use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.
the class AS2MDNReceiverHandler method checkAsyncMDN.
/**
* verify if the mic is matched.
*
* @param aMsg
* Message
* @return <code>true</code> if the MDN was processed, <code>false</code> e.g.
* on MIC mismatch
* @throws AS2Exception
* In case of error; e.g. MIC mismatch
*/
public boolean checkAsyncMDN(@Nonnull final AS2Message aMsg) throws AS2Exception {
try {
// get the returned mic from mdn object
final String sReturnMIC = aMsg.getMDN().attrs().getAsString(AS2MessageMDN.MDNA_MIC);
final MIC aReturnMIC = MIC.parse(sReturnMIC);
// use original message id. to open the pending information file
// from pendinginfo folder.
final String sOrigMessageID = aMsg.getMDN().attrs().getAsString(AS2MessageMDN.MDNA_ORIG_MESSAGEID);
final String sPendingInfoFolder = AS2IOHelper.getSafeFileAndFolderName(getModule().getSession().getMessageProcessor().getPendingMDNInfoFolder());
if (StringHelper.hasNoText(sPendingInfoFolder)) {
LOGGER.error("The pending MDN info folder is not properly configured. Cannot check for async MDNs.");
return false;
}
final File aPendingInfoFile = new File(sPendingInfoFolder + FilenameHelper.UNIX_SEPARATOR_STR + AS2IOHelper.getFilenameFromMessageID(sOrigMessageID));
if (LOGGER.isInfoEnabled())
LOGGER.info("Trying to read original MIC and message id information from file '" + aPendingInfoFile.getAbsolutePath() + "'" + aMsg.getLoggingText());
final String sOriginalMIC;
final MIC aOriginalMIC;
final File aPendingFile;
try (final NonBlockingBufferedReader aPendingInfoReader = FileHelper.getBufferedReader(aPendingInfoFile, StandardCharsets.ISO_8859_1)) {
if (aPendingInfoReader == null) {
LOGGER.error("The pending info file '" + aPendingInfoFile.getAbsolutePath() + "' with the original MIC could not be opened for reading");
return false;
}
// Get the original mic from the first line of pending information
// file
sOriginalMIC = aPendingInfoReader.readLine();
aOriginalMIC = MIC.parse(sOriginalMIC);
// Get the original pending file from the second line of pending
// information file
aPendingFile = new File(aPendingInfoReader.readLine());
}
final String sDisposition = aMsg.getMDN().attrs().getAsString(AS2MessageMDN.MDNA_DISPOSITION);
if (LOGGER.isInfoEnabled())
LOGGER.info("received MDN [" + sDisposition + "]" + aMsg.getLoggingText());
final boolean bMICMatch = aOriginalMIC != null && aReturnMIC != null && aReturnMIC.equals(aOriginalMIC);
if (!bMICMatch) {
if (LOGGER.isInfoEnabled())
LOGGER.info("MIC was not matched, so the pending file '" + aPendingFile.getAbsolutePath() + "' will NOT be deleted.");
// MIC was not matched
m_aMICMatchingHandler.onMICMismatch(aMsg, sOriginalMIC, sReturnMIC);
return false;
}
// MIC was matched
m_aMICMatchingHandler.onMICMatch(aMsg, sReturnMIC);
if (LOGGER.isInfoEnabled())
LOGGER.info("Delete pendinginfo file '" + aPendingInfoFile.getName() + "' from pending folder '" + sPendingInfoFolder + "'" + aMsg.getLoggingText());
if (!aPendingInfoFile.delete()) {
if (LOGGER.isErrorEnabled())
LOGGER.error("Error delete pendinginfo file '" + aPendingFile.getAbsolutePath() + "'");
}
if (LOGGER.isInfoEnabled())
LOGGER.info("Delete pending file '" + aPendingFile.getName() + "' from pending folder '" + aPendingFile.getParent() + "'" + aMsg.getLoggingText());
if (!aPendingFile.delete()) {
if (LOGGER.isErrorEnabled())
LOGGER.error("Error delete pending file '" + aPendingFile.getAbsolutePath() + "'");
}
} catch (final IOException | AS2ComponentNotFoundException ex) {
LOGGER.error("Error checking async MDN", ex);
return false;
}
return true;
}
use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.
the class AsynchMDNSenderModule method _sendViaHTTP.
private void _sendViaHTTP(@Nonnull final AS2Message aMsg, @Nonnull final DispositionType aDisposition, @Nullable final IHTTPOutgoingDumper aOutgoingDumper, @Nonnull final AS2ResourceHelper aResHelper) throws AS2Exception, IOException, MessagingException {
final IMessageMDN aMdn = aMsg.getMDN();
// Create a HTTP connection
final String sUrl = aMsg.getAsyncMDNurl();
final EHttpMethod eRequestMethod = EHttpMethod.POST;
// MDN is a small message. We will always use CHttp
final AS2HttpClient aConn = getHttpClient(sUrl, eRequestMethod, getSession().getHttpProxy());
try {
if (aOutgoingDumper != null)
aOutgoingDumper.start(sUrl, aMsg);
if (LOGGER.isInfoEnabled())
LOGGER.info("Connecting to " + sUrl + aMsg.getLoggingText());
// Set all custom headers first (so that they are overridden with the
// mandatory ones in here)
// Use HttpHeaderMap and not String to ensure name casing is identical!
final HttpHeaderMap aHeaderMap = aMdn.headers().getClone();
aHeaderMap.setHeader(CHttpHeader.CONNECTION, CAS2Header.DEFAULT_CONNECTION);
aHeaderMap.setHeader(CHttpHeader.USER_AGENT, CAS2Header.DEFAULT_USER_AGENT);
final boolean bQuoteHeaderValues = isQuoteHeaderValues();
final AS2HttpHeaderSetter aHeaderSetter = new AS2HttpHeaderSetter(aConn, aOutgoingDumper, bQuoteHeaderValues);
// Copy all the header from mdn to the RequestProperties of conn
// Unification needed, because original MDN headers may contain newlines
aHeaderMap.forEachSingleHeader(aHeaderSetter::setHttpHeader, true, false);
if (aOutgoingDumper != null)
aOutgoingDumper.finishedHeaders();
aMsg.attrs().putIn(CNetAttribute.MA_DESTINATION_IP, aConn.getURL().getHost());
aMsg.attrs().putIn(CNetAttribute.MA_DESTINATION_PORT, aConn.getURL().getPort());
final InputStream aMsgIS = aMdn.getData().getInputStream();
// Transfer the data
final StopWatch aSW = StopWatch.createdStarted();
final long nBytes = aConn.send(aMsgIS, (EContentTransferEncoding) null, aOutgoingDumper, aResHelper);
aSW.stop();
if (LOGGER.isInfoEnabled())
LOGGER.info("AS2 MDN transferred " + AS2IOHelper.getTransferRate(nBytes, aSW) + aMsg.getLoggingText());
if (aOutgoingDumper != null)
aOutgoingDumper.finishedPayload();
final int nHttpResponseCode = aConn.getResponseCode();
if (getOutgoingHttpCallback() != null)
getOutgoingHttpCallback().onOutgoingHttpMessage(false, aMsg.getAS2From(), aMsg.getAS2To(), aMsg.getMessageID(), (MIC) null, (EContentTransferEncoding) null, sUrl, nHttpResponseCode);
// Check the HTTP Response code
if (AS2HttpClient.isErrorResponseCode(nHttpResponseCode)) {
if (LOGGER.isErrorEnabled())
LOGGER.error("sent AsyncMDN [" + aDisposition.getAsString() + "] Fail(" + nHttpResponseCode + ") " + aMsg.getLoggingText());
throw new AS2HttpResponseException(sUrl, nHttpResponseCode, aConn.getResponseMessage());
}
if (LOGGER.isInfoEnabled())
LOGGER.info("sent AsyncMDN [" + aDisposition.getAsString() + "] OK(" + nHttpResponseCode + ") " + aMsg.getLoggingText());
// log & store mdn into backup folder.
try {
getSession().getMessageProcessor().handle(IProcessorStorageModule.DO_STOREMDN, aMsg, null);
} catch (final AS2ComponentNotFoundException | AS2NoModuleException ex) {
// No message processor found
// Or no module found in message processor
}
} finally {
aConn.disconnect();
}
}
use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.
the class AS2Helper method createMDN.
/**
* Create a new MDN
*
* @param aSession
* AS2 session to be used. May not be <code>null</code>.
* @param aMsg
* The source AS2 message for which the MDN is to be created. May not
* be <code>null</code>.
* @param aDisposition
* The disposition - either success or error. May not be
* <code>null</code>.
* @param sText
* The text to be send. May not be <code>null</code>.
* @return The created MDN object which is already attached to the passed
* source AS2 message.
* @throws Exception
* In case of an error
*/
@Nonnull
public static IMessageMDN createMDN(@Nonnull final IAS2Session aSession, @Nonnull final AS2Message aMsg, @Nonnull final DispositionType aDisposition, @Nonnull final String sText) throws Exception {
ValueEnforcer.notNull(aSession, "AS2Session");
ValueEnforcer.notNull(aMsg, "AS2Message");
ValueEnforcer.notNull(aDisposition, "Disposition");
ValueEnforcer.notNull(sText, "Text");
final Partnership aPartnership = aMsg.partnership();
final AS2MessageMDN aMDN = new AS2MessageMDN(aMsg);
aMDN.headers().setHeader(CHttpHeader.AS2_VERSION, aSession.getAS2VersionID());
aMDN.headers().setHeader(CHttpHeader.DATE, AS2DateHelper.getFormattedDateNow(CAS2Header.DEFAULT_DATE_FORMAT));
aMDN.headers().setHeader(CHttpHeader.SERVER, CAS2Info.NAME_VERSION);
aMDN.headers().setHeader(CHttpHeader.MIME_VERSION, CAS2Header.DEFAULT_MIME_VERSION);
aMDN.headers().setHeader(CHttpHeader.AS2_FROM, aPartnership.getReceiverAS2ID());
aMDN.headers().setHeader(CHttpHeader.AS2_TO, aPartnership.getSenderAS2ID());
// get the MDN partnership info
aMDN.partnership().setSenderAS2ID(aMDN.getHeader(CHttpHeader.AS2_FROM));
aMDN.partnership().setReceiverAS2ID(aMDN.getHeader(CHttpHeader.AS2_TO));
// Set the appropriate key store aliases
aMDN.partnership().setSenderX509Alias(aPartnership.getReceiverX509Alias());
aMDN.partnership().setReceiverX509Alias(aPartnership.getSenderX509Alias());
// Update the partnership
try {
aSession.getPartnershipFactory().updatePartnership(aMDN, true);
} catch (final AS2PartnershipNotFoundException ex) {
// This would block sending an MDN in case a PartnershipNotFoundException
// was the reason for sending the MDN :)
}
aMDN.headers().setHeader(CHttpHeader.FROM, aPartnership.getReceiverEmail());
final String sSubject = aMDN.partnership().getMDNSubject();
if (sSubject != null) {
aMDN.headers().setHeader(CHttpHeader.SUBJECT, new MessageParameters(aMsg).format(sSubject));
} else {
aMDN.headers().setHeader(CHttpHeader.SUBJECT, "Your Requested MDN Response");
}
// Content-Transfer-Encoding for outgoing MDNs
final String sCTE = aPartnership.getContentTransferEncodingSend(EContentTransferEncoding.AS2_DEFAULT.getID());
aMDN.headers().addHeader(CHttpHeader.CONTENT_TRANSFER_ENCODING, sCTE);
aMDN.setText(new MessageParameters(aMsg).format(sText));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_REPORTING_UA, CAS2Info.NAME_VERSION + "@" + aMsg.attrs().getAsString(CNetAttribute.MA_DESTINATION_IP) + ":" + aMsg.attrs().getAsString(CNetAttribute.MA_DESTINATION_PORT));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_ORIG_RECIPIENT, "rfc822; " + aMsg.getHeader(CHttpHeader.AS2_TO));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_FINAL_RECIPIENT, "rfc822; " + aPartnership.getReceiverAS2ID());
aMDN.attrs().putIn(AS2MessageMDN.MDNA_ORIG_MESSAGEID, aMsg.getHeader(CHttpHeader.MESSAGE_ID));
aMDN.attrs().putIn(AS2MessageMDN.MDNA_DISPOSITION, aDisposition.getAsString());
final String sDispositionOptions = aMsg.getHeader(CHttpHeader.DISPOSITION_NOTIFICATION_OPTIONS);
final DispositionOptions aDispositionOptions = DispositionOptions.createFromString(sDispositionOptions);
ECryptoAlgorithmSign eSigningAlgorithm = aDispositionOptions.getFirstMICAlg();
if (eSigningAlgorithm == null) {
// Try from partnership (#93)
final String sSigningAlgorithm = aPartnership.getSigningAlgorithm();
eSigningAlgorithm = ECryptoAlgorithmSign.getFromIDOrNull(sSigningAlgorithm);
if (eSigningAlgorithm == null) {
if (LOGGER.isWarnEnabled())
LOGGER.warn("The partnership signing algorithm name '" + sSigningAlgorithm + "' is unknown.");
}
}
MIC aMIC = null;
if (eSigningAlgorithm != null) {
// If the source message was signed or encrypted, include the headers -
// see message sending for details
final boolean bIncludeHeadersInMIC = aPartnership.getSigningAlgorithm() != null || aPartnership.getEncryptAlgorithm() != null || aPartnership.getCompressionType() != null;
aMIC = getCryptoHelper().calculateMIC(aMsg.getData(), eSigningAlgorithm, bIncludeHeadersInMIC);
}
if (aMIC != null)
aMDN.attrs().putIn(AS2MessageMDN.MDNA_MIC, aMIC.getAsAS2String());
boolean bSignMDN = false;
boolean bIncludeCertificateInSignedContent = false;
if (aDispositionOptions.getProtocol() != null) {
if (aDispositionOptions.isProtocolRequired() || aDispositionOptions.hasMICAlg()) {
// Sign if required or if optional and a MIC algorithm is present
bSignMDN = true;
// Include certificate in signed content?
final ETriState eIncludeCertificateInSignedContent = aPartnership.getIncludeCertificateInSignedContent();
if (eIncludeCertificateInSignedContent.isDefined()) {
// Use per partnership
bIncludeCertificateInSignedContent = eIncludeCertificateInSignedContent.getAsBooleanValue();
} else {
// Use global value
bIncludeCertificateInSignedContent = aSession.isCryptoSignIncludeCertificateInBodyPart();
}
}
}
final boolean bUseOldRFC3851MicAlgs = aPartnership.isRFC3851MICAlgs();
final boolean bRemoveCmsAlgorithmProtect = aPartnership.isRemoveCmsAlgorithmProtect();
createMDNData(aSession, aMDN, bSignMDN, bIncludeCertificateInSignedContent, aDispositionOptions.getFirstMICAlg(), bUseOldRFC3851MicAlgs, bRemoveCmsAlgorithmProtect);
aMDN.updateMessageID();
// store MDN into msg in case AsynchMDN is sent fails, needs to be resent by
// send module
aMsg.setMDN(aMDN);
return aMDN;
}
use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.
the class AS2SenderModule method handle.
public void handle(@Nonnull final String sAction, @Nonnull final IMessage aBaseMsg, @Nullable final Map<String, Object> aOptions) throws AS2Exception {
final AS2Message aMsg = (AS2Message) aBaseMsg;
if (LOGGER.isInfoEnabled())
LOGGER.info("Submitting message" + aMsg.getLoggingText());
// verify all required information is present for sending
checkRequired(aMsg);
final int nRetries = getRetryCount(aMsg.partnership(), aOptions);
try (final AS2ResourceHelper aResHelper = new AS2ResourceHelper()) {
// Get Content-Transfer-Encoding to use
final String sContentTransferEncoding = aMsg.partnership().getContentTransferEncodingSend(EContentTransferEncoding.AS2_DEFAULT.getID());
final EContentTransferEncoding eCTE = EContentTransferEncoding.getFromIDCaseInsensitiveOrDefault(sContentTransferEncoding, EContentTransferEncoding.AS2_DEFAULT);
// compress and/or sign and/or encrypt the message if needed
final MimeBodyPart aSecuredData = secure(aMsg, eCTE);
// Calculate MIC after compress/sign/crypt was handled, because the
// message data might change if compression before signing is active.
final MIC aMIC;
if (aMsg.isRequestingMDN())
aMIC = calculateAndStoreMIC(aMsg);
else
aMIC = null;
if (LOGGER.isDebugEnabled())
LOGGER.debug("Setting message content type to '" + aSecuredData.getContentType() + "'");
aMsg.setContentType(aSecuredData.getContentType());
try (final IHTTPOutgoingDumper aOutgoingDumper = getHttpOutgoingDumper(aMsg)) {
final IHTTPIncomingDumper aIncomingDumper = getEffectiveHttpIncomingDumper();
// Use no CTE, because it was set on all MIME parts
_sendViaHTTP(aMsg, aSecuredData, aMIC, true ? null : eCTE, aOutgoingDumper, aIncomingDumper, aResHelper);
}
} catch (final AS2HttpResponseException ex) {
if (LOGGER.isErrorEnabled())
LOGGER.error("Http Response Error " + ex.getMessage());
ex.terminate(aMsg);
if (!doResend(IProcessorSenderModule.DO_SEND, aMsg, ex, nRetries))
throw ex;
} catch (final IOException ex) {
// Re-send if a network error occurs during transmission
final AS2Exception wioe = WrappedAS2Exception.wrap(ex).setSourceMsg(aMsg).terminate();
if (!doResend(IProcessorSenderModule.DO_SEND, aMsg, wioe, nRetries))
throw wioe;
} catch (final Exception ex) {
// Propagate error if it can't be handled by a re-send
throw WrappedAS2Exception.wrap(ex);
}
}
use of com.helger.as2lib.crypto.MIC in project as2-lib by phax.
the class AS2SenderModule method calculateAndStoreMIC.
/**
* From RFC 4130 section 7.3.1:
* <ul>
* <li>For any signed messages, the MIC to be returned is calculated on the
* RFC1767/RFC3023 MIME header and content. Canonicalization on the MIME
* headers MUST be performed before the MIC is calculated, since the sender
* requesting the signed receipt was also REQUIRED to canonicalize.</li>
* <li>For encrypted, unsigned messages, the MIC to be returned is calculated
* on the decrypted RFC 1767/RFC3023 MIME header and content. The content
* after decryption MUST be canonicalized before the MIC is calculated.</li>
* <li>For unsigned, unencrypted messages, the MIC MUST be calculated over the
* message contents without the MIME or any other RFC 2822 headers, since
* these are sometimes altered or reordered by Mail Transport Agents
* (MTAs).</li>
* </ul>
* So headers must be included if signing or crypting is enabled.<br>
* <br>
* From RFC 5402 section 4.1:
* <ul>
* <li>MIC Calculation for Signed Message: For any signed message, the MIC to
* be returned is calculated over the same data that was signed in the
* original message as per [AS1]. The signed content will be a MIME bodypart
* that contains either compressed or uncompressed data.</li>
* <li>MIC Calculation for Encrypted, Unsigned Message: For encrypted,
* unsigned messages, the MIC to be returned is calculated over the
* uncompressed data content including all MIME header fields and any applied
* Content-Transfer-Encoding.</li>
* <li>MIC Calculation for Unencrypted, Unsigned Message: For unsigned,
* unencrypted messages, the MIC is calculated over the uncompressed data
* content including all MIME header fields and any applied
* Content-Transfer-Encoding</li>
* </ul>
* So headers must always be included if compression is enabled.
*
* @param aMsg
* Source message
* @return MIC value. Neither <code>null</code> nor empty.
* @throws Exception
* On security or AS2 issues
*/
@Nonnull
protected MIC calculateAndStoreMIC(@Nonnull final AS2Message aMsg) throws Exception {
final Partnership aPartnership = aMsg.partnership();
// Calculate and get the original mic
final boolean bIncludeHeadersInMIC = aPartnership.getSigningAlgorithm() != null || aPartnership.getEncryptAlgorithm() != null || aPartnership.getCompressionType() != null;
// For sending, we need to use the Signing algorithm defined in the
// partnership
final String sSigningAlgorithm = aPartnership.getSigningAlgorithm();
ECryptoAlgorithmSign eSigningAlgorithm = ECryptoAlgorithmSign.getFromIDOrNull(sSigningAlgorithm);
if (eSigningAlgorithm == null) {
// If no valid algorithm is defined, fall back to the defaults
final boolean bUseRFC3851MICAlg = aPartnership.isRFC3851MICAlgs();
eSigningAlgorithm = bUseRFC3851MICAlg ? ECryptoAlgorithmSign.DEFAULT_RFC_3851 : ECryptoAlgorithmSign.DEFAULT_RFC_5751;
if (LOGGER.isWarnEnabled())
LOGGER.warn("The partnership signing algorithm name '" + sSigningAlgorithm + "' is unknown. Fallbacking back to the default '" + eSigningAlgorithm.getID() + "'");
}
final MIC aMIC = AS2Helper.getCryptoHelper().calculateMIC(aMsg.getData(), eSigningAlgorithm, bIncludeHeadersInMIC);
aMsg.attrs().putIn(AS2Message.ATTRIBUTE_MIC, aMIC.getAsAS2String());
if (aPartnership.getAS2ReceiptDeliveryOption() != null) {
// Async MDN is requested
// if yes : PA_AS2_RECEIPT_OPTION != null
// then keep the original mic & message id.
// then wait for the another HTTP call by receivers
storePendingInfo(aMsg, aMIC);
}
return aMIC;
}
Aggregations