Search in sources :

Example 1 with TrustBundleAnchor

use of org.nhind.config.TrustBundleAnchor in project nhin-d by DirectProject.

the class TrustBundleCommands method listBundleAnchors.

@Command(name = "ListTrustBundleAnchors", usage = LIST_BUNDLE_ANCHORS)
public void listBundleAnchors(String[] args) {
    final long bundleId = Long.parseLong(StringArrayUtil.getRequiredValue(args, 0));
    try {
        final TrustBundle bundle = proxy.getTrustBundleById(bundleId);
        if (bundle == null) {
            System.out.println("Bundle with id " + bundleId + " does not exist.");
            return;
        }
        if (bundle.getLastSuccessfulRefresh() == null) {
            System.out.println("Bundle has never been successfully downloaded.");
            return;
        }
        final TrustBundleAnchor[] anchors = bundle.getTrustBundleAnchors();
        if (anchors == null || anchors.length == 0) {
            System.out.println("Bundle has not anchors.");
            return;
        }
        anchorPrinter.printRecords(Arrays.asList(anchors));
    } catch (Exception e) {
        System.out.println("Error deleting trust bundle: " + e.getMessage());
    }
}
Also used : TrustBundle(org.nhind.config.TrustBundle) TrustBundleAnchor(org.nhind.config.TrustBundleAnchor) Command(org.nhindirect.dns.tools.utils.Command)

Example 2 with TrustBundleAnchor

use of org.nhind.config.TrustBundleAnchor in project nhin-d by DirectProject.

the class WSSmtpAgentConfig method buildTrustAnchorResolver.

public void buildTrustAnchorResolver() {
    Provider<TrustAnchorResolver> provider = null;
    Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
    Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
    /* 
		 * first determine how anchors are stored... possibilities are LDAP, keystore, and WS
		 * 
		 */
    Setting setting = null;
    String storeType;
    String resolverType;
    try {
        setting = cfService.getSettingByName("AnchorStoreType");
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
    }
    if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
        // default to WS
        storeType = STORE_TYPE_WS;
    else
        storeType = setting.getValue();
    // if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
    if (!storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
        getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
    } else {
        // trust bundles are shared objects across domains, so just pull the entire bundle list and associate
        // the anchors in the bundles to the appropriate domains as we go... this will not always be the most efficient
        // algorithm, but it most cases it will be when there are several domains configured (in which case this
        // loading algorithm will be much more efficient)
        final Map<String, TrustBundle> bundleMap = new HashMap<String, TrustBundle>();
        try {
            final TrustBundle[] bundles = cfService.getTrustBundles(true);
            // put the bundles in a Map by name
            if (bundles != null)
                for (TrustBundle bundle : bundles) bundleMap.put(bundle.getBundleName(), bundle);
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e.getMessage(), e);
        }
        // hit up the web service for each domains anchor
        for (Domain domain : lookedupWSDomains) {
            try {
                final Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
                final Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
                // get the anchors for the domain
                final Anchor[] anchors = cfService.getAnchorsForOwner(domain.getDomainName(), null);
                if (anchors != null) {
                    for (Anchor anchor : anchors) {
                        final X509Certificate anchorToAdd = certFromData(anchor.getData());
                        if (anchor.isIncoming())
                            incomingAnchorsToAdd.add(anchorToAdd);
                        if (anchor.isOutgoing())
                            outgoingAnchorsToAdd.add(anchorToAdd);
                    }
                }
                // check to see if there is a bundle associated to this domain
                final TrustBundleDomainReltn[] domainAssocs = cfService.getTrustBundlesByDomain(domain.getId(), false);
                if (domainAssocs != null) {
                    for (TrustBundleDomainReltn domainAssoc : domainAssocs) {
                        final TrustBundle bundle = bundleMap.get(domainAssoc.getTrustBundle().getBundleName());
                        if (bundle != null && bundle.getTrustBundleAnchors() != null) {
                            for (TrustBundleAnchor anchor : bundle.getTrustBundleAnchors()) {
                                final X509Certificate anchorToAdd = certFromData(anchor.getData());
                                if (domainAssoc.isIncoming())
                                    incomingAnchorsToAdd.add(anchorToAdd);
                                if (domainAssoc.isOutgoing())
                                    outgoingAnchorsToAdd.add(anchorToAdd);
                            }
                        }
                    }
                }
                incomingAnchors.put(domain.getDomainName(), incomingAnchorsToAdd);
                outgoingAnchors.put(domain.getDomainName(), outgoingAnchorsToAdd);
            } catch (SmtpAgentException e) {
                // rethrow
                throw e;
            } catch (Exception e) {
                throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
            }
        }
    }
    try {
        setting = cfService.getSettingByName("AnchorResolverType");
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
    }
    if (incomingAnchors.size() == 0 && outgoingAnchors.size() == 0)
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
    if (setting == null || setting.getValue() == null || setting.getValue().isEmpty()) {
        // multi domain should be the default... uniform really only makes sense for dev purposes
        resolverType = ANCHOR_RES_TYPE_MULTIDOMAIN;
    } else
        resolverType = setting.getValue();
    if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
        // the same... just get the first collection in the incoming map
        if (incomingAnchors.size() > 0)
            provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
        else
            provider = new UniformTrustAnchorResolverProvider(outgoingAnchors.values().iterator().next());
    } else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
        provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
    } else {
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
    }
    certAnchorModule = TrustAnchorModule.create(provider);
}
Also used : SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) HashMap(java.util.HashMap) Setting(org.nhind.config.Setting) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) AddressException(javax.mail.internet.AddressException) SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) PolicyParseException(org.nhindirect.policy.PolicyParseException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) TrustBundleDomainReltn(org.nhind.config.TrustBundleDomainReltn) TrustBundleAnchor(org.nhind.config.TrustBundleAnchor) Anchor(org.nhind.config.Anchor) TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver) UniformTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider) Collection(java.util.Collection) TrustBundle(org.nhind.config.TrustBundle) Domain(org.nhind.config.Domain) MultiDomainTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider) TrustBundleAnchor(org.nhind.config.TrustBundleAnchor)

Aggregations

TrustBundle (org.nhind.config.TrustBundle)2 TrustBundleAnchor (org.nhind.config.TrustBundleAnchor)2 IOException (java.io.IOException)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 HashMap (java.util.HashMap)1 AddressException (javax.mail.internet.AddressException)1 Anchor (org.nhind.config.Anchor)1 Domain (org.nhind.config.Domain)1 Setting (org.nhind.config.Setting)1 TrustBundleDomainReltn (org.nhind.config.TrustBundleDomainReltn)1 Command (org.nhindirect.dns.tools.utils.Command)1 SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)1 PolicyParseException (org.nhindirect.policy.PolicyParseException)1 TrustAnchorResolver (org.nhindirect.stagent.trust.TrustAnchorResolver)1 MultiDomainTrustAnchorResolverProvider (org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)1 UniformTrustAnchorResolverProvider (org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider)1