Sign E-Mails

Add S/MIME to e-mail templates for signing e-mails.

The required key pair shall be manageable via the GUI and the keys themself persisted in a DB. If no key pair is available (e.g. not uploaded yet), e-mails shall be send unsigned. Otherwise signed.

The public key shall be downloadable via a REST endpoint.

Their is always only be one key pair at the same time. Key pairs are deletable and can be replaced

Implementation

UI

• "Email-Templates" in the navigation bar on the left side became "Emails"
• The list-email-templates page became show-email-overview (incl renaming of backing bean)
• The show-email-overview uses p:panel to structurally separate the existing templates overview from the new signature overview
• The signature overview on the show-email-overview page features
  • A message if signature keys are available or not
  • A download button for the certificates
  • An edit button leading to a edit page (which is equivalent to the one for the templates)
  • A delete button leading to a confirmation page
  • Buttons are disabled, if the action makes no sense, e.g. certificate download without existing keys
• messages.properties for de, en und fr were updated

Management of crypto keys

• Keys are stored in a Java KeyStore
• Key stores are stored in the DB as base64 encoded blobs in the KeyStoreEntity; the DB data type is TEXT (Postgres)
• Key stores are discriminated by scenario using 'KeyStoreEntity.context' as unique attribute
• Key stores are usually accessed and used via the KeyStoreService
• Key stores and key entries are not encrypted at the moment
• Bouncy-Castle was used for Parsing from and Writing to PEM-formatted string