Module org.shredzone.acme4j.smime
Package org.shredzone.acme4j.smime.email

Class EmailProcessor

java.lang.Object
org.shredzone.acme4j.smime.email.EmailProcessor
public final class EmailProcessor extends Object
A processor for incoming "Challenge" emails.
Since:
2.12
See Also:

  • Method Details

    • plainMessage

      public static EmailProcessor plainMessage(jakarta.mail.Message message) throws AcmeInvalidMessageException
      Processes the given e-mail message.

      Note that according to RFC-8823, the challenge message must be signed using either DKIM or S/MIME. This method does not do any DKIM or S/MIME validation, and assumes that this has already been done by the inbound MTA.

      Parameters:
      message - E-mail that was received from the CA. The inbound MTA has already taken care of DKIM and/or S/MIME validation.
      Returns:
      EmailProcessor for this e-mail
      Throws:
      AcmeInvalidMessageException - if a validation failed, and the message must be rejected.
      Since:
      2.15

    • smimeMessage

      public static EmailProcessor smimeMessage(jakarta.mail.Message message, jakarta.mail.Session mailSession, X509Certificate signCert, boolean strict) throws AcmeInvalidMessageException
      Performs an S/MIME validation and processes the given e-mail message.

      The owner of the given certificate must be the sender of that email.

      Parameters:
      message - E-mail that was received from the CA.
      mailSession - A Session that can be used for processing inner e-mails.
      signCert - The signing certificate of the sender.
      strict - If true, the S/MIME protected headers "From", "To", and "Subject" must match the headers of the received message. If false, only the S/MIME protected headers are used, and the headers of the received message are ignored.
      Returns:
      EmailProcessor for this e-mail
      Throws:
      AcmeInvalidMessageException - if a validation failed, and the message must be rejected.
      Since:
      2.15

    • expectedFrom

      public EmailProcessor expectedFrom(jakarta.mail.internet.InternetAddress expectedSender)
      The expected sender of the "challenge" email.

      The sender is usually checked when the EmailReply00Challenge is passed into the processor, but you can also manually check the sender here.

      Parameters:
      expectedSender - The expected sender of the "challenge" email.
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the expected sender does not match

    • expectedTo

      public EmailProcessor expectedTo(jakarta.mail.internet.InternetAddress expectedRecipient)
      The expected recipient of the "challenge" email.

      This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.

      Parameters:
      expectedRecipient - The expected recipient of the "challenge" email.
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the expected recipient does not match

    • expectedIdentifier

      public EmailProcessor expectedIdentifier(Identifier expectedIdentifier)
      The expected identifier.

      This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.

      Parameters:
      expectedIdentifier - The expected identifier for the S/MIME certificate. Usually this is an EmailIdentifier instance.
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the expected identifier is not an email identifier, or does not match

    • getSender

      public jakarta.mail.internet.InternetAddress getSender()
      Returns the sender of the "challenge" email.

    • getRecipient

      public jakarta.mail.internet.InternetAddress getRecipient()
      Returns the recipient of the "challenge" email.

    • getReplyTo

      public Collection<jakarta.mail.internet.InternetAddress> getReplyTo()
      Returns all "reply-to" email addresses found in the "challenge" email.

      Empty if there was no reply-to header, but never null.

    • getMessageId

      public Optional<String> getMessageId()
      Returns the message-id of the "challenge" email.

      Empty if the challenge email has no message-id.

    • getToken1

      public String getToken1()
      Returns the "token 1" found in the subject of the "challenge" email.

    • withChallenge

      public EmailProcessor withChallenge(EmailReply00Challenge challenge)
      Sets the corresponding EmailReply00Challenge that was received from the CA for validation.
      Parameters:
      challenge - EmailReply00Challenge that corresponds to this email
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the challenge does not match this "challenge" email.

    • withChallenge

      public EmailProcessor withChallenge(Login login, URL challengeLocation)
      Sets the corresponding EmailReply00Challenge that was received from the CA for validation.

      This is a convenience call in case that only the challenge location URL is available.

      Parameters:
      login - A valid Login
      challengeLocation - The location URL of the corresponding challenge.
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the challenge does not match this "challenge" email.

    • getToken

      public String getToken()
      Returns the full token of this challenge.

      The corresponding email-reply-00 challenge must be set before.

    • getAuthorization

      public String getAuthorization()
      Returns the key-authorization of this challenge. This is the response to be used in the response email.

      The corresponding email-reply-00 challenge must be set before.

    • respond

      public ResponseGenerator respond()
      Returns a ResponseGenerator for generating a response email.

      The corresponding email-reply-00 challenge must be set before.