Examples with TrustBundle org.nhind.config.TrustBundle used on opensource projects

Example 1 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class WSSmtpAgentConfig method buildTrustAnchorResolver.

public void buildTrustAnchorResolver() {
    Provider<TrustAnchorResolver> provider = null;
    Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
    Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
    /* 
		 * first determine how anchors are stored... possibilities are LDAP, keystore, and WS
		 * 
		 */
    Setting setting = null;
    String storeType;
    String resolverType;
    try {
        setting = cfService.getSettingByName("AnchorStoreType");
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
    }
    if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
        // default to WS
        storeType = STORE_TYPE_WS;
    else
        storeType = setting.getValue();
    // if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
    if (!storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
        getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
    } else {
        // trust bundles are shared objects across domains, so just pull the entire bundle list and associate
        // the anchors in the bundles to the appropriate domains as we go... this will not always be the most efficient
        // algorithm, but it most cases it will be when there are several domains configured (in which case this
        // loading algorithm will be much more efficient)
        final Map<String, TrustBundle> bundleMap = new HashMap<String, TrustBundle>();
        try {
            final TrustBundle[] bundles = cfService.getTrustBundles(true);
            // put the bundles in a Map by name
            if (bundles != null)
                for (TrustBundle bundle : bundles) bundleMap.put(bundle.getBundleName(), bundle);
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e.getMessage(), e);
        }
        // hit up the web service for each domains anchor
        for (Domain domain : lookedupWSDomains) {
            try {
                final Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
                final Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
                // get the anchors for the domain
                final Anchor[] anchors = cfService.getAnchorsForOwner(domain.getDomainName(), null);
                if (anchors != null) {
                    for (Anchor anchor : anchors) {
                        final X509Certificate anchorToAdd = certFromData(anchor.getData());
                        if (anchor.isIncoming())
                            incomingAnchorsToAdd.add(anchorToAdd);
                        if (anchor.isOutgoing())
                            outgoingAnchorsToAdd.add(anchorToAdd);
                    }
                }
                // check to see if there is a bundle associated to this domain
                final TrustBundleDomainReltn[] domainAssocs = cfService.getTrustBundlesByDomain(domain.getId(), false);
                if (domainAssocs != null) {
                    for (TrustBundleDomainReltn domainAssoc : domainAssocs) {
                        final TrustBundle bundle = bundleMap.get(domainAssoc.getTrustBundle().getBundleName());
                        if (bundle != null && bundle.getTrustBundleAnchors() != null) {
                            for (TrustBundleAnchor anchor : bundle.getTrustBundleAnchors()) {
                                final X509Certificate anchorToAdd = certFromData(anchor.getData());
                                if (domainAssoc.isIncoming())
                                    incomingAnchorsToAdd.add(anchorToAdd);
                                if (domainAssoc.isOutgoing())
                                    outgoingAnchorsToAdd.add(anchorToAdd);
                            }
                        }
                    }
                }
                incomingAnchors.put(domain.getDomainName(), incomingAnchorsToAdd);
                outgoingAnchors.put(domain.getDomainName(), outgoingAnchorsToAdd);
            } catch (SmtpAgentException e) {
                // rethrow
                throw e;
            } catch (Exception e) {
                throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
            }
        }
    }
    try {
        setting = cfService.getSettingByName("AnchorResolverType");
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
    }
    if (incomingAnchors.size() == 0 && outgoingAnchors.size() == 0)
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
    if (setting == null || setting.getValue() == null || setting.getValue().isEmpty()) {
        // multi domain should be the default... uniform really only makes sense for dev purposes
        resolverType = ANCHOR_RES_TYPE_MULTIDOMAIN;
    } else
        resolverType = setting.getValue();
    if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
        // the same... just get the first collection in the incoming map
        if (incomingAnchors.size() > 0)
            provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
        else
            provider = new UniformTrustAnchorResolverProvider(outgoingAnchors.values().iterator().next());
    } else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
        provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
    } else {
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
    }
    certAnchorModule = TrustAnchorModule.create(provider);
}

Example 2 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class TrustBundleCommands method listBundleAnchors.

@Command(name = "ListTrustBundleAnchors", usage = LIST_BUNDLE_ANCHORS)
public void listBundleAnchors(String[] args) {
    final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
    try {
        final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
        if (bundle == null) {
            System.out.println("Bundle with id " + bundleId + " does not exist.");
            return;
        }
        if (bundle.getLastSuccessfulRefresh() == null) {
            System.out.println("Bundle has never been successfully downloaded.");
            return;
        }
        final TrustBundleAnchor[] anchors = bundle.getTrustBundleAnchors();
        if (anchors == null || anchors.length == 0) {
            System.out.println("Bundle has not anchors.");
            return;
        }
        anchorPrinter.printRecords(Arrays.asList(anchors));
    } catch (Exception e) {
        System.out.println("Error deleting trust bundle: " + e.getMessage());
    }
}

Example 3 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class TrustBundleCommands method addTrustBundle.

@Command(name = "AddTrustBundle", usage = ADD_TRUST_BUNDLE)
public void addTrustBundle(String[] args) {
    final String bundleName = StringArrayUtil.getRequiredValue(args, 0);
    final String url = StringArrayUtil.getRequiredValue(args, 1);
    // convert minutes to seconds
    final int refreshInterval = Integer.parseInt(StringArrayUtil.getRequiredValue(args, 2)) * 60;
    final String signingCertFile = StringArrayUtil.getOptionalValue(args, 3, "");
    try {
        final TrustBundle exBundle = proxy.getTrustBundleByName(bundleName);
        if (exBundle != null) {
            System.out.println("Bundle with name " + bundleName + " already exists.");
        } else {
            final TrustBundle newBundle = new TrustBundle();
            newBundle.setBundleName(bundleName);
            newBundle.setBundleURL(url);
            newBundle.setRefreshInterval(refreshInterval);
            if (!StringUtils.isEmpty(signingCertFile)) {
                final byte[] signCertData = FileUtils.readFileToByteArray(new File(signingCertFile));
                newBundle.setSigningCertificateData(signCertData);
            }
            proxy.addTrustBundle(newBundle);
            System.out.println("Trust bundle " + bundleName + " added to the system.");
        }
    } catch (Exception e) {
        System.out.println("Error adding trust bundle " + bundleName + " : " + e.getMessage());
    }
}

Example 4 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class TrustBundleCommands method removeTrustBundle.

@Command(name = "DeleteTrustBundle", usage = REMOVE_TRUST_BUNDLE)
public void removeTrustBundle(String[] args) {
    final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
    try {
        final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
        if (bundle == null) {
            System.out.println("Bundle with id " + bundleId + " does not exist.");
            return;
        }
        proxy.deleteTrustBundles(new Long[] { bundleId });
        System.out.println("Trust bundle " + bundle.getBundleName() + " deleted");
    } catch (Exception e) {
        System.out.println("Error deleting trust bundle: " + e.getMessage());
    }
}

Example 5 with TrustBundle

use of org.nhind.config.TrustBundle in project nhin-d by DirectProject.

the class TrustBundleCommands method addTrustBundleToDomain.

@Command(name = "AddTrustBundleToDomain", usage = ADD_BUNDLE_TO_DOMAIN)
public void addTrustBundleToDomain(String[] args) {
    final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
    final long domainId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 1));
    final boolean trustIncoming = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 2));
    final boolean trustOutgoing = Boolean.parseBoolean(StringArrayUtil.getRequiredValue(args, 3));
    try {
        final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
        if (bundle == null) {
            System.out.println("Bundle with id " + bundleId + " does not exist.");
            return;
        }
        final Domain domain = proxy.getDomain(domainId);
        if (domain == null) {
            System.out.println("Domain with id " + domainId + " does not exist.");
            return;
        }
        // make sure there isn't already an association
        final TrustBundleDomainReltn[] reltns = proxy.getTrustBundlesByDomain(domainId, false);
        if (reltns != null && reltns.length > 0) {
            for (TrustBundleDomainReltn reltn : reltns) {
                if (reltn.getTrustBundle().getId() == bundleId) {
                    System.out.println("Bundle " + bundle.getBundleName() + " is already associated with domain " + domain.getDomainName());
                    return;
                }
            }
        }
        proxy.associateTrustBundleToDomain(domainId, bundleId, trustIncoming, trustOutgoing);
        System.out.println("Trust bundle " + bundle.getBundleName() + " added to domain " + domain.getDomainName());
    } catch (Exception e) {
        System.out.println("Error associating bundle to domain : " + e.getMessage());
    }
}