| === SMIMECheckSignature |
| |
| Verifies the s/mime signature of a message. The s/mime signing ensure that |
| the private key owner is the real sender of the message. To be checked by |
| this mailet the s/mime signature must contain the actual signature, the |
| signer's certificate and optionally a set of certificate that can be used to |
| create a chain of trust that starts from the signer's certificate and leads |
| to a known trusted certificate. |
| |
| This check is composed by two steps: firstly it's ensured that the signature |
| is valid, then it's checked if a chain of trust starting from the signer |
| certificate and that leads to a trusted certificate can be created. The first |
| check verifies that the the message has not been modified after the signature |
| was put and that the signer's certificate was valid at the time of the |
| signing. The latter should ensure that the signer is who he declare to be. |
| |
| The results of the checks perfomed by this mailet are wrote as a mail |
| attribute which default name is org.apache.james.SMIMECheckSignature (it can |
| be changed using the mailet parameter *mailAttribute*). After |
| the check this attribute will contain a list of SMIMESignerInfo object, one |
| for each message's signer. These objects contain the signer's certificate and |
| the trust path. |
| |
| Optionally, specifying the parameter *strip*, the signature of |
| the message can be stripped after the check. The message will become a |
| standard message without an attached s/mime signature. |
| |
| The configuration parameter of this mailet are summerized below. The firsts |
| defines the location, the format and the password of the keystore containing |
| the certificates that are considered trusted. Note: only the trusted certificate |
| entries are read, the key ones are not. |
| |
| |
| * keyStoreType (default: jks): Certificate store format . "jks" is the |
| standard java certificate store format, but pkcs12 is also quite common and |
| compatible with standard email clients like Outlook Express and Thunderbird. |
| * keyStoreFileName (default: JAVA_HOME/jre/lib/security/cacert): Certificate |
| store path. |
| * keyStorePassword (default: ""): Certificate store password. |
| |
| Other parameters configure the behavior of the mailet: |
| |
| * strip (default: false): Defines if the s/mime signature of the message |
| have to be stripped after the check or not. Possible values are true and |
| false. |
| * mailAttribute (default: org.apache.james.SMIMECheckSignature): |
| specifies in which attribute the check results will be written. |
| * onlyTrusted (default: true): Usually a message signature to be |
| considered by this mailet as authentic must be valid and trusted. Setting |
| this mailet parameter to "false" the last condition is relaxed and also |
| "untrusted" signature are considered will be considered as authentic. |