use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method buildTrustAnchorResolver.
public void buildTrustAnchorResolver() {
Provider<TrustAnchorResolver> provider = null;
Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
/*
* first determine how anchors are stored... possibilities are LDAP, keystore, and WS
*
*/
Setting setting = null;
String storeType;
String resolverType;
try {
setting = cfService.getSettingByName("AnchorStoreType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
}
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
// default to WS
storeType = STORE_TYPE_WS;
else
storeType = setting.getValue();
// if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
if (!storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
} else {
// trust bundles are shared objects across domains, so just pull the entire bundle list and associate
// the anchors in the bundles to the appropriate domains as we go... this will not always be the most efficient
// algorithm, but it most cases it will be when there are several domains configured (in which case this
// loading algorithm will be much more efficient)
final Map<String, TrustBundle> bundleMap = new HashMap<String, TrustBundle>();
try {
final TrustBundle[] bundles = cfService.getTrustBundles(true);
// put the bundles in a Map by name
if (bundles != null)
for (TrustBundle bundle : bundles) bundleMap.put(bundle.getBundleName(), bundle);
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e.getMessage(), e);
}
// hit up the web service for each domains anchor
for (Domain domain : lookedupWSDomains) {
try {
final Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
final Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
// get the anchors for the domain
final Anchor[] anchors = cfService.getAnchorsForOwner(domain.getDomainName(), null);
if (anchors != null) {
for (Anchor anchor : anchors) {
final X509Certificate anchorToAdd = certFromData(anchor.getData());
if (anchor.isIncoming())
incomingAnchorsToAdd.add(anchorToAdd);
if (anchor.isOutgoing())
outgoingAnchorsToAdd.add(anchorToAdd);
}
}
// check to see if there is a bundle associated to this domain
final TrustBundleDomainReltn[] domainAssocs = cfService.getTrustBundlesByDomain(domain.getId(), false);
if (domainAssocs != null) {
for (TrustBundleDomainReltn domainAssoc : domainAssocs) {
final TrustBundle bundle = bundleMap.get(domainAssoc.getTrustBundle().getBundleName());
if (bundle != null && bundle.getTrustBundleAnchors() != null) {
for (TrustBundleAnchor anchor : bundle.getTrustBundleAnchors()) {
final X509Certificate anchorToAdd = certFromData(anchor.getData());
if (domainAssoc.isIncoming())
incomingAnchorsToAdd.add(anchorToAdd);
if (domainAssoc.isOutgoing())
outgoingAnchorsToAdd.add(anchorToAdd);
}
}
}
}
incomingAnchors.put(domain.getDomainName(), incomingAnchorsToAdd);
outgoingAnchors.put(domain.getDomainName(), outgoingAnchorsToAdd);
} catch (SmtpAgentException e) {
// rethrow
throw e;
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
}
}
}
try {
setting = cfService.getSettingByName("AnchorResolverType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
}
if (incomingAnchors.size() == 0 && outgoingAnchors.size() == 0)
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty()) {
// multi domain should be the default... uniform really only makes sense for dev purposes
resolverType = ANCHOR_RES_TYPE_MULTIDOMAIN;
} else
resolverType = setting.getValue();
if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
// the same... just get the first collection in the incoming map
if (incomingAnchors.size() > 0)
provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
else
provider = new UniformTrustAnchorResolverProvider(outgoingAnchors.values().iterator().next());
} else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
} else {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
}
certAnchorModule = TrustAnchorModule.create(provider);
}
use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.
the class TrustBundleCommands method listBundleAnchors.
@Command(name = "ListTrustBundleAnchors", usage = LIST_BUNDLE_ANCHORS)
public void listBundleAnchors(String[] args) {
final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
try {
final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
if (bundle == null) {
System.out.println("Bundle with id " + bundleId + " does not exist.");
return;
}
if (bundle.getLastSuccessfulRefresh() == null) {
System.out.println("Bundle has never been successfully downloaded.");
return;
}
final TrustBundleAnchor[] anchors = bundle.getTrustBundleAnchors();
if (anchors == null || anchors.length == 0) {
System.out.println("Bundle has not anchors.");
return;
}
anchorPrinter.printRecords(Arrays.asList(anchors));
} catch (Exception e) {
System.out.println("Error deleting trust bundle: " + e.getMessage());
}
}
use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.
the class TrustBundleCommands method addTrustBundle.
@Command(name = "AddTrustBundle", usage = ADD_TRUST_BUNDLE)
public void addTrustBundle(String[] args) {
final String bundleName = StringArrayUtil.getRequiredValue(args, 0);
final String url = StringArrayUtil.getRequiredValue(args, 1);
// convert minutes to seconds
final int refreshInterval = Integer.parseInt(StringArrayUtil.getRequiredValue(args, 2)) * 60;
final String signingCertFile = StringArrayUtil.getOptionalValue(args, 3, "");
try {
final TrustBundle exBundle = proxy.getTrustBundleByName(bundleName);
if (exBundle != null) {
System.out.println("Bundle with name " + bundleName + " already exists.");
} else {
final TrustBundle newBundle = new TrustBundle();
newBundle.setBundleName(bundleName);
newBundle.setBundleURL(url);
newBundle.setRefreshInterval(refreshInterval);
if (!StringUtils.isEmpty(signingCertFile)) {
final byte[] signCertData = FileUtils.readFileToByteArray(new File(signingCertFile));
newBundle.setSigningCertificateData(signCertData);
}
proxy.addTrustBundle(newBundle);
System.out.println("Trust bundle " + bundleName + " added to the system.");
}
} catch (Exception e) {
System.out.println("Error adding trust bundle " + bundleName + " : " + e.getMessage());
}
}
use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.
the class TrustBundleCommands method removeTrustBundle.
@Command(name = "DeleteTrustBundle", usage = REMOVE_TRUST_BUNDLE)
public void removeTrustBundle(String[] args) {
final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
try {
final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
if (bundle == null) {
System.out.println("Bundle with id " + bundleId + " does not exist.");
return;
}
proxy.deleteTrustBundles(new Long[] { bundleId });
System.out.println("Trust bundle " + bundle.getBundleName() + " deleted");
} catch (Exception e) {
System.out.println("Error deleting trust bundle: " + e.getMessage());
}
}
use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.
the class TrustBundleCommands method addTrustBundleToDomain.
@Command(name = "AddTrustBundleToDomain", usage = ADD_BUNDLE_TO_DOMAIN)
public void addTrustBundleToDomain(String[] args) {
final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
final long domainId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 1));
final boolean trustIncoming = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 2));
final boolean trustOutgoing = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 3));
try {
final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
if (bundle == null) {
System.out.println("Bundle with id " + bundleId + " does not exist.");
return;
}
final Domain domain = proxy.getDomain(domainId);
if (domain == null) {
System.out.println("Domain with id " + domainId + " does not exist.");
return;
}
// make sure there isn't already an association
final TrustBundleDomainReltn[] reltns = proxy.getTrustBundlesByDomain(domainId, false);
if (reltns != null && reltns.length > 0) {
for (TrustBundleDomainReltn reltn : reltns) {
if (reltn.getTrustBundle().getId() == bundleId) {
System.out.println("Bundle " + bundle.getBundleName() + " is already associated with domain " + domain.getDomainName());
return;
}
}
}
proxy.associateTrustBundleToDomain(domainId, bundleId, trustIncoming, trustOutgoing);
System.out.println("Trust bundle " + bundle.getBundleName() + " added to domain " + domain.getDomainName());
} catch (Exception e) {
System.out.println("Error associating bundle to domain : " + e.getMessage());
}
}
Aggregations