This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 41553be8cde4501ce16de1bced01e9359d68e61e Author: Tran Tien Duc <[email protected]> AuthorDate: Thu Jun 6 11:05:11 2019 +0700 JAMES-2146 Refactor Jmap signature handler --- .../james/jmap/crypto/JamesSignatureHandler.java | 42 ++++--------------- ...ider.java => JamesSignatureHandlerFixture.java} | 48 +++++----------------- .../jmap/crypto/JamesSignatureHandlerTest.java | 18 +------- .../james/jmap/crypto/SecurityKeyLoaderTest.java | 11 +---- .../james/jmap/crypto/SignedTokenFactoryTest.java | 3 +- .../james/jmap/crypto/SignedTokenManagerTest.java | 3 +- 6 files changed, 24 insertions(+), 101 deletions(-) diff --git a/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java b/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java index 82ee210..69b2441 100644 --- a/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java +++ b/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JamesSignatureHandler.java @@ -19,24 +19,14 @@ package org.apache.james.jmap.crypto; -import java.io.InputStream; import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; -import java.security.cert.Certificate; import java.util.Base64; -import java.util.Optional; import javax.inject.Inject; -import org.apache.james.filesystem.api.FileSystem; -import org.apache.james.jmap.JMAPConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -47,39 +37,21 @@ public class JamesSignatureHandler implements SignatureHandler { private static final Logger LOGGER = LoggerFactory.getLogger(JamesSignatureHandler.class); - public static final String ALIAS = "james"; public static final String ALGORITHM = "SHA1withRSA"; - public static final String JKS = "JKS"; - private final FileSystem fileSystem; - private final JMAPConfiguration jmapConfiguration; + private final SecurityKeyLoader keyLoader; - private PrivateKey privateKey; - private PublicKey publicKey; + private AsymmetricKeys securityKeys; @Inject - @VisibleForTesting JamesSignatureHandler(FileSystem fileSystem, JMAPConfiguration jmapConfiguration) { - this.fileSystem = fileSystem; - this.jmapConfiguration = jmapConfiguration; + @VisibleForTesting JamesSignatureHandler(SecurityKeyLoader keyLoader) { + this.keyLoader = keyLoader; } @Override public void init() throws Exception { - KeyStore keystore = KeyStore.getInstance(JKS); - InputStream fis = fileSystem.getResource(jmapConfiguration.getKeystore()); - char[] secret = jmapConfiguration.getSecret().toCharArray(); - keystore.load(fis, secret); - Certificate aliasCertificate = Optional - .ofNullable(keystore.getCertificate(ALIAS)) - .orElseThrow(() -> new KeyStoreException("Alias '" + ALIAS + "' keystore can't be found")); - - publicKey = aliasCertificate.getPublicKey(); - Key key = keystore.getKey(ALIAS, secret); - if (! (key instanceof PrivateKey)) { - throw new KeyStoreException("Provided key is not a PrivateKey"); - } - privateKey = (PrivateKey) key; + securityKeys = keyLoader.load(); } @Override @@ -87,7 +59,7 @@ public class JamesSignatureHandler implements SignatureHandler { Preconditions.checkNotNull(source); try { Signature javaSignature = Signature.getInstance(ALGORITHM); - javaSignature.initSign(privateKey); + javaSignature.initSign(securityKeys.getPrivateKey()); javaSignature.update(source.getBytes()); return Base64.getEncoder().encodeToString(javaSignature.sign()); } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { @@ -101,7 +73,7 @@ public class JamesSignatureHandler implements SignatureHandler { Preconditions.checkNotNull(signature); try { Signature javaSignature = Signature.getInstance(ALGORITHM); - javaSignature.initVerify(publicKey); + javaSignature.initVerify(securityKeys.getPublicKey()); javaSignature.update(source.getBytes()); return javaSignature.verify(Base64.getDecoder().decode(signature)); } catch (NoSuchAlgorithmException | InvalidKeyException e) { diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerFixture.java similarity index 58% rename from server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java rename to server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerFixture.java index c531581..392f50f 100644 --- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerProvider.java +++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerFixture.java @@ -19,19 +19,13 @@ package org.apache.james.jmap.crypto; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; import java.util.Optional; -import org.apache.james.filesystem.api.FileSystem; import org.apache.james.jmap.JMAPConfiguration; -import org.apache.james.jmap.JMAPConfiguration.Builder; -public class JamesSignatureHandlerProvider { +class JamesSignatureHandlerFixture { - private static final String JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + + static final String JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlChO/nlVP27MpdkG0Bh\n" + "16XrMRf6M4NeyGa7j5+1UKm42IKUf3lM28oe82MqIIRyvskPc11NuzSor8HmvH8H\n" + "lhDs5DyJtx2qp35AT0zCqfwlaDnlDc/QDlZv1CoRZGpQk1Inyh6SbZwYpxxwh0fi\n" + @@ -41,41 +35,19 @@ public class JamesSignatureHandlerProvider { "kwIDAQAB\n" + "-----END PUBLIC KEY-----"; - public JamesSignatureHandlerProvider() { - } - - public JamesSignatureHandler provide() throws Exception { - JamesSignatureHandler signatureHandler = new JamesSignatureHandler(newFileSystem(), - newConfigurationBuilder().build()); - signatureHandler.init(); - return signatureHandler; - } + static JamesSignatureHandler defaultSignatureHandler() { - public static Builder newConfigurationBuilder() { - return JMAPConfiguration.builder() + JMAPConfiguration jmapConfiguration = JMAPConfiguration.builder() .enable() + .jwtPublicKeyPem(Optional.of(JWT_PUBLIC_KEY)) .keystore("keystore") .secret("james72laBalle") - .jwtPublicKeyPem(Optional.of(JWT_PUBLIC_KEY)); - } - - public static FileSystem newFileSystem() { - return new FileSystem() { - @Override - public InputStream getResource(String url) throws IOException { - return ClassLoader.getSystemResourceAsStream(url); - } + .build(); - @Override - public File getFile(String fileURL) throws FileNotFoundException { - return null; - } + SecurityKeyLoader loader = new SecurityKeyLoader( + new ClassLoaderFileSystem(), + jmapConfiguration); - @Override - public File getBasedir() throws FileNotFoundException { - return null; - } - }; + return new JamesSignatureHandler(loader); } - } diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java index 8dc44de..5b3e4a2 100644 --- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java +++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JamesSignatureHandlerTest.java @@ -21,9 +21,6 @@ package org.apache.james.jmap.crypto; import static org.assertj.core.api.Assertions.assertThat; -import java.security.KeyStoreException; - -import org.apache.james.jmap.JMAPConfiguration; import org.junit.Before; import org.junit.Test; @@ -37,19 +34,8 @@ public class JamesSignatureHandlerTest { @Before public void setUp() throws Exception { - signatureHandler = new JamesSignatureHandlerProvider().provide(); - } - - @Test(expected = KeyStoreException.class) - public void initShouldThrowOnUnknownKeystore() throws Exception { - JMAPConfiguration jmapConfiguration = JamesSignatureHandlerProvider.newConfigurationBuilder() - .keystore("badAliasKeystore") - .secret("password") - .build(); - - JamesSignatureHandler signatureHandler = new JamesSignatureHandler(JamesSignatureHandlerProvider.newFileSystem(), - jmapConfiguration); - signatureHandler.init(); + signatureHandler = JamesSignatureHandlerFixture.defaultSignatureHandler(); + signatureHandler.init(); } @Test diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SecurityKeyLoaderTest.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SecurityKeyLoaderTest.java index 63c1acb..152f672 100644 --- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SecurityKeyLoaderTest.java +++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SecurityKeyLoaderTest.java @@ -19,6 +19,7 @@ package org.apache.james.jmap.crypto; +import static org.apache.james.jmap.crypto.JamesSignatureHandlerFixture.JWT_PUBLIC_KEY; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; @@ -31,16 +32,6 @@ import org.junit.jupiter.api.Test; class SecurityKeyLoaderTest { - private static final String JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlChO/nlVP27MpdkG0Bh\n" + - "16XrMRf6M4NeyGa7j5+1UKm42IKUf3lM28oe82MqIIRyvskPc11NuzSor8HmvH8H\n" + - "lhDs5DyJtx2qp35AT0zCqfwlaDnlDc/QDlZv1CoRZGpQk1Inyh6SbZwYpxxwh0fi\n" + - "+d/4RpE3LBVo8wgOaXPylOlHxsDizfkL8QwXItyakBfMO6jWQRrj7/9WDhGf4Hi+\n" + - "GQur1tPGZDl9mvCoRHjFrD5M/yypIPlfMGWFVEvV5jClNMLAQ9bYFuOc7H1fEWw6\n" + - "U1LZUUbJW9/CH45YXz82CYqkrfbnQxqRb2iVbVjs/sHopHd1NTiCfUtwvcYJiBVj\n" + - "kwIDAQAB\n" + - "-----END PUBLIC KEY-----"; - @Test void loadShouldThrowWhenWrongKeystore() throws Exception { JMAPConfiguration jmapConfiguration = JMAPConfiguration.builder() diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SignedTokenFactoryTest.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SignedTokenFactoryTest.java index dfe8c18..12d8aa9 100644 --- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SignedTokenFactoryTest.java +++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SignedTokenFactoryTest.java @@ -39,7 +39,8 @@ public class SignedTokenFactoryTest { @Before public void setUp() throws Exception { - JamesSignatureHandler signatureHandler = new JamesSignatureHandlerProvider().provide(); + JamesSignatureHandler signatureHandler = JamesSignatureHandlerFixture.defaultSignatureHandler(); + signatureHandler.init(); zonedDateTimeProvider = new FixedDateZonedDateTimeProvider(); toKenFactory = new SignedTokenFactory(signatureHandler, zonedDateTimeProvider); } diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SignedTokenManagerTest.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SignedTokenManagerTest.java index b31f0df..6614fde 100644 --- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SignedTokenManagerTest.java +++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/SignedTokenManagerTest.java @@ -44,7 +44,8 @@ public class SignedTokenManagerTest { @Before public void setUp() throws Exception { - JamesSignatureHandler signatureHandler = new JamesSignatureHandlerProvider().provide(); + JamesSignatureHandler signatureHandler = JamesSignatureHandlerFixture.defaultSignatureHandler(); + signatureHandler.init(); zonedDateTimeProvider = new FixedDateZonedDateTimeProvider(); tokenManager = new SignedTokenManager(signatureHandler, zonedDateTimeProvider); tokenFactory = new SignedTokenFactory(signatureHandler, zonedDateTimeProvider); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
