Examples with TrustException org.nhindirect.stagent.trust.TrustException used on opensource projects
Example 1 with TrustException
use of org.nhindirect.stagent.trust.TrustException in project nhin-d by DirectProject.
the class DefaultNHINDAgent method processMessage.
/*
* Process the incoming message by apply the security and trust algorithms.
*
*/
protected void processMessage(IncomingMessage message) {
///CLOVER:OFF
if (message.getSender() == null) {
throw new TrustException(TrustError.UntrustedSender);
}
///CLOVER:ON
message.categorizeRecipients(this.getDomains());
if (!message.hasDomainRecipients()) {
throw new AgentException(AgentError.NoTrustedRecipients);
}
//
// Map each address to its certificates/trust settings
//
this.bindAddresses(message);
//
// Extract signed content from the message
//
this.decryptSignedContent(message);
message.setMessage(this.unwrapMessage(message.getMessage()));
// Enforce trust requirements, including checking signatures
//
// need to decide if this message is a notification and message and
// if outgoing policy can be used for trust enforcement
final boolean allowOutgoingPolicyForIncomingNotifications = OptionsParameter.getParamValueAsBoolean(OptionsManager.getInstance().getParameter(OptionsParameter.USE_OUTGOING_POLICY_FOR_INCOMING_NOTIFICATIONS), false);
if (allowOutgoingPolicyForIncomingNotifications) {
final TxMessageType msgType = TxUtil.getMessageType(message.getMessage());
// determine if this message is a notification message
if (msgType.equals(TxMessageType.DSN) || msgType.equals(TxMessageType.MDN)) {
// need to apply outgoing anchor policy to each recipient
for (NHINDAddress recipient : message.getDomainRecipients()) {
try {
final Collection<X509Certificate> anchors = new ArrayList<X509Certificate>(trustAnchors.getIncomingAnchors().getCertificates(recipient));
anchors.addAll(trustAnchors.getOutgoingAnchors().getCertificates(recipient));
recipient.setTrustAnchors(anchors);
} catch (Exception e) {
LOGGER.warn("Exception getting anchors for inbound notification policy.", e);
}
}
}
}
// for incoming messages, headers may have been re-written
// by a man in the middle attack. The authoritative headers are in the unwrapped message, so they need to be compared to the header in
// Enveloped message to ensure that they have not been tampered
// Policy will dictate what the STA will do with the message if a tamper has been detected
enforceTamperPolicy(message);
this.trustModel.enforce(message);
//
if (message.hasDomainRecipients()) {
message.categorizeRecipients(this.minTrustRequirement);
}
if (!message.hasDomainRecipients()) {
throw new TrustException(TrustError.NoTrustedRecipients);
}
message.updateRoutingHeaders();
}
Also used :
TrustException(org.nhindirect.stagent.trust.TrustException)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
MessagingException(javax.mail.MessagingException)
TrustException(org.nhindirect.stagent.trust.TrustException)
MimeException(org.nhindirect.stagent.mail.MimeException)
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
PolicyParseException(org.nhindirect.policy.PolicyParseException)
IOException(java.io.IOException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
TxMessageType(org.nhindirect.common.tx.model.TxMessageType)
Aggregations
IOException (java.io.IOException)1
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
MessagingException (javax.mail.MessagingException)1
TxMessageType (org.nhindirect.common.tx.model.TxMessageType)1
PolicyParseException (org.nhindirect.policy.PolicyParseException)1
PolicyProcessException (org.nhindirect.policy.PolicyProcessException)1
PolicyRequiredException (org.nhindirect.policy.PolicyRequiredException)1
MimeException (org.nhindirect.stagent.mail.MimeException)1
TrustException (org.nhindirect.stagent.trust.TrustException)1
