microtan / nhin-d Goto Github PK

Please write in the wiki a quick HOWTO guide for the admin tools (cmd line and 
UI), and I'll clean it up and write a manual from it.

create for use when web ui not desired or installed

currently cert management is under "details" for addresses but under its own 
link "certificates" for domains ... these should match up. 

Maybe we could actually use almost the same page for both?

A MessageEnvelope shouldn't know what domain it is being processed at, and 
indeed the MessageEnvelope class doesn't have a Domain property.

The DomainRecipients/OtherRecipients property doesn't want to be in this class, 
IMHO.

It doesn't enforce a trust model -- I would expect enforce to be something like 
an assert, and throw an exception.

Instead, it works by side effect, marking recipient trust, so I would expect it 
to be named something like:

MarkRecipientTrust

If you agree, assign back to me, and I'll fix.

Spec compliant is to never send an MDN in response to an MDN.

Unit Testing for the XD Service. 

With the new ACK model, we don't need postmasters, which significantly 
simplifies the config ... pull it out from all the various places we have it 
now.

Need additional unit testing on the XD project. Current test is more at an 
integration level.

Individual classes and utility methods need tested to ensure proper functioning 
with normal and boundary/outlier inputs.

Need to develop support for stepping-up from SMTP / XDM to XDR.

A code base exists from the IHE implementation from which to begin:
http://code.google.com/p/nhin-d-ihe/

POC: Vince Lewis

General cleanup of the Java baseline to remove compiler and IDE warnings.

Most errors are due to missing collection types (generics) and unused variables.

I had three unit tests fail due to non-admin privs, but xunit reports 8 errors. 
What's up?

Generating message bounces presents some issues, including getting into 
infinite loops. 

The proposal is to instead do ACKs, using a cleaned up variation of MDN - RFC 
2298. 

Arien has thought through the details of MDN for the REST impl during the 
bakeoff. We should leverage that work and update the Agent Spec.

Need an MSI to install the solution

Why would I want one cert across all adressees?

Need to create documentation for James and the Agent/Gateway components, which 
includes (but not limited to) deployment and configuration details.

POC: Greg

There are three tests now that fail due to access denied if you run them other 
than as admin.

Is there any way to:

1) Test for admin privs before running the test?
OR
2) Catch the access denied exception and issue a warning rather than a failure?

      DnsResolverTests.BasicResolverTests.TestCert("nhind.hsgincubator.com")
C:\source\nhin-d\csharp\build.xml(50,3): error : 
DnsResolverTests.BasicResolverTests.Test
"): CERT:redmond.hsgincubator.com
C:\source\nhin-d\csharp\build.xml(50,3): error :    at 
DnsResolverTests.BasicResolverTest
in c:\source\nhin-d\csharp\unittests\dns\BasicResolverTests.cs:line 88
C:\source\nhin-d\csharp\build.xml(50,3): error :    at 
DnsResolverTests.BasicResolverTest
:\source\nhin-d\csharp\unittests\dns\BasicResolverTests.cs:line 62

I would expect the first ctor to read:

this(keyTag, 
Convert.FromBase64String(this.NormalizeInputCertString(certificate)))

Need to cache DNS entries in the resolver. Be sure to respect TTL.

The XD implementation currently uses a hardcoded email/pass and Google SMTP 
server.

This is okay for test, but actual implementation will need to use the proper 
SMTP instance.

Need a plan and code for identifying revoked certs

The current implementation of the Java XD project writes the XDM attachment as 
"xdm.zip". This will cause exceptions if two threads are attempting to 
read/write the file simultaneously. It also has the possibility of attaching 
the incorrect file on outgoing messages.

Suggest using the unique message ID as part of the file name to prevent this 
from happening. This will also assist in the task of keeping an outgoing 
message queue, in the event that the SMTP server is currently unavailable.

Want to have client libraries that can abstract away the difference between 
MIME / XDM / XDR messages.

Need pluggable logging and auditing methods. I have typically combined these 
using severity levels to differentiate between verbose, debug, info, audit, 
warning, error --- but am open to other ways of doing this.

John suggested using log4net for at least the logging part of this ... ok with 
that assuming all the source can be incorporated into our source tree. Would 
like to avoid dependent installs that have to be managed in setup or manually 
by developers or administrators. 

Our code is BSD licensed --- as we look to reuse other open source components, 
we need to be very clear about what if any other licenses are acceptable for 
inclusion in the reference implementation.

Sean to understand what Microsoft requirements are, as a first proxy for "big 
company requirements".

The Java XD implementation currently has no use of security.

Deterime and implement what, if any, security is needed for this 
implementation. 

Need to create web site for administration.

Install an official (non-trial) Clover license for the Java side.

Ensure that clover reports are generated for components as part of the API 
publishing.

All tables (certs, anchors, settings, administrators) should be able to be 
keyed with a full address or a domain (or a special top-level string for system 
settings). 

Need to finalize details of the XDD service; working plan assumes a file drop 
mechanism to interact with the gateway. 

just need to do it.

I would expect something named Copy to clone the input, but the code just adds 
a reference.

Why not just call it AddUpdate? The filter argument makes it clear what the 
semantics are....

If you agree, assign back to me and I'll update...

Put together a webapp to be used for configuration.

Some of the operations are below:

# HISP administration
 * management of crypto keys for the HISP and health domains
 * choice of root certificates/trust circles
 * adding/deleting endpoint organizations.

# health domain administrators
 * uploading keys for a health domain and for specific endpoints
 * add/remove endpoint addresses (or allow for globs, e.g. "xray-*" for pattern matching)
 * allow additional root certificates/trust circles/self-signed certs.

Shouldn't we be using IEnumerable<T> by preference?

e.g., X509Certificate2Collection (although there's a good excuse for that, in 
that the system libraries use collections), NHINDAddressCollection, 
DnsResourceRecordCollection, MessageSignatureCollection...

There's so much goodness built into the IEnumerable<T> collections, including 
LINQ and all the fun extension methods....

I think an empty collection should be untrusted. Will fix, feel free to 
rollback if you disagree, or close if you agree.

VS Express doesn't appear to like our Solution files containing Solution 
Folders. MSBuild does not mind. 

Please investigate to see if VS Express as min-bar dev tool can continue to be 
supported. 

Need to create a DNS responder that will return MX and CERT records based on 
entires in the configuration database.

Taking this approach rather than writing zone files because of logistics of 
having to maintain zillions of individual zone files with identical content 
thanks to weird wildcard support in DNS.

The name indicates that it should.

Need to include the output from a code-coverage tool to the API website 
(http://api.nhindirect.org/). 

Suggestion is the use of Clover. There is currently an inquiry for an 
open-source license.

This may actually be fixed already but need to ensure we can build the projects 
for both 64 and 32 bit ... we were having issues at the codathon this afternoon.

Implement an LDAP certificate store/resolver for the Java implementation.

Initial scope will be private certificate and trust anchors, public 
certificates will be added in a future task.

See the following link for discussion:
http://nhindirect.org/message/view/Agent+Development+Team/26306637

Need to do it.

Identify what mechanism will be used to distinguish an XD relay (send to 
another endpoint) vs. xdm.zip packaging for SMTP transfer.

Develop a strategy for automated installation/deployment of external jar 
dependencies. This will be needed to accomplish a 'HISP in a box' model.

Currently the Agent requires the following files to be manually overwritten in 
JAVA_HOME\jre\lib\security
 - local_policy.jar
 - US_export_policy.jar

Currently the XD implementation requires the following files to be manually 
placed into JAVA_HOME\jre\lib\ext
 - mailapi.jar
 - smtp.jar

Currently when we validate the chain, all certificates up to the anchor must be 
in the local store. If an intermediate cert is not available, it should be 
fetched using DNS just like leaves. 

Of course, this cannot happen for anchors --- which must be managed manually.

The method widens the segment to the widest span that incorporates both 
segments.

I would expect something called Union to bomb if the segments don't overlap.

I don't know what to call this method: WidenSpanTo(otherSegment)? 
Include(otherSegment)?

Or perhaps the intent is Union and the currently implementation has a bug?

I'll check in a a test case that documents the current behavior.

Old school, should use foreach in accordance with C# style.

I'm happy to fix if you agree and assign back to me.

What steps will reproduce the problem?
1. var crt = new DNSCert(x509cert);
2. var keyTag = crt.KeyTag;

What is the expected output? What do you see instead?

Based on code review, this will bomb due to access of an uninitialized variable.

RFC states:

"The key tag field is the 16 bit value computed for the key embedded
   in the certificate as specified in the DNSSEC Standard [RFC 2535].
   This field is used as an efficiency measure to pick which CERT RRs
   may be applicable to a particular key.  The key tag can be calculated
   for the key in question and then only CERT RRs with the same key tag
   need be examined. However, the key must always be transformed to the
   format it would have as the public key portion of a KEY RR before the
   key tag is computed.  This is only possible if the key is applicable
   to an algorithm (and limits such as key size limits) defined for DNS
   security.  If it is not, the algorithm field MUST BE zero and the tag
   field is meaningless and SHOULD BE zero."

I think this implies that key tag should be computed in all cases, in which 
case the other two ctors are incorrect, and should call the X509Certificate2 
specific ctor, which should calculate the key tag.

RFC 2535 provides details about how to construct.

We should adopt a standard for the namespaces across all of the projects. Right 
now each new dev is likely going to start out their own conventions.