1 /****************************************************************
2 * Licensed to the Apache Software Foundation (ASF) under one *
3 * or more contributor license agreements. See the NOTICE file *
4 * distributed with this work for additional information *
5 * regarding copyright ownership. The ASF licenses this file *
6 * to you under the Apache License, Version 2.0 (the *
7 * "License"); you may not use this file except in compliance *
8 * with the License. You may obtain a copy of the License at *
9 * *
10 * http://www.apache.org/licenses/LICENSE-2.0 *
11 * *
12 * Unless required by applicable law or agreed to in writing, *
13 * software distributed under the License is distributed on an *
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
15 * KIND, either express or implied. See the License for the *
16 * specific language governing permissions and limitations *
17 * under the License. *
18 ****************************************************************/
19
20
21
22 package org.apache.james.mailet.crypto.matcher;
23
24 import java.security.Principal;
25 import java.security.cert.X509Certificate;
26 import java.util.Collection;
27 import java.util.Collections;
28 import java.util.Iterator;
29 import java.util.List;
30
31 import javax.mail.MessagingException;
32
33 import org.apache.mailet.base.GenericMatcher;
34 import org.apache.mailet.Mail;
35
36 /**
37 * <p>
38 * Checks if the subject of a X509Certificate contains the supplied string. The
39 * certificate is read from the specified mail attribute.
40 * </p><p>
41 * If the specified attribute contains more than one certificate the matcher matches if at
42 * least one of the certificates contains the given string.
43 * </p>
44 * <p>
45 * Configuration string:
46 * <ul>
47 * <li>mailAttribute;string</li>
48 * </ul>
49 *
50 */
51 public class IsX509CertificateSubject extends GenericMatcher {
52 protected String sourceAttribute;
53 protected String check;
54
55 public void init() throws MessagingException {
56 String condition = getCondition();
57 if(condition == null || condition.indexOf(";") == -1)
58 throw new MessagingException("Invalid matcher configuration: "+condition);
59
60 int pos = condition.indexOf(";");
61 sourceAttribute = condition.substring(0,pos).trim();
62 check = condition.substring(pos+1, condition.length());
63 }
64
65 public Collection match(Mail mail) throws MessagingException {
66 List certificates;
67
68 Object obj = mail.getAttribute(sourceAttribute);
69 if (obj != null) {
70 if (obj instanceof X509Certificate) {
71 certificates = Collections.singletonList(obj);
72 } else {
73 certificates = (List) obj;
74 }
75
76 boolean valid = false;
77
78 for (Iterator iter = certificates.iterator(); iter.hasNext();) {
79 X509Certificate cert = (X509Certificate) iter.next();
80
81 // Here I should use the method getSubjectX500Principal, but
82 // that would break the compatibility with jdk13.
83 Principal prin = cert.getSubjectDN();
84 // TODO: Maybe here a more strong check should be done ...
85 if ((prin.toString().indexOf(check)) > 0) {
86 valid = true;
87 }
88 }
89
90 if (valid) {
91 return mail.getRecipients();
92 } else {
93 return null;
94 }
95 } else {
96 return null;
97 }
98 }
99
100 }
101