Module org.shredzone.acme4j.smime
Package org.shredzone.acme4j.smime.email

Class EmailProcessor

java.lang.Object
org.shredzone.acme4j.smime.email.EmailProcessor
public final class EmailProcessor extends Object
A processor for incoming "Challenge" emails.
Since:
2.12
See Also:

  • Method Details

    • plainMessage

      public static EmailProcessor plainMessage(jakarta.mail.Message message) throws AcmeInvalidMessageException
      Processes the given plain e-mail message.

      Note that according to RFC-8823, the challenge message must be signed using either DKIM or S/MIME. This method does not do any DKIM or S/MIME validation, and assumes that this has already been done in a previous stage.

      Parameters:
      message - E-mail that was received from the CA. The inbound MTA has already taken care of DKIM and/or S/MIME validation.
      Returns:
      EmailProcessor for this e-mail
      Throws:
      AcmeInvalidMessageException - if a validation failed, and the message must be rejected.
      Since:
      2.15

    • signedMessage

      public static EmailProcessor signedMessage(jakarta.mail.Message message) throws AcmeInvalidMessageException
      Processes the given signed e-mail message.

      This method expects an S/MIME signed message. The signature must use a certificate that can be validated using Java's cacert truststore. Strict validation rules are applied.

      Use the builder() method if you need to configure the validation process.

      Parameters:
      message - S/MIME signed e-mail that was received from the CA.
      Returns:
      EmailProcessor for this e-mail
      Throws:
      AcmeInvalidMessageException - if a validation failed, and the message must be rejected.
      Since:
      2.16

    • builder

      public static EmailProcessor.Builder builder()
      Creates a EmailProcessor.Builder for building an EmailProcessor with individual configuration.
      Since:
      2.16

    • expectedFrom

      public EmailProcessor expectedFrom(jakarta.mail.internet.InternetAddress expectedSender)
      The expected sender of the "challenge" email.

      The sender is usually checked when the EmailReply00Challenge is passed into the processor, but you can also manually check the sender here.

      Parameters:
      expectedSender - The expected sender of the "challenge" email.
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the expected sender does not match

    • expectedTo

      public EmailProcessor expectedTo(jakarta.mail.internet.InternetAddress expectedRecipient)
      The expected recipient of the "challenge" email.

      This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.

      Parameters:
      expectedRecipient - The expected recipient of the "challenge" email.
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the expected recipient does not match

    • expectedIdentifier

      public EmailProcessor expectedIdentifier(Identifier expectedIdentifier)
      The expected identifier.

      This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.

      Parameters:
      expectedIdentifier - The expected identifier for the S/MIME certificate. Usually this is an EmailIdentifier instance.
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the expected identifier is not an email identifier, or does not match

    • getSender

      public jakarta.mail.internet.InternetAddress getSender()
      Returns the sender of the "challenge" email.

    • getRecipient

      public jakarta.mail.internet.InternetAddress getRecipient()
      Returns the recipient of the "challenge" email.

    • getReplyTo

      public Collection<jakarta.mail.internet.InternetAddress> getReplyTo()
      Returns all "reply-to" email addresses found in the "challenge" email.

      Empty if there was no reply-to header, but never null.

    • getMessageId

      public Optional<String> getMessageId()
      Returns the message-id of the "challenge" email.

      Empty if the challenge email has no message-id.

    • getToken1

      public String getToken1()
      Returns the "token 1" found in the subject of the "challenge" email.

    • withChallenge

      public EmailProcessor withChallenge(EmailReply00Challenge challenge)
      Sets the corresponding EmailReply00Challenge that was received from the CA for validation.
      Parameters:
      challenge - EmailReply00Challenge that corresponds to this email
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the challenge does not match this "challenge" email.

    • withChallenge

      public EmailProcessor withChallenge(Login login, URL challengeLocation)
      Sets the corresponding EmailReply00Challenge that was received from the CA for validation.

      This is a convenience call in case that only the challenge location URL is available.

      Parameters:
      login - A valid Login
      challengeLocation - The location URL of the corresponding challenge.
      Returns:
      itself
      Throws:
      AcmeProtocolException - if the challenge does not match this "challenge" email.

    • getToken

      public String getToken()
      Returns the full token of this challenge.

      The corresponding email-reply-00 challenge must be set before.

    • getAuthorization

      public String getAuthorization()
      Returns the key-authorization of this challenge. This is the response to be used in the response email.

      The corresponding email-reply-00 challenge must be set before.

    • respond

      public ResponseGenerator respond()
      Returns a ResponseGenerator for generating a response email.

      The corresponding email-reply-00 challenge must be set before.