Examples with TrustBundleAnchor org.nhind.config.TrustBundleAnchor used on opensource projects

Example 1 with TrustBundleAnchor

use of org.nhind.config.TrustBundleAnchor in project nhin-d by DirectProject.

the class TrustBundleCommands method listBundleAnchors.

@Command(name = "ListTrustBundleAnchors", usage = LIST_BUNDLE_ANCHORS)
public void listBundleAnchors(String[] args) {
    final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
    try {
        final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
        if (bundle == null) {
            System.out.println("Bundle with id " + bundleId + " does not exist.");
            return;
        }
        if (bundle.getLastSuccessfulRefresh() == null) {
            System.out.println("Bundle has never been successfully downloaded.");
            return;
        }
        final TrustBundleAnchor[] anchors = bundle.getTrustBundleAnchors();
        if (anchors == null || anchors.length == 0) {
            System.out.println("Bundle has not anchors.");
            return;
        }
        anchorPrinter.printRecords(Arrays.asList(anchors));
    } catch (Exception e) {
        System.out.println("Error deleting trust bundle: " + e.getMessage());
    }
}

Example 2 with TrustBundleAnchor

use of org.nhind.config.TrustBundleAnchor in project nhin-d by DirectProject.

the class WSSmtpAgentConfig method buildTrustAnchorResolver.

public void buildTrustAnchorResolver() {
    Provider<TrustAnchorResolver> provider = null;
    Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
    Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
    /* 
		 * first determine how anchors are stored... possibilities are LDAP, keystore, and WS
		 * 
		 */
    Setting setting = null;
    String storeType;
    String resolverType;
    try {
        setting = cfService.getSettingByName("AnchorStoreType");
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
    }
    if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
        // default to WS
        storeType = STORE_TYPE_WS;
    else
        storeType = setting.getValue();
    // if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
    if (!storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
        getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
    } else {
        // trust bundles are shared objects across domains, so just pull the entire bundle list and associate
        // the anchors in the bundles to the appropriate domains as we go... this will not always be the most efficient
        // algorithm, but it most cases it will be when there are several domains configured (in which case this
        // loading algorithm will be much more efficient)
        final Map<String, TrustBundle> bundleMap = new HashMap<String, TrustBundle>();
        try {
            final TrustBundle[] bundles = cfService.getTrustBundles(true);
            // put the bundles in a Map by name
            if (bundles != null)
                for (TrustBundle bundle : bundles) bundleMap.put(bundle.getBundleName(), bundle);
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e.getMessage(), e);
        }
        // hit up the web service for each domains anchor
        for (Domain domain : lookedupWSDomains) {
            try {
                final Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
                final Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
                // get the anchors for the domain
                final Anchor[] anchors = cfService.getAnchorsForOwner(domain.getDomainName(), null);
                if (anchors != null) {
                    for (Anchor anchor : anchors) {
                        final X509Certificate anchorToAdd = certFromData(anchor.getData());
                        if (anchor.isIncoming())
                            incomingAnchorsToAdd.add(anchorToAdd);
                        if (anchor.isOutgoing())
                            outgoingAnchorsToAdd.add(anchorToAdd);
                    }
                }
                // check to see if there is a bundle associated to this domain
                final TrustBundleDomainReltn[] domainAssocs = cfService.getTrustBundlesByDomain(domain.getId(), false);
                if (domainAssocs != null) {
                    for (TrustBundleDomainReltn domainAssoc : domainAssocs) {
                        final TrustBundle bundle = bundleMap.get(domainAssoc.getTrustBundle().getBundleName());
                        if (bundle != null && bundle.getTrustBundleAnchors() != null) {
                            for (TrustBundleAnchor anchor : bundle.getTrustBundleAnchors()) {
                                final X509Certificate anchorToAdd = certFromData(anchor.getData());
                                if (domainAssoc.isIncoming())
                                    incomingAnchorsToAdd.add(anchorToAdd);
                                if (domainAssoc.isOutgoing())
                                    outgoingAnchorsToAdd.add(anchorToAdd);
                            }
                        }
                    }
                }
                incomingAnchors.put(domain.getDomainName(), incomingAnchorsToAdd);
                outgoingAnchors.put(domain.getDomainName(), outgoingAnchorsToAdd);
            } catch (SmtpAgentException e) {
                // rethrow
                throw e;
            } catch (Exception e) {
                throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
            }
        }
    }
    try {
        setting = cfService.getSettingByName("AnchorResolverType");
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
    }
    if (incomingAnchors.size() == 0 && outgoingAnchors.size() == 0)
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
    if (setting == null || setting.getValue() == null || setting.getValue().isEmpty()) {
        // multi domain should be the default... uniform really only makes sense for dev purposes
        resolverType = ANCHOR_RES_TYPE_MULTIDOMAIN;
    } else
        resolverType = setting.getValue();
    if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
        // the same... just get the first collection in the incoming map
        if (incomingAnchors.size() > 0)
            provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
        else
            provider = new UniformTrustAnchorResolverProvider(outgoingAnchors.values().iterator().next());
    } else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
        provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
    } else {
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
    }
    certAnchorModule = TrustAnchorModule.create(provider);
}