Examples with CertificateResolver - org.nhindirect.stagent.cert.CertificateResolver

Example 21 with CertificateResolver

use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.

the class XMLSmtpAgentConfig method buildPrivateCertStore.

/*
	 * Build the certificates store that hold private certificates.
	 */
protected void buildPrivateCertStore(Node publicCertNode) {
    Provider<CertificateResolver> resolverProvider = null;
    if (publicCertNode.getNodeType() == Node.ELEMENT_NODE) {
        Element certNode = (Element) publicCertNode;
        String storeType = certNode.getAttribute("type");
        /*
			 * KeyStore based resolver
			 */
        if (storeType.equalsIgnoreCase("keystore")) {
            resolverProvider = new KeyStoreCertificateStoreProvider(certNode.getAttribute("file"), certNode.getAttribute("filePass"), certNode.getAttribute("privKeyPass"));
        } else if (storeType.equalsIgnoreCase("ldap")) {
            resolverProvider = buildLdapCertificateStoreProvider(certNode, "LDAPPrivateCertStore");
        } else {
            throw new SmtpAgentException(SmtpAgentError.InvalidPrivateCertStoreSettings);
        }
    }
    privateCertModule = new PrivateCertStoreModule(resolverProvider);
    ;
}

Also used : PrivateCertStoreModule(org.nhindirect.stagent.module.PrivateCertStoreModule) SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) KeyStoreCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider) Element(org.w3c.dom.Element) CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)

Example 22 with CertificateResolver

use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.

the class DefaultNHINDAgent_bindAddressesIncomingMessageTest method testBindAddresses_noPublicCerts_assertNoBoundPublicCerts.

public void testBindAddresses_noPublicCerts_assertNoBoundPublicCerts() throws Exception {
    final CertificateResolver publicCertResolver = mock(CertificateResolver.class);
    when(publicCertResolver.getCertificates((InternetAddress) any())).thenReturn(new ArrayList<X509Certificate>());
    final CertificateResolver privateCertResolver = mock(CertificateResolver.class);
    when(privateCertResolver.getCertificates((InternetAddress) any())).thenReturn(new ArrayList<X509Certificate>());
    final DefaultNHINDAgent agent = new DefaultNHINDAgent("starugh-stateline.com", privateCertResolver, publicCertResolver, mock(TrustAnchorResolver.class));
    final IncomingMessage message = buildIncomingMessage("MultipartMimeMessage.txt");
    message.setAgent(agent);
    agent.bindAddresses(message);
    assertEquals(0, message.getSender().getCertificates().size());
}

Also used : TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver) CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver) X509Certificate(java.security.cert.X509Certificate)

Example 23 with CertificateResolver

use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.

the class DefaultNHINDAgent_bindAddressesIncomingMessageTest method testBindAddresses_singlePublicCerts_notFiltered_assertSingleBoundPublicCerts.

public void testBindAddresses_singlePublicCerts_notFiltered_assertSingleBoundPublicCerts() throws Exception {
    final X509Certificate cert = mock(X509Certificate.class);
    final CertificateResolver publicCertResolver = mock(CertificateResolver.class);
    when(publicCertResolver.getCertificates((InternetAddress) any())).thenReturn(Arrays.asList(cert));
    final CertificateResolver privateCertResolver = mock(CertificateResolver.class);
    when(privateCertResolver.getCertificates((InternetAddress) any())).thenReturn(new ArrayList<X509Certificate>());
    final DefaultNHINDAgent agent = new DefaultNHINDAgent("starugh-stateline.com", privateCertResolver, publicCertResolver, mock(TrustAnchorResolver.class));
    final IncomingMessage message = buildIncomingMessage("MultipartMimeMessage.txt");
    message.setAgent(agent);
    agent.bindAddresses(message);
    assertEquals(1, message.getSender().getCertificates().size());
}

Example 24 with CertificateResolver

use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.

the class DefaultNHINDAgent_bindAddressesIncomingMessageTest method testBindAddresses_singlePublicCerts_policyFiltered_assertNoBoundPublicCerts.

public void testBindAddresses_singlePublicCerts_policyFiltered_assertNoBoundPublicCerts() throws Exception {
    final X509Certificate cert = mock(X509Certificate.class);
    final CertificateResolver publicCertResolver = mock(CertificateResolver.class);
    when(publicCertResolver.getCertificates((InternetAddress) any())).thenReturn(Arrays.asList(cert));
    final CertificateResolver privateCertResolver = mock(CertificateResolver.class);
    when(privateCertResolver.getCertificates((InternetAddress) any())).thenReturn(new ArrayList<X509Certificate>());
    final DefaultNHINDAgent agent = new DefaultNHINDAgent("starugh-stateline.com", privateCertResolver, publicCertResolver, mock(TrustAnchorResolver.class)) {

        @Override
        protected Collection<X509Certificate> filterCertificatesByPolicy(InternetAddress sender, PolicyResolver resolver, Collection<X509Certificate> certsToFilter, boolean incoming) {
            return Collections.emptyList();
        }
    };
    final IncomingMessage message = buildIncomingMessage("MultipartMimeMessage.txt");
    message.setAgent(agent);
    agent.bindAddresses(message);
    assertEquals(0, message.getSender().getCertificates().size());
}

Also used : InternetAddress(javax.mail.internet.InternetAddress) TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver) PolicyResolver(org.nhindirect.stagent.policy.PolicyResolver) Collection(java.util.Collection) CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver) X509Certificate(java.security.cert.X509Certificate)

Example 25 with CertificateResolver

use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.

the class TrustChainValidator method resolveIssuers.

protected void resolveIssuers(X509Certificate certificate, /*in-out*/
Collection<X509Certificate> issuers, int chainLength, Collection<X509Certificate> anchors) {
    X500Principal issuerPrin = certificate.getIssuerX500Principal();
    if (issuerPrin.equals(certificate.getSubjectX500Principal())) {
        // no intermediate between me, myself, and I
        return;
    }
    // look in the issuer list and see if the certificate issuer already exists in the list
    for (X509Certificate issuer : issuers) {
        if (issuerPrin.equals(issuer.getSubjectX500Principal()))
            // already found the certificate issuer... done
            return;
    }
    if (chainLength >= maxIssuerChainLength) {
        // bail out with what we have now
        return;
    }
    // first check to see there is an AIA extension with one ore more caIssuer entries and attempt to resolve the
    // intermediate via the URL
    final Collection<X509Certificate> issuerCerts = getIntermediateCertsByAIA(certificate);
    // of using resolvers
    if (issuerCerts.isEmpty()) {
        final String address = this.getIssuerAddress(certificate);
        if (address == null || address.isEmpty())
            // not much we can do about this... the resolver interface only knows how to work with addresses
            return;
        // multiple resolvers
        for (CertificateResolver publicResolver : certResolvers) {
            Collection<X509Certificate> holdCerts = null;
            try {
                holdCerts = publicResolver.getCertificates(new InternetAddress(address));
            } catch (AddressException e) {
                continue;
            } catch (Exception e) {
            /* no-op*/
            }
            if (holdCerts != null && holdCerts.size() > 0)
                issuerCerts.addAll(holdCerts);
        }
    }
    if (issuerCerts.size() == 0)
        // no intermediates.. just return
        return;
    boolean issuerFoundInAnchors = false;
    Collection<X509Certificate> searchForParentIssuers = new ArrayList<X509Certificate>();
    for (X509Certificate issuerCert : issuerCerts) {
        if (issuerCert.getSubjectX500Principal().equals(issuerPrin) && !isIssuerInCollection(issuers, issuerCert) && !isIssuerInAnchors(anchors, issuerCert)) /* if we hit an anchor then stop */
        {
            searchForParentIssuers.add(issuerCert);
        } else if (isIssuerInAnchors(anchors, issuerCert)) {
            issuerFoundInAnchors = true;
            break;
        }
    }
    // the go up the next level in the chain
    if (!issuerFoundInAnchors) {
        for (X509Certificate issuerCert : searchForParentIssuers) {
            issuers.add(issuerCert);
            // see if this issuer also has intermediate certs
            resolveIssuers(issuerCert, issuers, chainLength + 1, anchors);
        }
    }
}

Also used : InternetAddress(javax.mail.internet.InternetAddress) AddressException(javax.mail.internet.AddressException) ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver) X509Certificate(java.security.cert.X509Certificate) CertificateParsingException(java.security.cert.CertificateParsingException) AddressException(javax.mail.internet.AddressException) PolicyProcessException(org.nhindirect.policy.PolicyProcessException) NHINDException(org.nhindirect.stagent.NHINDException)

Aggregations

CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)34 X509Certificate (java.security.cert.X509Certificate)21 TrustAnchorResolver (org.nhindirect.stagent.trust.TrustAnchorResolver)12 InternetAddress (javax.mail.internet.InternetAddress)9 KeyStoreCertificateStoreProvider (org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider)6 ArrayList (java.util.ArrayList)5 AddressException (javax.mail.internet.AddressException)5 SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)5 DefaultNHINDAgent (org.nhindirect.stagent.DefaultNHINDAgent)5 NHINDException (org.nhindirect.stagent.NHINDException)5 PublicLdapCertificateStoreProvider (org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider)5 DefaultTrustAnchorResolver (org.nhindirect.stagent.trust.DefaultTrustAnchorResolver)5 Collection (java.util.Collection)4 PolicyParseException (org.nhindirect.policy.PolicyParseException)4 OptionsParameter (org.nhindirect.stagent.options.OptionsParameter)4 PolicyResolver (org.nhindirect.stagent.policy.PolicyResolver)4 DNSCertificateStore (org.nhindirect.stagent.cert.impl.DNSCertificateStore)3 LDAPCertificateStore (org.nhindirect.stagent.cert.impl.LDAPCertificateStore)3 DNSCertStoreProvider (org.nhindirect.stagent.cert.impl.provider.DNSCertStoreProvider)3 PrivateCertStoreModule (org.nhindirect.stagent.module.PrivateCertStoreModule)3