Software AG Products 10.7 | Integrating On-Premises and Cloud Applications | Managing MIME messages | Extracting Data from MIME and S/MIME Messages | Extracting the Payload from a Signed MIME Message | How to Extract the Payload from a Signed S/MIME Message
 
How to Extract the Payload from a Signed S/MIME Message
The following procedure describes the general steps you take to extract data from a signed S/MIME message.
1. If you do not know whether the message is signed, pass it to the pub.mime:createMimeData service. Afterwards, test the state of the signed output parameter. If its value is “true,” proceed to the next step 2. Otherwise, check whether the message is encrypted and process it as described in Extracting the Payload from an Encrypted MIME Message. If the message is neither signed nor encrypted, process it as an ordinary MIME message as described in Extracting the Payload from a MIME Message.
2. Pass the message to the pub.smime:processSignedData service to verify the signature. If the signer’s certificate chain is included in the signature, you do not need to give this service anything other than the InputStream containing the MIME message. If the signer’s certificate chain is not embedded in the signature, you must supply it (this assumes that the signer has given you a certificate chain at some point).
Keep in mind that if the message was passed to createMimeData before this step, the original InputStream will be empty. In this case, you must pass the stream output variable produced by createMimeData to the processSignedData service.
3. Test the verify flag and perform error processing as necessary. If the signature cannot be verified, verify will be false. Your service should contain logic to detect this condition and react in a prescribed way. For example, it might send the message to an administrator for a manual inspection or record the event in a log file.
Note:
Depending on the nature of the messages your service receives, you may want to test the encrypted output variable after processing a signature. This will tell you whether the message had been encrypted before it was signed. If encrypted is “true,” you will need to decrypt the message in stream. For procedures, see Extracting the Payload from an Encrypted MIME Message.
4. Extract the payload from the MIME object using the pub.mime:getBodyPartContent service. If the enclosed message is not encrypted, processSignedData returns a MIME object that contains the message’s constituent elements (header fields and content). At this point, you can use getBodyPartContent to retrieve the content from the MIME object. For information about using getBodyPartContent, see Extracting the Payload from a MIME Message.