Example 11 with CacheException
use of org.apache.jcs.access.exception.CacheException in project nhin-d by DirectProject.
the class ConfigServiceRESTCertificateStore method lookupFromConfigStore.
private Collection<X509Certificate> lookupFromConfigStore(String subjectName) {
String domain;
Collection<org.nhindirect.config.model.Certificate> certificates;
try {
certificates = certService.getCertificatesByOwner(subjectName);
} catch (Exception e) {
throw new NHINDException("WebService error getting certificates by subject: " + e.getMessage(), e);
}
if (certificates == null || certificates.isEmpty()) {
// try again with the domain name
int index;
if ((index = subjectName.indexOf("@")) > -1)
domain = subjectName.substring(index + 1);
else
domain = subjectName;
try {
certificates = certService.getCertificatesByOwner(domain);
} catch (Exception e) {
throw new NHINDException("WebService error getting certificates by domain: " + e.getMessage(), e);
}
}
if (certificates == null || certificates.isEmpty())
return Collections.emptyList();
Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
for (org.nhindirect.config.model.Certificate cert : certificates) {
X509Certificate storeCert = CertStoreUtils.certFromData(mgr, cert.getData());
retVal.add(storeCert);
}
// add to JCS and cache
try {
if (cache != null)
cache.put(subjectName, retVal);
} catch (CacheException e) {
/*
* TODO: handle exception
*/
}
return retVal;
}
Also used :
CacheException(org.apache.jcs.access.exception.CacheException)
ArrayList(java.util.ArrayList)
NHINDException(org.nhindirect.stagent.NHINDException)
CacheException(org.apache.jcs.access.exception.CacheException)
NHINDException(org.nhindirect.stagent.NHINDException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Example 12 with CacheException
use of org.apache.jcs.access.exception.CacheException in project nhin-d by DirectProject.
the class DNSCertificateStore method lookupDNS.
protected Collection<X509Certificate> lookupDNS(String name) {
String domain;
String lookupName = name.replace('@', '.');
Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
// get the domain of the address
int index;
if ((index = name.indexOf("@")) > -1)
domain = name.substring(index + 1);
else
domain = name;
try {
// try the configured servers first
Lookup lu = new Lookup(new Name(lookupName), Type.CERT);
// default retries is 3, limite to 2
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
Record[] retRecords = null;
try {
retRecords = lu.run();
} catch (Exception e) {
LOGGER.warn("Error using recusive DNS CERT lookup for name " + lookupName + "\r\nFalling back to looking up NS record for a targeted search", e);
}
if (retRecords == null || retRecords.length == 0) {
Name tempDomain;
// try to find the resource's name server records
// the address may be an alias so check if there is a CNAME record
lu = new Lookup(new Name(lookupName), Type.CNAME);
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
retRecords = lu.run();
if (retRecords != null && retRecords.length > 0) {
CNAMERecord cnameRect = (CNAMERecord) retRecords[0];
tempDomain = cnameRect.getTarget();
} else
// not a CNAME
tempDomain = new Name(domain);
// look for a name server records
while (tempDomain.labels() > 1) {
lu = new Lookup(tempDomain, Type.NS);
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
retRecords = lu.run();
if (retRecords != null && retRecords.length > 0)
break;
tempDomain = new Name(tempDomain.toString().substring((tempDomain.toString().indexOf(".") + 1)));
}
if (retRecords == null || retRecords.length == 0)
// can't find a name server... bail
return retVal;
String[] remoteServers = new String[retRecords.length];
for (int i = 0; i < remoteServers.length - 0; ++i) {
remoteServers[i] = ((NSRecord) retRecords[i]).getTarget().toString();
}
// search the name servers for the cert
lu = new Lookup(new Name(lookupName), Type.CERT);
ExtendedResolver remoteResolver = createExResolver(remoteServers, 2, 3);
if (remoteResolver.getResolvers().length > 0) {
lu.setResolver(remoteResolver);
lu.setSearchPath((String[]) null);
// CLEAR THE CACHE!!! We are seeing instances where an NXRRSET is cached because
// a DNS provider is trying to handle a request that it should be delegating
// The purpose of bypassing the DNS provider and going directly to the NS server
// is to avoid issues like this
/*
* Change of heart on clearing the DNS cache. Covering up the NXRRSET hides potential issues
* with incorrect DNS configuration. It is important that NXRRSET issues are discovered and corrected
* so all participants in the community participate in a consistent manner.
*/
//lu.setCache(new Cache(DClass.IN));
retRecords = lu.run();
} else {
// null out NS records
retRecords = null;
}
}
if (retRecords != null) {
retVal = new ArrayList<X509Certificate>();
for (Record rec : retRecords) {
if (rec instanceof CERTRecord) {
CERTRecord certRec = (CERTRecord) rec;
switch(certRec.getCertType()) {
case CERTRecord.PKIX:
{
Certificate certToAdd = convertPKIXRecordToCert(certRec);
if (// may not be an X509Cert
certToAdd != null && certToAdd instanceof X509Certificate)
retVal.add((X509Certificate) certToAdd);
break;
}
case CERTRecord.URI:
{
Certificate certToAdd = convertIPKIXRecordToCert(certRec);
if (// may not be an X509Cert
certToAdd != null && certToAdd instanceof X509Certificate)
retVal.add((X509Certificate) certToAdd);
break;
}
default:
{
LOGGER.warn("Unknown CERT type " + certRec.getCertType() + " encountered for lookup name" + lookupName);
}
}
}
}
} else if (// if this is an email address, do the search again and the host level
domain.length() < name.length())
retVal = lookupDNS(domain);
} catch (Exception e) {
e.printStackTrace();
throw new NHINDException("", e);
}
// add or update the local cert store
if (retVal != null && retVal.size() > 0 && localStoreDelegate != null) {
for (X509Certificate cert : retVal) {
if (localStoreDelegate != null) {
if (localStoreDelegate.contains(cert))
localStoreDelegate.update(cert);
else
localStoreDelegate.add(cert);
}
}
try {
if (cache != null)
cache.put(name, retVal);
} catch (CacheException e) {
/*
* TODO: handle exception
*/
}
}
return retVal;
}
Also used :
ExtendedResolver(org.xbill.DNS.ExtendedResolver)
CacheException(org.apache.jcs.access.exception.CacheException)
ArrayList(java.util.ArrayList)
NHINDException(org.nhindirect.stagent.NHINDException)
X509Certificate(java.security.cert.X509Certificate)
CacheException(org.apache.jcs.access.exception.CacheException)
NHINDException(org.nhindirect.stagent.NHINDException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
UnknownHostException(java.net.UnknownHostException)
Name(org.xbill.DNS.Name)
CNAMERecord(org.xbill.DNS.CNAMERecord)
CERTRecord(org.xbill.DNS.CERTRecord)
Lookup(org.xbill.DNS.Lookup)
CNAMERecord(org.xbill.DNS.CNAMERecord)
CERTRecord(org.xbill.DNS.CERTRecord)
NSRecord(org.xbill.DNS.NSRecord)
Record(org.xbill.DNS.Record)
NSRecord(org.xbill.DNS.NSRecord)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 13 with CacheException
use of org.apache.jcs.access.exception.CacheException in project nhin-d by DirectProject.
the class LDAPCertificateStore method applyCachePolicy.
private void applyCachePolicy(CertStoreCachePolicy policy) {
if (getCache() != null) {
try {
ICompositeCacheAttributes attributes = cache.getCacheAttributes();
attributes.setMaxObjects(policy.getMaxItems());
attributes.setUseLateral(false);
attributes.setUseRemote(false);
cache.setCacheAttributes(attributes);
IElementAttributes eattributes = cache.getDefaultElementAttributes();
eattributes.setMaxLifeSeconds(policy.getSubjectTTL());
eattributes.setIsEternal(false);
eattributes.setIsLateral(false);
eattributes.setIsRemote(false);
cache.setDefaultElementAttributes(eattributes);
} catch (CacheException e) {
// TODO: Handle exception
}
}
}
Also used :
CacheException(org.apache.jcs.access.exception.CacheException)
ICompositeCacheAttributes(org.apache.jcs.engine.behavior.ICompositeCacheAttributes)
IElementAttributes(org.apache.jcs.engine.behavior.IElementAttributes)
Aggregations
CacheException (org.apache.jcs.access.exception.CacheException)13
X509Certificate (java.security.cert.X509Certificate)7
ArrayList (java.util.ArrayList)5
ICompositeCacheAttributes (org.apache.jcs.engine.behavior.ICompositeCacheAttributes)5
IElementAttributes (org.apache.jcs.engine.behavior.IElementAttributes)5
NHINDException (org.nhindirect.stagent.NHINDException)5
JCS (org.apache.jcs.JCS)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
MalformedURLException (java.net.MalformedURLException)1
UnknownHostException (java.net.UnknownHostException)1
Certificate (java.security.cert.Certificate)1
Thumbprint (org.nhindirect.stagent.cert.Thumbprint)1
CERTRecord (org.xbill.DNS.CERTRecord)1
CNAMERecord (org.xbill.DNS.CNAMERecord)1
ExtendedResolver (org.xbill.DNS.ExtendedResolver)1
Lookup (org.xbill.DNS.Lookup)1
NSRecord (org.xbill.DNS.NSRecord)1
Name (org.xbill.DNS.Name)1
Record (org.xbill.DNS.Record)1
