Example 26 with NHINDException
use of org.nhindirect.stagent.NHINDException in project nhin-d by DirectProject.
the class TrustChainValidator method getIntermediateCertsByAIA.
/**
* Retrieves intermediate certificate using the AIA extension.
* @param certificate The certificate to search for AIA extensions.
* @return Returns a collection of intermediate certs using the AIA extension. If the AIA extension does not exists
* or the certificate cannot be downloaded from the URL, then an empty list is returned.
*/
protected Collection<X509Certificate> getIntermediateCertsByAIA(X509Certificate certificate) {
final Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
// check to see if there are extensions
final AuthorityInfoAccessExtentionField aiaField = new AuthorityInfoAccessExtentionField(false);
try {
// we can get all names from the AuthorityInfoAccessExtentionField objects
aiaField.injectReferenceValue(certificate);
final Collection<String> urlPairs = aiaField.getPolicyValue().getPolicyValue();
// look through all of the values (if they exist) for caIssuers
for (String urlPair : urlPairs) {
if (urlPair.startsWith(CA_ISSUER_CHECK_STRING)) {
// the url pair is in the format of caIssuer:URL... need to break it
// apart to get the url
final String url = urlPair.substring(CA_ISSUER_CHECK_STRING.length());
// now pull the certificate from the URL
try {
final Collection<X509Certificate> intermCerts = downloadCertsFromAIA(url);
retVal.addAll(intermCerts);
} catch (NHINDException e) {
LOGGER.warn("Intermediate cert cannot be resolved from AIA extension.", e);
}
}
}
}///CLOVER:OFF
catch (PolicyProcessException e) {
LOGGER.warn("Intermediate cert cannot be resolved from AIA extension.", e);
}
return retVal;
}
Also used :
AuthorityInfoAccessExtentionField(org.nhindirect.policy.x509.AuthorityInfoAccessExtentionField)
ArrayList(java.util.ArrayList)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
NHINDException(org.nhindirect.stagent.NHINDException)
X509Certificate(java.security.cert.X509Certificate)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
Example 27 with NHINDException
use of org.nhindirect.stagent.NHINDException in project nhin-d by DirectProject.
the class Notification method getNotificationFieldsAsHeaders.
/**
* Parses the notification part fields of the MimeMultipart body of a MDN message. The multipart is expected to conform to the MDN specification
* as described in RFC3798.
* @return The notification part fields as a set of Internet headers.
*/
public static InternetHeaders getNotificationFieldsAsHeaders(MimeMultipart mm) {
InternetHeaders retVal = null;
if (mm == null)
throw new IllegalArgumentException("Multipart can not be null");
try {
if (mm.getCount() < 2)
throw new IllegalArgumentException("Multipart can not be null");
// the second part should be the notification
BodyPart part = mm.getBodyPart(1);
try {
Object contecntObj = part.getContent();
if (dsnClass != null && dsnClass.getCanonicalName().equals(contecntObj.getClass().getCanonicalName())) {
retVal = (InternetHeaders) getHeaders.invoke(contecntObj);
return retVal;
}
} catch (Exception e) {
/* no-op */
}
if (!part.getContentType().equalsIgnoreCase(MDNStandard.MediaType.DispositionNotification))
throw new IllegalArgumentException("Notification part content type is not " + MDNStandard.MediaType.DispositionNotification);
// parse fields
retVal = new InternetHeaders();
String[] fields = getPartContentBodyAsString(part).split("\r\n");
for (String field : fields) {
int idx = field.indexOf(":");
if (idx > -1) {
String name = field.substring(0, idx);
String value = field.substring(idx + 1).trim();
retVal.setHeader(name, value);
}
}
} catch (MessagingException e) {
throw new NHINDException("Failed to parse notification fields.", e);
}
return retVal;
}
Also used :
BodyPart(javax.mail.BodyPart)
InternetHeaders(javax.mail.internet.InternetHeaders)
MessagingException(javax.mail.MessagingException)
NHINDException(org.nhindirect.stagent.NHINDException)
MessagingException(javax.mail.MessagingException)
IOException(java.io.IOException)
NHINDException(org.nhindirect.stagent.NHINDException)
Example 28 with NHINDException
use of org.nhindirect.stagent.NHINDException in project nhin-d by DirectProject.
the class ConfigServiceRESTCertificateStore method certFromData.
private X509Certificate certFromData(byte[] data) {
X509Certificate retVal = null;
try {
// first check for wrapped data
final CertContainer container = CertUtils.toCertContainer(data);
if (container.getWrappedKeyData() != null) {
// make sure we have a KeyStoreManager configured
if (this.mgr == null) {
throw new NHINDException(AgentError.Unexpected, "Resolved certifiate has wrapped data, but resolver has not been configured to unwrap it.");
}
// create a new wrapped certificate object
retVal = WrappedOnDemandX509CertificateEx.fromX509Certificate(mgr, container.getCert(), container.getWrappedKeyData());
return retVal;
}
ByteArrayInputStream bais = new ByteArrayInputStream(data);
// lets try this a as a PKCS12 data stream first
try {
KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
localKeyStore.load(bais, "".toCharArray());
Enumeration<String> aliases = localKeyStore.aliases();
// we are really expecting only one alias
if (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
// check if there is private key
Key key = localKeyStore.getKey(alias, "".toCharArray());
if (key != null && key instanceof PrivateKey) {
retVal = X509CertificateEx.fromX509Certificate(cert, (PrivateKey) key);
} else
retVal = cert;
}
} catch (Exception e) {
// must not be a PKCS12 stream, go on to next step
}
if (retVal == null) {
//try X509 certificate factory next
bais.reset();
bais = new ByteArrayInputStream(data);
retVal = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
}
bais.close();
} catch (Exception e) {
throw new NHINDException("Data cannot be converted to a valid X.509 Certificate", e);
}
return retVal;
}
Also used :
PrivateKey(java.security.PrivateKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
NHINDException(org.nhindirect.stagent.NHINDException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
CertContainer(org.nhindirect.config.model.utils.CertUtils.CertContainer)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
CacheException(org.apache.jcs.access.exception.CacheException)
NHINDException(org.nhindirect.stagent.NHINDException)
Example 29 with NHINDException
use of org.nhindirect.stagent.NHINDException in project nhin-d by DirectProject.
the class ConfigServiceCertificateStore method lookupFromConfigStore.
private Collection<X509Certificate> lookupFromConfigStore(String subjectName) {
String domain;
org.nhind.config.Certificate[] certificates;
try {
certificates = proxy.getCertificatesForOwner(subjectName, null);
} catch (Exception e) {
throw new NHINDException("WebService error getting certificates by subject: " + e.getMessage(), e);
}
if (certificates == null || certificates.length == 0) {
// try again with the domain name
int index;
if ((index = subjectName.indexOf("@")) > -1)
domain = subjectName.substring(index + 1);
else
domain = subjectName;
try {
certificates = proxy.getCertificatesForOwner(domain, null);
} catch (Exception e) {
throw new NHINDException("WebService error getting certificates by domain: " + e.getMessage(), e);
}
}
if (certificates == null || certificates.length == 0)
return Collections.emptyList();
Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
for (org.nhind.config.Certificate cert : certificates) {
X509Certificate storeCert = CertStoreUtils.certFromData(mgr, cert.getData());
retVal.add(storeCert);
if (localStoreDelegate != null) {
if (localStoreDelegate.contains(storeCert))
localStoreDelegate.update(storeCert);
else
localStoreDelegate.add(storeCert);
}
}
// add to JCS and cache
try {
if (cache != null)
cache.put(subjectName, retVal);
} catch (CacheException e) {
/*
* TODO: handle exception
*/
}
return retVal;
}
Also used :
CacheException(org.apache.jcs.access.exception.CacheException)
ArrayList(java.util.ArrayList)
NHINDException(org.nhindirect.stagent.NHINDException)
CacheException(org.apache.jcs.access.exception.CacheException)
NHINDException(org.nhindirect.stagent.NHINDException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Example 30 with NHINDException
use of org.nhindirect.stagent.NHINDException in project nhin-d by DirectProject.
the class ConfigServiceRESTCertificateStore method lookupFromConfigStore.
private Collection<X509Certificate> lookupFromConfigStore(String subjectName) {
String domain;
Collection<org.nhindirect.config.model.Certificate> certificates;
try {
certificates = certService.getCertificatesByOwner(subjectName);
} catch (Exception e) {
throw new NHINDException("WebService error getting certificates by subject: " + e.getMessage(), e);
}
if (certificates == null || certificates.isEmpty()) {
// try again with the domain name
int index;
if ((index = subjectName.indexOf("@")) > -1)
domain = subjectName.substring(index + 1);
else
domain = subjectName;
try {
certificates = certService.getCertificatesByOwner(domain);
} catch (Exception e) {
throw new NHINDException("WebService error getting certificates by domain: " + e.getMessage(), e);
}
}
if (certificates == null || certificates.isEmpty())
return Collections.emptyList();
Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
for (org.nhindirect.config.model.Certificate cert : certificates) {
X509Certificate storeCert = CertStoreUtils.certFromData(mgr, cert.getData());
retVal.add(storeCert);
}
// add to JCS and cache
try {
if (cache != null)
cache.put(subjectName, retVal);
} catch (CacheException e) {
/*
* TODO: handle exception
*/
}
return retVal;
}
Also used :
CacheException(org.apache.jcs.access.exception.CacheException)
ArrayList(java.util.ArrayList)
NHINDException(org.nhindirect.stagent.NHINDException)
CacheException(org.apache.jcs.access.exception.CacheException)
NHINDException(org.nhindirect.stagent.NHINDException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
NHINDException (org.nhindirect.stagent.NHINDException)45
X509Certificate (java.security.cert.X509Certificate)30
ArrayList (java.util.ArrayList)14
ByteArrayInputStream (java.io.ByteArrayInputStream)13
IOException (java.io.IOException)11
Key (java.security.Key)10
PrivateKey (java.security.PrivateKey)10
KeyStore (java.security.KeyStore)9
CacheException (org.apache.jcs.access.exception.CacheException)7
X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)7
MessagingException (javax.mail.MessagingException)6
Collection (java.util.Collection)4
UnknownHostException (java.net.UnknownHostException)3
PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)3
Certificate (java.security.cert.Certificate)3
InternetHeaders (javax.mail.internet.InternetHeaders)3
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)3
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3
MutableKeyStoreProtectionManager (org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)3
File (java.io.File)2
