| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <html> |
| <head> |
| <title>Apache JAMES Crypto - Mailet and Matchers Reference</title> |
| <style type="text/css" media="all"> |
| @import url("./css/maven-base.css"); |
| @import url("./css/maven-theme.css"); |
| @import url("./css/site.css"); |
| </style> |
| <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> |
| <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> |
| </head> |
| <body class="composite"> |
| <div id="banner"> |
| <a href="index.html" id="bannerLeft"> |
| |
| <img src="images/james-crypto-mailets-logo.gif" alt="" /> |
| |
| </a> |
| <a href="http://www.apache.org/index.html" id="bannerRight"> |
| |
| <img src="images/asf-logo-reduced.gif" alt="" /> |
| |
| </a> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="breadcrumbs"> |
| |
| |
| |
| |
| |
| |
| |
| <div class="xleft"> |
| Last Published: 09/06/2009 |
| </div> |
| <div class="xright"> <a href="../../index.html">JAMES Project</a> |
| | |
| <a href="../../imap/index.html">IMAP</a> |
| | |
| <a href="../../jsieve/index.html">JSieve</a> |
| | |
| <a href="../../jspf/index.html">jSPF</a> |
| | |
| <a href="../../mime4j/index.html">Mime4J</a> |
| | |
| <a href="../../mailet/index.html">Mailets</a> |
| | |
| <a href="../../mpt/index.html">MPT</a> |
| | |
| <a href="../../server/index.html">Server</a> |
| | |
| <a href="../../postage/index.html">Postage</a> |
| |
| |
| |
| |
| |
| |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="leftColumn"> |
| <div id="navcolumn"> |
| |
| |
| |
| |
| |
| |
| |
| <h5>Cryptography Mailets</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="index.html">Overview</a> |
| </li> |
| |
| <li class="none"> |
| <a href="conf.html">Configuration</a> |
| </li> |
| |
| <li class="none"> |
| <strong>Catalog</strong> |
| </li> |
| |
| <li class="none"> |
| <a href="release-notes.html">Release Notes</a> |
| </li> |
| |
| <li class="none"> |
| <a href="doap_apache-crypto-mailets.rdf">DOAP</a> |
| </li> |
| </ul> |
| <h5>Mailet</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="http://james.apache.org/mailet/api">API</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://james.apache.org/mailet/base">Basic Toolkit</a> |
| </li> |
| |
| <li class="none"> |
| <a href="">Crypto</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://james.apache.org/jsieve/mailet/index.html">Sieve</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://james.apache.org/mailet/maven-mailetdocs-plugin">MailetDocs</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://james.apache.org/mailet/standard">Standard</a> |
| </li> |
| </ul> |
| <h5>Project Documentation</h5> |
| <ul> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="collapsed"> |
| <a href="project-info.html">Project Information</a> |
| </li> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="expanded"> |
| <a href="project-reports.html">Project Reports</a> |
| <ul> |
| |
| <li class="none"> |
| <a href="apidocs/index.html">JavaDocs</a> |
| </li> |
| |
| <li class="none"> |
| <strong>Mailet Reference</strong> |
| </li> |
| |
| <li class="none"> |
| <a href="rat-report.html">RAT Report</a> |
| </li> |
| |
| <li class="none"> |
| <a href="xref/index.html">Source Xref</a> |
| </li> |
| |
| <li class="none"> |
| <a href="surefire-report.html">Surefire Report</a> |
| </li> |
| |
| <li class="none"> |
| <a href="taglist.html">Tag List</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <h5>Download</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="http://www.apache.org/licenses/LICENSE-2.0.txt">License</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../../download.cgi">Releases</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://people.apache.org/builds/james/nightly/">Nightly builds</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://hudson.zones.apache.org/hudson/view/James/">Latest (Continuous)</a> |
| </li> |
| </ul> |
| <h5>About James</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="../../index.html">Overview</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../../newsarchive.html">News</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../../mail.html">Mailing Lists</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../../contribute.html">Contributing</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../../guidelines.html">Project Guidelines</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://wiki.apache.org/james">Wiki</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../../weare.html">Who We Are</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../../license.html">License</a> |
| </li> |
| </ul> |
| <h5>Apache Software Foundation</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="http://jakarta.apache.org/site/getinvolved.html">Get Involved</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://apache.org/foundation/faq.html">FAQ</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://apache.org/foundation/sponsorship.html">Sponsorship</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://apache.org/foundation/contributing.html">Donations</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://apache.org/foundation/thanks.html">Thanks</a> |
| </li> |
| </ul> |
| <a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy"> |
| <img alt="Built by Maven" src="./images/logos/maven-feather.png"></img> |
| </a> |
| |
| |
| |
| |
| |
| |
| |
| </div> |
| </div> |
| <div id="bodyColumn"> |
| <div id="contentBox"> |
| <div class="section"><h2>Mailets and Matchers Reference</h2></div><table class="bodyTable"><tr class="a"><td><div class="section"><h3>Matchers</h3><ul><li><a href="#IsSMIMEEncrypted">IsSMIMEEncrypted</a></li><li><a href="#IsSMIMESigned">IsSMIMESigned</a></li><li><a href="#IsX509CertificateSubject">IsX509CertificateSubject</a></li></ul></div></td><td><div class="section"><h3>Mailets</h3><ul><li><a href="#SMIMECheckSignature">SMIMECheckSignature</a></li><li><a href="#SMIMEDecrypt">SMIMEDecrypt</a></li><li><a href="#SMIMESign">SMIMESign</a></li><li><a href="#Sign">Sign</a></li></ul></div></td></tr></table><div class="section"><h2>Matchers</h2><div class="section"><h3><a name="IsSMIMEEncrypted">IsSMIMEEncrypted</a></h3>Checks if a mail is smime encrypted.</div><div class="section"><h3><a name="IsSMIMESigned">IsSMIMESigned</a></h3>checks if a mail is smime signed.</div><div class="section"><h3><a name="IsX509CertificateSubject">IsX509CertificateSubject</a></h3><p> |
| Checks if the subject of a X509Certificate contains the supplied string. The |
| certificate is read from the specified mail attribute. |
| </p><p> |
| If the specified attribute contains more than one certificate the matcher matches if at |
| least one of the certificates contains the given string. |
| </p> |
| <p> |
| Configuration string: |
| <ul> |
| <li>mailAttribute;string</li> |
| </ul></div></div><div class="section"><h2>Mailets</h2><div class="section"><h3><a name="SMIMECheckSignature">SMIMECheckSignature</a></h3><p> |
| Verifies the s/mime signature of a message. The s/mime signing ensure that |
| the private key owner is the real sender of the message. To be checked by |
| this mailet the s/mime signature must contain the actual signature, the |
| signer's certificate and optionally a set of certificate that can be used to |
| create a chain of trust that starts from the signer's certificate and leads |
| to a known trusted certificate. |
| </p> |
| <p> |
| This check is composed by two steps: firstly it's ensured that the signature |
| is valid, then it's checked if a chain of trust starting from the signer |
| certificate and that leads to a trusted certificate can be created. The first |
| check verifies that the the message has not been modified after the signature |
| was put and that the signer's certificate was valid at the time of the |
| signing. The latter should ensure that the signer is who he declare to be. |
| </p> |
| <p> |
| The results of the checks perfomed by this mailet are wrote as a mail |
| attribute which default name is org.apache.james.SMIMECheckSignature (it can |
| be changed using the mailet parameter <code>mailAttribute</code>). After |
| the check this attribute will contain a list of SMIMESignerInfo object, one |
| for each message's signer. These objects contain the signer's certificate and |
| the trust path. |
| </p> |
| <p> |
| Optionally, specifying the parameter <code>strip</code>, the signature of |
| the message can be stripped after the check. The message will become a |
| standard message without an attached s/mime signature. |
| </p> |
| <p> |
| The configuration parameter of this mailet are summerized below. The firsts |
| defines the location, the format and the password of the keystore containing |
| the certificates that are considered trusted. Note: only the trusted certificate |
| entries are read, the key ones are not. |
| <ul> |
| <li>keyStoreType (default: jks): Certificate store format . "jks" is the |
| standard java certificate store format, but pkcs12 is also quite common and |
| compatible with standard email clients like Outlook Express and Thunderbird. |
| <li>keyStoreFileName (default: JAVA_HOME/jre/lib/security/cacert): Certificate |
| store path. |
| <li>keyStorePassword (default: ""): Certificate store password. |
| </ul> |
| Other parameters configure the behavior of the mailet: |
| <ul> |
| <li>strip (default: false): Defines if the s/mime signature of the message |
| have to be stripped after the check or not. Possible values are true and |
| false. |
| <li>mailAttribute (default: org.apache.james.SMIMECheckSignature): |
| specifies in which attribute the check results will be written. |
| <li>onlyTrusted (default: true): Usually a message signature to be |
| considered by this mailet as authentic must be valid and trusted. Setting |
| this mailet parameter to "false" the last condition is relaxed and also |
| "untrusted" signature are considered will be considered as authentic. |
| </ul> |
| </p></div><div class="section"><h3><a name="SMIMEDecrypt">SMIMEDecrypt</a></h3>This mailet decrypts a s/mime encrypted message. It takes as input an |
| encrypted message and it tries to dechiper it using the key specified in its |
| configuration. If the decryption is successful the mail will be changed and |
| it will contain the decrypted message. The mail attribute |
| <code>org.apache.james.SMIMEDecrypt</code> will contain the public |
| certificate of the key used in the process. |
| |
| The configuration parameters of this mailet are summarized below. The firsts |
| define the keystore where the key that will be used to decrypt messages is |
| saved. |
| <ul> |
| <li>keyStoreType (default: system dependent): defines the type of the store. |
| Usually jks, pkcs12 or pkcs7</li> |
| <li>keyStoreFileName (mandatory): private key store path.</li> |
| <li>keyStorePassword (default: ""): private key store password</li> |
| </ul> |
| The other parameters define which private key have to be used. (if the store |
| contains more than one key). |
| <ul> |
| <li>keyAlias: private key alias.</li> |
| <li>keyPass: private key password</li> |
| </ul></div><div class="section"><h3><a name="SMIMESign">SMIMESign</a></h3>Mailet Info: <b>SMIME Signature Mailet</b><br /><p>Puts a <I>server-side</I> SMIME signature on a message. |
| It is a concrete subclass of {@link Sign}, with very few modifications to it, |
| to specialize for SMIME.</p> |
| |
| <P>Handles the following init parameters (will comment only the differences from {@link AbstractSign}):</P> |
| <ul> |
| <li><debug>.</li> |
| <li><keyStoreFileName>.</li> |
| <li><keyStorePassword>.</li> |
| <li><keyAlias>.</li> |
| <li><keyAliasPassword>.</li> |
| <li><keyStoreType>.</li> |
| <li><postmasterSigns>. The default is <CODE>true</CODE>.</li> |
| <li><rebuildFrom>. The default is <CODE>true</CODE>.</li> |
| <li><signerName>.</li> |
| <li><explanationText>. There is a default explanation string template in English, |
| displaying also all the headers of the original message (see {@link #getExplanationText}).</li> |
| </ul></div><div class="section"><h3><a name="Sign">Sign</a></h3><p>Mailet Info: <b>Signature Mailet</b><br /></p><p><p>Puts a <I>server-side</I> signature on a message. |
| It is a concrete subclass of {@link AbstractSign}, with very few modifications to it.</p> |
| <p>A text file with an explanation text is attached to the original message, |
| and the resulting message with all its attachments is signed. |
| The resulting appearence of the message is almost unchanged: only an extra attachment |
| and the signature are added.</p> |
| <p>The kind of signuture depends on the value of the <keyHolderClass> init parameter. |
| |
| <P>Handles the following init parameters (will comment only the differences from {@link AbstractSign}):</P> |
| <ul> |
| <li><keyHolderClass>: Sets the class of the KeyHolder object that will handle the cryptography functions, |
| for example org.apache.james.security.SMIMEKeyHolder for SMIME.</li> |
| <li><debug>.</li> |
| <li><keyStoreFileName>.</li> |
| <li><keyStorePassword>.</li> |
| <li><keyAlias>.</li> |
| <li><keyAliasPassword>.</li> |
| <li><keyStoreType>.</li> |
| <li><postmasterSigns>. The default is <CODE>true</CODE>.</li> |
| <li><rebuildFrom>. The default is <CODE>true</CODE>.</li> |
| <li><signerName>.</li> |
| <li><explanationText>. There is a default explanation string template in English, |
| displaying also all the headers of the original message (see {@link #getExplanationText}).</li> |
| </ul></p></div></div> |
| </div> |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| <div id="footer"> |
| <div class="xright">© |
| 2008-2009 |
| |
| The Apache Software Foundation |
| |
| |
| |
| |
| |
| |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> |
| </script> |
| <script type="text/javascript"> |
| _uacct = "UA-1384591-1"; |
| urchinTracker(); |
| </script> |
| </body> |
| </html> |