org.apache.james.transport.mailets.smime
Class SMIMECheckSignature

java.lang.Object
  org.apache.mailet.GenericMailet
      org.apache.james.transport.mailets.smime.SMIMECheckSignature

All Implemented Interfaces:

Mailet, MailetConfig

public class SMIMECheckSignature
extends GenericMailet

Verifies the s/mime signature of a message. The s/mime signing ensure that the private key owner is the real sender of the message. To be checked by this mailet the s/mime signature must contain the actual signature, the signer's certificate and optionally a set of certificate that can be used to create a chain of trust that starts from the signer's certificate and leads to a known trusted certificate.

This check is composed by two steps: firstly it's ensured that the signature is valid, then it's checked if a chain of trust starting from the signer certificate and that leads to a trusted certificate can be created. The first check verifies that the the message has not been modified after the signature was put and that the signer's certificate was valid at the time of the signing. The latter should ensure that the signer is who he declare to be.

The results of the checks perfomed by this mailet are wrote as a mail attribute which default name is org.apache.james.SMIMECheckSignature (it can be changed using the mailet parameter mailAttribute). After the check this attribute will contain a list of SMIMESignerInfo object, one for each message's signer. These objects contain the signer's certificate and the trust path.

Optionally, specifying the parameter strip, the signature of the message can be stripped after the check. The message will become a standard message without an attached s/mime signature.

The configuration parameter of this mailet are summerized below. The firsts defines the location, the format and the password of the keystore containing the certificates that are considered trusted. Note: only the trusted certificate entries are read, the key ones are not.

• keyStoreType (default: jks): Certificate store format . "jks" is the standard java certificate store format, but pkcs12 is also quite common and compatible with standard email clients like Outlook Express and Thunderbird.
• keyStoreFileName (default: JAVA_HOME/jre/lib/security/cacert): Certificate store path.
• keyStorePassword (default: ""): Certificate store password.

Other parameters configure the behavior of the mailet:

• strip (default: false): Defines if the s/mime signature of the message have to be stripped after the check or not. Possible values are true and false.
• mailAttribute (default: org.apache.james.SMIMECheckSignature): specifies in which attribute the check results will be written.
• onlyTrusted (default: true): Usually a message signature to be considered by this mailet as authentic must be valid and trusted. Setting this mailet parameter to "false" the last condition is relaxed and also "untrusted" signature are considered will be considered as authentic.

Field Summary

protected java.lang.String	mailAttribute
protected boolean	onlyTrusted
protected boolean	stripSignature
protected KeyStoreHolder	trustedCertificateStore

Constructor Summary

SMIMECheckSignature()

Method Summary

void	init() A convenience method which can be overridden so that there's no need to call super.init(config).
void	service(Mail mail) Called by the mailet container to allow the mailet to process a message.

Methods inherited from class org.apache.mailet.GenericMailet

destroy, getInitParameter, getInitParameter, getInitParameterNames, getMailetConfig, getMailetContext, getMailetInfo, getMailetName, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

trustedCertificateStore

protected KeyStoreHolder trustedCertificateStore

stripSignature

protected boolean stripSignature

onlyTrusted

protected boolean onlyTrusted

mailAttribute

protected java.lang.String mailAttribute

Constructor Detail

SMIMECheckSignature

public SMIMECheckSignature()

Method Detail

init

public void init()
          throws javax.mail.MessagingException

Description copied from class: GenericMailet

A convenience method which can be overridden so that there's no need to call super.init(config).

Instead of overriding init(MailetConfig), simply override this method and it will be called by GenericMailet.init(MailetConfig config). The MailetConfig object can still be retrieved via getMailetConfig().

Overrides:

init in class GenericMailet

Throws:

javax.mail.MessagingException - if an exception occurs that interrupts the mailet's normal operation

service

public void service(Mail mail)
             throws javax.mail.MessagingException

Description copied from class: GenericMailet

Called by the mailet container to allow the mailet to process a message.

This method is declared abstract so subclasses must override it.

Specified by:

service in interface Mailet

Specified by:

service in class GenericMailet

Parameters:

mail - - the Mail object that contains the MimeMessage and routing information

Throws:

javax.mail.MessagingException - - if an exception occurs that interferes with the mailet's normal operation

See Also:

Matcher.match(org.apache.mailet.Mail)