[jboss-jira] [JBoss JIRA] (WFLY-4621) RESTEasy SMIME doesn't work with WildFly current module setup
Weinan Li (JIRA)
issues at jboss.org
Mon May 11 14:51:20 EDT 2015
[ https://issues.jboss.org/browse/WFLY-4621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067039#comment-13067039 ]
Weinan Li commented on WFLY-4621:
---------------------------------
Patch for RESTEasy:
{code}
diff --git a/jaxrs/security/resteasy-crypto/pom.xml b/jaxrs/security/resteasy-crypto/pom.xml
index 2f36cc4..a78637e 100755
--- a/jaxrs/security/resteasy-crypto/pom.xml
+++ b/jaxrs/security/resteasy-crypto/pom.xml
@@ -52,15 +52,16 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcmail-jdk16</artifactId>
+ <artifactId>bcmail-jdk15on</artifactId>
</dependency>
<dependency>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
+ <groupId>com.sun.mail</groupId>
+ <artifactId>javax.mail</artifactId>
+ <version>1.5.3</version>
</dependency>
<dependency>
<groupId>org.apache.james</groupId>
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java
index a2bf663..0bc140e 100644
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java
@@ -2,6 +2,8 @@ package org.jboss.resteasy.security.smime;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
+import org.bouncycastle.cms.jcajce.JceKeyTransRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEUtil;
@@ -158,8 +160,9 @@ public class EnvelopedInputImpl implements EnvelopedInput
RecipientInformationStore recipients = m.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
+ JceKeyTransRecipient pKeyRecp = new JceKeyTransEnvelopedRecipient(pKey);
- decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(pKey, "BC"));
+ decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(pKeyRecp));
}
catch (Exception e1)
{
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java
index 18a214a..1ce2c63 100644
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java
@@ -2,6 +2,7 @@ package org.jboss.resteasy.security.smime;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.jboss.resteasy.util.GenericType;
@@ -157,7 +158,7 @@ public class MultipartSignedInputImpl implements SignedInput
SignerInformationStore signers = signed.getSignerInfos();
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next();
- return signer.verify(publicKey, "BC");
+ return (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey)));
}
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java
index a7a86d7..61db0fa 100644
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java
@@ -3,6 +3,8 @@ package org.jboss.resteasy.security.smime;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.SignerInformationVerifier;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.util.Base64;
import org.jboss.resteasy.util.GenericType;
@@ -20,7 +22,7 @@ import java.security.cert.X509Certificate;
* @author <a href="mailto:bill at burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class PKCS7SignatureInput<T>
+public class PKCS7SignatureInput<T>
{
private PublicKey publicKey;
private X509Certificate certificate;
@@ -206,7 +208,9 @@ public class PKCS7SignatureInput<T>
for (Object info : data.getSignerInfos().getSigners())
{
SignerInformation signer = (SignerInformation)info;
- if (signer.verify(certificate, "BC"))
+
+
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate)))
{
return true;
}
@@ -218,7 +222,7 @@ public class PKCS7SignatureInput<T>
for (Object info : data.getSignerInfos().getSigners())
{
SignerInformation signer = (SignerInformation)info;
- if (signer.verify(publicKey, "BC"))
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey)))
{
return true;
}
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java
index f64f196..548498a 100644
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java
@@ -1,10 +1,13 @@
package org.jboss.resteasy.security.smime;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessable;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
+import org.bouncycastle.cert.jcajce.JcaCertStore;
+import org.bouncycastle.cms.*;
+import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.bouncycastle.util.Store;
import org.jboss.resteasy.security.BouncyIntegration;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.WriterException;
@@ -24,7 +27,10 @@ import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
/**
* @author <a href="mailto:bill at burkecentral.com">Bill Burke</a>
@@ -70,8 +76,7 @@ public class PKCS7SignatureWriter implements MessageBodyWriter<SignedOutput>
}
}
- public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
+ public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertificateEncodingException {
ByteArrayOutputStream bodyOs = new ByteArrayOutputStream();
MessageBodyWriter writer = providers.getMessageBodyWriter(out.getType(), out.getGenericType(), null, out.getMediaType());
if (writer == null)
@@ -82,11 +87,27 @@ public class PKCS7SignatureWriter implements MessageBodyWriter<SignedOutput>
bodyHeaders.add("Content-Type", out.getMediaType().toString());
writer.writeTo(out.getEntity(), out.getType(), out.getGenericType(), null, out.getMediaType(), bodyHeaders, bodyOs);
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
- signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
+
+
+ ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(out.getPrivateKey());
+
+ signGen.addSignerInfoGenerator(
+ new JcaSignerInfoGeneratorBuilder(
+ new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
+ .build(sha1Signer, out.getCertificate()));
+
+ List certList = new ArrayList();
+ certList.add(out.getCertificate());
+ Store certs = new JcaCertStore(certList);
+ signGen.addCertificates(certs);
+
+// signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
+
//signGen.addCertificatesAndCRLs(certs);
- CMSProcessable content = new CMSProcessableByteArray(bodyOs.toByteArray());
+ CMSTypedData content = new CMSProcessableByteArray(bodyOs.toByteArray());
+
+ CMSSignedData signedData = signGen.generate(content, true);
- CMSSignedData signedData = signGen.generate(content, true, "BC");
return signedData.getEncoded();
}
}
diff --git a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java
index a4d711d..0e4cbd0 100644
--- a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java
+++ b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java
@@ -6,9 +6,7 @@ import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
+import org.bouncycastle.cms.jcajce.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
@@ -129,7 +127,8 @@ public class EnvelopedTest
OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC)
.setProvider("BC")
.build();
- gen.addKeyTransRecipient(cert);
+
+ gen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider("BC"));
//
// generate a MimeBodyPart object which encapsulates the content
@@ -219,7 +218,9 @@ public class EnvelopedTest
RecipientInformationStore recipients = m.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
- return SMIMEUtil.toMimeBodyPart(recipient.getContent(privateKey, "BC"));
+ JceKeyTransRecipient pKeyRecp = new JceKeyTransEnvelopedRecipient(privateKey);
+
+ return SMIMEUtil.toMimeBodyPart(recipient.getContent(pKeyRecp));
}
diff --git a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java
index 63f84e7..f8ee26e 100644
--- a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java
+++ b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java
@@ -4,6 +4,7 @@ import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
@@ -135,7 +136,7 @@ public class SignedTest
SignerInformationStore signers = signed.getSignerInfos();
Assert.assertEquals(1, signers.size());
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next();
- Assert.assertTrue(signer.verify(cert.getPublicKey(), "BC"));
+ Assert.assertTrue(signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert.getPublicKey())));
}
@Test
{code}
> RESTEasy SMIME doesn't work with WildFly current module setup
> -------------------------------------------------------------
>
> Key: WFLY-4621
> URL: https://issues.jboss.org/browse/WFLY-4621
> Project: WildFly
> Issue Type: Bug
> Components: REST
> Affects Versions: 9.0.0.CR1
> Reporter: Weinan Li
> Assignee: Stuart Douglas
>
> RESTEasy provides the functions of SMIME encryption and here is an example that can be deployed into WildFly:
> https://github.com/liweinan/digital-signatures/tree/master/smime
> And currently resteasy-crypto module doesn't work properly in WildFly unless applied the following patch:
> {code}
> power:modules weinanli$ git diff
> warning: LF will be replaced by CRLF in system/layers/base/org/bouncycastle/main/module.xml.
> The file will have its original line endings in your working directory.
> diff --git a/system/layers/base/org/bouncycastle/main/module.xml b/system/layers/base/org/bouncycastle/main/module.xml
> index 5d13395..83ae97c 100644
> --- a/system/layers/base/org/bouncycastle/main/module.xml
> +++ b/system/layers/base/org/bouncycastle/main/module.xml
> @@ -24,12 +24,17 @@
> <module xmlns="urn:jboss:module:1.3" name="org.bouncycastle">
> <resources>
> + <!--
> <resource-root path="bcprov-jdk15on-1.52.jar"/>
> <resource-root path="bcmail-jdk15on-1.52.jar"/>
> + -->
> + <resource-root path="bcprov-jdk16-1.46.jar"/>
> + <resource-root path="bcmail-jdk16-1.46.jar"/>
> <resource-root path="bcpkix-jdk15on-1.52.jar"/>
> </resources>
> <dependencies>
> <module name="javax.api"/>
> + <module name="javax.mail.api"/>
> + <module name="javax.activation.api"/>
> </dependencies>
> -
> </module>
> {code}
> After applying the above patch then the example can pass all the tests:
> {code}
> power:smime weinanli$ mvn -q clean package
> Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=128m; support was removed in 8.0
> power:smime weinanli$ mvn -q wildfly:deploy
> Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=128m; support was removed in 8.0
> May 11, 2015 9:24:27 PM org.xnio.Xnio <clinit>
> INFO: XNIO version 3.3.0.Final
> May 11, 2015 9:24:27 PM org.xnio.nio.NioXnio <clinit>
> INFO: XNIO NIO Implementation Version 3.3.0.Final
> May 11, 2015 9:24:27 PM org.jboss.remoting3.EndpointImpl <clinit>
> INFO: JBoss Remoting version 4.0.7.Final
> power:smime weinanli$ mvn -q integration-test
> Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=128m; support was removed in 8.0
> -------------------------------------------------------
> T E S T S
> -------------------------------------------------------
> Running org.jboss.resteasy.tests.smime.SMIMETest
> Encrypted Message From Server:
> Customer{name='Bill'}
> Signed Message From Server:
> Customer{name='Bill'}
> Customer{name='Bill'}
> Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.682 sec - in org.jboss.resteasy.tests.smime.SMIMETest
> Results :
> Tests run: 6, Failures: 0, Errors: 0, Skipped: 0
> power:smime weinanli$
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list