Search in sources :

Example 11 with CacheException

use of org.apache.jcs.access.exception.CacheException in project nhin-d by DirectProject.

the class ConfigServiceRESTCertificateStore method lookupFromConfigStore.

private Collection<X509Certificate> lookupFromConfigStore(String subjectName) {
    String domain;
    Collection<org.nhindirect.config.model.Certificate> certificates;
    try {
        certificates = certService.getCertificatesByOwner(subjectName);
    } catch (Exception e) {
        throw new NHINDException("WebService error getting certificates by subject: " + e.getMessage(), e);
    }
    if (certificates == null || certificates.isEmpty()) {
        // try again with the domain name
        int index;
        if ((index = subjectName.indexOf("@")) > -1)
            domain = subjectName.substring(index + 1);
        else
            domain = subjectName;
        try {
            certificates = certService.getCertificatesByOwner(domain);
        } catch (Exception e) {
            throw new NHINDException("WebService error getting certificates by domain: " + e.getMessage(), e);
        }
    }
    if (certificates == null || certificates.isEmpty())
        return Collections.emptyList();
    Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
    for (org.nhindirect.config.model.Certificate cert : certificates) {
        X509Certificate storeCert = CertStoreUtils.certFromData(mgr, cert.getData());
        retVal.add(storeCert);
    }
    // add to JCS and cache
    try {
        if (cache != null)
            cache.put(subjectName, retVal);
    } catch (CacheException e) {
    /*
			 * TODO: handle exception
			 */
    }
    return retVal;
}
Also used : CacheException(org.apache.jcs.access.exception.CacheException) ArrayList(java.util.ArrayList) NHINDException(org.nhindirect.stagent.NHINDException) CacheException(org.apache.jcs.access.exception.CacheException) NHINDException(org.nhindirect.stagent.NHINDException) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate)

Example 12 with CacheException

use of org.apache.jcs.access.exception.CacheException in project nhin-d by DirectProject.

the class DNSCertificateStore method lookupDNS.

protected Collection<X509Certificate> lookupDNS(String name) {
    String domain;
    String lookupName = name.replace('@', '.');
    Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
    // get the domain of the address
    int index;
    if ((index = name.indexOf("@")) > -1)
        domain = name.substring(index + 1);
    else
        domain = name;
    try {
        // try the configured servers first
        Lookup lu = new Lookup(new Name(lookupName), Type.CERT);
        // default retries is 3, limite to 2
        lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
        lu.setSearchPath((String[]) null);
        Record[] retRecords = null;
        try {
            retRecords = lu.run();
        } catch (Exception e) {
            LOGGER.warn("Error using recusive DNS CERT lookup for name " + lookupName + "\r\nFalling back to looking up NS record for a targeted search", e);
        }
        if (retRecords == null || retRecords.length == 0) {
            Name tempDomain;
            // try to find the resource's name server records
            // the address may be an alias so check if there is a CNAME record
            lu = new Lookup(new Name(lookupName), Type.CNAME);
            lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
            lu.setSearchPath((String[]) null);
            retRecords = lu.run();
            if (retRecords != null && retRecords.length > 0) {
                CNAMERecord cnameRect = (CNAMERecord) retRecords[0];
                tempDomain = cnameRect.getTarget();
            } else
                // not a CNAME						
                tempDomain = new Name(domain);
            // look for a name server records
            while (tempDomain.labels() > 1) {
                lu = new Lookup(tempDomain, Type.NS);
                lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
                lu.setSearchPath((String[]) null);
                retRecords = lu.run();
                if (retRecords != null && retRecords.length > 0)
                    break;
                tempDomain = new Name(tempDomain.toString().substring((tempDomain.toString().indexOf(".") + 1)));
            }
            if (retRecords == null || retRecords.length == 0)
                // can't find a name server... bail
                return retVal;
            String[] remoteServers = new String[retRecords.length];
            for (int i = 0; i < remoteServers.length - 0; ++i) {
                remoteServers[i] = ((NSRecord) retRecords[i]).getTarget().toString();
            }
            // search the name servers for the cert
            lu = new Lookup(new Name(lookupName), Type.CERT);
            ExtendedResolver remoteResolver = createExResolver(remoteServers, 2, 3);
            if (remoteResolver.getResolvers().length > 0) {
                lu.setResolver(remoteResolver);
                lu.setSearchPath((String[]) null);
                // CLEAR THE CACHE!!!  We are seeing instances where an NXRRSET is cached because
                // a DNS provider is trying to handle a request that it should be delegating
                // The purpose of bypassing the DNS provider and going directly to the NS server
                // is to avoid issues like this
                /*
					 * Change of heart on clearing the DNS cache.  Covering up the NXRRSET hides potential issues
					 * with incorrect DNS configuration.  It is important that NXRRSET issues are discovered and corrected
					 * so all participants in the community participate in a consistent manner.
					 */
                //lu.setCache(new Cache(DClass.IN));
                retRecords = lu.run();
            } else {
                // null out NS records
                retRecords = null;
            }
        }
        if (retRecords != null) {
            retVal = new ArrayList<X509Certificate>();
            for (Record rec : retRecords) {
                if (rec instanceof CERTRecord) {
                    CERTRecord certRec = (CERTRecord) rec;
                    switch(certRec.getCertType()) {
                        case CERTRecord.PKIX:
                            {
                                Certificate certToAdd = convertPKIXRecordToCert(certRec);
                                if (// may not be an X509Cert
                                certToAdd != null && certToAdd instanceof X509Certificate)
                                    retVal.add((X509Certificate) certToAdd);
                                break;
                            }
                        case CERTRecord.URI:
                            {
                                Certificate certToAdd = convertIPKIXRecordToCert(certRec);
                                if (// may not be an X509Cert
                                certToAdd != null && certToAdd instanceof X509Certificate)
                                    retVal.add((X509Certificate) certToAdd);
                                break;
                            }
                        default:
                            {
                                LOGGER.warn("Unknown CERT type " + certRec.getCertType() + " encountered for lookup name" + lookupName);
                            }
                    }
                }
            }
        } else if (// if this is an email address, do the search again and the host level
        domain.length() < name.length())
            retVal = lookupDNS(domain);
    } catch (Exception e) {
        e.printStackTrace();
        throw new NHINDException("", e);
    }
    // add or update the local cert store
    if (retVal != null && retVal.size() > 0 && localStoreDelegate != null) {
        for (X509Certificate cert : retVal) {
            if (localStoreDelegate != null) {
                if (localStoreDelegate.contains(cert))
                    localStoreDelegate.update(cert);
                else
                    localStoreDelegate.add(cert);
            }
        }
        try {
            if (cache != null)
                cache.put(name, retVal);
        } catch (CacheException e) {
        /*
				 * TODO: handle exception
				 */
        }
    }
    return retVal;
}
Also used : ExtendedResolver(org.xbill.DNS.ExtendedResolver) CacheException(org.apache.jcs.access.exception.CacheException) ArrayList(java.util.ArrayList) NHINDException(org.nhindirect.stagent.NHINDException) X509Certificate(java.security.cert.X509Certificate) CacheException(org.apache.jcs.access.exception.CacheException) NHINDException(org.nhindirect.stagent.NHINDException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) Name(org.xbill.DNS.Name) CNAMERecord(org.xbill.DNS.CNAMERecord) CERTRecord(org.xbill.DNS.CERTRecord) Lookup(org.xbill.DNS.Lookup) CNAMERecord(org.xbill.DNS.CNAMERecord) CERTRecord(org.xbill.DNS.CERTRecord) NSRecord(org.xbill.DNS.NSRecord) Record(org.xbill.DNS.Record) NSRecord(org.xbill.DNS.NSRecord) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 13 with CacheException

use of org.apache.jcs.access.exception.CacheException in project nhin-d by DirectProject.

the class LDAPCertificateStore method applyCachePolicy.

private void applyCachePolicy(CertStoreCachePolicy policy) {
    if (getCache() != null) {
        try {
            ICompositeCacheAttributes attributes = cache.getCacheAttributes();
            attributes.setMaxObjects(policy.getMaxItems());
            attributes.setUseLateral(false);
            attributes.setUseRemote(false);
            cache.setCacheAttributes(attributes);
            IElementAttributes eattributes = cache.getDefaultElementAttributes();
            eattributes.setMaxLifeSeconds(policy.getSubjectTTL());
            eattributes.setIsEternal(false);
            eattributes.setIsLateral(false);
            eattributes.setIsRemote(false);
            cache.setDefaultElementAttributes(eattributes);
        } catch (CacheException e) {
        // TODO: Handle exception
        }
    }
}
Also used : CacheException(org.apache.jcs.access.exception.CacheException) ICompositeCacheAttributes(org.apache.jcs.engine.behavior.ICompositeCacheAttributes) IElementAttributes(org.apache.jcs.engine.behavior.IElementAttributes)

Aggregations

CacheException (org.apache.jcs.access.exception.CacheException)13 X509Certificate (java.security.cert.X509Certificate)7 ArrayList (java.util.ArrayList)5 ICompositeCacheAttributes (org.apache.jcs.engine.behavior.ICompositeCacheAttributes)5 IElementAttributes (org.apache.jcs.engine.behavior.IElementAttributes)5 NHINDException (org.nhindirect.stagent.NHINDException)5 JCS (org.apache.jcs.JCS)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 MalformedURLException (java.net.MalformedURLException)1 UnknownHostException (java.net.UnknownHostException)1 Certificate (java.security.cert.Certificate)1 Thumbprint (org.nhindirect.stagent.cert.Thumbprint)1 CERTRecord (org.xbill.DNS.CERTRecord)1 CNAMERecord (org.xbill.DNS.CNAMERecord)1 ExtendedResolver (org.xbill.DNS.ExtendedResolver)1 Lookup (org.xbill.DNS.Lookup)1 NSRecord (org.xbill.DNS.NSRecord)1 Name (org.xbill.DNS.Name)1 Record (org.xbill.DNS.Record)1