Search in sources :

Example 1 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class WSSmtpAgentConfig method buildTrustAnchorResolver.

public void buildTrustAnchorResolver() {
    Provider<TrustAnchorResolver> provider = null;
    Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
    Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
    /* 
		 * first determine how anchors are stored... possibilities are LDAP, keystore, and WS
		 * 
		 */
    Setting setting = null;
    String storeType;
    String resolverType;
    try {
        setting = cfService.getSettingByName("AnchorStoreType");
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
    }
    if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
        // default to WS
        storeType = STORE_TYPE_WS;
    else
        storeType = setting.getValue();
    // if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
    if (!storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
        getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
    } else {
        // trust bundles are shared objects across domains, so just pull the entire bundle list and associate
        // the anchors in the bundles to the appropriate domains as we go... this will not always be the most efficient
        // algorithm, but it most cases it will be when there are several domains configured (in which case this
        // loading algorithm will be much more efficient)
        final Map<String, TrustBundle> bundleMap = new HashMap<String, TrustBundle>();
        try {
            final TrustBundle[] bundles = cfService.getTrustBundles(true);
            // put the bundles in a Map by name
            if (bundles != null)
                for (TrustBundle bundle : bundles) bundleMap.put(bundle.getBundleName(), bundle);
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e.getMessage(), e);
        }
        // hit up the web service for each domains anchor
        for (Domain domain : lookedupWSDomains) {
            try {
                final Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
                final Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
                // get the anchors for the domain
                final Anchor[] anchors = cfService.getAnchorsForOwner(domain.getDomainName(), null);
                if (anchors != null) {
                    for (Anchor anchor : anchors) {
                        final X509Certificate anchorToAdd = certFromData(anchor.getData());
                        if (anchor.isIncoming())
                            incomingAnchorsToAdd.add(anchorToAdd);
                        if (anchor.isOutgoing())
                            outgoingAnchorsToAdd.add(anchorToAdd);
                    }
                }
                // check to see if there is a bundle associated to this domain
                final TrustBundleDomainReltn[] domainAssocs = cfService.getTrustBundlesByDomain(domain.getId(), false);
                if (domainAssocs != null) {
                    for (TrustBundleDomainReltn domainAssoc : domainAssocs) {
                        final TrustBundle bundle = bundleMap.get(domainAssoc.getTrustBundle().getBundleName());
                        if (bundle != null && bundle.getTrustBundleAnchors() != null) {
                            for (TrustBundleAnchor anchor : bundle.getTrustBundleAnchors()) {
                                final X509Certificate anchorToAdd = certFromData(anchor.getData());
                                if (domainAssoc.isIncoming())
                                    incomingAnchorsToAdd.add(anchorToAdd);
                                if (domainAssoc.isOutgoing())
                                    outgoingAnchorsToAdd.add(anchorToAdd);
                            }
                        }
                    }
                }
                incomingAnchors.put(domain.getDomainName(), incomingAnchorsToAdd);
                outgoingAnchors.put(domain.getDomainName(), outgoingAnchorsToAdd);
            } catch (SmtpAgentException e) {
                // rethrow
                throw e;
            } catch (Exception e) {
                throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
            }
        }
    }
    try {
        setting = cfService.getSettingByName("AnchorResolverType");
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
    }
    if (incomingAnchors.size() == 0 && outgoingAnchors.size() == 0)
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
    if (setting == null || setting.getValue() == null || setting.getValue().isEmpty()) {
        // multi domain should be the default... uniform really only makes sense for dev purposes
        resolverType = ANCHOR_RES_TYPE_MULTIDOMAIN;
    } else
        resolverType = setting.getValue();
    if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
        // the same... just get the first collection in the incoming map
        if (incomingAnchors.size() > 0)
            provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
        else
            provider = new UniformTrustAnchorResolverProvider(outgoingAnchors.values().iterator().next());
    } else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
        provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
    } else {
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
    }
    certAnchorModule = TrustAnchorModule.create(provider);
}
Also used : SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) HashMap(java.util.HashMap) Setting(org.nhind.config.Setting) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) AddressException(javax.mail.internet.AddressException) SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) PolicyParseException(org.nhindirect.policy.PolicyParseException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) TrustBundleDomainReltn(org.nhind.config.TrustBundleDomainReltn) TrustBundleAnchor(org.nhind.config.TrustBundleAnchor) Anchor(org.nhind.config.Anchor) TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver) UniformTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider) Collection(java.util.Collection) TrustBundle(org.nhind.config.TrustBundle) Domain(org.nhind.config.Domain) MultiDomainTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider) TrustBundleAnchor(org.nhind.config.TrustBundleAnchor)

Example 2 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class TrustBundleCommands method listBundleAnchors.

@Command(name = "ListTrustBundleAnchors", usage = LIST_BUNDLE_ANCHORS)
public void listBundleAnchors(String[] args) {
    final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
    try {
        final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
        if (bundle == null) {
            System.out.println("Bundle with id " + bundleId + " does not exist.");
            return;
        }
        if (bundle.getLastSuccessfulRefresh() == null) {
            System.out.println("Bundle has never been successfully downloaded.");
            return;
        }
        final TrustBundleAnchor[] anchors = bundle.getTrustBundleAnchors();
        if (anchors == null || anchors.length == 0) {
            System.out.println("Bundle has not anchors.");
            return;
        }
        anchorPrinter.printRecords(Arrays.asList(anchors));
    } catch (Exception e) {
        System.out.println("Error deleting trust bundle: " + e.getMessage());
    }
}
Also used : TrustBundle(org.nhind.config.TrustBundle) TrustBundleAnchor(org.nhind.config.TrustBundleAnchor) Command(org.nhindirect.dns.tools.utils.Command)

Example 3 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class TrustBundleCommands method addTrustBundle.

@Command(name = "AddTrustBundle", usage = ADD_TRUST_BUNDLE)
public void addTrustBundle(String[] args) {
    final String bundleName = StringArrayUtil.getRequiredValue(args, 0);
    final String url = StringArrayUtil.getRequiredValue(args, 1);
    // convert minutes to seconds
    final int refreshInterval = Integer.parseInt(StringArrayUtil.getRequiredValue(args, 2)) * 60;
    final String signingCertFile = StringArrayUtil.getOptionalValue(args, 3, "");
    try {
        final TrustBundle exBundle = proxy.getTrustBundleByName(bundleName);
        if (exBundle != null) {
            System.out.println("Bundle with name " + bundleName + " already exists.");
        } else {
            final TrustBundle newBundle = new TrustBundle();
            newBundle.setBundleName(bundleName);
            newBundle.setBundleURL(url);
            newBundle.setRefreshInterval(refreshInterval);
            if (!StringUtils.isEmpty(signingCertFile)) {
                final byte[] signCertData = FileUtils.readFileToByteArray(new File(signingCertFile));
                newBundle.setSigningCertificateData(signCertData);
            }
            proxy.addTrustBundle(newBundle);
            System.out.println("Trust bundle " + bundleName + " added to the system.");
        }
    } catch (Exception e) {
        System.out.println("Error adding trust bundle " + bundleName + " : " + e.getMessage());
    }
}
Also used : TrustBundle(org.nhind.config.TrustBundle) File(java.io.File) Command(org.nhindirect.dns.tools.utils.Command)

Example 4 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class TrustBundleCommands method removeTrustBundle.

@Command(name = "DeleteTrustBundle", usage = REMOVE_TRUST_BUNDLE)
public void removeTrustBundle(String[] args) {
    final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
    try {
        final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
        if (bundle == null) {
            System.out.println("Bundle with id " + bundleId + " does not exist.");
            return;
        }
        proxy.deleteTrustBundles(new Long[] { bundleId });
        System.out.println("Trust bundle " + bundle.getBundleName() + " deleted");
    } catch (Exception e) {
        System.out.println("Error deleting trust bundle: " + e.getMessage());
    }
}
Also used : TrustBundle(org.nhind.config.TrustBundle) Command(org.nhindirect.dns.tools.utils.Command)

Example 5 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class TrustBundleCommands method addTrustBundleToDomain.

@Command(name = "AddTrustBundleToDomain", usage = ADD_BUNDLE_TO_DOMAIN)
public void addTrustBundleToDomain(String[] args) {
    final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
    final long domainId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 1));
    final boolean trustIncoming = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 2));
    final boolean trustOutgoing = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 3));
    try {
        final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
        if (bundle == null) {
            System.out.println("Bundle with id " + bundleId + " does not exist.");
            return;
        }
        final Domain domain = proxy.getDomain(domainId);
        if (domain == null) {
            System.out.println("Domain with id " + domainId + " does not exist.");
            return;
        }
        // make sure there isn't already an association
        final TrustBundleDomainReltn[] reltns = proxy.getTrustBundlesByDomain(domainId, false);
        if (reltns != null && reltns.length > 0) {
            for (TrustBundleDomainReltn reltn : reltns) {
                if (reltn.getTrustBundle().getId() == bundleId) {
                    System.out.println("Bundle " + bundle.getBundleName() + " is already associated with domain " + domain.getDomainName());
                    return;
                }
            }
        }
        proxy.associateTrustBundleToDomain(domainId, bundleId, trustIncoming, trustOutgoing);
        System.out.println("Trust bundle " + bundle.getBundleName() + " added to domain " + domain.getDomainName());
    } catch (Exception e) {
        System.out.println("Error associating bundle to domain : " + e.getMessage());
    }
}
Also used : TrustBundle(org.nhind.config.TrustBundle) Domain(org.nhind.config.Domain) TrustBundleDomainReltn(org.nhind.config.TrustBundleDomainReltn) Command(org.nhindirect.dns.tools.utils.Command)

Aggregations

TrustBundle (org.nhind.config.TrustBundle)7 Command (org.nhindirect.dns.tools.utils.Command)6 Domain (org.nhind.config.Domain)4 TrustBundleDomainReltn (org.nhind.config.TrustBundleDomainReltn)4 ArrayList (java.util.ArrayList)2 TrustBundleAnchor (org.nhind.config.TrustBundleAnchor)2 File (java.io.File)1 IOException (java.io.IOException)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 Collection (java.util.Collection)1 HashMap (java.util.HashMap)1 AddressException (javax.mail.internet.AddressException)1 Anchor (org.nhind.config.Anchor)1 Setting (org.nhind.config.Setting)1 SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)1 PolicyParseException (org.nhindirect.policy.PolicyParseException)1 TrustAnchorResolver (org.nhindirect.stagent.trust.TrustAnchorResolver)1 MultiDomainTrustAnchorResolverProvider (org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)1 UniformTrustAnchorResolverProvider (org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider)1