Example 26 with CertificateResolver
use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.
the class TrustTest method main.
public static void main(String[] args) {
CryptoExtensions.registerJCEProviders();
if (args.length == 0) {
printUsage();
System.exit(-1);
}
String[] servers = null;
String address = "";
String configServiceURL = "";
String bundleURL = "";
String certFileName = "";
String[] anchorFiles = null;
// Check parameters
for (int i = 0; i < args.length; i++) {
String arg = args[i];
// Options
if (!arg.startsWith("-")) {
System.err.println("Error: Unexpected argument [" + arg + "]\n");
printUsage();
System.exit(-1);
} else if (arg.equalsIgnoreCase("-cert")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing certificate file name");
System.exit(-1);
}
certFileName = args[++i];
} else if (arg.equalsIgnoreCase("-address")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing the email address");
System.exit(-1);
}
address = args[++i];
} else if (arg.equalsIgnoreCase("-bundleURL")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing bundle URL");
System.exit(-1);
}
bundleURL = args[++i];
} else if (arg.equalsIgnoreCase("-configServiceURL")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing config service URL");
System.exit(-1);
}
configServiceURL = args[++i];
} else if (arg.equals("-anchors")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing anchor file names");
System.exit(-1);
}
anchorFiles = args[++i].split(",");
} else if (arg.equals("-server")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing DNS server list");
System.exit(-1);
}
servers = args[++i].split(",");
} else if (arg.equals("-help")) {
printUsage();
System.exit(-1);
} else {
System.err.println("Error: Unknown argument " + arg + "\n");
printUsage();
System.exit(-1);
}
}
if (StringUtils.isEmpty(certFileName) && StringUtils.isEmpty(address)) {
System.err.println("You must provide the name of the certificate file or an email address/domain to test.");
printUsage();
}
if ((anchorFiles == null || anchorFiles.length == 0) && bundleURL.isEmpty() && configServiceURL.isEmpty()) {
System.err.println("You must provide the name of the anchor files, a bundle URL, or config service URL.");
printUsage();
}
X509Certificate certToTest = null;
if (!StringUtils.isEmpty(certFileName)) {
final File certFileToTest = new File(certFileName);
if (!certFileToTest.exists()) {
System.out.println("Certificate file " + certFileName + " does not exist.");
System.exit(-1);
return;
}
try {
certToTest = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(FileUtils.openInputStream(certFileToTest));
} catch (Exception e) {
System.out.println("Failed to load certificate: " + e.getLocalizedMessage());
System.exit(-1);
return;
}
} else {
final DNSCertificateStore dnsStore = (servers != null) ? new DNSCertificateStore(Arrays.asList(servers)) : new DNSCertificateStore();
try {
Collection<X509Certificate> certs = dnsStore.getCertificates(new InternetAddress(address));
if (certs == null || certs.size() == 0) {
System.out.println("No certs found");
System.exit(-1);
return;
} else {
System.out.println("Found " + certs.size() + " certificates via DNS");
certToTest = certs.iterator().next();
}
} catch (Exception e) {
System.out.println("Failed to load certificate via DNS: " + e.getLocalizedMessage());
System.exit(-1);
return;
}
}
try {
final Collection<X509Certificate> anchors = new ArrayList<X509Certificate>();
if (anchorFiles != null && anchorFiles.length > 0) {
for (String anchorToLoad : anchorFiles) {
final File anchorFile = new File(anchorToLoad);
if (!anchorFile.exists()) {
System.out.println("Anchor file " + certFileName + " does not exist.");
System.exit(-1);
return;
}
anchors.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(FileUtils.openInputStream(anchorFile)));
}
}
if (!bundleURL.isEmpty()) {
final byte[] bundleBytes = downloadBundleToByteArray(bundleURL);
if (bundleBytes == null) {
System.out.println("Could not get bundle at URL " + bundleURL);
System.exit(-1);
}
final Collection<X509Certificate> bundleAnchors = convertRawBundleToAnchorCollection(bundleBytes);
anchors.addAll(bundleAnchors);
}
final TrustChainValidator chainValidator = new TrustChainValidator();
final Collection<CertificateResolver> intermediateResolvers = Arrays.asList((CertificateResolver) new DNSCertificateStore());
chainValidator.setCertificateResolver(intermediateResolvers);
boolean isTrusted = chainValidator.isTrusted(certToTest, anchors);
if (isTrusted)
System.out.println("Certificate is trusted");
else
System.out.println("Certificate is NOT trusted");
} catch (Exception e) {
e.printStackTrace();
}
System.exit(0);
}
Also used :
InternetAddress(javax.mail.internet.InternetAddress)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
DNSCertificateStore(org.nhindirect.stagent.cert.impl.DNSCertificateStore)
TrustChainValidator(org.nhindirect.stagent.trust.TrustChainValidator)
CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)
File(java.io.File)
Example 27 with CertificateResolver
use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.
the class DefaultNHINDAgent_bindAddressesOutgoingMessageTest method testBindAddresses_singlePublicCerts_policyFiltered_assertNoBoundPublicCerts.
public void testBindAddresses_singlePublicCerts_policyFiltered_assertNoBoundPublicCerts() throws Exception {
final X509Certificate cert = mock(X509Certificate.class);
final CertificateResolver publicCertResolver = mock(CertificateResolver.class);
when(publicCertResolver.getCertificates((InternetAddress) any())).thenReturn(Arrays.asList(cert));
final CertificateResolver privateCertResolver = mock(CertificateResolver.class);
when(privateCertResolver.getCertificates((InternetAddress) any())).thenReturn(new ArrayList<X509Certificate>());
final DefaultNHINDAgent agent = new DefaultNHINDAgent("Cerner.com", privateCertResolver, publicCertResolver, mock(TrustAnchorResolver.class)) {
@Override
protected Collection<X509Certificate> filterCertificatesByPolicy(InternetAddress sender, PolicyResolver resolver, Collection<X509Certificate> certsToFilter, boolean incoming) {
return Collections.emptyList();
}
};
final OutgoingMessage message = buildOutgoingMessage("MultipartMimeMessage.txt");
message.setAgent(agent);
agent.bindAddresses(message);
for (NHINDAddress recipient : message.getRecipients()) assertEquals(0, recipient.getCertificates().size());
}
Also used :
InternetAddress(javax.mail.internet.InternetAddress)
TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver)
PolicyResolver(org.nhindirect.stagent.policy.PolicyResolver)
Collection(java.util.Collection)
CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)
X509Certificate(java.security.cert.X509Certificate)
Example 28 with CertificateResolver
use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.
the class RESTSmtpAgentConfig method buildPublicCertStore.
@Override
@SuppressWarnings("unchecked")
protected void buildPublicCertStore() {
Provider<CertificateResolver> resolverProvider = null;
Collection<Provider<CertificateResolver>> resolverProviders = new ArrayList<Provider<CertificateResolver>>();
Setting setting = null;
String storeTypes;
try {
setting = settingsService.getSetting("PublicStoreType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store type: " + e.getMessage(), e);
}
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
// default to DNS
storeTypes = STORE_TYPE_DNS + "," + STORE_TYPE_PUBLIC_LDAP;
else
storeTypes = setting.getValue();
/*
* KeyStore based resolver
*/
String[] types = storeTypes.split(",");
for (String storeType : types) {
if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
Setting file;
Setting pass;
Setting privKeyPass;
try {
file = settingsService.getSetting("PublicStoreFile");
pass = settingsService.getSetting("PublicStoreFilePass");
privKeyPass = settingsService.getSetting("PublicStorePrivKeyPass");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store file settings: " + e.getMessage(), e);
}
resolverProvider = new KeyStoreCertificateStoreProvider((file == null) ? "PublicStoreKeyFile" : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
} else /*
* DNS resolver
*/
if (storeType.equalsIgnoreCase(STORE_TYPE_DNS)) {
resolverProvider = new DNSCertStoreProvider(Collections.EMPTY_LIST, null, new DNSCertificateStore.DefaultDNSCachePolicy());
} else /*
* Web Services
*/
if (storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
resolverProvider = new ConfigServiceRESTCertificateStoreProvider(certificateService, null, new ConfigServiceCertificateStore.DefaultConfigStoreCachePolicy(), this.storeProvider);
} else /*
* Public LDAP resolver
*/
if (storeType.equalsIgnoreCase(STORE_TYPE_PUBLIC_LDAP)) {
resolverProvider = new PublicLdapCertificateStoreProvider(null, new LDAPCertificateStore.DefaultLDAPCachePolicy());
} else /*
* Default to DNS with a default cache policy
*/
{
resolverProvider = new DNSCertStoreProvider(Collections.EMPTY_LIST, null, new DNSCertificateStore.DefaultDNSCachePolicy());
}
resolverProviders.add(resolverProvider);
}
publicCertModule = new PublicCertStoreModule(resolverProviders);
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
KeyStoreCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider)
Setting(org.nhindirect.config.model.Setting)
PublicCertStoreModule(org.nhindirect.stagent.module.PublicCertStoreModule)
ArrayList(java.util.ArrayList)
ConfigServiceRESTCertificateStoreProvider(org.nhindirect.gateway.smtp.config.cert.impl.provider.ConfigServiceRESTCertificateStoreProvider)
PublicLdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
ConfigServiceRESTCertificateStoreProvider(org.nhindirect.gateway.smtp.config.cert.impl.provider.ConfigServiceRESTCertificateStoreProvider)
KeyStoreCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider)
MultiDomainTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)
UniformTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider)
DNSCertStoreProvider(org.nhindirect.stagent.cert.impl.provider.DNSCertStoreProvider)
PublicLdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider)
DomainPolicyResolverProvider(org.nhindirect.stagent.policy.impl.provider.DomainPolicyResolverProvider)
LdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)
Provider(com.google.inject.Provider)
DNSCertificateStore(org.nhindirect.stagent.cert.impl.DNSCertificateStore)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
DNSCertStoreProvider(org.nhindirect.stagent.cert.impl.provider.DNSCertStoreProvider)
CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)
Example 29 with CertificateResolver
use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method buildPublicCertStore.
/*
* Build the certificate resolver for public certificates
*/
@SuppressWarnings("unchecked")
protected void buildPublicCertStore() {
Provider<CertificateResolver> resolverProvider = null;
Collection<Provider<CertificateResolver>> resolverProviders = new ArrayList<Provider<CertificateResolver>>();
Setting setting = null;
String storeTypes;
try {
setting = cfService.getSettingByName("PublicStoreType");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store type: " + e.getMessage(), e);
}
if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
// default to DNS
storeTypes = STORE_TYPE_DNS + "," + STORE_TYPE_PUBLIC_LDAP;
else
storeTypes = setting.getValue();
/*
* KeyStore based resolver
*/
String[] types = storeTypes.split(",");
for (String storeType : types) {
if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
Setting file;
Setting pass;
Setting privKeyPass;
try {
file = cfService.getSettingByName("PublicStoreFile");
pass = cfService.getSettingByName("PublicStoreFilePass");
privKeyPass = cfService.getSettingByName("PublicStorePrivKeyPass");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store file settings: " + e.getMessage(), e);
}
resolverProvider = new KeyStoreCertificateStoreProvider((file == null) ? "PublicStoreKeyFile" : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
} else /*
* DNS resolver
*/
if (storeType.equalsIgnoreCase(STORE_TYPE_DNS)) {
resolverProvider = new DNSCertStoreProvider(Collections.EMPTY_LIST, null, new DNSCertificateStore.DefaultDNSCachePolicy());
} else /*
* Web Services
*/
if (storeType.equalsIgnoreCase(STORE_TYPE_WS)) {
resolverProvider = new ConfigServiceCertificateStoreProvider(cfService, null, new ConfigServiceCertificateStore.DefaultConfigStoreCachePolicy(), this.storeProvider);
} else /*
* Public LDAP resolver
*/
if (storeType.equalsIgnoreCase(STORE_TYPE_PUBLIC_LDAP)) {
resolverProvider = new PublicLdapCertificateStoreProvider(null, new LDAPCertificateStore.DefaultLDAPCachePolicy());
} else /*
* Default to DNS with a default cache policy
*/
{
resolverProvider = new DNSCertStoreProvider(Collections.EMPTY_LIST, null, new DNSCertificateStore.DefaultDNSCachePolicy());
}
resolverProviders.add(resolverProvider);
}
publicCertModule = new PublicCertStoreModule(resolverProviders);
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
ConfigServiceCertificateStoreProvider(org.nhindirect.gateway.smtp.config.cert.impl.provider.ConfigServiceCertificateStoreProvider)
KeyStoreCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider)
Setting(org.nhind.config.Setting)
PublicCertStoreModule(org.nhindirect.stagent.module.PublicCertStoreModule)
ArrayList(java.util.ArrayList)
PublicLdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
DefaultSmtpAgentProvider(org.nhindirect.gateway.smtp.provider.DefaultSmtpAgentProvider)
KeyStoreCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider)
ConfigServiceCertificateStoreProvider(org.nhindirect.gateway.smtp.config.cert.impl.provider.ConfigServiceCertificateStoreProvider)
MultiDomainTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)
UniformTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider)
DNSCertStoreProvider(org.nhindirect.stagent.cert.impl.provider.DNSCertStoreProvider)
PublicLdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider)
DomainPolicyResolverProvider(org.nhindirect.stagent.policy.impl.provider.DomainPolicyResolverProvider)
LdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)
Provider(com.google.inject.Provider)
DNSCertificateStore(org.nhindirect.stagent.cert.impl.DNSCertificateStore)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
DNSCertStoreProvider(org.nhindirect.stagent.cert.impl.provider.DNSCertStoreProvider)
CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)
Example 30 with CertificateResolver
use of org.nhindirect.stagent.cert.CertificateResolver in project nhin-d by DirectProject.
the class TrustChainValidator_resolveIssuersTest method testResolveIssuers_noAIAExists_notAvailViaResolver_validateNotResolved.
public void testResolveIssuers_noAIAExists_notAvailViaResolver_validateNotResolved() throws Exception {
final TrustChainValidatorWrapper validator = new TrustChainValidatorWrapper() {
protected Collection<X509Certificate> downloadCertsFromAIA(String url) throws NHINDException {
throw new NHINDException();
}
};
validator.setCertificateResolver(new ArrayList<CertificateResolver>());
final Collection<X509Certificate> resolvedIssuers = new ArrayList<X509Certificate>();
final Collection<X509Certificate> anchors = new ArrayList<X509Certificate>();
final TrustChainValidatorWrapper spyValidator = spy(validator);
spyValidator.resolveIssuers(TestUtils.loadCertificate("altNameOnly.der"), resolvedIssuers, 0, anchors);
assertEquals(0, resolvedIssuers.size());
verify(spyValidator, times(0)).downloadCertsFromAIA((String) any());
}
Also used :
TrustChainValidatorWrapper(org.nhindirect.stagent.trust.TrustChainValidator_getIntermediateCertsByAIATest.TrustChainValidatorWrapper)
ArrayList(java.util.ArrayList)
CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)
NHINDException(org.nhindirect.stagent.NHINDException)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)34
X509Certificate (java.security.cert.X509Certificate)21
TrustAnchorResolver (org.nhindirect.stagent.trust.TrustAnchorResolver)12
InternetAddress (javax.mail.internet.InternetAddress)9
KeyStoreCertificateStoreProvider (org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider)6
ArrayList (java.util.ArrayList)5
AddressException (javax.mail.internet.AddressException)5
SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)5
DefaultNHINDAgent (org.nhindirect.stagent.DefaultNHINDAgent)5
NHINDException (org.nhindirect.stagent.NHINDException)5
PublicLdapCertificateStoreProvider (org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider)5
DefaultTrustAnchorResolver (org.nhindirect.stagent.trust.DefaultTrustAnchorResolver)5
Collection (java.util.Collection)4
PolicyParseException (org.nhindirect.policy.PolicyParseException)4
OptionsParameter (org.nhindirect.stagent.options.OptionsParameter)4
PolicyResolver (org.nhindirect.stagent.policy.PolicyResolver)4
DNSCertificateStore (org.nhindirect.stagent.cert.impl.DNSCertificateStore)3
LDAPCertificateStore (org.nhindirect.stagent.cert.impl.LDAPCertificateStore)3
DNSCertStoreProvider (org.nhindirect.stagent.cert.impl.provider.DNSCertStoreProvider)3
PrivateCertStoreModule (org.nhindirect.stagent.module.PrivateCertStoreModule)3
