use of com.helger.as2lib.cert.ICertificateFactory in project as2-lib by phax.
the class AS2ReceiverHandler method decrypt.
protected void decrypt(@Nonnull final IMessage aMsg, @Nonnull final AS2ResourceHelper aResHelper) throws AS2Exception {
final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory();
final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();
try {
final boolean bDisableDecrypt = aMsg.partnership().isDisableDecrypt();
final boolean bMsgIsEncrypted = aCryptoHelper.isEncrypted(aMsg.getData());
final boolean bForceDecrypt = aMsg.partnership().isForceDecrypt();
if (bMsgIsEncrypted && bDisableDecrypt) {
if (LOGGER.isInfoEnabled())
LOGGER.info("Message claims to be encrypted but decryption is disabled" + aMsg.getLoggingText());
} else if (bMsgIsEncrypted || bForceDecrypt) {
// Decrypt
if (bForceDecrypt && !bMsgIsEncrypted) {
if (LOGGER.isInfoEnabled())
LOGGER.info("Forced decrypting" + aMsg.getLoggingText());
} else if (LOGGER.isDebugEnabled())
LOGGER.debug("Decrypting" + aMsg.getLoggingText());
final X509Certificate aReceiverCert = aCertFactory.getCertificate(aMsg, ECertificatePartnershipType.RECEIVER);
final PrivateKey aReceiverKey = aCertFactory.getPrivateKey(aReceiverCert);
final MimeBodyPart aDecryptedData = aCryptoHelper.decrypt(aMsg.getData(), aReceiverCert, aReceiverKey, bForceDecrypt, aResHelper);
aMsg.setData(aDecryptedData);
// Remember that message was encrypted
aMsg.attrs().putIn(AS2Message.ATTRIBUTE_RECEIVED_ENCRYPTED, true);
if (LOGGER.isInfoEnabled())
LOGGER.info("Successfully decrypted incoming AS2 message" + aMsg.getLoggingText());
}
} catch (final AS2DispositionException ex) {
// Re-throw "as is"
throw ex;
} catch (final Exception ex) {
if (LOGGER.isErrorEnabled())
LOGGER.error("Error decrypting " + aMsg.getLoggingText() + ": " + ex.getMessage());
throw new AS2DispositionException(DispositionType.createError("decryption-failed"), AbstractActiveNetModule.DISP_DECRYPTION_ERROR, ex);
}
}
use of com.helger.as2lib.cert.ICertificateFactory in project as2-lib by phax.
the class AS2SenderModule method receiveSyncMDN.
/**
* @param aMsg
* AS2Message
* @param aHttpClient
* URLConnection
* @param aOriginalMIC
* mic value from original msg
* @param aIncomingDumper
* Incoming dumper. May be <code>null</code>.
* @param aResHelper
* Resource helper
* @throws AS2Exception
* in case of an error
* @throws IOException
* in case of an IO error
*/
protected void receiveSyncMDN(@Nonnull final AS2Message aMsg, @Nonnull final AS2HttpClient aHttpClient, @Nonnull final MIC aOriginalMIC, @Nullable final IHTTPIncomingDumper aIncomingDumper, @Nonnull final AS2ResourceHelper aResHelper) throws AS2Exception, IOException {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Receiving synchronous MDN for message" + aMsg.getLoggingText());
try {
// Create a MessageMDN and copy HTTP headers
final IMessageMDN aMDN = new AS2MessageMDN(aMsg);
// Bug in ph-commons 9.1.3 in addAllHeaders!
aMDN.headers().addAllHeaders(aHttpClient.getResponseHeaderFields());
// Receive the MDN data
final InputStream aConnIS = aHttpClient.getInputStream();
final NonBlockingByteArrayOutputStream aMDNStream = new NonBlockingByteArrayOutputStream();
// Retrieve the whole MDN content
StreamHelper.copyByteStream().from(aConnIS).closeFrom(true).to(aMDNStream).closeTo(true).limit(StringParser.parseLong(aMDN.getHeader(CHttpHeader.CONTENT_LENGTH), -1)).build();
// Dump collected message
if (aIncomingDumper != null)
aIncomingDumper.dumpIncomingRequest(aMDN.headers().getAllHeaderLines(true), aMDNStream.getBufferOrCopy(), aMDN);
if (LOGGER.isTraceEnabled()) {
// Debug print the whole MDN stream
LOGGER.trace("Retrieved MDN stream data:\n" + aMDNStream.getAsString(StandardCharsets.ISO_8859_1));
}
final MimeBodyPart aPart = new MimeBodyPart(AS2HttpHelper.getAsInternetHeaders(aMDN.headers()), aMDNStream.getBufferOrCopy());
aMDN.setData(aPart);
// get the MDN partnership info
aMDN.partnership().setSenderAS2ID(aMDN.getHeader(CHttpHeader.AS2_FROM));
aMDN.partnership().setReceiverAS2ID(aMDN.getHeader(CHttpHeader.AS2_TO));
// Set the appropriate key store aliases
aMDN.partnership().setSenderX509Alias(aMsg.partnership().getReceiverX509Alias());
aMDN.partnership().setReceiverX509Alias(aMsg.partnership().getSenderX509Alias());
// Update the partnership
getSession().getPartnershipFactory().updatePartnership(aMDN, false);
final ICertificateFactory aCertFactory = getSession().getCertificateFactory();
final X509Certificate aSenderCert = aCertFactory.getCertificate(aMDN, ECertificatePartnershipType.SENDER);
boolean bUseCertificateInBodyPart;
final ETriState eUseCertificateInBodyPart = aMsg.partnership().getVerifyUseCertificateInBodyPart();
if (eUseCertificateInBodyPart.isDefined()) {
// Use per partnership
bUseCertificateInBodyPart = eUseCertificateInBodyPart.getAsBooleanValue();
} else {
// Use global value
bUseCertificateInBodyPart = getSession().isCryptoVerifyUseCertificateInBodyPart();
}
AS2Helper.parseMDN(aMsg, aSenderCert, bUseCertificateInBodyPart, m_aVerificationCertificateConsumer, aResHelper);
try {
getSession().getMessageProcessor().handle(IProcessorStorageModule.DO_STOREMDN, aMsg, null);
} catch (final AS2ComponentNotFoundException | AS2NoModuleException ex) {
// No message processor found
// Or no module found in message processor
}
final String sDisposition = aMDN.attrs().getAsString(AS2MessageMDN.MDNA_DISPOSITION);
if (LOGGER.isInfoEnabled())
LOGGER.info("Received synchronous AS2 MDN [" + sDisposition + "]" + aMsg.getLoggingText());
// Asynch MDN 2007-03-12
// Verify if the original mic is equal to the mic in returned MDN
final String sReturnMIC = aMDN.attrs().getAsString(AS2MessageMDN.MDNA_MIC);
final MIC aReturnMIC = MIC.parse(sReturnMIC);
// Catch ReturnMIC == null in case the attribute is simply missing
final boolean bMICMatch = aOriginalMIC != null && aReturnMIC != null && aReturnMIC.equals(aOriginalMIC);
if (bMICMatch) {
// MIC was matched - all good
m_aMICMatchingHandler.onMICMatch(aMsg, sReturnMIC);
} else {
// file was sent completely but the returned mic was not matched,
m_aMICMatchingHandler.onMICMismatch(aMsg, aOriginalMIC == null ? null : aOriginalMIC.getAsAS2String(), sReturnMIC);
}
if (m_aIncomingMDNCallback != null)
m_aIncomingMDNCallback.onIncomingMDN(true, aMDN, aMDN.getHeader(CHttpHeader.AS2_FROM), aMDN.getHeader(CHttpHeader.AS2_TO), sDisposition, aMDN.attrs().getAsString(AS2MessageMDN.MDNA_MIC), aMDN.attrs().getAsString(AS2MessageMDN.MDNA_ORIG_MESSAGEID), aMDN.attrs().getAsBoolean(AS2Message.ATTRIBUTE_RECEIVED_SIGNED, false), bMICMatch);
DispositionType.createFromString(sDisposition).validate(aMsg, aMDN.getText());
} catch (final IOException ex) {
throw ex;
} catch (final Exception ex) {
throw WrappedAS2Exception.wrap(ex).setSourceMsg(aMsg);
}
}
use of com.helger.as2lib.cert.ICertificateFactory in project as2-lib by phax.
the class AS2Helper method createMDNData.
/**
* Create and fill the MDN parameter
*
* @param aSession
* Session to retrieve the certificate factory for signing
* @param aMdn
* The MDN object to be filled
* @param bSignMDN
* <code>true</code> to sign the MDN
* @param bIncludeCertificateInSignedContent
* <code>true</code> if the passed certificate should be part of the
* signed content, <code>false</code> if the certificate should not be
* put in the content. E.g. for PEPPOL this must be <code>true</code>.
* @param eMICAlg
* The MIC algorithm to be used. Must be present if bSignMDN is
* <code>true</code>.
* @param bUseOldRFC3851MicAlgs
* <code>true</code> to use the old RFC 3851 MIC algorithm names (e.g.
* <code>sha1</code>), <code>false</code> to use the new RFC 5751 MIC
* algorithm names (e.g. <code>sha-1</code>).
* @param bRemoveCmsAlgorithmProtect
* if <code>true</code>, the CMS attribute "AlgorithmProtect" will be
* removed. This is needed in compatibility with e.g. IBM Sterling.
* Default value should be <code>false</code>. Since 4.10.1. See Issue
* #137.
* @throws Exception
* In case something internally goes wrong
*/
public static void createMDNData(@Nonnull final IAS2Session aSession, @Nonnull final IMessageMDN aMdn, final boolean bSignMDN, final boolean bIncludeCertificateInSignedContent, @Nullable final ECryptoAlgorithmSign eMICAlg, final boolean bUseOldRFC3851MicAlgs, final boolean bRemoveCmsAlgorithmProtect) throws Exception {
ValueEnforcer.notNull(aSession, "AS2Session");
ValueEnforcer.notNull(aMdn, "MDN");
if (bSignMDN)
ValueEnforcer.notNull(eMICAlg, "MICAlg");
// Create the report and sub-body parts
final MimeMultipart aReportParts = new MimeMultipart();
// Create the text part
final MimeBodyPart aTextPart = new MimeBodyPart();
final String sText = aMdn.getText() + CHttp.EOL;
aTextPart.setContent(sText, CMimeType.TEXT_PLAIN.getAsString());
aTextPart.setHeader(CHttpHeader.CONTENT_TYPE, CMimeType.TEXT_PLAIN.getAsString());
aReportParts.addBodyPart(aTextPart);
// Create the report part
final MimeBodyPart aReportPart = new MimeBodyPart();
{
final InternetHeaders aReportValues = new InternetHeaders();
aReportValues.setHeader(HEADER_REPORTING_UA, aMdn.attrs().getAsString(AS2MessageMDN.MDNA_REPORTING_UA));
aReportValues.setHeader(HEADER_ORIGINAL_RECIPIENT, aMdn.attrs().getAsString(AS2MessageMDN.MDNA_ORIG_RECIPIENT));
aReportValues.setHeader(HEADER_FINAL_RECIPIENT, aMdn.attrs().getAsString(AS2MessageMDN.MDNA_FINAL_RECIPIENT));
aReportValues.setHeader(HEADER_ORIGINAL_MESSAGE_ID, aMdn.attrs().getAsString(AS2MessageMDN.MDNA_ORIG_MESSAGEID));
aReportValues.setHeader(HEADER_DISPOSITION, aMdn.attrs().getAsString(AS2MessageMDN.MDNA_DISPOSITION));
aReportValues.setHeader(HEADER_RECEIVED_CONTENT_MIC, aMdn.attrs().getAsString(AS2MessageMDN.MDNA_MIC));
final StringBuilder aReportData = new StringBuilder();
final Enumeration<?> aReportEn = aReportValues.getAllHeaderLines();
while (aReportEn.hasMoreElements()) aReportData.append((String) aReportEn.nextElement()).append(CHttp.EOL);
aReportData.append(CHttp.EOL);
aReportPart.setContent(aReportData.toString(), "message/disposition-notification");
}
aReportPart.setHeader(CHttpHeader.CONTENT_TYPE, "message/disposition-notification");
aReportParts.addBodyPart(aReportPart);
// Convert report parts to MimeBodyPart
final MimeBodyPart aReport = new MimeBodyPart();
aReportParts.setSubType("report; report-type=disposition-notification");
aReport.setContent(aReportParts);
aReport.setHeader(CHttpHeader.CONTENT_TYPE, aReportParts.getContentType());
// Sign the MDN data if needed
if (bSignMDN) {
final ICertificateFactory aCertFactory = aSession.getCertificateFactory();
try {
final X509Certificate aSenderCert = aCertFactory.getCertificate(aMdn, ECertificatePartnershipType.SENDER);
final PrivateKey aSenderKey = aCertFactory.getPrivateKey(aSenderCert);
final MimeBodyPart aSignedReport = getCryptoHelper().sign(aReport, aSenderCert, aSenderKey, eMICAlg, bIncludeCertificateInSignedContent, bUseOldRFC3851MicAlgs, bRemoveCmsAlgorithmProtect, EContentTransferEncoding.BASE64);
aMdn.setData(aSignedReport);
if (LOGGER.isInfoEnabled())
LOGGER.info("Successfully signed outgoing MDN message" + aMdn.getLoggingText());
} catch (final AS2CertificateNotFoundException | AS2KeyNotFoundException ex) {
ex.terminate();
LOGGER.warn("Failed to sign MDN - using an unsigned MDN instead");
aMdn.setData(aReport);
}
} else {
// No signing needed
aMdn.setData(aReport);
}
// Update the MDN headers with content information
final MimeBodyPart aData = aMdn.getData();
aMdn.headers().setContentType(aData.getContentType());
// final int size = getSize (aData);
// aMdn.setHeader (CAS2Header.HEADER_CONTENT_LENGTH, Integer.toString
// (size));
}
use of com.helger.as2lib.cert.ICertificateFactory in project as2-server by phax.
the class AS2ServerXMLSession method loadCertificates.
protected void loadCertificates(@Nonnull final IMicroElement aElement) throws OpenAS2Exception {
LOGGER.info(" loading certificates");
final ICertificateFactory certFx = AS2XMLHelper.createComponent(aElement, ICertificateFactory.class, this, m_sBaseDirectory);
setCertificateFactory(certFx);
}
Aggregations