Java在安全环境(PCI-DSS)中发送邮件

时间:2018-08-28 15:56:23

标签: java security encryption javamail pci-compliance

我正处于被禁止提问的边缘,但是我确实需要对我现在面临的问题有所了解。

我编写了在安全(PCI-DSS)环境中生成报告并执行以下后期生成的代码:

  1. 邮政编码报告
  2. 电子邮件,&
  3. 通过SFTP到银行/内部。

第2点:电子邮件

我使用了Spring的包装器 JavaMailSender ,它具有以下配置:

@Configuration
public class EmailConfigurations {

  @Autowired
  Environment env;

  @Bean
  public JavaMailSender getJavaMailSender() {
    JavaMailSenderImpl mailSender = new JavaMailSenderImpl();
    mailSender.setHost(env.getProperty("spring.mail.host"));
    mailSender.setPort(Integer.parseInt(env.getProperty("spring.mail.port")));

    mailSender.setUsername(env.getProperty("spring.mail.username"));
    mailSender.setPassword(env.getProperty("spring.mail.password"));

    Properties props = mailSender.getJavaMailProperties();
    props.put("mail.transport.protocol", "smtp");
    props.put("mail.smtp.auth", "true");
    props.put("mail.smtp.starttls.enable", "true");
    props.put("mail.debug", "true");
    props.put("mail.smtp.ssl.protocols", "TLSv1.2");

    return mailSender;
  }

}

我已经编写了基本的邮件发送服务,该服务使用上面配置的bean发送邮件:

package org.something.not.working;

import java.io.IOException;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.List;
import javax.mail.BodyPart;
import javax.mail.MessagingException;
import javax.mail.Multipart;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mail.javamail.JavaMailSender;
import org.springframework.mail.javamail.MimeMessageHelper;
import org.springframework.stereotype.Service;
import com.innoviti.emi.file.model.EmailModel;
import com.innoviti.emi.file.service.IEmailService;
import com.innoviti.emi.file.utility.Properties;

@Service
public class EmailServiceImpl implements IEmailService {

  private static final Logger LOG = LoggerFactory.getLogger(EmailServiceImpl.class);

  @Autowired
  public JavaMailSender emailSender;

  @Autowired
  Properties properties;

  @Override
  public void sendMessageWithAttachment(EmailModel model, List<Path> pathToAttachment)
      throws MessagingException, IOException {
    MimeMessage message = emailSender.createMimeMessage();
    message.addRecipients(MimeMessage.RecipientType.TO,
        InternetAddress.parse(toRecipients(model.getTo())));
    message.setSubject(model.getSubject());
    message.setFrom(new InternetAddress(model.getFrom()));

    BodyPart messageBodyPart = new MimeBodyPart();
    messageBodyPart.setText(model.getText());

    Multipart multipart = new MimeMultipart();
    multipart.addBodyPart(messageBodyPart);

    if (pathToAttachment != null && !pathToAttachment.isEmpty()) {
      for (Path filePath : pathToAttachment) {
        MimeBodyPart attachPart = new MimeBodyPart();
        try {
          attachPart.attachFile(filePath.toFile().getCanonicalPath());
        } catch (IOException e) {
          LOG.error("IO error while attaching file to mail.", e);
          throw e;
        }
        multipart.addBodyPart(attachPart);
      }
    }
    message.setContent(multipart);
    emailSender.send(message);
    LOG.info("Request of email completed, {}", "for daily Emi Off Us files & SBI INCMS file.");
  }

  private String toRecipients(String[] tos) {
    if (tos == null || tos.length == 0)
      return null;
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < tos.length; i++) {
      sb.append(tos[i]).append(",");
    }
    return sb.toString().substring(0, sb.length() - 1);
  }

  @Override
  public void triggerMail(EmailModel model, Path attachment)
      throws MessagingException, IOException {
    List<Path> allAttachments = new ArrayList<>();
    if (attachment != null) {
      allAttachments.add(attachment);
    }
    this.sendMessageWithAttachment(model, allAttachments);
  }
}

所有在开发环境以及测试环境 UNLESS 中都运行良好,已将其转移到安全(PCI-DSS)环境中。

这是我得到的错误:

DEBUG SMTP: Found extension "CHUNKING", arg ""
DEBUG SMTP: Found extension "SMTPUTF8", arg ""
STARTTLS
220 2.0.0 Ready to start TLS
2018-08-23 06:40:00.993 ERROR 27545 [taskScheduler-7] --- c.i.emi.file.scheduler.EmailScheduler    : Line No. 47 : Error while fetching all files root path.
org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        java.net.SocketException: java.security.NoSuchAlgorithmException: Default SSLContext not available. Failed messages: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        java.net.SocketException: java.security.NoSuchAlgorithmException: Default SSLContext not available
        at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:432)
        at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:345)
        at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:340)
        at org.something.which.has.email.impl.EmailServiceImpl.sendMessageWithAttachment(EmailServiceImpl.java:68)
        at org.something.which.has.scheduler.EmailScheduler.shootEmail(EmailScheduler.java:45)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:65)
        at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
        at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:81)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.mail.MessagingException: Could not convert socket to TLS
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2064)
        at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:724)
        at javax.mail.Service.connect(Service.java:366)
        at org.springframework.mail.javamail.JavaMailSenderImpl.connectTransport(JavaMailSenderImpl.java:501)
        at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:421)
        ... 18 common frames omitted
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Default SSLContext not available
        at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:248)
        at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:270)
        at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:524)
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2059)
        ... 22 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: Default SSLContext not available
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
        at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
        at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
        at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:519)
        ... 23 common frames omitted

我真不知道该做什么。

为了复制它,在我的本地开发人员中,我在JAVA_HOME中更改了以下内容: ... jdk / jre / library / security / java.security

1。证书路径(CertPath)处理的算法限制:

  

//示例:
   // jdk.certpath.disabledAlgorithms = MD2,DSA,RSA keySize <2048

(added this) **jdk.certpath.disabledAlgorithms=MD2, DSA, SSLv3, RSA keySize < 3096**     
     

// jdk.certpath.disabledAlgorithms = MD2,MD5,SHA1 jdkCA和使用TLSServer,    // RSA keySize <1024,DSA keySize <1024,EC keySize <224

2。签名的JAR文件的算法限制:

  

// jdk.jar.disabledAlgorithms = MD2,MD5,RSA keySize <1024,DSA keySize <1024

(added this)  **jdk.jar.disabledAlgorithms=MD2, MD5, RC4, SSLv3, RSA keySize < 3096, DSA keySize < 3096**

3。安全套接字层/传输层安全性的算法限制     (SSL / TLS)处理:

(added this)  **jdk.tls.disabledAlgorithms=MD5, RC4, SSLv3, DSA, RSA keySize < 3096**
     

// jdk.tls.disabledAlgorithms = SSLv3,RC4,MD5withRSA,DH keySize <   1024,       EC键大小<224,DES40_CBC,RC4_40

  • 为什么?拥有类似于安全环境的东西。

  • 然后呢?错误是我发布堆栈跟踪信息后得到的。

  • 现在?我不确定。没头绪。

我应该以某种方式确保我使用的 SMTP gmail )应该理解这种环境吗? 如果是,那么如何

模仿类型应该是application/x-pkcs7-mime

请让我知道是否有人有想法!

Java版本-“ 1.8.0_162

0 个答案:

没有答案