Examples with KeyStoreCertificateStore - org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore

Example 6 with KeyStoreCertificateStore

use of org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore in project nhin-d by DirectProject.

the class XMLSmtpAgentConfig method buildTrustAnchorResolver.

/*
	 * Builds the resolver used to find trust anchors.
	 */
protected void buildTrustAnchorResolver(Element anchorStoreNode, Map<String, Collection<String>> incomingAnchorHolder, Map<String, Collection<String>> outgoingAnchorHolder) {
    Provider<TrustAnchorResolver> provider = null;
    String storeType = anchorStoreNode.getAttribute("storeType");
    Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
    Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
    /*
		 * anchors are store in a key store
		 */
    if (storeType.equalsIgnoreCase("keystore")) {
        KeyStoreCertificateStore store = new KeyStoreCertificateStore(anchorStoreNode.getAttribute("file"), anchorStoreNode.getAttribute("filePass"), anchorStoreNode.getAttribute("privKeyPass"));
        // get incoming anchors
        for (Entry<String, Collection<String>> entries : incomingAnchorHolder.entrySet()) {
            Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
            for (String alias : entries.getValue()) {
                X509Certificate cert = store.getByAlias(alias);
                if (cert != null) {
                    certs.add(cert);
                }
            }
            incomingAnchors.put(entries.getKey(), certs);
        }
        // get outgoing anchors
        for (Entry<String, Collection<String>> entries : outgoingAnchorHolder.entrySet()) {
            Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
            for (String alias : entries.getValue()) {
                X509Certificate cert = store.getByAlias(alias);
                if (cert != null) {
                    certs.add(cert);
                }
            }
            outgoingAnchors.put(entries.getKey(), certs);
        }
    } else if (storeType.equalsIgnoreCase("ldap")) {
        ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider(anchorStoreNode, "LDAPTrustAnchorStore").get();
        // get incoming anchors
        for (Entry<String, Collection<String>> entries : incomingAnchorHolder.entrySet()) {
            Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
            for (String alias : entries.getValue()) {
                //TODO what if 2nd entry has no certs? Fail?
                //each alias could have multiple certificates
                certs.addAll(ldapCertificateStore.getCertificates(alias));
            }
            incomingAnchors.put(entries.getKey(), certs);
        }
        // get outgoing anchors
        for (Entry<String, Collection<String>> entries : outgoingAnchorHolder.entrySet()) {
            Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
            for (String alias : entries.getValue()) {
                certs.addAll(ldapCertificateStore.getCertificates(alias));
            }
            outgoingAnchors.put(entries.getKey(), certs);
        }
    }
    // determine what module to load to inject the trust anchor resolver implementation
    String type = anchorStoreNode.getAttribute("type");
    /*
		 * Uniform trust anchor
		 */
    if (type.equalsIgnoreCase("uniform")) {
        // this is uniform... doesn't really matter what we use for incoming or outgoing because in theory they should be
        // the same... just get the first collection in the incoming map
        provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
    } else if (type.equalsIgnoreCase("multidomain")) {
        provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
    } else {
        throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
    }
    certAnchorModule = TrustAnchorModule.create(provider);
}

Also used : SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore) Entry(java.util.Map.Entry) TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver) UniformTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider) LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore) Collection(java.util.Collection) MultiDomainTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)

Aggregations

KeyStoreCertificateStore (org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)6 X509Certificate (java.security.cert.X509Certificate)4 ArrayList (java.util.ArrayList)3 Collection (java.util.Collection)3 SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)3 LDAPCertificateStore (org.nhindirect.stagent.cert.impl.LDAPCertificateStore)3 AddressException (javax.mail.internet.AddressException)2 PolicyParseException (org.nhindirect.policy.PolicyParseException)2 CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)2 IOException (java.io.IOException)1 CertificateException (java.security.cert.CertificateException)1 HashMap (java.util.HashMap)1 Entry (java.util.Map.Entry)1 Setting (org.nhind.config.Setting)1 Setting (org.nhindirect.config.model.Setting)1 NHINDException (org.nhindirect.stagent.NHINDException)1 PrivateCerts (org.nhindirect.stagent.annotation.PrivateCerts)1 PublicCerts (org.nhindirect.stagent.annotation.PublicCerts)1 RevocationManager (org.nhindirect.stagent.cert.RevocationManager)1 CRLRevocationManager (org.nhindirect.stagent.cert.impl.CRLRevocationManager)1