10/11/2012

Installation of Direct Project


1.  Download version 1.3.1 - direct-project-stock-1.3.1.tar.gz.

2.  Unzip direct-project-stock-1.3.1.tar.gz to C:\ or D:\, for exmapke


D:\DIRECT
+---apache-tomcat-7.0.23
+---DirectDNSServices
+---james-2.3.2
+---tools

3.  Modify D:\DIRECT\apache-tomcat-7.0.23\bin\catalina.bat to add
set CATALINA_OPTS=%CATALINA_OPTS% -XX:PermSize=256M -XX:MaxPermSize=256M
set JAVA_OPTS=%JAVA_OPTS% -Dorg.apache.cxf.io.CachedOutputStream.Threshold=1000000

4.  Modify D:\direct\james-2.3.2\apps\james\SAR-INF\config.xml to have correct hostname of James
.
<postmaster>postmaster@california.directproject.org</postmaster>
.
.
.
<servernames autodetect="true" autodetectIP="true">
      <servername>california.directproject.org</servername>
</servernames>
.
.
.<mailet match="RecipAndSenderIsNotLocal=california.directproject.org"  
             class="NHINDSecurityAndTrustMailet">
            <ConfigURL>http://localhost:8081/config-service/ConfigurationService</ConfigURL>
 </mailet>

This means that internal email exchange in same network do not use encryption.

5.  Generate Certificates:

Execute  D:\DIRECT\tools\java -classpath .;./lib/* org.nhindirect.stagent.cert.tools.certgen.DirectProjectCertGenerator



Fill the form like below:
You can choose email and password, or you can leave them empty.
Click on Create.
Click OK.
Now click on Create Leaf Cert.
Now you can choose which kind of certificates you wanna generate.
   1. Organization Level Certificate.
   In this case, in the email field, input the domain name.
    2. Personal Level Certificate.
   In this case, in the email field, input the personal email address.

Now, we use Organization Level Certificate as example. Click on Create.


6.  start Tomcat
  1. cd D:\direct\apache-tomcat-7.0.23\bin
  2. startup.bat

7.  Config Service

Log into http://localhost:8081/config-ui with username:admin and password:adm1nD1r3ct


Click Create New Domain on
Domain Name: california.directproject.org
Postmaster: postmaster@california.directproject.org
Choose ENABLED as the status.
click Add


Click the Anchors tab.
select Certificate, for example, D:\direct\tools\california.directproject.org Root CA.der
Check Incoming and Outgoing.
Choose ENABLED as the status.
Click on Add Anchor
If you have other trusted direct network's CA, add their CA in trusted anchor. For example, I have added a trusted direct network: florida.directproject.org.
Click on Certificates.
Select p12 certificate, for example, D:\direct\tools\california.directproject.org.p12
Choose ENABLED as the status.
Click on Add Certificate
Click on DNS Entries.

The configuration here depends on the network configuration of your company. 
The "must" field to make direct project work is the "A" Record, "SOA" Record and "MX" Record.
Those are to config your DNS, and mail server.
In this example, I use two local computer "172.16.61.56" and "10.100.10.152" as the DNS server and mail server, and to simulate two direct network "california.directproject.org" and "florida.directproject.org". 
In this way, the configuration is as below:




Click on Agent Setting
Add setting key:PrivateStoreType with value:WS
Add setting key:AnchorStoreType with value:WS
Add setting key:PublicStoreType with value:DNS,WS
Add setting key:RawMessageSaveFolder with value:RawMsgFolder
Add setting key:IncomingMessageSaveFolder with value:IncomingMsgFolder
Add setting key:OutgoingMessageSaveFolder with value:OutgoingMsgFolder
Add setting key:DNSServerBindings with value:0.0.0.0
Add setting key:DNSServerPort with value:53       



8.  Install the Direct DNS Service

Windows Installation

The DNS server runs as Windows service on Windows deployments. To install as a service:
  1. Launch a command shell and navigate to the DirectDNSServer/bin directory.
  2. Run the command DirectDNSServer install
This will install as the server as a windows service that starts automatically on system boot up. You should be able to see the service in the Windows service control panel (services.msc).
To start the server, use one of the following methods:
  • Right click on the service in the service control panel and click start.
  • In a command shell, run the command DirectDNSServer start.
To stop the server, use one of the following methods:
  • Right click on the service in the service control panel and click stop.
  • In a command shell, run the command DirectDNSServer stop.
To uninstall the server:
  1. Stop the service using of the method described above.
  2. Launch a command shell and navigate to the DirectDNSServer/bin directory.
  3. Run the command DirectDNSServer remove
NOTE: The service runs as process named wrapper-windows-x86-32.exe. If for some reason the service hangs or will not stop, you can terminate it manually by killing this process.

Running Interactively

For debugging or troubleshooting purposes, you may need to run the service interactively. Running interactively is the same across all platforms.
  1. Open a terminal shell and navigate to the DirectDNSServer/bin directory.
  2. Run the command DirectDNSServer console.
The service will output all logging to the current console and the log file. To terminate the interactive service, simply press CTRL+C (Control C).

Service Deployment Configuration

The service deployment is configured using a file named wrapper.conf found in the ./conf directory of the service's directory structure. The service script files read this configuration file to set runtime attributes such as classpath, logging locations and thresholds, JVM arguments, and application arguments. The service itself is just a plain Java application, but is wrapped by a series of deployment classes that are intialized and launched by the service script.
The configuration file in most cases does not need a lot of modification, however there a few settings that will need adjustment depending on your deployment.
# Java Additional Parameters
wrapper.java.additional.1=-Djava.security.policy=conf/policy.all
wrapper.java.additional.2=-Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog
wrapper.java.additional.3=-Dorg.apache.commons.logging.simplelog.defaultlog=info
.
.
.
# Application parameters.  Add parameters as needed starting from 1
wrapper.app.parameter.1=org.nhindirect.dns.service.SimpleServiceRunner
wrapper.app.parameter.2=-p
wrapper.app.parameter.3=53
wrapper.app.parameter.4=-b
wrapper.app.parameter.5=0.0.0.0
wrapper.app.parameter.6=-u
wrapper.app.parameter.7=http://localhost:8081/config-service/ConfigurationService
wrapper.app.parameter.8=-m
wrapper.app.parameter.9=SERVER
Typical settings that may need adjustment.
SettingDescription
-Dorg.apache.commons.logging.simplelog.defaultlogThe logging threshold. Valid value:

fatal: Severe errors that cause premature termination
error: Other runtime errors or unexpected conditions.
warn: Use of deprecated APIs, poor use of API, 'almost' errors, other runtime situations that are undesirable or unexpected, but not necessarily "wrong".
info (default): Interesting runtime events such as startup/shutdown.
debug: Detailed information on flow of through the system.
trace: Even more detailed information such as entering and exiting methods.
wrapper.app.parameter.2=-pThe IP port that the DNS server will use for listening for DNS queries. The default is 53.
NOTE: Some operating systems may require the service to run with elevated account privileges to open ports in this range.
wrapper.app.parameter.4=-bThe IP addressed on the local machine that the service will bind to. Multiple IP addresses are separated with a comma. The default is 0.0.0.0 which means the service will bind to all IP addresses on the machine (including the loopback address of 127.0.0.1)
wrapper.app.parameter.6=-uThis is the URL of the location of the DNS records. Generally this will be the URL of the Direct Project configuration web service.
Some of these parameters can be over ridden with settings in the configuration service. See the protocol configuration for more details.

9.  Create Email Account

  1. start James
    1. cd D:\direct\james-2.3.2\bin
    2. run
  2. add user devdrfirst with password: drfirst
    telnet localhost 4555

    JAMES Remote Administration Tool 2.3.2
    Please enter your login and password
    Login id:
    root
    Password:
    root
    Welcome root. HELP for a list of commands
    adduser bo(username) XXX(psw)
    User bo added
10.  Replace JCE
  1. Replace US_export_policy.jar and local_policy.jar under ${JAVA_HOME}\jre\lib\security\ with Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6
    (US_export_policy.jar and local_policy.jar)
11. Config DNS of the local connection



12. Test the DNS configuration.
      
      Use Dig tool.
      Execute in cmd: 
      dig -t cert california.directproject.org
      Result should be:

      dig -t ns california.directproject.org
      Result should be:

      
 12. Configure the Email Client. Using Thunderbird.
Click on Continue and then click on Manual Config. Config like below.


And click on Done. Now you have setup your mailbox.

The procedure on the other machine "10.100.10.152" is the same.

Then, you can test your two direct network. Sending emails back and forth.

Reference:
http://wiki.directproject.org/Threat+Model+-+SMTP+with+Full+Service+HISPs
http://wiki.directproject.org/Documentation+Library  (JAVA implementation Documents)
http://wiki.directproject.org/Java+Reference+Implementation  (Java Reference Implementation)
http://api.nhindirect.org/java/site/dns/1.2.1/users-guide/ (Config DNS user guide)


Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)