Examples with ICertificateFactory com.helger.as2lib.cert.ICertificateFactory used on opensource projects

Example 1 with ICertificateFactory

use of com.helger.as2lib.cert.ICertificateFactory in project as2-lib by phax.

the class AS2MDNReceiverHandler method receiveMDN.

// Asynch MDN 2007-03-12
/**
 * method for receiving and processing Async MDN sent from receiver.
 *
 * @param aMsg
 *        The MDN message
 * @param aData
 *        The MDN content
 * @param aResponseHandler
 *        The HTTP response handler for setting the correct HTTP response code
 * @param aResHelper
 *        Resource helper
 * @throws AS2Exception
 *         In case of error
 * @throws IOException
 *         In case of IO error
 */
protected final void receiveMDN(@Nonnull final AS2Message aMsg, final byte[] aData, @Nonnull final IAS2HttpResponseHandler aResponseHandler, @Nonnull final AS2ResourceHelper aResHelper) throws AS2Exception, IOException {
    try {
        // Create a MessageMDN and copy HTTP headers
        final IMessageMDN aMDN = new AS2MessageMDN(aMsg);
        // copy headers from msg to MDN from msg
        aMDN.headers().setAllHeaders(aMsg.headers());
        final MimeBodyPart aPart = new MimeBodyPart(AS2HttpHelper.getAsInternetHeaders(aMDN.headers()), aData);
        aMDN.setData(aPart);
        // get the MDN partnership info
        aMDN.partnership().setSenderAS2ID(aMDN.getHeader(CHttpHeader.AS2_FROM));
        aMDN.partnership().setReceiverAS2ID(aMDN.getHeader(CHttpHeader.AS2_TO));
        // Set the appropriate keystore aliases
        aMDN.partnership().setSenderX509Alias(aMsg.partnership().getReceiverX509Alias());
        aMDN.partnership().setReceiverX509Alias(aMsg.partnership().getSenderX509Alias());
        // Update the partnership
        getModule().getSession().getPartnershipFactory().updatePartnership(aMDN, false);
        final ICertificateFactory aCertFactory = getModule().getSession().getCertificateFactory();
        final X509Certificate aSenderCert = aCertFactory.getCertificate(aMDN, ECertificatePartnershipType.SENDER);
        final boolean bUseCertificateInBodyPart;
        final ETriState eUseCertificateInBodyPart = aMsg.partnership().getVerifyUseCertificateInBodyPart();
        if (eUseCertificateInBodyPart.isDefined()) {
            // Use per partnership
            bUseCertificateInBodyPart = eUseCertificateInBodyPart.getAsBooleanValue();
        } else {
            // Use global value
            bUseCertificateInBodyPart = getModule().getSession().isCryptoVerifyUseCertificateInBodyPart();
        }
        AS2Helper.parseMDN(aMsg, aSenderCert, bUseCertificateInBodyPart, getVerificationCertificateConsumer(), aResHelper);
        // in order to name & save the mdn with the original AS2-From + AS2-To +
        // Message id.,
        // the 3 msg attributes have to be reset before calling MDNFileModule
        aMsg.partnership().setSenderAS2ID(aMDN.getHeader(CHttpHeader.AS2_TO));
        aMsg.partnership().setReceiverAS2ID(aMDN.getHeader(CHttpHeader.AS2_FROM));
        getModule().getSession().getPartnershipFactory().updatePartnership(aMsg, false);
        aMsg.setMessageID(aMDN.attrs().getAsString(AS2MessageMDN.MDNA_ORIG_MESSAGEID));
        try {
            getModule().getSession().getMessageProcessor().handle(IProcessorStorageModule.DO_STOREMDN, aMsg, null);
        } catch (final AS2ComponentNotFoundException | AS2NoModuleException ex) {
        // No message processor found
        // Or no module found in message processor
        }
        // check if the mic (message integrity check) is correct
        final boolean bMICMatch = checkAsyncMDN(aMsg);
        HTTPHelper.sendSimpleHTTPResponse(aResponseHandler, bMICMatch ? CHttp.HTTP_OK : CHttp.HTTP_NOT_FOUND);
        final String sDisposition = aMDN.attrs().getAsString(AS2MessageMDN.MDNA_DISPOSITION);
        if (m_aIncomingMDNCallback != null)
            m_aIncomingMDNCallback.onIncomingMDN(false, aMDN, aMDN.getHeader(CHttpHeader.AS2_FROM), aMDN.getHeader(CHttpHeader.AS2_TO), sDisposition, aMDN.attrs().getAsString(AS2MessageMDN.MDNA_MIC), aMDN.attrs().getAsString(AS2MessageMDN.MDNA_ORIG_MESSAGEID), aMDN.attrs().getAsBoolean(AS2Message.ATTRIBUTE_RECEIVED_SIGNED, false), bMICMatch);
        DispositionType.createFromString(sDisposition).validate(aMsg, aMDN.getText());
    } catch (final IOException ex) {
        HTTPHelper.sendSimpleHTTPResponse(aResponseHandler, CHttp.HTTP_BAD_REQUEST);
        throw ex;
    } catch (final Exception ex) {
        HTTPHelper.sendSimpleHTTPResponse(aResponseHandler, CHttp.HTTP_BAD_REQUEST);
        throw WrappedAS2Exception.wrap(ex).setSourceMsg(aMsg);
    }
}

Example 2 with ICertificateFactory

use of com.helger.as2lib.cert.ICertificateFactory in project as2-lib by phax.

the class AS2SenderModule method secure.

@Nonnull
protected MimeBodyPart secure(@Nonnull final IMessage aMsg, @Nonnull final EContentTransferEncoding eCTE) throws Exception {
    final Partnership aPartnership = aMsg.partnership();
    final ICertificateFactory aCertFactory = getSession().getCertificateFactory();
    // Get compression parameters
    // If compression is enabled, by default is is compressed before signing
    ECompressionType eCompressionType = null;
    boolean bCompressBeforeSign = true;
    Consumer<MimeBodyPart> aCompressBeforeSignCallback = null;
    {
        final String sCompressionType = aPartnership.getCompressionType();
        if (sCompressionType != null) {
            eCompressionType = ECompressionType.getFromIDCaseInsensitiveOrNull(sCompressionType);
            if (eCompressionType == null)
                throw new AS2Exception("The compression type '" + sCompressionType + "' is not supported!");
            bCompressBeforeSign = aPartnership.isCompressBeforeSign();
            if (bCompressBeforeSign) {
                // Replace the message data, because it is the basis for the MIC
                aCompressBeforeSignCallback = aMsg::setData;
            }
        }
    }
    // Get signing parameters
    ECryptoAlgorithmSign eSignAlgorithm = null;
    X509Certificate aSenderCert = null;
    PrivateKey aSenderKey = null;
    boolean bIncludeCertificateInSignedContent = false;
    boolean bUseRFC3851MICAlg = false;
    boolean bRemoveCmsAlgorithmProtect = false;
    {
        final String sSignAlgorithm = aPartnership.getSigningAlgorithm();
        if (sSignAlgorithm != null) {
            aSenderCert = aCertFactory.getCertificate(aMsg, ECertificatePartnershipType.SENDER);
            aSenderKey = aCertFactory.getPrivateKey(aSenderCert);
            eSignAlgorithm = ECryptoAlgorithmSign.getFromIDOrNull(sSignAlgorithm);
            if (eSignAlgorithm == null)
                throw new AS2Exception("The signing algorithm '" + sSignAlgorithm + "' is not supported!");
            // Include certificate in signed content?
            final ETriState eIncludeCertificateInSignedContent = aMsg.partnership().getIncludeCertificateInSignedContent();
            if (eIncludeCertificateInSignedContent.isDefined()) {
                // Use per partnership
                bIncludeCertificateInSignedContent = eIncludeCertificateInSignedContent.getAsBooleanValue();
            } else {
                // Use global value
                bIncludeCertificateInSignedContent = getSession().isCryptoSignIncludeCertificateInBodyPart();
            }
            // Use old MIC algorithms?
            bUseRFC3851MICAlg = aPartnership.isRFC3851MICAlgs();
            // Remove CMS attributes?
            bRemoveCmsAlgorithmProtect = aPartnership.isRemoveCmsAlgorithmProtect();
        }
    }
    // Get encryption parameters
    ECryptoAlgorithmCrypt eCryptAlgorithm = null;
    X509Certificate aReceiverCert = null;
    {
        final String sCryptAlgorithm = aPartnership.getEncryptAlgorithm();
        if (sCryptAlgorithm != null) {
            aReceiverCert = aCertFactory.getCertificate(aMsg, ECertificatePartnershipType.RECEIVER);
            eCryptAlgorithm = ECryptoAlgorithmCrypt.getFromIDOrNull(sCryptAlgorithm);
            if (eCryptAlgorithm == null)
                throw new AS2Exception("The crypting algorithm '" + sCryptAlgorithm + "' is not supported!");
        }
    }
    // Set CTE once here - required for stream creation later on!
    aMsg.headers().setHeader(CHttpHeader.CONTENT_TRANSFER_ENCODING, eCTE.getID());
    if (eCompressionType != null || eCryptAlgorithm != null) {
        // Header is needed when compression or encryption is enabled
        if (aMsg.getData().getHeader(CHttpHeader.CONTENT_TRANSFER_ENCODING) == null)
            aMsg.getData().setHeader(CHttpHeader.CONTENT_TRANSFER_ENCODING, eCTE.getID());
    }
    if (eCompressionType != null && eSignAlgorithm == null && eCryptAlgorithm == null) {
        // Compression only - set the respective content type
        aMsg.headers().setHeader(CHttpHeader.CONTENT_TYPE, CMimeType.APPLICATION_OCTET_STREAM.getAsStringWithoutParameters());
    }
    return secureMimeBodyPart(aMsg.getData(), eCTE, eCompressionType, bCompressBeforeSign, aCompressBeforeSignCallback, eSignAlgorithm, aSenderCert, aSenderKey, bIncludeCertificateInSignedContent, bUseRFC3851MICAlg, bRemoveCmsAlgorithmProtect, eCryptAlgorithm, aReceiverCert, aMsg.getLoggingText());
}

Example 3 with ICertificateFactory

use of com.helger.as2lib.cert.ICertificateFactory in project as2-server by phax.

the class AS2ServerXMLSession method loadCertificates.

protected void loadCertificates(@Nonnull final IMicroElement aElement) throws OpenAS2Exception {
    LOGGER.info("  loading certificates");
    final ICertificateFactory certFx = AS2XMLHelper.createComponent(aElement, ICertificateFactory.class, this, m_sBaseDirectory);
    setCertificateFactory(certFx);
}

Example 4 with ICertificateFactory

use of com.helger.as2lib.cert.ICertificateFactory in project as2-lib by phax.

the class AS2ServerXMLSession method loadCertificates.

protected void loadCertificates(@Nonnull final IMicroElement aElement) throws AS2Exception {
    LOGGER.info("  loading certificates");
    final ICertificateFactory certFx = AS2XMLHelper.createComponent(aElement, ICertificateFactory.class, this, m_sBaseDirectory);
    setCertificateFactory(certFx);
}

Example 5 with ICertificateFactory

use of com.helger.as2lib.cert.ICertificateFactory in project as2-lib by phax.

the class AS2ServletXMLSession method _loadCertificateFactory.

private void _loadCertificateFactory(@Nonnull final IMicroElement aElement) throws AS2Exception {
    LOGGER.info("Loading certificates");
    final ICertificateFactory aFactory = AS2XMLHelper.createComponent(aElement, ICertificateFactory.class, this, m_sBaseDirectory);
    setCertificateFactory(aFactory);
}