1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 package org.apache.james.mailet.crypto.mailet;
23
24 import java.io.IOException;
25 import java.security.cert.X509Certificate;
26 import java.util.ArrayList;
27 import java.util.Iterator;
28 import java.util.List;
29
30 import javax.mail.MessagingException;
31 import javax.mail.Multipart;
32 import javax.mail.internet.MimeBodyPart;
33 import javax.mail.internet.MimeMessage;
34 import javax.mail.internet.MimeMultipart;
35
36 import org.apache.james.mailet.crypto.KeyStoreHolder;
37 import org.apache.james.mailet.crypto.SMIMESignerInfo;
38 import org.apache.mailet.base.GenericMailet;
39 import org.apache.mailet.Mail;
40 import org.apache.mailet.MailetConfig;
41 import org.bouncycastle.cms.CMSException;
42 import org.bouncycastle.mail.smime.SMIMEException;
43 import org.bouncycastle.mail.smime.SMIMESigned;
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103 public class SMIMECheckSignature extends GenericMailet {
104
105 protected KeyStoreHolder trustedCertificateStore;
106
107 protected boolean stripSignature = false;
108 protected boolean onlyTrusted = true;
109
110 protected String mailAttribute = "org.apache.james.SMIMECheckSignature";
111
112 public SMIMECheckSignature() {
113 super();
114
115 }
116
117 public void init() throws MessagingException {
118 MailetConfig config = getMailetConfig();
119
120 String stripSignatureConf = config.getInitParameter("strip");
121 if (stripSignatureConf != null) stripSignature = Boolean.valueOf(stripSignatureConf).booleanValue();
122
123 String onlyTrustedConf = config.getInitParameter("onlyTrusted");
124 if (onlyTrustedConf != null) onlyTrusted = Boolean.valueOf(onlyTrustedConf).booleanValue();
125
126 String mailAttributeConf = config.getInitParameter("mailAttribute");
127 if (mailAttributeConf != null) mailAttribute = mailAttributeConf;
128
129
130 String type = config.getInitParameter("keyStoreType");
131 String file = config.getInitParameter("keyStoreFileName");
132 String password = config.getInitParameter("keyStorePassword");
133
134 try {
135 if (file != null) trustedCertificateStore = new KeyStoreHolder(file, password, type);
136 else {
137 log("No trusted store path specified, using default store.");
138 trustedCertificateStore = new KeyStoreHolder(password);
139 }
140 } catch (Exception e) {
141 throw new MessagingException("Error loading the trusted certificate store", e);
142 }
143
144 }
145
146
147
148 public void service(Mail mail) throws MessagingException {
149
150
151
152 MimeMessage message = mail.getMessage();
153
154
155 MimeBodyPart strippedMessage =null;
156
157 List signers=null;
158
159 try {
160 Object obj = message.getContent();
161 SMIMESigned signed;
162 if (obj instanceof MimeMultipart) signed = new SMIMESigned((MimeMultipart)message.getContent());
163 else if (obj instanceof SMIMESigned) signed = (SMIMESigned) obj;
164 else if (obj instanceof byte[]) signed = new SMIMESigned(message);
165 else signed = null;
166
167 if (signed != null) {
168 signers = trustedCertificateStore.verifySignatures(signed);
169 strippedMessage = signed.getContent();
170 } else log("Content not identified as signed");
171
172
173
174
175
176 } catch (CMSException e) {
177 log("Error during the analysis of the signed message", e);
178 signers = null;
179 } catch (IOException e) {
180 log("IO error during the analysis of the signed message", e);
181 signers = null;
182 } catch (SMIMEException e) {
183 log("Error during the analysis of the signed message", e);
184 signers = null;
185 } catch (Exception e) {
186 e.printStackTrace();
187 log("Generic error occured during the analysis of the message", e);
188 signers = null;
189 }
190
191
192
193 if (signers != null) {
194 ArrayList signerinfolist = new ArrayList();
195
196 for (Iterator iter = signers.iterator(); iter.hasNext();) {
197 SMIMESignerInfo info = (SMIMESignerInfo) iter.next();
198
199 if (info.isSignValid()
200 && (!onlyTrusted || info.getCertPath() != null)) {
201 signerinfolist.add((X509Certificate) info.getSignerCertificate());
202 }
203 }
204
205 if (signerinfolist.size() > 0) {
206 mail.setAttribute(mailAttribute, signerinfolist);
207 } else {
208
209 strippedMessage = null;
210 }
211 }
212
213 if (stripSignature && strippedMessage != null) {
214 try {
215 Object obj = strippedMessage.getContent();
216 if (obj instanceof Multipart) {
217 message.setContent((Multipart) obj);
218 } else {
219 message.setContent(obj, strippedMessage.getContentType());
220 }
221 message.saveChanges();
222 mail.setMessage(message);
223 } catch (Exception e) {
224 throw new MessagingException(
225 "Error during the extraction of the signed content from the message.",
226 e);
227 }
228 }
229 }
230
231 }