Example 1 with LDAPCertificateStore
use of org.nhindirect.stagent.cert.impl.LDAPCertificateStore in project nhin-d by DirectProject.
the class LDAPResearchTest method testLdapSearch.
@SuppressWarnings("unchecked")
public void testLdapSearch() throws Exception {
CertCacheFactory.getInstance().flushAll();
int port = configuration.getLdapPort();
String url = "ldap://localhost:" + port + "/" + "cn=lookupTest";
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
env.put(Context.SECURITY_CREDENTIALS, "secret");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
InitialContext initialContext = new InitialContext(env);
assertNotNull(initialContext);
DirContext dirContext = (DirContext) initialContext.lookup("");
Attributes attributes = dirContext.getAttributes("");
assertNotNull(attributes);
NamingEnumeration<Attribute> namingEnum = (NamingEnumeration<Attribute>) attributes.getAll();
while (namingEnum.hasMoreElements()) {
Attribute attr = namingEnum.nextElement();
System.out.println("Name: " + attr.getID() + "\r\nValue: " + attr.get() + "\r\n\r\n");
}
//Set<SearchResult> results = searchDNs( "(email=gm2552@cerner.com)", "", "ou=privKeys, ou=cerner, ou=com",
// SearchControls.SUBTREE_SCOPE , dirContext);
LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(new String[] { url }, "", "email", "privKeyStore", "X509");
LdapCertificateStoreProvider provider = new LdapCertificateStoreProvider(ldapStoreConfiguration, null, null);
LDAPCertificateStore certificateResolver = (LDAPCertificateStore) provider.get();
Collection<X509Certificate> certs = certificateResolver.getCertificates("gm2552@cerner.com");
/*LdapEnvironment ldapEnvironment = new LdapEnvironment(env, "privKeyStore", "", "email");
LdapCertUtilImpl ldapcertUtilImpl = new LdapCertUtilImpl(ldapEnvironment, "", "X.509");
LDAPCertificateStore ldapCertStore = new LDAPCertificateStore(ldapcertUtilImpl, new KeyStoreCertificateStore(), null);
Collection<X509Certificate> certs = ldapCertStore.getCertificates("gm2552@cerner.com");
*/
assertEquals(1, certs.size());
X509Certificate cert = certs.iterator().next();
assertFalse(cert instanceof X509CertificateEx);
assertTrue(cert.getSubjectX500Principal().toString().contains("bob@nhind.hsgincubator.com"));
}
Also used :
LdapStoreConfiguration(org.nhindirect.stagent.cert.impl.LdapStoreConfiguration)
BasicAttribute(javax.naming.directory.BasicAttribute)
Attribute(javax.naming.directory.Attribute)
Hashtable(java.util.Hashtable)
BasicAttributes(javax.naming.directory.BasicAttributes)
Attributes(javax.naming.directory.Attributes)
NamingEnumeration(javax.naming.NamingEnumeration)
DirContext(javax.naming.directory.DirContext)
InitialContext(javax.naming.InitialContext)
X509Certificate(java.security.cert.X509Certificate)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
LdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)
Example 2 with LDAPCertificateStore
use of org.nhindirect.stagent.cert.impl.LDAPCertificateStore in project nhin-d by DirectProject.
the class RESTSmtpAgentConfig method getAnchorsFromNonWS.
@Override
protected void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> incomingAnchors, Map<String, Collection<X509Certificate>> outgoingAnchors, String storeType) {
ArrayList<String> incomingLookups = new ArrayList<String>();
ArrayList<String> outgoingLookups = new ArrayList<String>();
for (String domain : domains) {
incomingLookups.add(domain + "IncomingAnchorAliases");
outgoingLookups.add(domain + "OutgoingAnchorAliases");
}
Collection<Setting> incomingAliasSettings = new ArrayList<Setting>();
Collection<Setting> outgoingAliasSettings = new ArrayList<Setting>();
for (String lookup : incomingLookups) {
try {
Setting st = settingsService.getSetting(lookup);
if (st != null)
incomingAliasSettings.add(st);
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
}
}
for (String lookup : outgoingLookups) {
try {
Setting st = settingsService.getSetting(lookup);
if (st != null)
outgoingAliasSettings.add(st);
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
}
}
// get the anchors from the correct store
if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
Setting file;
Setting pass;
Setting privKeyPass;
try {
file = settingsService.getSetting("AnchorKeyStoreFile");
pass = settingsService.getSetting("AnchorKeyStoreFilePass");
privKeyPass = settingsService.getSetting("AnchorKeyStorePrivKeyPass");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e.getMessage(), e);
}
KeyStoreCertificateStore store = new KeyStoreCertificateStore((file == null) ? null : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
} else if (storeType.equalsIgnoreCase(STORE_TYPE_LDAP)) {
LDAPCertificateStore ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider("TrustAnchor", "LDAPTrustAnchorStore").get();
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
}
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
Setting(org.nhindirect.config.model.Setting)
ArrayList(java.util.ArrayList)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
Collection(java.util.Collection)
Example 3 with LDAPCertificateStore
use of org.nhindirect.stagent.cert.impl.LDAPCertificateStore in project nhin-d by DirectProject.
the class WSSmtpAgentConfig method getAnchorsFromNonWS.
protected void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> incomingAnchors, Map<String, Collection<X509Certificate>> outgoingAnchors, String storeType) {
// get the anchor aliases for each domain... better performance to do one web call
// little more code here, but better to take hit here instead of over the wire
ArrayList<String> incomingLookups = new ArrayList<String>();
ArrayList<String> outgoingLookups = new ArrayList<String>();
for (String domain : domains) {
incomingLookups.add(domain + "IncomingAnchorAliases");
outgoingLookups.add(domain + "OutgoingAnchorAliases");
}
Setting[] incomingAliasSettings;
Setting[] outgoingAliasSettings;
try {
incomingAliasSettings = cfService.getSettingsByNames(incomingLookups.toArray(new String[incomingLookups.size()]));
outgoingAliasSettings = cfService.getSettingsByNames(outgoingLookups.toArray(new String[outgoingLookups.size()]));
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
}
// get the anchors from the correct store
if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE)) {
Setting file;
Setting pass;
Setting privKeyPass;
try {
file = cfService.getSettingByName("AnchorKeyStoreFile");
pass = cfService.getSettingByName("AnchorKeyStoreFilePass");
privKeyPass = cfService.getSettingByName("AnchorKeyStorePrivKeyPass");
} catch (Exception e) {
throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e.getMessage(), e);
}
KeyStoreCertificateStore store = new KeyStoreCertificateStore((file == null) ? null : file.getValue(), (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
} else if (storeType.equalsIgnoreCase(STORE_TYPE_LDAP)) {
LDAPCertificateStore ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider("TrustAnchor", "LDAPTrustAnchorStore").get();
// get incoming anchors
if (incomingAliasSettings != null) {
for (Setting setting : incomingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
}
}
// get outgoing anchors
if (outgoingAliasSettings != null) {
for (Setting setting : outgoingAliasSettings) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
String[] aliases = setting.getValue().split(",");
for (String alias : aliases) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
}
}
}
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
Setting(org.nhind.config.Setting)
ArrayList(java.util.ArrayList)
AddressException(javax.mail.internet.AddressException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
Collection(java.util.Collection)
Example 4 with LDAPCertificateStore
use of org.nhindirect.stagent.cert.impl.LDAPCertificateStore in project nhin-d by DirectProject.
the class XMLSmtpAgentConfig method buildTrustAnchorResolver.
/*
* Builds the resolver used to find trust anchors.
*/
protected void buildTrustAnchorResolver(Element anchorStoreNode, Map<String, Collection<String>> incomingAnchorHolder, Map<String, Collection<String>> outgoingAnchorHolder) {
Provider<TrustAnchorResolver> provider = null;
String storeType = anchorStoreNode.getAttribute("storeType");
Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
/*
* anchors are store in a key store
*/
if (storeType.equalsIgnoreCase("keystore")) {
KeyStoreCertificateStore store = new KeyStoreCertificateStore(anchorStoreNode.getAttribute("file"), anchorStoreNode.getAttribute("filePass"), anchorStoreNode.getAttribute("privKeyPass"));
// get incoming anchors
for (Entry<String, Collection<String>> entries : incomingAnchorHolder.entrySet()) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
for (String alias : entries.getValue()) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
incomingAnchors.put(entries.getKey(), certs);
}
// get outgoing anchors
for (Entry<String, Collection<String>> entries : outgoingAnchorHolder.entrySet()) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
for (String alias : entries.getValue()) {
X509Certificate cert = store.getByAlias(alias);
if (cert != null) {
certs.add(cert);
}
}
outgoingAnchors.put(entries.getKey(), certs);
}
} else if (storeType.equalsIgnoreCase("ldap")) {
ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider(anchorStoreNode, "LDAPTrustAnchorStore").get();
// get incoming anchors
for (Entry<String, Collection<String>> entries : incomingAnchorHolder.entrySet()) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
for (String alias : entries.getValue()) {
//TODO what if 2nd entry has no certs? Fail?
//each alias could have multiple certificates
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
incomingAnchors.put(entries.getKey(), certs);
}
// get outgoing anchors
for (Entry<String, Collection<String>> entries : outgoingAnchorHolder.entrySet()) {
Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
for (String alias : entries.getValue()) {
certs.addAll(ldapCertificateStore.getCertificates(alias));
}
outgoingAnchors.put(entries.getKey(), certs);
}
}
// determine what module to load to inject the trust anchor resolver implementation
String type = anchorStoreNode.getAttribute("type");
/*
* Uniform trust anchor
*/
if (type.equalsIgnoreCase("uniform")) {
// this is uniform... doesn't really matter what we use for incoming or outgoing because in theory they should be
// the same... just get the first collection in the incoming map
provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
} else if (type.equalsIgnoreCase("multidomain")) {
provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
} else {
throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
}
certAnchorModule = TrustAnchorModule.create(provider);
}
Also used :
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreCertificateStore(org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)
Entry(java.util.Map.Entry)
TrustAnchorResolver(org.nhindirect.stagent.trust.TrustAnchorResolver)
UniformTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
Collection(java.util.Collection)
MultiDomainTrustAnchorResolverProvider(org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider)
Example 5 with LDAPCertificateStore
use of org.nhindirect.stagent.cert.impl.LDAPCertificateStore in project nhin-d by DirectProject.
the class LDAPCertDumper method main.
public static void main(String[] args) {
if (args.length == 0) {
printUsage();
System.exit(-1);
}
//"beau@direct3.h1sp.com";
String emailAddress = "";
String outFile = null;
// Check parameters
for (int i = 0; i < args.length; i++) {
String arg = args[i];
// Options
if (!arg.startsWith("-")) {
System.err.println("Error: Unexpected argument [" + arg + "]\n");
printUsage();
System.exit(-1);
} else if (arg.equalsIgnoreCase("-add")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing email address");
System.exit(-1);
}
emailAddress = args[++i];
} else if (arg.equals("-out")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing output file.");
System.exit(-1);
}
outFile = args[++i];
} else if (arg.equals("-help")) {
printUsage();
System.exit(-1);
} else {
System.err.println("Error: Unknown argument " + arg + "\n");
printUsage();
System.exit(-1);
}
}
if (emailAddress == null || emailAddress.isEmpty()) {
System.err.println("You must provide an email address.");
printUsage();
} else {
LDAPCertificateStore ldapStore = (LDAPCertificateStore) new PublicLdapCertificateStoreProvider(null, null).get();
try {
Collection<X509Certificate> certs = ldapStore.getCertificates(new InternetAddress(emailAddress));
if (certs == null || certs.size() == 0) {
System.out.println("No certs found");
} else {
int idx = 1;
for (X509Certificate cert : certs) {
String certFileName = "";
String certFileHold = (outFile == null || outFile.isEmpty()) ? emailAddress + ".der" : outFile;
if (certs.size() > 1) {
int index = certFileHold.lastIndexOf(".");
if (index < 0)
certFileHold += "(" + idx + ")";
else {
certFileName = certFileHold.substring(0, index - 1) + "(" + idx + ")" + certFileHold.substring(index);
}
} else
certFileName = certFileHold;
File certFile = new File(certFileName);
if (certFile.exists())
certFile.delete();
System.out.println("Writing cert file: " + certFile.getAbsolutePath());
FileUtils.writeByteArrayToFile(certFile, cert.getEncoded());
++idx;
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
System.exit(0);
}
Also used :
InternetAddress(javax.mail.internet.InternetAddress)
LDAPCertificateStore(org.nhindirect.stagent.cert.impl.LDAPCertificateStore)
PublicLdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
LDAPCertificateStore (org.nhindirect.stagent.cert.impl.LDAPCertificateStore)7
X509Certificate (java.security.cert.X509Certificate)5
ArrayList (java.util.ArrayList)3
Collection (java.util.Collection)3
SmtpAgentException (org.nhindirect.gateway.smtp.SmtpAgentException)3
KeyStoreCertificateStore (org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore)3
Hashtable (java.util.Hashtable)2
AddressException (javax.mail.internet.AddressException)2
PolicyParseException (org.nhindirect.policy.PolicyParseException)2
File (java.io.File)1
IOException (java.io.IOException)1
CertificateException (java.security.cert.CertificateException)1
HashMap (java.util.HashMap)1
Entry (java.util.Map.Entry)1
InternetAddress (javax.mail.internet.InternetAddress)1
InitialContext (javax.naming.InitialContext)1
NamingEnumeration (javax.naming.NamingEnumeration)1
Attribute (javax.naming.directory.Attribute)1
Attributes (javax.naming.directory.Attributes)1
BasicAttribute (javax.naming.directory.BasicAttribute)1
