax.inject</groupId> + <artifactId>javax.inject</artifactId> + <version>${javax.inject.version}</version> + </dependency> + <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcmail-jdk15on</artifactId> <version>1.52</version> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
