Example 11 with SmtpAgentException
use of org.nhindirect.gateway.smtp.SmtpAgentException in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method buildTrustAnchorResolver.
public void buildTrustAnchorResolver() {
Provider<TrustAnchorResolver> provider = null;
Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
/*
* first determine how anchors are stored... possibilities are LDAP, keystore, and WS
*
*/
Setting setting = null;
String storeType;
String resolverType;
try {
setting = cfService.getSettingByName("AnchorStoreType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
}
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
// default to WS
storeType = STORE_TYPE_WS;
else
storeType = setting.getValue();
// if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
if (!storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
} else {
// trust bundles are shared objects across domains, so just pull the entire bundle list and associate
// the anchors in the bundles to the appropriate domains as we go... this will not always be the most efficient
// algorithm, but it most cases it will be when there are several domains configured (in which case this
// loading algorithm will be much more efficient)
final Map<String, TrustBundle> bundleMap = new HashMap<String, TrustBundle>();
try {
final TrustBundle[] bundles = cfService.getTrustBundles(true);
// put the bundles in a Map by name
if (bundles != null)
for (TrustBundle bundle : bundles) bundleMap.put(bundle.getBundleName(), bundle);
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting trust bundles: " + e.getMessage(), e);
}
// hit up the web service for each domains anchor
for (Domain domain : lookedupWSDomains) {
try {
final Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
final Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
// get the anchors for the domain
final Anchor[] anchors = cfService.getAnchorsForOwner(domain.getDomainName(), null);
if (anchors != null) {
for (Anchor anchor : anchors) {
final X509Certificate anchorToAdd = certFromData(anchor.getData());
if (anchor.isIncoming())
incomingAnchorsToAdd.add(anchorToAdd);
if (anchor.isOutgoing())
outgoingAnchorsToAdd.add(anchorToAdd);
}
}
// check to see if there is a bundle associated to this domain
final TrustBundleDomainReltn[] domainAssocs = cfService.getTrustBundlesByDomain(domain.getId(), false);
if (domainAssocs != null) {
for (TrustBundleDomainReltn domainAssoc : domainAssocs) {
final TrustBundle bundle = bundleMap.get(domainAssoc.getTrustBundle().getBundleName());
if (bundle != null && bundle.getTrustBundleAnchors() != null) {
for (TrustBundleAnchor anchor : bundle.getTrustBundleAnchors()) {
final X509Certificate anchorToAdd = certFromData(anchor.getData());
if (domainAssoc.isIncoming())
incomingAnchorsToAdd.add(anchorToAdd);
if (domainAssoc.isOutgoing())
outgoingAnchorsToAdd.add(anchorToAdd);
}
}
}
}
incomingAnchors.put(domain.getDomainName(), incomingAnchorsToAdd);
outgoingAnchors.put(domain.getDomainName(), outgoingAnchorsToAdd);
} catch (SmtpAgentException e) {
// rethrow
throw e;
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
}
}
}
try {
setting = cfService.getSettingByName("AnchorResolverType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
}
if (incomingAnchors.size() == 0 && outgoingAnchors.size() == 0)
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No trust anchors defined.");
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty()) {
// multi domain should be the default... uniform really only makes sense for dev purposes
resolverType = ANCHOR_RES_TYPE_MULTIDOMAIN;
} else
resolverType = setting.getValue();
if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM)) {
// the same... just get the first collection in the incoming map
if (incomingAnchors.size() > 0)
provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
else
provider = new UniformTrustAnchorResolverProvider(outgoingAnchors.values().iterator().next());
} else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN)) {
provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
} else {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
}
certAnchorModule = TrustAnchorModule.create(provider);
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
HashMap(java.util.HashMap)
Setting(org.nhind.config.Setting)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
TrustBundleDomainReltn(org.nhind.config.TrustBundleDomainReltn)
TrustBundleAnchor(org.nhind.config.TrustBundleAnchor)
Anchor(org.nhind.config.Anchor)
TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver)
UniformTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider)
Collection(java.util.Collection)
TrustBundle(org.nhind.config.TrustBundle)
Domain(org.nhind.config.Domain)
MultiDomainTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)
TrustBundleAnchor(org.nhind.config.TrustBundleAnchor)
Example 12 with SmtpAgentException
use of org.nhindirect.gateway.smtp.SmtpAgentException in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method buildLdapCertificateStoreProvider.
protected LdapCertificateStoreProvider buildLdapCertificateStoreProvider(String type, String cacheStoreName) {
//required
Setting ldapURLSetting;
Setting ldapSearchBaseSetting;
Setting ldapSearchAttrSetting;
Setting ldapCertAttrSetting;
Setting ldapCertFormatSetting;
//optional
Setting ldapUserSetting;
Setting ldapPasswordSetting;
Setting ldapConnTimeoutSetting;
Setting ldapCertPassphraseSetting;
try {
ldapURLSetting = cfService.getSettingByName(type + "LDAPUrl");
ldapSearchBaseSetting = cfService.getSettingByName(type + "LDAPSearchBase");
ldapSearchAttrSetting = cfService.getSettingByName(type + "LDAPSearchAttr");
ldapCertAttrSetting = cfService.getSettingByName(type + "LDAPCertAttr");
ldapCertFormatSetting = cfService.getSettingByName(type + "LDAPCertFormat");
//optional
ldapUserSetting = cfService.getSettingByName(type + "LDAPUser");
ldapPasswordSetting = cfService.getSettingByName(type + "LDAPPassword");
ldapConnTimeoutSetting = cfService.getSettingByName(type + "LDAPConnTimeout");
ldapCertPassphraseSetting = cfService.getSettingByName(type + "LDAPCertPassphrase");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting LDAP store settings: " + e.getMessage(), e);
}
if (ldapURLSetting == null || ldapURLSetting.getValue() == null || ldapURLSetting.getValue().isEmpty())
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Missing LDAP URL");
String ldapSearchBase = (ldapSearchBaseSetting == null) ? null : ldapSearchBaseSetting.getValue();
String ldapSearchAttr = (ldapSearchAttrSetting == null) ? null : ldapSearchAttrSetting.getValue();
String ldapCertAttr = (ldapCertAttrSetting == null) ? null : ldapCertAttrSetting.getValue();
String ldapCertFormat = (ldapCertFormatSetting == null) ? null : ldapCertFormatSetting.getValue();
String[] ldapURL = ldapURLSetting.getValue().split(",");
if (ldapURL[0].isEmpty() || ldapSearchBase.isEmpty() || ldapSearchAttr.isEmpty() || ldapCertAttr.isEmpty() || ldapCertFormat.isEmpty()) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Missing required LDAP parameters.");
}
String ldapUser = (ldapUserSetting == null) ? null : ldapUserSetting.getValue();
String ldapPassword = (ldapPasswordSetting == null) ? null : ldapPasswordSetting.getValue();
String ldapConnTimeout = (ldapConnTimeoutSetting == null) ? null : ldapConnTimeoutSetting.getValue();
String ldapCertPassphrase = (ldapCertPassphraseSetting == null) ? null : ldapCertPassphraseSetting.getValue();
if (ldapCertFormat.equalsIgnoreCase("pkcs12") && (ldapCertPassphrase == null || ldapCertPassphrase.isEmpty())) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat);
}
LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(ldapURL, ldapSearchBase, ldapSearchAttr, ldapCertAttr, ldapCertFormat);
if (ldapUser != null && !ldapUser.isEmpty() && ldapPassword != null && !ldapPassword.isEmpty()) {
ldapStoreConfiguration.setEmployLdapAuthInformation(new EmployLdapAuthInformation(ldapUser, ldapPassword));
}
if (ldapConnTimeout != null && !ldapConnTimeout.isEmpty()) {
ldapStoreConfiguration.setLdapConnectionTimeOut(ldapConnTimeout);
}
if (ldapCertPassphrase != null && !ldapCertPassphrase.isEmpty()) {
ldapStoreConfiguration.setLdapCertPassphrase(ldapCertPassphrase);
}
LdapCertificateStoreProvider ldapCertificateStoreProvider = new LdapCertificateStoreProvider(ldapStoreConfiguration, null, new LDAPCertificateStore.DefaultLDAPCachePolicy());
return ldapCertificateStoreProvider;
}
Also used :
LdapStoreConfiguration(org.nhindirect.stagent.cert.impl.LdapStoreConfiguration)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
EmployLdapAuthInformation(org.nhindirect.stagent.cert.impl.EmployLdapAuthInformation)
Setting(org.nhind.config.Setting)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
PublicLdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider)
LdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
Example 13 with SmtpAgentException
use of org.nhindirect.gateway.smtp.SmtpAgentException in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method certFromData.
protected X509Certificate certFromData(byte[] data) throws SmtpAgentException {
ByteArrayInputStream bais = new ByteArrayInputStream(data);
X509Certificate cert = null;
try {
cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
} catch (CertificateException e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Invalid certificate data: " + e.getMessage(), e);
} finally {
try {
bais.close();
} catch (IOException e) {
/*no op*/
}
}
return cert;
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Example 14 with SmtpAgentException
use of org.nhindirect.gateway.smtp.SmtpAgentException in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method getAnchorsFromNonWS.
protected void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> incomingAnchors, Map<String, Collection<X509Certificate>> outgoingAnchors, String storeType) {
// get the anchor aliases for each domain... better performance to do one web call
// little more code here, but better to take hit here instead of over the wire
ArrayList<String> incomingLookups = new ArrayList<String>();
ArrayList<String> outgoingLookups = new ArrayList<String>();
for (String domain : domains) {
incomingLookups.add(domain + "IncomingAnchorAliases");
outgoingLookups.add(domain + "OutgoingAnchorAliases");
}
Setting[] incomingAliasSettings;
Setting[] outgoingAliasSettings;
try {
incomingAliasSettings = cfService.getSettingsByNames(incomingLookups.toArray(new String[incomingLookups.size()]));
outgoingAliasSettings = cfService.getSettingsByNames(outgoingLookups.toArray(new String[outgoingLookups.size()]));
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
}
// get the anchors from the correct store
if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
Setting file;
Setting pass;
Setting privKeyPass;
try {
file = cfService.getSettingByName("AnchorKeyStoreFile");
pass = cfService.getSettingByName("AnchorKeyStoreFilePass");
privKeyPass = cfService.getSettingByName("AnchorKeyStorePrivKeyPass");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e.getMessage(), e);
}
KeyStoreCertificateStore store = new KeyStoreCertificateStore((file == null) ? null : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
} else if (storeType.equalsIgnoreCase(STORE_TYPE_LDAP)) {
LDAPCertificateStore ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider("TrustAnchor", "LDAPTrustAnchorStore").get();
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
}
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
Setting(org.nhind.config.Setting)
ArrayList(java.util.ArrayList)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
Collection(java.util.Collection)
Example 15 with SmtpAgentException
use of org.nhindirect.gateway.smtp.SmtpAgentException in project nhin-d by DirectProject.
the class XMLSmtpAgentConfig method buildLdapCertificateStoreProvider.
/**
* This will build an LdapCertificateStoreProvider to be used to grab certificates from the LDAP store.
* @param anchorStoreNode - The Element node in the xml file that contains anchor information
* @param cacheStoreName - The name of the bootstrap cacheStore used when cache and LDAP are unreachable.
* @return
*/
protected LdapCertificateStoreProvider buildLdapCertificateStoreProvider(Element anchorStoreNode, String cacheStoreName) {
//required
String[] ldapURL = anchorStoreNode.getAttribute("ldapURL").split(",");
String ldapSearchBase = anchorStoreNode.getAttribute("ldapSearchBase");
String ldapSearchAttr = anchorStoreNode.getAttribute("ldapSearchAttr");
String ldapCertAttr = anchorStoreNode.getAttribute("ldapCertAttr");
String ldapCertFormat = anchorStoreNode.getAttribute("ldapCertFormat");
if (ldapURL[0].isEmpty() || ldapSearchBase.isEmpty() || ldapSearchAttr.isEmpty() || ldapCertAttr.isEmpty() || ldapCertFormat.isEmpty()) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat);
}
//optional
String ldapUser = anchorStoreNode.getAttribute("ldapUser");
String ldapPassword = anchorStoreNode.getAttribute("ldapPassword");
String ldapConnTimeout = anchorStoreNode.getAttribute("ldapConnTimeout");
String ldapCertPassphrase = anchorStoreNode.getAttribute("ldapCertPassphrase");
if (ldapCertFormat.equalsIgnoreCase("pkcs12") && ldapCertPassphrase.isEmpty()) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat);
}
LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(ldapURL, ldapSearchBase, ldapSearchAttr, ldapCertAttr, ldapCertFormat);
if (!(ldapUser.isEmpty() && ldapPassword.isEmpty())) {
ldapStoreConfiguration.setEmployLdapAuthInformation(new EmployLdapAuthInformation(ldapUser, ldapPassword));
}
if (!ldapConnTimeout.isEmpty()) {
ldapStoreConfiguration.setLdapConnectionTimeOut(ldapConnTimeout);
}
if (!ldapCertPassphrase.isEmpty()) {
ldapStoreConfiguration.setLdapCertPassphrase(ldapCertPassphrase);
}
LdapCertificateStoreProvider ldapCertificateStoreProvider = new LdapCertificateStoreProvider(ldapStoreConfiguration, null, new DefaultCertStoreCachePolicy());
return ldapCertificateStoreProvider;
}
Also used :
LdapStoreConfiguration(org.nhindirect.stagent.cert.impl.LdapStoreConfiguration)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
DefaultCertStoreCachePolicy(org.nhindirect.stagent.cert.DefaultCertStoreCachePolicy)
EmployLdapAuthInformation(org.nhindirect.stagent.cert.impl.EmployLdapAuthInformation)
LdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)
Aggregations
SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)31
PolicyParseException (org.nhindirect.policy.PolicyParseException)20
AddressException (javax.mail.internet.AddressException)19
IOException (java.io.IOException)10
CertificateException (java.security.cert.CertificateException)10
Collection (java.util.Collection)8
ArrayList (java.util.ArrayList)7
Setting (org.nhind.config.Setting)7
Setting (org.nhindirect.config.model.Setting)7
LDAPCertificateStore (org.nhindirect.stagent.cert.impl.LDAPCertificateStore)7
X509Certificate (java.security.cert.X509Certificate)6
HashMap (java.util.HashMap)6
CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)5
KeyStoreCertificateStoreProvider (org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider)5
LdapCertificateStoreProvider (org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)5
MultiDomainTrustAnchorResolverProvider (org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)5
UniformTrustAnchorResolverProvider (org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider)5
DomainPolicyResolverProvider (org.nhindirect.stagent.policy.impl.provider.DomainPolicyResolverProvider)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
InternetAddress (javax.mail.internet.InternetAddress)3
