Example 1 with Anchor
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class NHINDSecurityAndTrustMailet_initialization_Test method testValidMailetConfiguration_AssertProperWSInitialization.
public void testValidMailetConfiguration_AssertProperWSInitialization() throws Exception {
new TestPlan() {
private ConfigurationServiceProxy proxy;
@Override
protected MailetConfig getMailetConfig() throws Exception {
ConfigServiceRunner.startConfigService();
cleanConfig();
addDomains();
addTrustAnchors();
Map<String, String> params = new HashMap<String, String>();
params.put("ConfigURL", ConfigServiceRunner.getConfigServiceURL());
return new MockMailetConfig(params, "NHINDSecurityAndTrustMailet");
}
protected void addDomains() throws Exception {
Domain dom = new Domain();
dom.setDomainName("cerner.com");
dom.setPostMasterEmail("postmaster@cerner.com");
proxy.addDomain(dom);
dom = new Domain();
dom.setDomainName("securehealthemail.com");
dom.setPostMasterEmail("postmaster@securehealthemail.com");
proxy.addDomain(dom);
}
protected void addTrustAnchors() throws Exception {
Vector<Anchor> vec = new Vector<Anchor>();
Anchor anchor = new Anchor();
anchor.setData(getCertificateFileData("cacert.der"));
anchor.setOwner("cerner.com");
anchor.setIncoming(true);
anchor.setOutgoing(true);
vec.add(anchor);
anchor = new Anchor();
anchor.setData(getCertificateFileData("cacert.der"));
anchor.setOwner("securehealthemail.com");
anchor.setIncoming(true);
anchor.setOutgoing(true);
vec.add(anchor);
proxy.addAnchor(vec.toArray(new Anchor[vec.size()]));
}
protected void cleanConfig() throws Exception {
proxy = new ConfigurationServiceProxy(ConfigServiceRunner.getConfigServiceURL());
// clean domains
int domainCount = proxy.getDomainCount();
Domain[] doms = proxy.listDomains(null, domainCount);
if (doms != null)
for (Domain dom : doms) {
// clean anchors
proxy.removeAnchorsForOwner(dom.getDomainName());
proxy.removeDomain(dom.getDomainName());
}
// clean certificates
Certificate[] certs = proxy.listCertificates(0, 0x8FFFF, null);
if (certs != null)
for (Certificate cert : certs) proxy.removeCertificatesForOwner(cert.getOwner());
// clean settings
Setting[] settings = proxy.getAllSettings();
if (settings != null)
for (Setting setting : settings) proxy.deleteSetting(new String[] { setting.getName() });
}
@Override
protected void doAssertions(NHINDSecurityAndTrustMailet agent) throws Exception {
assertNotNull(agent);
assertNotNull(agent.getInitParameter("ConfigURL"));
assertEquals(ConfigServiceRunner.getConfigServiceURL(), agent.getInitParameter("ConfigURL"));
}
}.perform();
}
Also used :
BaseTestPlan(org.nhindirect.gateway.testutils.BaseTestPlan)
Setting(org.nhind.config.Setting)
MailetConfig(org.apache.mailet.MailetConfig)
MessagingException(javax.mail.MessagingException)
Anchor(org.nhind.config.Anchor)
Domain(org.nhind.config.Domain)
HashMap(java.util.HashMap)
Map(java.util.Map)
Vector(java.util.Vector)
ConfigurationServiceProxy(org.nhind.config.ConfigurationServiceProxy)
Certificate(org.nhind.config.Certificate)
Example 2 with Anchor
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method buildTrustAnchorResolver.
public void buildTrustAnchorResolver() {
Provider<TrustAnchorResolver> provider = null;
Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
/*
* first determine how anchors are stored... possibilities are LDAP, keystore, and WS
*
*/
Setting setting = null;
String storeType;
String resolverType;
try {
setting = cfService.getSettingByName("AnchorStoreType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
}
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
// default to WS
storeType = STORE_TYPE_WS;
else
storeType = setting.getValue();
// if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
if (!storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
} else {
// trust bundles are shared objects across domains, so just pull the entire bundle list and associate
// the anchors in the bundles to the appropriate domains as we go... this will not always be the most efficient
// algorithm, but it most cases it will be when there are several domains configured (in which case this
// loading algorithm will be much more efficient)
final Map<String, TrustBundle> bundleMap = new HashMap<String, TrustBundle>();
try {
final TrustBundle[] bundles = cfService.getTrustBundles(true);
// put the bundles in a Map by name
if (bundles != null)
for (TrustBundle bundle : bundles) bundleMap.put(bundle.getBundleName(), bundle);
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e.getMessage(), e);
}
// hit up the web service for each domains anchor
for (Domain domain : lookedupWSDomains) {
try {
final Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
final Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
// get the anchors for the domain
final Anchor[] anchors = cfService.getAnchorsForOwner(domain.getDomainName(), null);
if (anchors != null) {
for (Anchor anchor : anchors) {
final X509Certificate anchorToAdd = certFromData(anchor.getData());
if (anchor.isIncoming())
incomingAnchorsToAdd.add(anchorToAdd);
if (anchor.isOutgoing())
outgoingAnchorsToAdd.add(anchorToAdd);
}
}
// check to see if there is a bundle associated to this domain
final TrustBundleDomainReltn[] domainAssocs = cfService.getTrustBundlesByDomain(domain.getId(), false);
if (domainAssocs != null) {
for (TrustBundleDomainReltn domainAssoc : domainAssocs) {
final TrustBundle bundle = bundleMap.get(domainAssoc.getTrustBundle().getBundleName());
if (bundle != null && bundle.getTrustBundleAnchors() != null) {
for (TrustBundleAnchor anchor : bundle.getTrustBundleAnchors()) {
final X509Certificate anchorToAdd = certFromData(anchor.getData());
if (domainAssoc.isIncoming())
incomingAnchorsToAdd.add(anchorToAdd);
if (domainAssoc.isOutgoing())
outgoingAnchorsToAdd.add(anchorToAdd);
}
}
}
}
incomingAnchors.put(domain.getDomainName(), incomingAnchorsToAdd);
outgoingAnchors.put(domain.getDomainName(), outgoingAnchorsToAdd);
} catch (SmtpAgentException e) {
// rethrow
throw e;
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
}
}
}
try {
setting = cfService.getSettingByName("AnchorResolverType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
}
if (incomingAnchors.size() == 0 && outgoingAnchors.size() == 0)
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty()) {
// multi domain should be the default... uniform really only makes sense for dev purposes
resolverType = ANCHOR_RES_TYPE_MULTIDOMAIN;
} else
resolverType = setting.getValue();
if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
// the same... just get the first collection in the incoming map
if (incomingAnchors.size() > 0)
provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
else
provider = new UniformTrustAnchorResolverProvider(outgoingAnchors.values().iterator().next());
} else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
} else {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
}
certAnchorModule = TrustAnchorModule.create(provider);
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
HashMap(java.util.HashMap)
Setting(org.nhind.config.Setting)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
TrustBundleDomainReltn(org.nhind.config.TrustBundleDomainReltn)
TrustBundleAnchor(org.nhind.config.TrustBundleAnchor)
Anchor(org.nhind.config.Anchor)
TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver)
UniformTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider)
Collection(java.util.Collection)
TrustBundle(org.nhind.config.TrustBundle)
Domain(org.nhind.config.Domain)
MultiDomainTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)
TrustBundleAnchor(org.nhind.config.TrustBundleAnchor)
Example 3 with Anchor
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class AddDomainCAAndPrivCert method main.
public static void main(String[] args) {
final String configServiceUrl = args[0];
final String domainName = args[1];
final String caCommonName = args[2];
final String certCommonName = args[3];
try {
final ConfigurationServiceProxy cfService = new ConfigurationServiceProxy(configServiceUrl);
final Domain domain = new Domain();
domain.setDomainName(domainName);
domain.setPostMasterEmail("postmaster@" + domainName);
domain.setStatus(EntityStatus.ENABLED);
cfService.addDomain(domain);
// now add the anchor and cert
final File caFile = AbstractCertCreator.createNewFileName(caCommonName, false);
final Anchor anchor = new Anchor();
anchor.setData(FileUtils.readFileToByteArray(caFile));
anchor.setOwner(domainName);
anchor.setIncoming(true);
anchor.setOutgoing(true);
anchor.setStatus(EntityStatus.ENABLED);
cfService.addAnchor(new Anchor[] { anchor });
final File certFile = AbstractCertCreator.createNewFileName(certCommonName, false);
final String certFileName = certFile.getName();
int idx = certFileName.lastIndexOf(".der");
final String p12FileName = certFileName.substring(0, idx) + ".p12";
final Certificate cert = new Certificate();
cert.setData(FileUtils.readFileToByteArray(new File(p12FileName)));
cert.setStatus(EntityStatus.ENABLED);
cfService.addCertificates(new Certificate[] { cert });
} catch (Exception e) {
e.printStackTrace();
}
}
Also used :
Anchor(org.nhind.config.Anchor)
Domain(org.nhind.config.Domain)
File(java.io.File)
ConfigurationServiceProxy(org.nhind.config.ConfigurationServiceProxy)
Certificate(org.nhind.config.Certificate)
Example 4 with Anchor
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class AnchorCommands method exportAnchor.
@Command(name = "ExportAnchor", usage = EXPORT_ANCHOR_USAGE)
public void exportAnchor(String[] args) {
final String id = StringArrayUtil.getRequiredValue(args, 0);
try {
// make sure the anchor exists
long[] ids = new long[] { Long.parseLong(id) };
final Anchor[] anchors = proxy.getAnchors(ids, null);
if (anchors == null || anchors.length == 0) {
System.out.println("Anchor does not exists.");
return;
} else {
for (Anchor anchor : anchors) {
final X509Certificate cert = CertUtils.toX509Certificate(anchor.getData());
final String certFileHold = CryptoExtensions.getSubjectAddress(cert) + ".der";
File certFile = new File(certFileHold);
if (certFile.exists())
certFile.delete();
System.out.println("Writing anchor file: " + certFile.getAbsolutePath());
try {
FileUtils.writeByteArrayToFile(certFile, cert.getEncoded());
} catch (Exception e) {
System.err.println("Failed to write anchor to file: " + e.getMessage());
}
}
}
} catch (Exception e) {
System.err.println("Error exporting anchor: " + e.getMessage());
}
}
Also used :
Anchor(org.nhind.config.Anchor)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
Command(org.nhindirect.dns.tools.utils.Command)
Example 5 with Anchor
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class AnchorCommands method importAnchor.
@Command(name = "ImportAnchor", usage = IMPORT_ANCHOR_USAGE)
public void importAnchor(String[] args) {
final String fileLoc = StringArrayUtil.getRequiredValue(args, 0);
final String domainId = StringArrayUtil.getRequiredValue(args, 1);
final boolean incoming = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 2));
final boolean outgoing = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 3));
try {
// makes sure the domain exists
final Domain exDomain = proxy.getDomain(Long.parseLong(domainId));
if (exDomain == null) {
System.out.println("The domain with the id " + domainId + " does not exists in the system");
return;
}
byte[] certBytes = FileUtils.readFileToByteArray(new File(fileLoc));
if (certBytes != null) {
Anchor anchor = new Anchor();
anchor.setData(certBytes);
anchor.setIncoming(incoming);
anchor.setOutgoing(outgoing);
anchor.setOwner(exDomain.getDomainName());
proxy.addAnchor(new Anchor[] { anchor });
System.out.println("Successfully imported trust anchor.");
}
} catch (IOException e) {
System.out.println("Error reading file " + fileLoc + " : " + e.getMessage());
} catch (Exception e) {
System.out.println("Error importing trust anchor " + fileLoc + " : " + e.getMessage());
}
}
Also used :
Anchor(org.nhind.config.Anchor)
IOException(java.io.IOException)
Domain(org.nhind.config.Domain)
File(java.io.File)
IOException(java.io.IOException)
Command(org.nhindirect.dns.tools.utils.Command)
Aggregations
Anchor (org.nhind.config.Anchor)5
Domain (org.nhind.config.Domain)4
File (java.io.File)3
IOException (java.io.IOException)3
X509Certificate (java.security.cert.X509Certificate)2
HashMap (java.util.HashMap)2
Certificate (org.nhind.config.Certificate)2
ConfigurationServiceProxy (org.nhind.config.ConfigurationServiceProxy)2
Setting (org.nhind.config.Setting)2
Command (org.nhindirect.dns.tools.utils.Command)2
CertificateException (java.security.cert.CertificateException)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
Map (java.util.Map)1
Vector (java.util.Vector)1
MessagingException (javax.mail.MessagingException)1
AddressException (javax.mail.internet.AddressException)1
MailetConfig (org.apache.mailet.MailetConfig)1
TrustBundle (org.nhind.config.TrustBundle)1
TrustBundleAnchor (org.nhind.config.TrustBundleAnchor)1
