use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class NHINDSecurityAndTrustMailet_initialization_Test method testValidMailetConfiguration_AssertProperWSInitialization.
public void testValidMailetConfiguration_AssertProperWSInitialization() throws Exception {
new TestPlan() {
private ConfigurationServiceProxy proxy;
@Override
protected MailetConfig getMailetConfig() throws Exception {
ConfigServiceRunner.startConfigService();
cleanConfig();
addDomains();
addTrustAnchors();
Map<String, String> params = new HashMap<String, String>();
params.put("ConfigURL", ConfigServiceRunner.getConfigServiceURL());
return new MockMailetConfig(params, "NHINDSecurityAndTrustMailet");
}
protected void addDomains() throws Exception {
Domain dom = new Domain();
dom.setDomainName("cerner.com");
dom.setPostMasterEmail("postmaster@cerner.com");
proxy.addDomain(dom);
dom = new Domain();
dom.setDomainName("securehealthemail.com");
dom.setPostMasterEmail("postmaster@securehealthemail.com");
proxy.addDomain(dom);
}
protected void addTrustAnchors() throws Exception {
Vector<Anchor> vec = new Vector<Anchor>();
Anchor anchor = new Anchor();
anchor.setData(getCertificateFileData("cacert.der"));
anchor.setOwner("cerner.com");
anchor.setIncoming(true);
anchor.setOutgoing(true);
vec.add(anchor);
anchor = new Anchor();
anchor.setData(getCertificateFileData("cacert.der"));
anchor.setOwner("securehealthemail.com");
anchor.setIncoming(true);
anchor.setOutgoing(true);
vec.add(anchor);
proxy.addAnchor(vec.toArray(new Anchor[vec.size()]));
}
protected void cleanConfig() throws Exception {
proxy = new ConfigurationServiceProxy(ConfigServiceRunner.getConfigServiceURL());
// clean domains
int domainCount = proxy.getDomainCount();
Domain[] doms = proxy.listDomains(null, domainCount);
if (doms != null)
for (Domain dom : doms) {
// clean anchors
proxy.removeAnchorsForOwner(dom.getDomainName());
proxy.removeDomain(dom.getDomainName());
}
// clean certificates
Certificate[] certs = proxy.listCertificates(0, 0x8FFFF, null);
if (certs != null)
for (Certificate cert : certs) proxy.removeCertificatesForOwner(cert.getOwner());
// clean settings
Setting[] settings = proxy.getAllSettings();
if (settings != null)
for (Setting setting : settings) proxy.deleteSetting(new String[] { setting.getName() });
}
@Override
protected void doAssertions(NHINDSecurityAndTrustMailet agent) throws Exception {
assertNotNull(agent);
assertNotNull(agent.getInitParameter("ConfigURL"));
assertEquals(ConfigServiceRunner.getConfigServiceURL(), agent.getInitParameter("ConfigURL"));
}
}.perform();
}
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method buildTrustAnchorResolver.
public void buildTrustAnchorResolver() {
Provider<TrustAnchorResolver> provider = null;
Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
/*
* first determine how anchors are stored... possibilities are LDAP, keystore, and WS
*
*/
Setting setting = null;
String storeType;
String resolverType;
try {
setting = cfService.getSettingByName("AnchorStoreType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
}
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
// default to WS
storeType = STORE_TYPE_WS;
else
storeType = setting.getValue();
// if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
if (!storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
} else {
// trust bundles are shared objects across domains, so just pull the entire bundle list and associate
// the anchors in the bundles to the appropriate domains as we go... this will not always be the most efficient
// algorithm, but it most cases it will be when there are several domains configured (in which case this
// loading algorithm will be much more efficient)
final Map<String, TrustBundle> bundleMap = new HashMap<String, TrustBundle>();
try {
final TrustBundle[] bundles = cfService.getTrustBundles(true);
// put the bundles in a Map by name
if (bundles != null)
for (TrustBundle bundle : bundles) bundleMap.put(bundle.getBundleName(), bundle);
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e.getMessage(), e);
}
// hit up the web service for each domains anchor
for (Domain domain : lookedupWSDomains) {
try {
final Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
final Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
// get the anchors for the domain
final Anchor[] anchors = cfService.getAnchorsForOwner(domain.getDomainName(), null);
if (anchors != null) {
for (Anchor anchor : anchors) {
final X509Certificate anchorToAdd = certFromData(anchor.getData());
if (anchor.isIncoming())
incomingAnchorsToAdd.add(anchorToAdd);
if (anchor.isOutgoing())
outgoingAnchorsToAdd.add(anchorToAdd);
}
}
// check to see if there is a bundle associated to this domain
final TrustBundleDomainReltn[] domainAssocs = cfService.getTrustBundlesByDomain(domain.getId(), false);
if (domainAssocs != null) {
for (TrustBundleDomainReltn domainAssoc : domainAssocs) {
final TrustBundle bundle = bundleMap.get(domainAssoc.getTrustBundle().getBundleName());
if (bundle != null && bundle.getTrustBundleAnchors() != null) {
for (TrustBundleAnchor anchor : bundle.getTrustBundleAnchors()) {
final X509Certificate anchorToAdd = certFromData(anchor.getData());
if (domainAssoc.isIncoming())
incomingAnchorsToAdd.add(anchorToAdd);
if (domainAssoc.isOutgoing())
outgoingAnchorsToAdd.add(anchorToAdd);
}
}
}
}
incomingAnchors.put(domain.getDomainName(), incomingAnchorsToAdd);
outgoingAnchors.put(domain.getDomainName(), outgoingAnchorsToAdd);
} catch (SmtpAgentException e) {
// rethrow
throw e;
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
}
}
}
try {
setting = cfService.getSettingByName("AnchorResolverType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
}
if (incomingAnchors.size() == 0 && outgoingAnchors.size() == 0)
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty()) {
// multi domain should be the default... uniform really only makes sense for dev purposes
resolverType = ANCHOR_RES_TYPE_MULTIDOMAIN;
} else
resolverType = setting.getValue();
if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
// the same... just get the first collection in the incoming map
if (incomingAnchors.size() > 0)
provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
else
provider = new UniformTrustAnchorResolverProvider(outgoingAnchors.values().iterator().next());
} else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
} else {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
}
certAnchorModule = TrustAnchorModule.create(provider);
}
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class AddDomainCAAndPrivCert method main.
public static void main(String[] args) {
final String configServiceUrl = args[0];
final String domainName = args[1];
final String caCommonName = args[2];
final String certCommonName = args[3];
try {
final ConfigurationServiceProxy cfService = new ConfigurationServiceProxy(configServiceUrl);
final Domain domain = new Domain();
domain.setDomainName(domainName);
domain.setPostMasterEmail("postmaster@" + domainName);
domain.setStatus(EntityStatus.ENABLED);
cfService.addDomain(domain);
// now add the anchor and cert
final File caFile = AbstractCertCreator.createNewFileName(caCommonName, false);
final Anchor anchor = new Anchor();
anchor.setData(FileUtils.readFileToByteArray(caFile));
anchor.setOwner(domainName);
anchor.setIncoming(true);
anchor.setOutgoing(true);
anchor.setStatus(EntityStatus.ENABLED);
cfService.addAnchor(new Anchor[] { anchor });
final File certFile = AbstractCertCreator.createNewFileName(certCommonName, false);
final String certFileName = certFile.getName();
int idx = certFileName.lastIndexOf(".der");
final String p12FileName = certFileName.substring(0, idx) + ".p12";
final Certificate cert = new Certificate();
cert.setData(FileUtils.readFileToByteArray(new File(p12FileName)));
cert.setStatus(EntityStatus.ENABLED);
cfService.addCertificates(new Certificate[] { cert });
} catch (Exception e) {
e.printStackTrace();
}
}
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class AnchorCommands method exportAnchor.
@Command(name = "ExportAnchor", usage = EXPORT_ANCHOR_USAGE)
public void exportAnchor(String[] args) {
final String id = StringArrayUtil.getRequiredValue(args, 0);
try {
// make sure the anchor exists
long[] ids = new long[] { Long.parseLong(id) };
final Anchor[] anchors = proxy.getAnchors(ids, null);
if (anchors == null || anchors.length == 0) {
System.out.println("Anchor does not exists.");
return;
} else {
for (Anchor anchor : anchors) {
final X509Certificate cert = CertUtils.toX509Certificate(anchor.getData());
final String certFileHold = CryptoExtensions.getSubjectAddress(cert) + ".der";
File certFile = new File(certFileHold);
if (certFile.exists())
certFile.delete();
System.out.println("Writing anchor file: " + certFile.getAbsolutePath());
try {
FileUtils.writeByteArrayToFile(certFile, cert.getEncoded());
} catch (Exception e) {
System.err.println("Failed to write anchor to file: " + e.getMessage());
}
}
}
} catch (Exception e) {
System.err.println("Error exporting anchor: " + e.getMessage());
}
}
use of org.nhind.config.Anchor in project nhin-d by DirectProject.
the class AnchorCommands method importAnchor.
@Command(name = "ImportAnchor", usage = IMPORT_ANCHOR_USAGE)
public void importAnchor(String[] args) {
final String fileLoc = StringArrayUtil.getRequiredValue(args, 0);
final String domainId = StringArrayUtil.getRequiredValue(args, 1);
final boolean incoming = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 2));
final boolean outgoing = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 3));
try {
// makes sure the domain exists
final Domain exDomain = proxy.getDomain(Long.parseLong(domainId));
if (exDomain == null) {
System.out.println("The domain with the id " + domainId + " does not exists in the system");
return;
}
byte[] certBytes = FileUtils.readFileToByteArray(new File(fileLoc));
if (certBytes != null) {
Anchor anchor = new Anchor();
anchor.setData(certBytes);
anchor.setIncoming(incoming);
anchor.setOutgoing(outgoing);
anchor.setOwner(exDomain.getDomainName());
proxy.addAnchor(new Anchor[] { anchor });
System.out.println("Successfully imported trust anchor.");
}
} catch (IOException e) {
System.out.println("Error reading file " + fileLoc + " : " + e.getMessage());
} catch (Exception e) {
System.out.println("Error importing trust anchor " + fileLoc + " : " + e.getMessage());
}
}
Aggregations