API tools faq
paste
Guest User

Untitled

a guest
Dec 25th, 2017
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.17 KB | None | 0 0
raw download clone embed print report
  1. package org.nhindirect.gateway.smtp.config;
  2.  
  3. import java.io.ByteArrayInputStream;
  4. import java.io.File;
  5. import java.io.IOException;
  6. import java.net.URL;
  7. import java.security.cert.CertificateException;
  8. import java.security.cert.CertificateFactory;
  9. import java.security.cert.X509Certificate;
  10. import java.util.ArrayList;
  11. import java.util.Collection;
  12. import java.util.Collections;
  13. import java.util.HashMap;
  14. import java.util.Locale;
  15. import java.util.Map;
  16.  
  17. import javax.mail.internet.AddressException;
  18. import javax.mail.internet.InternetAddress;
  19.  
  20.  
  21. import org.nhind.config.Anchor;
  22. import org.nhind.config.ConfigurationServiceProxy;
  23. import org.nhind.config.Domain;
  24. import org.nhind.config.Setting;
  25. import org.nhindirect.gateway.smtp.DomainPostmaster;
  26. import org.nhindirect.gateway.smtp.MessageProcessingSettings;
  27. import org.nhindirect.gateway.smtp.NotificationProducer;
  28. import org.nhindirect.gateway.smtp.NotificationSettings;
  29. import org.nhindirect.gateway.smtp.ProcessBadMessageSettings;
  30. import org.nhindirect.gateway.smtp.ProcessIncomingSettings;
  31. import org.nhindirect.gateway.smtp.ProcessOutgoingSettings;
  32. import org.nhindirect.gateway.smtp.RawMessageSettings;
  33. import org.nhindirect.gateway.smtp.SmtpAgent;
  34. import org.nhindirect.gateway.smtp.SmtpAgentError;
  35. import org.nhindirect.gateway.smtp.SmtpAgentException;
  36. import org.nhindirect.gateway.smtp.SmtpAgentSettings;
  37. import org.nhindirect.gateway.smtp.config.cert.impl.provider.ConfigServiceCertificateStoreProvider;
  38. import org.nhindirect.gateway.smtp.module.SmtpAgentModule;
  39. import org.nhindirect.gateway.smtp.provider.DefaultSmtpAgentProvider;
  40. import org.nhindirect.stagent.NHINDAgent;
  41. import org.nhindirect.stagent.cert.CertificateResolver;
  42. import org.nhindirect.stagent.cert.DefaultCertStoreCachePolicy;
  43. import org.nhindirect.stagent.cert.impl.EmployLdapAuthInformation;
  44. import org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore;
  45. import org.nhindirect.stagent.cert.impl.LDAPCertificateStore;
  46. import org.nhindirect.stagent.cert.impl.LdapStoreConfiguration;
  47. import org.nhindirect.stagent.cert.impl.provider.DNSCertStoreProvider;
  48. import org.nhindirect.stagent.cert.impl.provider.KeyStoreCertificateStoreProvider;
  49. import org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider;
  50. import org.nhindirect.stagent.module.AgentModule;
  51. import org.nhindirect.stagent.module.PrivateCertStoreModule;
  52. import org.nhindirect.stagent.module.PublicCertStoreModule;
  53. import org.nhindirect.stagent.module.TrustAnchorModule;
  54. import org.nhindirect.stagent.trust.TrustAnchorResolver;
  55. import org.nhindirect.stagent.trust.provider.MultiDomainTrustAnchorResolverProvider;
  56. import org.nhindirect.stagent.trust.provider.UniformTrustAnchorResolverProvider;
  57.  
  58. import com.google.inject.Guice;
  59. import com.google.inject.Inject;
  60. import com.google.inject.Injector;
  61. import com.google.inject.Module;
  62. import com.google.inject.Provider;
  63.  
  64. public class WSSmtpAgentConfig implements SmtpAgentConfig
  65. {
  66. private static final String STORE_TYPE_WS = "WS";
  67. private static final String STORE_TYPE_LDAP = "LDAP";
  68. private static final String STORE_TYPE_KEYSTORE = "keystore";
  69. private static final String STORE_TYPE_DNS = "DNS";
  70.  
  71. private static final String ANCHOR_RES_TYPE_UNIFORM = "uniform";
  72. private static final String ANCHOR_RES_TYPE_MULTIDOMAIN = "multidomain";
  73.  
  74. private static final String MESSAGE_SETTING_RAW = "Raw";
  75. private static final String MESSAGE_SETTING_INCOMING = "Incoming";
  76. private static final String MESSAGE_SETTING_OUTGOING = "Outgoing";
  77. private static final String MESSAGE_SETTING_BAD = "Bad";
  78.  
  79. protected Collection<String> domains;
  80. protected Map<String, DomainPostmaster> domainPostmasters;
  81.  
  82.  
  83.  
  84. @Inject(optional=true)
  85. private Provider<SmtpAgent> smtpAgentProvider;
  86.  
  87. @Inject
  88. private Provider<NHINDAgent> agentProvider;
  89.  
  90. protected Module certAnchorModule;
  91. protected Module publicCertModule;
  92. protected Module privateCertModule;
  93.  
  94. private RawMessageSettings rawSettings;
  95. private ProcessIncomingSettings incomingSettings;
  96. private ProcessOutgoingSettings outgoingSettings;
  97. private ProcessBadMessageSettings badSettings;
  98. private NotificationProducer notificationProducer;
  99. private Collection<Provider<CertificateResolver>> resolverProviders;
  100.  
  101. private final ConfigurationServiceProxy cfService;
  102.  
  103. private X509Certificate certFromData(byte[] data) throws SmtpAgentException
  104. {
  105. ByteArrayInputStream bais = new ByteArrayInputStream(data);
  106. X509Certificate cert = null;
  107.  
  108. try
  109. {
  110. cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
  111. }
  112. catch (CertificateException e)
  113. {
  114. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Invalid certificate data: " + e.getMessage(), e);
  115. }
  116. finally
  117. {
  118. try {bais.close();}
  119. catch (IOException e) {/*no op*/}
  120. }
  121. return cert;
  122. }
  123.  
  124. /**
  125. * Construct and configuration component with the location of the configuration file and an optional provider for creating
  126. * instances of the security and trust anchor.
  127. * @param configFile The full path of the XML configuration file.
  128. * @param agentProvider An option provider used for creating instances of the security and trust agent. If the provider is
  129. * null, a default provider is used.
  130. */
  131. public WSSmtpAgentConfig(URL configServiceLocation, Provider<NHINDAgent> agentProvider)
  132. {
  133. resolverProviders = new ArrayList<Provider<CertificateResolver>>();
  134. this.agentProvider = agentProvider;
  135.  
  136. cfService = new ConfigurationServiceProxy(configServiceLocation.toExternalForm());
  137. }
  138.  
  139. /**
  140. * {@inheritDoc}
  141. */
  142. public Injector getAgentInjector()
  143. {
  144. return buildAgentInjector();
  145. }
  146.  
  147. private Injector buildAgentInjector()
  148. {
  149. // build the domain list and trust anchors
  150. buildDomains();
  151.  
  152. // build the public cert store
  153. buildPublicCertStore();
  154.  
  155. // build the private cert store
  156. buildPrivateCertStore();
  157.  
  158. // build the MDN settings
  159. buildMDNSettings();
  160.  
  161. // build raw message settings
  162. buildMessageSettings(MESSAGE_SETTING_RAW);
  163.  
  164. // build incoming message settings
  165. buildMessageSettings(MESSAGE_SETTING_INCOMING);
  166.  
  167. // build outgoing message settings
  168. buildMessageSettings(MESSAGE_SETTING_OUTGOING);
  169.  
  170. // build bad message settings
  171. buildMessageSettings(MESSAGE_SETTING_BAD);
  172.  
  173. SmtpAgentSettings settings = new SmtpAgentSettings(domainPostmasters, rawSettings, outgoingSettings,
  174. incomingSettings, badSettings, notificationProducer);
  175.  
  176. if (smtpAgentProvider == null)
  177. smtpAgentProvider = new DefaultSmtpAgentProvider(settings);
  178.  
  179. AgentModule agentModule;
  180. if (agentProvider == null)
  181. agentModule = AgentModule.create(domains, publicCertModule, privateCertModule, certAnchorModule);
  182. else
  183. agentModule = AgentModule.create(agentProvider);
  184.  
  185. return Guice.createInjector(agentModule, SmtpAgentModule.create(smtpAgentProvider));
  186.  
  187. }
  188.  
  189. private void buildDomains()
  190. {
  191. domains = new ArrayList<String>();
  192. domainPostmasters = new HashMap<String, DomainPostmaster>();
  193. Domain[] lookedupDomains = null;
  194.  
  195. // get the domain list first
  196. try
  197. {
  198. int domainCount = cfService.getDomainCount();
  199.  
  200. lookedupDomains = cfService.listDomains(null, domainCount);
  201. }
  202. catch (Exception e)
  203. {
  204. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting domains list: " + e.getMessage(), e);
  205. }
  206.  
  207. if (lookedupDomains != null)
  208. {
  209. for (Domain dom : lookedupDomains)
  210. {
  211. domains.add(dom.getDomainName());
  212. try
  213. {
  214. domainPostmasters.put(dom.getDomainName().toUpperCase(Locale.getDefault()),
  215. new DomainPostmaster(dom.getDomainName(), new InternetAddress(dom.getPostMasterEmail())));
  216. }
  217. catch (AddressException e) {}
  218. }
  219. }
  220.  
  221. if (domains.size() == 0)
  222. throw new SmtpAgentException(SmtpAgentError.MissingDomains);
  223.  
  224. // now get the trust anchors
  225. buildTrustAnchorResolver();
  226. }
  227.  
  228. public void buildTrustAnchorResolver()
  229. {
  230. Provider<TrustAnchorResolver> provider = null;
  231. Map<String, Collection<X509Certificate>> incomingAnchors = new HashMap<String, Collection<X509Certificate>>();
  232. Map<String, Collection<X509Certificate>> outgoingAnchors = new HashMap<String, Collection<X509Certificate>>();
  233.  
  234. /*
  235. * first determine how anchors are stored... possibilities are LDAP, keystore, and WS
  236. *
  237. */
  238. Setting setting = null;
  239. String storeType;
  240. String resolverType;
  241. try
  242. {
  243. setting = cfService.getSettingByName("AnchorStoreType");
  244. }
  245. catch (Exception e)
  246. {
  247. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor store type: " + e.getMessage(), e);
  248. }
  249.  
  250. if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
  251. storeType = STORE_TYPE_WS; // default to WS
  252. else
  253. storeType = setting.getValue();
  254.  
  255. // if the store type is anything other than WS, then we need to get the anchor names so we can look them up in the repository
  256. if (!storeType.equalsIgnoreCase(STORE_TYPE_WS))
  257. {
  258. getAnchorsFromNonWS(incomingAnchors, outgoingAnchors, storeType);
  259.  
  260. }
  261. else
  262. {
  263. // hit up the web service for each domains anchor
  264. for (String domain : domains)
  265. {
  266. try
  267. {
  268. Anchor[] anchors = cfService.getAnchorsForOwner(domain, null);
  269.  
  270. if (anchors != null && anchors.length > 0)
  271. {
  272. Collection<X509Certificate> incomingAnchorsToAdd = new ArrayList<X509Certificate>();
  273. Collection<X509Certificate> outgoingAnchorsToAdd = new ArrayList<X509Certificate>();
  274. for (Anchor anchor : anchors)
  275. {
  276. X509Certificate anchorToAdd = certFromData(anchor.getData());
  277. if (anchor.isIncoming())
  278. incomingAnchorsToAdd.add(anchorToAdd);
  279. if (anchor.isOutgoing())
  280. outgoingAnchorsToAdd.add(anchorToAdd);
  281. }
  282. incomingAnchors.put(domain, incomingAnchorsToAdd);
  283. outgoingAnchors.put(domain, outgoingAnchorsToAdd);
  284. }
  285. }
  286. catch (SmtpAgentException e)
  287. {
  288. // rethrow
  289. throw e;
  290. }
  291. catch (Exception e)
  292. {
  293. throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings,
  294. "WebService error getting trust anchors for domain " + domain + ":" + e.getMessage(), e);
  295. }
  296. }
  297. }
  298.  
  299. try
  300. {
  301. setting = cfService.getSettingByName("AnchorResolverType");
  302. }
  303. catch (Exception e)
  304. {
  305. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor resolver type: " + e.getMessage(), e);
  306. }
  307.  
  308. if (incomingAnchors.size() == 0)
  309. throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No incoming trust anchors defined.");
  310.  
  311. if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
  312. resolverType = ANCHOR_RES_TYPE_UNIFORM; // default to unifor
  313. else
  314. resolverType = setting.getValue();
  315.  
  316.  
  317.  
  318. if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_UNIFORM))
  319. {
  320. // this is uniform... doesn't really matter what we use for incoming or outgoing because in theory they should be
  321. // the same... just get the first collection in the incoming map
  322. provider = new UniformTrustAnchorResolverProvider(incomingAnchors.values().iterator().next());
  323. }
  324. else if (resolverType.equalsIgnoreCase(ANCHOR_RES_TYPE_MULTIDOMAIN))
  325. {
  326. if (outgoingAnchors.size() == 0)
  327. throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings, "No outgoing trust anchors defined.");
  328. provider = new MultiDomainTrustAnchorResolverProvider(incomingAnchors, outgoingAnchors);
  329. }
  330. else
  331. {
  332. throw new SmtpAgentException(SmtpAgentError.InvalidTrustAnchorSettings);
  333. }
  334.  
  335. certAnchorModule = TrustAnchorModule.create(provider);
  336. }
  337.  
  338. private void getAnchorsFromNonWS(Map<String, Collection<X509Certificate>> incomingAnchors,
  339. Map<String, Collection<X509Certificate>> outgoingAnchors, String storeType)
  340. {
  341.  
  342. // get the anchor aliases for each domain... better performance to do one web call
  343. // little more code here, but better to take hit here instead of over the wire
  344. ArrayList<String> incomingLookups = new ArrayList<String>();
  345. ArrayList<String> outgoingLookups = new ArrayList<String>();
  346. for (String domain : domains)
  347. {
  348. incomingLookups.add(domain + "IncomingAnchorAliases");
  349. outgoingLookups.add(domain + "OutgoingAnchorAliases");
  350. }
  351.  
  352. Setting[] incomingAliasSettings;
  353. Setting[] outgoingAliasSettings;
  354. try
  355. {
  356. incomingAliasSettings = cfService.getSettingsByNames(incomingLookups.toArray(new String[incomingLookups.size()]));
  357. outgoingAliasSettings = cfService.getSettingsByNames(outgoingLookups.toArray(new String[outgoingLookups.size()]));
  358. }
  359. catch (Exception e)
  360. {
  361. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor aliases: " + e.getMessage(), e);
  362. }
  363.  
  364. // get the anchors from the correct store
  365. if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE))
  366. {
  367. Setting file;
  368. Setting pass;
  369. Setting privKeyPass;
  370. try
  371. {
  372. file = cfService.getSettingByName("AnchorKeyStoreFile");
  373. pass = cfService.getSettingByName("AnchorKeyStoreFilePass");
  374. privKeyPass = cfService.getSettingByName("AnchorKeyStorePrivKeyPass");
  375. }
  376. catch (Exception e)
  377. {
  378. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting anchor key store settings: " + e.getMessage(), e);
  379. }
  380.  
  381. KeyStoreCertificateStore store = new KeyStoreCertificateStore((file == null) ? null : file.getValue(),
  382. (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
  383.  
  384. // get incoming anchors
  385. for (Setting setting : incomingAliasSettings)
  386. {
  387. Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
  388. String aliases[] = setting.getValue().split(",");
  389. for (String alias : aliases)
  390. {
  391. X509Certificate cert = store.getByAlias(alias);
  392. if (cert != null)
  393. {
  394. certs.add(cert);
  395. }
  396. }
  397. incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
  398. }
  399.  
  400. // get outgoing anchors
  401. for (Setting setting : outgoingAliasSettings)
  402. {
  403. Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
  404. String aliases[] = setting.getValue().split(",");
  405. for (String alias : aliases)
  406. {
  407. X509Certificate cert = store.getByAlias(alias);
  408. if (cert != null)
  409. {
  410. certs.add(cert);
  411. }
  412. }
  413. outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
  414. }
  415. }
  416. else if (storeType.equalsIgnoreCase(STORE_TYPE_LDAP))
  417. {
  418.  
  419.  
  420. LDAPCertificateStore ldapCertificateStore = (LDAPCertificateStore) buildLdapCertificateStoreProvider("TrustAnchor", "LDAPTrustAnchorStore").get();
  421. // get incoming anchors
  422. for (Setting setting : incomingAliasSettings)
  423. {
  424. Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
  425. String aliases[] = setting.getValue().split(",");
  426. for (String alias : aliases)
  427. {
  428. //TODO what if 2nd entry has no certs? Fail?
  429. //each alias could have multiple certificates
  430. certs.addAll(ldapCertificateStore.getCertificates(alias));
  431. }
  432. incomingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("IncomingAnchorAliases")), certs);
  433. }
  434.  
  435. // get outgoing anchors
  436. for (Setting setting : outgoingAliasSettings)
  437. {
  438. Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
  439. String aliases[] = setting.getValue().split(",");
  440. for (String alias : aliases)
  441. {
  442. //TODO what if 2nd entry has no certs? Fail?
  443. //each alias could have multiple certificates
  444. certs.addAll(ldapCertificateStore.getCertificates(alias));
  445. }
  446. outgoingAnchors.put(setting.getName().substring(0, setting.getName().lastIndexOf("OutgoingAnchorAliases")), certs);
  447. }
  448. }
  449.  
  450. }
  451.  
  452. protected LdapCertificateStoreProvider buildLdapCertificateStoreProvider(String type, String cacheStoreName)
  453. {
  454. //required
  455. Setting ldapURLSetting;
  456. Setting ldapSearchBaseSetting;
  457. Setting ldapSearchAttrSetting;
  458. Setting ldapCertAttrSetting;
  459. Setting ldapCertFormatSetting;
  460. //optional
  461. Setting ldapUserSetting;
  462. Setting ldapPasswordSetting;
  463. Setting ldapConnTimeoutSetting;
  464. Setting ldapCertPassphraseSetting;
  465. try
  466. {
  467. ldapURLSetting = cfService.getSettingByName(type + "LDAPUrl");
  468. ldapSearchBaseSetting = cfService.getSettingByName(type + "LDAPSearchBase");
  469. ldapSearchAttrSetting = cfService.getSettingByName(type + "LDAPSearchAttr");
  470. ldapCertAttrSetting = cfService.getSettingByName(type + "LDAPCertAttr");
  471. ldapCertFormatSetting = cfService.getSettingByName(type + "LDAPCertFormat");
  472. //optional
  473. ldapUserSetting = cfService.getSettingByName(type + "LDAPUser");
  474. ldapPasswordSetting = cfService.getSettingByName(type + "LDAPPassword");
  475. ldapConnTimeoutSetting = cfService.getSettingByName(type + "LDAPConnTimeout");
  476. ldapCertPassphraseSetting = cfService.getSettingByName(type + "LDAPCertPassphrase");
  477. }
  478. catch (Exception e)
  479. {
  480. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting LDAP store settings: " + e.getMessage(), e);
  481. }
  482. if (ldapURLSetting == null || ldapURLSetting.getValue() == null || ldapURLSetting.getValue().isEmpty())
  483. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Missing LDAP URL");
  484.  
  485. String ldapSearchBase = (ldapSearchBaseSetting == null) ? null : ldapSearchBaseSetting.getValue();
  486. String ldapSearchAttr = (ldapSearchAttrSetting == null) ? null : ldapSearchAttrSetting.getValue();
  487. String ldapCertAttr = (ldapCertAttrSetting == null) ? null : ldapCertAttrSetting.getValue();
  488. String ldapCertFormat = (ldapCertFormatSetting == null) ? null : ldapCertFormatSetting.getValue();
  489. String[] ldapURL = ldapURLSetting.getValue().split(",");
  490.  
  491. if(ldapURL[0].isEmpty() || ldapSearchBase.isEmpty() || ldapSearchAttr.isEmpty() ||
  492. ldapCertAttr.isEmpty() || ldapCertFormat.isEmpty())
  493. {
  494. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "Missing required LDAP parameters.");
  495. }
  496.  
  497. String ldapUser = (ldapUserSetting == null) ? null : ldapUserSetting.getValue();
  498. String ldapPassword = (ldapPasswordSetting == null) ? null : ldapPasswordSetting.getValue();
  499. String ldapConnTimeout = (ldapConnTimeoutSetting == null) ? null : ldapConnTimeoutSetting.getValue();
  500. String ldapCertPassphrase = (ldapCertPassphraseSetting == null) ? null : ldapCertPassphraseSetting.getValue();
  501.  
  502.  
  503. if(ldapCertFormat.equalsIgnoreCase("pkcs12") && ( ldapCertPassphrase == null || ldapCertPassphrase.isEmpty()))
  504. {
  505. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat);
  506. }
  507. LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(ldapURL, ldapSearchBase, ldapSearchAttr, ldapCertAttr, ldapCertFormat);
  508. if(ldapUser != null && !ldapUser.isEmpty() && ldapPassword != null && !ldapPassword.isEmpty())
  509. {
  510. ldapStoreConfiguration.setEmployLdapAuthInformation(new EmployLdapAuthInformation(ldapUser, ldapPassword));
  511. }
  512. if(ldapConnTimeout != null && !ldapConnTimeout.isEmpty())
  513. {
  514. ldapStoreConfiguration.setLdapConnectionTimeOut(ldapConnTimeout);
  515. }
  516. if(ldapCertPassphrase != null && !ldapCertPassphrase.isEmpty())
  517. {
  518. ldapStoreConfiguration.setLdapCertPassphrase(ldapCertPassphrase);
  519. }
  520.  
  521. String passphrase = (ldapCertPassphrase == null || ldapCertPassphrase.isEmpty()) ? "DefaultPassphrase" : ldapCertPassphrase;
  522.  
  523. LdapCertificateStoreProvider ldapCertificateStoreProvider = new LdapCertificateStoreProvider(ldapStoreConfiguration,
  524. new KeyStoreCertificateStore(new File(cacheStoreName),passphrase, passphrase), new DefaultCertStoreCachePolicy());
  525. return ldapCertificateStoreProvider;
  526. }
  527.  
  528. /*
  529. * Build the certificate resolver for public certificates
  530. */
  531. @SuppressWarnings("unchecked")
  532. private void buildPublicCertStore()
  533. {
  534. Provider<CertificateResolver> resolverProvider = null;
  535.  
  536. Setting setting = null;
  537. String storeTypes;
  538. try
  539. {
  540. setting = cfService.getSettingByName("PublicStoreType");
  541. }
  542. catch (Exception e)
  543. {
  544. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store type: " + e.getMessage(), e);
  545. }
  546.  
  547. if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
  548. storeTypes = STORE_TYPE_DNS; // default to DNS
  549. else
  550. storeTypes = setting.getValue();
  551.  
  552. /*
  553. * KeyStore based resolver
  554. */
  555. String[] types = storeTypes.split(",");
  556. for (String storeType : types)
  557. {
  558. if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE))
  559. {
  560. Setting file;
  561. Setting pass;
  562. Setting privKeyPass;
  563. try
  564. {
  565. file = cfService.getSettingByName("PublicStoreFile");
  566. pass = cfService.getSettingByName("PublicStoreFilePass");
  567. privKeyPass = cfService.getSettingByName("PublicStorePrivKeyPass");
  568. }
  569. catch (Exception e)
  570. {
  571. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store file settings: " + e.getMessage(), e);
  572. }
  573.  
  574. resolverProvider = new KeyStoreCertificateStoreProvider((file == null) ? "PublicStoreKeyFile" : file.getValue(),
  575. (pass == null) ? "DefaultFilePass" : pass.getValue(), (privKeyPass == null) ? "DefaultKeyPass" : privKeyPass.getValue());
  576. }
  577. /*
  578. * DNS resolver
  579. */
  580. else if(storeType.equalsIgnoreCase(STORE_TYPE_DNS))
  581. {
  582. resolverProvider = new DNSCertStoreProvider(Collections.EMPTY_LIST,
  583. new KeyStoreCertificateStore(new File("DNSCacheStore"), "DefaultFilePass", "DefaultKeyPass"), new DefaultCertStoreCachePolicy());
  584. }
  585. /*
  586. * Web Services
  587. */
  588. else if (storeType.equalsIgnoreCase(STORE_TYPE_WS))
  589. {
  590. resolverProvider = new ConfigServiceCertificateStoreProvider(cfService,
  591. new KeyStoreCertificateStore(new File("WSPublicCacheStore"), "DefaultFilePass", "DefaultKeyPass"), new DefaultCertStoreCachePolicy());
  592. }
  593. /*
  594. * Default to DNS with a default cache policy
  595. */
  596. else
  597. {
  598. resolverProvider = new DNSCertStoreProvider(Collections.EMPTY_LIST,
  599. new KeyStoreCertificateStore(new File("DNSCacheStore")), new DefaultCertStoreCachePolicy());
  600. }
  601.  
  602. resolverProviders.add(resolverProvider);
  603. }
  604.  
  605. publicCertModule = new PublicCertStoreModule(resolverProviders);
  606. }
  607.  
  608. protected void buildPrivateCertStore()
  609. {
  610. Provider<CertificateResolver> resolverProvider = null;
  611.  
  612.  
  613. Setting setting = null;
  614. String storeType;
  615. try
  616. {
  617. setting = cfService.getSettingByName("PrivateStoreType");
  618. }
  619. catch (Exception e)
  620. {
  621. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting public store type: " + e.getMessage(), e);
  622. }
  623.  
  624. if (setting == null || setting.getValue() == null || setting.getValue().isEmpty())
  625. storeType = STORE_TYPE_WS; // default to WS
  626. else
  627. storeType = setting.getValue();
  628.  
  629.  
  630. /*
  631. * KeyStore based resolver
  632. */
  633. if (storeType.equalsIgnoreCase(STORE_TYPE_KEYSTORE))
  634. {
  635. Setting file;
  636. Setting pass;
  637. Setting privKeyPass;
  638. try
  639. {
  640. file = cfService.getSettingByName("PrivateStoreFile");
  641. pass = cfService.getSettingByName("PrivateStoreFilePass");
  642. privKeyPass = cfService.getSettingByName("PrivateStorePrivKeyPass");
  643. }
  644. catch (Exception e)
  645. {
  646. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting private store file settings: " + e.getMessage(), e);
  647. }
  648.  
  649. resolverProvider = new KeyStoreCertificateStoreProvider((file == null) ? null : file.getValue(),
  650. (pass == null) ? null : pass.getValue(), (privKeyPass == null) ? null : privKeyPass.getValue());
  651.  
  652. }
  653. else if(storeType.equalsIgnoreCase(STORE_TYPE_LDAP))
  654. {
  655. resolverProvider = buildLdapCertificateStoreProvider("PrivateStore", "LDAPPrivateCertStore");
  656. }
  657. else if (storeType.equalsIgnoreCase(STORE_TYPE_WS))
  658. {
  659. resolverProvider = new ConfigServiceCertificateStoreProvider(cfService,
  660. new KeyStoreCertificateStore(new File("WSPrivCacheStore"), "DefaultFilePass", "DefaultKeyPass"), new DefaultCertStoreCachePolicy());
  661. }
  662. else
  663. {
  664. throw new SmtpAgentException(SmtpAgentError.InvalidPrivateCertStoreSettings);
  665. }
  666.  
  667. privateCertModule = new PrivateCertStoreModule(resolverProvider);
  668.  
  669. }
  670.  
  671. private void buildMDNSettings()
  672. {
  673. Setting autoResponseSettings;
  674. Setting prodNameSetting;
  675. Setting textSetting;
  676. try
  677. {
  678. autoResponseSettings = cfService.getSettingByName("MDNAutoResponse");
  679. prodNameSetting = cfService.getSettingByName("MDNProdName");
  680. textSetting = cfService.getSettingByName("MDNText");
  681. }
  682. catch (Exception e)
  683. {
  684. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting MDN settings: " + e.getMessage(), e);
  685. }
  686.  
  687.  
  688. boolean autoResponse = (autoResponseSettings == null) ? false : Boolean.parseBoolean(autoResponseSettings.getValue());
  689. String prodName = (prodNameSetting == null) ? "" : prodNameSetting.getValue();
  690. String text = (textSetting == null) ? "" : textSetting.getValue();
  691.  
  692. notificationProducer = new NotificationProducer(new NotificationSettings(autoResponse, prodName, text));
  693.  
  694. }
  695.  
  696. private void buildMessageSettings(String type)
  697. {
  698. Setting folderSettings;
  699. try
  700. {
  701. folderSettings = cfService.getSettingByName(type + "MessageSaveFolder");
  702. }
  703. catch (Exception e)
  704. {
  705. throw new SmtpAgentException(SmtpAgentError.InvalidConfigurationFormat, "WebService error getting " + type + " message settings: " + e.getMessage(), e);
  706. }
  707.  
  708. String saveFolder = (folderSettings == null) ? null : folderSettings.getValue();
  709.  
  710. MessageProcessingSettings settings = null;
  711. if (type.equalsIgnoreCase(MESSAGE_SETTING_RAW))
  712. settings = rawSettings = new RawMessageSettings();
  713. else if (type.equalsIgnoreCase(MESSAGE_SETTING_INCOMING))
  714. settings = incomingSettings = new ProcessIncomingSettings();
  715. else if (type.equalsIgnoreCase(MESSAGE_SETTING_OUTGOING))
  716. settings = outgoingSettings = new ProcessOutgoingSettings();
  717. else if (type.equalsIgnoreCase(MESSAGE_SETTING_BAD))
  718. settings = badSettings = new ProcessBadMessageSettings();
  719.  
  720. if (saveFolder != null && settings != null)
  721. settings.setSaveMessageFolder(new File(saveFolder));
  722. }
  723. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!