org.apache.james.transport.mailets.smime
Class SMIMECheckSignature
java.lang.Object
org.apache.mailet.GenericMailet
org.apache.james.transport.mailets.smime.SMIMECheckSignature
- All Implemented Interfaces:
- org.apache.mailet.Mailet, org.apache.mailet.MailetConfig
public class SMIMECheckSignature
- extends org.apache.mailet.GenericMailet
Verifies the s/mime signature of a message. The s/mime signing ensure that
the private key owner is the real sender of the message. To be checked by
this mailet the s/mime signature must contain the actual signature, the
signer's certificate and optionally a set of certificate that can be used to
create a chain of trust that starts from the signer's certificate and leads
to a known trusted certificate.
This check is composed by two steps: firstly it's ensured that the signature
is valid, then it's checked if a chain of trust starting from the signer
certificate and that leads to a trusted certificate can be created. The first
check verifies that the the message has not been modified after the signature
was put and that the signer's certificate was valid at the time of the
signing. The latter should ensure that the signer is who he declare to be.
The results of the checks perfomed by this mailet are wrote as a mail
attribute which default name is org.apache.james.SMIMECheckSignature (it can
be changed using the mailet parameter mailAttribute
). After
the check this attribute will contain a list of SMIMESignerInfo object, one
for each message's signer. These objects contain the signer's certificate and
the trust path.
Optionally, specifying the parameter strip
, the signature of
the message can be stripped after the check. The message will become a
standard message without an attached s/mime signature.
The configuration parameter of this mailet are summerized below. The firsts
defines the location, the format and the password of the keystore containing
the certificates that are considered trusted. Note: only the trusted certificate
entries are read, the key ones are not.
- keyStoreType (default: jks): Certificate store format . "jks" is the
standard java certificate store format, but pkcs12 is also quite common and
compatible with standard email clients like Outlook Express and Thunderbird.
- keyStoreFileName (default: JAVA_HOME/jre/lib/security/cacert): Certificate
store path.
- keyStorePassword (default: ""): Certificate store password.
Other parameters configure the behavior of the mailet:
- strip (default: false): Defines if the s/mime signature of the message
have to be stripped after the check or not. Possible values are true and
false.
- mailAttribute (default: org.apache.james.SMIMECheckSignature):
specifies in which attribute the check results will be written.
- onlyTrusted (default: true): Usually a message signature to be
considered by this mailet as authentic must be valid and trusted. Setting
this mailet parameter to "false" the last condition is relaxed and also
"untrusted" signature are considered will be considered as authentic.
Method Summary |
void |
init()
|
void |
service(org.apache.mailet.Mail mail)
|
Methods inherited from class org.apache.mailet.GenericMailet |
arrayToString, checkInitParameters, destroy, getInitParameter, getInitParameter, getInitParameterNames, getMailetConfig, getMailetContext, getMailetInfo, getMailetName, init, log, log |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
trustedCertificateStore
protected KeyStoreHolder trustedCertificateStore
stripSignature
protected boolean stripSignature
onlyTrusted
protected boolean onlyTrusted
mailAttribute
protected java.lang.String mailAttribute
SMIMECheckSignature
public SMIMECheckSignature()
init
public void init()
throws javax.mail.MessagingException
- Overrides:
init
in class org.apache.mailet.GenericMailet
- Throws:
javax.mail.MessagingException
service
public void service(org.apache.mailet.Mail mail)
throws javax.mail.MessagingException
- Specified by:
service
in interface org.apache.mailet.Mailet
- Specified by:
service
in class org.apache.mailet.GenericMailet
- Throws:
javax.mail.MessagingException
- See Also:
Matcher.match(org.apache.mailet.Mail)
Copyright © 2008 The Apache Software Foundation. All Rights Reserved.