Module org.shredzone.acme4j.smime
Package org.shredzone.acme4j.smime.email

Class EmailProcessor

    • Method Detail

      • plainMessage

        public static EmailProcessor plainMessage​(jakarta.mail.Message message)
                                   throws AcmeInvalidMessageException
        Processes the given plain e-mail message.

        Note that according to RFC-8823, the challenge message must be signed using either DKIM or S/MIME. This method does not do any DKIM or S/MIME validation, and assumes that this has already been done in a previous stage.

        Parameters:
        message - E-mail that was received from the CA. The inbound MTA has already taken care of DKIM and/or S/MIME validation.
        Returns:
        EmailProcessor for this e-mail
        Throws:
        AcmeInvalidMessageException - if a validation failed, and the message must be rejected.
        Since:
        2.15

      • signedMessage

        public static EmailProcessor signedMessage​(jakarta.mail.Message message)
                                    throws AcmeInvalidMessageException
        Processes the given signed e-mail message.

        This method expects an S/MIME signed message. The signature must use a certificate that can be validated using Java's cacert truststore. Strict validation rules are applied.

        Use the builder() method if you need to configure the validation process.

        Parameters:
        message - S/MIME signed e-mail that was received from the CA.
        Returns:
        EmailProcessor for this e-mail
        Throws:
        AcmeInvalidMessageException - if a validation failed, and the message must be rejected.
        Since:
        2.16

      • expectedFrom

        public EmailProcessor expectedFrom​(jakarta.mail.internet.InternetAddress expectedSender)
        The expected sender of the "challenge" email.

        The sender is usually checked when the EmailReply00Challenge is passed into the processor, but you can also manually check the sender here.

        Parameters:
        expectedSender - The expected sender of the "challenge" email.
        Returns:
        itself
        Throws:
        AcmeProtocolException - if the expected sender does not match

      • expectedTo

        public EmailProcessor expectedTo​(jakarta.mail.internet.InternetAddress expectedRecipient)
        The expected recipient of the "challenge" email.

        This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.

        Parameters:
        expectedRecipient - The expected recipient of the "challenge" email.
        Returns:
        itself
        Throws:
        AcmeProtocolException - if the expected recipient does not match

      • expectedIdentifier

        public EmailProcessor expectedIdentifier​(Identifier expectedIdentifier)
        The expected identifier.

        This must be the email address of the entity that requested the S/MIME certificate. The check is not performed by the processor, but should be performed by the client.

        Parameters:
        expectedIdentifier - The expected identifier for the S/MIME certificate. Usually this is an EmailIdentifier instance.
        Returns:
        itself
        Throws:
        AcmeProtocolException - if the expected identifier is not an email identifier, or does not match

      • getSender

        public jakarta.mail.internet.InternetAddress getSender()
        Returns the sender of the "challenge" email.

      • getRecipient

        public jakarta.mail.internet.InternetAddress getRecipient()
        Returns the recipient of the "challenge" email.

      • getReplyTo

        public Collection<jakarta.mail.internet.InternetAddress> getReplyTo()
        Returns all "reply-to" email addresses found in the "challenge" email.

        Empty if there was no reply-to header, but never null.

      • getMessageId

        public Optional<StringgetMessageId()
        Returns the message-id of the "challenge" email.

        Empty if the challenge email has no message-id.

      • getToken1

        public String getToken1()
        Returns the "token 1" found in the subject of the "challenge" email.

      • withChallenge

        public EmailProcessor withChallenge​(Login login,
                                    URL challengeLocation)
        Sets the corresponding EmailReply00Challenge that was received from the CA for validation.

        This is a convenience call in case that only the challenge location URL is available.

        Parameters:
        login - A valid Login
        challengeLocation - The location URL of the corresponding challenge.
        Returns:
        itself
        Throws:
        AcmeProtocolException - if the challenge does not match this "challenge" email.

      • getToken

        public String getToken()
        Returns the full token of this challenge.

        The corresponding email-reply-00 challenge must be set before.

      • getAuthorization

        public String getAuthorization()
        Returns the key-authorization of this challenge. This is the response to be used in the response email.

        The corresponding email-reply-00 challenge must be set before.