Example 1 with DefaultMessageSignatureImpl
use of org.nhindirect.stagent.DefaultMessageSignatureImpl in project nhin-d by DirectProject.
the class TrustModel method findTrustedSignature.
protected DefaultMessageSignatureImpl findTrustedSignature(IncomingMessage message, InternetAddress recipient, Collection<X509Certificate> anchors) {
NHINDAddress sender = message.getSender();
Collection<DefaultMessageSignatureImpl> signatures = message.getSenderSignatures();
DefaultMessageSignatureImpl lastTrustedSignature = null;
final RevocationManager revocationManager = CRLRevocationManager.getInstance();
for (DefaultMessageSignatureImpl signature : signatures) {
// before checking for cert chain validation, make sure we aren't dealing with a revoked certificate
if (revocationManager.isRevoked(signature.getSignerCert()))
continue;
boolean certTrustedAndInPolicy = certChainValidator.isTrusted(signature.getSignerCert(), anchors) && signature.checkSignature();
if (certTrustedAndInPolicy && recipient != null) {
certTrustedAndInPolicy = this.isCertPolicyCompliant(recipient, signature.getSignerCert());
}
if (certTrustedAndInPolicy) {
if (!sender.hasCertificates())
// Can't really check thumbprints etc. So, this is about as good as its going to get
return signature;
if (signature.checkThumbprint(sender)) {
return signature;
}
//
// We'll save this guy, but keep looking for a signer whose thumbprint we can verify
// If we can't find one, we'll use the last trusted signer we found.. and just mark the recipient's trust
// enforcement status as Success_ThumbprintMismatch
//
lastTrustedSignature = signature;
}
}
return lastTrustedSignature;
}
Also used :
NHINDAddress(org.nhindirect.stagent.NHINDAddress)
DefaultMessageSignatureImpl(org.nhindirect.stagent.DefaultMessageSignatureImpl)
CRLRevocationManager(org.nhindirect.stagent.cert.impl.CRLRevocationManager)
RevocationManager(org.nhindirect.stagent.cert.RevocationManager)
Example 2 with DefaultMessageSignatureImpl
use of org.nhindirect.stagent.DefaultMessageSignatureImpl in project nhin-d by DirectProject.
the class TrustModel method findSenderSignatures.
protected void findSenderSignatures(IncomingMessage message) {
message.setSenderSignatures(null);
NHINDAddress sender = message.getSender();
Collection<DefaultMessageSignatureImpl> senderSignatures = new ArrayList<DefaultMessageSignatureImpl>();
// check for signatures at an individual level
Collection<SignerCertPair> individualSenders = CryptoExtensions.findSignersByName(message.getSignature(), sender.getAddress(), null);
// check for signatures at an org level
Collection<SignerCertPair> orgSenders = CryptoExtensions.findSignersByName(message.getSignature(), sender.getHost(), Arrays.asList(new String[] { sender.getAddress() }));
for (SignerCertPair pair : individualSenders) senderSignatures.add(new DefaultMessageSignatureImpl(pair.getSigner(), false, pair.getCertificate()));
for (SignerCertPair pair : orgSenders) senderSignatures.add(new DefaultMessageSignatureImpl(pair.getSigner(), true, pair.getCertificate()));
message.setSenderSignatures(senderSignatures);
}
Also used :
NHINDAddress(org.nhindirect.stagent.NHINDAddress)
DefaultMessageSignatureImpl(org.nhindirect.stagent.DefaultMessageSignatureImpl)
SignerCertPair(org.nhindirect.stagent.cert.SignerCertPair)
ArrayList(java.util.ArrayList)
Example 3 with DefaultMessageSignatureImpl
use of org.nhindirect.stagent.DefaultMessageSignatureImpl in project nhin-d by DirectProject.
the class TrustModel_findTrustedSignatureTest method testFindTrustedSignatureTest_singleRecipSignature_senderHasCert_assertMessageSignatureNotNull.
public void testFindTrustedSignatureTest_singleRecipSignature_senderHasCert_assertMessageSignatureNotNull() throws Exception {
final TrustModel trustModel = new TrustModel();
trustModel.findSenderSignatures(inMessage);
inMessage.getSender().setCertificates(Arrays.asList(sigUser1));
DefaultMessageSignatureImpl impl = trustModel.findTrustedSignature(inMessage, inMessage.getRecipients().get(0), Arrays.asList(sigUser1CA));
assertNotNull(impl);
}
Also used :
DefaultMessageSignatureImpl(org.nhindirect.stagent.DefaultMessageSignatureImpl)
Example 4 with DefaultMessageSignatureImpl
use of org.nhindirect.stagent.DefaultMessageSignatureImpl in project nhin-d by DirectProject.
the class TrustModel_findTrustedSignatureTest method testFindTrustedSignatureTest_singleRecipSignature_nonNullRecip_assertMessageSignatureNotNull.
public void testFindTrustedSignatureTest_singleRecipSignature_nonNullRecip_assertMessageSignatureNotNull() throws Exception {
final TrustModel trustModel = new TrustModel();
trustModel.findSenderSignatures(inMessage);
DefaultMessageSignatureImpl impl = trustModel.findTrustedSignature(inMessage, inMessage.getRecipients().get(0), Arrays.asList(sigUser1CA));
assertNotNull(impl);
}
Also used :
DefaultMessageSignatureImpl(org.nhindirect.stagent.DefaultMessageSignatureImpl)
Example 5 with DefaultMessageSignatureImpl
use of org.nhindirect.stagent.DefaultMessageSignatureImpl in project nhin-d by DirectProject.
the class TrustModel method enforce.
/**
* Enforces the trust policy an incoming message. Each domain recipient's trust status is set according the models trust policy.
*/
public void enforce(IncomingMessage message) {
if (message == null)
throw new IllegalArgumentException();
if (!message.hasSignatures())
throw new AgentException(AgentError.UntrustedMessage);
findSenderSignatures(message);
if (!message.hasSenderSignatures())
throw new AgentException(AgentError.MissingSenderSignature);
//
// For each domain recipient, find at least one valid sender signature that the recipient trusts
// the default value of the trust status is false, so only change the status if a trusted
// certificate is found
//
NHINDAddressCollection recipients = message.getDomainRecipients();
for (NHINDAddress recipient : recipients) {
recipient.setStatus(TrustEnforcementStatus.Failed);
// be a bogus recipient
if (recipient.getCertificates() != null) {
// Find a trusted signature
DefaultMessageSignatureImpl trustedSignature = findTrustedSignature(message, recipient, recipient.getTrustAnchors());
// verify the signature
if (trustedSignature != null) {
recipient.setStatus(trustedSignature.isThumbprintVerified() ? TrustEnforcementStatus.Success : TrustEnforcementStatus.Success_ThumbprintMismatch);
} else {
LOGGER.warn("enforce(IncomingMessage message) - could not find a trusted certificate for recipient " + recipient.getAddress());
}
} else {
LOGGER.warn("enforce(IncomingMessage message) - recipient " + recipient.getAddress() + " does not have a bound certificate");
}
}
}
Also used :
NHINDAddress(org.nhindirect.stagent.NHINDAddress)
DefaultMessageSignatureImpl(org.nhindirect.stagent.DefaultMessageSignatureImpl)
AgentException(org.nhindirect.stagent.AgentException)
NHINDAddressCollection(org.nhindirect.stagent.NHINDAddressCollection)
Aggregations
DefaultMessageSignatureImpl (org.nhindirect.stagent.DefaultMessageSignatureImpl)9
NHINDAddress (org.nhindirect.stagent.NHINDAddress)4
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
InternetAddress (javax.mail.internet.InternetAddress)1
AgentException (org.nhindirect.stagent.AgentException)1
NHINDAddressCollection (org.nhindirect.stagent.NHINDAddressCollection)1
RevocationManager (org.nhindirect.stagent.cert.RevocationManager)1
SignerCertPair (org.nhindirect.stagent.cert.SignerCertPair)1
CRLRevocationManager (org.nhindirect.stagent.cert.impl.CRLRevocationManager)1
