Example 1 with KeyStoreCertificateStore
use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.
the class CRLManagerTest method testCrlManager.
/**
* Test the CRLManager class with normal and non-normal input.
*/
public void testCrlManager() {
String tmp = this.getClass().getClassLoader().getResource("crl/certs.crl").getPath();
final String workingDir = tmp.substring(0, tmp.lastIndexOf("/") + 1).replaceAll("%20", " ");
String internalKeystoreFile = workingDir + "keystore";
KeyStoreCertificateStore service = new KeyStoreCertificateStore(internalKeystoreFile, KEY_STORE_PASSWORD, PRIVATE_KEY_PASSWORD);
RevocationManager crlManager = new CRLRevocationManager() {
@Override
protected String getNameString(String generalNameString) {
String s = super.getNameString(generalNameString);
return s.replace("http://JUNIT", "file://" + workingDir);
}
};
assertEquals("Output does not match expected", false, crlManager.isRevoked(null));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("valid")));
assertEquals("Output does not match expected", true, crlManager.isRevoked(service.getByAlias("revoked")));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("gm2552")));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("missing")));
// Hit cache
assertEquals("Output does not match expected", false, crlManager.isRevoked(null));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("valid")));
assertEquals("Output does not match expected", true, crlManager.isRevoked(service.getByAlias("revoked")));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("gm2552")));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("missing")));
}
Also used :
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
CRLRevocationManager(org.nhindirect.stagent.cert.impl.CRLRevocationManager)
RevocationManager(org.nhindirect.stagent.cert.RevocationManager)
CRLRevocationManager(org.nhindirect.stagent.cert.impl.CRLRevocationManager)
Example 2 with KeyStoreCertificateStore
use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.
the class CertResolverTestModule method configure.
protected void configure() {
CertificateResolver resolver = new KeyStoreCertificateStore(keyStoreFile, keyStorePassword, keyStorePrivPassword);
Collection<CertificateResolver> certResolvers = Arrays.asList(resolver);
bindConstant().annotatedWith(CertStoreKeyFile.class).to(keyStoreFile);
bindConstant().annotatedWith(CertStoreKeyFilePassword.class).to(keyStorePassword);
bindConstant().annotatedWith(CertStoreKeyFilePrivKeyPassword.class).to(keyStorePrivPassword);
this.bind(CertificateResolver.class).annotatedWith(PrivateCerts.class).to(KeyStoreCertificateStore.class);
this.bind(TestUtils.collectionOf(CertificateResolver.class)).annotatedWith(PublicCerts.class).toInstance(certResolvers);
}
Also used :
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
PublicCerts(org.nhindirect.stagent.annotation.PublicCerts)
CertStoreKeyFilePassword(org.nhindirect.stagent.cert.impl.annotation.CertStoreKeyFilePassword)
CertStoreKeyFile(org.nhindirect.stagent.cert.impl.annotation.CertStoreKeyFile)
CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)
CertStoreKeyFilePrivKeyPassword(org.nhindirect.stagent.cert.impl.annotation.CertStoreKeyFilePrivKeyPassword)
PrivateCerts(org.nhindirect.stagent.annotation.PrivateCerts)
Example 3 with KeyStoreCertificateStore
use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.
the class TrustChainValidator_IntermidiateCert_Test method testValidateCert_FindIntermediateByAltName_AssertValidated.
public void testValidateCert_FindIntermediateByAltName_AssertValidated() throws Exception {
X509Certificate anchor = certFromData(getCertificateFileData("Test Alt Name CA ROO.der"));
X509Certificate certToValidate = certFromData(getCertificateFileData("altNameOnly.der"));
CertificateResolver publicCertResolver = new KeyStoreCertificateStore("src/test/resources/keystores/internalKeystore", "h3||0 wor|d", "pKpa$$wd");
TrustChainValidator validator = new TrustChainValidator();
validator.setCertificateResolver(Arrays.asList(publicCertResolver));
boolean isTrusted = false;
try {
isTrusted = validator.isTrusted(certToValidate, Arrays.asList(anchor));
} catch (Exception e) {
}
assertTrue(isTrusted);
}
Also used :
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver)
X509Certificate(java.security.cert.X509Certificate)
NHINDException(org.nhindirect.stagent.NHINDException)
Example 4 with KeyStoreCertificateStore
use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.
the class RESTSmtpAgentConfig method getAnchorsFromNonWS.
@Override
protected void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> incomingAnchors, Map<String, Collection<X509Certificate>> outgoingAnchors, String storeType) {
ArrayList<String> incomingLookups = new ArrayList<String>();
ArrayList<String> outgoingLookups = new ArrayList<String>();
for (String domain : domains) {
incomingLookups.add(domain + "IncomingAnchorAliases");
outgoingLookups.add(domain + "OutgoingAnchorAliases");
}
Collection<Setting> incomingAliasSettings = new ArrayList<Setting>();
Collection<Setting> outgoingAliasSettings = new ArrayList<Setting>();
for (String lookup : incomingLookups) {
try {
Setting st = settingsService.getSetting(lookup);
if (st != null)
incomingAliasSettings.add(st);
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
}
}
for (String lookup : outgoingLookups) {
try {
Setting st = settingsService.getSetting(lookup);
if (st != null)
outgoingAliasSettings.add(st);
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
}
}
// get the anchors from the correct store
if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
Setting file;
Setting pass;
Setting privKeyPass;
try {
file = settingsService.getSetting("AnchorKeyStoreFile");
pass = settingsService.getSetting("AnchorKeyStoreFilePass");
privKeyPass = settingsService.getSetting("AnchorKeyStorePrivKeyPass");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e.getMessage(), e);
}
KeyStoreCertificateStore store = new KeyStoreCertificateStore((file == null) ? null : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
} else if (storeType.equalsIgnoreCase(STORE_TYPE_LDAP)) {
LDAPCertificateStore ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider("TrustAnchor", "LDAPTrustAnchorStore").get();
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
}
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
Setting(org.nhindirect.config.model.Setting)
ArrayList(java.util.ArrayList)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
Collection(java.util.Collection)
Example 5 with KeyStoreCertificateStore
use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method getAnchorsFromNonWS.
protected void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> incomingAnchors, Map<String, Collection<X509Certificate>> outgoingAnchors, String storeType) {
// get the anchor aliases for each domain... better performance to do one web call
// little more code here, but better to take hit here instead of over the wire
ArrayList<String> incomingLookups = new ArrayList<String>();
ArrayList<String> outgoingLookups = new ArrayList<String>();
for (String domain : domains) {
incomingLookups.add(domain + "IncomingAnchorAliases");
outgoingLookups.add(domain + "OutgoingAnchorAliases");
}
Setting[] incomingAliasSettings;
Setting[] outgoingAliasSettings;
try {
incomingAliasSettings = cfService.getSettingsByNames(incomingLookups.toArray(new String[incomingLookups.size()]));
outgoingAliasSettings = cfService.getSettingsByNames(outgoingLookups.toArray(new String[outgoingLookups.size()]));
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
}
// get the anchors from the correct store
if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
Setting file;
Setting pass;
Setting privKeyPass;
try {
file = cfService.getSettingByName("AnchorKeyStoreFile");
pass = cfService.getSettingByName("AnchorKeyStoreFilePass");
privKeyPass = cfService.getSettingByName("AnchorKeyStorePrivKeyPass");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e.getMessage(), e);
}
KeyStoreCertificateStore store = new KeyStoreCertificateStore((file == null) ? null : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
} else if (storeType.equalsIgnoreCase(STORE_TYPE_LDAP)) {
LDAPCertificateStore ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider("TrustAnchor", "LDAPTrustAnchorStore").get();
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
}
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
Setting(org.nhind.config.Setting)
ArrayList(java.util.ArrayList)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
Collection(java.util.Collection)
Aggregations
KeyStoreCertificateStore (org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)6
X509Certificate (java.security.cert.X509Certificate)4
ArrayList (java.util.ArrayList)3
Collection (java.util.Collection)3
SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)3
LDAPCertificateStore (org.nhindirect.stagent.cert.impl.LDAPCertificateStore)3
AddressException (javax.mail.internet.AddressException)2
PolicyParseException (org.nhindirect.policy.PolicyParseException)2
CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)2
IOException (java.io.IOException)1
CertificateException (java.security.cert.CertificateException)1
HashMap (java.util.HashMap)1
Entry (java.util.Map.Entry)1
Setting (org.nhind.config.Setting)1
Setting (org.nhindirect.config.model.Setting)1
NHINDException (org.nhindirect.stagent.NHINDException)1
PrivateCerts (org.nhindirect.stagent.annotation.PrivateCerts)1
PublicCerts (org.nhindirect.stagent.annotation.PublicCerts)1
RevocationManager (org.nhindirect.stagent.cert.RevocationManager)1
CRLRevocationManager (org.nhindirect.stagent.cert.impl.CRLRevocationManager)1
