Example 21 with OptionsParameter
use of org.nhindirect.stagent.options.OptionsParameter in project nhin-d by DirectProject.
the class CryptoExtensions_getJCEProviderNameForTypeAndAlgorithmTest method testGetJCEProviderNameForTypeAndAlgorithm_emptyConfiguredJCENames_assertEmptyBCProvider.
public void testGetJCEProviderNameForTypeAndAlgorithm_emptyConfiguredJCENames_assertEmptyBCProvider() {
CryptoExtensions.registerJCEProviders();
OptionsManager.getInstance().setOptionsParameter(new OptionsParameter(OptionsParameter.JCE_PROVIDER, ""));
assertNotNull(OptionsManager.getInstance().getParameter(OptionsParameter.JCE_PROVIDER));
assertEquals("", OptionsManager.getInstance().getParameter(OptionsParameter.JCE_PROVIDER).getParamValue());
assertEquals("", CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("doesnt matter", "doesnt matter"));
}
Also used :
OptionsParameter(org.nhindirect.stagent.options.OptionsParameter)
Example 22 with OptionsParameter
use of org.nhindirect.stagent.options.OptionsParameter in project nhin-d by DirectProject.
the class NHINDSecurityAndTrustMailet method init.
/**
* {@inheritDoc}
*/
@Override
public void init() throws MessagingException {
LOGGER.info("Initializing NHINDSecurityAndTrustMailet");
super.init();
// set the outbound policy for notifications if possible
try {
final boolean useOutboundPolicy = Boolean.parseBoolean(GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.USE_OUTGOING_POLICY_FOR_INCOMING_NOTIFICATIONS, this, "false"));
// we don't know if this parameter came from the mailet config or the options manager, so just go ahead and set it at
// the options manager level because that it where the agent reads the value... no danger that we will overwrite the value that we want...
// we would just be writing the same value if the information came from the options manager module
// the mailet parameter gets precedence, so we want to overwrite the options manager if the value exists in the mailet configuration
OptionsManager.getInstance().setOptionsParameter(new OptionsParameter(OptionsParameter.USE_OUTGOING_POLICY_FOR_INCOMING_NOTIFICATIONS, Boolean.toString(useOutboundPolicy)));
} catch (Exception e) {
// log a warning that the parameter could not be set
}
// set the rejection policy for tampered routing headers
try {
final boolean rejectOnTamperPolicy = Boolean.parseBoolean(GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.REJECT_ON_ROUTING_TAMPER, this, "false"));
OptionsManager.getInstance().setOptionsParameter(new OptionsParameter(OptionsParameter.REJECT_ON_ROUTING_TAMPER, Boolean.toString(rejectOnTamperPolicy)));
} catch (Exception e) {
// log a warning that the parameter could not be set
}
// set the JCE providers if available
final String JCEName = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.JCE_PROVIDER_NAME, this, "");
if (!StringUtils.isEmpty(JCEName))
OptionsManager.getInstance().setOptionsParameter(new OptionsParameter(OptionsParameter.JCE_PROVIDER, JCEName));
final String sensitiveJCEName = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.JCE_SENTITIVE_PROVIDER, this, "");
if (!StringUtils.isEmpty(sensitiveJCEName))
OptionsManager.getInstance().setOptionsParameter(new OptionsParameter(OptionsParameter.JCE_SENTITIVE_PROVIDER, sensitiveJCEName));
// Get the configuration URL
final String configURLParam = getInitParameter(SecurityAndTrustMailetOptions.CONFIG_URL_PARAM);
if (StringUtils.isEmpty(configURLParam)) {
LOGGER.error("NHINDSecurityAndTrustMailet Configuration URL cannot be empty or null.");
throw new MessagingException("NHINDSecurityAndTrustMailet Configuration URL cannot be empty or null.");
}
// parse into a URL and validate it is properly formed
URL configURL = null;
try {
configURL = new URL(configURLParam);
} catch (MalformedURLException ex) {
LOGGER.error("Invalid configuration URL:" + ex.getMessage(), ex);
throw new MessagingException("NHINDSecurityAndTrustMailet Configuration URL cannot be empty or null.", ex);
}
final Collection<Module> modules = getInitModules();
Provider<SmtpAgentConfig> configProvider;
try {
configProvider = this.getConfigProvider();
if (configProvider == null)
configProvider = createCompatConfigProvider(configURL);
if (configProvider instanceof URLAccessedConfigProvider)
((URLAccessedConfigProvider) configProvider).setConfigURL(configURL);
final Provider<ServiceSecurityManager> srvSecMgr = getServiceSecurityManagerProvider();
if (configProvider instanceof SecureURLAccessedConfigProvider)
((SecureURLAccessedConfigProvider) configProvider).setServiceSecurityManager(srvSecMgr);
final Provider<KeyStoreProtectionManager> keyStoreManagerProvider = getKeyStoreManagerProvider();
if (configProvider instanceof KeyStoreProtectionConfigProvider && keyStoreManagerProvider != null)
((KeyStoreProtectionConfigProvider) configProvider).setKeyStoreProtectionManger(keyStoreManagerProvider);
agent = SmtpAgentFactory.createAgent(configURL, configProvider, null, modules);
} catch (SmtpAgentException e) {
LOGGER.error("Failed to create the SMTP agent: " + e.getMessage(), e);
throw new MessagingException("Failed to create the SMTP agent: " + e.getMessage(), e);
}
///CLOVER:OFF
if (agent == null) {
LOGGER.error("Failed to create the SMTP agent. Reason unknown.");
throw new MessagingException("Failed to create the SMTP agent. Reason unknown.");
}
///CLOVER:ON
// get the DSN creation options
// default is RELIABLE_DSN_OPTION
final String dnsCreateOptions = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.AUTO_DSN_FAILURE_CREATION_PARAM, this, RELIABLE_DSN_OPTION);
for (String dsnOption : dnsCreateOptions.split(",")) {
if (dsnOption.equalsIgnoreCase(RELIABLE_DSN_OPTION))
autoDSNForTimelyAndReliable = true;
else if (dsnOption.equalsIgnoreCase(GENERAL_DSN_OPTION))
autoDSNForGeneral = true;
}
// set the agent and config in the Gateway state
final GatewayState gwState = GatewayState.getInstance();
if (gwState.isAgentSettingManagerRunning())
gwState.stopAgentSettingsManager();
gwState.setSmtpAgent(agent);
gwState.setSmptAgentConfig(SmptAgentConfigFactory.createSmtpAgentConfig(configURL, configProvider, null));
gwState.startAgentSettingsManager();
LOGGER.info("NHINDSecurityAndTrustMailet initialization complete.");
}
Also used :
MalformedURLException(java.net.MalformedURLException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
MessagingException(javax.mail.MessagingException)
KeyStoreProtectionManager(org.nhindirect.common.crypto.KeyStoreProtectionManager)
MessagingException(javax.mail.MessagingException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SmtpAgentException(org.nhindirect.gateway.smtp.SmtpAgentException)
MalformedURLException(java.net.MalformedURLException)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
URL(java.net.URL)
SmtpAgentConfig(org.nhindirect.gateway.smtp.config.SmtpAgentConfig)
OptionsParameter(org.nhindirect.stagent.options.OptionsParameter)
ServiceSecurityManager(org.nhindirect.common.rest.ServiceSecurityManager)
GatewayState(org.nhindirect.gateway.smtp.GatewayState)
SecureURLAccessedConfigProvider(org.nhindirect.gateway.smtp.provider.SecureURLAccessedConfigProvider)
URLAccessedConfigProvider(org.nhindirect.gateway.smtp.provider.URLAccessedConfigProvider)
SecureURLAccessedConfigProvider(org.nhindirect.gateway.smtp.provider.SecureURLAccessedConfigProvider)
Module(com.google.inject.Module)
AuditorModule(org.nhindirect.gateway.smtp.module.AuditorModule)
KeyStoreProtectionConfigProvider(org.nhindirect.gateway.smtp.provider.KeyStoreProtectionConfigProvider)
Example 23 with OptionsParameter
use of org.nhindirect.stagent.options.OptionsParameter in project nhin-d by DirectProject.
the class DNSCertificateStore method setServers.
/**
* Sets the DNS servers used for initial certificate lookups. This replaces all currently set DNS server configuration. This method is thread safe and
* may block if a current lookup is currently in progress.
* @param servers The DNS servers used for initial certificate lookups.
*/
public void setServers(Collection<String> servers) {
if (servers == null || servers.size() == 0) {
String[] configedServers = null;
// first check if servers were configured via the options manager
final OptionsParameter serverOptions = OptionsManager.getInstance().getParameter(OptionsParameter.DNS_CERT_RESOLVER_SERVERS);
if (serverOptions != null && !StringUtils.isEmpty(serverOptions.getParamValue())) {
configedServers = serverOptions.getParamValue().split(",");
} else
// no servers in the options manager, fall back to the local machine's settings
configedServers = ResolverConfig.getCurrentConfig().servers();
if (configedServers != null) {
this.servers.addAll(Arrays.asList(configedServers));
}
} else {
this.servers.clear();
this.servers.addAll(servers);
}
}
Also used :
OptionsParameter(org.nhindirect.stagent.options.OptionsParameter)
Example 24 with OptionsParameter
use of org.nhindirect.stagent.options.OptionsParameter in project nhin-d by DirectProject.
the class DNSCertificateStore method getServerQuerySettings.
private void getServerQuerySettings() {
OptionsParameter param = OptionsManager.getInstance().getParameter(OptionsParameter.DNS_CERT_RESOLVER_TIMEOUT);
timeout = OptionsParameter.getParamValueAsInteger(param, DEFAULT_DNS_TIMEOUT);
param = OptionsManager.getInstance().getParameter(OptionsParameter.DNS_CERT_RESOLVER_RETRIES);
retries = OptionsParameter.getParamValueAsInteger(param, DEFAULT_DNS_RETRIES);
param = OptionsManager.getInstance().getParameter(OptionsParameter.DNS_CERT_RESOLVER_USE_TCP);
useTCP = OptionsParameter.getParamValueAsBoolean(param, DEFAULT_DNS_USE_TCP);
}
Also used :
OptionsParameter(org.nhindirect.stagent.options.OptionsParameter)
Example 25 with OptionsParameter
use of org.nhindirect.stagent.options.OptionsParameter in project nhin-d by DirectProject.
the class CryptoExtensions method registerJCEProviders.
/**
* Typically JCE providers are registered through JVM properties files or statically calling {@link Security#addProvider(Provider)}. The method
* allows for configuration of JCE Providers through the {@link OptionsManager} classes. This method iterates through a comma delimited set of providers,
* dynamically loads the provider class, and and registered each one if it has not already been registered.
* <p>
* If a provider is not configured via the {@link OptionsManager}, then the default BouncyCastle provider is registered (if it has not been
* already registered).
*/
public static void registerJCEProviders() {
// registering the default JCE providers
String[] providerClasses = null;
OptionsParameter param = OptionsManager.getInstance().getParameter(OptionsParameter.JCE_PROVIDER_CLASSES);
if (param == null || param.getParamValue() == null || param.getParamValue().isEmpty())
providerClasses = new String[] { DEFAULT_JCE_PROVIDER_CLASS };
else
providerClasses = param.getParamValue().split(",");
// register the provider classes
for (String providerClass : providerClasses) {
try {
final Class<?> providerClazz = CryptoExtensions.class.getClassLoader().loadClass(providerClass);
final Provider provider = Provider.class.cast(providerClazz.newInstance());
// check to see if the provider is already registered
if (Security.getProvider(provider.getName()) == null)
Security.addProvider(provider);
} catch (Exception e) {
throw new IllegalStateException("Could not load and/or register JCE provider " + providerClass, e);
}
}
// registering the default sensitive JCE providers
providerClasses = null;
param = OptionsManager.getInstance().getParameter(OptionsParameter.JCE_SENSITIVE_PROVIDER_CLASSES);
if (param == null || param.getParamValue() == null || param.getParamValue().isEmpty())
providerClasses = new String[] { DEFAULT_SENSITIVE_JCE_PROVIDER_CLASS };
else
providerClasses = param.getParamValue().split(",");
// register the provider classes
for (String providerClass : providerClasses) {
try {
Provider provider = null;
Class<?> providerClazz = null;
// check to see if the provider class string has parameters
final String[] provParams = providerClass.split(";");
if (provParams.length > 1) {
providerClazz = CryptoExtensions.class.getClassLoader().loadClass(provParams[0]);
try {
Constructor<Provider> constr = Constructor.class.cast(providerClazz.getConstructor(String.class));
provider = constr.newInstance(provParams[1]);
} catch (InvocationTargetException e) {
if (e.getTargetException() instanceof IllegalStateException) {
LOGGER.warn("Could not create a JCE Provider with the specific parameter: " + provParams[1], e);
} else
LOGGER.warn("JCE Provider param " + provParams[1] + " provided but not supported by JCE Provider implementation:" + e.getMessage(), e);
}
} else {
providerClazz = CryptoExtensions.class.getClassLoader().loadClass(providerClass);
}
if (provider == null) {
provider = Provider.class.cast(providerClazz.newInstance());
}
// check to see if the provider is already registered
if (Security.getProvider(provider.getName()) == null)
Security.addProvider(provider);
/*
Set<Service> services = provider.getServices();
for (Service service : services)
{
System.out.println("Service: " + service.getAlgorithm() + " Type:" + service.getType() + "\r\n\t" + service.toString());
}
System.out.println("\r\n\r\n\r\n");
*/
} catch (Exception e) {
throw new IllegalStateException("Could not load and/or register sensitive JCE provider " + providerClass, e);
}
}
}
Also used :
OptionsParameter(org.nhindirect.stagent.options.OptionsParameter)
CertificateParsingException(java.security.cert.CertificateParsingException)
CertificateException(java.security.cert.CertificateException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Provider(java.security.Provider)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Aggregations
OptionsParameter (org.nhindirect.stagent.options.OptionsParameter)30
DefaultNHINDAgent (org.nhindirect.stagent.DefaultNHINDAgent)5
CertificateResolver (org.nhindirect.stagent.cert.CertificateResolver)4
DefaultTrustAnchorResolver (org.nhindirect.stagent.trust.DefaultTrustAnchorResolver)4
File (java.io.File)2
InvocationTargetException (java.lang.reflect.InvocationTargetException)2
Provider (java.security.Provider)2
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)2
Module (com.google.inject.Module)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
MalformedURLException (java.net.MalformedURLException)1
URL (java.net.URL)1
CertificateException (java.security.cert.CertificateException)1
CertificateParsingException (java.security.cert.CertificateParsingException)1
MessagingException (javax.mail.MessagingException)1
MimeMessage (javax.mail.internet.MimeMessage)1
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1
KeyStoreProtectionManager (org.nhindirect.common.crypto.KeyStoreProtectionManager)1
ServiceSecurityManager (org.nhindirect.common.rest.ServiceSecurityManager)1
ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)1
