Search in sources :

Example 1 with KeyStoreCertificateStore

use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.

the class CRLManagerTest method testCrlManager.

/**
     * Test the CRLManager class with normal and non-normal input.
     */
public void testCrlManager() {
    String tmp = this.getClass().getClassLoader().getResource("crl/certs.crl").getPath();
    final String workingDir = tmp.substring(0, tmp.lastIndexOf("/") + 1).replaceAll("%20", " ");
    String internalKeystoreFile = workingDir + "keystore";
    KeyStoreCertificateStore service = new KeyStoreCertificateStore(internalKeystoreFile, KEY_STORE_PASSWORD, PRIVATE_KEY_PASSWORD);
    RevocationManager crlManager = new CRLRevocationManager() {

        @Override
        protected String getNameString(String generalNameString) {
            String s = super.getNameString(generalNameString);
            return s.replace("http://JUNIT", "file://" + workingDir);
        }
    };
    assertEquals("Output does not match expected", false, crlManager.isRevoked(null));
    assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("valid")));
    assertEquals("Output does not match expected", true, crlManager.isRevoked(service.getByAlias("revoked")));
    assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("gm2552")));
    assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("missing")));
    // Hit cache
    assertEquals("Output does not match expected", false, crlManager.isRevoked(null));
    assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("valid")));
    assertEquals("Output does not match expected", true, crlManager.isRevoked(service.getByAlias("revoked")));
    assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("gm2552")));
    assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("missing")));
}
Also used : KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore) CRLRevocationManager(org.nhindirect.stagent.cert.impl.CRLRevocationManager) RevocationManager(org.nhindirect.stagent.cert.RevocationManager) CRLRevocationManager(org.nhindirect.stagent.cert.impl.CRLRevocationManager)

Example 2 with KeyStoreCertificateStore

use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.

the class CertResolverTestModule method configure.

protected void configure() {
    CertificateResolver resolver = new KeyStoreCertificateStore(keyStoreFile, keyStorePassword, keyStorePrivPassword);
    Collection<CertificateResolver> certResolvers = Arrays.asList(resolver);
    bindConstant().annotatedWith(CertStoreKeyFile.class).to(keyStoreFile);
    bindConstant().annotatedWith(CertStoreKeyFilePassword.class).to(keyStorePassword);
    bindConstant().annotatedWith(CertStoreKeyFilePrivKeyPassword.class).to(keyStorePrivPassword);
    this.bind(CertificateResolver.class).annotatedWith(PrivateCerts.class).to(KeyStoreCertificateStore.class);
    this.bind(TestUtils.collectionOf(CertificateResolver.class)).annotatedWith(PublicCerts.class).toInstance(certResolvers);
}
Also used : KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore) PublicCerts(org.nhindirect.stagent.annotation.PublicCerts) CertStoreKeyFilePassword(org.nhindirect.stagent.cert.impl.annotation.CertStoreKeyFilePassword) CertStoreKeyFile(org.nhindirect.stagent.cert.impl.annotation.CertStoreKeyFile) CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver) CertStoreKeyFilePrivKeyPassword(org.nhindirect.stagent.cert.impl.annotation.CertStoreKeyFilePrivKeyPassword) PrivateCerts(org.nhindirect.stagent.annotation.PrivateCerts)

Example 3 with KeyStoreCertificateStore

use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.

the class TrustChainValidator_IntermidiateCert_Test method testValidateCert_FindIntermediateByAltName_AssertValidated.

public void testValidateCert_FindIntermediateByAltName_AssertValidated() throws Exception {
    X509Certificate anchor = certFromData(getCertificateFileData("Test Alt Name CA ROO.der"));
    X509Certificate certToValidate = certFromData(getCertificateFileData("altNameOnly.der"));
    CertificateResolver publicCertResolver = new KeyStoreCertificateStore("src/test/resources/keystores/internalKeystore", "h3||0 wor|d", "pKpa$$wd");
    TrustChainValidator validator = new TrustChainValidator();
    validator.setCertificateResolver(Arrays.asList(publicCertResolver));
    boolean isTrusted = false;
    try {
        isTrusted = validator.isTrusted(certToValidate, Arrays.asList(anchor));
    } catch (Exception e) {
    }
    assertTrue(isTrusted);
}
Also used : KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore) CertificateResolver(org.nhindirect.stagent.cert.CertificateResolver) X509Certificate(java.security.cert.X509Certificate) NHINDException(org.nhindirect.stagent.NHINDException)

Example 4 with KeyStoreCertificateStore

use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.

the class RESTSmtpAgentConfig method getAnchorsFromNonWS.

@Override
protected void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> incomingAnchors, Map<String, Collection<X509Certificate>> outgoingAnchors, String storeType) {
    ArrayList<String> incomingLookups = new ArrayList<String>();
    ArrayList<String> outgoingLookups = new ArrayList<String>();
    for (String domain : domains) {
        incomingLookups.add(domain + "IncomingAnchorAliases");
        outgoingLookups.add(domain + "OutgoingAnchorAliases");
    }
    Collection<Setting> incomingAliasSettings = new ArrayList<Setting>();
    Collection<Setting> outgoingAliasSettings = new ArrayList<Setting>();
    for (String lookup : incomingLookups) {
        try {
            Setting st = settingsService.getSetting(lookup);
            if (st != null)
                incomingAliasSettings.add(st);
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
        }
    }
    for (String lookup : outgoingLookups) {
        try {
            Setting st = settingsService.getSetting(lookup);
            if (st != null)
                outgoingAliasSettings.add(st);
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
        }
    }
    // get the anchors from the correct store
    if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
        Setting file;
        Setting pass;
        Setting privKeyPass;
        try {
            file = settingsService.getSetting("AnchorKeyStoreFile");
            pass = settingsService.getSetting("AnchorKeyStoreFilePass");
            privKeyPass = settingsService.getSetting("AnchorKeyStorePrivKeyPass");
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e.getMessage(), e);
        }
        KeyStoreCertificateStore store = new KeyStoreCertificateStore((file == null) ? null : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
        // get incoming anchors
        if (incomingAliasSettings != null) {
            for (Setting setting : incomingAliasSettings) {
                Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
                String[] aliases = setting.getValue().split(",");
                for (String alias : aliases) {
                    X509Certificate cert = store.getByAlias(alias);
                    if (cert != null) {
                        certs.add(cert);
                    }
                }
                incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
            }
        }
        // get outgoing anchors
        if (outgoingAliasSettings != null) {
            for (Setting setting : outgoingAliasSettings) {
                Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
                String[] aliases = setting.getValue().split(",");
                for (String alias : aliases) {
                    X509Certificate cert = store.getByAlias(alias);
                    if (cert != null) {
                        certs.add(cert);
                    }
                }
                outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
            }
        }
    } else if (storeType.equalsIgnoreCase(STORE_TYPE_LDAP)) {
        LDAPCertificateStore ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider("TrustAnchor", "LDAPTrustAnchorStore").get();
        // get incoming anchors
        if (incomingAliasSettings != null) {
            for (Setting setting : incomingAliasSettings) {
                Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
                String[] aliases = setting.getValue().split(",");
                for (String alias : aliases) {
                    //TODO what if 2nd entry has no certs? Fail?
                    //each alias could have multiple certificates
                    certs.addAll(ldapCertificateStore.getCertificates(alias));
                }
                incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
            }
        }
        // get outgoing anchors
        if (outgoingAliasSettings != null) {
            for (Setting setting : outgoingAliasSettings) {
                Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
                String[] aliases = setting.getValue().split(",");
                for (String alias : aliases) {
                    //TODO what if 2nd entry has no certs? Fail?
                    //each alias could have multiple certificates
                    certs.addAll(ldapCertificateStore.getCertificates(alias));
                }
                outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
            }
        }
    }
}
Also used : SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) Setting(org.nhindirect.config.model.Setting) ArrayList(java.util.ArrayList) AddressException(javax.mail.internet.AddressException) SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) PolicyParseException(org.nhindirect.policy.PolicyParseException) X509Certificate(java.security.cert.X509Certificate) KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore) LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore) Collection(java.util.Collection)

Example 5 with KeyStoreCertificateStore

use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.

the class WSSmtpAgentConfig method getAnchorsFromNonWS.

protected void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> incomingAnchors, Map<String, Collection<X509Certificate>> outgoingAnchors, String storeType) {
    // get the anchor aliases for each domain... better performance to do one web call
    // little more code here, but better to take hit here instead of over the wire
    ArrayList<String> incomingLookups = new ArrayList<String>();
    ArrayList<String> outgoingLookups = new ArrayList<String>();
    for (String domain : domains) {
        incomingLookups.add(domain + "IncomingAnchorAliases");
        outgoingLookups.add(domain + "OutgoingAnchorAliases");
    }
    Setting[] incomingAliasSettings;
    Setting[] outgoingAliasSettings;
    try {
        incomingAliasSettings = cfService.getSettingsByNames(incomingLookups.toArray(new String[incomingLookups.size()]));
        outgoingAliasSettings = cfService.getSettingsByNames(outgoingLookups.toArray(new String[outgoingLookups.size()]));
    } catch (Exception e) {
        throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
    }
    // get the anchors from the correct store
    if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
        Setting file;
        Setting pass;
        Setting privKeyPass;
        try {
            file = cfService.getSettingByName("AnchorKeyStoreFile");
            pass = cfService.getSettingByName("AnchorKeyStoreFilePass");
            privKeyPass = cfService.getSettingByName("AnchorKeyStorePrivKeyPass");
        } catch (Exception e) {
            throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e.getMessage(), e);
        }
        KeyStoreCertificateStore store = new KeyStoreCertificateStore((file == null) ? null : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
        // get incoming anchors
        if (incomingAliasSettings != null) {
            for (Setting setting : incomingAliasSettings) {
                Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
                String[] aliases = setting.getValue().split(",");
                for (String alias : aliases) {
                    X509Certificate cert = store.getByAlias(alias);
                    if (cert != null) {
                        certs.add(cert);
                    }
                }
                incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
            }
        }
        // get outgoing anchors
        if (outgoingAliasSettings != null) {
            for (Setting setting : outgoingAliasSettings) {
                Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
                String[] aliases = setting.getValue().split(",");
                for (String alias : aliases) {
                    X509Certificate cert = store.getByAlias(alias);
                    if (cert != null) {
                        certs.add(cert);
                    }
                }
                outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
            }
        }
    } else if (storeType.equalsIgnoreCase(STORE_TYPE_LDAP)) {
        LDAPCertificateStore ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider("TrustAnchor", "LDAPTrustAnchorStore").get();
        // get incoming anchors
        if (incomingAliasSettings != null) {
            for (Setting setting : incomingAliasSettings) {
                Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
                String[] aliases = setting.getValue().split(",");
                for (String alias : aliases) {
                    //TODO what if 2nd entry has no certs? Fail?
                    //each alias could have multiple certificates
                    certs.addAll(ldapCertificateStore.getCertificates(alias));
                }
                incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
            }
        }
        // get outgoing anchors
        if (outgoingAliasSettings != null) {
            for (Setting setting : outgoingAliasSettings) {
                Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
                String[] aliases = setting.getValue().split(",");
                for (String alias : aliases) {
                    //TODO what if 2nd entry has no certs? Fail?
                    //each alias could have multiple certificates
                    certs.addAll(ldapCertificateStore.getCertificates(alias));
                }
                outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
            }
        }
    }
}
Also used : SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) Setting(org.nhind.config.Setting) ArrayList(java.util.ArrayList) AddressException(javax.mail.internet.AddressException) SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) PolicyParseException(org.nhindirect.policy.PolicyParseException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore) LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore) Collection(java.util.Collection)

Aggregations

KeyStoreCertificateStore (org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)6 X509Certificate (java.security.cert.X509Certificate)4 ArrayList (java.util.ArrayList)3 Collection (java.util.Collection)3 SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)3 LDAPCertificateStore (org.nhindirect.stagent.cert.impl.LDAPCertificateStore)3 AddressException (javax.mail.internet.AddressException)2 PolicyParseException (org.nhindirect.policy.PolicyParseException)2 CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)2 IOException (java.io.IOException)1 CertificateException (java.security.cert.CertificateException)1 HashMap (java.util.HashMap)1 Entry (java.util.Map.Entry)1 Setting (org.nhind.config.Setting)1 Setting (org.nhindirect.config.model.Setting)1 NHINDException (org.nhindirect.stagent.NHINDException)1 PrivateCerts (org.nhindirect.stagent.annotation.PrivateCerts)1 PublicCerts (org.nhindirect.stagent.annotation.PublicCerts)1 RevocationManager (org.nhindirect.stagent.cert.RevocationManager)1 CRLRevocationManager (org.nhindirect.stagent.cert.impl.CRLRevocationManager)1