use of com.helger.as2lib.crypto.ICryptoHelper in project as2-lib by phax.
the class AS2ReceiverHandler method handleIncomingMessage.
/**
* This method can be used to handle an incoming HTTP message AFTER the
* headers where extracted.
*
* @param sClientInfo
* Client connection info
* @param aMsgData
* The message body
* @param aMsg
* The AS2 message that will be filled by this method
* @param aResponseHandler
* The response handler which handles HTTP error messages as well as
* synchronous MDN.
*/
public void handleIncomingMessage(@Nonnull final String sClientInfo, @Nonnull final DataSource aMsgData, @Nonnull final AS2Message aMsg, @Nonnull final IAS2HttpResponseHandler aResponseHandler) {
// handler, to avoid the decrypted content gets removed (see issue #135)
try (final AS2ResourceHelper aResHelper = new AS2ResourceHelper()) {
try {
final IAS2Session aSession = m_aReceiverModule.getSession();
try {
// Put received data in a MIME body part
final String sReceivedContentType = AS2HttpHelper.getCleanContentType(aMsg.getHeader(CHttpHeader.CONTENT_TYPE));
final MimeBodyPart aReceivedPart = new MimeBodyPart();
aReceivedPart.setDataHandler(new DataHandler(aMsgData));
// Header must be set AFTER the DataHandler!
aReceivedPart.setHeader(CHttpHeader.CONTENT_TYPE, sReceivedContentType);
aMsg.setData(aReceivedPart);
} catch (final Exception ex) {
throw new AS2DispositionException(DispositionType.createError("unexpected-processing-error"), AbstractActiveNetModule.DISP_PARSING_MIME_FAILED, ex);
}
// update the message
try {
final String sAS2From = aMsg.getAS2From();
aMsg.partnership().setSenderAS2ID(sAS2From);
final String sAS2To = aMsg.getAS2To();
aMsg.partnership().setReceiverAS2ID(sAS2To);
// Fill all partnership attributes etc.
aSession.getPartnershipFactory().updatePartnership(aMsg, false);
} catch (final AS2Exception ex) {
throw AS2DispositionException.wrap(ex, () -> DispositionType.createError("authentication-failed"), () -> AbstractActiveNetModule.DISP_PARTNERSHIP_NOT_FOUND);
}
// Per RFC5402 compression is always before encryption but can be before
// or after signing of message but only in one place
final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();
boolean bIsDecompressed = false;
// Decrypt and verify signature of the data, and attach data to the
// message
decrypt(aMsg, aResHelper);
if (aCryptoHelper.isCompressed(aMsg.getContentType())) {
if (LOGGER.isTraceEnabled())
LOGGER.trace("Decompressing received message before checking signature...");
decompress(aMsg);
bIsDecompressed = true;
}
verify(aMsg, aResHelper);
if (aCryptoHelper.isCompressed(aMsg.getContentType())) {
// or after signing of message but only in one place
if (bIsDecompressed) {
throw new AS2DispositionException(DispositionType.createError("decompression-failed"), AbstractActiveNetModule.DISP_DECOMPRESSION_ERROR, new Exception("Message has already been decompressed. Per RFC5402 it cannot occur twice."));
}
if (LOGGER.isTraceEnabled())
if (aMsg.attrs().containsKey(AS2Message.ATTRIBUTE_RECEIVED_SIGNED))
LOGGER.trace("Decompressing received message after verifying signature...");
else
LOGGER.trace("Decompressing received message after decryption...");
decompress(aMsg);
bIsDecompressed = true;
}
if (LOGGER.isTraceEnabled())
try {
LOGGER.trace("SMIME Decrypted Content-Disposition: " + aMsg.getContentDisposition() + "\n Content-Type received: " + aMsg.getContentType() + "\n HEADERS after decryption: " + aMsg.getData().getAllHeaders() + "\n Content-Disposition in MSG detData() MIMEPART after decryption: " + aMsg.getData().getContentType());
} catch (final MessagingException ex) {
if (LOGGER.isErrorEnabled())
LOGGER.error("Failed to trace message: " + aMsg, ex);
}
// Validate the received message before storing
try {
aSession.getMessageProcessor().handle(IProcessorStorageModule.DO_VALIDATE_BEFORE_STORE, aMsg, null);
} catch (final AS2NoModuleException ex) {
// No module installed - ignore
} catch (final AS2Exception ex) {
// Issue 90 - use CRLF as separator
throw AS2DispositionException.wrap(ex, () -> DispositionType.createError("unexpected-processing-error"), () -> StringHelper.getConcatenatedOnDemand(AbstractActiveNetModule.DISP_VALIDATION_FAILED, CHttp.EOL, _getDispositionText(ex)));
}
// Store the received message
try {
aSession.getMessageProcessor().handle(IProcessorStorageModule.DO_STORE, aMsg, null);
} catch (final AS2NoModuleException ex) {
// No module installed - ignore
} catch (final AS2Exception ex) {
// Issue 90 - use CRLF as separator
throw AS2DispositionException.wrap(ex, () -> DispositionType.createError("unexpected-processing-error"), () -> StringHelper.getConcatenatedOnDemand(AbstractActiveNetModule.DISP_STORAGE_FAILED, CHttp.EOL, _getDispositionText(ex)));
}
// Validate the received message after storing
try {
aSession.getMessageProcessor().handle(IProcessorStorageModule.DO_VALIDATE_AFTER_STORE, aMsg, null);
} catch (final AS2NoModuleException ex) {
// No module installed - ignore
} catch (final AS2Exception ex) {
// Issue 90 - use CRLF as separator
throw AS2DispositionException.wrap(ex, () -> DispositionType.createError("unexpected-processing-error"), () -> StringHelper.getConcatenatedOnDemand(AbstractActiveNetModule.DISP_VALIDATION_FAILED, CHttp.EOL, _getDispositionText(ex)));
}
try {
if (aMsg.isRequestingMDN()) {
if (LOGGER.isTraceEnabled())
LOGGER.trace("AS2 message is requesting an MDN");
// Transmit a success MDN if requested
sendMDN(sClientInfo, aResponseHandler, aMsg, DispositionType.createSuccess(), AbstractActiveNetModule.DISP_SUCCESS, ESuccess.SUCCESS);
} else {
if (LOGGER.isTraceEnabled())
LOGGER.trace("AS2 message is not requesting an MDN - just sending HTTP 200 (OK)");
// Just send a HTTP OK
HTTPHelper.sendSimpleHTTPResponse(aResponseHandler, CHttp.HTTP_OK);
if (LOGGER.isInfoEnabled())
LOGGER.info("sent HTTP OK " + sClientInfo + aMsg.getLoggingText());
}
} catch (final Exception ex) {
throw new AS2Exception("Error creating and returning MDN, message was stilled processed", ex);
}
} catch (final AS2DispositionException ex) {
sendMDN(sClientInfo, aResponseHandler, aMsg, ex.getDisposition(), ex.getText(), ESuccess.FAILURE);
m_aReceiverModule.handleError(aMsg, ex);
} catch (final AS2Exception ex) {
m_aReceiverModule.handleError(aMsg, ex);
} finally {
// close the temporary shared stream if it exists
final TempSharedFileInputStream sis = aMsg.getTempSharedFileInputStream();
if (null != sis) {
try {
sis.closeAll();
} catch (final IOException e) {
LOGGER.error("Exception while closing TempSharedFileInputStream", e);
}
}
}
}
}
use of com.helger.as2lib.crypto.ICryptoHelper in project as2-lib by phax.
the class AS2ReceiverHandler method verify.
protected void verify(@Nonnull final IMessage aMsg, @Nonnull final AS2ResourceHelper aResHelper) throws AS2Exception {
final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory();
final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();
try {
final boolean bDisableVerify = aMsg.partnership().isDisableVerify();
final boolean bMsgIsSigned = aCryptoHelper.isSigned(aMsg.getData());
final boolean bForceVerify = aMsg.partnership().isForceVerify();
if (bMsgIsSigned && bDisableVerify) {
if (LOGGER.isInfoEnabled())
LOGGER.info("Message claims to be signed but signature validation is disabled" + aMsg.getLoggingText());
} else if (bMsgIsSigned || bForceVerify) {
if (bForceVerify && !bMsgIsSigned) {
if (LOGGER.isInfoEnabled())
LOGGER.info("Forced verify signature" + aMsg.getLoggingText());
} else if (LOGGER.isDebugEnabled())
LOGGER.debug("Verifying signature" + aMsg.getLoggingText());
final X509Certificate aSenderCert = aCertFactory.getCertificateOrNull(aMsg, ECertificatePartnershipType.SENDER);
boolean bUseCertificateInBodyPart;
final ETriState eUseCertificateInBodyPart = aMsg.partnership().getVerifyUseCertificateInBodyPart();
if (eUseCertificateInBodyPart.isDefined()) {
// Use per partnership
bUseCertificateInBodyPart = eUseCertificateInBodyPart.getAsBooleanValue();
} else {
// Use global value
bUseCertificateInBodyPart = m_aReceiverModule.getSession().isCryptoVerifyUseCertificateInBodyPart();
}
final Wrapper<X509Certificate> aCertHolder = new Wrapper<>();
final MimeBodyPart aVerifiedData = aCryptoHelper.verify(aMsg.getData(), aSenderCert, bUseCertificateInBodyPart, bForceVerify, aCertHolder::set, aResHelper);
final Consumer<X509Certificate> aExternalConsumer = getVerificationCertificateConsumer();
if (aExternalConsumer != null)
aExternalConsumer.accept(aCertHolder.get());
aMsg.setData(aVerifiedData);
// Remember that message was signed and verified
aMsg.attrs().putIn(AS2Message.ATTRIBUTE_RECEIVED_SIGNED, true);
// Remember the PEM encoded version of the X509 certificate that was
// used for verification
aMsg.attrs().putIn(AS2Message.ATTRIBUTE_RECEIVED_SIGNATURE_CERTIFICATE, CertificateHelper.getPEMEncodedCertificate(aCertHolder.get()));
if (LOGGER.isInfoEnabled())
LOGGER.info("Successfully verified signature of incoming AS2 message" + aMsg.getLoggingText());
}
} catch (final Exception ex) {
if (LOGGER.isErrorEnabled())
LOGGER.error("Error verifying signature " + aMsg.getLoggingText() + ": " + ex.getMessage());
throw AS2DispositionException.wrap(ex, () -> DispositionType.createError("integrity-check-failed"), () -> AbstractActiveNetModule.DISP_VERIFY_SIGNATURE_FAILED);
}
}
use of com.helger.as2lib.crypto.ICryptoHelper in project as2-lib by phax.
the class AS2ReceiverHandler method decrypt.
protected void decrypt(@Nonnull final IMessage aMsg, @Nonnull final AS2ResourceHelper aResHelper) throws AS2Exception {
final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory();
final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();
try {
final boolean bDisableDecrypt = aMsg.partnership().isDisableDecrypt();
final boolean bMsgIsEncrypted = aCryptoHelper.isEncrypted(aMsg.getData());
final boolean bForceDecrypt = aMsg.partnership().isForceDecrypt();
if (bMsgIsEncrypted && bDisableDecrypt) {
if (LOGGER.isInfoEnabled())
LOGGER.info("Message claims to be encrypted but decryption is disabled" + aMsg.getLoggingText());
} else if (bMsgIsEncrypted || bForceDecrypt) {
// Decrypt
if (bForceDecrypt && !bMsgIsEncrypted) {
if (LOGGER.isInfoEnabled())
LOGGER.info("Forced decrypting" + aMsg.getLoggingText());
} else if (LOGGER.isDebugEnabled())
LOGGER.debug("Decrypting" + aMsg.getLoggingText());
final X509Certificate aReceiverCert = aCertFactory.getCertificate(aMsg, ECertificatePartnershipType.RECEIVER);
final PrivateKey aReceiverKey = aCertFactory.getPrivateKey(aReceiverCert);
final MimeBodyPart aDecryptedData = aCryptoHelper.decrypt(aMsg.getData(), aReceiverCert, aReceiverKey, bForceDecrypt, aResHelper);
aMsg.setData(aDecryptedData);
// Remember that message was encrypted
aMsg.attrs().putIn(AS2Message.ATTRIBUTE_RECEIVED_ENCRYPTED, true);
if (LOGGER.isInfoEnabled())
LOGGER.info("Successfully decrypted incoming AS2 message" + aMsg.getLoggingText());
}
} catch (final AS2DispositionException ex) {
// Re-throw "as is"
throw ex;
} catch (final Exception ex) {
if (LOGGER.isErrorEnabled())
LOGGER.error("Error decrypting " + aMsg.getLoggingText() + ": " + ex.getMessage());
throw new AS2DispositionException(DispositionType.createError("decryption-failed"), AbstractActiveNetModule.DISP_DECRYPTION_ERROR, ex);
}
}
use of com.helger.as2lib.crypto.ICryptoHelper in project as2-lib by phax.
the class ReadMDNFuncTest method testReadMDNIssue97.
@Test
@Ignore("Part does not contain MimeMultipart")
public void testReadMDNIssue97() throws Exception {
final String sPrefix = "mdn/issue97";
final IReadableResource aHeaderRes = new ClassPathResource(sPrefix + ".header");
assertTrue(aHeaderRes.exists());
final IReadableResource aPayloadRes = new ClassPathResource(sPrefix + ".payload");
assertTrue(aPayloadRes.exists());
if (false) {
final IReadableResource aCertRes = new ClassPathResource(sPrefix + ".pem");
assertTrue(aCertRes.exists());
}
final HttpHeaderMap aHeaders = new HttpHeaderMap();
try (NonBlockingBufferedReader aBR = new NonBlockingBufferedReader(aHeaderRes.getReader(StandardCharsets.ISO_8859_1))) {
String s;
while ((s = aBR.readLine()) != null) {
final int i = s.indexOf(':');
final String sName = s.substring(0, i).trim();
final String sValue = s.substring(i + 1).trim();
aHeaders.addHeader(sName, sValue);
}
}
if (false)
assertEquals("<MOKOsi42435716cf621589dnode1POP000046@sfgt1.unix.fina.hr>", aHeaders.getFirstHeaderValue("Message-ID"));
// final X509Certificate aCert =
// CertificateHelper.convertStringToCertficateOrNull
// (StreamHelper.getAllBytesAsString (aCertRes,
// StandardCharsets.ISO_8859_1));
// assertNotNull (aCert);
final AS2Message aMsg = new AS2Message();
// Create a MessageMDN and copy HTTP headers
final IMessageMDN aMDN = new AS2MessageMDN(aMsg);
aMDN.headers().addAllHeaders(aHeaders);
final MimeBodyPart aPart = new MimeBodyPart(AS2HttpHelper.getAsInternetHeaders(aMDN.headers()), StreamHelper.getAllBytes(aPayloadRes));
assertNotNull(aPart);
aMsg.getMDN().setData(aPart);
final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();
assertTrue(aCryptoHelper.isSigned(aPart));
assertFalse(aCryptoHelper.isEncrypted(aPart));
assertFalse(aCryptoHelper.isCompressed(aPart.getContentType()));
try (final AS2ResourceHelper aResHelper = new AS2ResourceHelper()) {
final Consumer<X509Certificate> aCertHolder = null;
AS2Helper.parseMDN(aMsg, null, true, aCertHolder, aResHelper);
}
}
use of com.helger.as2lib.crypto.ICryptoHelper in project as2-lib by phax.
the class AS2Helper method parseMDN.
public static void parseMDN(@Nonnull final IMessage aMsg, @Nullable final X509Certificate aReceiverCert, final boolean bUseCertificateInBodyPart, @Nullable final Consumer<? super X509Certificate> aEffectiveCertificateConsumer, @Nonnull final AS2ResourceHelper aResHelper) throws Exception {
final String sLoggingText = aMsg.getLoggingText();
LOGGER.info("Start parsing MDN of" + sLoggingText);
final IMessageMDN aMDN = aMsg.getMDN();
MimeBodyPart aMainPart = aMDN.getData();
final ICryptoHelper aCryptoHelper = getCryptoHelper();
final boolean bDisableVerify = aMsg.partnership().isDisableVerify();
final boolean bMsgIsSigned = aCryptoHelper.isSigned(aMainPart);
final boolean bForceVerify = aMsg.partnership().isForceVerify();
if (bMsgIsSigned && bDisableVerify) {
LOGGER.info("Message claims to be signed but signature validation is disabled" + sLoggingText);
} else if (bMsgIsSigned || bForceVerify) {
if (bForceVerify && !bMsgIsSigned)
LOGGER.info("Forced verify MDN signature" + sLoggingText);
else if (LOGGER.isDebugEnabled())
LOGGER.debug("Verifying MDN signature" + sLoggingText);
final Wrapper<X509Certificate> aCertHolder = new Wrapper<>();
aMainPart = aCryptoHelper.verify(aMainPart, aReceiverCert, bUseCertificateInBodyPart, bForceVerify, aCertHolder::set, aResHelper);
if (aEffectiveCertificateConsumer != null)
aEffectiveCertificateConsumer.accept(aCertHolder.get());
// Remember that message was signed and verified
aMDN.attrs().putIn(AS2Message.ATTRIBUTE_RECEIVED_SIGNED, true);
// used for verification
if (aCertHolder.isSet())
aMsg.attrs().putIn(AS2Message.ATTRIBUTE_RECEIVED_SIGNATURE_CERTIFICATE, CertificateHelper.getPEMEncodedCertificate(aCertHolder.get()));
if (LOGGER.isInfoEnabled())
LOGGER.info("Successfully verified signature of MDN of message" + sLoggingText);
}
final MimeMultipart aReportParts = new MimeMultipart(aMainPart.getDataHandler().getDataSource());
final ContentType aReportType = AS2HttpHelper.parseContentType(aReportParts.getContentType());
if (aReportType != null && aReportType.getBaseType().equalsIgnoreCase("multipart/report")) {
final int nReportCount = aReportParts.getCount();
for (int j = 0; j < nReportCount; j++) {
final MimeBodyPart aReportPart = (MimeBodyPart) aReportParts.getBodyPart(j);
if (aReportPart.isMimeType(CMimeType.TEXT_PLAIN.getAsString())) {
final Object aPartContent = aReportPart.getContent();
if (LOGGER.isDebugEnabled())
LOGGER.debug(aPartContent == null ? "Report part content is null" : "Report part content is a " + aPartContent.getClass().getName());
// XXX is this "toString" really a correct solution?
aMDN.setText(aPartContent.toString());
} else if (aReportPart.isMimeType("message/disposition-notification")) {
// https://github.com/phax/as2-lib/issues/100
final String sCTE = aReportPart.getHeader(CHttpHeader.CONTENT_TRANSFER_ENCODING, null);
try (final InputStream aRealIS = AS2IOHelper.getContentTransferEncodingAwareInputStream(aReportPart.getInputStream(), sCTE)) {
final InternetHeaders aDispositionHeaders = new InternetHeaders(aRealIS);
aMDN.attrs().putIn(AS2MessageMDN.MDNA_REPORTING_UA, aDispositionHeaders.getHeader(HEADER_REPORTING_UA, ", "));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_ORIG_RECIPIENT, aDispositionHeaders.getHeader(HEADER_ORIGINAL_RECIPIENT, ", "));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_FINAL_RECIPIENT, aDispositionHeaders.getHeader(HEADER_FINAL_RECIPIENT, ", "));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_ORIG_MESSAGEID, aDispositionHeaders.getHeader(HEADER_ORIGINAL_MESSAGE_ID, ", "));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_DISPOSITION, aDispositionHeaders.getHeader(HEADER_DISPOSITION, ", "));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_MIC, aDispositionHeaders.getHeader(HEADER_RECEIVED_CONTENT_MIC, ", "));
}
} else
LOGGER.info("Got unsupported MDN body part MIME type: " + aReportPart.getContentType());
}
}
}
Aggregations