markenwerk / java-utils-mail-smime Goto Github PK

According to RFC 5751 (S/MIME 3.2), to determine if a message was signed or encrypted, the media type (primary-/sub type) value as well as its parameter smime-type should be taken into consideration:

3.2.2. The smime-type Parameter

 The application/pkcs7-mime content type defines the optional "smime-
 type" parameter.  The intent of this parameter is to convey details
 about the security applied (signed or enveloped) along with
 information about the contained content.

A little bit down an example is shown of a signed-only message:

A sample message would be:

  Content-Type: application/pkcs7-mime; smime-type=signed-data;name=smime.p7m

SmimeUtil doesn't look at smime-type at all when determining status and has resulted in incorrect status for a message of mine.

If you open a signed message in for example Outlook or Thunderbird, they will show a field right under "To:", named "Signed by:". After a lot of research, it turns out it is the subject of a certificate, the person's address to which the certificate was issued to.

I'll provide a pull-request that pulls out this subject from the first available certificate in the message (partially based on this SO answer):

X509Certificate cert = ...;

X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];

return IETFUtils.valueToString(cn.getFirst().getValue());

SMTPMessage is a subclass of MimeMessage, also provided by Java Mail, which provides some extra options.

How can I convert a signed MimeMessage into a SMTPMessage? The regular approach, gives an error with this library.

MimeMessage m = new SMTPMessage(signedMimeMessage)

nested exception is:
java.io.IOException: net.markenwerk.utils.mail.dkim.DkimException: Incompatible version v=spf1 -all.
at net.markenwerk.utils.mail.dkim.DkimSigner.sign(DkimSigner.java:424)
at net.markenwerk.utils.mail.dkim.DkimMessage.writeTo(DkimMessage.java:116)
at javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1887)
at javax.mail.internet.MimeMessage.(MimeMessage.java:252)
at com.sun.mail.smtp.SMTPMessage.(SMTPMessage.java:126)

Hi,

I use this library to read encrypted Emails. All emails are read without problems, except those from one client.

Said emails throw this exception:

net.markenwerk.utils.mail.smime.SmimeException: Malformed content. at net.markenwerk.utils.mail.smime.SmimeUtil.handledException(SmimeUtil.java:615) ~[utils-mail-smime-1.0.8.jar:na] at net.markenwerk.utils.mail.smime.SmimeUtil.decrypt(SmimeUtil.java:235) ~[utils-mail-smime-1.0.8.jar:na] at helpers.email.EmailFetcher.decryptMessageIfNecessary(EmailFetcher.java:293) [classes/:na] at helpers.email.EmailFetcher.processMessage(EmailFetcher.java:194) [classes/:na] at helpers.Converter.convertToPDF(Converter.java:59) [classes/:na] Caused by: org.bouncycastle.cms.CMSException: Malformed content. at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.mail.smime.SMIMEEnveloped.<init>(Unknown Source) ~[bcmail-jdk15on-1.56.jar:1.56.0.0] at net.markenwerk.utils.mail.smime.SmimeUtil.decrypt(SmimeUtil.java:225) ~[utils-mail-smime-1.0.8.jar:na] Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: org.bouncycastle.asn1.DERApplicationSpecific at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source) ~[bcprov-jdk15on-1.56.jar:1.56.0] at org.bouncycastle.asn1.cms.ContentInfo.getInstance(Unknown Source) ~[bcprov-jdk15on-1.56.jar:1.56.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0]

The emails are encrypted using RSA (2048) / AES (256). The email is decrypted in MS Outlook without problems.

I know the BouncyCastle library actually throws the exception (I already filed an issue there https://github.com/bcgit/bc-java/issues/462), but maybe somebody here can help too since I don't get any helpful answer there?

Thanks!

After searching online, this library as the simplest and best implementation of S/MIME support in Java I could find. Thank you for your work!

I've integrated it into our application, but have run into an issue related to the hard coded default DES_EDE3_CBC algorithm in SmimeUtil.prepareEncryptor(). Our use case requires us to use AES_256_CBC instead. I was able to work around this by creating SmimeUtil.encrypt(Session session, MimeMessage mimeMessage, X509Certificate certificate, ASN1ObjectIdentifier cmsAlgorithm)

Additionally, it may be worth adding some comments in the readme about how SmimeUtil.sign(...) will canonicalize EOL characters as a side-effect. This has the potential of corrupting attachments, as was the case for us. The work-around is to force a Base64 (or something else that will never have a newline) encoding of the attachment instead of allowing the default (7bit text in our case)

If you'd be interested in a pull request, I can try submitting one. It would be a first for me.

Thanks again for this library!