markenwerk / java-utils-mail-smime Goto Github PK
View Code? Open in Web Editor NEWA S/MIME library for JavaMail
License: Other
A S/MIME library for JavaMail
License: Other
According to RFC 5751 (S/MIME 3.2), to determine if a message was signed or encrypted, the media type (primary-/sub type) value as well as its parameter smime-type should be taken into consideration:
3.2.2. The smime-type Parameter
The application/pkcs7-mime content type defines the optional "smime- type" parameter. The intent of this parameter is to convey details about the security applied (signed or enveloped) along with information about the contained content.
A little bit down an example is shown of a signed-only message:
A sample message would be:
Content-Type: application/pkcs7-mime; smime-type=signed-data;name=smime.p7m
SmimeUtil
doesn't look at smime-type at all when determining status and has resulted in incorrect status for a message of mine.
If you open a signed message in for example Outlook or Thunderbird, they will show a field right under "To:", named "Signed by:". After a lot of research, it turns out it is the subject of a certificate, the person's address to which the certificate was issued to.
I'll provide a pull-request that pulls out this subject from the first available certificate in the message (partially based on this SO answer):
X509Certificate cert = ...;
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(cn.getFirst().getValue());
SMTPMessage is a subclass of MimeMessage, also provided by Java Mail, which provides some extra options.
How can I convert a signed MimeMessage into a SMTPMessage? The regular approach, gives an error with this library.
MimeMessage m = new SMTPMessage(signedMimeMessage)
nested exception is:
java.io.IOException: net.markenwerk.utils.mail.dkim.DkimException: Incompatible version v=spf1 -all.
at net.markenwerk.utils.mail.dkim.DkimSigner.sign(DkimSigner.java:424)
at net.markenwerk.utils.mail.dkim.DkimMessage.writeTo(DkimMessage.java:116)
at javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1887)
at javax.mail.internet.MimeMessage.(MimeMessage.java:252)
at com.sun.mail.smtp.SMTPMessage.(SMTPMessage.java:126)
Hi,
I use this library to read encrypted Emails. All emails are read without problems, except those from one client.
Said emails throw this exception:
net.markenwerk.utils.mail.smime.SmimeException: Malformed content. at net.markenwerk.utils.mail.smime.SmimeUtil.handledException(SmimeUtil.java:615) ~[utils-mail-smime-1.0.8.jar:na] at net.markenwerk.utils.mail.smime.SmimeUtil.decrypt(SmimeUtil.java:235) ~[utils-mail-smime-1.0.8.jar:na] at helpers.email.EmailFetcher.decryptMessageIfNecessary(EmailFetcher.java:293) [classes/:na] at helpers.email.EmailFetcher.processMessage(EmailFetcher.java:194) [classes/:na] at helpers.Converter.convertToPDF(Converter.java:59) [classes/:na] Caused by: org.bouncycastle.cms.CMSException: Malformed content. at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.mail.smime.SMIMEEnveloped.<init>(Unknown Source) ~[bcmail-jdk15on-1.56.jar:1.56.0.0] at net.markenwerk.utils.mail.smime.SmimeUtil.decrypt(SmimeUtil.java:225) ~[utils-mail-smime-1.0.8.jar:na] Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: org.bouncycastle.asn1.DERApplicationSpecific at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source) ~[bcprov-jdk15on-1.56.jar:1.56.0] at org.bouncycastle.asn1.cms.ContentInfo.getInstance(Unknown Source) ~[bcprov-jdk15on-1.56.jar:1.56.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0] at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source) ~[bcpkix-jdk15on-1.56.jar:1.56.0.0]
The emails are encrypted using RSA (2048) / AES (256). The email is decrypted in MS Outlook without problems.
I know the BouncyCastle library actually throws the exception (I already filed an issue there https://github.com/bcgit/bc-java/issues/462), but maybe somebody here can help too since I don't get any helpful answer there?
Thanks!
After searching online, this library as the simplest and best implementation of S/MIME support in Java I could find. Thank you for your work!
I've integrated it into our application, but have run into an issue related to the hard coded default DES_EDE3_CBC algorithm in SmimeUtil.prepareEncryptor()
. Our use case requires us to use AES_256_CBC instead. I was able to work around this by creating SmimeUtil.encrypt(Session session, MimeMessage mimeMessage, X509Certificate certificate, ASN1ObjectIdentifier cmsAlgorithm)
Additionally, it may be worth adding some comments in the readme about how SmimeUtil.sign(...)
will canonicalize EOL characters as a side-effect. This has the potential of corrupting attachments, as was the case for us. The work-around is to force a Base64 (or something else that will never have a newline) encoding of the attachment instead of allowing the default (7bit text in our case)
If you'd be interested in a pull request, I can try submitting one. It would be a first for me.
Thanks again for this library!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.