james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcello Marangio" <m.maran...@tno.it>
Subject R: Is James Thread Safe?
Date Mon, 07 Jun 2004 08:25:50 GMT


> Noel J. Bergman wrote:
>
>
> > I am developing a certified mail server with james.
>
> What is a "certified mail server" in this context?


Ok I'll try to explain.
There is a formal document made by the italian authority for government
innovation about certified SMTP servers.

The mailet I am writing does the following things.

upon sending a message:
- performs formal checks
- builds a special mime message, with special headers, attaching the
original message and a particular xml file
- securizes the message, building an SMIME (here reads security info from
the HSM via PKCS11)
- sends the SMIME
- gives back an "acceptance receipt" to the sender

upon receiving a message:
- performs formal checks
- performs security checks on the SMIME message.
- if the security check fails sends an "anomaly message" to the addressee
- if the security check doesn't fail, forwads the SMIME message to the
addressee
- sends a receipt to the sender's SMTP server.

upon delivering a message to the addressee
- performs formal checks
- if some check fails, sends a "error receipt" to the sender
- if no check fails, deviler the SMIME to the addressee and sends a "deliver
receipt" to the sender.

This is more or less what it does at the moment, omitting (a lot of)
details.


>
> > The mailet reads the security information (i.e. X509 signing
> certificates)
> > from a java keystore. I want to use a standard PKCS11 interface
> to get the
> > certificates from an HSM we are about to buy, but at the moment I am
> testing
> > the pkcs11 interface with a smart card reader.
> > I am using IAIK to handle the security infos.
>
> You may not be aware of it, but there is James code for signing
> messages and
> checking signatures.  Vincenzo wrote the code last year, and should be
> merging it into CVS soon.

Yes I am aware of it. We made our security routines more or less at the same
time.
I couldn't use Vincenzo's code because we choose to use IAIK for all the
security tasks.
Anyway, the hard part of the mailet is not the SMIME composing, but all the
receipts thing accordingly to the official docs.

>
> > Do I have to worry about synchronizing accesses from multiple threads to
> the
> > security device?
>
> That depends upon your code.  As far as I know, James is thread
> safe.  Does
> that mean your code is, or the libraries upon which you depend?  We can't
> answer that question.

Ok, so james is thread safe.
Let's say that a mailet opens a file, appends stuff to it and closes it into
the service method.
Should it use synchronization? Or is it up to the I/O libraries?
Extending the example to a whatever SO resource, what happens? Again, is it
up to the libraries used to access the resource?

Maybe it is a java question... am I OT?

Thanks for your answer
Marcello


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org


Mime
View raw message