org.apache.james.jdkim.IscheduleDKIMSigner Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of apache-jdkim-library Show documentation
Show all versions of apache-jdkim-library Show documentation
A Java implementation for the DKIM specification.
/****************************************************************
* Licensed to the Apache Software Foundation (ASF) under one *
* or more contributor license agreements. See the NOTICE file *
* distributed with this work for additional information *
* regarding copyright ownership. The ASF licenses this file *
* to you under the Apache License, Version 2.0 (the *
* "License"); you may not use this file except in compliance *
* with the License. You may obtain a copy of the License at *
* *
* http://www.apache.org/licenses/LICENSE-2.0 *
* *
* Unless required by applicable law or agreed to in writing, *
* software distributed under the License is distributed on an *
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
* KIND, either express or implied. See the License for the *
* specific language governing permissions and limitations *
* under the License. *
****************************************************************/
package org.apache.james.jdkim;
import org.apache.commons.codec.binary.Base64;
import org.apache.james.jdkim.api.BodyHasher;
import org.apache.james.jdkim.api.Headers;
import org.apache.james.jdkim.api.SignatureRecord;
import org.apache.james.jdkim.exceptions.FailException;
import org.apache.james.jdkim.exceptions.PermFailException;
import org.apache.james.jdkim.impl.BodyHasherImpl;
import org.apache.james.jdkim.tagvalue.SignatureRecordImpl;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.List;
/** Variation on the DKIMSigner class which handles ischdule (http) data
*
*/
public class IscheduleDKIMSigner extends DKIMCommon {
private PrivateKey privateKey;
private String signatureRecordTemplate;
public IscheduleDKIMSigner(final PrivateKey privateKey) {
this("v=1; s=selector; d=example.com; " +
"h=content-type:ischedule-version:originator:recipient; " +
"a=rsa-sha256; bh=; b=;",
privateKey);
}
public IscheduleDKIMSigner(final String signatureRecordTemplate,
final PrivateKey privateKey) {
this.privateKey = privateKey;
this.signatureRecordTemplate = signatureRecordTemplate;
}
public SignatureRecord newSignatureRecordTemplate(final String record) {
return SignatureRecordImpl.forIschedule(record);
}
public BodyHasher newBodyHasher(final SignatureRecord signRecord)
throws PermFailException {
return new BodyHasherImpl(signRecord);
}
/**
* @param headers http headers
* @param is stream for content.
* @return the dkim signature header
* @throws IOException on error
* @throws FailException on error
*/
public String sign(final Headers headers,
final InputStream is) throws IOException, FailException {
try {
SignatureRecord srt = newSignatureRecordTemplate(signatureRecordTemplate);
BodyHasher bhj = newBodyHasher(srt);
// computation of the body hash.
DKIMCommon.streamCopy(is, bhj.getOutputStream());
return sign(headers, bhj);
} finally {
is.close();
}
}
public String sign(final Headers reqHeaders,
final BodyHasher bh) throws PermFailException {
if (!(bh instanceof BodyHasherImpl)) {
throw new PermFailException(
"Supplied BodyHasher has not been generated with this signer");
}
BodyHasherImpl bhj = (BodyHasherImpl) bh;
byte[] computedHash = bhj.getDigest();
bhj.getSignatureRecord().setBodyHash(computedHash);
List headers = bhj.getSignatureRecord().getHeaders();
try {
// TODO handle b= in SignatureRecord.
// whenever any tag is changed the b should be invalidated and the
// text representation lost.
// whenever the b value is regenerated it should also be associated
// with the right test representation.
// we need a method to "regenerate the text representation" and to
// retrieve it when it is valid.
byte[] signatureHash = signatureSign(reqHeaders, bhj
.getSignatureRecord(), privateKey, headers);
bhj.getSignatureRecord().setSignature(signatureHash);
return "DKIM-Signature:" + bhj.getSignatureRecord().toString();
} catch (InvalidKeyException e) {
throw new PermFailException("Invalid key: " + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
throw new PermFailException("Unknown algorithm: " + e.getMessage(),
e);
} catch (SignatureException e) {
throw new PermFailException("Signing exception: " + e.getMessage(),
e);
}
}
private byte[] signatureSign(final Headers h, final SignatureRecord sign,
final PrivateKey key, final List headers)
throws NoSuchAlgorithmException, InvalidKeyException,
SignatureException, PermFailException {
Signature signature = Signature.getInstance(sign.getHashMethod()
.toString().toUpperCase()
+ "with" + sign.getHashKeyType().toString().toUpperCase());
signature.initSign(key);
signatureCheck(h, sign, headers, signature);
return signature.sign();
}
/**
* Generate a PrivateKey from a Base64 encoded private key.
*
* In order to generate a valid PKCS8 key when you have a PEM key you can do
* this:
* openssl pkcs8 -topk8 -inform PEM -in rsapriv.pem -outform DER -nocrypt -out rsapriv.der
* And then base64 encode the content.
*
* @param privateKeyPKCS8
* a Base64 encoded string of the RSA key in PKCS8 format
* @return the PrivateKey
* @throws NoSuchAlgorithmException
* if RSA is unknown
* @throws InvalidKeySpecException
* on bad input key
*/
public static PrivateKey getPrivateKey(final String privateKeyPKCS8)
throws NoSuchAlgorithmException, InvalidKeySpecException {
byte[] encKey = Base64.decodeBase64(privateKeyPKCS8.getBytes());
// byte[] encKey = privateKey.getBytes();
PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(encKey);
KeyFactory keyFactory;
keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privKey = keyFactory.generatePrivate(privSpec);
return privKey;
}
}