Class SMIMECheckSignature

  extended by org.apache.mailet.GenericMailet
      extended by org.apache.james.transport.mailets.smime.SMIMECheckSignature
All Implemented Interfaces:
org.apache.mailet.Mailet, org.apache.mailet.MailetConfig

public class SMIMECheckSignature
extends org.apache.mailet.GenericMailet

Verifies the s/mime signature of a message. The s/mime signing ensure that the private key owner is the real sender of the message. To be checked by this mailet the s/mime signature must contain the actual signature, the signer's certificate and optionally a set of certificate that can be used to create a chain of trust that starts from the signer's certificate and leads to a known trusted certificate.

This check is composed by two steps: firstly it's ensured that the signature is valid, then it's checked if a chain of trust starting from the signer certificate and that leads to a trusted certificate can be created. The first check verifies that the the message has not been modified after the signature was put and that the signer's certificate was valid at the time of the signing. The latter should ensure that the signer is who he declare to be.

The results of the checks perfomed by this mailet are wrote as a mail attribute which default name is org.apache.james.SMIMECheckSignature (it can be changed using the mailet parameter mailAttribute). After the check this attribute will contain a list of SMIMESignerInfo object, one for each message's signer. These objects contain the signer's certificate and the trust path.

Optionally, specifying the parameter strip, the signature of the message can be stripped after the check. The message will become a standard message without an attached s/mime signature.

The configuration parameter of this mailet are summerized below. The firsts defines the location, the format and the password of the keystore containing the certificates that are considered trusted. Note: only the trusted certificate entries are read, the key ones are not.

Other parameters configure the behavior of the mailet:

Field Summary
protected  java.lang.String mailAttribute
protected  boolean onlyTrusted
protected  boolean stripSignature
protected  KeyStoreHolder trustedCertificateStore
Constructor Summary
Method Summary
 void init()
 void service(org.apache.mailet.Mail mail)
Methods inherited from class org.apache.mailet.GenericMailet
arrayToString, checkInitParameters, destroy, getInitParameter, getInitParameter, getInitParameterNames, getMailetConfig, getMailetContext, getMailetInfo, getMailetName, init, log, log
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail


protected KeyStoreHolder trustedCertificateStore


protected boolean stripSignature


protected boolean onlyTrusted


protected java.lang.String mailAttribute
Constructor Detail


public SMIMECheckSignature()
Method Detail


public void init()
          throws javax.mail.MessagingException
init in class org.apache.mailet.GenericMailet


public void service(org.apache.mailet.Mail mail)
             throws javax.mail.MessagingException
Specified by:
service in interface org.apache.mailet.Mailet
Specified by:
service in class org.apache.mailet.GenericMailet
See Also:

Copyright © 2008 The Apache Software Foundation. All Rights Reserved.