SMIMEDecryptpublic class SMIMEDecrypt extends org.apache.mailet.GenericMailet This mailet decrypts a s/mime encrypted message. It takes as input an
encrypted message and it tries to dechiper it using the key specified in its
configuration. If the decryption is successful the mail will be changed and
it will contain the decrypted message. The mail attribute
org.apache.james.SMIMEDecrypt will contain the public
certificate of the key used in the process.
The configuration parameters of this mailet are summarized below. The firsts
define the keystore where the key that will be used to decrypt messages is
saved.
- keyStoreType (default: system dependent): defines the type of the store.
Usually jks, pkcs12 or pkcs7
- keyStoreFileName (mandatory): private key store path.
- keyStorePassword (default: ""): private key store password
The other parameters define which private key have to be used. (if the store
contains more than one key).
- keyAlias: private key alias.
- keyPass: private key password
|
| Fields Summary |
|---|
| private org.apache.james.security.KeyHolder | keyHolder | | protected String | mailAttribute |
| Methods Summary |
|---|
| public void | init()
super.init();
MailetConfig config = getMailetConfig();
String privateStoreType = config.getInitParameter("keyStoreType");
String privateStoreFile = config.getInitParameter("keyStoreFileName");
if (privateStoreFile == null) throw new MessagingException("No keyStoreFileName specified");
String privateStorePass = config.getInitParameter("keyStorePassword");
String keyAlias= config.getInitParameter("keyAlias");
String keyPass = config.getInitParameter("keyAliasPassword");
String mailAttributeConf = config.getInitParameter("mailAttribute");
if (mailAttributeConf != null) mailAttribute = mailAttributeConf;
try {
keyHolder = new KeyHolder(privateStoreFile, privateStorePass, keyAlias, keyPass, privateStoreType);
} catch (IOException e) {
throw new MessagingException("Error loading keystore", e);
} catch (GeneralSecurityException e) {
throw new MessagingException("Error loading keystore", e);
}
| | public void | service(org.apache.mailet.Mail mail)
MimeMessage message = mail.getMessage();
Part strippedMessage = null;
log("Starting message decryption..");
if (message.isMimeType("application/x-pkcs7-mime") || message.isMimeType("application/pkcs7-mime")) {
try {
SMIMEEnveloped env = new SMIMEEnveloped(message);
Collection recipients = env.getRecipientInfos().getRecipients();
for (Iterator iter = recipients.iterator();iter.hasNext();) {
RecipientInformation info = (RecipientInformation) iter.next();
RecipientId id = info.getRID();
if (id.match(keyHolder.getCertificate())) {
try {
MimeBodyPart part = SMIMEUtil.toMimeBodyPart(info.getContent(keyHolder.getPrivateKey(), "BC"));
// strippedMessage contains the decrypted message.
strippedMessage = part;
log("Encrypted message decrypted");
} catch (Exception e) {
throw new MessagingException("Error during the decryption of the message", e); }
} else {
log("Found an encrypted message but it isn't encrypted for the supplied key");
}
}
} catch (CMSException e) { throw new MessagingException("Error during the decryption of the message",e); }
}
// if the decryption has been successful..
if (strippedMessage != null) {
// I put the private key's public certificate as a mailattribute.
// I create a list of certificate because I want to minic the
// behavior of the SMIMEVerifySignature mailet. In that way
// it is possible to reuse the same matchers to analyze
// the result of the operation.
ArrayList list = new ArrayList(1);
list.add(keyHolder.getCertificate());
mail.setAttribute(mailAttribute, list);
// I start the message stripping.
try {
MimeMessage newmex = new MimeMessage(message);
Object obj = strippedMessage.getContent();
if (obj instanceof Multipart) {
log("The message is multipart, content type "+((Multipart)obj).getContentType());
newmex.setContent((Multipart)obj);
} else {
newmex.setContent(obj, strippedMessage.getContentType());
newmex.setDisposition(null);
}
newmex.saveChanges();
mail.setMessage(newmex);
} catch (IOException e) {
log("Error during the strip of the encrypted message");
throw new MessagingException("Error during the stripping of the encrypted message",e);
}
}
|
|
