JAMES-2437 When the publickey is missing in the keystore a NPE is thrown
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/b10fa18a Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/b10fa18a Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/b10fa18a Branch: refs/heads/master Commit: b10fa18aa252624ce178e064919d92c7929d7d50 Parents: 25e9a11 Author: Gautier DI FOLCO <[email protected]> Authored: Thu Jun 21 12:58:44 2018 +0200 Committer: benwa <[email protected]> Committed: Tue Jun 26 16:12:07 2018 +0700 ---------------------------------------------------------------------- .../jmap/crypto/JamesSignatureHandler.java | 16 ++++++--- .../crypto/JamesSignatureHandlerProvider.java | 33 ++++++++++++------- .../jmap/crypto/JamesSignatureHandlerTest.java | 17 +++++++++- .../jmap/src/test/resources/badAliasKeystore | Bin 0 -> 2246 bytes 4 files changed, 50 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/b10fa18a/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java ---------------------------------------------------------------------- diff --git a/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java b/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java index 5ba69b9..5d3dd4f 100644 --- a/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java +++ b/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java @@ -23,11 +23,14 @@ import java.io.InputStream; import java.security.InvalidKeyException; import java.security.Key; import java.security.KeyStore; +import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; +import java.security.cert.Certificate; +import java.util.Optional; import javax.inject.Inject; @@ -65,11 +68,16 @@ public class JamesSignatureHandler implements SignatureHandler { public void init() throws Exception { KeyStore keystore = KeyStore.getInstance(JKS); InputStream fis = fileSystem.getResource(jmapConfiguration.getKeystore()); - keystore.load(fis, jmapConfiguration.getSecret().toCharArray()); - publicKey = keystore.getCertificate(ALIAS).getPublicKey(); - Key key = keystore.getKey(ALIAS, jmapConfiguration.getSecret().toCharArray()); + char[] secret = jmapConfiguration.getSecret().toCharArray(); + keystore.load(fis, secret); + Certificate aliasCertificate = Optional + .ofNullable(keystore.getCertificate(ALIAS)) + .orElseThrow(() -> new KeyStoreException("Alias '" + ALIAS + "' keystore can't be found")); + + publicKey = aliasCertificate.getPublicKey(); + Key key = keystore.getKey(ALIAS, secret); if (! (key instanceof PrivateKey)) { - throw new Exception("Provided key is not a PrivateKey"); + throw new KeyStoreException("Provided key is not a PrivateKey"); } privateKey = (PrivateKey) key; } http://git-wip-us.apache.org/repos/asf/james-project/blob/b10fa18a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java ---------------------------------------------------------------------- diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java index b2b84bf..c531581 100644 --- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java +++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java @@ -27,8 +27,10 @@ import java.util.Optional; import org.apache.james.filesystem.api.FileSystem; import org.apache.james.jmap.JMAPConfiguration; +import org.apache.james.jmap.JMAPConfiguration.Builder; public class JamesSignatureHandlerProvider { + private static final String JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlChO/nlVP27MpdkG0Bh\n" + "16XrMRf6M4NeyGa7j5+1UKm42IKUf3lM28oe82MqIIRyvskPc11NuzSor8HmvH8H\n" + @@ -39,11 +41,29 @@ public class JamesSignatureHandlerProvider { "kwIDAQAB\n" + "-----END PUBLIC KEY-----"; + public JamesSignatureHandlerProvider() { + } + public JamesSignatureHandler provide() throws Exception { - FileSystem fileSystem = new FileSystem() { + JamesSignatureHandler signatureHandler = new JamesSignatureHandler(newFileSystem(), + newConfigurationBuilder().build()); + signatureHandler.init(); + return signatureHandler; + } + + public static Builder newConfigurationBuilder() { + return JMAPConfiguration.builder() + .enable() + .keystore("keystore") + .secret("james72laBalle") + .jwtPublicKeyPem(Optional.of(JWT_PUBLIC_KEY)); + } + + public static FileSystem newFileSystem() { + return new FileSystem() { @Override public InputStream getResource(String url) throws IOException { - return ClassLoader.getSystemResourceAsStream("keystore"); + return ClassLoader.getSystemResourceAsStream(url); } @Override @@ -56,15 +76,6 @@ public class JamesSignatureHandlerProvider { return null; } }; - JamesSignatureHandler signatureHandler = new JamesSignatureHandler(fileSystem, - JMAPConfiguration.builder() - .enable() - .keystore("keystore") - .secret("james72laBalle") - .jwtPublicKeyPem(Optional.of(JWT_PUBLIC_KEY)) - .build()); - signatureHandler.init(); - return signatureHandler; } } http://git-wip-us.apache.org/repos/asf/james-project/blob/b10fa18a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java ---------------------------------------------------------------------- diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java index 7aec75f..e885f41 100644 --- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java +++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java @@ -21,6 +21,9 @@ package org.apache.james.jmap.crypto; import static org.assertj.core.api.Assertions.assertThat; +import java.security.KeyStoreException; + +import org.apache.james.jmap.JMAPConfiguration; import org.junit.Before; import org.junit.Test; @@ -34,7 +37,19 @@ public class JamesSignatureHandlerTest { @Before public void setUp() throws Exception { - signatureHandler = new JamesSignatureHandlerProvider().provide(); + signatureHandler = new JamesSignatureHandlerProvider().provide(); + } + + @Test(expected = KeyStoreException.class) + public void initShouldThrowOnUnknownKeystore() throws Exception { + JMAPConfiguration jmapConfiguration = JamesSignatureHandlerProvider.newConfigurationBuilder() + .keystore("badAliasKeystore") + .secret("password") + .build(); + + JamesSignatureHandler signatureHandler = new JamesSignatureHandler(JamesSignatureHandlerProvider.newFileSystem(), + jmapConfiguration); + signatureHandler.init(); } @Test http://git-wip-us.apache.org/repos/asf/james-project/blob/b10fa18a/server/protocols/jmap/src/test/resources/badAliasKeystore ---------------------------------------------------------------------- diff --git a/server/protocols/jmap/src/test/resources/badAliasKeystore b/server/protocols/jmap/src/test/resources/badAliasKeystore new file mode 100644 index 0000000..0a4de22 Binary files /dev/null and b/server/protocols/jmap/src/test/resources/badAliasKeystore differ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
