[nhin-d] push by gm2...@cerner.com - Adding tag for agent-2.0.13. on 2015-01-28 19:15 GMT

5 views

Skip to first unread message

nhi...@googlecode.com

unread,

Jan 28, 2015, 2:15:31 PM1/28/15

to nhindirec...@googlegroups.com

Revision: 648bd35a5c61
Branch: default
Author: gm2552
Date: Wed Jan 28 19:15:01 2015 UTC
Log: Adding tag for agent-2.0.13.
https://code.google.com/p/nhin-d/source/detail?r=648bd35a5c61

Added:
/java/tags/agent-2.0.13/DNSNHINKeyStore
/java/tags/agent-2.0.13/pom.xml
/java/tags/agent-2.0.13/src/books/users-guide.xml
/java/tags/agent-2.0.13/src/books/users-guide/dev-arch.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-cert-gen.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-certresolver.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-cryptographer.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-dns-dumper.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-intro.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-ldap-dumper.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-maillib.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-nhindagent.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-tool-intro.confluence
/java/tags/agent-2.0.13/src/books/users-guide/dev-trustmodel.confluence
/java/tags/agent-2.0.13/src/books/users-guide/images/certGenOpen.png
/java/tags/agent-2.0.13/src/books/users-guide/images/createLeafOpen.png
/java/tags/agent-2.0.13/src/books/users-guide/images/createLeafOption.png
/java/tags/agent-2.0.13/src/books/users-guide/images/createLeafSuccess.png
/java/tags/agent-2.0.13/src/books/users-guide/images/highLevelArch.png
/java/tags/agent-2.0.13/src/books/users-guide/images/loadCAOpen.png
/java/tags/agent-2.0.13/src/books/users-guide/preface.apt

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/AddressSource.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/AgentError.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/AgentException.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/CryptoExtensions.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/DefaultMessageEnvelope.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/DefaultMessageSignatureImpl.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/DefaultNHINDAgent.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/IncomingMessage.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/MessageEnvelope.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/MessageSignature.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/MutableAgent.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDAddress.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDAddressCollection.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDAgent.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDAgentEventListener.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDException.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDStandard.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/OutgoingMessage.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/SignatureValidationException.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/AgentDomains.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/AgentPolicyFilter.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/PrivateCerts.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/PrivatePolicyResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/PublicCerts.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/PublicPolicyResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CacheableCertStore.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CertCacheFactory.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CertStoreCachePolicy.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CertificateResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CertificateStore.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/DefaultCertStoreCachePolicy.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/RevocationManager.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/SignerCertPair.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/Thumbprint.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/X509CertificateEx.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/X509Store.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/DNSCertificateStore.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/EmployLdapAuthInformation.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/KeyStoreCertificateStore.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/LDAPCertificateStore.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/LdapCertUtil.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/LdapCertUtilImpl.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/LdapEnvironment.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/LdapPublicCertUtilImpl.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/LdapStoreConfiguration.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/TrustAnchorCertificateStore.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/UniformCertificateStore.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/CertStoreKeyFile.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/CertStoreKeyFilePassword.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/CertStoreKeyFilePrivKeyPassword.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/DNSCertStoreBootstrap.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/DNSCertStoreCachePolicy.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/DNSCertStoreServers.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/IncomingTrustAnchorCerts.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/LdapEnvironmentAnnot.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/LdapReturningAttributes.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/LdapSearchBase.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/LdapSearchFilter.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/OutgoingTrustAnchorCerts.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/annotation/UniformCertStoreCerts.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/module/CertStoreKeyFileConfigModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/module/DNSCertStoreConfigModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/provider/DNSCertStoreProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/provider/KeyStoreCertificateStoreProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/provider/LdapCertificateStoreProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/provider/PublicLdapCertificateStoreProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/provider/TrustAnchorCertificateStoreProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/util/Lookup.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/util/LookupAdapter.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/impl/util/LookupFactory.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/CreatePKCS12.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/DNSCertDumper.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/LDAPCertDumper.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/StripP12Passphrase.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/TrustTest.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/certgen/CAPanel.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/certgen/CertCreateFields.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/certgen/CertGenerator.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/certgen/CertLoader.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/certgen/DirectProjectCertGenerator.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/certgen/LeafCertGenDialog.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/certgen/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/tools/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/Cryptographer.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/CryptographicException.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/DigestAlgorithm.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/EncryptionAlgorithm.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/EncryptionError.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/EncryptionException.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/SMIMECryptographerImpl.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/SMIMEStandard.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/SignatureError.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/SignatureException.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/SignedEntity.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/annotation/IncludeEpilogInSig.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cryptography/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/MailStandard.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/Message.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/MimeEntity.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/MimeError.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/MimeException.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/MimeStandard.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/WrappedMessage.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/Disposition.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/ErrorType.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/MDNFactory.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/MDNStandard.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/MdnGateway.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/Notification.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/NotificationCreator.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/NotificationHelper.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/NotificationMessage.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/NotificationType.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/ReportingUserAgent.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/SendType.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/TriggerType.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/notifications/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/mail/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/module/AgentModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/module/PrivateCertStoreModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/module/PrivatePolicyResolverModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/module/PublicCertStoreModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/module/PublicPolicyResolverModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/module/TrustAnchorModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/module/TrustPolicyResolverModule.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/options/OptionsManager.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/options/OptionsParameter.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/options/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/parser/EntitySerializer.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/parser/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/policy/PolicyResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/policy/impl/DomainPolicyResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/policy/impl/UniversalPolicyResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/policy/impl/provider/DomainPolicyResolverProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/policy/impl/provider/UniversalPolicyResolverProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/policy/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/provider/DefaultNHINDAgentProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/DefaultTrustAnchorResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/TrustAnchorResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/TrustChainValidator.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/TrustEnforcementStatus.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/TrustError.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/TrustException.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/TrustModel.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/annotation/IncomingTrustAnchors.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/annotation/OutgoingTrustAnchors.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/annotation/TrustPolicyFilter.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/annotation/TrustPolicyResolver.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/package-info.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/provider/MultiDomainTrustAnchorResolverProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/trust/provider/UniformTrustAnchorResolverProvider.java

/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/utils/InjectionUtils.java
/java/tags/agent-2.0.13/src/main/resources/cache.ccf
/java/tags/agent-2.0.13/src/report/findbugs-exclude.xml
/java/tags/agent-2.0.13/src/site/resources/css/site.css
/java/tags/agent-2.0.13/src/site/resources/images/logo.png
/java/tags/agent-2.0.13/src/site/site.xml
/java/tags/agent-2.0.13/src/site/xdoc/index.xml

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/LDAPResearchTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyAttributeTypeProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyComparatorProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyDitContentRuleProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyDitStructureRuleProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyMatchingRuleProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyMatchingRuleUseProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyNameFormProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyNormalizerProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyObjectClassProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyObjectFactoryProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeySchema.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeyStateFactoryProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeySyntaxCheckerProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/ldap/PrivkeySyntaxProducer.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/CRLManagerTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/CryptoExtensions_getJCEProviderNameForTypeAndAlgorithmTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/CryptoExtensions_registerJCEProvidersTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultMessageSignatureImpl_CheckThumbprint_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_DecryptSignedContent_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessIncomingMessage_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessIncoming_AsMessageEnvelope_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessIncoming_AsMimeMessage_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessIncoming_AsRawString_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessIncoming_RawStringAndAddresses_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessIncoming_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessOutgoingMessage_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessOutgoing_AsMessageEnvelope_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessOutgoing_AsRawString_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessOutgoing_RawStringAndAddresses_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_ProcessOutgoing_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_bindAddressesIncomingMessageTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_bindAddressesOutgoingMessageTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/DefaultNHINDAgent_filterCertificateByPolicyTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/IncomingMessageTestModule.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/MockJCEProvider.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/NHINDAddressTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/NHINDAgentEventListenerAdapter.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/NHINDAgentTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/CertificateStore_getUsableCertsTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/AttributeAdapter.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/AttributesAdapter.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager_getCRLCollectionTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager_getCacheFileNameTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager_getCrlFromUriTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager_initCRLCacheLocationTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager_isCRLDispPointDefinedTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager_performanceTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager_removeCRLCacheFileTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/CRLRevocationManager_writeCRLCacheFileTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/DNSCertificateServiceTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/DNSCertificateStore_constructTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/DNSCertificateStore_convertIPKIXRecordToCertTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/DNSCertificateStore_getDefaultCachePolicyTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/DNSCertificateStore_getServerQuerySettingsTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/DNSCertificateStore_lookupDNSTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/DigestAlgorithm_fromStringTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/EncryptionAlgorithm_fromStringTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/JCSAdapter.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/KeyStoreCertificateStore_GetCertificates_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LDAPCertificateStore_AddOrUpdateLocalStoreDelegate_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LDAPCertificateStore_GetCertificates_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LDAPCertificateStore_functional_test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LDAPCertificateStore_getDefaultCachePolicyTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LDAPPublicCertUtil_createLDAPUrl_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LDAPPublicCertUtil_ldapSearch_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LdapCertUtilImpl_LdapSearch_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LdapCertUtilImpl_ProcessPKCS12FileFormatAndAddToCertificates_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/LdapCertificateStoreTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cert/impl/provider/PublicLdapCertifictaeStoreProvider_getResolver_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cryptography/CryptographerTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cryptography/SMIMECryptographerImpl_checkSignature_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/cryptography/SMIMECryptographerImpl_constructTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/james/mailet/JamesLoader.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/james/mailet/MailSender.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/keystore/KeyStoreCreate.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/mail/WrappedMessageTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/mail/notifications/MDNFactory_createTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/mail/notifications/NotificationMessage_createNotificationForTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/mail/notifications/NotificationTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsManagerUtils.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsManager_addInitParametersTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsManager_getParamTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsManager_initTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsManager_loadParamsFromPropertiesFileTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsManager_setParamTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsManager_setParamsTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsParameter_constructAndGetTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsParameter_getParamValueAsBooleanTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/options/OptionsParameter_getParamValueAsIntegerTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/policy/impl/DomainPolicyResolver_contstuctTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/policy/impl/DomainPolicyResolver_getPolicyTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/policy/impl/UniversalPolicyResolver_constructTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/policy/impl/UniversalPolicyResolver_getPolicyTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/testmodules/AgentTestModule.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/testmodules/CertResolverTestModule.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/testmodules/TrustAnchorResolverTestModule.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustChainValidator_IntermidiateCert_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustChainValidator_crlCheckTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustChainValidator_downloadCertFromAIATest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustChainValidator_downloadCertsFromAIATest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustChainValidator_getIntermediateCertsByAIATest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustChainValidator_resolveIssuersTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustModel_EnforceIncomingMessage_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustModel_EnforceOutgoingMessage_Test.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustModel_findTrustedSignatureTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/trust/TrustModel_isCertPolicyCompliantTest.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/utils/BaseTestPlan.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/utils/SecondaryMimeMessage.java

/java/tags/agent-2.0.13/src/test/java/org/nhindirect/stagent/utils/TestUtils.java

/java/tags/agent-2.0.13/src/test/resources/certs/AlAnd...@hospitalA.direct.visionshareinc.com.der
/java/tags/agent-2.0.13/src/test/resources/certs/CernerDirect Cert
Professional Community CA.der
/java/tags/agent-2.0.13/src/test/resources/certs/CernerDirect DevCert
Provider CA.der
/java/tags/agent-2.0.13/src/test/resources/certs/CernerRoot.der
/java/tags/agent-2.0.13/src/test/resources/certs/Check Signature CA.der
/java/tags/agent-2.0.13/src/test/resources/certs/Check Signature CAKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/RDI-CA-certificate.der

/java/tags/agent-2.0.13/src/test/resources/certs/SESTestAccount-DataEncryption.der

/java/tags/agent-2.0.13/src/test/resources/certs/SESTestAccount-Signiture.der

/java/tags/agent-2.0.13/src/test/resources/certs/SES_Test_Account_Encryption.der

/java/tags/agent-2.0.13/src/test/resources/certs/SES_Test_Account_Signing.der
/java/tags/agent-2.0.13/src/test/resources/certs/Test Alt Name CA ROO.der
/java/tags/agent-2.0.13/src/test/resources/certs/Test Alt Name CA
ROOKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/altNameOnly.der
/java/tags/agent-2.0.13/src/test/resources/certs/altNameOnlyKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/bob.der
/java/tags/agent-2.0.13/src/test/resources/certs/cacert.der
/java/tags/agent-2.0.13/src/test/resources/certs/cernerDemosCaCert.der
/java/tags/agent-2.0.13/src/test/resources/certs/cernerdemos.der
/java/tags/agent-2.0.13/src/test/resources/certs/cernerdemosKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/cert-a.der
/java/tags/agent-2.0.13/src/test/resources/certs/cert-b.der
/java/tags/agent-2.0.13/src/test/resources/certs/cert-c.der
/java/tags/agent-2.0.13/src/test/resources/certs/certCheckA.der
/java/tags/agent-2.0.13/src/test/resources/certs/certCheckA.p12
/java/tags/agent-2.0.13/src/test/resources/certs/certCheckAKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/certCheckB.der
/java/tags/agent-2.0.13/src/test/resources/certs/certCheckB.p12
/java/tags/agent-2.0.13/src/test/resources/certs/certCheckBKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/cmsRandomizer.p7b

/java/tags/agent-2.0.13/src/test/resources/certs/demo.sandboxcernerdirect.com.der
/java/tags/agent-2.0.13/src/test/resources/certs/dev.der
/java/tags/agent-2.0.13/src/test/resources/certs/devkey.der
/java/tags/agent-2.0.13/src/test/resources/certs/expired.der
/java/tags/agent-2.0.13/src/test/resources/certs/expiredKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/externCaCert.der
/java/tags/agent-2.0.13/src/test/resources/certs/externUser1.der
/java/tags/agent-2.0.13/src/test/resources/certs/externUser1key.der
/java/tags/agent-2.0.13/src/test/resources/certs/gm2552.der
/java/tags/agent-2.0.13/src/test/resources/certs/gm2552Key.der
/java/tags/agent-2.0.13/src/test/resources/certs/gm2552KeyEnc.der
/java/tags/agent-2.0.13/src/test/resources/certs/gm2552encrypted.p12

/java/tags/agent-2.0.13/src/test/resources/certs/gr...@messaging.cerner.com.der

/java/tags/agent-2.0.13/src/test/resources/certs/gr...@messaging.cerner.com.p12
/java/tags/agent-2.0.13/src/test/resources/certs/highlandclinic.der
/java/tags/agent-2.0.13/src/test/resources/certs/highlandclinicKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/messaging.cerner.com.der
/java/tags/agent-2.0.13/src/test/resources/certs/messaging.cerner.com.p12
/java/tags/agent-2.0.13/src/test/resources/certs/messagingExternal.der
/java/tags/agent-2.0.13/src/test/resources/certs/messagingExternalKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/msanchor.der
/java/tags/agent-2.0.13/src/test/resources/certs/mshost.der
/java/tags/agent-2.0.13/src/test/resources/certs/ryan.der
/java/tags/agent-2.0.13/src/test/resources/certs/ryanKey.der

/java/tags/agent-2.0.13/src/test/resources/certs/secureHealthEmailCACert.der

/java/tags/agent-2.0.13/src/test/resources/certs/secureHealthEmailCACertKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/ses.der
/java/tags/agent-2.0.13/src/test/resources/certs/test.email.com.der
/java/tags/agent-2.0.13/src/test/resources/certs/test.email.comKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/uhin.cer
/java/tags/agent-2.0.13/src/test/resources/certs/umesh.der
/java/tags/agent-2.0.13/src/test/resources/certs/umeshKey.der
/java/tags/agent-2.0.13/src/test/resources/certs/user1.der
/java/tags/agent-2.0.13/src/test/resources/certs/user1key.der
/java/tags/agent-2.0.13/src/test/resources/crl/certs.crl
/java/tags/agent-2.0.13/src/test/resources/crl/keystore
/java/tags/agent-2.0.13/src/test/resources/keystores/internalKeystore
/java/tags/agent-2.0.13/src/test/resources/ldifs/privCertsOnly.ldif
/java/tags/agent-2.0.13/src/test/resources/log4j.properties

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/CCTestMessage.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/DSNMessage.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/EncAttachment.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/EncAttachment2.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/EncryptedMessage.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/EncryptedMessage2.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/EncryptedMessage3.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/LargeEncAttachment.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/LargeMsgWithAttachments.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/MDNMessage.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/MDNResponse.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/MessageWithAUntrustedRecipient.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/MessageWithAllUntrustedRecipients.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/MessageWithAttachment.txt

/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/MultipartMimeMessage.txt
/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/raw1.txt
/java/tags/agent-2.0.13/src/test/resources/org/nhindirect/stagent/raw2.txt
/java/tags/agent-2.0.13/src/test/resources/pkcs11Config/pkcs11.cfg
/java/tags/agent-2.0.13/tools/certGen.bat
/java/tags/agent-2.0.13/tools/certGen.sh
/java/tags/agent-2.0.13/tools/createPKCS12.sh
/java/tags/agent-2.0.13/tools/dnsCertDumper.bat
/java/tags/agent-2.0.13/tools/dnsCertDumper.sh
/java/tags/agent-2.0.13/tools/ldapCertDumper.bat
/java/tags/agent-2.0.13/tools/ldapCertDumper.sh
/java/tags/agent-2.0.13/tools/stripP12Pass.sh
Modified:

/java/agent/src/main/java/org/nhindirect/stagent/cert/impl/DNSCertificateStore.java
/java/agent/src/main/java/org/nhindirect/stagent/cert/tools/TrustTest.java

/java/agent/src/main/java/org/nhindirect/stagent/cryptography/SMIMECryptographerImpl.java

/java/agent/src/main/java/org/nhindirect/stagent/trust/TrustChainValidator.java
/java/agent/src/site/apt/releaseNotes.apt

=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/DNSNHINKeyStore Wed Jan 28 19:15:01 2015 UTC
Binary file, no diff available.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/pom.xml Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,577 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd ">
+ <groupId>org.nhind</groupId>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>agent</artifactId>
+ <name>Direct Project Security And Trust Agent</name>
+ <version>2.0.13</version>
+ <description>Direct Project Security And Trust Agent</description>
+ <inceptionYear>2010</inceptionYear>
+
<url>http://api.nhindirect.org/x/www/api.nhindirect.org/java/site/agent/${project.version}</url>
+ <developers>
+ <developer>
+ <name>Greg Meyer</name>
+ <id>GM2552</id>
+ <email>gm2...@cerner.com</email>
+ <roles>
+ <role>owner</role>
+ </roles>
+ </developer>
+ <developer>
+ <name>Manjiri Namjoshi</name>
+ <id>NM019057</id>
+ <email>Manjiri....@cerner.com</email>
+ </developer>
+ <developer>
+ <name>John Pavlecich</name>
+ <id>JP018858</id>
+ <email>John.Pa...@cerner.com</email>
+ </developer>
+ </developers>
+ <organization>
+ <name>NHIN Direct</name>
+ <url>http://nhindirect.org</url>
+ </organization>
+ <prerequisites>
+ <maven>2.0.4</maven>
+ </prerequisites>
+ <scm>
+
<url>http://code.google.com/p/nhin-d/source/browse/#hg/java/agent</url>
+
<connection>scm:hg:https://nhin-d.googlecode.com/hg/nhin-d/java/agent</connection>
+ </scm>
+ <issueManagement>
+ <system>Google Code</system>
+ <url>http://code.google.com/p/nhin-d/issues/list</url>
+ </issueManagement>
+ <licenses>
+ <license>
+ <name>New BSD License</name>
+ <url>http://nhindirect.org/BSDLicense</url>
+ </license>
+ </licenses>
+ <dependencies>
+ <dependency>
+ <groupId>org.nhind</groupId>
+ <artifactId>direct-policy</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.nhind</groupId>
+ <artifactId>direct-common</artifactId>
+ <version>1.3</version>
+ <exclusions>
+ <exclusion>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.google.inject</groupId>
+ <artifactId>guice</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.4</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>1.1.1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>1.4</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.james</groupId>
+ <artifactId>apache-jsieve-mailet</artifactId>
+ <version>0.4</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>3.8.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ <version>1.4.3</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-core</artifactId>
+ <version>1.0.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.shared</groupId>
+ <artifactId>shared-ldap</artifactId>
+ <version>0.9.5.5</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-server-jndi</artifactId>
+ <version>1.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-protocol-ldap</artifactId>
+ <version>1.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>1.5.6</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-server-unit</artifactId>
+ <version>1.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ <version>140</version>
+ </dependency>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcmail-jdk15</artifactId>
+ <version>140</version>
+ </dependency>
+ <dependency>
+ <groupId>dnsjava</groupId>
+ <artifactId>dnsjava</artifactId>
+ <version>2.0.8</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jcs</groupId>
+ <artifactId>jcs</artifactId>
+ <version>1.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>nlog4j</artifactId>
+ <version>1.2.25</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.8.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <extensions>
+ <extension>
+ <groupId>org.apache.maven.wagon</groupId>
+ <artifactId>wagon-webdav</artifactId>
+ <version>RELEASE</version>
+ </extension>
+ <extension>
+ <groupId>org.apache.maven.wagon</groupId>
+ <artifactId>wagon-ssh-external</artifactId>
+ <version>2.2</version>
+ </extension>
+ <extension>
+ <groupId>org.apache.maven.wagon</groupId>
+ <artifactId>wagon-ssh</artifactId>
+ <version>2.2</version>
+ </extension>
+ <extension>
+ <groupId>org.apache.maven.wagon</groupId>
+ <artifactId>wagon-ssh-common</artifactId>
+ <version>2.2</version>
+ </extension>
+ </extensions>
+ <resources>
+ <resource>
+ <directory>src/main/resources</directory>
+ </resource>
+ <resource>
+ <targetPath>lib</targetPath>
+ <directory>${project.basedir}/lib</directory>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ </testResource>
+ <testResource>
+ <targetPath>lib</targetPath>
+ <directory>${project.basedir}/lib</directory>
+ </testResource>
+ </testResources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>copy-dependencies</goal>
+ </goals>
+ <configuration>
+
<outputDirectory>${project.basedir}/target/lib</outputDirectory>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jxr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>testCompile</goal>
+ </goals>
+ <phase>compile</phase>
+ </execution>
+ </executions>
+ <configuration>
+ <fork>true</fork>
+ <optimize>true</optimize>
+ <showDeprecation>true</showDeprecation>
+ <encoding>UTF-8</encoding>
+ <source>1.6</source>
+ <target>1.6</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <version>2.0.3</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>com.atlassian.maven.plugins</groupId>
+ <artifactId>maven-clover2-plugin</artifactId>
+ <version>3.0.5</version>
+ <configuration>
+ <jdk>1.6</jdk>
+ <licenseLocation>
+ ${project.basedir}/../licenses/clover.license
+ </licenseLocation>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>pre-site</phase>
+ <goals>
+ <goal>instrument</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <archive>
+ <index>true</index>
+

+ </archive>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.2</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ 
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>book</id>
+ <phase>pre-site</phase>
+ <configuration>
+ <tasks>
+ <copy
todir="${project.build.directory}/generated-site/xdoc/users-guide/images/">
+ <fileset
dir="${basedir}/src/books/users-guide/images/" />
+ </copy>
+ <copy
todir="${project.build.directory}/site/users-guide/images/">
+ <fileset
dir="${basedir}/src/books/users-guide/images/" />
+ </copy>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.doxia</groupId>
+ <artifactId>doxia-maven-plugin</artifactId>
+ <version>1.2</version>
+ <executions>
+ <execution>
+ <phase>pre-site</phase>
+ <goals>
+ <goal>render-books</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <books>
+ <book>
+ <directory>src/books/users-guide</directory>
+ <descriptor>src/books/users-guide.xml</descriptor>
+ <formats>
+ <format>
+ <id>xdoc</id>
+ </format>
+ </formats>
+ </book>
+ </books>
+ </configuration>
+ <dependencies>
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ <version>1.5.12</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven.doxia</groupId>
+ <artifactId>doxia-decoration-model</artifactId>
+ <version>1.2</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven.doxia</groupId>
+ <artifactId>doxia-module-confluence</artifactId>
+ <version>1.2</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ 
+ </plugins>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-release-plugin</artifactId>
+ <version>2.0</version>
+ <configuration>
+
<tagBase>scm:hg:https://nhin-d.googlecode.com/hg/nhin-d/java/tags</tagBase>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <version>2.1.1</version>
+ <dependencies>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <version>2.1.1</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-project-info-reports-plugin</artifactId>
+ <version>2.4</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <version>2.6.1</version>
+ <configuration>
+ <charset>UTF-8</charset>
+ <docencoding>UTF-8</docencoding>
+ <docfilessubdirs>true</docfilessubdirs>
+ <detectJavaApiLink>true</detectJavaApiLink>
+ <detectLinks>true</detectLinks>
+ <source>1.6</source>
+ <show>public</show>
+ <excludePackageNames>
+
org.nhindirect.stagent.annotation:org.nhindirect.stagent.cert.impl:org.nhindirect.stagent.cert.impl.annotation:org.nhindirect.stagent.cert.impl.module:org.nhindirect.stagent.cert.impl.provider:org.nhindirect.stagent.cryptography.annotation:org.nhindirect.stagent.module:org.nhindirect.stagent.provider:org.nhindirect.stagent.trust.annotation:org.nhindirect.stagent.trust.provider:org.nhindirect.stagent.utils:org.nhindirect.stagent.policy.impl
+ </excludePackageNames>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-pmd-plugin</artifactId>
+ <configuration>
+ <targetJdk>1.6</targetJdk>
+ </configuration>
+ </plugin>
+ 
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jxr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-changelog-plugin</artifactId>
+ <configuration>
+ <dates>
+ 
+ <date>2012-05-01</date>
+ </dates>
+ <outputEncoding>UTF-8</outputEncoding>
+ <type>date</type>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>clirr-maven-plugin</artifactId>
+ <configuration>
+ <minSeverity>info</minSeverity>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>findbugs-maven-plugin</artifactId>
+ <version>2.5</version>
+ <configuration>
+ <effort>Max</effort>
+
<excludeFilterFile>${project.basedir}/src/report/findbugs-exclude.xml</excludeFilterFile>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>taglist-maven-plugin</artifactId>
+ <configuration>
+ <tags>
+ <tag>FIXME</tag>
+ <tag>TODO</tag>
+ <tag>WARN</tag>
+ <tag>@deprecated</tag>
+ </tags>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>com.atlassian.maven.plugins</groupId>
+ <artifactId>maven-clover2-plugin</artifactId>
+ <version>3.0.5</version>
+ <configuration>
+ <licenseLocation>
+ ${project.basedir}/../licenses/clover.license
+ </licenseLocation>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+ <distributionManagement>
+ <site>
+ <id>nhind-site</id>
+ <name>NHIN Direct API publication site</name>
+
<url>sftp://api.nhindirect.org/x/www/api.nhindirect.org/java/site/agent/${project.version}</url>
+ </site>
+ <snapshotRepository>
+ <id>sonatype-snapshot</id>
+ <name>Sonatype OSS Maven SNAPSHOT Repository</name>
+ <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
+ <uniqueVersion>false</uniqueVersion>
+ </snapshotRepository>
+ <repository>
+ <id>sonatype-release</id>
+ <name>Sonatype OSS Maven Release Repositor</name>
+
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+ <uniqueVersion>false</uniqueVersion>
+ </repository>
+ </distributionManagement>
+</project>
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide.xml Wed Jan 28 19:15:01
2015 UTC
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<book xmlns="http://maven.apache.org/BOOK/1.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://maven.apache.org/BOOK/1.0.0 ../../../doxia/doxia-book/target/generated-site/xsd/book-1.0.0.xsd">
+ <id>users-guide</id>
+ <title>Security and Trust Agent Module Users Guide</title>
+ <chapters>
+ <chapter>
+ <id>preface</id>
+ <title>Preface</title>
+ <sections>
+ <section>
+ <id>preface</id>
+ </section>
+ </sections>
+ </chapter>
+ <chapter>
+ <id>dev</id>
+ <title>Developers Guide</title>
+ <sections>
+ <section>
+ <id>dev-intro</id>
+ </section>
+ <section>
+ <id>dev-arch</id>
+ </section>
+ <section>
+ <id>dev-nhindagent</id>
+ </section>
+ <section>
+ <id>dev-cryptographer</id>
+ </section>
+ <section>
+ <id>dev-certresolver</id>
+ </section>
+ <section>
+ <id>dev-trustmodel</id>
+ </section>
+ <section>
+ <id>dev-maillib</id>
+ </section>
+ <section>
+ <id>dev-cert-gen</id>
+ </section>
+ </sections>
+ </chapter>
+ <chapter>
+ <id>tools</id>
+ <title>Tools</title>
+ <sections>
+ <section>
+ <id>dev-tool-intro</id>
+ </section>
+ <section>
+ <id>dev-cert-gen</id>
+ </section>
+ <section>
+ <id>dev-dns-dumper</id>
+ </section>
+ <section>
+ <id>dev-ldap-dumper</id>
+ </section>
+ </sections>
+ </chapter>
+ </chapters>
+</book>
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/dev-arch.confluence Wed
Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,27 @@
+h1. Security and Trust Agent Architecture and Components
+
+At a high level the agent can be viewed as a black box that implements the
security and trust [specification|
http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Transport].
Digging deeper into the box, the agent consists of a directly consumable
API and several subsystems that can be directly consumed as stand-alone
components.
+
+!images/highLevelArch.png!
+
+Each component within the agent functions independently whilst the agent
orchestrates the business logic between the internal components.
+
+*Core Components and Interfaces*
+
+* *[NHINDAgent|./dev-nhindagent.html]*: Interface specification for the
security and trust agent. Incoming and outgoing messages are processed by
the agent according to the security and trust [specification|
http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Transport].
[JavaDoc|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/NHINDAgent.html]
+
+* *[Cryptographer|./dev-cryptographer.html]*: Interface specification for
message encryption/decryption and message signature operations. [JavaDoc|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/cryptography/Cryptographer.html]
+
+* *[CertificateResolver|./dev-certresolver.html]*: Certificate resolvers
are responsible for locating public and private X509 certificates for
destination and source addresses. Certificates are used for
encryption/decryption, message signing, and signature validation. [JavaDoc|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/cert/CertificateResolver.html]
+
+* *[TrustModel|./dev-trustmodel.html]*: Interface specification for the
trust enforcement policy. Trust is enforced by trust anchors, revocation
policies, and an optional set of intermediate certificates. [JavaDoc|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/trust/TrustModel.html]
+
+* *[Mail Library|./dev-maillib.html]*: Contains utility classes and
specific implementations of agent mail classes. The majority of the
classes are built on the [JavaMail|
http://java.sun.com/products/javamail/javadocs/index.html] API. [JavaDoc|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/mail/package-summary.html]
+
+Typically messages are processed by the agent using the appropriate
incoming or outgoing method and return either a processed message or throw
an exception if the message cannot be processed.
+
+h2. IoC and DI Support
+
+Inversion of control (IoC) and dependency injection (DI) are popular
design patterns for componentized software. Most of the components
support multiple IoC and DI frameworks through constructor and attribute
setter methods; however, the agent module is biased towards the Google
[Guice|http://code.google.com/p/google-guice] framework and supports Guice
specific constructs such as bindings, providers, and modules.
+
+Although the protocol implementation bridges provided by the gateway
[module|http://api.nhindirect.org/java/site/gateway/1.1] almost exclusively
instantiate component instances using Guice, component instances can be
instantiated directly without the use of DI.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/dev-cert-gen.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,113 @@
+h1. Certificate Generation
+
+The reference implementation source tree provides a simple tool for
creating root certificate authorities (CAs), intermediate certificates
authorities, and certificates. The tool is located under the
/java/agent/tools directory in the source tree and is named certGen.sh for
unix/linux based systems and certGen.bat for Windows.
+
+h2. Certificate Jargon
+
+The direct project uses X509 certificates for SMIME operations and X509
certificate authorities for enforcing message trust. A certificate
authority is actually just a certificate with certain fields, policies,
extensions. Specifically a certificate authority is a certificate that can
sign subordinate certificates using its private key and has its basic
constraint policy set to true. Root certificates are certificate
authorities whose issuer and subfields are the same.
+
+Intermediate certificate authorities or intermediate signing certificates
are certificate authorities that have been signed by a higher level
certificate authority and whose issuer is the certificate that signed the
intermediate certificate authority. As you can see, certificates can form
hierarchies called chains, and in some PKI infrastructures can become very
complex.
+
+A leaf certificate is a certificate that is at the bottom of a certificate
hierarchy.
+
+In the direct project, certificate authorities are used as anchors for
trust validation and leaf certificates are used for SMIME operations.
+
+h2. Generation Steps
+
+Numerous tools and commercial services are available for creating
certificate chains, but they all follow the same general steps. Take for
example a very simple certificate chain:
+
+# Generate and self sign a root certificate authority.
+# Generate a PKCS10 certificate request along with a public/private key
pair for a leaf certificate.
+# Sign the PKCS10 request using with the certificate authority.
+
+Open source tools such as openssl can be used to create your own
certificate authorities and leaf certificates. Other commercial services
such as Verisign and Entrust can sign certificate requests for leaf
certificate of intermediate signing certificates for a fee.
+
+h2. CertGen
+
+The certificate generation processes can be cumbersome for inexperienced
users or financially unfeasible for development purposes. Tools such as
openssl have a vast number of options and commands for creating a PKI
infrastructures, but the syntax can steps can be daunting. The CertGen
application is a GUI based tool for creating a simple certificate chain for
development purposes. *NOTE* Certificates generated by this tool
technically could be used for production HISP, however they do remotely
meet the requirements of a good certificate practice statement. They may,
however, be appropriate for pilot and laboratory purposes.
+
+The following sections will walk you through creating certificate chains
using the certGen tool.
+
+To run the tool, run the following command in the /java/agent/tools
directory:
+
+Windows:
+{code}
+certGen.bat
+{code}
+
+Unix/Linux/MAC
+
+{code}
+./certGen.sh
+{code}
+
+h3. Creating A Chain From Scratch
+
+The first step is creating a root certificate authority. The opening UI
of the tool gives you an option of creating a new root CA or loading a CA
from a pair of CA certificate and private key files.
+
+*NOTE* All files created by the tool are in DER format.
+
+!images/certGenOpen.png!
+
+To create a new root CA, select *_Create New CA_* and fill in the fields
with the appropriate values.
+
+The first six fields are used in the new CA's distinguished name. The
+
+* *CN:* Common name of the CA. This may be a short description of the
CA. For example "Example.com Root CA".
+* *Country:* The country where the institution creating the CA exists.
+* *State:* The state where the institution creating the CA exists.
+* *Location:* Generally the city where the institution creating the CA
exists.
+* *Org:* The name of the company, institution, or organization within an
institution creating the CA exists.
+* *Email:* Email address of the administrator of the CA. This email is
not related to the addresses used in certificate for signing and encrypting
messages.
+
+Remaining fields:
+
+* *Expiration:* Number of days from today that the CA will be valid.
Production level CAs are generally valid for up to 20 years, but the tool
defaults to 1 year.
+* *Key Strength:* The size in bits of the certificates public/private key
pair. Production level root CAs generally use a key strength of 4096 bits,
but the tool defaults to 1024 bits.
+* *Password:* The password used to protect the CA's private key (PKCS8)
file. This may be empty, however some third party tools may have
compatibility issues with empty passwords.
+* *Certificate Authority File* The name of the CAs public certificate
file. If this is left blank, the application will automatically create the
file using the email address if available other wise the CN field with the
extension *.der* in the current working directory.
+* *Private Key File* The name of the CAs private key file. If this is
left blank, the application will automatically create the file using the
email address if available other wise the CN field concatenated with the
extension *_key.der_* in the current working directory.
+* *Add Email To Alt Subject Name* If checked, the Email field is added to
the altSubjectName extension of the certificate.
+
+After all fields are filled in, clicking the *_create_* button will
generate the CA's certificate and PKCS8 private key files. The files will
either be created in the working directory or in the locations specified by
the *_Certificate Authority File_* and *_Private Key File_* fields. If the
CA is generated successfully, a message will be displayed indicated the
successful creation.
+
+At this point you now have the option of creating a leaf certificate by
clicking the *_Crecte Leaf Cert_* button.
+
+!images/createLeafOption.png!
+
+After clicking the *_Crecte Leaf Cert_* button, you are presented with the
dialog to create a leaf certificate. Many of the fields are pre-populated
with values from the CA.
+
+!images/createLeafOpen.png!
+
+The fields in the leaf certificate are almost identical to those in the CA
with a few semantic exceptions:
+
+* *CN:* Common name of the certificate. For user level certificates this
should be the name of the user. For org level certificates, this should be
thename of the domain that the certificate will be used for.
+* *Email:* For user level certificates, the email address of the user
asssociated with this certificate. For org level certificate, this *MUST*
name of the domain that the certificate will be used for.
+* *Add Email To Alt Subject Name:* This should be checked for leaf
certificates.
+* *Allowed To Sign Certificates:* This is used if for created intermediate
CAs and should not be checked for leaf certificates.
+
+After filling out all fields, click the *_create_* button to generate the
new leaf certificate. This will result in three new files that will be
located in the tool's working directory.
+
+* Public certificate file
+* Private key file
+* PKCS12 file.
+
+The names' of the files are generated using the username of the email
address of user level certificates or the domain name of org level
certificates. For example, if a leaf certificate is generated for the
email address _g...@example.com_, the following files are generate:
+
+!images/createLeafSuccess.png!
+
+* *greg.der* - The public certificate file.
+* *gregKey.def* - The PKCS8 private key file in PCKS8 format. This is
encrypted if the password field is populated.
+* *greg.p12* - The PCKS12 file that containes the public certificate and
private key. *NOTE* This file is not encrypted or password protected. It
is stored in a format that can be readily imported into the Direct
Project's config UI [tool|
http://api.nhindirect.org/java/site/gateway/1.2/users-guide/smtp-depl-wsconfig.html#PrivateCertStore].
+
+h3. Creating A Chain From An Existing CA
+
+If you already have a previously created certificate authority file and
its private key, you can generate leaf certificates from this CA.
+
+To create certificates from an existing CA, select the *_Load CA_* from
the tool's opening dialog.
+
+!images/loadCAOpen.png!
+
+Next populate the *_Certificate Authority File_* and *_Private Key File_*
fields with the location of the respective files. If the private key file
is password protected, you must fill in the *_Password_* field with the
correct password. After filling in all fields, click the *_Load_* button.
+
+If the CA is loaded successfully, all of the fields will be populated with
information from the CA. At this point you can now create leaf
certificates by clicking the *_Crecte Leaf Cert_* button.
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/books/users-guide/dev-certresolver.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,241 @@
+h1. Certificate Resolvers
+
+The agent utilizes X509 certificates for encryption and signature
purposes. Certificates are required for every destination (sometime
referred to in the Direct Project as a universal address). The Direct
Project network is made up a series of HISPs with each HISP containing one
or more destinations. A HISP maintains certificates for all if it's
destinations and must obtain public certificates for destinations owned by
other HISPs. The obvious looming question is how does the agent obtain
certificates for local and remote destinations.
+
+Certificates are obtained by the agent using the [CertificateResolver|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/cert/CertificateResolver.html]
interface.
+
+{code}
+package org.nhindirect.stagent.cert;
+
+public interface CertificateResolver
+{
+ public Collection<X509Certificate> getCertificates(InternetAddress
address);
+}
+{code}
+
+The agent passes the email address of the destination and obtains a list
of valid certificates for that address. *NOTE*: Because the agent
supports the concept of _"multiple circles of trust"_, a particular
destination may have multiple certificates.
+
+Now lets set some context with a couple of definitions:
+
+# *Local Destination*: An address/destination whose domain is controlled
by the agent.
+# *Remote Destination:* All other addresses that are not local
destinations.
+
+The [DefaultNHINDAgent|./dev-nhindagent.html#DefaultNHINDAgent] requires
two CertificteResolver instances: one for private certificates (local
destinations) and one for public certificates (remote destinations). In
many cases (if not most), the private and public resolver may use
completely different implementations. In any case, the private resolver
must be able to retrieve certificates from a medium that has access to the
certificates' private keys.
+
+The default agent supports multiple simultaneous resolvers for public
certificate resolution. Multiple public resolvers are configured by
passing a collection of resolvers to the agents constructor. The agent
uses each resolver in the order they are obtained by the collection's
Iterator. The agent only iterates through the resolvers until at least one
certificate is found; at that point iteration stops.
+
+The agent library provides the following resolver implementations:
+
+* *KeyStore* - Uses a Java keystore file to obtain certificates. The
keystore may contain both public and private certificates.
+* *DNS* - Uses DNS cert records to obtain public certificates.
+* *LDAP* - Uses an LDAP server to obtain certificates from a configured
LDAP location and schema. Generally this server holds private
certificates, however, server may contain both public and private
certificates.
+* *Public LDAP* - Dynamically discovers public LDAP servers based on the
address domain and obtains public certificates using the iNetOrgPerson
schema and anonymous binding.
+
+h2. Domain Level Certificates
+
+Domain or organization level certificates are a configuration option that
allows a domain to use one certificate for multiple destinations within a
domain.
+
+For user level certificate, each destination/address has its own
certificate with each certificate containing the email address in the
subjectAltName extension or legacy EMAIL field of the certificate's DN.
Example:
+
+* _Address:_ us...@cerner.com
+* _Certificate Subject:_ EMAILADDRESS=us...@cerner.com, CN=user1,
O=Cerner, ST=Missouri, C=US
+
+In this case the getCertificates() method of the CertificateResolver would
return the certificate specific to the address us...@cerner.com.
+
+For domain level certificates, the subjectAltName extension or legacy
EMAIL field only contains the domain name. Example:
+
+* _Address:_ bi...@nhind.hsgincubator.com
+* _Certificate Subject:_ EMAILADDRESS=nhind.hsgincubator.com,
CN=nhind.hsgincubator.com, OU=Incubator, O=HSG, L=Redmond, ST=WA, C=US
+
+In this case the certificate is a valid domain level certificate for all
addresses with the domain name nhind.hsgincubator.com.
+
+To obtain certificates, certificate resolvers search for user level
certificates first. If a user certificate cannot be located, it then
searches for a domain certificate. *NOTE*: A resolver will only return
either a user level or domain level certificate; it will not return both.
+
+
+h2. KeyStoreCertificateStore
+
+The KeyStoreCertificateStore provides the ability to load public and
private certificates from a Java keystore file. To initialize the store,
the class provides five constructor variants:
+
+{code}
+public KeyStoreCertificateStore()
+
+public KeyStoreCertificateStore(File keyStoreFile)
+
+public KeyStoreCertificateStore(File keyStoreFile, String keyStorePassword)
+
+@Inject
+public KeyStoreCertificateStore(@CertStoreKeyFile String keyStoreFileName,
+ @Nullable @CertStoreKeyFilePassword String keyStorePassword, @Nullable
@CertStoreKeyFilePrivKeyPassword String privateKeyPassword)
+
+public KeyStoreCertificateStore(File keyStoreFile, String
keyStorePassword, String privateKeyPassword)
+{code}
+
+The first is constructs an empty store and the key store and other
parameters must initialized using setter methods.
+
+The second takes a File descriptor with the location of the keystore
file. If the file does not exist, then the a new file is automatically
created without a password. A store created with this constructor cannot
store or obtain private keys.
+
+The third takes a File descriptor and a password to decrypt the keystore
file. As with the previous constructor the file is created if it does not
exist, but is created using the password to encrypt the file. To access
private keys, the store uses the keyStorePassword as the private key
password.
+
+The fourth includes a separate password for encrypting private keys. Also
the keyStoreFile is passed a string containing the path to the keystore
file. The keyStoreFileName is converted to a File descriptor. This
constructor is also used by Guice DI instantiation.
+
+The last is identical to the fourth constructor only different in that the
keyStoreFile is provided as a File descriptor.
+
+*Example*
+{code}
+ .
+ .
+ String keyPass = getFilePassword();
+ String privKeyPass = getPrivKeyPass();
+ File keyStoreFile = File("/opt/keystores/agentKeyStore");
+ CertificateResolver reslv = new KeyStoreCertificateStore(keyStoreFile,
keyPass, privKeyPass);
+ .
+ .
+ InternetAddress sender = getMessageSender(msg);
+ InternetAddress recip = getMessageRecip(msg);reslv.get
+ Collection<X509Certificate> privCerts = reslv.getCertificates(sender);
+ Collection<X509Certificate> pubCerts = reslv.getCertificates(recip);
+ .
+ .
+{code}
+
+h2. DNSCertificateStore
+
+The DNSCertificateStore uses DNS name resolution to obtain public
certificates in accordance to [RFC4398|
http://tools.ietf.org/html/rfc4398]. The DNSCertificateStore provides the
following constructors:
+
+{code}
+public DNSCertificateStore()
+
+public DNSCertificateStore(Collection<String> servers)
+
+@Inject
+public DNSCertificateStore(@DNSCertStoreServers Collection<String> servers,
+ @DNSCertStoreBootstrap CertificateStore bootstrapStore,
@DNSCertStoreCachePolicy CertStoreCachePolicy policy)
+{code}
+
+The first is constructs a default resolver and uses the local machine's
configure DNS servers to resolve certificates. It also creates a default
cache policy and a default key file based bootstrap store. Bootstrap
stores are used to initialize the resolver cache at instantiation time.
+
+The second allows you to override the DNS servers that the resolver will
use to locate CERT records.
+
+The last allows you to provide a custom bootstrap store and a custom cache
policy. Passing null for the server list for either constructor results in
the resolver using the machine's configured DNS servers.
+
+Certificate resolvers that use cache policies implement the
[CacheableCertStore|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/cert/CacheableCertStore.html]
interface. This interface allows the cache and bootstrap parameters to be
set after instance construction.
+
+*Example*
+{code}
+ .
+ .
+ File keyStoreFile = File("/opt/keystores/dnsBoostrapKeyStore");
+ CertificateResolver boostrap = new
KeyStoreCertificateStore(keyStoreFile);
+ CertStoreCachePolicy policy = new DefaultCertStoreCachePolicy();
+ CertificateResolver reslv = new DNSCertificateStore(null, boostrap,
policy);
+ .
+ .
+ InternetAddress recip = getMessageRecip(msg);
+ Collection<X509Certificate> pubCerts = reslv.getCertificates(recip);
+ .
+ .
+{code}
+
+
+h2. LDAPCertificateStore
+
+The LDAPCertificateStore implements two variants based on the LdapCertUtil
implementation that is passed in the constructors:
+
+The LDAPCertificateStore provides the following constructors:
+
+{code}
+public LDAPCertificateStore()
+
+public LDAPCertificateStore(LdapCertUtilImpl ldapCertUtil,
+ CertificateStore bootstrapStore, CertStoreCachePolicy policy)
+
+public LDAPCertificateStore(LdapCertUtil ldapCertUtil,
+ CertificateStore bootstrapStore, CertStoreCachePolicy policy)
+
+public LDAPCertificateStore()
+{code}
+
+*NOTE* The first constructor is a remnant of an older version of the
certificate store and is maintained for passivity and compatibility reasons.
+
+h3. Genereric/Private LDAP
+
+If the LdapCertUtilImpl implementation is provided, the
LDAPCertificateStore takes on the role of a generic LDAP based resolution
implementation to obtain public and private certificates from an LDAP
server.
+
+Similar the other certificate stores, the default constructor creates an
uninitialized store. However, the LDAPCertificateStore does not have
setter methods for LDAP configuration information (making it immutable).
You should use the second constructor to initialize the store.
+
+The second constructor accepts configuration information contained in the
LdapCertUtilImpl structure. Additionally it also allows you to provide a
custom bootstrap store and a custom cache policy (both parameters can be
null in which case the store will create a default bootstrap and cache
policy).
+
+
+
+{code}
+public LdapCertUtilImpl(LdapEnvironment ldapEnvironment, String
keyStorePassword, String certificateFormat)
+{code}
+
+First let's cover the keyStorePassword and certificateFormat parameters.
Generally LDAP will store the certificate in either an X.509 or PKCS12
format. The X.509 format is generally for public certificates only and
does not contain any private key information, therefore it does require a
keyStorePassword. The [PKCS12|http://en.wikipedia.org/wiki/PKCS12] format
combines both the public certificate along with the private key and
requires a password to access the information stored in the entry. *NOTE*:
A limitation of the LDAPCertificateStore is that is does not allow a
separate password for each certificate/private key entry; it uses the same
password for each entry.
+
+The LdapEnvironment structure contains the configuration information used
by the resolver to connect to and search the LDAP server.
+
+{code}
+public LdapEnvironment(@LdapEnvironmentAnnot Hashtable<String, String> env,
+ @LdapReturningAttributes String returningCertAttribute, @LdapSearchBase
String ldapSearchBase, @LdapSearchFilter String ldapSearchAttribute)
+{code}
+
+The first parameter is a map of JNDI environment parameters specific to an
LDAP connection.
+
+||Name||Value||Description||
+|java.naming.factory.initial|com.sun.jndi.ldap.LdapCtxFactory|Indicator to
JNDI to create an LDAP specific JNDI context|
+|java.naming.provider.url|ldap://<ldap server:port>|The URL or the LDAP
server. For high availability and fail over servers multiple servers may
be specified by separating each URL with a comma.|
+|java.naming.factory.initial|com.sun.jndi.ldap.LdapCtxFactory|Indicator to
JNDI to create an LDAP specific JNDI context|
+|com.sun.jndi.ldap.read.timeout|<Positive Integer>|The time out in milli
seconds for the initial connection to the LDAP store.|
+|java.naming.security.authentication|"simple" | "none"|Indicates if LDAP
connection will use a simple or anonymous (none) binding.|
+|java.naming.security.principal|<username>|For simple authentication, the
user name used for LDAP binding.|
+|java.naming.security.credentials|<password>|For simple authentication,
the password used for LDAP binding.|
+
+*NOTE*: The Guice provider facilitates setting connection parameters with
the LdapStoreConfiguration structure.
+
+The remaining parameters are used for certificate searching in the LDAP
server.
+
+||Parameter||Description||
+|ldapSearchBase|The distinguished name used as the base of LDAP searches.|
+|ldapSearchAttribute|The attribute in the LDAP store that is used to match
a search query. This attribute enerally holds an email address or domain
name.|
+|returningCertAttribute|The attribute in the search query result that
holds the certificate file.|
+
+*Example*
+{code}
+ .
+ .
+ File keyStoreFile = File("/opt/keystores/dnsBoostrapKeyStore");
+ CertificateResolver boostrap = new
KeyStoreCertificateStore(keyStoreFile);
+ CertStoreCachePolicy policy = new DefaultCertStoreCachePolicy();
+ .
+ .
+ .
+ Hashtable<String, String> envParams = new Hashtable<String, String>();
+ envParams.add(Context.INITIAL_CONTEXT_FACTORY,
com.sun.jndi.ldap.LdapCtxFactory);
+ envParams.add(Context.PROVIDER_URL, "ldap://myldapserver:389");
+ envParams.add(com.sun.jndi.ldap.read.timeout, "10000");
+ envParams.add(Context.SECURITY_AUTHENTICATION, "simple");
+ envParams.add(Context.SECURITY_PRINCIPAL, "user");
+ envParams.add(Context.SECURITY_CREDENTIALSL, "password");
+
+
+ LdapEnvironment env = new
LdapEnvironment(envParams, "privKeyStore", "cn=users,ou=cerner,cn=com", "email");
+ LdapCertUtilImpl utilImpl = new
LdapCertUtilImpl(env, "pa$$word", "pkcs12");
+ CertificateResolver reslv = new DNSCertificateStore(null, boostrap,
policy);
+ .
+ .
+ InternetAddress recip = getMessageSender(msg);
+ Collection<X509Certificate> pubCerts = reslv.getCertificates(recip);
+ .
+ .
+{code}
+
+h3. Public LDAP
+
+If the LdapPublicCertUtilImpl implementation is provided, the
LDAPCertificateStore takes on the role of a public LDAP certificate
resolver. This implementation is much easier to configure as all discovery
of servers and base DNs are dynamic. However, this implementation provides
a completely different purpose than the previous implementation. The
public LDAP resolver standardizes the way certificates are discovered using
LDAP much the same way the DNS resolvers standardizes DNS discovery. The
public LDAP resolver discovers certificates using the following steps:
+
+# Discovers the location of the LDAP server(s) using DNS SRV records. The
format of the DNS SRV name is _ldap._tcp.<address domain name>. The
returned SRV records contain the LDAP server(s) host name and port.
+# Connects the LDAP server using anonymous bind.
+# Discovers the base DNs (naming contexts).
+# Performs a query on each base DNs using the mail attribute of the
iNetOrgPerson schema.
+# Returns each certificate in the userSMIMECertificate attribute of the
iNetOrgPerson schema. Certificates are expected to be in binary format as
defined by [RFC2798|http://www.ietf.org/rfc/rfc2798.txt]
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/books/users-guide/dev-cryptographer.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,104 @@
+h1. Cryptographer
+
+Cryptographers are responsible for encrypting, decrypting, signing, and
validating signatures and support multiple message container constructs.
They are defined by the [Cryptographer|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/cryptography/Cryptographer.html]
interface.
+
+{code}
+package org.nhindirect.stagent.cryptography;
+
+public interface Cryptographer
+{
+
+ public MimeEntity encrypt(MimeMultipart entity, X509Certificate
encryptingCertificate);
+
+ public MimeEntity encrypt(MimeMultipart mmEntity,
Collection<X509Certificate> encryptingCertificates);
+
+ public MimeEntity encrypt(MimeEntity entity, X509Certificate
encryptingCertificate);
+
+ public MimeEntity encrypt(MimeEntity entity,
Collection<X509Certificate> encryptingCertificates);
+
+ public MimeEntity decrypt(Message message, X509CertificateEx
decryptingCertificate);
+
+ public MimeEntity decrypt(MimeEntity encryptedEntity,
X509CertificateEx decryptingCertificate);
+
+ public MimeEntity decrypt(MimeEntity encryptedEntity,
Collection<X509CertificateEx> decryptingCertificates);
+
+ public SignedEntity sign(Message message, X509Certificate
signingCertificate);
+
+ public SignedEntity sign(Message message, Collection<X509Certificate>
signingCertificates);
+
+ public SignedEntity sign(MimeEntity entity, X509Certificate
signingCertificate);
+
+ public SignedEntity sign(MimeEntity entity,
Collection<X509Certificate> signingCertificates);
+
+ public void checkSignature(SignedEntity signedEntity, X509Certificate
signerCertificate, Collection<X509Certificate> anchors) throws
SignatureValidationException;
+
+ public CMSSignedData deserializeSignatureEnvelope(SignedEntity entity);
+
+ public CMSSignedData deserializeEnvelopedSignature(MimeEntity
envelopeEntity);
+
+ public CMSSignedData deserializeEnvelopedSignature(byte[]
messageBytes);
+
+}
+{code}
+
+Although the cryptography classes do not enforce the content type of the
messages provided to the each method, the security and trust agent uses the
following series of cryptography tasks in order:
+
+*Outgoing Messages*
+# Sign Message
+# Encrypt Message
+
+*Incoming Message*
+# Decrypt Message
+# Validate Signature
+
+*NOTE*: All of the following method descriptions assume the SMIME
implementation.
+
+h2. Encrypt
+
+The Encrypt method and its variants accept a message that needs to be
encrypted and the public certificate of each recipient. The methods
generates a random symmetric key to encrypt the message based on the
implementation's configured encryption algorithm such as AES128. The
message is encrypted using the symmetric key, and the key is then encrypted
using each public certificate. Each encrypted version of the symmetric key
is stored in the final message and can only be decrypted be the recipients'
private key.
+
+All variants result in the same output: an MimeEntity that contains an
SMIME encrypted version of the original message. The raw representation is
base64 encoded.
+
+h2. Decrypt
+
+The Decrypt method and its variants accept a message that needs to be
decrypted and the private certificate of reach recipient. The message must
be a valid encrypted message using the cryptographer's expected format such
as SMIME. This method uses the recipients' private keys to extract the
symmetric key from the message. Only one valid private key needs to be
found in the collection of certificates to extract the symmetric key. Once
the symmetric key is extracted, the message content is then decrypted using
the algorithm specified in the message.
+
+
+All variants result in the same output: an MimeEntity that contains the
decrypted version of the original message.
+
+h2. Sign
+
+The Sign method and its variants accept a message that needs to be signed
and private certificate(s) of the sender. The methods generates a digest
of the message based on the implementation's configured digest algorithm
such as SHA1. The message also provides other attributes such as the
signers public key(s) and produces a digital signature using the provided
private key.
+
+All variants result in the same output: an SignedEntity object that
contains the original message and a signature block. The raw
representation of the or the SignedEnity is a multipart MIME that contains
two parts: the original message in the first part and a detached signature
in the second part. The signature block is base64 encoded.
+
+h2. CheckSignature
+
+The CheckSignature method asserts the validity and integrity of a signed
message using the sender's public certificate. The method validates that
the signature in the messages signature block matches the provided public
certificate and validates that the message has not been tampered with using
the message digest. *NOTE*: You should not extract the certificate from
the signature block and provide it as the signerCertificate parameter as
this essentially defeats the purpose of validation. The signerCertificate
should be obtained from a public certificate store. However, the extracted
certificate is used for trust validation.
+
+This method returns without incident if the signature can be validated.
Otherwise an exception is thrown.
+
+*NOTE*: The default agent implementation does not use this method.
Instead it uses the MessageSignature interface to validate signatures on
incoming messages during the trust validation stage.
+
+h2. DeserializeSignatureEnvelope
+
+The DeserializeSignatureEnvelope method and its variants are utility
functions to extract the [CMS|
http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax] data embedded in
the message signature block. The latest version of CMS is decribed by
[RFC5652|http://tools.ietf.org/html/rfc5652].
+
+h2. SMIMECryptographerImpl
+
+The SMIMECryptographerImpl is an SMIME specific implementation of the
Cryptographer interface. Internal algorithms use the SMIME specification
to generate encrypted and signed message representation. It includes
multiple constructors depending on the consumer's needs. *NOTE*: The last
constructor signature is decorated with Guice specific annotations for
dependency injection. This class is also the default implementation of the
Cryptographer interface if no other implementation is provided Guice.
+
+{code}
+public SMIMECryptographerImpl()
+
+public SMIMECryptographerImpl(EncryptionAlgorithm encryptionAlgorithm,
DigestAlgorithm digestAlgorithm)
+{code}
+
+The fist constructor generates an SMIMECryptographerImpl instance
defaulting the encryption and digest algorithms to AES128 and SHA1
respectively. The algorithms can be changed later using setter methods.
+
+The second constructor different from the first only that the algorithms
are provided as constructor parameters.
+
+
+h3. Concurrent Programming
+
+All public methods of the SMIMECryptographerImpl are thread safe and can
be called concurrently.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/dev-dns-dumper.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,45 @@
+h1. DNS Certificate Dumper
+
+The reference implementation source tree provides a tool retrieving user
and organizational certificates by email address or domain over DNS and
writing the certificate to a DER encoded file. The tool is located under
the /java/agent/tools directory in the source tree and is named
dnsCertDumper.sh for unix/linux based systems and dnsCertDumper.bat for
Windows.
+
+h2. DNS Certificate Resolution
+
+The Direct Project defines a method for resolving public certificates
using DNS CERT RR records. In some cases, it may be desirable to manually
download a public certificate using DNS and dump it to a file. The
dnsCertDumper tool uses the DNSCertificateResolver to locate certificates
using an email address or a domain name. Certificates are located using
the resolution algorithms defined by the Direct Project meaning the
resolver will look for user level certificates first then fall back to
searching for organizational certificates if a user level certificate can
not be found.
+
+h2. dnsCertDumper
+
+To run the tool, run the following command in the /java/agent/tools
directory:
+
+Windows:
+{code}
+dnsCertDumper.bat
+{code}
+
+Unix/Linux/MAC
+
+{code}
+./dnsCertDumper.sh
+{code}
+
+Running the tools without and parameters will display the options:
+
+{code}
+Usage:
+java DNSCertDumper (options)...
+
+options:
+-add address Email address of org/domain to retrieve certs for.
+
+-server Comma delimited list of DNS servers used for lookup.
+ Default: Local machine's configured DNS server(s)
+
+-out Out File Optional output file name for the cert.
+ Default: <email address>(<cert num>).der
+
+{code}
+
+* *Address:* This is the email address associated to the certificate that
you are search for. This can also be a domain name if you are searching
for an org level certificate only.
+* *Server:* If the server parameter is supplied, the underlying DNS
resolver will use the supplied DNS server instead of the local machine's
configured DNS server. This may be desirable if you are experiencing
difficulties with your DNS provier.
+* *Out:* The name of the file that will be generated. By default the tool
uses the email or domain name followed by the *_.der_* extension. In some
cases multiple certificates may be discovered. In this case The tool will
append a incrementing number starting with 1 enclosed in parenthesis to the
out file name.
+
+If one or more certificates are discovered, the files are written to DER
encoded files. If a file with the same name as the out file already
exists, the tool will over write the file with a new file.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/dev-intro.confluence Wed
Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,7 @@
+h1. About this Chapter
+
+This chapters describes the security and trust architecture and how to
consume the various components of the library.
+
+* [Agent Architecture|./dev-arch.html]
+
+
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/books/users-guide/dev-ldap-dumper.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,41 @@
+h1. DNS Certificate Dumper
+
+The reference implementation source tree provides a tool retrieving user
and organizational certificates by email address or domain using LDAP and
writing the certificate to a DER encoded file. The tool is located under
the /java/agent/tools directory in the source tree and is named
ldapCertDumper.sh for unix/linux based systems and ldapCertDumper.bat for
Windows.
+
+h2. DNS Certificate Resolution
+
+The Direct Project defines a method for resolving public certificates
using LDAP. In some cases, it may be desirable to manually download a
public certificate using LDAP and dump it to a file. The ldapCertDumper
tool uses the LDAPCertificateResolver with the public SRV resolver to
locate certificates using an email address or a domain name. Certificates
are located using the resolution algorithms defined by the Direct Project
meaning the resolver will look for user level certificates first then fall
back to searching for organizational certificates if a user level
certificate can not be found.
+
+h2. ldapCertDumper
+
+To run the tool, run the following command in the /java/agent/tools
directory:
+
+Windows:
+{code}
+ldapCertDumper.bat
+{code}
+
+Unix/Linux/MAC
+
+{code}
+./ldapCertDumper.sh
+{code}
+
+Running the tools without and parameters will display the options:
+
+{code}
+Usage:
+java LDAPCertDumper (options)...
+
+options:
+-add address Email address of org/domain to retrieve certs for.
+
+-out Out File Optional output file name for the cert.
+ Default: <email address>(<cert num>).der
+
+{code}
+
+* *Address:* This is the email address associated to the certificate that
you are search for. This can also be a domain name if you are searching
for an org level certificate only.
+* *Out:* The name of the file that will be generated. By default the tool
uses the email or domain name followed by the *_.der_* extension. In some
cases multiple certificates may be discovered. In this case The tool will
append a incrementing number starting with 1 enclosed in parenthesis to the
out file name.
+
+If one or more certificates are discovered, the files are written to DER
encoded files. If a file with the same name as the out file already
exists, the tool will over write the file with a new file.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/dev-maillib.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,39 @@
+h1. Mail Library
+
+The agent module contains various utility mail classes to facilitate
implementing the security and trust implementation.
+
+h2. MimeEntity
+
+The [MimeEnity|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/mail/MimeEntity.html]
class is an extension of the Java Mail [MimeBodyPart|
http://java.sun.com/products/javamail/javadocs/javax/mail/internet/MimeBodyPart.html]
with utility functions to determine if the entity consists of a multiple
part and serialization to a byte array.
+
+h2. NHINDAddress
+
+The [NHINDAddress|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/NHINDAddress.html]
class is an extension of the JavaMail [InternetAddress|
http://java.sun.com/products/javamail/javadocs/javax/mail/internet/InternetAddress.html]
with utility methods and attributes to bind certificates, store trust
anchors, and set the trust status. It also include simple parsing parsing.
+
+h2. WrappedMessage
+
+The [WrappedMessage|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/mail/WrappedMessage.html]
class is a utility class for wrapping messaging in an RFC822 container and
copying headers from the original message to the container. It also
provides unwrapping methods.
+
+h2. Message
+
+The [Message|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/mail/Message.html]
class is an extension of the Java Mail [MimeMessage|
http://java.sun.com/products/javamail/javadocs/javax/mail/internet/MimeMessage.html]
with utility methods to get specific header information in raw format and
serialization to a byte array.
+
+h2. MessageEnvelope
+
+The [MessageEnvelope|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/MessageEnvelope.html]
interface is a message wrapper that holds the original message and
additional attributes to categorize routing information such as reject
recipients and domain recipients.
+
+h2. DefaultMessageEnvelope
+
+The [DefaultMessageEnvelope|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/DefaultMessageEnvelope.html]
class is the default implementation of the MessageEnvelope interface.
+
+h2. IncomingMessage
+
+The [IncomingMessage|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/IncomingMessage.html]
class is an extension of the DefaultMessageEnvelope that exposes message
signatures and CMS data.
+
+h2. OutgoingMessage
+
+The [IncomingMessage|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/OutgoingMessage.html]
class is an extension of the DefaultMessageEnvelope. At this time is does
provide any other functionality above and beyond DefaultMessageEnvelope
other than strong typing.
+
+h2. EntitySerializer
+
+The [EntitySerializer|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/parser/EntitySerializer.html]
class is a utility class for serializing and deserializing message to and
from different message structures and raw representations.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/dev-nhindagent.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,607 @@
+h1. NHINDAgent
+
+The NHINDAgent is the main interface in the agent module and orchestrates
logic among its internal components to implement the security and trust
agent specification. Its objective is to process incoming and outgoing
messages according to the rules of the specification.
+
+{code}
+package org.nhindirect.stagent;
+
+@ImplementedBy(DefaultNHINDAgent.class)
+public interface NHINDAgent
+{
+
+ public Collection<String> getDomains();
+
+ public IncomingMessage processIncoming(String messageText);
+
+ public IncomingMessage processIncoming(String messageText,
NHINDAddressCollection recipients, NHINDAddress sender);
+
+ public IncomingMessage processIncoming(MessageEnvelope envelope);
+
+ public IncomingMessage processIncoming(MimeMessage msg);
+
+ public IncomingMessage processIncoming(IncomingMessage message);
+
+ public OutgoingMessage processOutgoing(String messageText);
+
+ public OutgoingMessage processOutgoing(String messageText,
NHINDAddressCollection recipients, NHINDAddress sender);
+
+ public OutgoingMessage processOutgoing(MessageEnvelope envelope);
+
+ public OutgoingMessage processOutgoing(OutgoingMessage message);
+}
+{code}
+
+The interface provides multiple signatures for processing inbound and
outbound messages depending on what message format is available to the
caller. Note that agent does not provide logic to discern if a message is
incoming or outgoing; it is the responsibility of the caller to make this
assertion. This is because the semantics of incoming and outgoing are
dependent on the runtime environment and protocol stack that the agent is
executing in.
+
+h2. ProcessOutgoing
+
+The ProcessOutgoing method and its variants accept a message that needs to
be signed and encrypted according to the security and trust specification.
All variants result in the same output: an OutgoingMessage that contains
the singed and encrypted version of the original message. To produce the
final outgoing message, the method uses the following high level algorithm.
+
+# If the message is presented in raw text format or as a MimeMessage, the
message is wrapped in a MessageEnvelope and the recipients and sender are
parsed. *NOTE*: The sender and recipients are obtained from the TO and
FROM routing headers. If the caller has access to other headers that may
supersede the TO and FROM routing headers (ex. RCPT TO SMTP header) , then
the caller should use a variant that allows the TO and FROM headers to be
overridden.
+# The message is placed in a message wrapper whose content is the original
message including all of the original message's headers and a content type
of _message/rfc822_. Only the routing headers and required messages
headers of the original message are copied to the message wrapper's
headers. This is necessary to protect potentially sensitive information
that may be in the original message's headers such as the subject. See the
_Message Wrapping_ section of the security and trust agent [specification|
http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Transport]
for full details.
+# Enforces the trust model ensuring that all recipients have valid
certificates and that the sender is allowed to send to each recipient
according to the trust policy. Recipients that are not trusted are placed
in the rejectedRecipients attributes of the returned OutgoingMessage. If
there are no trusted recipients, then an exception is thrown with an error
code of NoTrustedRecipients.
+# The message is signed using a detached signature with the senders
certificate(s) and private key(s). The result is a multipart MIME where
the first part is the wrapped message and the second part is a base64
encoded signature block (content type _application/pkcs7-signature;
name=smime.p7s; smime-type=signed-data_).
+# The message is encrypted using a random symmetric key and the symmetric
key is encrypted using each recipients' public key. The resulting message
is base64 encoded message with a content type of _application/pkcs7-mime;
smime-type=enveloped-data; name="smime.p7m"_.
+
+The final encrypted message can be retrieved from the OutgoingMessage
using the getMessage() method.
+
+h2. ProcessIncoming
+
+The ProcessIncomoing method and its variants accept a message that needs
to be decrypted and have the signature verified according to the security
and trust specification. All variants result in the same output: an
IncomingMessage that contains the sender's original message. To produce
the final incoming message, the method uses the following high level
algorithm.
+
+# If the message is presented in raw text format or as a MimeMessage, the
message is placed in a MessageEnvelope and the recipients and sender are
parsed. *NOTE*: The sender and recipients are obtained from the TO and
FROM routing headers. If the caller has access to other headers that may
supersede the TO and FROM routing headers (ex. RCPT TO SMTP header) , then
the caller should use a variant that allows the TO and FROM headers to be
overridden.
+# Categorizes the recipients list and ensures that valid recipients in the
agent's domain exist in the recipient list. If there are no recipients in
the message that belong to the agent's domain, then an exception is thrown
with an error code of NoTrustedRecipients.
+# Obtains valid public certificates for the sender and private keys for
the recipients.
+# Decrypts the message using the private certificates of the recipients
and the encrypted symmetric key. It practice, only one valid private key
is necessary because the message is encrypted using only one symmetric
key. As long as the agent can retrieve the symmetric key, the message can
be successfully decrypted. Trust of each recipient is validate in a later
stage. The result of the decryption stage is a multipart MIME with the
original wrapped message and a detached signature.
+# Unwraps the original message from the message wrapper located in the
first part of the multipart MIME from the previous step.
+# The message signature is validated using the senders public
certificate(s).
+# Enforces the trust model by ensuring that sender has a valid trust
anchor for each recipient. If the sender is not trusted by any recipients,
then an exception is thrown with an error code of NoTrustedRecipients.
+
+The final decrypted message can be retrieved from the IncomingMessage
using the getMessage() method.
+
+h2. Message Wrapping
+
+To protect potentially sensitive information from being exposed as the
message travels across the network backbone, the original message
(including all headers) is placed in a message wrapper with a content type
of _message/rfc822_. Only routing information and required headers are
copied to the message wrapper's header. The following examples shows an
original message and the message placed in a message wrapper.
+
+*Original Message*
+{code}
+To: exter...@starugh-stateline.com
+From: us...@cerner.com
+Subject: I-D ACTION:draft-ietf-mailext-pipeline-01.txt
+Date: Thu, 05 Jan 95 10:53:24 -0500
+Message-ID: <950105105...@IETF.CNR I.Reston.VA.US>
+Mime-Version: 1.0
+Content-type: Multipart/Mixed; boundary="NextPart"
+
+--NextPart
+
+Content-type: text/plain; charset="us-ascii"
+
+A Revised Internet-Draft is available from the on-line Internet-Drafts
directories.
+This draft is a work item of the Mail Extensions Working Group of the IETF.
+Title : SMTP Service Extension for Command Pipelining
+Author(s) : N. Freed, A. Cargille
+Filename : draft-ietf-mailext-pipeline-01.txt
+Pages : 9
+Date : 01/04/1995
+
+This memo defines an extension to the SMTP service whereby a server can
indicate
+the extent of its ability to accept multiple commands in a single TCP send
operation.
+Using a single TCP send operation for multiple commands can improve SMTP
+performance significantly.
+
+--NextPart
+
+Content-type: Message/External-body;
+name="draft-ietf-mailext-pipeline-01.txt";
+site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts"
+
+Content-Type: text/plain
+Content-ID: <199501041...@CNRI.Reston.VA.US>
+
+--NextPart
+{code}
+
+*Wrapped Message*
+{code}
+content-type: message/rfc822
+To: exter...@starugh-stateline.com
+From: us...@cerner.com
+Message-ID: <950105105...@IETF.CNR I.Reston.VA.US>
+Mime-Version: 1.0
+
+To: exter...@starugh-stateline.com
+From: us...@cerner.com
+Subject: I-D ACTION:draft-ietf-mailext-pipeline-01.txt
+Date: Thu, 05 Jan 95 10:53:24 -0500
+Message-ID: <950105105...@IETF.CNR I.Reston.VA.US>
+Mime-Version: 1.0
+Content-type: Multipart/Mixed; boundary="NextPart"
+
+--NextPart
+
+Content-type: text/plain; charset="us-ascii"
+
+A Revised Internet-Draft is available from the on-line Internet-Drafts
directories.
+This draft is a work item of the Mail Extensions Working Group of the IETF.
+Title : SMTP Service Extension for Command Pipelining
+Author(s) : N. Freed, A. Cargille
+Filename : draft-ietf-mailext-pipeline-01.txt
+Pages : 9
+Date : 01/04/1995
+
+This memo defines an extension to the SMTP service whereby a server can
indicate
+the extent of its ability to accept multiple commands in a single TCP send
operation.
+Using a single TCP send operation for multiple commands can improve SMTP
+performance significantly.
+
+--NextPart
+
+Content-type: Message/External-body;
+name="draft-ietf-mailext-pipeline-01.txt";
+site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts"
+
+Content-Type: text/plain
+Content-ID: <199501041...@CNRI.Reston.VA.US>
+
+--NextPart
+{code}
+
+h2. Certificate Resolution
+
+Certificates can be resolved in a variety of ways depending of the HISP's
operational structure. The agent requires three resolver implementations
be provided:
+
+# A public certificate resolver for obtaining certificates for
destinations outside of the agent's list of domains. DNS is the current
preferred method, but different implementations may use alternative methods
or combination of mediums.
+# A private certificate resolver for obtaining certificates and private
keys for destinations owned by agent's list of domains.
+# A trust anchor resolver for obtaining trusted certificate authorities
for each domain and optionally each user.
+
+Each resolver implementation requires different configuration parameters
depending on the implementation's resolution method.
+
+*NOTE*: To prevent bogus/rogue users from being added to a domain, the
trust anchor resolver must includes the local domain's certificate
authority.
+
+h2. Multi-Domain Support
+
+In some cases, a HISP may be hosting multiple domains. To support this
hosting model, the agent supports hosting multiple domains within one
instance of the agent.
+
+h2. DefaultNHINDAgent
+
+The DefaultNHINDAgent is exactly what its name implies; it is the default
implementation of the NHINDAgent interface. It includes multiple
constructors depending on the consumer's needs. *NOTE*: The last
constructor signature is decorated with Guice specific annotations for
dependency injection.
+
+{code}
+package org.nhindirect.stagent;
+
+public class DefaultNHINDAgent implements NHINDAgent
+{
+ public DefaultNHINDAgent(String domain, CertificateResolver
privateCerts, CertificateResolver publicCerts, TrustAnchorResolver anchors)
+ {
+
+ this(domain, privateCerts, publicCerts, anchors, TrustModel.Default,
SMIMECryptographerImpl.Default);
+ }
+
+ public DefaultNHINDAgent(Collection<String> domains,
CertificateResolver privateCerts, CertificateResolver publicCerts,
TrustAnchorResolver anchors)
+ {
+
+
+ this(domains, privateCerts, publicCerts, anchors, TrustModel.Default,
SMIMECryptographerImpl.Default);
+ }
+
+
+ public DefaultNHINDAgent(String domain, CertificateResolver
privateCerts, CertificateResolver publicCerts, TrustAnchorResolver anchors,
TrustModel trustModel, Cryptographer cryptographer)
+ {
+ this(Arrays.asList(new String[] {domain}), privateCerts, publicCerts,
anchors, trustModel, cryptographer);
+ }
+
+ @Inject
+ public DefaultNHINDAgent(@AgentDomains Collection<String> domains,
@PrivateCerts CertificateResolver privateCerts,
+ @PublicCerts CertificateResolver publicCerts, TrustAnchorResolver
anchors, TrustModel trustModel, Cryptographer cryptographer)
+}
+{code}
+
+h3. Concurrent Programming
+
+A good/scalable message system should support multiple threads of
execution for increased bandwidth. All public methods of the
DefaultNHINDAgent are thread safe and can be called concurrently.
+
+h3. Guice Providers and Modules
+
+The agent library contains a Guice provider for the DefaultNHINDAgent that
can be used along with the AgentModule for creating instance using a Guice
injector.
+
+*Agent Provider Example*
+
+{code}
+ Collection<String> domains = new ArrayList<String>();
+ domains.add("example.com");
+
+ // private certs are stored in a keystore for this example
+ Provider<CertificateResolver> privateCerts = new
KeyStoreCertificateStoreProvider("certStoreFile", "password", "password");
+
+ // get the trust anchors from the private keystore for this example
+ // certs can be extracted from a key store using alias names... the
getAnchorsFromCertStore function
+ // can use a configured set of aliases that are known to be trust
anchors
+ Collection<X509Certificate> anchors =
getAnchorsFromCertStore(privateCerts());
+
+ // use DNS for public certs with default settings
+ Provider<CertificateResolver> publicCerts = new
DNSCertStoreProvider(null, null, null);
+
+ // use a uniform trust resolver for this example
+ Provider<TrustAnchorResolver> trustAnchors = new
UniformTrustAnchorResolverProvider(anchors);
+
+ // use the same keystore for both public and private certs
+ Provider<NHINDAgent> agentProvider = new
DefaultNHINDAgentProvider(domains, publicCerts, privateCerts, trustAnchors);
+ AgentModule agentMod = new AgentModule();
+
+ // get a Guice Injector to create instances
+ Injector inj = Guice.createInjector(agentMod);
+ NHINDAgent agent = inj.getInstance(NHINDAgent.class);
+{code}
+
+h3. Limitations
+
+*Single Resolver Consfiguration*
+
+The default agent does not allow for different resolver configurations per
domain. One and only one resolver configuration can be used for the public
and private resolver parameters respectively.
+
+
+h2. Message Encryption Stage Representation
+
+The following examples illustrate what a message looks like at different
stages of the encryption process. It starts with an example message and
ends with the final encrypted message.
+
+*Original Message*
+{code}
+To: exter...@starugh-stateline.com
+From: us...@cerner.com
+Subject: I-D ACTION:draft-ietf-mailext-pipeline-01.txt
+Date: Thu, 05 Jan 95 10:53:24 -0500
+Message-ID: <950105105...@IETF.CNR I.Reston.VA.US>
+Mime-Version: 1.0
+Content-type: Multipart/Mixed; boundary="NextPart"
+
+--NextPart
+
+Content-type: text/plain; charset="us-ascii"
+
+A Revised Internet-Draft is available from the on-line Internet-Drafts
directories.
+This draft is a work item of the Mail Extensions Working Group of the IETF.
+Title : SMTP Service Extension for Command Pipelining
+Author(s) : N. Freed, A. Cargille
+Filename : draft-ietf-mailext-pipeline-01.txt
+Pages : 9
+Date : 01/04/1995
+
+This memo defines an extension to the SMTP service whereby a server can
indicate
+the extent of its ability to accept multiple commands in a single TCP send
operation.
+Using a single TCP send operation for multiple commands can improve SMTP
+performance significantly.
+
+--NextPart
+
+Content-type: Message/External-body;
+name="draft-ietf-mailext-pipeline-01.txt";
+site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts"
+
+Content-Type: text/plain
+Content-ID: <199501041...@CNRI.Reston.VA.US>
+
+--NextPart
+{code}
+
+*Message Wrapping*
+{code}
+content-type: message/rfc822
+To: exter...@starugh-stateline.com
+From: us...@cerner.com
+Message-ID: <950105105...@IETF.CNR I.Reston.VA.US>
+Mime-Version: 1.0
+
+To: exter...@starugh-stateline.com
+From: us...@cerner.com
+Subject: I-D ACTION:draft-ietf-mailext-pipeline-01.txt
+Date: Thu, 05 Jan 95 10:53:24 -0500
+Message-ID: <950105105...@IETF.CNR I.Reston.VA.US>
+Mime-Version: 1.0
+Content-type: Multipart/Mixed; boundary="NextPart"
+
+--NextPart
+
+Content-type: text/plain; charset="us-ascii"
+
+A Revised Internet-Draft is available from the on-line Internet-Drafts
directories.
+This draft is a work item of the Mail Extensions Working Group of the IETF.
+Title : SMTP Service Extension for Command Pipelining
+Author(s) : N. Freed, A. Cargille
+Filename : draft-ietf-mailext-pipeline-01.txt
+Pages : 9
+Date : 01/04/1995
+
+This memo defines an extension to the SMTP service whereby a server can
indicate
+the extent of its ability to accept multiple commands in a single TCP send
operation.
+Using a single TCP send operation for multiple commands can improve SMTP
+performance significantly.
+
+--NextPart
+
+Content-type: Message/External-body;
+name="draft-ietf-mailext-pipeline-01.txt";
+site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts"
+
+Content-Type: text/plain
+Content-ID: <199501041...@CNRI.Reston.VA.US>
+
+--NextPart
+{code}
+
+*Message Signing*
+{code}
+------=_Part_0_21243558.1286387638730
+content-type: message/rfc822
+
+To: exter...@starugh-stateline.com
+From: us...@cerner.com
+Subject: I-D ACTION:draft-ietf-mailext-pipeline-01.txt
+Date: Thu, 05 Jan 95 10:53:24 -0500
+Message-ID: <950105105...@IETF.CNR I.Reston.VA.US>
+Mime-Version: 1.0
+Content-type: Multipart/Mixed; boundary="NextPart"
+
+--NextPart
+
+Content-type: text/plain; charset="us-ascii"
+
+A Revised Internet-Draft is available from the on-line Internet-Drafts
directories.
+This draft is a work item of the Mail Extensions Working Group of the IETF.
+Title : SMTP Service Extension for Command Pipelining
+Author(s) : N. Freed, A. Cargille
+Filename : draft-ietf-mailext-pipeline-01.txt
+Pages : 9
+Date : 01/04/1995
+
+This memo defines an extension to the SMTP service whereby a server can
indicate
+the extent of its ability to accept multiple commands in a single TCP send
operation.
+Using a single TCP send operation for multiple commands can improve SMTP
+performance significantly.
+
+--NextPart
+
+Content-type: Message/External-body;
+name="draft-ietf-mailext-pipeline-01.txt";
+site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts"
+
+Content-Type: text/plain
+Content-ID: <199501041...@CNRI.Reston.VA.US>
+
+--NextPart
+
+------=_Part_0_21243558.1286387638730
+Content-Type: application/pkcs7-signature; name=smime.p7s;
smime-type=signed-data
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+Content-Description: S/MIME Cryptographic Signature
+
+MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIAwggSOMIID
+dqADAgECAgECMA0GCSqGSIb3DQEBBQUAMIGMMSEwHwYDVQQDExhDZXJuZXIgTkhJTkQgRGV2IFJv
+b3QgQ0ExCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNaXNzb3VyaTEUMBIGA1UEBxMLS2Fuc2FzIENp
+dHkxDzANBgNVBAoTBkNlcm5lcjEgMB4GCSqGSIb3DQEJARYRZ21leWVyQGNlcm5lci5jb20wHhcN
+MTAwNTE5MTMxOTQwWhcNMTEwNTE5MTMxOTQwWjBiMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWlz
+c291cmkxDzANBgNVBAoTBkNlcm5lcjEOMAwGA1UEAxMFdXNlcjExHzAdBgkqhkiG9w0BCQEWEHVz
+ZXIxQGNlcm5lci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgoy1w/X+09pTr
+iIc42XmLwdJr2eG7pMD9ljTCPLpzouwsmJpU0U9OviEZWefeuncf7nWNdaEDFj/x30pROqEbhiKR
+SxKoglqzFPmJ01Q/Lt5uRoQMMZtvz3t8q0yALvNjlEC6xnJcL/r0lx77p1+9ZgsuC1jKCWQJ6D+Q
+iclTwqfRPmIIHxfJuBuwrUYLBvY1BLrP9Ly78KP5AD1On334Ydzz6uf8HJMVFcwpoFX+xM/3h9QY
++dMheP+rV7VSpC8uy/QWkwD2Pd5HYIfrIMbukncw2TxK6PzW854ZQ3K4CoYT9I/iWkqtoA51w5as
+0RvCj1NRiqpm0BGTRQwNTm4tAgMBAAGjggEiMIIBHjAJBgNVHRMEAjAAMB0GA1UdDgQWBBT0beML
+ZrfSZVAb4GIShb19LG5+mDCBwQYDVR0jBIG5MIG2gBSBU9WcKIS9ksoWiJe9VYymwNZL56GBkqSB
+jzCBjDEhMB8GA1UEAxMYQ2VybmVyIE5ISU5EIERldiBSb290IENBMQswCQYDVQQGEwJVUzERMA8G
+A1UECBMITWlzc291cmkxFDASBgNVBAcTC0thbnNhcyBDaXR5MQ8wDQYDVQQKEwZDZXJuZXIxIDAe
+BgkqhkiG9w0BCQEWEWdtZXllckBjZXJuZXIuY29tggkA+CfsUESwtjIwLgYJYIZIAYb4QgEEBCEW
+H2h0dHBzOi8vd3d3LnNpYWwub3JnL2NhLWNybC5wZW0wDQYJKoZIhvcNAQEFBQADggEBAKbgrSBq
+4baAJ+kb7GDi5lHLLHjZzm6mUEW0FQM2lH5YlbtehcgItG8JfCqEui5+ukGI6vzYKvLG9y0Ykvgj
+xa1KIWU+nylaFEVp9OgX0rCIqP1KMRg38Tb2ME98H4jMGTXmiwflPPl0Xvw0D2gOAb3kaPoTXOd0
+T16rHlJpzzl9+se9C4YY4CRF6hcWgPz2vzOdPZ/wlFuTSPt3Vr7fXYYUWvq5OlG113PUrBZ/bpgC
+yuAPequn0sUULJjZHDYn95OAMPs2sgGU/+2IkRaFJ5+1+FLK9yVb4/CLC2vRq9GOJ+euZKpjig9E
+hgIHEZYLm9Jot06TvJMFXjDjOsos1roAADGCAmswggJnAgEBMIGSMIGMMSEwHwYDVQQDExhDZXJu
+ZXIgTkhJTkQgRGV2IFJvb3QgQ0ExCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNaXNzb3VyaTEUMBIG
+A1UEBxMLS2Fuc2FzIENpdHkxDzANBgNVBAoTBkNlcm5lcjEgMB4GCSqGSIb3DQEJARYRZ21leWVy
+QGNlcm5lci5jb20CAQIwCQYFKw4DAhoFAKCBrjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
+CSqGSIb3DQEJBTEPFw0xMDEwMDYxNzUzNTdaMCMGCSqGSIb3DQEJBDEWBBTSvrwZwgUHOvx4BZjg
+Ze/961GVZzBPBgkqhkiG9w0BCQ8xQjBAMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUr
+DgMCBzALBgkqhkiG9w0BBwEwDAYKKoZIhvcNAQkWATANBgkqhkiG9w0BAQEFAASCAQCUESfBD+rO
+ttcG8JzdRMBYEF3DhWZQGXucXqL7blfcA/pASIMWbO626/ttXTMquZcFf2uymN7aUTjaXL9Pup6C
+ZAW1AgRLcdG7c0neTBpFeWcz/S8E/GTpD0ZqBlUjA6A8G7vz11fUSYqC9KCTup/X9EJvZtNU7OlK
+gKONgZrsscUZnNsN4ChLd3yIYIsPBlNdtYgyoKYGhsYvlHQ3dDM1MgUhppZ08O3cCujSf7uh3Qij
+7Uf16cGLzPeNUD/c9g4QXuf9j9GPJIOu5FOrsK15ssXfAHBdJHvT5U8Z/r00xd4tirWI5S8u+SXZ
+cjNuY2wnS6xIpbTks+hONV8ZOpa5AAAAAAAA
+------=_Part_0_21243558.1286387638730--
+{code}
+
+*Encrypted*
+{code}
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Description: S/MIME Encrypted Message
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggFWMIIBUgIBADCBujCBtDEyMDAGA1UEAxMpU3RyYXVnaCBT
+dGF0ZSBMaW5lIENvcnAgTkhJTkQgRGV2IFJvb3QgQ0ExCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRJ
+b3dhMRQwEgYDVQQHEwtCcmFkZHl2aWxsZTEgMB4GA1UEChMXU3RyYXVnaCBTdGF0ZSBMaW5lIENv
+cnAxKjAoBgkqhkiG9w0BCQEWG2FkbWluQHN0YXJ1Z2gtc3RhdGVsaW5lLmNvbQIBAzANBgkqhkiG
+9w0BAQEFAASBgEclmWIWe29C0IrapkU6i8/Kw9lyk0NnnDzpYiBB20G8yd1BZ13j6FaIzm/nZ5ea
+EY+m/EhzQLOjBCyy2KPBVqowDhdQOc1PsNep1EfAikzLfCON5w2JQ0ju9OuTRMMdENuw0QmtEIhq
+9qu2tLMRkm/dNUBpd8RRcknv+S9IeBNGMIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED+MW2PV
+mnfuA7YI6hEGVY+ggASCA+hllNuGFPKOlocQOJKUy7rOZp1KK0owsHAY7LC77i8jOXmoddY10uTr
+3yOKt1PIzHPL8MQ94TGDHk1OaGPiYY41CLsxUqgtkPhs0qOr6mnPahsGPxP2vK6qBTy4tX6xWLys
+mmqfrndHku5XxWLoT1we2oOM5z5x9q9HlNR+XwLEZ7ZF1yGz9GYAWOE5Ea6JR8LTOQJtv0kJmwZh
+eJJl6sX+nASO9y+yPd8B/Ks8sCjeO2ADuHkln7JggYYRFoSJwtow/Bf2n5n/QMkH8dUuu1kvEIlK
+h5kQGogAUEIY+Hjbw8A/q6wo/ZuRW+5T7y4ynXIKUTxKMv1lks+WcZ6l7pwUFlbC3XjO1v0Ie12q
+ws17YKlhSVV09Or0aIKa0kzV1jiXqzQ7fu9r9CABvy1kOS+0DPZOii1Mqx2PESj5TTuztOuG9MIH
+kiOBZu5l6Tg4lIOky5b/3W1Ju2Scn4brvADSTFVhaipCN4B5Dm7a2XXzdMQBlYBEMwkysEIAOAVG
+V4QbZs0ppITyt40VNUVfaHH7iK8PQGaHYzkPVuvp2EuX9131flXe/YHP3nPBT7jzdYAHc27Pviq8
+v06MnARMC0Y+WjA22D5d9jEDKG370RWDQdW3Mh/D8JJUkyhln8PNFwfcVHZvgqeLrAQ4Xn5fbcyv
+4QwE2tNMylk0mmxvRuKgpC4h8tKWj4l9FhVIFepoRGb/1yy2DaGnNGD2cfNhd0XAOncnH0RVXxKj
+nRb/f5UO+wXqQIUVTsFvOZjIPEPN6r/mIg8KgPQNWA1u1oNLQgv6A73hHyXywvBzGMRqud/yfu8u
+9u41ZvvgnmhFaSFyotGLWh1j/U7u0DXfU8S/0tKPhd4eZD7IrTlIWw3gTpCh2Zr1da1Was/vJIij
+VBMGOLBwuXq9eDdfvMQzxqr/7nyv8z+Rw9Dbhq2uhOMP/czw78osMHZg6Eo16V9FuW5niGd4kHdq
+FRKfxkdArTaFxHNAKHS6UCmKC59XocNNjt16uVr4Yj6ZJD8AB8SNoCzzM+g0nRPUzGxvZ2o3Tnwv
+Dgzeib5ZMbIa7AXq473bOiwSRsXd9d9RcYNp4sc6vpjv6X/a7PHVbfXSDvUq3ZLyLRdgbn5uLQgu
+g9joRuVfuB2SG8traR72/JtKfr0P8HeIwCkpkcxX339a0li4LZMgvNHBvjrTJW5FBPALo/xW+OpI
+uqx3qxfH+3FG6nltUMx+0yHEC+rFWJKTFHlqCjuROM/BYDIYwkonsZS2KHNEuQVFefKOrw7lbl2n
+g8d8dNSUs/gf+46Pw5AxPAGqt3gn1Nc9XGlCjPnyeffc90X9zqDaeVIrQ4eg+8p2BIID6P/h8mL8
+EHv7YfwFM+4GK2EPwg7LvhUXnMsz91t7N9MUNJZv9+hVAcLHnx6FUEe1ZlYigws2kY5ZV6Mg2MXi
+vNOAvi8Ug4TRp7MN3JKPQN9+EdtIeE3uXBB90vBVq4SIcAbM3LH8qi2m8Ec4o5weMSuA+MnTsQe+
+VEmpPFlFGUty5YbmQVD6LnmZNm//rbvWe/4LvF4pd2IffGkWY6ewpS/OvYMfd46QGq/lv6goouyL
+8Lvb6hQb8FVwyik3g7ObYHy6r7pChfaPKeJlenoghT0Q1iHizymeeUxT0j4x9l/H4yhTE610kjk6
++tDEFwUFcbRyPf3DVtEE867HWbtDeYGYD/pZ/4f4AOVTVrD82XGbxg7rn9y5UhT1bk8PdaMEOwu/
+p3EUq6c+I2iXKvy9uxwIvrNDnNs/+tHlD4P9LQwFDoWrUMpudcgv99v6+jwDhmRf9ykOLjLdPHQB
+np4JVVg3ixOc7nGdLaGo8Hpm081TVg9JJKR/lYIpxj/sPcn56HzOlnw6hm4nKdlLipghiC0vzC5A
+6jR6EinmCQJt0/D0s3j4/q2hb9/dMBjeeNjj3+V401qYSX7lFXX5OETjefCblZVorxexzgeN2q3v
+HJfiQn2ilyzMz8seeBOAWbcQ51K4yasO7tm1REjjt0VmdQvdSwfQyzghvVAqBuQr6A7AZ9Ln4OZm
+7ZE/XkK1pIWpBuvKtncogc13cvJRKYwBair+TeEzlBtXqgsDUbcAchjqc1r5l9/F7LPTMP3YAGWn
+T5PfsxqIvYLt7Xe/AzpE82462ydc0RJyAEYAitIOL20I33j8gLTx+fx4z18lHN78Lib7IM/Sfdz/
+Z5YuvFFHR04k8Teium4LR86qkEczVa9+QAdQ6W/rphHhrBWyAbQyWL8MP6xYf7T5jZ7a8kk+b7MT
+HNipkLHNopexUvNwLlk9/sryxvN+34SxBWtoAF+7Es/IFdvgZnvAtm0+zEYNevhEx9C3T+iBH37P
+4I7BAxPuldGBeBxtactAAb0ScraLdvjFCCn0V8dLeBJyyh2L1tPb/VUE7KDei6xF/LsCyxTq8Eb7
+zgUZEiNzGnOhjcAG/4T7oxJ1J35/DOVg21yH2ftzszqJN/q7No1NwCZlFrYjBUnFJb6PMs+siW0H
+V0HyveYzLA8c1o1E/VoVgfDElmAMI4NquN9MHg1pjGzxRBslyeo05dPJ6Vd/yeBRA9EHtVG9cCE5
+ncQTRI44wLVx355dRxgv/DA5iocQGvGLONcqFdC1s1s3HQ1I3NGRf+V6gYNwaiqf5Hm+fR2P/Prv
+7xMct0/cS7ZaBXqncY+HLGFAWSKKdgEsWdYEggPou5PABH/esaEfsu9LEyMxlmhlzKanodrBLQIT
+j/uLHmUT8JiV7og9iP7gjVCzgCYcFSJJJEV8DLLMBwyilzH2H7a0poXbDDzMAVHahQB1uYOw0nom
+ZvaS7bq71R+UxOWcEeGxNaU0LT4CI5ZahcD7xkGZwhtdjC4aDggW8ocPXwKFSClFEKU6MCMCqQFz
+M2hw7gdAKAXfzoSJ01U0GOeGGoZHbZr0duCZ+JX29evM/gTU/ABeDA8KVfbMhR7Um9ZAcEnLJHen
+M6ib58HbljCSzDNzoT3mHO9enFuS/VWeN75nAJf0xnz78m3ANwjiMtm+4yB5pJvjzjCHSKBHDL5Q
+IqvLVqEw4NjfhIEjJCAC2tw+PErppHm5oPrzrUTwoy3el8k/U4/pxsodv3T+AZyozolN9lndEBXn
+ggZnNhjBbl6CSi/E6RlR0sx8Aoy+r0qo9Ol4VgZRLLMJ663YdEt7cQPQtH0lzwE5q9r6TuyKYRjW
+nC1zQaw51DVHRcvQWp3sOvY9bTW0VIbt2xWG8K8vaiFDLYMt1sVzkdgH6l6Pzf0ac0js3VbctNcW
+UovIxK6w2gQDQ/SZ76S5g14jgQlDliQUBEThts25V4Q9dlQB8MFUX9jjbgyLfSMrKiQL7/IeL0Eu
+XmPUAeki+PG3Ze2v7SQez9M631SO8hSdrfYPjW1i+sRhV4/8oD/62UYLppFat1LMI2VImHPnSOz5
+qmQJ/I2T+22osAsBiOkZONBB8HnNWkDkrCNMAF8N1tK+j+VuEEvOZNTaZNMy2vMPL63wAkq20iBT
+DTKDsehdORrAbQgK/WQxIeOOKlJHWKOiz0I/+up8oxw8V/W2TOlQlmoe5qE1S2CQ4v6Y9m+c++gm
+FDj1qGaM1lrWH8dAjEmQNHlmltm02cEXngwfmPlXYQlKqBGV7aDpU+TeX7RgJqY2lspbjF4YCSMJ
+dk0yfwgB6IAWyLy3AkHT5NIqC4VGXT42zFF0JWeN9vS0KaIPj2srIe5yifJ33lZq0AkOqYMXIF8w
+GLO4BxqDH3Yjdn2qVEqLtv2sGedrAEB6jeT5+77TJEkRA6U3C2QZR5B8Wf9dmXS5v7+WQvZvvXTu
+PA4zhg5MZdbP1yknLeJ0MjrwzgajjbF6gSvIFd1J2rgj2xFaUwEKg+CG+FCZeVTAxdmXt2Pa2SuH
+fH1r5ez37hXbKTnoNuzPgXUY9aLg0GI9U2fcTFQU9CCfhTj9n+lxaXbXRLwcugLkIcVhlGrOoSPe
+NhgT5dZBGkuUGewmrv4gIiGLV0B09E6T1XFbR4qEfmClDJLZ5wuUl/7b/LFnMpmBGd9fleZghf5B
+SfqtJASCA+jAdc6IeUn8mBR6CtX0SACAgopM1t5ukNtI/FLodYlWypi2YPZAJ6eg9lztBwEJ1D4B
+vg4Pw7TVsNabgPT+PaDqhWsmLPQ++3ENplL5VIUgRbeUcLI3Nq5fWNTZ1KymTeIh97XxAViG0dKs
+fDUa14Vz8TZB/3FzSpxhxQinnHaXC8Ks42vPZaelynrhGLUIGSx3+a1Kmobg2J6MUD4D78nqDCfW
+X9NTVBMABF3JmEqH3cgHRFnU0/C96mzORqU2DAmFFBe4J5nZsa8WpbqYM+b5pBh16wRnhI+uKFok
+jrlgiE8HwM0gwKvzYCVurgqiIUzlUWNfOeic5XlnEkNizvEOyRCTDqYBmdInUsJY+BGDq55I5C5I
+jC2hwR7mR1tIVaofz3uLx45MDpb8jkPha3v6JAmfExhyj3Vu4E3To3A0FbfFralXA7SofEAPZYg/
+xg2QPTsqW92D+ldksNs8oXb/pqRja/Bo3GGbKCNGZZIVU6ewvoG+kXJDNjqGC08Bmdo9TyNPB30q
+j85KLzMB8HgE8q6PH2SJsP/P/I75bGHGAhiUOre7i+grTkcKToy9f82y8IRlWKG4c6PTpZ9JHFYq
+TyH3ph1LK2K2qYel4Tzn14GAH7p4zvdSe9WYEyxSZ9qjlBZlPnlSFYWN3ERSiW8yE6dDSB05iC0T
+ibMaRizKi6igMXG9Dh5RMx8uj0IU039uL2nbpFGdLFPja7/rbI4Tdvcq4DmOPwNilIuPoa8RUSsP
+EedD59Hl/cbc/5MqVumiTl8g9gJRdmfZguvU12Y2zzhmvVYgbNc/kan/ofc9lPq1LTXYH1wIwwNS
+vTe0Ci0omJ4wdFkX9ICivI9QtYWVk7HmLQ+nFBZP3/us2WoWToicMN4lxMQ5kgmgMnY3EzlEYi2H
+SrqgcHsejK19jJDmjULvSxZfpFyF+8GS+LcZ7FtOGavgtaQfeDfz3cKGziHDZrQT/Kteygy3hzNU
+Lt7HmxUBc7EQ8lEI11Lcte0miLB3RLDtJstAhjldsiTlRylMImEZgJ96ZuMG8ntNoUVcu1IATINb
+3VghMgdS+W70qOPwVNbuovM0aqFE9+jWQgK5MQ8+nRsq+zJvzW0iYl9ToqgNN7aFvA/Msryn2AJZ
+Ldm2W1k4xRuD3AYjlRk6C8Zzsls2a1CZL6AlBcEMzNJe0o9Dz8Jt1kMYVeLX7bD217kzf5wf2Ne5
+D8zZ0UV+I3T98CQMCeMd/P5k0dJ/tupF7qfgmmK+CUdSV6+DurJJG3T57h6hWXEolTL9o4pkDill
+e5YxxqvcBtrbE2r1Y2NKdAy+uXZ0c4zf6W7dfLqWwc1sqicRZh+HBIIBUFtW1KonwWByh8LtHWhP
+vp18UnZquxXdmiflmxOvBHqutE/E50CLvPlp5ueRQzAAi9MIrmvMmL0cLHZ3wmZzM7/lyUrMNm5L
+Wnc7P3M9C52uCZi3kk7Pr/KnWH6rph2ISn2mYv1yNdJh7LtDjiKNEh8Ascf1gyjl8AwMgr4/8co6
+oIUhrvdtR5I46Hm8s0FoL5XKIwbOak3bI6dswQWmSEzhEhJpPjHcXeCX7p/tN6kMlJQxUKVp8lEU
+1KSobMVdrR8+grUFxp0DMo5g/evJjkINQoHzf6kkBomRlqCt82iZxcFXckgAGRTcDP4sWMlo9rGd
+g3/56tKnW00PvVy4BDQ5xcfc0fD+Q/owUXDYYniWjez3Kzdcg7svZXOAfCY2/T1j1lRyjnE5ZxRU
+8XPjMXn5i9c/DbIBtKR6nbXkGXTwR7U9PSh2jp2nQOasODaAfQAAAAAAAAAAAAA=
+{code}
+
+*Final Message*
+{code}
+From: us...@cerner.com
+To: exter...@starugh-stateline.com
+Message-ID: <950105105...@IETF.CNR I.Reston.VA.US>
+Mime-Version: 1.0
+content-type: application/pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Description: S/MIME Encrypted Message
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggFWMIIBUgIBADCBujCBtDEyMDAGA1UEAxMpU3RyYXVnaCBT
+dGF0ZSBMaW5lIENvcnAgTkhJTkQgRGV2IFJvb3QgQ0ExCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRJ
+b3dhMRQwEgYDVQQHEwtCcmFkZHl2aWxsZTEgMB4GA1UEChMXU3RyYXVnaCBTdGF0ZSBMaW5lIENv
+cnAxKjAoBgkqhkiG9w0BCQEWG2FkbWluQHN0YXJ1Z2gtc3RhdGVsaW5lLmNvbQIBAzANBgkqhkiG
+9w0BAQEFAASBgEclmWIWe29C0IrapkU6i8/Kw9lyk0NnnDzpYiBB20G8yd1BZ13j6FaIzm/nZ5ea
+EY+m/EhzQLOjBCyy2KPBVqowDhdQOc1PsNep1EfAikzLfCON5w2JQ0ju9OuTRMMdENuw0QmtEIhq
+9qu2tLMRkm/dNUBpd8RRcknv+S9IeBNGMIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED+MW2PV
+mnfuA7YI6hEGVY+ggASCA+hllNuGFPKOlocQOJKUy7rOZp1KK0owsHAY7LC77i8jOXmoddY10uTr
+3yOKt1PIzHPL8MQ94TGDHk1OaGPiYY41CLsxUqgtkPhs0qOr6mnPahsGPxP2vK6qBTy4tX6xWLys
+mmqfrndHku5XxWLoT1we2oOM5z5x9q9HlNR+XwLEZ7ZF1yGz9GYAWOE5Ea6JR8LTOQJtv0kJmwZh
+eJJl6sX+nASO9y+yPd8B/Ks8sCjeO2ADuHkln7JggYYRFoSJwtow/Bf2n5n/QMkH8dUuu1kvEIlK
+h5kQGogAUEIY+Hjbw8A/q6wo/ZuRW+5T7y4ynXIKUTxKMv1lks+WcZ6l7pwUFlbC3XjO1v0Ie12q
+ws17YKlhSVV09Or0aIKa0kzV1jiXqzQ7fu9r9CABvy1kOS+0DPZOii1Mqx2PESj5TTuztOuG9MIH
+kiOBZu5l6Tg4lIOky5b/3W1Ju2Scn4brvADSTFVhaipCN4B5Dm7a2XXzdMQBlYBEMwkysEIAOAVG
+V4QbZs0ppITyt40VNUVfaHH7iK8PQGaHYzkPVuvp2EuX9131flXe/YHP3nPBT7jzdYAHc27Pviq8
+v06MnARMC0Y+WjA22D5d9jEDKG370RWDQdW3Mh/D8JJUkyhln8PNFwfcVHZvgqeLrAQ4Xn5fbcyv
+4QwE2tNMylk0mmxvRuKgpC4h8tKWj4l9FhVIFepoRGb/1yy2DaGnNGD2cfNhd0XAOncnH0RVXxKj
+nRb/f5UO+wXqQIUVTsFvOZjIPEPN6r/mIg8KgPQNWA1u1oNLQgv6A73hHyXywvBzGMRqud/yfu8u
+9u41ZvvgnmhFaSFyotGLWh1j/U7u0DXfU8S/0tKPhd4eZD7IrTlIWw3gTpCh2Zr1da1Was/vJIij
+VBMGOLBwuXq9eDdfvMQzxqr/7nyv8z+Rw9Dbhq2uhOMP/czw78osMHZg6Eo16V9FuW5niGd4kHdq
+FRKfxkdArTaFxHNAKHS6UCmKC59XocNNjt16uVr4Yj6ZJD8AB8SNoCzzM+g0nRPUzGxvZ2o3Tnwv
+Dgzeib5ZMbIa7AXq473bOiwSRsXd9d9RcYNp4sc6vpjv6X/a7PHVbfXSDvUq3ZLyLRdgbn5uLQgu
+g9joRuVfuB2SG8traR72/JtKfr0P8HeIwCkpkcxX339a0li4LZMgvNHBvjrTJW5FBPALo/xW+OpI
+uqx3qxfH+3FG6nltUMx+0yHEC+rFWJKTFHlqCjuROM/BYDIYwkonsZS2KHNEuQVFefKOrw7lbl2n
+g8d8dNSUs/gf+46Pw5AxPAGqt3gn1Nc9XGlCjPnyeffc90X9zqDaeVIrQ4eg+8p2BIID6P/h8mL8
+EHv7YfwFM+4GK2EPwg7LvhUXnMsz91t7N9MUNJZv9+hVAcLHnx6FUEe1ZlYigws2kY5ZV6Mg2MXi
+vNOAvi8Ug4TRp7MN3JKPQN9+EdtIeE3uXBB90vBVq4SIcAbM3LH8qi2m8Ec4o5weMSuA+MnTsQe+
+VEmpPFlFGUty5YbmQVD6LnmZNm//rbvWe/4LvF4pd2IffGkWY6ewpS/OvYMfd46QGq/lv6goouyL
+8Lvb6hQb8FVwyik3g7ObYHy6r7pChfaPKeJlenoghT0Q1iHizymeeUxT0j4x9l/H4yhTE610kjk6
++tDEFwUFcbRyPf3DVtEE867HWbtDeYGYD/pZ/4f4AOVTVrD82XGbxg7rn9y5UhT1bk8PdaMEOwu/
+p3EUq6c+I2iXKvy9uxwIvrNDnNs/+tHlD4P9LQwFDoWrUMpudcgv99v6+jwDhmRf9ykOLjLdPHQB
+np4JVVg3ixOc7nGdLaGo8Hpm081TVg9JJKR/lYIpxj/sPcn56HzOlnw6hm4nKdlLipghiC0vzC5A
+6jR6EinmCQJt0/D0s3j4/q2hb9/dMBjeeNjj3+V401qYSX7lFXX5OETjefCblZVorxexzgeN2q3v
+HJfiQn2ilyzMz8seeBOAWbcQ51K4yasO7tm1REjjt0VmdQvdSwfQyzghvVAqBuQr6A7AZ9Ln4OZm
+7ZE/XkK1pIWpBuvKtncogc13cvJRKYwBair+TeEzlBtXqgsDUbcAchjqc1r5l9/F7LPTMP3YAGWn
+T5PfsxqIvYLt7Xe/AzpE82462ydc0RJyAEYAitIOL20I33j8gLTx+fx4z18lHN78Lib7IM/Sfdz/
+Z5YuvFFHR04k8Teium4LR86qkEczVa9+QAdQ6W/rphHhrBWyAbQyWL8MP6xYf7T5jZ7a8kk+b7MT
+HNipkLHNopexUvNwLlk9/sryxvN+34SxBWtoAF+7Es/IFdvgZnvAtm0+zEYNevhEx9C3T+iBH37P
+4I7BAxPuldGBeBxtactAAb0ScraLdvjFCCn0V8dLeBJyyh2L1tPb/VUE7KDei6xF/LsCyxTq8Eb7
+zgUZEiNzGnOhjcAG/4T7oxJ1J35/DOVg21yH2ftzszqJN/q7No1NwCZlFrYjBUnFJb6PMs+siW0H
+V0HyveYzLA8c1o1E/VoVgfDElmAMI4NquN9MHg1pjGzxRBslyeo05dPJ6Vd/yeBRA9EHtVG9cCE5
+ncQTRI44wLVx355dRxgv/DA5iocQGvGLONcqFdC1s1s3HQ1I3NGRf+V6gYNwaiqf5Hm+fR2P/Prv
+7xMct0/cS7ZaBXqncY+HLGFAWSKKdgEsWdYEggPou5PABH/esaEfsu9LEyMxlmhlzKanodrBLQIT
+j/uLHmUT8JiV7og9iP7gjVCzgCYcFSJJJEV8DLLMBwyilzH2H7a0poXbDDzMAVHahQB1uYOw0nom
+ZvaS7bq71R+UxOWcEeGxNaU0LT4CI5ZahcD7xkGZwhtdjC4aDggW8ocPXwKFSClFEKU6MCMCqQFz
+M2hw7gdAKAXfzoSJ01U0GOeGGoZHbZr0duCZ+JX29evM/gTU/ABeDA8KVfbMhR7Um9ZAcEnLJHen
+M6ib58HbljCSzDNzoT3mHO9enFuS/VWeN75nAJf0xnz78m3ANwjiMtm+4yB5pJvjzjCHSKBHDL5Q
+IqvLVqEw4NjfhIEjJCAC2tw+PErppHm5oPrzrUTwoy3el8k/U4/pxsodv3T+AZyozolN9lndEBXn
+ggZnNhjBbl6CSi/E6RlR0sx8Aoy+r0qo9Ol4VgZRLLMJ663YdEt7cQPQtH0lzwE5q9r6TuyKYRjW
+nC1zQaw51DVHRcvQWp3sOvY9bTW0VIbt2xWG8K8vaiFDLYMt1sVzkdgH6l6Pzf0ac0js3VbctNcW
+UovIxK6w2gQDQ/SZ76S5g14jgQlDliQUBEThts25V4Q9dlQB8MFUX9jjbgyLfSMrKiQL7/IeL0Eu
+XmPUAeki+PG3Ze2v7SQez9M631SO8hSdrfYPjW1i+sRhV4/8oD/62UYLppFat1LMI2VImHPnSOz5
+qmQJ/I2T+22osAsBiOkZONBB8HnNWkDkrCNMAF8N1tK+j+VuEEvOZNTaZNMy2vMPL63wAkq20iBT
+DTKDsehdORrAbQgK/WQxIeOOKlJHWKOiz0I/+up8oxw8V/W2TOlQlmoe5qE1S2CQ4v6Y9m+c++gm
+FDj1qGaM1lrWH8dAjEmQNHlmltm02cEXngwfmPlXYQlKqBGV7aDpU+TeX7RgJqY2lspbjF4YCSMJ
+dk0yfwgB6IAWyLy3AkHT5NIqC4VGXT42zFF0JWeN9vS0KaIPj2srIe5yifJ33lZq0AkOqYMXIF8w
+GLO4BxqDH3Yjdn2qVEqLtv2sGedrAEB6jeT5+77TJEkRA6U3C2QZR5B8Wf9dmXS5v7+WQvZvvXTu
+PA4zhg5MZdbP1yknLeJ0MjrwzgajjbF6gSvIFd1J2rgj2xFaUwEKg+CG+FCZeVTAxdmXt2Pa2SuH
+fH1r5ez37hXbKTnoNuzPgXUY9aLg0GI9U2fcTFQU9CCfhTj9n+lxaXbXRLwcugLkIcVhlGrOoSPe
+NhgT5dZBGkuUGewmrv4gIiGLV0B09E6T1XFbR4qEfmClDJLZ5wuUl/7b/LFnMpmBGd9fleZghf5B
+SfqtJASCA+jAdc6IeUn8mBR6CtX0SACAgopM1t5ukNtI/FLodYlWypi2YPZAJ6eg9lztBwEJ1D4B
+vg4Pw7TVsNabgPT+PaDqhWsmLPQ++3ENplL5VIUgRbeUcLI3Nq5fWNTZ1KymTeIh97XxAViG0dKs
+fDUa14Vz8TZB/3FzSpxhxQinnHaXC8Ks42vPZaelynrhGLUIGSx3+a1Kmobg2J6MUD4D78nqDCfW
+X9NTVBMABF3JmEqH3cgHRFnU0/C96mzORqU2DAmFFBe4J5nZsa8WpbqYM+b5pBh16wRnhI+uKFok
+jrlgiE8HwM0gwKvzYCVurgqiIUzlUWNfOeic5XlnEkNizvEOyRCTDqYBmdInUsJY+BGDq55I5C5I
+jC2hwR7mR1tIVaofz3uLx45MDpb8jkPha3v6JAmfExhyj3Vu4E3To3A0FbfFralXA7SofEAPZYg/
+xg2QPTsqW92D+ldksNs8oXb/pqRja/Bo3GGbKCNGZZIVU6ewvoG+kXJDNjqGC08Bmdo9TyNPB30q
+j85KLzMB8HgE8q6PH2SJsP/P/I75bGHGAhiUOre7i+grTkcKToy9f82y8IRlWKG4c6PTpZ9JHFYq
+TyH3ph1LK2K2qYel4Tzn14GAH7p4zvdSe9WYEyxSZ9qjlBZlPnlSFYWN3ERSiW8yE6dDSB05iC0T
+ibMaRizKi6igMXG9Dh5RMx8uj0IU039uL2nbpFGdLFPja7/rbI4Tdvcq4DmOPwNilIuPoa8RUSsP
+EedD59Hl/cbc/5MqVumiTl8g9gJRdmfZguvU12Y2zzhmvVYgbNc/kan/ofc9lPq1LTXYH1wIwwNS
+vTe0Ci0omJ4wdFkX9ICivI9QtYWVk7HmLQ+nFBZP3/us2WoWToicMN4lxMQ5kgmgMnY3EzlEYi2H
+SrqgcHsejK19jJDmjULvSxZfpFyF+8GS+LcZ7FtOGavgtaQfeDfz3cKGziHDZrQT/Kteygy3hzNU
+Lt7HmxUBc7EQ8lEI11Lcte0miLB3RLDtJstAhjldsiTlRylMImEZgJ96ZuMG8ntNoUVcu1IATINb
+3VghMgdS+W70qOPwVNbuovM0aqFE9+jWQgK5MQ8+nRsq+zJvzW0iYl9ToqgNN7aFvA/Msryn2AJZ
+Ldm2W1k4xRuD3AYjlRk6C8Zzsls2a1CZL6AlBcEMzNJe0o9Dz8Jt1kMYVeLX7bD217kzf5wf2Ne5
+D8zZ0UV+I3T98CQMCeMd/P5k0dJ/tupF7qfgmmK+CUdSV6+DurJJG3T57h6hWXEolTL9o4pkDill
+e5YxxqvcBtrbE2r1Y2NKdAy+uXZ0c4zf6W7dfLqWwc1sqicRZh+HBIIBUFtW1KonwWByh8LtHWhP
+vp18UnZquxXdmiflmxOvBHqutE/E50CLvPlp5ueRQzAAi9MIrmvMmL0cLHZ3wmZzM7/lyUrMNm5L
+Wnc7P3M9C52uCZi3kk7Pr/KnWH6rph2ISn2mYv1yNdJh7LtDjiKNEh8Ascf1gyjl8AwMgr4/8co6
+oIUhrvdtR5I46Hm8s0FoL5XKIwbOak3bI6dswQWmSEzhEhJpPjHcXeCX7p/tN6kMlJQxUKVp8lEU
+1KSobMVdrR8+grUFxp0DMo5g/evJjkINQoHzf6kkBomRlqCt82iZxcFXckgAGRTcDP4sWMlo9rGd
+g3/56tKnW00PvVy4BDQ5xcfc0fD+Q/owUXDYYniWjez3Kzdcg7svZXOAfCY2/T1j1lRyjnE5ZxRU
+8XPjMXn5i9c/DbIBtKR6nbXkGXTwR7U9PSh2jp2nQOasODaAfQAAAAAAAAAAAAA=
+{code}
+
+For incoming message, the process is reversed in order.
+
+*NOTE*: Running this process on the same original message in a debugger
should result in a slightly different encrypted message because a new
symtric encryption key is produced with each execution.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/dev-tool-intro.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,17 @@
+h1. About this Chapter
+
+This chapters describes tools that accompany the agent source code.
+
+The reference implementation's agent source tree provides a set of tools
to assist testing and development. The tools are located under the
/java/agent/tools directory in the source tree.
+
+*NOTE:* You will need to checkout the reference implementation source tree
first as described in the direct project software development [process|
http://wiki.directproject.org/Software+Development+Process]. You will also
need [maven|http://maven.apache.org/] installed to build the tools. After
checking out the source and installing maven, build the tools by running
the following command under the /java/agent directory:
+
+{code}
+mvn clean install
+{code}
+
+* [Certificate Generation|./dev-cert-gen.html]
+
+* [DNS Certificate Dumper|./dev-dns-dumper.html]
+
+* [LDAP Certificate Dumper|./dev-ldap-dumper.html]
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/dev-trustmodel.confluence
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,101 @@
+h1. Trust
+
+Arguably the most important aspect of the security and trust specification
is the trust model. The security and encryption algorithms can ensure that
a message is securely transported from one location to another without
being compromised or tampered with, but what value is a message if you do
not trust its contents? In theory anyone can setup a HISP, create
certificates, and claim to have some type of authoritative credentials. A
HISP user may be able to irrefutably validate their identity according to
their credentials (certificates), but how do you know you can trust the
content of the dialog? The security and trust model allows a HISP
to "filter" and accept messages only from HISPs that they deem trust
worthy. Transitively, a HISP should only allow users to create
destinations or "account" that they deem trust worthy. The leads into the
subject of identity proofing which is outside the scope of the trust
model. However as a rule of thumb, only HISPs that follow and prove to
abide by good certificate practices and identity proofing procedures should
be trusted.
+
+Trust is not an absolute indicator of truth in terms of content, but
subjective only in how much a recipient wants to trust the sender. In the
context of health care data, trust in content can result in life changing
decision and in extreme case life or death and needs to be dealt with
accordingly.
+
+The security and trust model provides a great deal of flexibility in
determining trust between HISPs and even individual users. Because
messages are signed using X509 standards, public key infrastructure (pkix)
can be used to "filter" message based on entities called trust anchors.
Every signing X509 certificate is created from a certificate authority, and
a public certificate authority file can be used to validate the
authenticity and issuer of an X509 certificate. In the most simple case, a
certificate authority (CA) is a trust anchor. If a HISP or user trusts a
particular trust anchor, then all certificates created by that anchor are
considered to be trusted. PKIX allows a great amount of flexibility and
granularity in terms of certificate validation with trust anchors. CAs can
create child CAs or signing certificates which in turn can create there own
certificates; this process is called chaining. When validating trust any
certificate in the chain can be used as a trust anchor (trust anchors all
also referred to as the most trusted certificate in a certificate chain),
but all certificates in the hierarchy between the certificate and the trust
anchor must be present to validate trust. At the most granular level, a
signing certificate itself may be used as its own trust anchor.
+
+The agent library supports the trust model through the trust model class
and the TrustAnchorResolver interface. The resolver is responsible for
locating anchors for a particular destination. As with certificate
resolvers, there are different implementation models based on the how trust
anchors are located and how they should be applied for a specific
destination (organization level vs. individual user).
+
+*NOTE*: Trust anchors should not be confused with CAs that are used
between SMTP or HTTP clients and servers. They essentially serve the same
purpose (validay trust between two entities), but satisfy different use
cases.
+
+h2. TrustAnchorResolver
+
+The TrustAnchorResolver interface specifies two methods for locating and
applying trust anchors: one for incoming message and one for outgoing
messages.
+
+{code}
+package org.nhindirect.stagent.trust;
+
+public interface TrustAnchorResolver
+{
+ CertificateResolver getOutgoingAnchors();
+
+ CertificateResolver getIncomingAnchors();
+}
+{code}
+
+The return value of each method is simply a CertificateResolver (trust
anchors are simply certificates), but the set of certificates returned by
the certificate resolver are governed by a different set of rules. With a
regular CertificateResolver, the return value of the getCertificates method
is a collection of certificate that represent the destination address
parameter. Trust anchors are different in that calling getCertificates
returns the configured set of trust anchors that a particular sender
trusts. Depending on the CertificateResolver implementation and
configuration, the configured set may be the same for all senders in a
given domain or may be different for each user. In some cases it may be
the same for every sender regardless of domain.
+
+In many cases the CertificateResolver for outgoing and incoming messages
return the same set of trust anchors. However they may be cases where a
HIPS or user trusts sending to particular HISPs and/or users, but trusts a
subset or completely different set of HISPs and/or users when receiving
messages.
+
+h2. DefaultTrustAnchorResolver
+
+The DefaultTrustAnchorResolver is the default implementation of the
TrustAnchorResolver interface. In allows multiple configurations of trust
anchors from a single set of trust anchors for both incoming and outgoing
messages to full blown CertificateResolver implementations.
+
+The first set of constructors take a set of trust anchors and creates a
[UniformCertificateStore|#UniformCertificateStore] as the certificate
resolver. Each variation that only takes one parameters uses the same
store for both incoming and outgoing certificate stores.
+{code}
+public DefaultTrustAnchorResolver(Collection<X509Certificate> anchors)
+
+public DefaultTrustAnchorResolver(Collection<X509Certificate>
outgoingAnchors, Collection<X509Certificate> incomingAnchors)
+
+public DefaultTrustAnchorResolver(X509Store anchors)
+
+public DefaultTrustAnchorResolver(X509Store outgoingAnchors, X509Store
incomingAnchors)
+{code}
+
+The other set of constructors take a specific CertificateResolver
implementation. Each implementation is configured to its own specification
and allows for very granular trust anchor resolution.
+
+{code}
+ public DefaultTrustAnchorResolver(CertificateResolver anchors)
+
+ @Inject
+ public DefaultTrustAnchorResolver(@OutgoingTrustAnchors
CertificateResolver outgoingAnchors,
+ @IncomingTrustAnchors CertificateResolver incomingAnchors)
+{code}
+
+As with the previous set, the first constructor uses the same resolver for
both incoming and outgoing messages. The last constructor is used by Guice
for dependency injection.
+
+h2. UniformCertificateStore
+
+The UniformCertificateStore is a very simple certificate resolver for
trust anchors. It is initialized from either a set of certificates or an
[X509Store|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/cert/X509Store.html].
In the latter case, the UniformCertificateStore initializes itself by
calling getAllCertificates on the X509 store.
+
+The UniformCertificateStore satisfies the use case where every address
owned by the agent or consumer code uses the same set of trust anchors.
This is typically used in a test environment or a single domain HISP that
does not support separate trust per user.
+
+h2. TrustAnchorCertificateStore
+
+The TrustAnchorCertificateStore is more sophisticated than the
UniformCertificateStore in that supports unique sets of trust anchors per
domain. When a consumer calls getCertificates, the store uses the domain
information from the address and looks up the trust anchors for that
particular domain.
+
+The TrustAnchorCertificateStore has one constructor.
+{code}
+public TrustAnchorCertificateStore(Map<String,
Collection<X509Certificate>> certs)
+{code}
+
+The constructor takes a map of strings which equates to a list of domain
names. Each domain name maps to a collection of trust anchors for that
particular domain. *NOTE*: The domain name is case insensitive, so looking
up example.com and EXAMPLE.com will result in the same set of trust anchors.
+
+h2. Binding Address To Trust Anchors
+
+Part of the agent's logic is to resolve trust anchors for recipients of an
incoming message and resolve trust anchors for the sender of an outgoing
message. The agent places every message into a MessageEnvelope container.
The MessageEnvelope interface and default implementation parse and store
the sender and recipient addresses into NHINDAddress structures. The
NHINDAddress structure contains the method setTrustAnchors which takes a
collection of X509 certificates that should be as trust anchors for that
address. Typically for incoming messages, the agent looks up the trust
anchors for each domain recipient and sets the trust anchors for each
recipient. For outgoing messages, the agent looks up the trust anchors for
the sender and set the trust anchors for that sender. The [TrustModel|
#TrustModel] class expects that the trust anchors will be bound to each
address appropriately (for incoming and outgoing messages) before calling
methods on it.
+
+h2. TrustModel
+
+The [TrustModel|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/trust/TrustModel.html]
class enforces the trust portion of the security and trust specification.
Although the TrustModel exposes two constructors, it is only really
necessary to use the default empty constructor unless you need to subclass
the [TrustChainValidator|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/trust/TrustChainValidator.html]
class.
+
+The trust model supports different levels of trust called the
[TrustEnforcementStatus|
http://api.nhindirect.org/java/site/agent/1.4.2/apidocs/org/nhindirect/stagent/trust/TrustEnforcementStatus.html].
During the enforcement phase, each address is flagged with a status
indicating if the address trusts the incoming or outgoing message. It is
up to the agent or client code to assert what level of trust status it will
allow through the security and trust processes. The default threshold
level is Success_Offline.
+
+
+h3. Enforce(IncomingMessage)
+
+This method enforces the trust policy for incoming messages using the
following algorithm.
+
+# Validates that signature exists on the message.
+# Iterates through each domain recipient and iterates through each domain
recipient's trust anchor set looking for a trust anchor that is valid for
the one on of the signing certificates in the message signature block using
the trust chain validation. This include cert path chain validation,
certificate expiration, and revocation checking. Usually there is only one
signing certificate, but they may be more than one if the sender supports
multiple circles of trust. If the signing certificate is not validated by
the trust anchors, then that recipient's status is flagged as not being a
trusted recipient resulting in the message not being delivered to that
recipient. In the agent, this recipient is added to the rejected recipient
list of the MessageEnvelope.
+# Validates the signature block on the message to ensure it has not been
tampered with.
+
+
+
+h3. Enforce(OutgoingMessage)
+
+This method enforces the trust policy for outgoing messages using the
following algorithm.
+
+# Iterates through each recipient and and looks for a trust anchor in the
senders trust anchor set valid for each recipient's certificates. This
include cert path chain validation, certificate expiration, and revocation
checking. Usually there is only one certificate per recipient, but they
may be more than one if the recipient supports multiple circles of trust.
If a recipients certificates cannot be validated against one of the senders
trust anchors, then the recipient's trust status is flagged as failed
resulting in the message not being sent to the recipient. In the agent,
this recipient is added to the rejected recipient list of the
MessageEnvelope.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/images/certGenOpen.png
Wed Jan 28 19:15:01 2015 UTC
Binary file, no diff available.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/images/createLeafOpen.png
Wed Jan 28 19:15:01 2015 UTC
Binary file, no diff available.
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/books/users-guide/images/createLeafOption.png
Wed Jan 28 19:15:01 2015 UTC
Binary file, no diff available.
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/books/users-guide/images/createLeafSuccess.png
Wed Jan 28 19:15:01 2015 UTC
Binary file, no diff available.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/images/highLevelArch.png
Wed Jan 28 19:15:01 2015 UTC
Binary file, no diff available.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/images/loadCAOpen.png Wed
Jan 28 19:15:01 2015 UTC
Binary file, no diff available.
=======================================
--- /dev/null
+++ /java/tags/agent-2.0.13/src/books/users-guide/preface.apt Wed Jan 28
19:15:01 2015 UTC
@@ -0,0 +1,13 @@
+ -----
+ Introduction
+ -----
+ Greg Meyer
+ -----
+
+About this Document
+
+ This document describes how to develop against components of the
security and trust agent module.
+
+ * {{{./dev-intro.html}Development Guide}} - This section describes how
to consume different components of the module.
+
+ * {{{./dev-tool-intro.html}Tools}} - This section describes various
tools in the agent source tree used for testing and development.
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/AddressSource.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,40 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+/**
+ * Enumeration of the address types supported by the agent.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public enum AddressSource
+{
+ Unknown,
+ RcptTo,
+ MailFrom,
+ To,
+ CC,
+ BCC,
+ From
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/AgentError.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,52 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+/**
+ * Enumeration of security and trust agent errors.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public enum AgentError
+{
+ Unexpected,
+ MissingTo,
+ MissingFrom,
+ MissingMessage,
+ MessageNotWrapped,
+ NoRecipients,
+ NoSender,
+ InvalidSignature,
+ InvalidEncryption,
+ UntrustedMessage,
+ UntrustedSender,
+ UnknownRecipient,
+ UnsignedMessage,
+ MissingSenderSignature,
+ MissingSenderCertificate,
+ MissingRecipientCertificate,
+ NoTrustedRecipients,
+ AllCertsInResolverInvalid,
+ InvalidPolicy
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/AgentException.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,71 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+
+/**
+ * Exception thrown in the agent's operational flow.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class AgentException extends NHINDException
+{
+ static final long serialVersionUID = 3498045976415463115L;
+
+ public AgentException(AgentError error)
+ {
+ super(error);
+ }
+
+ /**
+ * Constructs an exception with a message and the agent error.
+ * @param error The agent error
+ * @param msg The exception message.
+ */
+ public AgentException(AgentError error, String message)
+ {
+ super(error, message);
+ }
+
+ /**
+ * Constructs an exception with the agent error and the exception that
caused the error.
+ * @param error The atent error.
+ * @param innerException The exception that caused the error.
+ */
+ public AgentException(AgentError error, Exception innerException)
+ {
+ super(error, innerException);
+ }
+
+ /**
+ * Constructs an exception with the agent error, a message, and the
exception that caused the error.
+ * @param error The agent error.
+ * @param msg The exception message.
+ * @param innerException The exception that caused the error.
+ */
+ public AgentException(AgentError error, String message, Exception
innerException)
+ {
+ super(error, message, innerException);
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/CryptoExtensions.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,628 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.io.BufferedInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.CertStore;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.SignerId;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.nhindirect.stagent.cert.SignerCertPair;
+import org.nhindirect.stagent.cert.Thumbprint;
+import org.nhindirect.stagent.options.OptionsManager;
+import org.nhindirect.stagent.options.OptionsParameter;
+
+/**
+ * Utility functions for searching for certificates.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ */
+@SuppressWarnings("unchecked")
+public class CryptoExtensions
+{
+ private static final String DEFAULT_JCE_PROVIDER_STRING =
BouncyCastleProvider.PROVIDER_NAME;
+
+ private static final String DEFAULT_SENSITIVE_JCE_PROVIDER_STRING =
BouncyCastleProvider.PROVIDER_NAME;
+
+ private static final String DEFAULT_JCE_PROVIDER_CLASS
= "org.bouncycastle.jce.provider.BouncyCastleProvider";
+
+ private static final String DEFAULT_SENSITIVE_JCE_PROVIDER_CLASS
= "org.bouncycastle.jce.provider.BouncyCastleProvider";
+
+ private static final int RFC822Name_TYPE = 1; // name type constant for
Subject Alternative name email address
+ private static final int DNSName_TYPE = 2; // name type constant for
Subject Alternative name domain name
+
+ private static CertificateFactory certFactory;
+
+ private static final Log LOGGER =
LogFactory.getFactory().getInstance(CryptoExtensions.class);
+
+ static
+ {
+ try
+ {
+ certFactory = CertificateFactory.getInstance("X.509");
+ }
+ catch (CertificateException ex)
+ {
+ /*
+ * TODO: Handle Exception
+ */
+ }
+ }
+
+ /**
+ * Typically JCE providers are registered through JVM properties files or
statically calling {@link Security#addProvider(Provider)}. The method
+ * allows for configuration of JCE Providers through the {@link
OptionsManager} classes. This method iterates through a comma delimited
set of providers,
+ * dynamically loads the provider class, and and registered each one if
it has not already been registered.
+ * <p>
+ * If a provider is not configured via the {@link OptionsManager}, then
the default BouncyCastle provider is registered (if it has not been
+ * already registered).
+ */
+ public static void registerJCEProviders()
+ {
+ // registering the default JCE providers
+ String[] providerClasses = null;
+ OptionsParameter param =
OptionsManager.getInstance().getParameter(OptionsParameter.JCE_PROVIDER_CLASSES);
+
+ if (param == null || param.getParamValue() == null ||
param.getParamValue().isEmpty())
+ providerClasses = new String[] {DEFAULT_JCE_PROVIDER_CLASS};
+ else
+ providerClasses = param.getParamValue().split(",");
+
+ // register the provider classes
+ for (String providerClass : providerClasses)
+ {
+ try
+ {
+ final Class<?> providerClazz =
CryptoExtensions.class.getClassLoader().loadClass(providerClass);
+ final Provider provider =
Provider.class.cast(providerClazz.newInstance());
+
+ // check to see if the provider is already registered
+ if (Security.getProvider(provider.getName()) == null)
+ Security.addProvider(provider);
+
+ }
+ catch (Exception e)
+ {
+ throw new IllegalStateException("Could not load and/or register JCE
provider " + providerClass, e);
+ }
+ }
+
+ // registering the default sensitive JCE providers
+ providerClasses = null;
+ param =
OptionsManager.getInstance().getParameter(OptionsParameter.JCE_SENSITIVE_PROVIDER_CLASSES);
+
+ if (param == null || param.getParamValue() == null ||
param.getParamValue().isEmpty())
+ providerClasses = new String[] {DEFAULT_SENSITIVE_JCE_PROVIDER_CLASS};
+ else
+ providerClasses = param.getParamValue().split(",");
+
+ // register the provider classes
+ for (String providerClass : providerClasses)
+ {
+ try
+ {
+
+ Provider provider = null;
+ Class<?> providerClazz = null;
+ // check to see if the provider class string has parameters
+ final String provParams[] = providerClass.split(";");
+ if (provParams.length > 1)
+ {
+ providerClazz =
CryptoExtensions.class.getClassLoader().loadClass(provParams[0]);
+ try
+ {
+ Constructor<Provider> constr =
Constructor.class.cast(providerClazz.getConstructor(String.class));
+ provider = constr.newInstance(provParams[1]);
+ }
+ catch (InvocationTargetException e)
+ {
+
+ if (e.getTargetException() instanceof IllegalStateException)
+ {
+ LOGGER.warn("Could not create a JCE Provider with the specific
parameter: " + provParams[1], e);
+ }
+ else
+ LOGGER.warn("JCE Provider param " + provParams[1] + " provided but
not supported by JCE Provider implementation:" + e.getMessage(), e);
+ }
+ }
+ else
+ {
+ providerClazz =
CryptoExtensions.class.getClassLoader().loadClass(providerClass);
+ }
+
+ if (provider == null)
+ {
+ provider = Provider.class.cast(providerClazz.newInstance());
+ }
+
+ // check to see if the provider is already registered
+ if (Security.getProvider(provider.getName()) == null)
+ Security.addProvider(provider);
+
+ /*
+ Set<Service> services = provider.getServices();
+ for (Service service : services)
+ {
+ System.out.println("Service: " + service.getAlgorithm() + " Type:"
+ service.getType() + "\r\n\t" + service.toString());
+ }
+ System.out.println("\r\n\r\n\r\n");
+ */
+ }
+ catch (Exception e)
+ {
+ throw new IllegalStateException("Could not load and/or register
sensitive JCE provider " + providerClass, e);
+ }
+ }
+ }
+
+ /**
+ * Gets the configured JCE crypto provider string for crypto operations.
This is configured using the
+ * -Dorg.nhindirect.stagent.cryptography.JCEProviderName JVM parameters.
If the parameter is not set or is empty,
+ * then the default string "BC" (BouncyCastle provider) is returned. By
default the agent installs the BouncyCastle provider.
+ * @return The name of the JCE provider string.
+ */
+ public static String getJCEProviderName()
+ {
+ String retVal = "";
+ OptionsParameter param =
OptionsManager.getInstance().getParameter(OptionsParameter.JCE_PROVIDER);
+
+ if (param == null || param.getParamValue() == null ||
param.getParamValue().isEmpty())
+ retVal = DEFAULT_JCE_PROVIDER_STRING;
+ else
+ {
+ final String[] JCEString = param.getParamValue().split(",");
+ retVal = JCEString[0];
+ }
+ return retVal;
+ }
+
+ /**
+ * Gets the configured JCE sensitive crypto provider string for crypto
operations that need access to sensitive cryptogrophy information
+ * such as secret and private keys. This is configured using the
+ * -Dorg.nhindirect.stagent.cryptography.JCESensitiveProviderName JVM
parameters. If the parameter is not set or is empty,
+ * then the default string "BC" (BouncyCastle provider) is returned. By
default the agent installs the BouncyCastle provider.
+ * @return The name of the JCE provider string.
+ */
+ public static String getJCESensitiveProviderName()
+ {
+ String retVal = "";
+ OptionsParameter param =
OptionsManager.getInstance().getParameter(OptionsParameter.JCE_SENTITIVE_PROVIDER);
+
+ if (param == null || param.getParamValue() == null ||
param.getParamValue().isEmpty())
+ retVal = DEFAULT_SENSITIVE_JCE_PROVIDER_STRING;
+ else
+ {
+ final String[] JCEString = param.getParamValue().split(",");
+ retVal = JCEString[0];
+ }
+ return retVal;
+ }
+
+ /**
+ * Gets the configured JCE crypto provider that supports the combination
of the requested type and algorithm. If a custom set of
+ * providers has not been configured, this method will always return the
default BouncyCatle provider string regardless if it matches
+ * the request type/algorithm pair.
+ * @param type The crypto type such as CertStore or CertPathValidator
+ * @param algorithm The algorithm such as PKIX or MAC.
+ * @return The name of the JCE provider string supporting the
type/algorithm pair.
+ */
+ public static String getJCEProviderNameForTypeAndAlgorithm(String type,
String algorithm)
+ {
+ String[] JCEString = null;
+ String retVal = "";
+ final OptionsParameter param =
OptionsManager.getInstance().getParameter(OptionsParameter.JCE_PROVIDER);
+
+ if (param == null || param.getParamValue() == null ||
param.getParamValue().isEmpty())
+ JCEString = new String[] {DEFAULT_JCE_PROVIDER_STRING};
+ else
+ {
+ final String configuredJCEString = param.getParamValue();
+ JCEString = configuredJCEString.split(",");
+ }
+
+ for(String provierString : JCEString)
+ {
+ final Provider provider = Security.getProvider(provierString);
+ if (provider != null)
+ {
+ if (provider.getService(type, algorithm) != null)
+ {
+ retVal = provierString;
+ break;
+ }
+ }
+ }
+
+
+ return retVal;
+ }
+
+ /**
+ * Overrides the configured JCE crypto provider string. If the name is
empty or null, the default string "BC" (BouncyCastle provider)
+ * is used.
+ * <P>
+ * The provider name may be a comma delimited list of provider strings.
The first string in the list will be the default provider string
+ * and returned when using {@link #getJCEProviderName()}; however, the
{@link #getJCEProviderNameForTypeAndAlgorithm(String, String)} will search
+ * through the provider string until a valid provider that supports
the requested type and algorithm is found. In this case, the first matching
+ * provider string will be used.
+ * @param name The name of the JCE provider.
+ */
+ public static void setJCEProviderName(String name)
+ {
+ OptionsParameter param;
+
+ if (name == null || name.isEmpty())
+ param = new OptionsParameter(OptionsParameter.JCE_PROVIDER,
DEFAULT_JCE_PROVIDER_STRING);
+ else
+ param = new OptionsParameter(OptionsParameter.JCE_PROVIDER, name);
+
+ OptionsManager.getInstance().setOptionsParameter(param);
+ }
+
+ /**
+ * Compares the {@link Thumbprint thumbprints} of two certificates for
equality.
+ * @param cert1 The first certificate to compare.
+ * @param cert2 The second certificate to compare.
+ * @return True if the certificates' thumbprints are equal. False other
wise.
+ */
+ public static boolean isEqualThumbprint(X509Certificate cert1,
X509Certificate cert2)
+ {
+
+ return
Thumbprint.toThumbprint(cert1).equals(Thumbprint.toThumbprint(cert2));
+ }
+
+ /**
+ * Checks if the subject is contained in the certificates alternate
subject names. Specifically
+ * the rfc822Name name and DNSName types are checked.
+ * @param cert The certificate to check.
+ * @param subjectName The subject name to check in the alternate names.
+ * @return True if the subjectName is contained in the alternate
subject names. False otherwise.
+ * @deprecated As of 1.1.5. Use {@link
#certSubjectContainsName(X509Certificate, String)}
+ */
+ public static boolean
containsEmailAddressInSubjectAltName(X509Certificate cert, String
subjectName)
+ {
+ boolean searchingForEmailAddress =
subjectName.toLowerCase(Locale.getDefault()).startsWith("emailaddress=");
+ subjectName = searchingForEmailAddress ?
subjectName.toLowerCase().replaceFirst("^emailaddress=", "") : subjectName;
+
+ Collection<List<?>> altNames = null;
+ try
+ {
+ altNames = cert.getSubjectAlternativeNames();
+ }
+ catch (CertificateParsingException ex)
+ {
+ return false;
+ }
+
+ if (altNames != null)
+ {
+ for (List<?> entries : altNames)
+ {
+ if (entries.size() >= 2) // should always be the case according the
altNames spec, but checking to be defensive
+ {
+
+ Integer nameType = (Integer)entries.get(0);
+ if (nameType == RFC822Name_TYPE || nameType == DNSName_TYPE)
+ {
+ String name = (String)entries.get(1);
+ if
(name.toLowerCase(Locale.getDefault()).equals(subjectName.toLowerCase()))
+ return true;
+ }
+
+ }
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Checks if a name is contained in a certificate's DN or alt subjects.
+ * @param cert The certificate to check.
+ * @param name The name to search for in the certificate.
+ * @return True if the name is found in the certificate. False otherwise.
+ */
+ public static boolean certSubjectContainsName(X509Certificate cert,
String name)
+ {
+ if (name == null || name.length() == 0)
+ {
+ throw new IllegalArgumentException("Name cannot be null or
empty.");
+ }
+
+ if (cert == null)
+ {
+ throw new IllegalArgumentException("Certificate cannot be
null.");
+ }
+
+ boolean searchingForEmailAddress =
name.toLowerCase(Locale.getDefault()).startsWith("emailaddress=");
+ name = searchingForEmailAddress ?
name.toLowerCase().replaceFirst("^emailaddress=", "") : name;
+
+ String address = getSubjectAddress(cert);
+ if (address == null || address.isEmpty())
+ return false;
+
+ return
name.toLowerCase(Locale.getDefault()).equals(address.toLowerCase(Locale.getDefault()));
+ }
+
+ /**
+ * Matches a common name in a certificate.
+ * @param cert The certificate to check for the common name.
+ * @param name The common name to check for. This method
automatically prefixes the name with "CN="
+ * @return True if the common name is contained in the certificate.
False otherwise.
+ * @deprecated As of 1.1.5. Use {@link
#certSubjectContainsName(X509Certificate, String)}
+ */
+ public static boolean matchName(X509Certificate cert, String name)
+ {
+ if (name == null || name.length() == 0)
+ {
+ throw new IllegalArgumentException();
+ }
+
+ String distinguishedName = "CN=" + name;
+ return
cert.getSubjectDN().getName().toUpperCase(Locale.getDefault()).contains(distinguishedName.toUpperCase(Locale.getDefault()));
+ }
+
+ /**
+ * Searches CMS signed data for a given email name. Signed data may
consist of multiple signatures either from the same subject of from multiple
+ * subjects.
+ * @param signedData The signed data to search.
+ * @param name The name to search for in the list of signers.
+ * @param excludeNames A list of names to exclude from the list. Because
the search uses a simple "contains" search, it is possible for the name
parameter
+ * to be a substring of what is requested. The excludeNames contains a
super string of the name to remove unwanted names from the returned list.
This parameter
+ * may be null;
+ * @return A colllection of pairs consisting of the singer's X509
certificated and signer information that matches the provided name. Returns
+ * an empty collection if a signer matching the name cannot be found in
the signed data.
+ */
+ public static Collection<SignerCertPair>
findSignersByName(CMSSignedData signedData, String name, Collection<String>
excludeNames)
+ {
+ if (name == null || name.length() == 0)
+ {
+ throw new IllegalArgumentException();
+ }
+
+ Collection<SignerCertPair> retVal = null;
+
+ try
+ {
+ CertStore certs = signedData.getCertificatesAndCRLs("Collection",
CryptoExtensions.getJCEProviderName());
+ SignerInformationStore signers = signedData.getSignerInfos();
+ Collection<SignerInformation> c = signers.getSigners();
+
+ for (SignerInformation signer : c)
+ {
+ Collection<? extends Certificate> certCollection =
certs.getCertificates(signer.getSID());
+ if (certCollection != null && certCollection.size() > 0)
+ {
+
+ X509Certificate cert =
(X509Certificate)certCollection.iterator().next();
+ if (certSubjectContainsName(cert, name))
+ {
+ boolean exclude = false;
+
+ // check if we need to exclude anything
+ if (excludeNames != null)
+ for (String excludeStr : excludeNames)
+ if (certSubjectContainsName(cert, excludeStr))
+ {
+ exclude = true;
+ break;
+ }
+
+ if (exclude)
+ continue; // break out and don't include this cert
+
+ if (retVal == null)
+ retVal = new ArrayList<SignerCertPair>();
+
+ retVal.add(new SignerCertPair(signer,
convertToProfileProvidedCertImpl(cert)));
+ }
+ }
+ }
+ }
+ catch (Throwable e)
+ {
+
+ }
+
+ if (retVal == null)
+ return Collections.emptyList();
+
+ return retVal;
+ }
+
+ /**
+ * Searches a collection of X509Certificates for a certificate that
matches the provided name.
+ * @param certs The collection of certificates to search.
+ * @param name The name to search for in the collection.
+ * @return A certificate that matches the provided name. Returns null
if a matching certificate cannot be found in the collection.
+ */
+ public static X509Certificate
findCertByName(Collection<X509Certificate> certs, String name)
+ {
+ for (X509Certificate cert : certs)
+ {
+ if (certSubjectContainsName(cert, name))
+ return cert;
+ }
+
+ return null;
+ }
+
+ /**
+ * Searches CMS signed data for a specific X509 certificate.
+ * @param signedData The signed data to search.
+ * @param name The certificate to search for in the signed data.
+ * @return A pair consisting of the singer's X509 certificated and signer
information that matches the provided certificate. Returns
+ * null if a signer matching the name cannot be found in the signed data.
+ */
+ public static SignerCertPair findSignerByCert(CMSSignedData
signedData, X509Certificate searchCert)
+ {
+
+ if (searchCert == null)
+ {
+ throw new IllegalArgumentException();
+ }
+
+ try
+ {
+ SignerInformationStore signers = signedData.getSignerInfos();
+ Collection<SignerInformation> c = signers.getSigners();
+
+ for (SignerInformation signer : c)
+ {
+ //signer.getSID().
+
+ SignerId signerId = signer.getSID();
+
+ if
(signerId.getIssuer().equals(searchCert.getIssuerX500Principal()) &&
+
signerId.getSerialNumber().equals(searchCert.getSerialNumber()))
+ {
+ return new SignerCertPair(signer, searchCert);
+ }
+ }
+ }
+ catch (Exception e){}
+ return null;
+ }
+
+ /*
+ * The certificate provider implementation may not be incomplete or may
not provide all the necessary functionality such as
+ * certificate verification. This will convert the certificate into a
cert backed by the default installed X509 certificate
+ * provider.
+ */
+ private static X509Certificate
convertToProfileProvidedCertImpl(X509Certificate certToConvert)
+ {
+ X509Certificate retVal = null;
+
+ try
+ {
+ InputStream stream = new BufferedInputStream(new
ByteArrayInputStream(certToConvert.getEncoded()));
+
+ retVal = (X509Certificate)certFactory.generateCertificate(stream);
+
+ IOUtils.closeQuietly(stream);
+ }
+ catch (Exception e)
+ {
+ /*
+ * TODO: handle exception
+ */
+ }
+
+ return retVal;
+ }
+
+ /**
+ * Gets the address name associated with the certificate. It may be
an email address or a domain name.
+ * @param certificate The certificate to search
+ * @return The address of domain associated with a certificate.
+ */
+ public static String getSubjectAddress(X509Certificate certificate)
+ {
+ String address = "";
+ // check alternative names first
+ Collection<List<?>> altNames = null;
+ try
+ {
+ altNames = certificate.getSubjectAlternativeNames();
+ }
+ catch (CertificateParsingException ex)
+ {
+ /* no -op */
+ }
+
+ if (altNames != null)
+ {
+ for (List<?> entries : altNames)
+ {
+ if (entries.size() >= 2) // should always be the case according the
altNames spec, but checking to be defensive
+ {
+
+ Integer nameType = (Integer)entries.get(0);
+ // prefer email over over domain?
+ if (nameType == RFC822Name_TYPE)
+ address = (String)entries.get(1);
+ else if (nameType == DNSName_TYPE && address.isEmpty())
+ address = (String)entries.get(1);
+ }
+ }
+ }
+
+ if (!address.isEmpty())
+ return address;
+
+ // can't find issuer address in alt names... try the principal
+ X500Principal issuerPrin = certificate.getSubjectX500Principal();
+
+ // get the domain name
+ Map<String, String> oidMap = new HashMap<String, String>();
+ oidMap.put("1.2.840.113549.1.9.1", "EMAILADDRESS"); // OID for email
address
+ String prinName = issuerPrin.getName(X500Principal.RFC1779, oidMap);
+
+ // see if there is an email address first in the DN
+ String searchString = "EMAILADDRESS=";
+ int index = prinName.indexOf(searchString);
+ if (index == -1)
+ {
+ searchString = "CN=";
+ // no Email.. check the CN
+ index = prinName.indexOf(searchString);
+ if (index == -1)
+ return ""; // no CN... nothing else that can be done from here
+ }
+
+ // look for a "," to find the end of this attribute
+ int endIndex = prinName.indexOf(",", index);
+ if (endIndex > -1)
+ address = prinName.substring(index + searchString.length(), endIndex);
+ else
+ address= prinName.substring(index + searchString.length());
+
+ return address;
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/DefaultMessageEnvelope.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,518 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import javax.mail.MessagingException;
+import javax.mail.internet.InternetAddress;
+
+import org.nhindirect.stagent.mail.MailStandard;
+import org.nhindirect.stagent.mail.Message;
+import org.nhindirect.stagent.mail.MimeError;
+import org.nhindirect.stagent.mail.MimeException;
+import org.nhindirect.stagent.parser.EntitySerializer;
+import org.nhindirect.stagent.trust.TrustEnforcementStatus;
+
+/**
+ * A wrapper around a MimeMessage that categorizes routing headers such as
trusted and non trusted recipients.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class DefaultMessageEnvelope implements MessageEnvelope
+{
+ protected NHINDAgent agent;
+ protected Message message;
+ protected NHINDAddress sender;
+ protected NHINDAddressCollection to;
+ protected NHINDAddressCollection cc;
+ protected NHINDAddressCollection bcc;
+ protected NHINDAddressCollection recipients;
+ protected NHINDAddressCollection rejectedRecipients;
+ protected NHINDAddressCollection domainRecipients;
+ protected Collection<NHINDAddress> otherRecipients;
+
+ /**
+ * Constructs an envelope from a message.
+ * @param message The mime message.
+ */
+ public DefaultMessageEnvelope(Message message)
+ {
+ if (message == null)
+ throw new IllegalArgumentException();
+
+ this.message = message;
+ this.setRecipients(this.collectRecipients());
+
+ try
+ {
+ if (message.getFrom() == null || message.getFrom().length == 0)
+ throw new AgentException(AgentError.MissingFrom);
+
+ this.setSender(new NHINDAddress((InternetAddress)message.getFrom()[0],
AddressSource.From));
+ }
+ catch (MessagingException e)
+ {
+ throw new AgentException(AgentError.MissingFrom, e);
+ }
+ }
+
+ /**
+ * Constructs an envelope from a message represented by a raw string..
+ * @param rawMessage The mime message.
+ */
+ public DefaultMessageEnvelope(String rawMessage)
+ {
+ this(fromStringToMessage(rawMessage));
+ }
+
+
+ /**
+ * Constructs an envelope from a message, a list of recipients, and a
sender. This is intended to override the standard to and from headers
+ * in the incoming message.
+ * @param message The mime message.
+ * @param recipients A collection of addresses that denote the recipients
of the message.
+ * @param sender The original sender of the message.
+ */
+ public DefaultMessageEnvelope(Message message, NHINDAddressCollection
recipients, NHINDAddress sender)
+ {
+ if (message == null)
+ throw new IllegalArgumentException();
+
+ this.message = message;
+ this.setRecipients(recipients);
+ this.setSender(sender);
+ }
+
+ /**
+ * Constructs an envelope from a message represented as a raw string, a
list of recipients, and a sender.
+ * This is intended to override the standard to and from headers in the
incoming message.
+ * @param message The incoming message.
+ * @param recipients A collection of addresses that denote the recipients
of the message.
+ * @param sender The original sender of the message.
+ */
+ public DefaultMessageEnvelope(String rawMessage, NHINDAddressCollection
recipients, NHINDAddress sender)
+ {
+ this(fromStringToMessage(rawMessage), recipients, sender);
+ }
+
+ /**
+ * Constructs an envelope from another envelope.
+ * @param message The message envelope.
+ */
+ protected DefaultMessageEnvelope(MessageEnvelope envelope)
+ {
+ agent = envelope.getAgent();
+ message = envelope.getMessage();
+ recipients = envelope.getRecipients();
+ sender = envelope.getSender();
+ }
+
+ /*
+ * Creates a mime message from a raw string.
+ */
+ private static Message fromStringToMessage(String rawMessage)
+ {
+ try
+ {
+ return new Message(EntitySerializer.Default.deserialize(rawMessage));
+ }
+ catch (MessagingException e) {/* no-op */}
+
+ return null;
+ }
+
+ /**
+ * Gets the agent associated with the message.
+ * @return The security and trust agent.
+ */
+ public NHINDAgent getAgent()
+ {
+ return this.agent;
+ }
+
+ /**
+ * Associates the security and trust agent with the message.
+ * @param agent The security and trust agent.
+ */
+ public void setAgent(NHINDAgent agent)
+ {
+ this.agent = agent;
+ }
+
+ /**
+ * Gets the mime message wrapped in the envelope.
+ * @return the mime message wrapped in the envelope.
+ */
+ public Message getMessage()
+ {
+ return this.message;
+ }
+
+ /**
+ * Sets the mime message wrapped in the envelope.
+ * @param message The mime message wrapped in the envelope.
+ */
+ public void setMessage(Message message)
+ {
+ if (message == null)
+ throw new AgentException(AgentError.MissingMessage);
+
+ this.message = message;
+ }
+
+ /**
+ * Gets the sender of the message.
+ * @return The sender of the message.
+ */
+ public NHINDAddress getSender()
+ {
+ return this.sender;
+ }
+
+ /**
+ * Sets the sender of the message.
+ * @param sender The sender of the message.
+ */
+ protected void setSender(NHINDAddress sender)
+ {
+ if (sender == null)
+ {
+ throw new AgentException(AgentError.NoSender);
+ }
+ this.sender = sender;
+ }
+
+ /**
+ * The collection of message recipients.
+ * @return Collection of message recipients.
+ */
+ public NHINDAddressCollection getRecipients()
+ {
+ if (this.recipients == null)
+ {
+ this.collectRecipients();
+ }
+
+ return recipients;
+ }
+
+ /**
+ * Sets the collection of message recipients.
+ * @param recipients The collection of message recipients.
+ */
+ protected void setRecipients(NHINDAddressCollection recipients)
+ {
+ if (recipients == null || recipients.size() == 0)
+ throw new AgentException(AgentError.NoRecipients);
+
+ this.recipients = recipients;
+ }
+
+ /**
+ * Indicates if the message has any recipients.
+ * @return True if the message has recipients. False otherwise.
+ */
+ public boolean hasRecipients()
+ {
+ return (recipients != null && recipients.size() > 0);
+ }
+
+ /**
+ * Gets a list of recipients in the message that are not trusted by
the address.
+ * @return A list of recipients in the message that are not trusted by
the address.
+ */
+ public NHINDAddressCollection getRejectedRecipients()
+ {
+ if (this.rejectedRecipients == null)
+ {
+ this.rejectedRecipients = new NHINDAddressCollection();
+ }
+
+ return rejectedRecipients;
+ }
+
+ /**
+ * Indicates if the message has recipients that are not trusted by the
address.
+ * @return True if the message has recipients that are not trusted by
the address. False otherwise.
+ */
+ public boolean hasRejectedRecipients()
+ {
+ NHINDAddressCollection rejRecipients = this.getRejectedRecipients();
+ return (rejRecipients != null && rejRecipients.size() > 0);
+ }
+
+ /**
+ * Gets a list of recipients in the message that are part of the
agent's domain.
+ * @return A list of recipients in the agent's domain.
+ */
+ public NHINDAddressCollection getDomainRecipients()
+ {
+ if (this.domainRecipients == null)
+ {
+ categorizeRecipients(getAgent().getDomains());
+ }
+
+ return domainRecipients;
+ }
+
+ /**
+ * Indicates if the message has recipients that are in the agent's
domain.
+ * @return True if the message has recipients that are in the agent's
domain. False otherwise.
+ */
+ public boolean hasDomainRecipients()
+ {
+ NHINDAddressCollection dRecipients = this.getDomainRecipients();
+ return (dRecipients != null && dRecipients.size() > 0);
+ }
+
+ /**
+ * Gets a list of recipients in the message that are not part of the
agent's domain.
+ * @return A list of recipients that are not in the agent's domain.
+ */
+ public Collection<NHINDAddress> getOtherRecipients()
+ {
+ if (this.otherRecipients == null)
+ {
+ categorizeRecipients(getAgent().getDomains());
+ }
+
+ return this.otherRecipients;
+ }
+
+ /**
+ * Indicates if the message has recipients that are not in the agent's
domain.
+ * @return True if the message has recipients that are not in the
agent's domain. False otherwise.
+ */
+ public boolean hasOtherRecipients()
+ {
+ Collection<NHINDAddress> oRecipients = this.getOtherRecipients();
+ return (oRecipients != null && oRecipients.size() > 0);
+ }
+
+ /**
+ * Gets a collection of addresses specified in the message's TO header.
+ * @return Addresses specified in the message's TO header.
+ */
+ protected NHINDAddressCollection getTo()
+ {
+ if (to == null)
+ {
+ to = NHINDAddressCollection.parse(message.getToHeader(),
AddressSource.To);
+ }
+
+ return to;
+ }
+
+ /**
+ * Gets a collection of addresses specified in the message's CC header.
+ * @return Addresses specified in the message's CC header.
+ */
+ protected NHINDAddressCollection getCC()
+ {
+ if (cc == null)
+ {
+ cc = NHINDAddressCollection.parse(message.getCCHeader(),
AddressSource.CC);
+ }
+
+ return cc;
+ }
+
+ /**
+ * Gets a collection of addresses specified in the message's BCC header.
+ * @return Addresses specified in the message's BCC header.
+ */
+ protected NHINDAddressCollection getBCC()
+ {
+ if (bcc == null)
+ {
+ bcc = NHINDAddressCollection.parse(message.getBCCHeader(),
AddressSource.BCC);
+ }
+
+ return bcc;
+ }
+
+ /**
+ * Serializes the wrapped message to a raw string representation.
+ * @return The wrapped message to as a raw string representation.
+ */
+ public String serializeMessage()
+ {
+ return EntitySerializer.Default.serialize(this.getMessage());
+ }
+
+ /**
+ * Clears all attributes of the envelope essentially creating an empty
envelope.
+ */
+ protected void clear()
+ {
+ message = null;
+ sender = null;
+ to = null;
+ cc = null;
+ bcc = null;
+ recipients = null;
+ rejectedRecipients = null;
+ domainRecipients = null;
+ otherRecipients = null;
+ }
+
+ /**
+ * Creates a collection of recipients based on the TO, CC, and BCC
headers in the wrapped message.
+ * @return A collection of recipients.
+ */
+ protected NHINDAddressCollection collectRecipients()
+ {
+ NHINDAddressCollection addresses = new NHINDAddressCollection();
+ if (this.getTo() != null)
+ {
+ addresses.addAll(this.getTo());
+ }
+ if (this.getCC() != null)
+ {
+ addresses.addAll(this.getCC());
+ }
+ if (this.getBCC() != null)
+ {
+ addresses.addAll(this.getBCC());
+ }
+ return addresses;
+ }
+
+ /**
+ * Updates the valid domain recipients & other recipients removing all
reject recipients.
+ * @param rejectedRecipients A collection of recipients that should be
removed from the routing headers.
+ */
+ protected void updateRoutingHeaders(NHINDAddressCollection
rejectedRecipients)
+ {
+ if (rejectedRecipients == null || rejectedRecipients.size() == 0)
+ {
+ return;
+ }
+
+ try
+ {
+ if (this.getTo() != null)
+ {
+ this.getTo().removeAll(rejectedRecipients);
+ if(this.getTo().isEmpty()) {
+ this.getMessage().removeHeader(MailStandard.Headers.To);
+ }
+ else {
+ this.getMessage().setHeader(MailStandard.Headers.To,
this.getTo().toString());
+ }
+ }
+
+ if (this.getCC() != null)
+ {
+ this.getCC().removeAll(rejectedRecipients);
+ if(this.getCC().isEmpty()) {
+ this.getMessage().removeHeader(MailStandard.Headers.CC);
+ }
+ else {
+ this.getMessage().setHeader(MailStandard.Headers.CC,
this.getCC().toString());
+ }
+ }
+
+ if (this.getBCC() != null)
+ {
+ this.getBCC().removeAll(rejectedRecipients);
+ if(this.getBCC().isEmpty()) {
+ this.getMessage().removeHeader(MailStandard.Headers.BCC);
+ }
+ else {
+ this.getMessage().setHeader(MailStandard.Headers.BCC,
this.getBCC().toString());
+ }
+ }
+
+ }
+ catch (MessagingException e)
+ {
+ throw new MimeException(MimeError.InvalidHeader);
+ }
+ }
+
+ /**
+ * Updates the valid domain recipients & other recipients.
+ */
+ protected void updateRoutingHeaders()
+ {
+ if (hasRejectedRecipients())
+ this.updateRoutingHeaders(this.getRejectedRecipients());
+ }
+
+ protected void validate()
+ {
+
+ }
+
+ public void ensureRecipientsCategorizedByDomain(Collection<String>
domains)
+ {
+ if (hasDomainRecipients() || hasOtherRecipients())
+ {
+ return;
+ }
+
+ categorizeRecipients(domains);
+ }
+
+ /**
+ * Splits recipients into domain recipients and external recipients.
The agent's domains are used to determine a recipients category.
+ * @param domain A collection of local domains supported by the agent.
+ */
+ protected void categorizeRecipients(Collection<String> domains)
+ {
+ if (domains == null || domains.size() == 0)
+ {
+ throw new IllegalArgumentException();
+ }
+
+ NHINDAddressCollection recipients = this.getRecipients();
+ this.domainRecipients = new NHINDAddressCollection();
+ this.otherRecipients = new ArrayList<NHINDAddress>();
+
+ for (NHINDAddress address : recipients)
+ {
+ if (address.isInDomain(domains))
+ {
+ this.domainRecipients.add(address);
+ }
+ else
+ {
+ this.otherRecipients.add(address);
+ }
+ }
+ }
+
+ /**
+ * Categorizes recipients as either trusted or untrusted (rejected).
+ * @param minTrustStatus The minimum level of trust a recipient must
have in order to be considered trusted.
+ */
+ protected void categorizeRecipients(TrustEnforcementStatus minTrustStatus)
+ {
+ rejectedRecipients =
NHINDAddressCollection.create(getRecipients().getUntrusted(minTrustStatus));
+ getRecipients().removeUntrusted(minTrustStatus);
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/DefaultMessageSignatureImpl.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,155 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.security.cert.X509Certificate;
+
+import org.bouncycastle.cms.SignerInformation;
+import org.nhindirect.stagent.cert.Thumbprint;
+
+/**
+ * Contains information specific to a discrete signer of a message.
Includes the singer information and the certificate used to sign the
message (optimally
+ * extracted from the signature). This is a subset of the CMS signed data.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class DefaultMessageSignatureImpl implements MessageSignature
+{
+ private boolean signatureValid;
+ private SignerInformation signer;
+ private boolean useOrgCertificate;
+ private boolean thumbprintVerified;
+ private X509Certificate signerCert;
+
+ /**
+ * Constructs a message signature from the singer info and the
certificate used to sign the message.
+ * @param signer Information about the individual signature such as the
signers id and algorithms used to sign.
+ * @param useOrgCert Indicates if the certificate used is a org level or
individual level certificate
+ * @param cert The public certificate used to sign the message for this
signer.
+ */
+ public DefaultMessageSignatureImpl(SignerInformation signer, boolean
useOrgCert, X509Certificate cert)
+ {
+ if (signer == null)
+ throw new IllegalArgumentException();
+
+ this.signer = signer;
+ this.signatureValid = false;
+ this.useOrgCertificate = useOrgCert;
+ this.thumbprintVerified = false;
+ this.signerCert = cert;
+ }
+
+ /**
+ * Get the certificate used to sign the message for this specific signer.
+ * @return The certificate used to sign the message.
+ */
+ public X509Certificate getSignerCert()
+ {
+ return signerCert;
+ }
+
+ /**
+ * Indicate if the signature has been validated for authenticity and
consistency.
+ * @return True if the signature is valid. False otherwise.
+ */
+ public boolean isSignatureValid()
+ {
+ return signatureValid;
+ }
+
+ /**
+ * Gets the signer information for this specific signature.
+ * @return The signer information for this specific signature.
+ */
+ public SignerInformation getSigner()
+ {
+ return signer;
+ }
+
+ /**
+ * Indicate if the certificate used to sign the message for this signer
is an org level or individual level cert.
+ * @return True if the certificate is an org level cert. False otherwise.
+ */
+ public boolean isUseOrgCertificate()
+ {
+ return useOrgCertificate;
+ }
+
+ /**
+ * Indicates if the signature certificate has been verified against a
senders certificate.
+ * @return True if the thumb print has been verified. False otherwise.
checkThumbprint should be
+ * called first before calling this method.
+ */
+ public boolean isThumbprintVerified()
+ {
+ return thumbprintVerified;
+ }
+
+ /**
+ * Verifies if the signature is valid using the signature certificate.
+ * @return True if the signature is valid. False otherwise.
+ */
+ public boolean checkSignature()
+ {
+ try
+ {
+ signatureValid = signer.verify(signerCert,
CryptoExtensions.getJCEProviderName());
+ }
+ catch (Exception e)
+ {
+ // TODO: Log an error
+ signatureValid = false;
+ }
+
+ return signatureValid;
+ }
+
+ /**
+ * Validates if the senders certificate matches the signature certificate
using certificate thumb printing.
+ * @param messageSender The senders address. The address should contain
the senders public certificate.
+ * @return True if the thumb print of the signature matches the senders
certificate thumb print. False otherwise.
+ */
+ public boolean checkThumbprint(NHINDAddress messageSender)
+ {
+ thumbprintVerified = false;
+ //try
+ //{
+ // generate a thumb print of our cert
+ Thumbprint sigThumbprint =
Thumbprint.toThumbprint(this.getSignerCert());
+
+ if (messageSender.hasCertificates())
+ // now iterate through the sender's certificates until a thumb print
match is found
+ for (X509Certificate checkCert : messageSender.getCertificates())
+ if (sigThumbprint.equals(Thumbprint.toThumbprint(checkCert)))
+ {
+ thumbprintVerified = true;
+ break;
+ }
+
+ //}
+ //catch (Exception e) {/* no-op */}
+
+ return thumbprintVerified;
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/DefaultNHINDAgent.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,1612 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+import javax.mail.Header;
+import javax.mail.MessagingException;
+import javax.mail.internet.ContentType;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.InternetHeaders;
+import javax.mail.internet.MimeMessage;
+import javax.mail.internet.MimeMultipart;
+import javax.mail.util.ByteArrayDataSource;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.bouncycastle.cms.CMSSignedData;
+import org.nhindirect.common.tx.TxUtil;
+import org.nhindirect.common.tx.model.TxMessageType;
+import org.nhindirect.policy.PolicyExpression;
+import org.nhindirect.policy.PolicyFilter;
+import org.nhindirect.policy.PolicyFilterFactory;
+import org.nhindirect.policy.PolicyParseException;
+import org.nhindirect.policy.PolicyProcessException;
+import org.nhindirect.policy.PolicyRequiredException;
+import org.nhindirect.stagent.annotation.AgentDomains;
+import org.nhindirect.stagent.annotation.AgentPolicyFilter;
+import org.nhindirect.stagent.annotation.PrivateCerts;
+import org.nhindirect.stagent.annotation.PrivatePolicyResolver;
+import org.nhindirect.stagent.annotation.PublicCerts;
+import org.nhindirect.stagent.annotation.PublicPolicyResolver;
+import org.nhindirect.stagent.cert.CertificateResolver;
+import org.nhindirect.stagent.cert.X509CertificateEx;
+import org.nhindirect.stagent.cryptography.Cryptographer;
+import org.nhindirect.stagent.cryptography.SMIMECryptographerImpl;
+import org.nhindirect.stagent.cryptography.SMIMEStandard;
+import org.nhindirect.stagent.cryptography.SignedEntity;
+import org.nhindirect.stagent.mail.Message;
+import org.nhindirect.stagent.mail.MimeEntity;
+import org.nhindirect.stagent.mail.MimeError;
+import org.nhindirect.stagent.mail.MimeException;
+import org.nhindirect.stagent.mail.MimeStandard;
+import org.nhindirect.stagent.mail.WrappedMessage;
+import org.nhindirect.stagent.options.OptionsManager;
+import org.nhindirect.stagent.options.OptionsParameter;
+import org.nhindirect.stagent.parser.EntitySerializer;
+import org.nhindirect.stagent.policy.PolicyResolver;
+import org.nhindirect.stagent.trust.TrustAnchorResolver;
+import org.nhindirect.stagent.trust.TrustEnforcementStatus;
+import org.nhindirect.stagent.trust.TrustError;
+import org.nhindirect.stagent.trust.TrustException;
+import org.nhindirect.stagent.trust.TrustModel;
+
+import com.google.inject.Inject;
+
+/**
+ * Default agent implementation. Implements {@l MutableAgent} to support
updating agent properties at runtime.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ * @since 1.0
+ */
+public class DefaultNHINDAgent implements NHINDAgent, MutableAgent
+{
+ private static final Log LOGGER =
LogFactory.getFactory().getInstance(DefaultNHINDAgent.class);
+
+ private static boolean initialConstruct = true;
+
+ static MimeMultipart lastMMPart = null;
+
+ protected final ReentrantReadWriteLock readWriteLock = new
ReentrantReadWriteLock(true);
+
+ protected Cryptographer cryptographer;
+ protected CertificateResolver privateCertResolver;
+ protected Collection<CertificateResolver> publicCertResolver;
+ protected TrustAnchorResolver trustAnchors;
+
+ protected TrustModel trustModel;
+ protected TrustEnforcementStatus minTrustRequirement;
+ protected Collection<String> domains;
+ protected NHINDAgentEventListener m_listener = null;
+
+ protected PolicyResolver publicPolicyResolver;
+ protected PolicyResolver privatePolicyResolver;
+
+ protected PolicyFilter policyFilter;
+
+ private boolean encryptionEnabled = true;
+ private boolean wrappingEnabled = true;
+
+ static
+ {
+ CryptoExtensions.registerJCEProviders();
+ }
+
+ /**
+ * Constructs an agent with a domain, certificate stores, and a trust
anchor store.
+ * @param domain The domain that this agent will be serving.
+ * @param internalCerts A certificate store for messages originating
internally. The store contains certificates that have access to private
keys for decryption and
+ * signing messages.
+ * @param externalCerts A certificate store for incoming messages.
The store contains public certificates for message signature validation and
encryption.
+ * @param trustSettings A certificate store for certificate anchors.
Certificate anchors are certificates that can validate the authenticity of
+ * a certificate. They are also used by the agent to determine if a
certificate is trusted by the system.
+ */
+ public DefaultNHINDAgent(String domain, CertificateResolver
privateCerts, CertificateResolver publicCerts, TrustAnchorResolver anchors)
+ {
+
+ this(domain, privateCerts, publicCerts, anchors, TrustModel.Default,
SMIMECryptographerImpl.Default);
+ }
+
+ /**
+ * Constructs an agent with a list of domains, certificate stores, and
a trust anchor store.
+ * @param domain A list of domains that this agent will be serving.
+ * @param internalCerts A certificate store for messages originating
internally. The store contains certificates that have access to private
keys for decryption and
+ * signing messages.
+ * @param externalCerts A certificate store for incoming messages.
The store contains public certificates for message signature validation and
encryption.
+ * @param trustSettings A certificate store for certificate anchors.
Certificate anchors are certificates that can validate the authenticity of
+ * a certificate. They are also used by the agent to determine if a
certificate is trusted by the system.
+ */
+ public DefaultNHINDAgent(Collection<String> domains,
CertificateResolver privateCerts, CertificateResolver publicCerts,
TrustAnchorResolver anchors)
+ {
+
+
+ this(domains, privateCerts, publicCerts, anchors, TrustModel.Default,
SMIMECryptographerImpl.Default);
+ }
+
+
+
+ /**
+ * Constructs an agent with domain, certificate services, and trust
anchor store.
+ * @param domain The domain that this agent will be serving.
+ * @param internalCerts A certificate store for messages originating
internally. The store contains certificates that have access to private
keys for decryption and
+ * signing messages.
+ * @param externalCerts A certificate store for incoming messages.
The store contains public certificates for message signature validation and
encyprtion.
+ * @param trustSettings A certificate store for certificate anchors.
Certificate anchors are certificates that can validate the authenticity of
+ * a certificate. They are also used by the agent to determine if a
certificate is trusted by the system.
+ * @param A trust model implementation that asserts the if a message
is trusted.
+ * @param A cryptography implementation used to sign, encrypt, and
decrypt messages.
+ */
+ public DefaultNHINDAgent(String domain, CertificateResolver
privateCerts, CertificateResolver publicCerts, TrustAnchorResolver anchors,
TrustModel trustModel, Cryptographer cryptographer)
+ {
+ this(Arrays.asList(domain), privateCerts, Arrays.asList(publicCerts),
anchors, trustModel, cryptographer);
+ }
+
+ /**
+ * Constructs an agent with a list of domains, certificate stores, and
a trust anchor store.
+ */
+ @Inject
+ public DefaultNHINDAgent(@AgentDomains Collection<String> domains,
@PrivateCerts CertificateResolver privateCerts,
+ @PublicCerts Collection<CertificateResolver> publicCerts,
TrustAnchorResolver anchors,
+ TrustModel trustModel, Cryptographer cryptographer)
+ {
+
+ if (domains == null || domains.size() == 0 || privateCerts == null ||
publicCerts == null || anchors == null || trustModel == null ||
cryptographer == null)
+ {
+ throw new IllegalArgumentException();
+ }
+
+ if (initialConstruct)
+ {
+ StringBuilder domainLogInfo = new StringBuilder("Initializing
NHINDAgent\r\nLocal domains:");
+ for (String domain : domains)
+ domainLogInfo.append("\r\n\t" + domain);
+
+ LOGGER.info(domainLogInfo);
+ initialConstruct = false;
+ }
+
+
+
+ this.domains = domains;
+ this.privateCertResolver = privateCerts;
+ this.publicCertResolver = publicCerts;
+ this.cryptographer = cryptographer;
+ this.trustAnchors = anchors;
+ this.trustModel = trustModel;
+ this.minTrustRequirement = TrustEnforcementStatus.Success_Offline;
+
+ if (this.trustModel.getCertChainValidator() != null &&
+ !this.trustModel.getCertChainValidator().isCertificateResolver())
+ {
+
this.trustModel.getCertChainValidator().setCertificateResolver(this.publicCertResolver);
+ }
+
+ try
+ {
+ this.policyFilter = PolicyFilterFactory.getInstance();
+ }
+ catch (PolicyParseException e)
+ {
+ throw new AgentException(AgentError.Unexpected, "Failed to create
policy filter object.", e);
+ }
+ }
+
+ /**
+ * Constructs an agent with a list of domain, certificate services,
and trust anchor store.
+ * @param domain A list of domains that this agent will be serving.
+ * @param internalCerts A certificate store for messages originating
internally. The store contains certificates that have access to private
keys for decryption and
+ * signing messages.
+ * @param externalCerts A certificate store for incoming messages.
The store contains public certificates for message signature validation and
encyprtion.
+ * @param trustSettings A certificate store for certificate anchors.
Certificate anchors are certificates that can validate the authenticity of
+ * a certificate. They are also used by the agent to determine if a
certificate is trusted by the system.
+ * @param A trust model implementation that asserts the if a message
is trusted.
+ * @param A cryptography implementation used to sign, encrypt, and
decrypt messages.
+ */
+
+ public DefaultNHINDAgent( Collection<String> domains,
CertificateResolver privateCerts,
+ CertificateResolver publicCerts, TrustAnchorResolver anchors,
TrustModel trustModel, Cryptographer cryptographer)
+ {
+ this(domains, privateCerts, Arrays.asList(publicCerts), anchors,
trustModel, cryptographer);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setDomains(Collection<String> domains)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+
+ this.domains = domains;
+
+ lock.unlock();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Collection<String> getDomains()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return Collections.unmodifiableCollection(domains);
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Cryptographer getCryptographer()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return this.cryptographer;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setCryptographer(Cryptographer cryptographer)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+
+ this.cryptographer = cryptographer;
+
+ lock.unlock();
+
+ }
+
+ /**
+ * Indicates if messages are required to be encrypted in the agent.
+ * @return True if messages are required to be encrypted in the
agent. False otherwise.
+ */
+ public boolean isEncryptMessages()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return this.encryptionEnabled;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * Sets if messages are required to be encrypted in the agen
+ * @param value True if messages are required to be encrypted in the
agent. False otherwise.
+ */
+ public void setEncryptMessages(boolean value)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+
+ this.encryptionEnabled = value;
+
+ lock.unlock();
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean isWrappingEnabled()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return wrappingEnabled;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setWrappingEnabled(boolean wrappingEnabled)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+
+ this.wrappingEnabled = wrappingEnabled;
+
+ lock.unlock();
+
+ }
+
+
+ /**
+ * Gets the certificate store used to encrypt messages and validate
signatures. This store generally contains only public certificates
+ * @return The certificate store used to encrypt messages and validate
signatures.
+ * @deprecated Use {{@link #getPublicCertResolvers()}
+ */
+ public CertificateResolver getPublicCertResolver()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ if (publicCertResolver != null && publicCertResolver.size() > 0)
+ return this.publicCertResolver.iterator().next();
+
+ return null;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public Collection<CertificateResolver> getPublicCertResolvers()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return this.publicCertResolver;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setPublicCertResolvers(Collection<CertificateResolver>
resolvers)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+
+ this.publicCertResolver = resolvers;
+
+ lock.unlock();
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public CertificateResolver getPrivateCertResolver()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return this.privateCertResolver;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setPrivateCertResolver(CertificateResolver resolver)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+
+ this.privateCertResolver = resolver;
+
+ lock.unlock();
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public TrustAnchorResolver getTrustAnchors()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return this.trustAnchors;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setTrustAnchorResolver(TrustAnchorResolver resolver)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+
+ this.trustAnchors = resolver;
+
+ lock.unlock();
+
+ }
+
+ /**
+ * Gets the minimum trust status applied to messages by the agent.
+ * @return The minimum trust status applied to messages by the agent.
+ */
+ public TrustEnforcementStatus getMinTrustRequirement()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return this.minTrustRequirement;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * Sets the minimum trust status applied to messages by the agent.
+ * @param value The minimum trust status applied to messages by the
agent.
+ */
+ public void setMinTrustRequirement(TrustEnforcementStatus value)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+ try
+ {
+ if (value.compareTo(TrustEnforcementStatus.Success_Offline) < 0)
+ {
+ throw new IllegalArgumentException();
+ }
+ this.minTrustRequirement = value;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setEventListener(NHINDAgentEventListener listener)
+ {
+ Lock lock = readWriteLock.writeLock();
+ lock.lock();
+
+ m_listener = listener;
+
+ lock.unlock();
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public NHINDAgentEventListener getEventListener()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return m_listener;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Inject(optional=true)
+ @Override
+ public void setPublicPolicyResolver(@PublicPolicyResolver PolicyResolver
publicPolicyResolver)
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+
+ this.publicPolicyResolver = publicPolicyResolver;
+
+ lock.unlock();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public PolicyResolver getPublicPolicyResolver()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return this.publicPolicyResolver;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Inject(optional=true)
+ @Override
+ public void setPrivatePolicyResolver(@PrivatePolicyResolver
PolicyResolver privatePolicyResolver)
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+
+ this.privatePolicyResolver = privatePolicyResolver;
+
+ lock.unlock();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public PolicyResolver getPrivatePolicyResolver()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return privatePolicyResolver;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Inject(optional=true)
+ @Override
+ public void setPolicyFilter(@AgentPolicyFilter PolicyFilter filter)
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+
+ this.policyFilter = filter;
+
+ lock.unlock();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public PolicyFilter getPolicyFilter()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return policyFilter;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void setTrustModel(TrustModel trustModel)
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+
+ this.trustModel = trustModel;
+
+ lock.unlock();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public TrustModel getTrustModel()
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ return this.trustModel;
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * Processes an incoming message represented by a raw string. The
message will be decrypted and validated that it meets trust assertions.
+ * @param messageText The raw contents of the incoming message that will
be processed.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(String messageText)
+ {
+ if (messageText == null || messageText.length() == 0)
+ {
+ throw new IllegalArgumentException();
+ }
+
+ return processIncoming(new IncomingMessage(messageText));
+ }
+
+ /**
+ * Processes an incoming message represented by a raw string. The
message will be decrypted and validated that it meets trust assertions.
+ * @param messageText The raw contents of the incoming message that will
be processed.
+ * @param recipients The recipients of the message. This overrides the
routing headers in the message.
+ * @param sender The sender of the message. This overrides the to FROM
routing header in the message.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(String messageText,
NHINDAddressCollection recipients, NHINDAddress sender)
+ {
+ this.checkEnvelopeAddresses(recipients, sender);
+
+ IncomingMessage message = new IncomingMessage(messageText,
recipients, sender);
+ return this.processIncoming(message);
+ }
+
+
+ /**
+ * Processes a pre-enveloped message. The message will be decrypted and
validated that it meets trust assertions.
+ * @param envelope A message envelope containing the incoming message.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(MessageEnvelope envelope)
+ {
+ if (envelope == null)
+ {
+ throw new IllegalArgumentException();
+ }
+
+ this.checkEnvelopeAddresses(envelope);
+ return this.processIncoming(new IncomingMessage(envelope));
+ }
+
+
+ /**
+ * Processes an incoming mime message. The message will be decrypted and
validated that it meets trust assertions.
+ * @param msg The incoming mime message.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(MimeMessage msg)
+ {
+ if (msg == null)
+ {
+ throw new IllegalArgumentException();
+ }
+ IncomingMessage inMsg = null;
+ try
+ {
+ inMsg = new IncomingMessage(new Message(msg));
+
+ }
+ catch (MessagingException e)
+ {
+ throw new MimeException(MimeError.InvalidMimeEntity, e);
+ }
+
+ return processIncoming(inMsg);
+ }
+
+
+
+ /**
+ * Processes a pre-enveloped message. The message will be decrypted and
validated that it meets trust assertions.
+ * @param envelope A message envelope containing the incoming message.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(IncomingMessage message)
+ {
+ Lock lock = readWriteLock.readLock();
+ lock.lock();
+ try
+ {
+ if (message == null)
+ {
+ throw new IllegalArgumentException();
+ }
+
+ if (LOGGER.isDebugEnabled())
+ LOGGER.debug("Processing incoming message:\r\n" +
message.toString() + "\r\n");
+
+ try
+ {
+ message.setAgent(this);
+ message.validate();
+
+ if (m_listener != null)
+ m_listener.preProcessIncoming(message);
+
+ processMessage(message);
+
+ if (m_listener != null)
+ m_listener.postProcessIncoming(message);
+
+ if (LOGGER.isDebugEnabled())
+ LOGGER.debug("Completed processing incoming message. Result
message:\r\n" + EntitySerializer.Default.serialize(message.getMessage())
+ "\r\n");
+
+ return message;
+ }
+ catch (Exception error)
+ {
+ LOGGER.error("Error processing incoming message: " +
error.getMessage(), error);
+
+ NHINDException throwError = new NHINDException(error);
+
+ if (m_listener != null)
+ m_listener.errorIncoming(message, error);
+ throw throwError; // rethrow error
+ }
+ }
+ finally
+ {
+ lock.unlock();
+ }
+ }
+
+ /*
+ * Process the incoming message by apply the security and trust
algorithms.
+ *
+ */
+ protected void processMessage(IncomingMessage message)
+ {
+ ///CLOVER:OFF
+ if (message.getSender() == null)
+ {
+ throw new TrustException(TrustError.UntrustedSender);
+ }
+ ///CLOVER:ON
+
+ message.categorizeRecipients(this.getDomains());
+ if (!message.hasDomainRecipients())
+ {
+ throw new AgentException(AgentError.NoTrustedRecipients);
+ }
+ //
+ // Map each address to its certificates/trust settings
+ //
+ this.bindAddresses(message);
+ //
+ // Extract signed content from the message
+ //
+ this.decryptSignedContent(message);
+
+ message.setMessage(this.unwrapMessage(message.getMessage()));
+
+ // Enforce trust requirements, including checking signatures
+ //
+
+ // need to decide if this message is a notification and message and
+ // if outgoing policy can be used for trust enforcement
+ final boolean allowOutgoingPolicyForIncomingNotifications =
+
OptionsParameter.getParamValueAsBoolean(OptionsManager.getInstance().
+
getParameter(OptionsParameter.USE_OUTGOING_POLICY_FOR_INCOMING_NOTIFICATIONS),
false);
+
+ if (allowOutgoingPolicyForIncomingNotifications)
+ {
+ final TxMessageType msgType =
TxUtil.getMessageType(message.getMessage());
+ // determine if this message is a notification message
+ if (msgType.equals(TxMessageType.DSN) ||
msgType.equals(TxMessageType.MDN))
+ {
+ // need to apply outgoing anchor policy to each recipient
+ for (NHINDAddress recipient :
message.getDomainRecipients())
+ {
+ try
+ {
+ final Collection<X509Certificate> anchors = new
ArrayList<X509Certificate>(trustAnchors.getIncomingAnchors().getCertificates(recipient));
+
anchors.addAll(trustAnchors.getOutgoingAnchors().getCertificates(recipient));
+ recipient.setTrustAnchors(anchors);
+ }
+ catch (Exception e)
+ {
+ /*no-op*/
+ }
+ }
+ }
+ }
+
+
+
+ this.trustModel.enforce(message);
+
+ //
+ // Remove any untrusted recipients...
+ //
+ if (message.hasDomainRecipients())
+ {
+ message.categorizeRecipients(this.minTrustRequirement);
+ }
+ if (!message.hasDomainRecipients())
+ {
+ throw new TrustException(TrustError.NoTrustedRecipients);
+ }
+
+ message.updateRoutingHeaders();
+ }
+
+ /*
+ * Binds the addresses with certificates and trust anchors
+ */
+ protected void bindAddresses(IncomingMessage message)
+ {
+
+
+
+ // PUBLIC CERTS ARE NO LONGER RESOLVED FOR INCOMING MESSAGES
+ // THEY ARE ALWAYS EXTRACTED FROM THE CERTIFICATE, SO PULBIC
RESOLUTION IS REDUNDANT
+ /*
+ *
+ Collection<X509Certificate> resolvedPublicCerts =
this.resolvePublicCerts(message.getSender(), false, true);
+ if (message.getDomainRecipients().size() > 0)
+ resolvedPublicCerts =
filterCertificatesByPolicy(message.getDomainRecipients().get(0),
publicPolicyResolver, resolvedPublicCerts, true);
+
+ message.getSender().setCertificates(resolvedPublicCerts);
+ */
+ message.getSender().setCertificates(new ArrayList<X509Certificate>());
+
+
+ //
+ // Bind each recpient's certs and trust settings
+ //
+
+ for (NHINDAddress recipient : message.getDomainRecipients())
+ {
+ Collection<X509Certificate> privateCerts =
this.resolvePrivateCerts(recipient, false, true);
+
+ // filter private certs based on policy
+ privateCerts = filterCertificatesByPolicy(recipient,
privatePolicyResolver, privateCerts, true);
+
+ if (privateCerts == null || privateCerts.size() == 0)
+ LOGGER.warn("bindAddresses(IncomingMessage message) - Could not
resolve a private certificate for recipient " + recipient.getAddress());
+
+ recipient.setCertificates(privateCerts);
+
+ Collection<X509Certificate> anchors = null;
+ try
+ {
+ anchors = new
ArrayList<X509Certificate>(trustAnchors.getIncomingAnchors().getCertificates(recipient));
+
+ }
+ catch (Exception e)
+ {
+ /*no-op*/
+ }
+ if (anchors == null || anchors.size() == 0)
+ LOGGER.warn("bindAddresses(IncomingMessage message) - Could
not obtain incoming trust anchors for recipient " + recipient.getAddress());
+ recipient.setTrustAnchors(anchors);
+ }
+ }
+
+ /*
+ * Decrypts the signed message
+ */
+ @SuppressWarnings("unchecked")
+ protected void decryptSignedContent(IncomingMessage message)
+ {
+
+ MimeEntity decryptedEntity = this.decryptMessage(message);
+ CMSSignedData signatures;
+ MimeEntity payload;
+ try
+ {
+ if (SMIMEStandard.isContentEnvelopedSignature(new
ContentType(decryptedEntity.getContentType())))
+ {
+ signatures =
cryptographer.deserializeEnvelopedSignature(decryptedEntity);
+ payload = new MimeEntity(new
ByteArrayInputStream(signatures.getContentInfo().getEncoded()));
+ }
+ else if (SMIMEStandard.isContentMultipartSignature(new
ContentType(decryptedEntity.getContentType())))
+ {
+ //
+ // Extract the signature envelope. That contains both the
signature and the actual message content
+ //
+ ByteArrayDataSource dataSource = new
ByteArrayDataSource(decryptedEntity.getRawInputStream(),
decryptedEntity.getContentType());
+
+ MimeMultipart verifyMM = new MimeMultipart(dataSource);
+
+ SignedEntity signedEntity = SignedEntity.load(verifyMM);
+ signatures =
cryptographer.deserializeSignatureEnvelope(signedEntity);
+ payload = signedEntity.getContent();
+ }
+ else
+ {
+ throw new AgentException(AgentError.UnsignedMessage);
+ }
+
+ message.setSignature(signatures);
+
+ //
+ // Alter body to contain actual content. Also clean up mime
headers on the message that were there to support
+ // signatures etc
+ //
+ InternetHeaders headers = new InternetHeaders();
+
+ // remove all mime headers
+ Enumeration<Header> eHeaders =
message.getMessage().getAllHeaders();
+ while (eHeaders.hasMoreElements())
+ {
+ Header hdr = (Header)eHeaders.nextElement();
+ if (!MimeStandard.startsWith(hdr.getName(),
MimeStandard.HeaderPrefix))
***The diff for this file has been truncated for email.***
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/IncomingMessage.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,166 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+
+import java.util.Collection;
+import java.util.Collections;
+
+import org.bouncycastle.cms.CMSSignedData;
+import org.nhindirect.stagent.mail.Message;
+import org.nhindirect.stagent.trust.TrustEnforcementStatus;
+
+import com.google.inject.Inject;
+import com.google.inject.name.Named;
+
+/**
+ * Incoming messages are specific types of MessageEnvelope that have been
signed and encrypted.
+ * <p>
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class IncomingMessage extends DefaultMessageEnvelope
+{
+
+ private CMSSignedData signature;
+ private Collection<DefaultMessageSignatureImpl> senderSignatures;
+
+ /**
+ * Constructs an incoming envelope from a message.
+ * @param message The incoming message.
+ */
+ public IncomingMessage(Message message)
+ {
+ super(message);
+ }
+
+ /**
+ * Constructs an incoming envelope from a message represented by a raw
string..
+ * @param message The incoming message.
+ */
+ public IncomingMessage(String message)
+ {
+ super(message);
+ }
+
+ /**
+ * Constructs an incoming envelope from a message, a list of recipients,
and a sender. This is intended to override the standard to and from headers
+ * in the incoming message.
+ * @param message The incoming message.
+ * @param recipients A collection of addresses that denote the recipients
of the message.
+ * @param sender The original sender of the message.
+ */
+ @Inject
+ public IncomingMessage(@Named("Message") Message message,
@Named("Recipients") NHINDAddressCollection recipients, @Named("Sender")
NHINDAddress sender)
+ {
+ super(message, recipients, sender);
+ }
+
+ /**
+ * Constructs an incoming envelope from a message represented as a raw
string, a list of recipients, and a sender.
+ * This is intended to override the standard to and from headers in the
incoming message.
+ * @param message The incoming message.
+ * @param recipients A collection of addresses that denote the recipients
of the message.
+ * @param sender The original sender of the message.
+ */
+ public IncomingMessage(String message, NHINDAddressCollection
recipients, NHINDAddress sender)
+ {
+ super(message, recipients, sender);
+ }
+
+ /**
+ * Constructs an incoming envelope from another envelope.
+ * @param message The incoming message.
+ */
+ protected IncomingMessage(MessageEnvelope envelope)
+ {
+ super(envelope);
+ }
+
+ /**
+ * Gets the message signature data. This includes the all the
attributes of the signature block and in the case of enveloped signatures
it will
+ * also include the signed content
+ * @return The message signature data.
+ */
+ public CMSSignedData getSignature()
+ {
+ return signature;
+ }
+
+ /**
+ * Sets the message signature data.
+ * @param value The message signature data.
+ */
+ public void setSignature(CMSSignedData sig)
+ {
+ signature = sig;
+ }
+
+ /**
+ * Indicates if the message has signature.
+ * @return True if the message has signatures. False other wise.
+ */
+ public boolean hasSignatures()
+ {
+ return signature != null;
+ }
+
+ /**
+ * Gets the collection of individual signers of the message. This is
a subset of data of the signature, but includes
+ * additional information such as the singers certificate and
validation flags.
+ * @return The collection of signers.
+ */
+ public Collection<DefaultMessageSignatureImpl> getSenderSignatures()
+ {
+ return Collections.unmodifiableCollection(senderSignatures);
+ }
+
+ /**
+ * Sets the collection of signers of a message.
+ * @param senderSignatures The collection of signers of a message.
+ */
+ public void
setSenderSignatures(Collection<DefaultMessageSignatureImpl>
senderSignatures)
+ {
+ this.senderSignatures = senderSignatures;
+ }
+
+ /**
+ * Indicates if the message has signers.
+ * @return True if the message has signers. False otherwise.
+ */
+ public boolean hasSenderSignatures()
+ {
+ return (senderSignatures != null && senderSignatures.size() > 0);
+ }
+
+ @Override
+ /**
+ * {@inheritDoc}
+ */
+ protected void categorizeRecipients(TrustEnforcementStatus minTrustStatus)
+ {
+ super.categorizeRecipients(minTrustStatus);
+ this.getDomainRecipients().removeUntrusted(minTrustStatus);
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/MessageEnvelope.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,115 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.util.Collection;
+
+import org.nhindirect.stagent.mail.Message;
+
+import com.google.inject.ImplementedBy;
+
+/**
+ * A wrapper around a MimeMessage that categorizes routing headers such as
trusted and non trusted recipients.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+@ImplementedBy(DefaultMessageEnvelope.class)
+public interface MessageEnvelope {
+
+ /**
+ * Serializes the wrapped message to a raw string representation.
+ * @return The wrapped message to as a raw string representation.
+ */
+ public String serializeMessage();
+
+ /**
+ * Gets the agent associated with the message.
+ * @return The security and trust agent.
+ */
+ public NHINDAgent getAgent();
+
+ /**
+ * Gets the mime message wrapped in the envelope.
+ * @return the mime message wrapped in the envelope.
+ */
+ public Message getMessage();
+
+ /**
+ * Gets the sender of the message.
+ * @return The sender of the message.
+ */
+ public NHINDAddress getSender();
+
+ /**
+ * The collection of message recipients.
+ * @return Collection of message recipients.
+ */
+ public NHINDAddressCollection getRecipients();
+
+ /**
+ * Indicates if the message has any recipients.
+ * @return True if the message has recipients. False otherwise.
+ */
+ public boolean hasRecipients();
+
+ /**
+ * Gets a list of recipients in the message that are not trusted by
the address.
+ * @return A list of recipients in the message that are not trusted by
the address.
+ */
+ public NHINDAddressCollection getRejectedRecipients();
+
+ /**
+ * Indicates if the message has recipients that are not trusted by the
address.
+ * @return True if the message has recipients that are not trusted by
the address. False otherwise.
+ */
+ public boolean hasRejectedRecipients();
+
+ /**
+ * Gets a list of recipients in the message that are part of the
agent's domain.
+ * @return A list of recipients in the agent's domain.
+ */
+ public NHINDAddressCollection getDomainRecipients();
+
+ /**
+ * Indicates if the message has recipients that are in the agent's
domain.
+ * @return True if the message has recipients that are in the agent's
domain. False otherwise.
+ */
+ public boolean hasDomainRecipients();
+
+ /**
+ * Gets a list of recipients in the message that are not part of the
agent's domain.
+ * @return A list of recipients that are not in the agent's domain.
+ */
+ public Collection<NHINDAddress> getOtherRecipients();
+
+ /**
+ * Indicates if the message has recipients that are not in the agent's
domain.
+ * @return True if the message has recipients that are not in the
agent's domain. False otherwise.
+ */
+ public boolean hasOtherRecipients();
+
+
+ public void ensureRecipientsCategorizedByDomain(Collection<String>
domains);
+
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/MessageSignature.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,50 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import com.google.inject.ImplementedBy;
+
+/**
+ * Contains information specific to a discrete signer of a message.
Includes the singer information and the certificate used to sign the
message (optimally
+ * extracted from the signature). This is a subset of the CMS signed data.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+@ImplementedBy(DefaultMessageSignatureImpl.class)
+public interface MessageSignature {
+
+ /**
+ * Verifies if the signature is valid using the signature certificate.
+ * @return True if the signature is valid. False otherwise.
+ */
+ public boolean checkSignature();
+
+ /**
+ * Validates if the senders certificate matches the signature certificate
using certificate thumb printing.
+ * @param messageSender The senders address. The address should contain
the senders public certificate.
+ * @return True if the thumb print of the signature matches the senders
certificate thumb print. False otherwise.
+ */
+ public boolean checkThumbprint(NHINDAddress messageSender);
+
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/MutableAgent.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,177 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.util.Collection;
+
+import org.nhindirect.policy.PolicyFilter;
+import org.nhindirect.stagent.cert.CertificateResolver;
+import org.nhindirect.stagent.cryptography.Cryptographer;
+import org.nhindirect.stagent.policy.PolicyResolver;
+import org.nhindirect.stagent.trust.TrustAnchorResolver;
+import org.nhindirect.stagent.trust.TrustModel;
+
+/**
+ * Defines an interface for modifying agent properties. Care should be
taken when implementing this interface to ensure thread safe operation of
agent modification.
+ * @author Greg Meyer
+ * @since 1.3
+ */
+public interface MutableAgent
+{
+
+ /**
+ * Gets the list of domains that the agent is serving.
+ * @return The domains that the agent is serving.
+ */
+ public Collection<String> getDomains();
+
+ /**
+ * Sets the list of domain that the agent is serving.
+ * @param domains The list of domain that the agent is serving.
+ */
+ public void setDomains(Collection<String> domains);
+
+ /**
+ * Gets the Cryptographer used by the agent to perform cryptography
operations.
+ * @return The Cryptographer used by the agent to perform cryptography
operations.
+ */
+ public Cryptographer getCryptographer();
+
+ /**
+ * Sets the Cryptographer used by the agent to perform cryptography
operations.
+ * @param cryptographer The Cryptographer used by the agent to perform
cryptography operations.
+ */
+ public void setCryptographer(Cryptographer cryptographer);
+
+ /**
+ * Gets the certificate stores used to encrypt messages and validate
signatures. This store generally contains only public certificates
+ * @return The certificate stores used to encrypt messages and
validate signatures.
+ */
+ public Collection<CertificateResolver> getPublicCertResolvers();
+
+ /**
+ * Sets the certificate stores used to encrypt messages and validate
signatures. This store generally contains only public certificates
+ * @param resolvers The certificate stores used to encrypt messages and
validate signatures.
+ */
+ public void setPublicCertResolvers(Collection<CertificateResolver>
resolvers);
+
+ /**
+ * Gets the certificate store used to decrypt and sign messages.
Certificates in this store must have access to the certifcate's private key.
+ * @return The certificate store used to decrypt and sign messages.
+ */
+ public CertificateResolver getPrivateCertResolver();
+
+ /**
+ * Sets the certificate store used to decrypt and sign messages.
Certificates in this store must have access to the certifcate's private key.
+ * @param resolver The certificate store used to decrypt and sign
messages.
+ */
+ public void setPrivateCertResolver(CertificateResolver resolver);
+
+
+ /**
+ * Gets the certificate store that contains the certificate anchors
that validate if certificates are trusted.
+ * @return The certificate store that contains the certificate anchors
that validate if certificates are trusted.
+ */
+ public TrustAnchorResolver getTrustAnchors();
+
+
+ /**
+ * Sets the certificate store that contains the certificate anchors
that validate if certificates are trusted.
+ * @param resolver The certificate store that contains the certificate
anchors that validate if certificates are trusted.
+ */
+ public void setTrustAnchorResolver(TrustAnchorResolver resolver);
+
+ /**
+ * Sets the event listener that will receive notifications at
different stages of message processing.
+ * @param listener A concrete implementation of an
NHINDAgentEventListener.
+ */
+ public void setEventListener(NHINDAgentEventListener listener);
+
+ /**
+ * Sets the event listener that will receive notifications at
different stages of message processing.
+ * @return A concrete implementation of an NHINDAgentEventListener.
+ */
+ public NHINDAgentEventListener getEventListener();
+
+
+ /**
+ * Sets the auto message wrapping feature of the agent. Message
wrapping takes the original message and wraps it into a message of type
RFC822 pushing all headers
+ * into the message body. Only routing information is propagated up
from the original message.
+ * @param wrappingEnabled True if the agent automatically wraps
messages. False otherwise.
+ */
+ public void setWrappingEnabled(boolean wrappingEnabled);
+
+ /**
+ * Indicates if the agent automatically wraps messages into RFC822
envelopes for hiding headers.
+ * @return True if the agent automatically wraps messages.
+ */
+ public boolean isWrappingEnabled();
+
+ /**
+ * Sets the policy resolver for publicly discovered certificates
+ * @param publicPolicyResolver The policy resolver for publicly
discovered certificates
+ */
+ public void setPublicPolicyResolver(PolicyResolver
publicPolicyResolver);
+
+ /**
+ * Gets the policy resolver for publicly discovered certificates
+ * @return The policy resolver for publicly discovered certificates
+ */
+ public PolicyResolver getPublicPolicyResolver();
+
+ /**
+ * Sets the policy resolvers for privately discovered certificates
+ * @param privatePolicyResolver The policy resolvers for privately
discovered certificates
+ */
+ public void setPrivatePolicyResolver(PolicyResolver
privatePolicyResolver);
+
+ /**
+ * Gets the policy resolvers for privately discovered certificates
+ * @return The policy resolvers for privately discovered certificates
+ */
+ public PolicyResolver getPrivatePolicyResolver();
+
+ /**
+ * Sets the policy filter engine for the agent.
+ * @param filter The policy filter engine for the agent.
+ */
+ public void setPolicyFilter(PolicyFilter filter);
+
+ /**
+ * Gets the policy filter engine for the agent.
+ * @return The policy filter engine for the agent.
+ */
+ public PolicyFilter getPolicyFilter();
+
+ /**
+ * Sets the trust model for enforcing message trust
+ * @param trustModel The trust model for enforcing message trust
+ */
+ public void setTrustModel(TrustModel trustModel);
+
+ /**
+ * Gets the trust model for enforcing message trust
+ * @return The trust model for enforcing message trust
+ */
+ public TrustModel getTrustModel();
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDAddress.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,330 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.util.Collection;
+import java.util.Collections;
+
+import javax.mail.internet.AddressException;
+import javax.mail.internet.InternetAddress;
+
+import org.nhindirect.stagent.mail.MimeError;
+import org.nhindirect.stagent.mail.MimeException;
+import org.nhindirect.stagent.trust.TrustEnforcementStatus;
+
+import java.io.UnsupportedEncodingException;
+import java.security.cert.X509Certificate;
+
+/**
+ * NHIN-Direct agent specific logic for an {@link InternetAddress}.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class NHINDAddress extends InternetAddress
+{
+ static final long serialVersionUID = -5804460458173783482L;
+
+ private AddressSource source;
+ private Collection<X509Certificate> certificates;
+ private TrustEnforcementStatus m_trustStatus;
+ private Collection<X509Certificate> m_trustAnchors;
+
+ /**
+ * Constructs an address from a string representation. The address
must be parsable into an {@link InternetAddress}.
+ * @param address String representation of an address.
+ */
+ public NHINDAddress(String address)
+ {
+ this(address, AddressSource.Unknown);
+ }
+
+ /**
+ * Constructs an address from an {@link InternetAddress}.
+ * @param address The internet address.
+ */
+ public NHINDAddress(InternetAddress address)
+ {
+ this(address, AddressSource.Unknown);
+ }
+
+ /**
+ * Constructs an address from a string representation. The address
must be parsable into an {@link InternetAddress}.
+ * @param address String representation of an address.
+ * @param source Indicates the type of address respective to the
message.
+ */
+ public NHINDAddress(String address, AddressSource source)
+ {
+ super();
+ try
+ {
+ InternetAddress a[] = parse(address, true);
+ if (a.length > 0)
+ {
+ this.setAddress(a[0].getAddress());
+ this.setPersonal(a[0].getPersonal());
+ }
+ else
+ this.setAddress(address);
+ }
+ catch (AddressException e)
+ {
+ this.setAddress(address);
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new MimeException(MimeError.InvalidHeader, e);
+ }
+ this.source = source;
+ this.m_trustStatus = TrustEnforcementStatus.Failed;
+ }
+
+ /**
+ * Constructs an address from an {@link InternetAddress}.
+ * @param address The internet address.
+ * @param source Indicates the type of address respective to the
message.
+ */
+ public NHINDAddress(InternetAddress address, AddressSource source)
+ {
+ super();
+ try
+ {
+ this.setAddress(address.getAddress());
+ this.setPersonal(address.getPersonal());
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new MimeException(MimeError.InvalidHeader, e);
+ }
+
+ this.source = source;
+ setAddress(address.getAddress());
+ }
+
+
+ /**
+ * Constructs an address from a string representation and associates a
collection X509Certificates with the address.
+ * The address must be parsable into an {@link InternetAddress}.
+ * @param address String representation of an address.
+ * @param certificates The certificates to be associated with the
address.
+ */
+ public NHINDAddress(String address, Collection<X509Certificate>
certificates)
+ {
+ super();
+ try
+ {
+ InternetAddress a[] = parse(address, true);
+ if (a.length > 0)
+ {
+ this.setAddress(a[0].getAddress());
+ this.setPersonal(a[0].getPersonal());
+ }
+ else
+ this.setAddress(address);
+ }
+ catch (AddressException e)
+ {
+ this.setAddress(address);
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new MimeException(MimeError.InvalidHeader, e);
+ }
+ this.certificates = certificates;
+ }
+
+ /**
+ * Gets the domain host associated with the address.
+ * @return The host associated with the address.
+ */
+ public String getHost()
+ {
+ String retVal = "";
+
+ // remove any extra information such as < and >
+ String address = this.getAddress();
+ int index;
+ if ((index = address.indexOf('<')) > -1)
+ address = address.substring(index + 1);
+
+ if ((index = address.indexOf('>')) > -1)
+ address = address.substring(0, index);
+
+ index = address.indexOf("@");
+ if (index >= 0)
+ retVal = address.substring(index + 1);
+
+ return retVal;
+ }
+
+ /**
+ * Gets the X509 certificates associated with the address.
+ * @return The X509 certificates associated with the address. Returns
null if no certificates is not associated.
+ */
+ public Collection<X509Certificate> getCertificates()
+ {
+ return certificates;
+ }
+
+ /**
+ * Associates an X509 certificate with the address.
+ * @param value The certificate to associates with the address.
+ */
+ public void setCertificates(Collection<X509Certificate> certs)
+ {
+ this.certificates = certs;
+ }
+
+
+ /**
+ * Indicates if the address is associated with a certificate.
+ * @return True is a certificate is associated. False otherwise.
+ */
+ public boolean hasCertificates()
+ {
+ return (certificates != null && certificates.size() > 0);
+ }
+
+ /**
+ * Gets all certificate anchors that this address trusts. The
returned collection is unmodifiable.
+ * @return A collection of certificate anchors that are trusted by
this address.
+ */
+ public Collection<X509Certificate> getTrustAnchors()
+ {
+ return Collections.unmodifiableCollection(this.m_trustAnchors);
+ }
+
+ /**
+ * Sets all certificate anchors that this address trusts.
+ * @param certs A collection of certificate anchors that are trusted
by this address.
+ */
+ public void setTrustAnchors(Collection<X509Certificate> certs)
+ {
+ this.m_trustAnchors = certs;
+ }
+
+ /**
+ * Indicates if the address has certificate trust anchors associated
with it.
+ * @return True if the address has certificate trust anchors associate
with it. False otherwise.
+ */
+ public boolean hasTrustAnchors()
+ {
+ return (this.m_trustAnchors != null && this.m_trustAnchors.size()
> 0);
+ }
+
+ /**
+ * Gets the trust status of the address.
+ * @return The trust status of the address.
+ */
+ public TrustEnforcementStatus getStatus()
+ {
+ return this.m_trustStatus;
+ }
+
+ /**
+ * Sets the trust status of the address.
+ * @param value The trust status of the address.
+ */
+ public void setStatus(TrustEnforcementStatus value)
+ {
+ this.m_trustStatus = value;
+ }
+
+ /**
+ * Indicates if the provided trust status is trusted by this address.
The minimum trust status is considered to be trusted if its Enum ordinal
value is greater
+ * than or equal to this address' trust status ordinal value.
+ * @param minTrustStatus The trust status to compare with the address'
trust status.
+ * @return True if the status trusted. False otherwise.
+ */
+ public boolean isTrusted(TrustEnforcementStatus minTrustStatus)
+ {
+ return (this.m_trustStatus.compareTo(minTrustStatus) >= 0);
+ }
+
+ /**
+ * Gets the source type of the address such as TO, CC, and BCC.
+ * @return The source type of the address
+ */
+ public AddressSource getSource()
+ {
+ return source;
+ }
+
+ /**
+ * Sets the source type of the address.
+ * @param source The source type of the address.
+ */
+ public void setSource(AddressSource source)
+ {
+ this.source = source;
+ }
+
+ /**
+ * Indicates if the address's domain matches the provided domain. The
domain check is case insensitive.
+ * @param domain The domain to match.
+ * @return True if the address's domain matches the provided domain.
False otherwise.
+ */
+ public boolean domainEquals(String domain)
+ {
+ return getHost().equalsIgnoreCase(domain);
+ }
+
+ /**
+ * Indicates if the the address's domain is in the list of domains. The
domain check is case insensitive.
+ * @param domains The domain to check.
+ * @return True if the address's domain is in the list of provided
domains. False otherwise.
+ */
+ public boolean isInDomain(Collection<String> domains)
+ {
+ for (String domain : domains)
+ if (domainEquals(domain))
+ return true;
+
+ return false;
+ }
+
+ /**
+ * Gets the domain host associated with the address.
+ * @param theAddress The address to get the host from.
+ * @return The host associated with the address.
+ */
+ public static String getHost(InternetAddress theAddress)
+ {
+ String retVal = "";
+
+ // remove any extra information such as < and >
+ String address = theAddress.getAddress();
+ int index;
+ if ((index = address.indexOf('<')) > -1)
+ address = address.substring(index + 1);
+
+ if ((index = address.indexOf('>')) > -1)
+ address = address.substring(0, index);
+
+ index = address.indexOf("@");
+ if (index >= 0)
+ retVal = address.substring(index + 1);
+
+ return retVal;
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDAddressCollection.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,260 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import javax.mail.internet.AddressException;
+import javax.mail.internet.InternetAddress;
+
+import org.nhindirect.stagent.trust.TrustEnforcementStatus;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * A collection of NHINDAddresses.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class NHINDAddressCollection extends ArrayList<NHINDAddress>
+{
+ static final long serialVersionUID = -2750152014905400257L;
+
+ public static final TrustEnforcementStatus DefaultMinTrustStatus =
TrustEnforcementStatus.Success_Offline;
+
+ /**
+ * Constructs an empty collection.
+ */
+ public NHINDAddressCollection()
+ {
+ }
+
+ /**
+ * Gets a collection of all certificates associated with all of the
addresses in the collection.
+ * @return A collection of all certificates associated with all of the
addresses in the collection.
+ */
+ public Collection<X509Certificate> getCertificates()
+ {
+ Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
+
+ for (NHINDAddress add : this)
+ if (add.hasCertificates())
+ certs.addAll(add.getCertificates());
+
+ return certs;
+ }
+
+ /**
+ * Gets the first available certificate the certificate collection.
This is generally used to choose a certificate for validating a message
signature.
+ * @return The first available certificate the certificate collection.
+ */
+ public X509Certificate getFirstCertificate()
+ {
+ for (NHINDAddress add : this)
+ if (add.hasCertificates())
+ return add.getCertificates().iterator().next();
+
+ return null;
+ }
+
+ /**
+ * Gets all addresses in the collection that are trusted.
+ * @return All addresses in the collection that are trusted.
+ */
+ public Collection<NHINDAddress> getTrusted()
+ {
+ return
this.getTrusted(NHINDAddressCollection.DefaultMinTrustStatus);
+ }
+
+ /**
+ * Gets all addresses in the collection that meet the minimum trust
status.
+ * @param minTrustStatus The minimum trust status.
+ * @return All addresses in the collection that are trusted.
+ */
+ public Collection<NHINDAddress> getTrusted(TrustEnforcementStatus
minTrustStatus)
+ {
+ Collection<NHINDAddress> adds = new ArrayList<NHINDAddress>();
+
+ for (NHINDAddress add : this)
+ if (add.isTrusted(minTrustStatus))
+ adds.add(add);
+
+ return adds;
+ }
+
+ /**
+ * Gets all addresses in the collection that are not trusted.
+ * @return All addresses in the collection that are not trusted.
+ */
+ public Collection<NHINDAddress> getUntrusted()
+ {
+ return
this.getUntrusted(NHINDAddressCollection.DefaultMinTrustStatus);
+ }
+
+ /**
+ * Gets all addresses in the collection that do not meet the minimum
trust status.
+ * @param minTrustStatus The minimum trust status.
+ * @return All addresses in the collection that are not trusted.
+ */
+ public Collection<NHINDAddress> getUntrusted(TrustEnforcementStatus
minTrustStatus)
+ {
+ Collection<NHINDAddress> adds = new ArrayList<NHINDAddress>();
+
+ for (NHINDAddress add : this)
+ if (!add.isTrusted(minTrustStatus))
+ adds.add(add);
+
+ return adds;
+ }
+
+ /**
+ * Indicates if the collection has any addresses that are trusted.
+ * @return True if the collection contains any addresses that are
trusted. False otherwise.
+ */
+ public boolean isTrusted()
+ {
+ return
this.isTrusted(NHINDAddressCollection.DefaultMinTrustStatus);
+ }
+
+ /**
+ * Indicates if the collection has any addresses that meet the minimum
trust status.
+ * @param minTrustStatus The minimum trust status.
+ * @return True if the collection contains any addresses that eet the
minimum trust status. False otherwise.
+ */
+ public boolean isTrusted(TrustEnforcementStatus minTrustStatus)
+ {
+ for (NHINDAddress add : this)
+ if (!add.isTrusted(minTrustStatus))
+ return false;
+
+ return true;
+ }
+
+ /**
+ * Removes all addresses from the collection that are note trusted.
+ */
+ public void removeUntrusted()
+ {
+ this.removeUntrusted(NHINDAddressCollection.DefaultMinTrustStatus);
+ }
+
+ /**
+ * Removes all addresses from the collection that do not meet the
minimum trust status.
+ */
+ public void removeUntrusted(TrustEnforcementStatus minTrustStatus)
+ {
+ // Remove anybody who is not trusted
+ for (int i = this.size() - 1; i >=0; --i)
+ if (!this.get(i).isTrusted(minTrustStatus))
+ this.remove(i);
+ }
+
+ /**
+ * Converts the collection an instance of a
Collection<InternetAddress> object.
+ * @return
+ */
+ public Collection<InternetAddress> toInternetAddressCollection()
+ {
+ Collection<InternetAddress> retVal = new ArrayList<InternetAddress>();
+
+ retVal.addAll(this);
+
+ return retVal;
+
+ }
+
+ /**
+ * Sets the address source type of all addresses in the collection.
+ * @param source The address source type to apply to all addresses in
the collection.
+ */
+ public void setSource(AddressSource source)
+ {
+ for (NHINDAddress addr : this)
+ addr.setSource(source);
+
+ }
+
+ @Override
+ /**
+ * Converts the collection to a list of addresses compatible with an
message routing header message (including the standard delimiter).
+ * @return The collection as an RFC compliant message routing header.
+ */
+ public String toString()
+ {
+ return InternetAddress.toString(this.toArray(new
InternetAddress[this.size()]));
+ }
+
+ /**
+ * Generates an instance of an NHINDAddressCollection from a
collection of NHINDAddress addresses.
+ * @param source A collection of NHINDAddress addresses to seed this
object with.
+ * @return n instance of an NHINDAddressCollection object containing
all of the source addresses.
+ */
+ public static NHINDAddressCollection create(Collection<NHINDAddress>
source)
+ {
+ NHINDAddressCollection addresses = new NHINDAddressCollection();
+ addresses.addAll(source);
+
+ return addresses;
+ }
+
+ /**
+ * Parses an message router header to a collection of address. The
addressline may or may not include the header name.
+ * @param addressesLine The raw message header. The header name does
not need to be included, but should use the proper header delimiter
+ * if it is included.
+ * @param source The address source type of the address line.
+ * @return A collection of addresses parsed from the address line.
+ */
+ public static NHINDAddressCollection parse(String addressesLine,
AddressSource source)
+ {
+
+ NHINDAddressCollection retVal = new NHINDAddressCollection();
+
+ if (addressesLine != null)
+ {
+
+ // strip the header separator if it exists
+ int index = addressesLine.indexOf(':');
+ String addressString = index > -1 ? addressesLine.substring(index +
1) : addressesLine;
+
+ // split out the address using the standard delimiter
+ //String[] addresses =
addressString.split(String.valueOf(MailStandard.MailAddressSeparator));
+ InternetAddress[] addresses = null;
+ try
+ {
+ addresses = InternetAddress.parseHeader(addressString, true);
+ }
+ catch (AddressException e)
+ {
+ throw new NHINDException("Invalid email address format.", e);
+ }
+
+ for (InternetAddress addr : addresses)
+ retVal.add(new NHINDAddress(addr.getAddress(), source));
+ }
+ return retVal;
+ }
+
+
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDAgent.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,116 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.util.Collection;
+
+import javax.mail.internet.MimeMessage;
+
+import com.google.inject.ImplementedBy;
+
+/**
+ * The NHINDAgent is the primary entity for applying cryptography and
trust logic on incoming and outgoing messages. The main messaging system
(such as an SMTP server,
+ * email client, or other message handling agent) instantiates an instance
of the agent with configurable certificates storage implementations and
trust anchor
+ * stores. The agent then applies S/MIME logic to the messages and
asserts that the messages are being routed to and from trusted addresses.
+ * <p>
+ * The agent can support multiple local domains within one instance.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+@ImplementedBy(DefaultNHINDAgent.class)
+public interface NHINDAgent
+{
+ /**
+ * Gets the list of domains that the agent is serving.
+ * @return The domains that the agent is serving.
+ */
+ public Collection<String> getDomains();
+
+ /**
+ * Processes an incoming message represented by a raw string. The
message will be decrypted and validated that it meets trust assertions.
+ * @param messageText The raw contents of the incoming message that will
be processed.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(String messageText);
+
+ /**
+ * Processes an incoming message represented by a raw string. The
message will be decrypted and validated that it meets trust assertions.
+ * @param messageText The raw contents of the incoming message that will
be processed.
+ * @param recipients The recipients of the message. This overrides the
routing headers in the message.
+ * @param sender The sender of the message. This overrides the to FROM
routing header in the message.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(String messageText,
NHINDAddressCollection recipients, NHINDAddress sender);
+
+ /**
+ * Processes a pre-enveloped message. The message will be decrypted and
validated that it meets trust assertions.
+ * @param envelope A message envelope containing the incoming message.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(MessageEnvelope envelope);
+
+ /**
+ * Processes an incoming mime message. The message will be decrypted and
validated that it meets trust assertions.
+ * @param msg The incoming mime message.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(MimeMessage msg);
+
+ /**
+ * Processes a pre-enveloped message. The message will be decrypted and
validated that it meets trust assertions.
+ * @param envelope A message envelope containing the incoming message.
+ * @return An incoming messaging object that contains the unwrapped and
decrypted message.
+ */
+ public IncomingMessage processIncoming(IncomingMessage message);
+
+ /**
+ * Processes an outgoing message represented by a raw string. The
message will be wrapped, encrypted, and signed.
+ * @param messageText The raw contents of the incoming message that will
be processed.
+ * @return An outoing messaging object that contains the wrapped message
that is and encrypted and signed.
+ */
+ public OutgoingMessage processOutgoing(String messageText);
+
+ /**
+ * Processes an outgoing message represented by a raw string. The
message will be wrapped, encrypted, and signed.
+ * @param messageText The raw contents of the incoming message that will
be processed.
+ * @param recipients The recipients of the message. This overrides the
routing headers in the message.
+ * @param sender The sender of the message. This overrides the to FROM
routing header in the message.
+ * @return An outoing messaging object that contains the wrapped message
that is and encrypted and signed.
+ */
+ public OutgoingMessage processOutgoing(String messageText,
NHINDAddressCollection recipients, NHINDAddress sender);
+
+ /**
+ * Processes an outgoing pre-enveloped message. The message will be
wrapped, encrypted, and signed.
+ * @param envelope A message envelope containing the outgoing message.
+ * @return An outoing messaging object that contains the wrapped message
that is and encrypted and signed.
+ */
+ public OutgoingMessage processOutgoing(MessageEnvelope envelope);
+
+ /**
+ * Processes an outgoing pre-enveloped message. The message will be
wrapped, encrypted, and signed.
+ * @param message A message envelope containing the incoming message.
+ * @return An outoing messaging object that contains the wrapped message
that is and encrypted and signed.
+ */
+ public OutgoingMessage processOutgoing(OutgoingMessage message);
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDAgentEventListener.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,80 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+/**
+ * Callback interface for custom processing of a message in the {@link
DefaultNHINDAgent}. Implementations of this interface can be used to
execute custom logic
+ * during the processing stages of a message.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ */
+public interface NHINDAgentEventListener
+{
+ /**
+ * Called when an unexpected error occurs in the agent.
+ * @param e The exception thrown by the agent.
+ */
+ public void error(Exception e);
+
+ /**
+ * Called after the message has been validated but before it is
decrypted.
+ * @param msg The incoming message.
+ * @throws NHINDException
+ */
+ public void preProcessIncoming(IncomingMessage msg) throws
NHINDException;
+
+ /**
+ * Called after the message is decrypted and the signature is
validated.
+ * @param msg The incoming message.
+ * @throws NHINDException
+ */
+ public void postProcessIncoming(IncomingMessage msg) throws
NHINDException;
+
+ /**
+ * Called in an exception occurs during the message processing stages.
+ * @param msg The incoming message.
+ * @param The exception thrown by the agent.
+ */
+ public void errorIncoming(IncomingMessage msg, Exception e);
+
+ /**
+ * Called after the message has been validated but before it is
encypted and signed.
+ * @param msg The outgoing message.
+ * @throws NHINDException
+ */
+ public void preProcessOutgoing(OutgoingMessage msg) throws
NHINDException;
+
+ /**
+ * Called after the message has been encypted and signed.
+ * @param msg The outgoing message.
+ * @throws NHINDException
+ */
+ public void postProcessOutgoing(OutgoingMessage msg) throws
NHINDException;
+
+ /**
+ * Called in an exception occurs during the message processing stages.
+ * @param msg The incoming message.
+ * @param The exception thrown by the agent.
+ */
+ public void errorOutgoing(OutgoingMessage msg, Exception e);
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDException.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,126 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+/**
+ * Generic exceptions thrown by the {@link DefaultNHINDAgent}
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class NHINDException extends RuntimeException
+{
+ static final long serialVersionUID = 6723803791479967054L;
+
+ Object m_error;
+
+ /**
+ * Constructs an empty exception.
+ */
+ public NHINDException()
+ {
+ m_error = AgentError.Unexpected;
+ }
+
+ /**
+ * Constructs an exception with a generic error.
+ * @param error The generic exception error.
+ */
+ public NHINDException(Object error)
+ {
+ m_error = error;
+ }
+
+ /**
+ * Constructs an exception with a message.
+ * @param message The exception message.
+ */
+ public NHINDException(String message)
+ {
+ super(message);
+ m_error = AgentError.Unexpected;
+ }
+
+ /**
+ * Constructs an exception with a message and a generic error.
+ * @param error The generic exception error.
+ * @param msg The exception message.
+ */
+ public NHINDException(Object error, String message)
+ {
+ super(message);
+ m_error = error;
+ }
+
+ /**
+ * Constructs an exception with a message and and the exception that
caused the error.
+ * @param message The exception message.
+ * @param innerException The exception that caused the error.
+ */
+ public NHINDException(String message, Exception innerException)
+ {
+ super(message, innerException);
+ m_error = AgentError.Unexpected;
+ }
+
+ /**
+ * Constructs an exception with a generic error and the exception that
caused the error.
+ * @param error The generic exception error.
+ * @param innerException The exception that caused the error.
+ */
+ public NHINDException(Object error, Exception innerException)
+ {
+ super(innerException);
+ m_error = error;
+ }
+
+ /**
+ * Constructs an exception with a generic error, a message, and the
exception that caused the error.
+ * @param error The generic exception error.
+ * @param message The exception message.
+ * @param innerException The exception that caused the error.
+ */
+ public NHINDException(Object error, String message, Exception
innerException)
+ {
+ super(message, innerException);
+ m_error = error;
+ }
+
+ /**
+ * Gets the generic exception error.
+ * @return The generic exception error.
+ */
+ public Object getError()
+ {
+ return m_error;
+ }
+
+ @Override
+ /**
+ * {@inheritDoc}
+ */
+ public String toString()
+ {
+ return "ERROR=" + m_error + "\r\n";
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/NHINDStandard.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,49 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import org.nhindirect.stagent.mail.MailStandard;
+import org.nhindirect.stagent.mail.MimeStandard;
+
+/**
+ * Standard headers for message wrapping
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class NHINDStandard
+{
+ public final static String[] MailHeadersUsed = new String[]
+ {
+ MimeStandard.VersionHeader,
+ MailStandard.Headers.From,
+ MailStandard.Headers.To,
+ MailStandard.Headers.CC,
+ MailStandard.Headers.BCC,
+ MailStandard.Headers.OrigDate,
+ MailStandard.Headers.Date,
+ MailStandard.Headers.MessageID,
+ MailStandard.Headers.InReplyTo,
+ MailStandard.Headers.References
+ };
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/OutgoingMessage.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,86 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import org.nhindirect.stagent.mail.Message;
+
+/**
+ * Outgoing messages are specific types of NHINDMessage that need to been
signed and encrypted.
+ * <p>
+ * The domain(s) bound to the provided agent is used
+ * to remove recipients that are not in the agent's domain(s).
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class OutgoingMessage extends DefaultMessageEnvelope
+{
+ /**
+ * Create an outgoing message from a mime message.
+ * @param message The message to be enveloped.
+ */
+ public OutgoingMessage(Message message)
+ {
+ super(message);
+ }
+
+ /**
+ * Create an outgoing message from a mime message overriding the
routing headers.
+ * @param message The message to be enveloped.
+ * @param recipients The message recipients.
+ * @param sender The message sender.
+ */
+ public OutgoingMessage(Message message, NHINDAddressCollection
recipients, NHINDAddress sender)
+ {
+ super(message, recipients, sender);
+ }
+
+ /**
+ * Create an outgoing message from a raw string.
+ * @param message The raw string representation of the message to be
enveloped.
+ */
+ public OutgoingMessage(String message)
+ {
+ super(message);
+ }
+
+ /**
+ * Create an outgoing message from a raw string. overriding the
routing headers.
+ * @param message The raw string representation of the message to be
enveloped.
+ * @param recipients The message recipients.
+ * @param sender The message sender.
+ */
+ public OutgoingMessage(String message, NHINDAddressCollection
recipients, NHINDAddress sender)
+ {
+ super(message, recipients, sender);
+ }
+
+ /**
+ * Create an outgoing message from a pre-eveloped message.
+ * @param message The raw string representation of the message to be
enveloped.
+ */
+ public OutgoingMessage(MessageEnvelope envelope)
+ {
+ super(envelope);
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/SignatureValidationException.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,64 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent;
+
+import java.security.cert.CertificateException;
+
+/**
+ * Exception thrown when a message's signature can not be validated.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ *
+ */
+public class SignatureValidationException extends CertificateException
+{
+ static final long serialVersionUID = 3791037981173852503L;
+
+ /**
+ * Constructs an exception with a message.
+ * @param msg The exception message.
+ */
+ public SignatureValidationException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Constructs an exception with an exception that caused the error.
+ * @param innerException The exception that caused the error.
+ */
+ public SignatureValidationException(Exception innerException)
+ {
+ super(innerException);
+ }
+
+ /**
+ * Constructs an exception with a message and the exception that caused
the error.
+ * @param msg The exception message.
+ * @param innerException The exception that caused the error.
+ */
+ public SignatureValidationException(String msg, Exception innerException)
+ {
+ super(msg, innerException);
+ }
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/AgentDomains.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,35 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import com.google.inject.BindingAnnotation;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target( {ElementType.FIELD, ElementType.PARAMETER})
+@BindingAnnotation
+public @interface AgentDomains {}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/AgentPolicyFilter.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,13 @@
+package org.nhindirect.stagent.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import com.google.inject.BindingAnnotation;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target( {ElementType.FIELD, ElementType.PARAMETER})
+@BindingAnnotation
+public @interface AgentPolicyFilter {}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/PrivateCerts.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,35 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import com.google.inject.BindingAnnotation;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target( {ElementType.FIELD, ElementType.PARAMETER})
+@BindingAnnotation
+public @interface PrivateCerts {}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/PrivatePolicyResolver.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,13 @@
+package org.nhindirect.stagent.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import com.google.inject.BindingAnnotation;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target( {ElementType.FIELD, ElementType.PARAMETER})
+@BindingAnnotation
+public @interface PrivatePolicyResolver {}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/PublicCerts.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,35 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import com.google.inject.BindingAnnotation;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target( {ElementType.FIELD, ElementType.PARAMETER})
+@BindingAnnotation
+public @interface PublicCerts {}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/annotation/PublicPolicyResolver.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,13 @@
+package org.nhindirect.stagent.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import com.google.inject.BindingAnnotation;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target( {ElementType.FIELD, ElementType.PARAMETER})
+@BindingAnnotation
+public @interface PublicPolicyResolver {}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CacheableCertStore.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,62 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent.cert;
+
+/**
+ * A certificate store that implement a coherent cache for improved
certificate lookup performance. Cache tuning is set through the
+ * {@link CertStoreCachePolicy}. A cache can be optionally backed by
another certificate store for bootstrapping and in some cases offline
+ * lookups.
+ * @author Greg Meyer
+ *
+ */
+public interface CacheableCertStore
+{
+ /**
+ * Purges all contents of the cache. Optionally purges the bootstrap
store.
+ * @param purgeBootStrap Indicates if the bootstrap store should be
purged.
+ */
+ public void flush(boolean purgeBootStrap);
+
+ /**
+ * Sets the certificate store that the cache will bootstrap from when
initialized.
+ * @param bootstrapStore the certificate store that the cache will
bootstrap from when initialized.
+ */
+ public void setBootStrap(CertificateStore bootstrapStore);
+
+ /**
+ * Initializes the cache from the previsouly set bootstrap store.
+ */
+ public void loadBootStrap();
+
+ /**
+ * Initializes the cache from the bootstrap store.
+ * @param bootstrapStore The store to initialize the cache from.
+ */
+ public void loadBootStrap(CertificateStore bootstrapStore);
+
+ /**
+ * Sets the cache policy of the store.
+ * @param policy The caching policy parameters.
+ */
+ public void setCachePolicy(CertStoreCachePolicy policy);
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CertCacheFactory.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,138 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent.cert;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jcs.JCS;
+import org.apache.jcs.access.exception.CacheException;
+import org.apache.jcs.engine.behavior.ICompositeCacheAttributes;
+import org.apache.jcs.engine.behavior.IElementAttributes;
+
+/**
+ * Factory class for creating instances of JCS based certificate caches.
Caches are keyed by name (case sensitive).
+ * <br>
+ * The factory implements a singleton pattern for both the factory itself
and named caches.
+ * @author Greg Meyer
+ * @since 1.3
+ */
+public class CertCacheFactory
+{
+ private static final Log LOGGER =
LogFactory.getFactory().getInstance(CertCacheFactory.class);
+
+ protected static CertCacheFactory INSTANCE;
+
+ protected final Map<String, JCS> certCacheMap;
+
+ /**
+ * Gets the instance of the cache factory.
+ * @return The cache factory.
+ */
+ public static synchronized CertCacheFactory getInstance()
+ {
+ if (INSTANCE == null)
+ INSTANCE = new CertCacheFactory();
+
+ return INSTANCE;
+ }
+
+ /*
+ * private contructor
+ */
+ private CertCacheFactory()
+ {
+ certCacheMap = new HashMap<String, JCS>();
+ }
+
+ /**
+ * Retrieves a cert cache by name. Caches are created using a singleton
pattern meaning one and only once instance of a cache for a given name
+ * is ever created.
+ * @param cacheName The name of the cache to retrieve.
+ * @param cachePolicy Policy to apply to the cache
+ * @return The certificate cache for the given cache name.
+ * @throws CacheException Thrown if the cache cannot be created.
+ */
+ public synchronized JCS getCertCache(String cacheName,
CertStoreCachePolicy cachePolicy) throws CacheException
+ {
+ JCS retVal = certCacheMap.get(cacheName);
+
+ if (retVal == null)
+ {
+ try
+ {
+ // create instance
+ retVal = JCS.getInstance(cacheName);
+ if (cachePolicy != null)
+ applyCachePolicy(retVal, cachePolicy);
+
+ certCacheMap.put(cacheName, retVal);
+ }
+ catch (CacheException e)
+ {
+ LOGGER.warn("Failed to create JCS cache " + cacheName, e);
+ throw e;
+ }
+ }
+
+ return retVal;
+ }
+
+ public synchronized void flushAll()
+ {
+ for (Entry<String, JCS> entry : certCacheMap.entrySet())
+ {
+ try
+ {
+ LOGGER.info("Flushing cache " + entry.getKey());
+ entry.getValue().clear();
+ }
+ catch (CacheException e) {/* no-op */}
+ }
+ }
+
+ /*
+ * Apply a policy to the cache
+ */
+ private void applyCachePolicy(JCS cache, CertStoreCachePolicy policy)
throws CacheException
+ {
+
+ ICompositeCacheAttributes attributes = cache.getCacheAttributes();
+ attributes.setMaxObjects(policy.getMaxItems());
+ attributes.setUseLateral(false);
+ attributes.setUseRemote(false);
+ cache.setCacheAttributes(attributes);
+
+ IElementAttributes eattributes = cache.getDefaultElementAttributes();
+ eattributes.setMaxLifeSeconds(policy.getSubjectTTL());
+ eattributes.setIsEternal(false);
+ eattributes.setIsLateral(false);
+ eattributes.setIsRemote(false);
+
+ cache.setDefaultElementAttributes(eattributes);
+
+ }
+
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CertStoreCachePolicy.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,50 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent.cert;
+
+import com.google.inject.ImplementedBy;
+
+/**
+ * Cache policy setting for a cacheable cert store.
+ * @author Greg Meyer
+ *
+ */
+@ImplementedBy(DefaultCertStoreCachePolicy.class)
+public interface CertStoreCachePolicy
+{
+ /**
+ * The maximum amount of time a subject's certificates can remain in the
cache before getting purged. To maintain
+ * coherency, this setting is independent of the number of times a cache
hit occurs per subject.
+ * @return The maxiumum amount of time in seconds that a subject's
certificates will remain in the cache before being purged.
+ */
+ public int getSubjectTTL();
+
+ /**
+ * The maximum number of items that can be held in the cache. Items will
be trimmed according to cache policy. By default
+ * the policy will purged based on least recently used.
+ * @param The maximum number of items that can be held in the cache.
+ */
+ public int getMaxItems();
+
+
+}
=======================================
--- /dev/null
+++
/java/tags/agent-2.0.13/src/main/java/org/nhindirect/stagent/cert/CertificateResolver.java
Wed Jan 28 19:15:01 2015 UTC
@@ -0,0 +1,50 @@
+/*
+Copyright (c) 2010, NHIN Direct Project
+All rights reserved.
+
+Authors:
+ Umesh Madan ume...@microsoft.com
+ Greg Meyer gm2...@cerner.com
+
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
distribution. Neither the name of the The NHIN Direct Project
(nhindirect.org).
+nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written
permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package org.nhindirect.stagent.cert;
+
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+
+import javax.mail.internet.InternetAddress;
+
+import org.nhindirect.stagent.cert.impl.KeyStoreCertificateStore;
+
+import com.google.inject.ImplementedBy;
+
+/**
+ * Certificate resolver implementations are responsible for retrieving
public X509Certificates from a
+ * certificate repository. Repositories may include a simple keystore
file, a machine cert store,
+ * a URI, or a DNS cert implementation.
+ * @author Greg Meyer
+ * @author Umesh Madan
+ */
+@ImplementedBy(KeyStoreCertificateStore.class)
+public interface CertificateResolver
+{
+ /**
+ * Retrieves a collection of certificates for a given InternetAddress.
+ * @param address The InternetAddress used to lookup the certificate.
+ * @return An X509Certificate collection containing the address in its E
or CN field.
+ */
+ public Collection<X509Certificate> getCertificates(InternetAddress
address);
+}
=======================================
***Additional files exist in this changeset.***

Reply all

Reply to author

Forward

0 new messages