- java.lang.Object
-
- org.shredzone.acme4j.smime.email.EmailProcessor
-
public final class EmailProcessor extends Object
A processor for incoming "Challenge" emails.- Since:
- 2.12
- See Also:
- RFC 8823
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
EmailProcessor.Builder
A builder forEmailProcessor
.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static EmailProcessor.Builder
builder()
Creates aEmailProcessor.Builder
for building anEmailProcessor
with individual configuration.EmailProcessor
expectedFrom(jakarta.mail.internet.InternetAddress expectedSender)
The expected sender of the "challenge" email.EmailProcessor
expectedIdentifier(Identifier expectedIdentifier)
The expected identifier.EmailProcessor
expectedTo(jakarta.mail.internet.InternetAddress expectedRecipient)
The expected recipient of the "challenge" email.String
getAuthorization()
Returns the key-authorization of this challenge.Optional<String>
getMessageId()
Returns the message-id of the "challenge" email.jakarta.mail.internet.InternetAddress
getRecipient()
Returns the recipient of the "challenge" email.Collection<jakarta.mail.internet.InternetAddress>
getReplyTo()
Returns all "reply-to" email addresses found in the "challenge" email.jakarta.mail.internet.InternetAddress
getSender()
Returns the sender of the "challenge" email.String
getToken()
Returns the full token of this challenge.String
getToken1()
Returns the "token 1" found in the subject of the "challenge" email.static EmailProcessor
plainMessage(jakarta.mail.Message message)
Processes the given plain e-mail message.ResponseGenerator
respond()
Returns aResponseGenerator
for generating a response email.static EmailProcessor
signedMessage(jakarta.mail.Message message)
Processes the given signed e-mail message.EmailProcessor
withChallenge(Login login, URL challengeLocation)
Sets the correspondingEmailReply00Challenge
that was received from the CA for validation.EmailProcessor
withChallenge(EmailReply00Challenge challenge)
Sets the correspondingEmailReply00Challenge
that was received from the CA for validation.
-
-
-
Method Detail
-
plainMessage
public static EmailProcessor plainMessage(jakarta.mail.Message message) throws AcmeInvalidMessageException
Processes the given plain e-mail message.Note that according to RFC-8823, the challenge message must be signed using either DKIM or S/MIME. This method does not do any DKIM or S/MIME validation, and assumes that this has already been done in a previous stage.
- Parameters:
message
- E-mail that was received from the CA. The inbound MTA has already taken care of DKIM and/or S/MIME validation.- Returns:
- EmailProcessor for this e-mail
- Throws:
AcmeInvalidMessageException
- if a validation failed, and the message must be rejected.- Since:
- 2.15
-
signedMessage
public static EmailProcessor signedMessage(jakarta.mail.Message message) throws AcmeInvalidMessageException
Processes the given signed e-mail message.This method expects an S/MIME signed message. The signature must use a certificate that can be validated using Java's cacert truststore. Strict validation rules are applied.
Use the
builder()
method if you need to configure the validation process.- Parameters:
message
- S/MIME signed e-mail that was received from the CA.- Returns:
- EmailProcessor for this e-mail
- Throws:
AcmeInvalidMessageException
- if a validation failed, and the message must be rejected.- Since:
- 2.16
-
builder
public static EmailProcessor.Builder builder()
Creates aEmailProcessor.Builder
for building anEmailProcessor
with individual configuration.- Since:
- 2.16
-
expectedFrom
public EmailProcessor expectedFrom(jakarta.mail.internet.InternetAddress expectedSender)
The expected sender of the "challenge" email.The sender is usually checked when the
EmailReply00Challenge
is passed into the processor, but you can also manually check the sender here.- Parameters:
expectedSender
- The expected sender of the "challenge" email.- Returns:
- itself
- Throws:
AcmeProtocolException
- if the expected sender does not match
-
expectedTo
public EmailProcessor expectedTo(jakarta.mail.internet.InternetAddress expectedRecipient)
The expected recipient of the "challenge" email.This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.
- Parameters:
expectedRecipient
- The expected recipient of the "challenge" email.- Returns:
- itself
- Throws:
AcmeProtocolException
- if the expected recipient does not match
-
expectedIdentifier
public EmailProcessor expectedIdentifier(Identifier expectedIdentifier)
The expected identifier.This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.
- Parameters:
expectedIdentifier
- The expected identifier for the S/MIME certificate. Usually this is anEmailIdentifier
instance.- Returns:
- itself
- Throws:
AcmeProtocolException
- if the expected identifier is not an email identifier, or does not match
-
getSender
public jakarta.mail.internet.InternetAddress getSender()
Returns the sender of the "challenge" email.
-
getRecipient
public jakarta.mail.internet.InternetAddress getRecipient()
Returns the recipient of the "challenge" email.
-
getReplyTo
public Collection<jakarta.mail.internet.InternetAddress> getReplyTo()
Returns all "reply-to" email addresses found in the "challenge" email.Empty if there was no reply-to header, but never
null
.
-
getMessageId
public Optional<String> getMessageId()
Returns the message-id of the "challenge" email.Empty if the challenge email has no message-id.
-
getToken1
public String getToken1()
Returns the "token 1" found in the subject of the "challenge" email.
-
withChallenge
public EmailProcessor withChallenge(EmailReply00Challenge challenge)
Sets the correspondingEmailReply00Challenge
that was received from the CA for validation.- Parameters:
challenge
-EmailReply00Challenge
that corresponds to this email- Returns:
- itself
- Throws:
AcmeProtocolException
- if the challenge does not match this "challenge" email.
-
withChallenge
public EmailProcessor withChallenge(Login login, URL challengeLocation)
Sets the correspondingEmailReply00Challenge
that was received from the CA for validation.This is a convenience call in case that only the challenge location URL is available.
- Parameters:
login
- A validLogin
challengeLocation
- The location URL of the corresponding challenge.- Returns:
- itself
- Throws:
AcmeProtocolException
- if the challenge does not match this "challenge" email.
-
getToken
public String getToken()
Returns the full token of this challenge.The corresponding email-reply-00 challenge must be set before.
-
getAuthorization
public String getAuthorization()
Returns the key-authorization of this challenge. This is the response to be used in the response email.The corresponding email-reply-00 challenge must be set before.
-
respond
public ResponseGenerator respond()
Returns aResponseGenerator
for generating a response email.The corresponding email-reply-00 challenge must be set before.
-
-