IsX509CertificateSubject.javaAPI DocApache James 2.3.13671Fri Jan 12 12:56:32 GMT 2007org.apache.james.transport.matchers.smime


public class IsX509CertificateSubject extends org.apache.mailet.GenericMatcher

Checks if the subject of a X509Certificate contains the supplied string. The certificate is read from the specified mail attribute.

If the specified attribute contains more than one certificate the matcher matches if at least one of the certificates contains the given string.

Configuration string:

  • mailAttribute;string

Fields Summary
protected String
protected String
Constructors Summary
Methods Summary
public voidinit()

        String condition = getCondition();
        if(condition == null || condition.indexOf(";") == -1) 
            throw new MessagingException("Invalid matcher configuration: "+condition);
        int pos = condition.indexOf(";");
        sourceAttribute = condition.substring(0,pos).trim();
        check = condition.substring(pos+1, condition.length());
public java.util.Collectionmatch(org.apache.mailet.Mail mail)

        List certificates;
        Object obj = mail.getAttribute(sourceAttribute);
        if (obj != null) {
            if (obj instanceof X509Certificate) {
                certificates = Collections.singletonList(obj);
            } else {
                certificates = (List) obj;

            boolean valid = false;

            for (Iterator iter = certificates.iterator(); iter.hasNext();) {
                X509Certificate cert = (X509Certificate);

                // Here I should use the method getSubjectX500Principal, but
                // that would break the compatibility with jdk13.
                Principal prin = cert.getSubjectDN();
                // TODO: Maybe here a more strong check should be done ...
                if ((prin.toString().indexOf(check)) > 0) {
                    valid = true;

            if (valid) {
                return mail.getRecipients();
            } else {
                return null;
        } else {
            return null;