Examples with WSS4JAttachment com.helger.phase4.attachment.WSS4JAttachment used on opensource projects

Example 46 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class AS4IncomingHandler method processEbmsMessage.

@Nonnull
public static IAS4MessageState processEbmsMessage(@Nonnull @WillNotClose final AS4ResourceHelper aResHelper, @Nonnull final Locale aLocale, @Nonnull final SOAPHeaderElementProcessorRegistry aRegistry, @Nonnull final HttpHeaderMap aHttpHeaders, @Nonnull final Document aSoapDocument, @Nonnull final ESoapVersion eSoapVersion, @Nonnull final ICommonsList<WSS4JAttachment> aIncomingAttachments, @Nonnull final IAS4IncomingProfileSelector aAS4ProfileSelector, @Nonnull final ICommonsList<Ebms3Error> aErrorMessagesTarget) throws Phase4Exception {
    ValueEnforcer.notNull(aResHelper, "ResHelper");
    ValueEnforcer.notNull(aLocale, "Locale");
    ValueEnforcer.notNull(aHttpHeaders, "HttpHeaders");
    ValueEnforcer.notNull(aSoapDocument, "SoapDocument");
    ValueEnforcer.notNull(eSoapVersion, "SoapVersion");
    ValueEnforcer.notNull(aIncomingAttachments, "IncomingAttachments");
    ValueEnforcer.notNull(aAS4ProfileSelector, "AS4ProfileSelector");
    ValueEnforcer.notNull(aErrorMessagesTarget, "aErrorMessagesTarget");
    if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("Received the following SOAP " + eSoapVersion.getVersion() + " document:");
        LOGGER.debug(AS4XMLHelper.serializeXML(aSoapDocument));
        if (aIncomingAttachments.isEmpty()) {
            LOGGER.debug("Without any incoming attachments");
        } else {
            LOGGER.debug("Including the following " + aIncomingAttachments.size() + " attachments:");
            LOGGER.debug(aIncomingAttachments.toString());
        }
    }
    // This is where all data from the SOAP headers is stored to
    final AS4MessageState aState = new AS4MessageState(eSoapVersion, aResHelper, aLocale);
    // Handle all headers - modifies the state
    _processSoapHeaderElements(aRegistry, aSoapDocument, aIncomingAttachments, aState, aErrorMessagesTarget);
    // Remember if header processing was successful or not
    final boolean bSoapHeaderElementProcessingSuccess = aErrorMessagesTarget.isEmpty();
    aState.setSoapHeaderElementProcessingSuccessful(bSoapHeaderElementProcessingSuccess);
    if (bSoapHeaderElementProcessingSuccess) {
        // Every message can only contain 1 User message or 1 pull message
        // aUserMessage can be null on incoming Pull-Message!
        final Ebms3UserMessage aEbmsUserMessage = aState.getEbmsUserMessage();
        final Ebms3Error aEbmsError = aState.getEbmsError();
        final Ebms3PullRequest aEbmsPullRequest = aState.getEbmsPullRequest();
        final Ebms3Receipt aEbmsReceipt = aState.getEbmsReceipt();
        // Check payload consistency
        final int nCountData = (aEbmsUserMessage != null ? 1 : 0) + (aEbmsPullRequest != null ? 1 : 0) + (aEbmsReceipt != null ? 1 : 0) + (aEbmsError != null ? 1 : 0);
        if (nCountData != 1) {
            LOGGER.error("Expected a UserMessage(" + (aEbmsUserMessage != null ? 1 : 0) + "), a PullRequest(" + (aEbmsPullRequest != null ? 1 : 0) + "), a Receipt(" + (aEbmsReceipt != null ? 1 : 0) + ") or an Error(" + (aEbmsError != null ? 1 : 0) + ")");
            // send EBMS:0001 error back
            aErrorMessagesTarget.add(EEbmsError.EBMS_VALUE_NOT_RECOGNIZED.getAsEbms3Error(aLocale, aState.getMessageID()));
        }
        // Determine AS4 profile ID (since 0.13.0)
        final String sProfileID = aAS4ProfileSelector.getAS4ProfileID(aState);
        if (LOGGER.isDebugEnabled())
            LOGGER.debug("Determined AS4 profile ID '" + sProfileID + "' for current message");
        aState.setProfileID(sProfileID);
        final IPMode aPMode = aState.getPMode();
        final PModeLeg aEffectiveLeg = aState.getEffectivePModeLeg();
        if (aEbmsUserMessage != null) {
            // User message requires PMode
            if (aPMode == null)
                throw new Phase4Exception("No AS4 P-Mode configuration found for user-message!");
            // Only check leg if the message is a usermessage
            if (aEffectiveLeg == null)
                throw new Phase4Exception("No AS4 P-Mode leg could be determined!");
            // Only do profile checks if a profile is set
            if (StringHelper.hasText(sProfileID)) {
                // Resolve profile ID
                final IAS4Profile aProfile = MetaAS4Manager.getProfileMgr().getProfileOfID(sProfileID);
                if (aProfile == null)
                    throw new IllegalStateException("The configured AS4 profile '" + sProfileID + "' does not exist.");
                // Profile Checks gets set when started with Server
                final IAS4ProfileValidator aValidator = aProfile.getValidator();
                if (aValidator != null) {
                    if (aAS4ProfileSelector.validateAgainstProfile()) {
                        final ErrorList aErrorList = new ErrorList();
                        aValidator.validatePMode(aPMode, aErrorList);
                        aValidator.validateUserMessage(aEbmsUserMessage, aErrorList);
                        if (aErrorList.isNotEmpty()) {
                            throw new Phase4Exception("Error validating incoming AS4 message with the profile " + aProfile.getDisplayName() + "\n Following errors are present: " + aErrorList.getAllErrors().getAllTexts(aLocale));
                        }
                    } else {
                        LOGGER.warn("The AS4 profile '" + sProfileID + "' has a validation configured, but the usage was disabled using the AS4ProfileSelector");
                    }
                }
            } else {
                if (LOGGER.isDebugEnabled())
                    LOGGER.debug("AS4 state contains no AS4 profile ID - therefore no consistency checks are performed");
            }
            // Ensure the decrypted attachments are used
            final ICommonsList<WSS4JAttachment> aDecryptedAttachments = aState.hasDecryptedAttachments() ? aState.getDecryptedAttachments() : aState.getOriginalAttachments();
            // Decompress attachments (if compressed)
            // Result is directly in the decrypted attachments list!
            _decompressAttachments(aDecryptedAttachments, aEbmsUserMessage, aState);
        } else {
            // Pull-request also requires PMode
            if (aEbmsPullRequest != null && aPMode == null)
                throw new Phase4Exception("No AS4 P-Mode configuration found for pull-request!");
        }
        final boolean bUseDecryptedSOAP = aState.hasDecryptedSoapDocument();
        final Document aRealSOAPDoc = bUseDecryptedSOAP ? aState.getDecryptedSoapDocument() : aSoapDocument;
        assert aRealSOAPDoc != null;
        // Find SOAP body (mandatory according to SOAP XSD)
        final Node aBodyNode = XMLHelper.getFirstChildElementOfName(aRealSOAPDoc.getDocumentElement(), eSoapVersion.getNamespaceURI(), eSoapVersion.getBodyElementName());
        if (aBodyNode == null)
            throw new Phase4Exception((bUseDecryptedSOAP ? "Decrypted" : "Original") + " SOAP document is missing a Body element");
        aState.setSoapBodyPayloadNode(aBodyNode.getFirstChild());
        final boolean bIsPingMessage = AS4Helper.isPingMessage(aPMode);
        aState.setPingMessage(bIsPingMessage);
        if (bIsPingMessage)
            LOGGER.info("Received an AS4 Ping message - meaning it will NOT be handled by the custom handlers.");
    }
    return aState;
}

Example 47 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class AS4IncomingHandler method _decompressAttachments.

private static void _decompressAttachments(@Nonnull final ICommonsList<WSS4JAttachment> aIncomingDecryptedAttachments, @Nonnull final Ebms3UserMessage aUserMessage, @Nonnull final IAS4MessageState aState) {
    // For all incoming attachments
    for (final WSS4JAttachment aIncomingAttachment : aIncomingDecryptedAttachments.getClone()) {
        final EAS4CompressionMode eCompressionMode = aState.getAttachmentCompressionMode(aIncomingAttachment.getId());
        if (eCompressionMode != null) {
            final IHasInputStream aOldISP = aIncomingAttachment.getInputStreamProvider();
            aIncomingAttachment.setSourceStreamProvider(new HasInputStream(() -> {
                try {
                    final InputStream aSrcIS = aOldISP.getInputStream();
                    if (aSrcIS == null)
                        throw new IllegalStateException("Failed to create InputStream from " + aOldISP);
                    if (LOGGER.isDebugEnabled())
                        LOGGER.debug("Decompressing attachment with ID '" + aIncomingAttachment.getId() + "' using " + eCompressionMode);
                    return eCompressionMode.getDecompressStream(aSrcIS);
                } catch (final IOException ex) {
                    // invalid payload
                    throw new AS4DecompressException(ex);
                }
            }, aOldISP.isReadMultiple()));
            // Remember the compression mode
            aIncomingAttachment.setCompressionMode(eCompressionMode);
            final String sAttachmentContentID = StringHelper.trimStart(aIncomingAttachment.getId(), "attachment=");
            // x.getHref() != null needed since, if a message contains a payload and
            // an attachment, it would throw a NullPointerException since a payload
            // does not have anything written in its partinfo therefore also now
            // href
            final Ebms3PartInfo aPartInfo = CollectionHelper.findFirst(aUserMessage.getPayloadInfo().getPartInfo(), x -> x.getHref() != null && x.getHref().contains(sAttachmentContentID));
            if (aPartInfo != null && aPartInfo.getPartProperties() != null) {
                // Find MimeType property
                final Ebms3Property aProperty = CollectionHelper.findFirst(aPartInfo.getPartProperties().getProperty(), x -> x.getName().equalsIgnoreCase(MessageHelperMethods.PART_PROPERTY_MIME_TYPE));
                if (aProperty != null) {
                    final String sMimeType = aProperty.getValue();
                    if (MimeTypeParser.safeParseMimeType(sMimeType) == null)
                        LOGGER.warn("Value '" + sMimeType + "' of property '" + MessageHelperMethods.PART_PROPERTY_MIME_TYPE + "' is not a valid MIME type");
                    aIncomingAttachment.overwriteMimeType(sMimeType);
                }
            }
        }
    }
}

Example 48 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class AS4BidirectionalClientHelper method sendAS4UserMessageAndReceiveAS4SignalMessage.

public static void sendAS4UserMessageAndReceiveAS4SignalMessage(@Nonnull final IAS4CryptoFactory aCryptoFactory, @Nonnull final IPModeResolver aPModeResolver, @Nonnull final IAS4IncomingAttachmentFactory aIAF, @Nonnull final IAS4IncomingProfileSelector aIncomingProfileSelector, @Nonnull final AS4ClientUserMessage aClientUserMsg, @Nonnull final Locale aLocale, @Nonnull final String sURL, @Nullable final IAS4ClientBuildMessageCallback aBuildMessageCallback, @Nullable final IAS4OutgoingDumper aOutgoingDumper, @Nullable final IAS4IncomingDumper aIncomingDumper, @Nullable final IAS4RetryCallback aRetryCallback, @Nullable final IAS4RawResponseConsumer aResponseConsumer, @Nullable final IAS4SignalMessageConsumer aSignalMsgConsumer) throws IOException, Phase4Exception, WSSecurityException, MessagingException {
    if (LOGGER.isInfoEnabled())
        LOGGER.info("Sending AS4 UserMessage to '" + sURL + "' with max. " + aClientUserMsg.httpRetrySettings().getMaxRetries() + " retries");
    if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("  ServiceType = '" + aClientUserMsg.getServiceType() + "'");
        LOGGER.debug("  Service = '" + aClientUserMsg.getServiceValue() + "'");
        LOGGER.debug("  Action = '" + aClientUserMsg.getAction() + "'");
        LOGGER.debug("  ConversationId = '" + aClientUserMsg.getConversationID() + "'");
        LOGGER.debug("  MessageProperties:");
        for (final Ebms3Property p : aClientUserMsg.ebms3Properties()) LOGGER.debug("    [" + p.getName() + "] = [" + p.getValue() + "]");
        LOGGER.debug("  Attachments (" + aClientUserMsg.attachments().size() + "):");
        for (final WSS4JAttachment a : aClientUserMsg.attachments()) {
            LOGGER.debug("    [" + a.getId() + "] with [" + a.getMimeType() + "] and [" + a.getCharsetOrDefault(null) + "] and [" + a.getCompressionMode() + "] and [" + a.getContentTransferEncoding() + "]");
        }
    }
    final Wrapper<HttpResponse> aWrappedResponse = new Wrapper<>();
    final ResponseHandler<byte[]> aResponseHdl = aHttpResponse -> {
        // throws an ExtendedHttpResponseException on exception
        final HttpEntity aEntity = ResponseHandlerHttpEntity.INSTANCE.handleResponse(aHttpResponse);
        if (aEntity == null)
            return null;
        aWrappedResponse.set(aHttpResponse);
        return EntityUtils.toByteArray(aEntity);
    };
    final AS4ClientSentMessage<byte[]> aResponseEntity = aClientUserMsg.sendMessageWithRetries(sURL, aResponseHdl, aBuildMessageCallback, aOutgoingDumper, aRetryCallback);
    if (LOGGER.isInfoEnabled())
        LOGGER.info("Successfully transmitted AS4 UserMessage with message ID '" + aResponseEntity.getMessageID() + "' to '" + sURL + "'");
    if (aResponseConsumer != null)
        aResponseConsumer.handleResponse(aResponseEntity);
    // Try interpret result as SignalMessage
    if (aResponseEntity.hasResponse() && aResponseEntity.getResponse().length > 0) {
        final IAS4IncomingMessageMetadata aMessageMetadata = new AS4IncomingMessageMetadata(EAS4MessageMode.RESPONSE).setRemoteAddr(sURL);
        // Read response as EBMS3 Signal Message
        // Read it in any case to ensure signature validation etc. happens
        final Ebms3SignalMessage aSignalMessage = AS4IncomingHandler.parseSignalMessage(aCryptoFactory, aPModeResolver, aIAF, aIncomingProfileSelector, aClientUserMsg.getAS4ResourceHelper(), aClientUserMsg.getPMode(), aLocale, aMessageMetadata, aWrappedResponse.get(), aResponseEntity.getResponse(), aIncomingDumper);
        if (aSignalMessage != null && aSignalMsgConsumer != null)
            aSignalMsgConsumer.handleSignalMessage(aSignalMessage);
    } else
        LOGGER.info("AS4 ResponseEntity is empty");
}

Example 49 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class SOAPHeaderElementProcessorExtractEbms3Messaging method processHeaderElement.

@Nonnull
public ESuccess processHeaderElement(@Nonnull final Document aSOAPDoc, @Nonnull final Element aElement, @Nonnull final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull final AS4MessageState aState, @Nonnull final ErrorList aErrorList) {
    final IMPCManager aMPCMgr = MetaAS4Manager.getMPCMgr();
    IPMode aPMode = null;
    final ICommonsMap<String, EAS4CompressionMode> aCompressionAttachmentIDs = new CommonsHashMap<>();
    IMPC aEffectiveMPC = null;
    String sInitiatorID = null;
    String sResponderID = null;
    final Locale aLocale = aState.getLocale();
    // Parse EBMS3 Messaging object
    final CollectingValidationEventHandler aCVEH = new CollectingValidationEventHandler();
    final Ebms3Messaging aMessaging = Ebms3ReaderBuilder.ebms3Messaging().setValidationEventHandler(aCVEH).read(aElement);
    // wellformed
    if (aMessaging == null) {
        // Invalid Header == not wellformed/invalid xml
        for (final IError aError : aCVEH.getErrorList()) {
            LOGGER.error("Header error: " + aError.getAsString(aLocale));
            aErrorList.add(SingleError.builder(aError).errorID(EEbmsError.EBMS_INVALID_HEADER.getErrorCode()).build());
        }
        return ESuccess.FAILURE;
    }
    // Remember in state
    aState.setMessaging(aMessaging);
    // 0 or 1 are allowed
    final int nUserMessages = aMessaging.getUserMessageCount();
    if (nUserMessages > 1) {
        LOGGER.error("Too many UserMessage objects (" + nUserMessages + ") contained.");
        aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
        return ESuccess.FAILURE;
    }
    // 0 or 1 are allowed
    final int nSignalMessages = aMessaging.getSignalMessageCount();
    if (nSignalMessages > 1) {
        LOGGER.error("Too many SignalMessage objects (" + nSignalMessages + ") contained.");
        aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
        return ESuccess.FAILURE;
    }
    if (nUserMessages + nSignalMessages == 0) {
        // No Message was found
        LOGGER.error("Neither UserMessage nor SignalMessage object contained.");
        aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
        return ESuccess.FAILURE;
    }
    // Check if the usermessage has a PMode in the collaboration info
    final Ebms3UserMessage aUserMessage = CollectionHelper.getAtIndex(aMessaging.getUserMessage(), 0);
    if (aUserMessage != null) {
        final Ebms3MessageInfo aMsgInfo = aUserMessage.getMessageInfo();
        if (aMsgInfo != null) {
            // Set this is as early as possible, so that eventually occurring error
            // messages can use the "RefToMessageId" element properly
            aState.setMessageID(aMsgInfo.getMessageId());
            aState.setRefToMessageID(aMsgInfo.getRefToMessageId());
            aState.setMessageTimestamp(aMsgInfo.getTimestamp());
        }
        // PartyInfo is mandatory in UserMessage
        // From is mandatory in PartyInfo
        // To is mandatory in PartyInfo
        final List<Ebms3PartyId> aFromPartyIdList = aUserMessage.getPartyInfo().getFrom().getPartyId();
        final List<Ebms3PartyId> aToPartyIdList = aUserMessage.getPartyInfo().getTo().getPartyId();
        if (aFromPartyIdList.size() > 1 || aToPartyIdList.size() > 1) {
            LOGGER.error("More than one PartyId is containted in From or To Recipient please check the message.");
            aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
            return ESuccess.FAILURE;
        }
        // Setting Initiator and Responder id, Required values or else xsd will
        // throw an error
        sInitiatorID = aFromPartyIdList.get(0).getValue();
        sResponderID = aToPartyIdList.get(0).getValue();
        final Ebms3CollaborationInfo aCollaborationInfo = aUserMessage.getCollaborationInfo();
        if (aCollaborationInfo != null) {
            // Find PMode
            String sPModeID = null;
            String sAgreementRef = null;
            if (aCollaborationInfo.getAgreementRef() != null) {
                sPModeID = aCollaborationInfo.getAgreementRef().getPmode();
                sAgreementRef = aCollaborationInfo.getAgreementRef().getValue();
            }
            // Get responder address from properties file (may be null)
            final String sAddress = AS4Configuration.getThisEndpointAddress();
            aPMode = m_aPModeResolver.getPModeOfID(sPModeID, aCollaborationInfo.getService().getValue(), aCollaborationInfo.getAction(), sInitiatorID, sResponderID, sAgreementRef, sAddress);
            // Should be screened by the XSD conversion already
            if (aPMode == null) {
                LOGGER.error("Failed to resolve PMode '" + sPModeID + "' using resolver " + m_aPModeResolver);
                aErrorList.add(EEbmsError.EBMS_PROCESSING_MODE_MISMATCH.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
        }
        // to use the configuration for leg2
        PModeLeg aPModeLeg1 = null;
        PModeLeg aPModeLeg2 = null;
        // Needed for the compression check: it is not allowed to have a
        // compressed attachment and a SOAPBodyPayload
        boolean bHasSoapBodyPayload = false;
        if (aPMode != null) {
            aPModeLeg1 = aPMode.getLeg1();
            aPModeLeg2 = aPMode.getLeg2();
            // both are present
            if (aPMode.getMEPBinding().getRequiredLegs() == 2 && aPModeLeg2 == null) {
                LOGGER.error("Error processing the UserMessage, PMode does not contain leg 2.");
                aErrorList.add(EEbmsError.EBMS_PROCESSING_MODE_MISMATCH.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            final boolean bUseLeg1 = _isUseLeg1(aUserMessage);
            final PModeLeg aEffectiveLeg = bUseLeg1 ? aPModeLeg1 : aPModeLeg2;
            final int nLegNum = bUseLeg1 ? 1 : 2;
            if (aEffectiveLeg == null) {
                LOGGER.error("Error processing the UserMessage, PMode does not contain effective leg " + nLegNum + ".");
                aErrorList.add(EEbmsError.EBMS_PROCESSING_MODE_MISMATCH.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            aState.setEffectivePModeLeg(nLegNum, aEffectiveLeg);
            if (_checkMPCOfPMode(aEffectiveLeg, aMPCMgr, aLocale, aErrorList).isFailure())
                return ESuccess.FAILURE;
            bHasSoapBodyPayload = _checkSOAPBodyHasPayload(aEffectiveLeg, aSOAPDoc);
            final String sEffectiveMPCID = _getMPCIDOfUserMsg(aUserMessage, aEffectiveLeg);
            // PMode is valid
            // Now Check if MPC valid
            aEffectiveMPC = aMPCMgr.getMPCOrDefaultOfID(sEffectiveMPCID);
            if (aEffectiveMPC == null) {
                LOGGER.error("Error processing the UserMessage, effective MPC ID '" + sEffectiveMPCID + "' is unknown!");
                aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
        }
        // Remember in state
        aState.setSoapBodyPayloadPresent(bHasSoapBodyPayload);
        final Ebms3PayloadInfo aEbms3PayloadInfo = aUserMessage.getPayloadInfo();
        if (aEbms3PayloadInfo == null || aEbms3PayloadInfo.getPartInfo().isEmpty()) {
            if (bHasSoapBodyPayload) {
                LOGGER.error("No PayloadInfo/PartInfo is specified, so no SOAP body payload is allowed.");
                aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            // attachments in the message
            if (aAttachments.isNotEmpty()) {
                LOGGER.error("No PayloadInfo/PartInfo is specified, so no attachments are allowed.");
                aErrorList.add(EEbmsError.EBMS_EXTERNAL_PAYLOAD_ERROR.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
        } else {
            // Check if there are more Attachments then specified
            if (aAttachments.size() > aEbms3PayloadInfo.getPartInfoCount()) {
                LOGGER.error("Error processing the UserMessage, the amount of specified attachments does not correlate with the actual attachments in the UserMessage. Expected " + aEbms3PayloadInfo.getPartInfoCount() + " but having " + aAttachments.size() + " attachments.");
                aErrorList.add(EEbmsError.EBMS_EXTERNAL_PAYLOAD_ERROR.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            int nSpecifiedAttachments = 0;
            for (final Ebms3PartInfo aPartInfo : aEbms3PayloadInfo.getPartInfo()) {
                // If href is null or empty there has to be a SOAP Payload
                if (StringHelper.hasNoText(aPartInfo.getHref())) {
                    // Check if there is a BodyPayload as specified in the UserMessage
                    if (!bHasSoapBodyPayload) {
                        LOGGER.error("Error processing the UserMessage. Expected a SOAPBody Payload but there is none present.");
                        aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                        return ESuccess.FAILURE;
                    }
                } else {
                    // Attachment
                    // To check attachments which are specified in the usermessage and
                    // the real amount in the mime message
                    nSpecifiedAttachments++;
                    final String sAttachmentID = StringHelper.trimStart(aPartInfo.getHref(), MessageHelperMethods.PREFIX_CID);
                    final WSS4JAttachment aIncomingAttachment = aAttachments.findFirst(x -> EqualsHelper.equals(x.getId(), sAttachmentID));
                    if (aIncomingAttachment == null) {
                        LOGGER.warn("Failed to resolve MIME attachment '" + sAttachmentID + "' in list of " + aAttachments.getAllMapped(WSS4JAttachment::getId));
                    }
                    boolean bMimeTypePresent = false;
                    boolean bCompressionTypePresent = false;
                    if (aPartInfo.getPartProperties() != null)
                        for (final Ebms3Property aEbms3Property : aPartInfo.getPartProperties().getProperty()) {
                            final String sPropertyName = aEbms3Property.getName();
                            final String sPropertyValue = aEbms3Property.getValue();
                            if (sPropertyName.equalsIgnoreCase(MessageHelperMethods.PART_PROPERTY_MIME_TYPE)) {
                                bMimeTypePresent = StringHelper.hasText(sPropertyValue);
                            } else if (sPropertyName.equalsIgnoreCase(MessageHelperMethods.PART_PROPERTY_COMPRESSION_TYPE)) {
                                // Only needed check here since AS4 does not support another
                                // CompressionType
                                // http://wiki.ds.unipi.gr/display/ESENS/PR+-+AS4
                                final EAS4CompressionMode eCompressionMode = EAS4CompressionMode.getFromMimeTypeStringOrNull(sPropertyValue);
                                if (eCompressionMode == null) {
                                    LOGGER.error("Error processing the UserMessage, CompressionType '" + sPropertyValue + "' of attachment '" + sAttachmentID + "' is not supported.");
                                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                                    return ESuccess.FAILURE;
                                }
                                aCompressionAttachmentIDs.put(sAttachmentID, eCompressionMode);
                                bCompressionTypePresent = true;
                            } else if (sPropertyName.equalsIgnoreCase(MessageHelperMethods.PART_PROPERTY_CHARACTER_SET)) {
                                if (StringHelper.hasText(sPropertyValue)) {
                                    final Charset aCharset = CharsetHelper.getCharsetFromNameOrNull(sPropertyValue);
                                    if (aCharset == null) {
                                        LOGGER.error("Value '" + sPropertyValue + "' of property '" + MessageHelperMethods.PART_PROPERTY_CHARACTER_SET + "' of attachment '" + sAttachmentID + "' is not supported");
                                        aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                                        return ESuccess.FAILURE;
                                    } else if (aIncomingAttachment != null)
                                        aIncomingAttachment.setCharset(aCharset);
                                }
                            }
                        // else we don't care about the property
                        }
                    // got compressed
                    if (bCompressionTypePresent && !bMimeTypePresent) {
                        LOGGER.error("Error processing the UserMessage, MimeType for a compressed attachment ('" + sAttachmentID + "') is not present.");
                        aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                        return ESuccess.FAILURE;
                    }
                }
            }
            // This may also be an indicator for "external payloads"
            if (nSpecifiedAttachments != aAttachments.size()) {
                LOGGER.error("Error processing the UserMessage: the amount of specified attachments does not correlate with the actual attachments in the UserMessage. Expected " + aEbms3PayloadInfo.getPartInfoCount() + " but having " + aAttachments.size() + " attachments. This is an indicator, that an external attached was provided.");
                aErrorList.add(EEbmsError.EBMS_EXTERNAL_PAYLOAD_ERROR.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
        }
    } else {
        // Must be a SignalMessage
        // all vars stay null
        final Ebms3SignalMessage aSignalMessage = aMessaging.getSignalMessageAtIndex(0);
        final Ebms3MessageInfo aMsgInfo = aSignalMessage.getMessageInfo();
        if (aMsgInfo != null) {
            // Set this is as early as possible, so that eventually occurring error
            // messages can use the "RefToMessageId" element properly
            aState.setMessageID(aMsgInfo.getMessageId());
            aState.setRefToMessageID(aMsgInfo.getRefToMessageId());
            aState.setMessageTimestamp(aMsgInfo.getTimestamp());
        }
        final Ebms3PullRequest aEbms3PullRequest = aSignalMessage.getPullRequest();
        final Ebms3Receipt aEbms3Receipt = aSignalMessage.getReceipt();
        if (aEbms3PullRequest != null) {
            final String sMPC = aEbms3PullRequest.getMpc();
            final IMPC aMPC = aMPCMgr.getMPCOfID(sMPC);
            if (aMPC == null) {
                LOGGER.error("Failed to resolve the PullRequest MPC '" + sMPC + "'");
                // Return value not recognized when MPC is not currently saved
                aErrorList.add(EEbmsError.EBMS_VALUE_NOT_RECOGNIZED.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            // Create SPI which returns a PMode
            for (final IAS4ServletPullRequestProcessorSPI aProcessor : AS4ServletPullRequestProcessorManager.getAllProcessors()) {
                aPMode = aProcessor.findPMode(aSignalMessage);
                if (aPMode != null) {
                    LOGGER.info("Found PMode '" + aPMode.getID() + "' for MPC '" + sMPC + "' in SignalMessage " + aSignalMessage);
                    break;
                }
            }
            if (aPMode == null) {
                LOGGER.error("Failed to resolve PMode for PullRequest with MPC '" + sMPC + "'");
                aErrorList.add(EEbmsError.EBMS_VALUE_NOT_RECOGNIZED.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
        } else if (aEbms3Receipt != null) {
            final String sRefToMessageID = aSignalMessage.getMessageInfo().getRefToMessageId();
            if (StringHelper.hasNoText(sRefToMessageID)) {
                LOGGER.error("The Receipt does not contain a RefToMessageId");
                aErrorList.add(EEbmsError.EBMS_INVALID_RECEIPT.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
        } else {
            // Error Message
            if (!aSignalMessage.getError().isEmpty()) {
                for (final Ebms3Error aError : aSignalMessage.getError()) {
                    /*
               * Ebms 3 spec 6.2.6: This OPTIONAL attribute indicates the
               * MessageId of the message in error, for which this error is
               * raised.
               */
                    if (false)
                        if (StringHelper.hasNoText(aError.getRefToMessageInError())) {
                            aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                            return ESuccess.FAILURE;
                        }
                }
            }
        }
    }
    // Remember in state
    aState.setPMode(aPMode);
    aState.setOriginalSoapDocument(aSOAPDoc);
    aState.setOriginalAttachments(aAttachments);
    aState.setCompressedAttachmentIDs(aCompressionAttachmentIDs);
    aState.setMPC(aEffectiveMPC);
    aState.setInitiatorID(sInitiatorID);
    aState.setResponderID(sResponderID);
    return ESuccess.SUCCESS;
}

Example 50 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class SOAPHeaderElementProcessorWSS4J method _verifyAndDecrypt.

@Nonnull
private ESuccess _verifyAndDecrypt(@Nonnull final Document aSOAPDoc, @Nonnull final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull final AS4MessageState aState, @Nonnull final ErrorList aErrorList, @Nonnull final Supplier<WSSConfig> aWSSConfigSupplier) {
    // Default is Leg 1, gets overwritten when a reference to a message id
    // exists and then uses leg2
    final Locale aLocale = aState.getLocale();
    // Signing verification and Decryption
    try {
        // Convert to WSS4J attachments
        final Phase4KeyStoreCallbackHandler aKeyStoreCallback = new Phase4KeyStoreCallbackHandler(m_aCryptoFactory);
        final WSS4JAttachmentCallbackHandler aAttachmentCallbackHandler = new WSS4JAttachmentCallbackHandler(aAttachments, aState.getResourceHelper());
        // Resolve the WSS config here to ensure the context matches
        final WSSConfig aWSSConfig = aWSSConfigSupplier.get();
        // Configure RequestData needed for the check / decrypt process!
        final RequestData aRequestData = new RequestData();
        aRequestData.setCallbackHandler(aKeyStoreCallback);
        if (aAttachments.isNotEmpty())
            aRequestData.setAttachmentCallbackHandler(aAttachmentCallbackHandler);
        aRequestData.setSigVerCrypto(m_aCryptoFactory.getCrypto());
        aRequestData.setDecCrypto(m_aCryptoFactory.getCrypto());
        aRequestData.setWssConfig(aWSSConfig);
        // Upon success, the SOAP document contains the decrypted content
        // afterwards!
        final WSSecurityEngine aSecurityEngine = new WSSecurityEngine();
        aSecurityEngine.setWssConfig(aWSSConfig);
        final WSHandlerResult aHdlRes = aSecurityEngine.processSecurityHeader(aSOAPDoc, aRequestData);
        final List<WSSecurityEngineResult> aResults = aHdlRes.getResults();
        // Collect all unique used certificates
        final ICommonsSet<X509Certificate> aCertSet = new CommonsHashSet<>();
        // Preferred certificate from BinarySecurityToken
        X509Certificate aPreferredCert = null;
        int nWSS4JSecurityActions = 0;
        for (final WSSecurityEngineResult aResult : aResults) {
            if (LOGGER.isDebugEnabled())
                LOGGER.debug("WSSecurityEngineResult: " + aResult);
            final Integer aAction = (Integer) aResult.get(WSSecurityEngineResult.TAG_ACTION);
            final int nAction = aAction != null ? aAction.intValue() : 0;
            nWSS4JSecurityActions |= nAction;
            final X509Certificate aCert = (X509Certificate) aResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
            if (aCert != null) {
                aCertSet.add(aCert);
                if (nAction == WSConstants.BST && aPreferredCert == null)
                    aPreferredCert = aCert;
            }
        }
        // this determines if a signature check or a decryption happened
        aState.setSoapWSS4JSecurityActions(nWSS4JSecurityActions);
        final X509Certificate aUsedCert;
        if (aCertSet.size() > 1) {
            if (aPreferredCert == null) {
                LOGGER.warn("Found " + aCertSet.size() + " different certificates in message. Using the first one.");
                if (LOGGER.isDebugEnabled())
                    LOGGER.debug("All gathered certificates: " + aCertSet);
                aUsedCert = aCertSet.getAtIndex(0);
            } else
                aUsedCert = aPreferredCert;
        } else if (aCertSet.size() == 1)
            aUsedCert = aCertSet.getAtIndex(0);
        else
            aUsedCert = null;
        // Remember in State
        aState.setUsedCertificate(aUsedCert);
        aState.setDecryptedSoapDocument(aSOAPDoc);
        // Decrypting the Attachments
        final ICommonsList<WSS4JAttachment> aResponseAttachments = aAttachmentCallbackHandler.getAllResponseAttachments();
        for (final WSS4JAttachment aResponseAttachment : aResponseAttachments) {
            // Always copy to a temporary file, so that decrypted content can be
            // read more than once. By default the stream can only be read once
            // Not nice, but working :)
            final File aTempFile = aState.getResourceHelper().createTempFile();
            StreamHelper.copyInputStreamToOutputStreamAndCloseOS(aResponseAttachment.getSourceStream(), FileHelper.getBufferedOutputStream(aTempFile));
            aResponseAttachment.setSourceStreamProvider(HasInputStream.multiple(() -> FileHelper.getBufferedInputStream(aTempFile)));
        }
        // Remember in State
        aState.setDecryptedAttachments(aResponseAttachments);
        return ESuccess.SUCCESS;
    } catch (final IndexOutOfBoundsException | IllegalStateException | WSSecurityException ex) {
        // Decryption or Signature check failed
        LOGGER.error("Error processing the WSSSecurity Header", ex);
        /**
         * Error processing the WSSSecurity Header
         *
         * <pre>
         * java.lang.IndexOutOfBoundsException: null
         *      at java.io.ByteArrayInputStream.read(ByteArrayInputStream.java:180) ~[?:1.8.0_242]
         *      at org.apache.wss4j.common.util.AttachmentUtils$1.initCipher(AttachmentUtils.java:501) ~[wss4j-ws-security-common-2.3.0.jar:2.3.0]
         *      at org.apache.wss4j.common.util.AttachmentUtils$1.read(AttachmentUtils.java:535) ~[wss4j-ws-security-common-2.3.0.jar:2.3.0]
         *      at com.helger.commons.io.stream.StreamHelper._copyInputStreamToOutputStream(StreamHelper.java:218) ~[ph-commons-9.4.7.jar:9.4.7]
         *      at com.helger.commons.io.stream.StreamHelper.copyInputStreamToOutputStream(StreamHelper.java:312) ~[ph-commons-9.4.7.jar:9.4.7]
         *      at com.helger.commons.io.stream.StreamHelper.copyInputStreamToOutputStreamAndCloseOS(StreamHelper.java:429) ~[ph-commons-9.4.7.jar:9.4.7]
         *      at com.helger.phase4.servlet.soap.SOAPHeaderElementProcessorWSS4J._verifyAndDecrypt(SOAPHeaderElementProcessorWSS4J.java:187) ~[classes/:?]
         * </pre>
         *
         * Failed to close object org.apache.wss4j.common.util.AttachmentUtils$1
         *
         * <pre>
         * java.lang.IllegalStateException: Cipher not initialized
         *      at javax.crypto.Cipher.checkCipherState(Cipher.java:1749) ~[?:1.8.0_242]
         *      at javax.crypto.Cipher.doFinal(Cipher.java:2044) ~[?:1.8.0_242]
         *      at javax.crypto.CipherInputStream.close(CipherInputStream.java:330) ~[?:1.8.0_242]
         *      at com.helger.commons.io.stream.StreamHelper.close(StreamHelper.java:163) ~[ph-commons-9.4.7.jar:9.4.7]
         *      at com.helger.commons.io.stream.StreamHelper.copyInputStreamToOutputStream(StreamHelper.java:337) ~[ph-commons-9.4.7.jar:9.4.7]
         *      at com.helger.commons.io.stream.StreamHelper.copyInputStreamToOutputStreamAndCloseOS(StreamHelper.java:429) ~[ph-commons-9.4.7.jar:9.4.7]
         *      at com.helger.phase4.servlet.soap.SOAPHeaderElementProcessorWSS4J._verifyAndDecrypt(SOAPHeaderElementProcessorWSS4J.java:187) ~[classes/:?]
         * </pre>
         *
         * Error processing the WSSSecurity Header
         *
         * <pre>
         *      org.apache.wss4j.common.ext.WSSecurityException: Error during certificate path validation: No trusted certs found
         *      at org.apache.wss4j.common.crypto.Merlin.verifyTrust(Merlin.java:816) ~[task/:?]
         *      at org.apache.wss4j.common.crypto.Merlin.verifyTrust(Merlin.java:906) ~[task/:?]
         *      at org.apache.wss4j.dom.validate.SignatureTrustValidator.verifyTrustInCerts(SignatureTrustValidator.java:109) ~[task/:?]
         *      at org.apache.wss4j.dom.validate.SignatureTrustValidator.validate(SignatureTrustValidator.java:64) ~[task/:?]
         *      at org.apache.wss4j.dom.processor.SignatureProcessor.handleToken(SignatureProcessor.java:189) ~[task/:?]
         *      at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:340) ~[task/:?]
         *      at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:251) ~[task/:?]
         *      at com.helger.phase4.servlet.soap.SOAPHeaderElementProcessorWSS4J._verifyAndDecrypt(SOAPHeaderElementProcessorWSS4J.java:128) ~[task/:?]
         * </pre>
         *
         * If the SMP provided AP certificate does not match the configured one:
         *
         * <pre>
         *      org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for certificate
         *      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.getPrivateKey(EncryptedKeyProcessor.java:269) ~[wss4j-ws-security-dom-2.3.1.jar:2.3.1]
         *      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:225) ~[wss4j-ws-security-dom-2.3.1.jar:2.3.1]
         *      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:90) ~[wss4j-ws-security-dom-2.3.1.jar:2.3.1]
         *      at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:340) ~[wss4j-ws-security-dom-2.3.1.jar:2.3.1]
         *      at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:251) ~[wss4j-ws-security-dom-2.3.1.jar:2.3.1]
         *      at com.helger.phase4.servlet.soap.SOAPHeaderElementProcessorWSS4J._verifyAndDecrypt(SOAPHeaderElementProcessorWSS4J.java:128) ~[phase4-lib-1.3.1.jar:1.3.1]
         * </pre>
         */
        // TODO we need a way to distinct
        // signature and decrypt WSSecurityException provides no such thing
        aErrorList.add(EEbmsError.EBMS_FAILED_DECRYPTION.getAsError(aLocale));
        aState.setSoapWSS4JException(ex);
        return ESuccess.FAILURE;
    } catch (final IOException ex) {
        // Decryption or Signature check failed
        LOGGER.error("IO error processing the WSSSecurity Header", ex);
        aErrorList.add(EEbmsError.EBMS_OTHER.getAsError(aLocale));
        aState.setSoapWSS4JException(ex);
        return ESuccess.FAILURE;
    }
}