- Since:
- 2.12
- See Also:
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic EmailProcessor.Builder
builder()
Creates aEmailProcessor.Builder
for building anEmailProcessor
with individual configuration.expectedFrom
(jakarta.mail.internet.InternetAddress expectedSender) The expected sender of the "challenge" email.expectedIdentifier
(Identifier expectedIdentifier) The expected identifier.expectedTo
(jakarta.mail.internet.InternetAddress expectedRecipient) The expected recipient of the "challenge" email.Returns the key-authorization of this challenge.Returns the message-id of the "challenge" email.jakarta.mail.internet.InternetAddress
Returns the recipient of the "challenge" email.Collection<jakarta.mail.internet.InternetAddress>
Returns all "reply-to" email addresses found in the "challenge" email.jakarta.mail.internet.InternetAddress
Returns the sender of the "challenge" email.getToken()
Returns the full token of this challenge.Returns the "token 1" found in the subject of the "challenge" email.static EmailProcessor
plainMessage
(jakarta.mail.Message message) Processes the given plain e-mail message.respond()
Returns aResponseGenerator
for generating a response email.static EmailProcessor
signedMessage
(jakarta.mail.Message message) Processes the given signed e-mail message.withChallenge
(Login login, URL challengeLocation) Sets the correspondingEmailReply00Challenge
that was received from the CA for validation.withChallenge
(EmailReply00Challenge challenge) Sets the correspondingEmailReply00Challenge
that was received from the CA for validation.
-
Method Details
-
plainMessage
public static EmailProcessor plainMessage(jakarta.mail.Message message) throws AcmeInvalidMessageException Processes the given plain e-mail message.Note that according to RFC-8823, the challenge message must be signed using either DKIM or S/MIME. This method does not do any DKIM or S/MIME validation, and assumes that this has already been done in a previous stage.
- Parameters:
message
- E-mail that was received from the CA. The inbound MTA has already taken care of DKIM and/or S/MIME validation.- Returns:
- EmailProcessor for this e-mail
- Throws:
AcmeInvalidMessageException
- if a validation failed, and the message must be rejected.- Since:
- 2.15
-
signedMessage
public static EmailProcessor signedMessage(jakarta.mail.Message message) throws AcmeInvalidMessageException Processes the given signed e-mail message.This method expects an S/MIME signed message. The signature must use a certificate that can be validated using Java's cacert truststore. Strict validation rules are applied.
Use the
builder()
method if you need to configure the validation process.- Parameters:
message
- S/MIME signed e-mail that was received from the CA.- Returns:
- EmailProcessor for this e-mail
- Throws:
AcmeInvalidMessageException
- if a validation failed, and the message must be rejected.- Since:
- 2.16
-
builder
Creates aEmailProcessor.Builder
for building anEmailProcessor
with individual configuration.- Since:
- 2.16
-
expectedFrom
The expected sender of the "challenge" email.The sender is usually checked when the
EmailReply00Challenge
is passed into the processor, but you can also manually check the sender here.- Parameters:
expectedSender
- The expected sender of the "challenge" email.- Returns:
- itself
- Throws:
AcmeProtocolException
- if the expected sender does not match
-
expectedTo
The expected recipient of the "challenge" email.This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.
- Parameters:
expectedRecipient
- The expected recipient of the "challenge" email.- Returns:
- itself
- Throws:
AcmeProtocolException
- if the expected recipient does not match
-
expectedIdentifier
The expected identifier.This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.
- Parameters:
expectedIdentifier
- The expected identifier for the S/MIME certificate. Usually this is anEmailIdentifier
instance.- Returns:
- itself
- Throws:
AcmeProtocolException
- if the expected identifier is not an email identifier, or does not match
-
getSender
Returns the sender of the "challenge" email. -
getRecipient
Returns the recipient of the "challenge" email. -
getReplyTo
Returns all "reply-to" email addresses found in the "challenge" email.Empty if there was no reply-to header, but never
null
. -
getMessageId
Returns the message-id of the "challenge" email.Empty if the challenge email has no message-id.
-
getToken1
Returns the "token 1" found in the subject of the "challenge" email. -
withChallenge
Sets the correspondingEmailReply00Challenge
that was received from the CA for validation.- Parameters:
challenge
-EmailReply00Challenge
that corresponds to this email- Returns:
- itself
- Throws:
AcmeProtocolException
- if the challenge does not match this "challenge" email.
-
withChallenge
Sets the correspondingEmailReply00Challenge
that was received from the CA for validation.This is a convenience call in case that only the challenge location URL is available.
- Parameters:
login
- A validLogin
challengeLocation
- The location URL of the corresponding challenge.- Returns:
- itself
- Throws:
AcmeProtocolException
- if the challenge does not match this "challenge" email.
-
getToken
Returns the full token of this challenge.The corresponding email-reply-00 challenge must be set before.
-
getAuthorization
Returns the key-authorization of this challenge. This is the response to be used in the response email.The corresponding email-reply-00 challenge must be set before.
-
respond
Returns aResponseGenerator
for generating a response email.The corresponding email-reply-00 challenge must be set before.
-