protected Map<String, Collection<InternetAddress>> groupByDomain(Collection<InternetAddress> recipients) { final HashMultimap<String, InternetAddress> groupByServerMultimap = HashMultimap.create(); for (InternetAddress recipient : recipients) { final NHINDAddress addr = new NHINDAddress(recipient); groupByServerMultimap.put(addr.getHost(), recipient); } return groupByServerMultimap.asMap(); } }
/** * {@inheritDoc}} */ public void enforce(OutgoingMessage message) { if (message == null) { throw new IllegalArgumentException(); } NHINDAddress sender = message.getSender(); NHINDAddressCollection recipients = message.getRecipients(); for (NHINDAddress recipient : recipients) { recipient.setStatus(TrustEnforcementStatus.Failed); Collection<X509Certificate> certs = recipient.getCertificates(); if (certs == null || certs.size() == 0) LOGGER.warn("enforce(OutgoingMessage message) - recipient " + recipient.getAddress() + " has no bound certificates"); recipient.setCertificates(findTrustedCerts(certs, sender.getTrustAnchors())); if (recipient.hasCertificates()) recipient.setStatus(TrustEnforcementStatus.Success); else LOGGER.warn("enforce(OutgoingMessage message) - could not trust any certificates for recipient " + recipient.getAddress()); } }
/** * Indicates if the the address's domain is in the list of domains. The domain check is case insensitive. * @param domains The domain to check. * @return True if the address's domain is in the list of provided domains. False otherwise. */ public boolean isInDomain(Collection<String> domains) { for (String domain : domains) if (domainEquals(domain)) return true; return false; }
/** * Gets the first available certificate the certificate collection. This is generally used to choose a certificate for validating a message signature. * @return The first available certificate the certificate collection. */ public X509Certificate getFirstCertificate() { for (NHINDAddress add : this) if (add.hasCertificates()) return add.getCertificates().iterator().next(); return null; }
/** * Gets the domain host associated with the address. * @return The host associated with the address. */ public String getHost() { String retVal = ""; // remove any extra information such as < and > String address = this.getAddress(); int index; if ((index = address.indexOf('<')) > -1) address = address.substring(index + 1); if ((index = address.indexOf('>')) > -1) address = address.substring(0, index); index = address.indexOf("@"); if (index >= 0) retVal = address.substring(index + 1); return retVal; }
recipAddresses.add(addr.getAddress()); xdRecipients.add(new NHINDAddress(s)); String response = documentRepository.forwardRequest(endpointUrl, request, directTo, sender.toString());
LOGGER.warn("bindAddresses(OutgoingMessage message) - Could not resolve a private certificate for sender " + message.getSender().getAddress()); message.getSender().setCertificates(privateCerts); LOGGER.warn("bindAddresses(OutgoingMessage message) - Could not obtain outgoing trust anchors for sender " + message.getSender().getAddress()); message.getSender().setTrustAnchors(anchors); LOGGER.warn("bindAddresses(OutgoingMessage message) - Could not resolve a public certificate for recipient " + recipient.getAddress()); recipient.setCertificates(publicCerts);
for (NHINDAddress recipient : recipients) recipient.setStatus(TrustEnforcementStatus.Failed); if (recipient.getCertificates() != null) DefaultMessageSignatureImpl trustedSignature = findTrustedSignature(message, recipient, recipient.getTrustAnchors()); recipient.setStatus(trustedSignature.isThumbprintVerified() ? TrustEnforcementStatus.Success : TrustEnforcementStatus.Success_ThumbprintMismatch); LOGGER.warn("enforce(IncomingMessage message) - could not find a trusted certificate for recipient " + recipient.getAddress()); LOGGER.warn("enforce(IncomingMessage message) - recipient " + recipient.getAddress() + " does not have a bound certificate");
/** * Gets the sender of the message. * @param mail The mail object to get the mail information from. * @return The sender of the message. * @throws MessagingException */ public static NHINDAddress getMailSender(SMTPMailMessage mail) throws MessagingException { // get the sender final InternetAddress senderAddr = getSender(mail); if (senderAddr == null) throw new MessagingException("Failed to process message. The sender cannot be null or empty."); // not the best way to do this return new NHINDAddress(senderAddr, AddressSource.From); }
protected void findSenderSignatures(IncomingMessage message) { message.setSenderSignatures(null); NHINDAddress sender = message.getSender(); Collection<DefaultMessageSignatureImpl> senderSignatures = new ArrayList<DefaultMessageSignatureImpl>(); // check for signatures at an individual level Collection<SignerCertPair> individualSenders = CryptoExtensions.findSignersByName(message.getSignature(), sender.getAddress(), null); // check for signatures at an org level Collection<SignerCertPair> orgSenders = CryptoExtensions.findSignersByName(message.getSignature(), sender.getHost(), Arrays.asList(new String[] {sender.getAddress()})); for (SignerCertPair pair : individualSenders) senderSignatures.add(new DefaultMessageSignatureImpl(pair.getSigner(), false, pair.getCertificate())); for (SignerCertPair pair : orgSenders) senderSignatures.add(new DefaultMessageSignatureImpl(pair.getSigner(), true, pair.getCertificate())); message.setSenderSignatures(senderSignatures); }
/** * Indicates if the address's domain matches the provided domain. The domain check is case insensitive. * @param domain The domain to match. * @return True if the address's domain matches the provided domain. False otherwise. */ public boolean domainEquals(String domain) { return getHost().equalsIgnoreCase(domain); }
/** * Splits recipients into domain recipients and external recipients. The agent's domains are used to determine a recipients category. * @param domain A collection of local domains supported by the agent. */ protected void categorizeRecipients(Collection<String> domains) { if (domains == null || domains.size() == 0) { throw new IllegalArgumentException(); } NHINDAddressCollection recipients = this.getRecipients(); this.domainRecipients = new NHINDAddressCollection(); this.otherRecipients = new ArrayList<NHINDAddress>(); for (NHINDAddress address : recipients) { if (address.isInDomain(domains)) { this.domainRecipients.add(address); } else { this.otherRecipients.add(address); } } }
SignedEntity signedEntity = cryptographer.sign(message.getMessage(), message.getSender().getCertificates());
if (!sender.hasCertificates()) return signature; // Can't really check thumbprints etc. So, this is about as good as its going to get
/** * * Determine if the recipient has been rejected * * @param rctpAdd * @param rejectedRecips * @return */ public static boolean isRcptRejected(InternetAddress rctpAdd, NHINDAddressCollection rejectedRecips) { for (NHINDAddress rejectedRecip : rejectedRecips) if (rejectedRecip.getAddress().equals(rctpAdd.toString())) return true; return false; }
message.getSender().setCertificates(new ArrayList<X509Certificate>()); LOGGER.warn("bindAddresses(IncomingMessage message) - Could not resolve a private certificate for recipient " + recipient.getAddress()); recipient.setCertificates(privateCerts); LOGGER.warn("Exception getting incoming anchors for recipient " + recipient.getAddress()); LOGGER.warn("bindAddresses(IncomingMessage message) - Could not obtain incoming trust anchors for recipient " + recipient.getAddress()); recipient.setTrustAnchors(anchors);
toAddrs.add(new NHINDAddress((InternetAddress)addr)); map(toAddr -> new NHINDAddress(toAddr.toInternetAddress())).collect(Collectors.toList());
/** * Gets the certificates (anchors) for the address's domain. * @param address The address used to search for trust anchors. This method uses the address's domain to search * for trust anchors. Domain search is case insensitive. * @return A collection of certificates (anchors) for the address's domain. */ public Collection<X509Certificate> getCertificates(InternetAddress address) { if (address == null) { throw new IllegalArgumentException(); } // get the certificates for this address's domain String domain = NHINDAddress.getHost(address); // convert to upper case for lookup domain = domain.toUpperCase(Locale.getDefault()); Collection<X509Certificate> retCerts = certs.get(domain); if (retCerts == null) retCerts = Collections.emptyList(); // return an empty list of no certs are found return retCerts; } }
/** * Gets a collection of all certificates associated with all of the addresses in the collection. * @return A collection of all certificates associated with all of the addresses in the collection. */ public Collection<X509Certificate> getCertificates() { Collection<X509Certificate> certs = new ArrayList<X509Certificate>(); for (NHINDAddress add : this) if (add.hasCertificates()) certs.addAll(add.getCertificates()); return certs; }