Examples with MIC com.helger.as2lib.crypto.MIC used on opensource projects

Example 1 with MIC

use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.

the class AS2MDNReceiverHandler method checkAsyncMDN.

/**
 * verify if the mic is matched.
 *
 * @param aMsg
 *        Message
 * @return <code>true</code> if the MDN was processed, <code>false</code> e.g.
 *         on MIC mismatch
 * @throws AS2Exception
 *         In case of error; e.g. MIC mismatch
 */
public boolean checkAsyncMDN(@Nonnull final AS2Message aMsg) throws AS2Exception {
    try {
        // get the returned mic from mdn object
        final String sReturnMIC = aMsg.getMDN().attrs().getAsString(AS2MessageMDN.MDNA_MIC);
        final MIC aReturnMIC = MIC.parse(sReturnMIC);
        // use original message id. to open the pending information file
        // from pendinginfo folder.
        final String sOrigMessageID = aMsg.getMDN().attrs().getAsString(AS2MessageMDN.MDNA_ORIG_MESSAGEID);
        final String sPendingInfoFolder = AS2IOHelper.getSafeFileAndFolderName(getModule().getSession().getMessageProcessor().getPendingMDNInfoFolder());
        if (StringHelper.hasNoText(sPendingInfoFolder)) {
            LOGGER.error("The pending MDN info folder is not properly configured. Cannot check for async MDNs.");
            return false;
        }
        final File aPendingInfoFile = new File(sPendingInfoFolder + FilenameHelper.UNIX_SEPARATOR_STR + AS2IOHelper.getFilenameFromMessageID(sOrigMessageID));
        if (LOGGER.isInfoEnabled())
            LOGGER.info("Trying to read original MIC and message id information from file '" + aPendingInfoFile.getAbsolutePath() + "'" + aMsg.getLoggingText());
        final String sOriginalMIC;
        final MIC aOriginalMIC;
        final File aPendingFile;
        try (final NonBlockingBufferedReader aPendingInfoReader = FileHelper.getBufferedReader(aPendingInfoFile, StandardCharsets.ISO_8859_1)) {
            if (aPendingInfoReader == null) {
                LOGGER.error("The pending info file '" + aPendingInfoFile.getAbsolutePath() + "' with the original MIC could not be opened for reading");
                return false;
            }
            // Get the original mic from the first line of pending information
            // file
            sOriginalMIC = aPendingInfoReader.readLine();
            aOriginalMIC = MIC.parse(sOriginalMIC);
            // Get the original pending file from the second line of pending
            // information file
            aPendingFile = new File(aPendingInfoReader.readLine());
        }
        final String sDisposition = aMsg.getMDN().attrs().getAsString(AS2MessageMDN.MDNA_DISPOSITION);
        if (LOGGER.isInfoEnabled())
            LOGGER.info("received MDN [" + sDisposition + "]" + aMsg.getLoggingText());
        final boolean bMICMatch = aOriginalMIC != null && aReturnMIC != null && aReturnMIC.equals(aOriginalMIC);
        if (!bMICMatch) {
            if (LOGGER.isInfoEnabled())
                LOGGER.info("MIC was not matched, so the pending file '" + aPendingFile.getAbsolutePath() + "' will NOT be deleted.");
            // MIC was not matched
            m_aMICMatchingHandler.onMICMismatch(aMsg, sOriginalMIC, sReturnMIC);
            return false;
        }
        // MIC was matched
        m_aMICMatchingHandler.onMICMatch(aMsg, sReturnMIC);
        if (LOGGER.isInfoEnabled())
            LOGGER.info("Delete pendinginfo file '" + aPendingInfoFile.getName() + "' from pending folder '" + sPendingInfoFolder + "'" + aMsg.getLoggingText());
        if (!aPendingInfoFile.delete()) {
            if (LOGGER.isErrorEnabled())
                LOGGER.error("Error delete pendinginfo file '" + aPendingFile.getAbsolutePath() + "'");
        }
        if (LOGGER.isInfoEnabled())
            LOGGER.info("Delete pending file '" + aPendingFile.getName() + "' from pending folder '" + aPendingFile.getParent() + "'" + aMsg.getLoggingText());
        if (!aPendingFile.delete()) {
            if (LOGGER.isErrorEnabled())
                LOGGER.error("Error delete pending file '" + aPendingFile.getAbsolutePath() + "'");
        }
    } catch (final IOException | AS2ComponentNotFoundException ex) {
        LOGGER.error("Error checking async MDN", ex);
        return false;
    }
    return true;
}

Example 2 with MIC

use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.

the class AsynchMDNSenderModule method _sendViaHTTP.

private void _sendViaHTTP(@Nonnull final AS2Message aMsg, @Nonnull final DispositionType aDisposition, @Nullable final IHTTPOutgoingDumper aOutgoingDumper, @Nonnull final AS2ResourceHelper aResHelper) throws AS2Exception, IOException, MessagingException {
    final IMessageMDN aMdn = aMsg.getMDN();
    // Create a HTTP connection
    final String sUrl = aMsg.getAsyncMDNurl();
    final EHttpMethod eRequestMethod = EHttpMethod.POST;
    // MDN is a small message. We will always use CHttp
    final AS2HttpClient aConn = getHttpClient(sUrl, eRequestMethod, getSession().getHttpProxy());
    try {
        if (aOutgoingDumper != null)
            aOutgoingDumper.start(sUrl, aMsg);
        if (LOGGER.isInfoEnabled())
            LOGGER.info("Connecting to " + sUrl + aMsg.getLoggingText());
        // Set all custom headers first (so that they are overridden with the
        // mandatory ones in here)
        // Use HttpHeaderMap and not String to ensure name casing is identical!
        final HttpHeaderMap aHeaderMap = aMdn.headers().getClone();
        aHeaderMap.setHeader(CHttpHeader.CONNECTION, CAS2Header.DEFAULT_CONNECTION);
        aHeaderMap.setHeader(CHttpHeader.USER_AGENT, CAS2Header.DEFAULT_USER_AGENT);
        final boolean bQuoteHeaderValues = isQuoteHeaderValues();
        final AS2HttpHeaderSetter aHeaderSetter = new AS2HttpHeaderSetter(aConn, aOutgoingDumper, bQuoteHeaderValues);
        // Copy all the header from mdn to the RequestProperties of conn
        // Unification needed, because original MDN headers may contain newlines
        aHeaderMap.forEachSingleHeader(aHeaderSetter::setHttpHeader, true, false);
        if (aOutgoingDumper != null)
            aOutgoingDumper.finishedHeaders();
        aMsg.attrs().putIn(CNetAttribute.MA_DESTINATION_IP, aConn.getURL().getHost());
        aMsg.attrs().putIn(CNetAttribute.MA_DESTINATION_PORT, aConn.getURL().getPort());
        final InputStream aMsgIS = aMdn.getData().getInputStream();
        // Transfer the data
        final StopWatch aSW = StopWatch.createdStarted();
        final long nBytes = aConn.send(aMsgIS, (EContentTransferEncoding) null, aOutgoingDumper, aResHelper);
        aSW.stop();
        if (LOGGER.isInfoEnabled())
            LOGGER.info("AS2 MDN transferred " + AS2IOHelper.getTransferRate(nBytes, aSW) + aMsg.getLoggingText());
        if (aOutgoingDumper != null)
            aOutgoingDumper.finishedPayload();
        final int nHttpResponseCode = aConn.getResponseCode();
        if (getOutgoingHttpCallback() != null)
            getOutgoingHttpCallback().onOutgoingHttpMessage(false, aMsg.getAS2From(), aMsg.getAS2To(), aMsg.getMessageID(), (MIC) null, (EContentTransferEncoding) null, sUrl, nHttpResponseCode);
        // Check the HTTP Response code
        if (AS2HttpClient.isErrorResponseCode(nHttpResponseCode)) {
            if (LOGGER.isErrorEnabled())
                LOGGER.error("sent AsyncMDN [" + aDisposition.getAsString() + "] Fail(" + nHttpResponseCode + ") " + aMsg.getLoggingText());
            throw new AS2HttpResponseException(sUrl, nHttpResponseCode, aConn.getResponseMessage());
        }
        if (LOGGER.isInfoEnabled())
            LOGGER.info("sent AsyncMDN [" + aDisposition.getAsString() + "] OK(" + nHttpResponseCode + ") " + aMsg.getLoggingText());
        // log & store mdn into backup folder.
        try {
            getSession().getMessageProcessor().handle(IProcessorStorageModule.DO_STOREMDN, aMsg, null);
        } catch (final AS2ComponentNotFoundException | AS2NoModuleException ex) {
        // No message processor found
        // Or no module found in message processor
        }
    } finally {
        aConn.disconnect();
    }
}

Example 3 with MIC

use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.

the class AS2Helper method createMDN.

/**
 * Create a new MDN
 *
 * @param aSession
 *        AS2 session to be used. May not be <code>null</code>.
 * @param aMsg
 *        The source AS2 message for which the MDN is to be created. May not
 *        be <code>null</code>.
 * @param aDisposition
 *        The disposition - either success or error. May not be
 *        <code>null</code>.
 * @param sText
 *        The text to be send. May not be <code>null</code>.
 * @return The created MDN object which is already attached to the passed
 *         source AS2 message.
 * @throws Exception
 *         In case of an error
 */
@Nonnull
public static IMessageMDN createMDN(@Nonnull final IAS2Session aSession, @Nonnull final AS2Message aMsg, @Nonnull final DispositionType aDisposition, @Nonnull final String sText) throws Exception {
    ValueEnforcer.notNull(aSession, "AS2Session");
    ValueEnforcer.notNull(aMsg, "AS2Message");
    ValueEnforcer.notNull(aDisposition, "Disposition");
    ValueEnforcer.notNull(sText, "Text");
    final Partnership aPartnership = aMsg.partnership();
    final AS2MessageMDN aMDN = new AS2MessageMDN(aMsg);
    aMDN.headers().setHeader(CHttpHeader.AS2_VERSION, aSession.getAS2VersionID());
    aMDN.headers().setHeader(CHttpHeader.DATE, AS2DateHelper.getFormattedDateNow(CAS2Header.DEFAULT_DATE_FORMAT));
    aMDN.headers().setHeader(CHttpHeader.SERVER, CAS2Info.NAME_VERSION);
    aMDN.headers().setHeader(CHttpHeader.MIME_VERSION, CAS2Header.DEFAULT_MIME_VERSION);
    aMDN.headers().setHeader(CHttpHeader.AS2_FROM, aPartnership.getReceiverAS2ID());
    aMDN.headers().setHeader(CHttpHeader.AS2_TO, aPartnership.getSenderAS2ID());
    // get the MDN partnership info
    aMDN.partnership().setSenderAS2ID(aMDN.getHeader(CHttpHeader.AS2_FROM));
    aMDN.partnership().setReceiverAS2ID(aMDN.getHeader(CHttpHeader.AS2_TO));
    // Set the appropriate key store aliases
    aMDN.partnership().setSenderX509Alias(aPartnership.getReceiverX509Alias());
    aMDN.partnership().setReceiverX509Alias(aPartnership.getSenderX509Alias());
    // Update the partnership
    try {
        aSession.getPartnershipFactory().updatePartnership(aMDN, true);
    } catch (final AS2PartnershipNotFoundException ex) {
    // This would block sending an MDN in case a PartnershipNotFoundException
    // was the reason for sending the MDN :)
    }
    aMDN.headers().setHeader(CHttpHeader.FROM, aPartnership.getReceiverEmail());
    final String sSubject = aMDN.partnership().getMDNSubject();
    if (sSubject != null) {
        aMDN.headers().setHeader(CHttpHeader.SUBJECT, new MessageParameters(aMsg).format(sSubject));
    } else {
        aMDN.headers().setHeader(CHttpHeader.SUBJECT, "Your Requested MDN Response");
    }
    // Content-Transfer-Encoding for outgoing MDNs
    final String sCTE = aPartnership.getContentTransferEncodingSend(EContentTransferEncoding.AS2_DEFAULT.getID());
    aMDN.headers().addHeader(CHttpHeader.CONTENT_TRANSFER_ENCODING, sCTE);
    aMDN.setText(new MessageParameters(aMsg).format(sText));
    aMDN.attrs().putIn(AS2MessageMDN.MDNA_REPORTING_UA, CAS2Info.NAME_VERSION + "@" + aMsg.attrs().getAsString(CNetAttribute.MA_DESTINATION_IP) + ":" + aMsg.attrs().getAsString(CNetAttribute.MA_DESTINATION_PORT));
    aMDN.attrs().putIn(AS2MessageMDN.MDNA_ORIG_RECIPIENT, "rfc822; " + aMsg.getHeader(CHttpHeader.AS2_TO));
    aMDN.attrs().putIn(AS2MessageMDN.MDNA_FINAL_RECIPIENT, "rfc822; " + aPartnership.getReceiverAS2ID());
    aMDN.attrs().putIn(AS2MessageMDN.MDNA_ORIG_MESSAGEID, aMsg.getHeader(CHttpHeader.MESSAGE_ID));
    aMDN.attrs().putIn(AS2MessageMDN.MDNA_DISPOSITION, aDisposition.getAsString());
    final String sDispositionOptions = aMsg.getHeader(CHttpHeader.DISPOSITION_NOTIFICATION_OPTIONS);
    final DispositionOptions aDispositionOptions = DispositionOptions.createFromString(sDispositionOptions);
    ECryptoAlgorithmSign eSigningAlgorithm = aDispositionOptions.getFirstMICAlg();
    if (eSigningAlgorithm == null) {
        // Try from partnership (#93)
        final String sSigningAlgorithm = aPartnership.getSigningAlgorithm();
        eSigningAlgorithm = ECryptoAlgorithmSign.getFromIDOrNull(sSigningAlgorithm);
        if (eSigningAlgorithm == null) {
            if (LOGGER.isWarnEnabled())
                LOGGER.warn("The partnership signing algorithm name '" + sSigningAlgorithm + "' is unknown.");
        }
    }
    MIC aMIC = null;
    if (eSigningAlgorithm != null) {
        // If the source message was signed or encrypted, include the headers -
        // see message sending for details
        final boolean bIncludeHeadersInMIC = aPartnership.getSigningAlgorithm() != null || aPartnership.getEncryptAlgorithm() != null || aPartnership.getCompressionType() != null;
        aMIC = getCryptoHelper().calculateMIC(aMsg.getData(), eSigningAlgorithm, bIncludeHeadersInMIC);
    }
    if (aMIC != null)
        aMDN.attrs().putIn(AS2MessageMDN.MDNA_MIC, aMIC.getAsAS2String());
    boolean bSignMDN = false;
    boolean bIncludeCertificateInSignedContent = false;
    if (aDispositionOptions.getProtocol() != null) {
        if (aDispositionOptions.isProtocolRequired() || aDispositionOptions.hasMICAlg()) {
            // Sign if required or if optional and a MIC algorithm is present
            bSignMDN = true;
            // Include certificate in signed content?
            final ETriState eIncludeCertificateInSignedContent = aPartnership.getIncludeCertificateInSignedContent();
            if (eIncludeCertificateInSignedContent.isDefined()) {
                // Use per partnership
                bIncludeCertificateInSignedContent = eIncludeCertificateInSignedContent.getAsBooleanValue();
            } else {
                // Use global value
                bIncludeCertificateInSignedContent = aSession.isCryptoSignIncludeCertificateInBodyPart();
            }
        }
    }
    final boolean bUseOldRFC3851MicAlgs = aPartnership.isRFC3851MICAlgs();
    final boolean bRemoveCmsAlgorithmProtect = aPartnership.isRemoveCmsAlgorithmProtect();
    createMDNData(aSession, aMDN, bSignMDN, bIncludeCertificateInSignedContent, aDispositionOptions.getFirstMICAlg(), bUseOldRFC3851MicAlgs, bRemoveCmsAlgorithmProtect);
    aMDN.updateMessageID();
    // store MDN into msg in case AsynchMDN is sent fails, needs to be resent by
    // send module
    aMsg.setMDN(aMDN);
    return aMDN;
}

Example 4 with MIC

use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.

the class AS2SenderModule method handle.

public void handle(@Nonnull final String sAction, @Nonnull final IMessage aBaseMsg, @Nullable final Map<String, Object> aOptions) throws AS2Exception {
    final AS2Message aMsg = (AS2Message) aBaseMsg;
    if (LOGGER.isInfoEnabled())
        LOGGER.info("Submitting message" + aMsg.getLoggingText());
    // verify all required information is present for sending
    checkRequired(aMsg);
    final int nRetries = getRetryCount(aMsg.partnership(), aOptions);
    try (final AS2ResourceHelper aResHelper = new AS2ResourceHelper()) {
        // Get Content-Transfer-Encoding to use
        final String sContentTransferEncoding = aMsg.partnership().getContentTransferEncodingSend(EContentTransferEncoding.AS2_DEFAULT.getID());
        final EContentTransferEncoding eCTE = EContentTransferEncoding.getFromIDCaseInsensitiveOrDefault(sContentTransferEncoding, EContentTransferEncoding.AS2_DEFAULT);
        // compress and/or sign and/or encrypt the message if needed
        final MimeBodyPart aSecuredData = secure(aMsg, eCTE);
        // Calculate MIC after compress/sign/crypt was handled, because the
        // message data might change if compression before signing is active.
        final MIC aMIC;
        if (aMsg.isRequestingMDN())
            aMIC = calculateAndStoreMIC(aMsg);
        else
            aMIC = null;
        if (LOGGER.isDebugEnabled())
            LOGGER.debug("Setting message content type to '" + aSecuredData.getContentType() + "'");
        aMsg.setContentType(aSecuredData.getContentType());
        try (final IHTTPOutgoingDumper aOutgoingDumper = getHttpOutgoingDumper(aMsg)) {
            final IHTTPIncomingDumper aIncomingDumper = getEffectiveHttpIncomingDumper();
            // Use no CTE, because it was set on all MIME parts
            _sendViaHTTP(aMsg, aSecuredData, aMIC, true ? null : eCTE, aOutgoingDumper, aIncomingDumper, aResHelper);
        }
    } catch (final AS2HttpResponseException ex) {
        if (LOGGER.isErrorEnabled())
            LOGGER.error("Http Response Error " + ex.getMessage());
        ex.terminate(aMsg);
        if (!doResend(IProcessorSenderModule.DO_SEND, aMsg, ex, nRetries))
            throw ex;
    } catch (final IOException ex) {
        // Re-send if a network error occurs during transmission
        final AS2Exception wioe = WrappedAS2Exception.wrap(ex).setSourceMsg(aMsg).terminate();
        if (!doResend(IProcessorSenderModule.DO_SEND, aMsg, wioe, nRetries))
            throw wioe;
    } catch (final Exception ex) {
        // Propagate error if it can't be handled by a re-send
        throw WrappedAS2Exception.wrap(ex);
    }
}

Example 5 with MIC

use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.

the class AS2SenderModule method calculateAndStoreMIC.

/**
 * From RFC 4130 section 7.3.1:
 * <ul>
 * <li>For any signed messages, the MIC to be returned is calculated on the
 * RFC1767/RFC3023 MIME header and content. Canonicalization on the MIME
 * headers MUST be performed before the MIC is calculated, since the sender
 * requesting the signed receipt was also REQUIRED to canonicalize.</li>
 * <li>For encrypted, unsigned messages, the MIC to be returned is calculated
 * on the decrypted RFC 1767/RFC3023 MIME header and content. The content
 * after decryption MUST be canonicalized before the MIC is calculated.</li>
 * <li>For unsigned, unencrypted messages, the MIC MUST be calculated over the
 * message contents without the MIME or any other RFC 2822 headers, since
 * these are sometimes altered or reordered by Mail Transport Agents
 * (MTAs).</li>
 * </ul>
 * So headers must be included if signing or crypting is enabled.<br>
 * <br>
 * From RFC 5402 section 4.1:
 * <ul>
 * <li>MIC Calculation for Signed Message: For any signed message, the MIC to
 * be returned is calculated over the same data that was signed in the
 * original message as per [AS1]. The signed content will be a MIME bodypart
 * that contains either compressed or uncompressed data.</li>
 * <li>MIC Calculation for Encrypted, Unsigned Message: For encrypted,
 * unsigned messages, the MIC to be returned is calculated over the
 * uncompressed data content including all MIME header fields and any applied
 * Content-Transfer-Encoding.</li>
 * <li>MIC Calculation for Unencrypted, Unsigned Message: For unsigned,
 * unencrypted messages, the MIC is calculated over the uncompressed data
 * content including all MIME header fields and any applied
 * Content-Transfer-Encoding</li>
 * </ul>
 * So headers must always be included if compression is enabled.
 *
 * @param aMsg
 *        Source message
 * @return MIC value. Neither <code>null</code> nor empty.
 * @throws Exception
 *         On security or AS2 issues
 */
@Nonnull
protected MIC calculateAndStoreMIC(@Nonnull final AS2Message aMsg) throws Exception {
    final Partnership aPartnership = aMsg.partnership();
    // Calculate and get the original mic
    final boolean bIncludeHeadersInMIC = aPartnership.getSigningAlgorithm() != null || aPartnership.getEncryptAlgorithm() != null || aPartnership.getCompressionType() != null;
    // For sending, we need to use the Signing algorithm defined in the
    // partnership
    final String sSigningAlgorithm = aPartnership.getSigningAlgorithm();
    ECryptoAlgorithmSign eSigningAlgorithm = ECryptoAlgorithmSign.getFromIDOrNull(sSigningAlgorithm);
    if (eSigningAlgorithm == null) {
        // If no valid algorithm is defined, fall back to the defaults
        final boolean bUseRFC3851MICAlg = aPartnership.isRFC3851MICAlgs();
        eSigningAlgorithm = bUseRFC3851MICAlg ? ECryptoAlgorithmSign.DEFAULT_RFC_3851 : ECryptoAlgorithmSign.DEFAULT_RFC_5751;
        if (LOGGER.isWarnEnabled())
            LOGGER.warn("The partnership signing algorithm name '" + sSigningAlgorithm + "' is unknown. Fallbacking back to the default '" + eSigningAlgorithm.getID() + "'");
    }
    final MIC aMIC = AS2Helper.getCryptoHelper().calculateMIC(aMsg.getData(), eSigningAlgorithm, bIncludeHeadersInMIC);
    aMsg.attrs().putIn(AS2Message.ATTRIBUTE_MIC, aMIC.getAsAS2String());
    if (aPartnership.getAS2ReceiptDeliveryOption() != null) {
        // Async MDN is requested
        // if yes : PA_AS2_RECEIPT_OPTION != null
        // then keep the original mic & message id.
        // then wait for the another HTTP call by receivers
        storePendingInfo(aMsg, aMIC);
    }
    return aMIC;
}