Class SMIMECheckSignature

  extended by org.apache.mailet.base.GenericMailet
      extended by org.apache.james.mailet.crypto.mailet.SMIMECheckSignature
All Implemented Interfaces:
Mailet, MailetConfig

public class SMIMECheckSignature
extends GenericMailet

Verifies the s/mime signature of a message. The s/mime signing ensure that the private key owner is the real sender of the message. To be checked by this mailet the s/mime signature must contain the actual signature, the signer's certificate and optionally a set of certificate that can be used to create a chain of trust that starts from the signer's certificate and leads to a known trusted certificate.

This check is composed by two steps: firstly it's ensured that the signature is valid, then it's checked if a chain of trust starting from the signer certificate and that leads to a trusted certificate can be created. The first check verifies that the the message has not been modified after the signature was put and that the signer's certificate was valid at the time of the signing. The latter should ensure that the signer is who he declare to be.

The results of the checks perfomed by this mailet are wrote as a mail attribute which default name is org.apache.james.SMIMECheckSignature (it can be changed using the mailet parameter mailAttribute). After the check this attribute will contain a list of SMIMESignerInfo object, one for each message's signer. These objects contain the signer's certificate and the trust path.

Optionally, specifying the parameter strip, the signature of the message can be stripped after the check. The message will become a standard message without an attached s/mime signature.

The configuration parameter of this mailet are summerized below. The firsts defines the location, the format and the password of the keystore containing the certificates that are considered trusted. Note: only the trusted certificate entries are read, the key ones are not.

Other parameters configure the behavior of the mailet:

Field Summary
protected  String mailAttribute
protected  boolean onlyTrusted
protected  boolean stripSignature
protected  KeyStoreHolder trustedCertificateStore
Constructor Summary
Method Summary
 void init()
          A convenience method which can be overridden so that there's no need to call super.init(config).
 void service(Mail mail)
          Called by the mailet container to allow the mailet to process a message.
Methods inherited from class org.apache.mailet.base.GenericMailet
arrayToString, checkInitParameters, destroy, getInitParameter, getInitParameter, getInitParameter, getInitParameterNames, getMailetConfig, getMailetContext, getMailetInfo, getMailetName, init, log, log
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail


protected KeyStoreHolder trustedCertificateStore


protected boolean stripSignature


protected boolean onlyTrusted


protected String mailAttribute
Constructor Detail


public SMIMECheckSignature()
Method Detail


public void init()
          throws javax.mail.MessagingException
Description copied from class: GenericMailet

A convenience method which can be overridden so that there's no need to call super.init(config).

Instead of overriding init(MailetConfig), simply override this method and it will be called by GenericMailet.init(MailetConfig config). The MailetConfig object can still be retrieved via getMailetConfig().

init in class GenericMailet
javax.mail.MessagingException - if an exception occurs that interrupts the mailet's normal operation


public void service(Mail mail)
             throws javax.mail.MessagingException
Description copied from class: GenericMailet

Called by the mailet container to allow the mailet to process a message.

This method is declared abstract so subclasses must override it.

Specified by:
service in interface Mailet
Specified by:
service in class GenericMailet
mail - - the Mail object that contains the MimeMessage and routing information
javax.mail.MessagingException - if any error occurs which prevents the Mail processing from completing successfully
See Also:

Copyright © 2008-2012 The Apache Software Foundation. All Rights Reserved.