Search in sources :

Example 21 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class MockClientMessages method createEmptyUserMessage.

@Nonnull
@SuppressFBWarnings("NP_NONNULL_PARAM_VIOLATION")
public static Document createEmptyUserMessage(@Nonnull final ESoapVersion eSoapVersion, @Nullable final Node aPayload, @Nullable final ICommonsList<WSS4JAttachment> aAttachments) {
    // Add properties
    final ICommonsList<Ebms3Property> aEbms3Properties = new CommonsArrayList<>();
    final Ebms3Property aEbms3PropertyProcess = new Ebms3Property();
    aEbms3Properties.add(aEbms3PropertyProcess);
    // Use an empty message info by purpose
    final Ebms3MessageInfo aEbms3MessageInfo = MessageHelperMethods.createEbms3MessageInfo();
    final Ebms3PayloadInfo aEbms3PayloadInfo = MessageHelperMethods.createEbms3PayloadInfo(aPayload != null, aAttachments);
    final Ebms3CollaborationInfo aEbms3CollaborationInfo = MessageHelperMethods.createEbms3CollaborationInfo(null, null, null, "svc", "act", "conv");
    final Ebms3PartyInfo aEbms3PartyInfo = MessageHelperMethods.createEbms3PartyInfo("fid", "frole", "tid", "trole");
    final Ebms3MessageProperties aEbms3MessageProperties = MessageHelperMethods.createEbms3MessageProperties(aEbms3Properties);
    final AS4UserMessage aDoc = AS4UserMessage.create(aEbms3MessageInfo, aEbms3PayloadInfo, aEbms3CollaborationInfo, aEbms3PartyInfo, aEbms3MessageProperties, eSoapVersion).setMustUnderstand(true);
    return aDoc.getAsSoapDocument(aPayload);
}
Also used : Ebms3MessageProperties(com.helger.phase4.ebms3header.Ebms3MessageProperties) Ebms3PayloadInfo(com.helger.phase4.ebms3header.Ebms3PayloadInfo) Ebms3CollaborationInfo(com.helger.phase4.ebms3header.Ebms3CollaborationInfo) Ebms3MessageInfo(com.helger.phase4.ebms3header.Ebms3MessageInfo) AS4UserMessage(com.helger.phase4.messaging.domain.AS4UserMessage) CommonsArrayList(com.helger.commons.collection.impl.CommonsArrayList) Ebms3PartyInfo(com.helger.phase4.ebms3header.Ebms3PartyInfo) Ebms3Property(com.helger.phase4.ebms3header.Ebms3Property) Nonnull(javax.annotation.Nonnull) SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)

Example 22 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class MockClientMessages method createUserMessageNotSigned.

@Nonnull
public static AS4UserMessage createUserMessageNotSigned(@Nonnull final ESoapVersion eSoapVersion, @Nullable final Node aPayload, @Nullable final ICommonsList<WSS4JAttachment> aAttachments) {
    // Add properties
    final ICommonsList<Ebms3Property> aEbms3Properties = new CommonsArrayList<>();
    aEbms3Properties.add(MessageHelperMethods.createEbms3Property("ProcessInst", "PurchaseOrder:123456"));
    aEbms3Properties.add(MessageHelperMethods.createEbms3Property("ContextID", "987654321"));
    aEbms3Properties.add(MessageHelperMethods.createEbms3Property(CAS4.ORIGINAL_SENDER, "C1 OS"));
    aEbms3Properties.add(MessageHelperMethods.createEbms3Property(CAS4.FINAL_RECIPIENT, "C4 FR"));
    final Ebms3MessageInfo aEbms3MessageInfo = MessageHelperMethods.createEbms3MessageInfo();
    final Ebms3PayloadInfo aEbms3PayloadInfo = MessageHelperMethods.createEbms3PayloadInfo(aPayload != null, aAttachments);
    final Ebms3CollaborationInfo aEbms3CollaborationInfo = MessageHelperMethods.createEbms3CollaborationInfo("pmode-twoway", DEFAULT_AGREEMENT, "MyServiceTypes", "QuoteToCollect", "NewPurchaseOrder", "4321");
    final Ebms3PartyInfo aEbms3PartyInfo = MessageHelperMethods.createEbms3PartyInfo(CAS4.DEFAULT_INITIATOR_URL, "1234", CAS4.DEFAULT_RESPONDER_URL, "5678");
    final Ebms3MessageProperties aEbms3MessageProperties = MessageHelperMethods.createEbms3MessageProperties(aEbms3Properties);
    final AS4UserMessage aDoc = AS4UserMessage.create(aEbms3MessageInfo, aEbms3PayloadInfo, aEbms3CollaborationInfo, aEbms3PartyInfo, aEbms3MessageProperties, eSoapVersion).setMustUnderstand(true);
    return aDoc;
}
Also used : Ebms3MessageProperties(com.helger.phase4.ebms3header.Ebms3MessageProperties) Ebms3PayloadInfo(com.helger.phase4.ebms3header.Ebms3PayloadInfo) Ebms3CollaborationInfo(com.helger.phase4.ebms3header.Ebms3CollaborationInfo) Ebms3MessageInfo(com.helger.phase4.ebms3header.Ebms3MessageInfo) AS4UserMessage(com.helger.phase4.messaging.domain.AS4UserMessage) CommonsArrayList(com.helger.commons.collection.impl.CommonsArrayList) Ebms3PartyInfo(com.helger.phase4.ebms3header.Ebms3PartyInfo) Ebms3Property(com.helger.phase4.ebms3header.Ebms3Property) Nonnull(javax.annotation.Nonnull)

Example 23 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class MockClientMessages method createErrorMessageSigned.

@Nonnull
public static Document createErrorMessageSigned(@Nonnull final ESoapVersion eSoapVersion, @Nullable final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull @WillNotClose final AS4ResourceHelper aResHelper) throws WSSecurityException {
    final ICommonsList<Ebms3Error> aEbms3ErrorList = new CommonsArrayList<>(EEbmsError.EBMS_INVALID_HEADER.getAsEbms3Error(Locale.US, null));
    final AS4ErrorMessage aErrorMsg = AS4ErrorMessage.create(eSoapVersion, "srcmsgid", aEbms3ErrorList).setMustUnderstand(true);
    final Document aSignedDoc = AS4Signer.createSignedMessage(AS4CryptoFactoryProperties.getDefaultInstance(), aErrorMsg.getAsSoapDocument(), eSoapVersion, aErrorMsg.getMessagingID(), aAttachments, aResHelper, false, AS4SigningParams.createDefault());
    return aSignedDoc;
}
Also used : Ebms3Error(com.helger.phase4.ebms3header.Ebms3Error) Document(org.w3c.dom.Document) CommonsArrayList(com.helger.commons.collection.impl.CommonsArrayList) AS4ErrorMessage(com.helger.phase4.messaging.domain.AS4ErrorMessage) Nonnull(javax.annotation.Nonnull)

Example 24 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class SOAPHeaderElementProcessorWSS4J method processHeaderElement.

@Nonnull
public ESuccess processHeaderElement(@Nonnull final Document aSOAPDoc, @Nonnull final Element aSecurityNode, @Nonnull final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull final AS4MessageState aState, @Nonnull final ErrorList aErrorList) {
    IPMode aPMode = aState.getPMode();
    if (aPMode == null)
        aPMode = m_aFallbackPMode;
    // Safety Check
    if (aPMode == null)
        throw new IllegalStateException("No PMode contained in AS4 state - seems like Ebms3 Messaging header is missing!");
    // Default is Leg 1, gets overwritten when a reference to a message id
    // exists and then uses leg2
    final Locale aLocale = aState.getLocale();
    PModeLeg aPModeLeg = aPMode.getLeg1();
    final Ebms3UserMessage aUserMessage = aState.getEbmsUserMessage();
    if (aUserMessage != null && StringHelper.hasText(aUserMessage.getMessageInfo().getRefToMessageId()))
        aPModeLeg = aPMode.getLeg2();
    // Does security - leg part checks if not <code>null</code>
    if (aPModeLeg.getSecurity() != null) {
        // Get Signature Algorithm
        Element aSignedNode = XMLHelper.getFirstChildElementOfName(aSecurityNode, CAS4.DS_NS, "Signature");
        if (aSignedNode != null) {
            // Go through the security nodes to find the algorithm attribute
            aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "SignedInfo");
            final Element aSignatureAlgorithm = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "SignatureMethod");
            String sAlgorithm = aSignatureAlgorithm == null ? null : aSignatureAlgorithm.getAttribute("Algorithm");
            final ECryptoAlgorithmSign eSignAlgo = ECryptoAlgorithmSign.getFromURIOrNull(sAlgorithm);
            if (eSignAlgo == null) {
                LOGGER.error("Error processing the Security Header, your signing algorithm '" + sAlgorithm + "' is incorrect. Expected one of the following '" + Arrays.asList(ECryptoAlgorithmSign.values()) + "' algorithms");
                aErrorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            if (LOGGER.isDebugEnabled())
                LOGGER.debug("Using signature algorithm " + eSignAlgo);
            // Get Signature Digest Algorithm
            aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "Reference");
            aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "DigestMethod");
            sAlgorithm = aSignedNode == null ? null : aSignedNode.getAttribute("Algorithm");
            final ECryptoAlgorithmSignDigest eSignDigestAlgo = ECryptoAlgorithmSignDigest.getFromURIOrNull(sAlgorithm);
            if (eSignDigestAlgo == null) {
                LOGGER.error("Error processing the Security Header, your signing digest algorithm is incorrect. Expected one of the following'" + Arrays.toString(ECryptoAlgorithmSignDigest.values()) + "' algorithms");
                aErrorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            if (LOGGER.isDebugEnabled())
                LOGGER.debug("Using signature digest algorithm " + eSignDigestAlgo);
        }
        // Check attachment validity only if a PartInfo element is available
        if (aUserMessage != null) {
            final boolean bBodyPayloadPresent = aState.isSoapBodyPayloadPresent();
            // Check if Attachment IDs are the same
            for (int i = 0; i < aAttachments.size(); i++) {
                String sAttachmentID = aAttachments.get(i).getHeaders().get(AttachmentUtils.MIME_HEADER_CONTENT_ID);
                if (StringHelper.hasNoText(sAttachmentID)) {
                    LOGGER.error("The provided attachment ID in the 'Content-ID' header may not be empty.");
                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                    return ESuccess.FAILURE;
                }
                if (!sAttachmentID.startsWith(WSS4JAttachment.CONTENT_ID_PREFIX)) {
                    LOGGER.error("The provided attachment ID '" + sAttachmentID + "' in the 'Content-ID' header does not start with the required prefix '" + WSS4JAttachment.CONTENT_ID_PREFIX + "'");
                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                    return ESuccess.FAILURE;
                }
                if (!sAttachmentID.endsWith(WSS4JAttachment.CONTENT_ID_SUFFIX)) {
                    LOGGER.error("The provided attachment ID '" + sAttachmentID + "' in the 'Content-ID' header does not end with the required suffix '" + WSS4JAttachment.CONTENT_ID_SUFFIX + "'");
                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                    return ESuccess.FAILURE;
                }
                // Strip prefix and suffix
                sAttachmentID = sAttachmentID.substring(WSS4JAttachment.CONTENT_ID_PREFIX.length(), sAttachmentID.length() - WSS4JAttachment.CONTENT_ID_SUFFIX.length());
                // Add +1 because the payload has index 0
                final String sHref = aUserMessage.getPayloadInfo().getPartInfoAtIndex((bBodyPayloadPresent ? 1 : 0) + i).getHref();
                if (!sHref.contains(sAttachmentID)) {
                    LOGGER.error("The usermessage part information '" + sHref + "' does not reference the respective attachment ID '" + sAttachmentID + "'");
                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                    return ESuccess.FAILURE;
                }
            }
        }
        final ESuccess eSuccess;
        if (AS4Configuration.isWSS4JSynchronizedSecurity()) {
            // Use static WSSConfig creation
            eSuccess = WSSSynchronizer.call(() -> _verifyAndDecrypt(aSOAPDoc, aAttachments, aState, aErrorList, WSSConfigManager::createStaticWSSConfig));
        } else {
            // Use instance WSSConfig creation
            eSuccess = _verifyAndDecrypt(aSOAPDoc, aAttachments, aState, aErrorList, WSSConfigManager.getInstance()::createWSSConfig);
        }
        if (eSuccess.isFailure())
            return ESuccess.FAILURE;
    }
    return ESuccess.SUCCESS;
}
Also used : Locale(java.util.Locale) ESuccess(com.helger.commons.state.ESuccess) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) Element(org.w3c.dom.Element) IPMode(com.helger.phase4.model.pmode.IPMode) ECryptoAlgorithmSignDigest(com.helger.phase4.crypto.ECryptoAlgorithmSignDigest) WSSConfigManager(com.helger.phase4.wss.WSSConfigManager) Ebms3UserMessage(com.helger.phase4.ebms3header.Ebms3UserMessage) ECryptoAlgorithmSign(com.helger.phase4.crypto.ECryptoAlgorithmSign) Nonnull(javax.annotation.Nonnull)

Example 25 with WSS4JAttachment

use of com.helger.phase4.attachment.WSS4JAttachment in project phase4 by phax.

the class AS4Encryptor method _encryptMimeMessage.

@Nonnull
private static AS4MimeMessage _encryptMimeMessage(@Nonnull final ESoapVersion eSoapVersion, @Nonnull final Document aDoc, @Nullable final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull final IAS4CryptoFactory aCryptoFactory, final boolean bMustUnderstand, @Nonnull @WillNotClose final AS4ResourceHelper aResHelper, @Nonnull final AS4CryptParams aCryptParams) throws WSSecurityException {
    if (LOGGER.isInfoEnabled())
        LOGGER.info("Now encrypting AS4 MIME message");
    final WSSecHeader aSecHeader = new WSSecHeader(aDoc);
    aSecHeader.insertSecurityHeader();
    final WSSecEncrypt aBuilder = _createEncrypt(aSecHeader, aCryptParams);
    // "cid:Attachments" is a predefined ID
    aBuilder.getParts().add(new WSEncryptionPart(MessageHelperMethods.PREFIX_CID + "Attachments", "Content"));
    WSS4JAttachmentCallbackHandler aAttachmentCallbackHandler = null;
    if (CollectionHelper.isNotEmpty(aAttachments)) {
        aAttachmentCallbackHandler = new WSS4JAttachmentCallbackHandler(aAttachments, aResHelper);
        aBuilder.setAttachmentCallbackHandler(aAttachmentCallbackHandler);
    }
    // Ensure mustUnderstand value
    final Attr aMustUnderstand = aSecHeader.getSecurityHeaderElement().getAttributeNodeNS(eSoapVersion.getNamespaceURI(), "mustUnderstand");
    if (aMustUnderstand != null)
        aMustUnderstand.setValue(eSoapVersion.getMustUnderstandValue(bMustUnderstand));
    // Generate a session key
    final KeyGenerator aKeyGen = KeyUtils.getKeyGenerator(WSS4JConstants.AES_128);
    final SecretKey aSymmetricKey = aKeyGen.generateKey();
    // Main sign and/or encrypt
    final Document aEncryptedDoc = aBuilder.build(aCryptoFactory.getCrypto(), aSymmetricKey);
    // The attachment callback handler contains the encrypted attachments
    // Important: read the attachment stream only once!
    ICommonsList<WSS4JAttachment> aEncryptedAttachments = null;
    if (aAttachmentCallbackHandler != null) {
        aEncryptedAttachments = aAttachmentCallbackHandler.getAllResponseAttachments();
        // MIME Type and CTE must be set for encrypted attachments!
        for (final WSS4JAttachment aAttachment : aEncryptedAttachments) {
            aAttachment.overwriteMimeType(CMimeType.APPLICATION_OCTET_STREAM.getAsString());
            aAttachment.setContentTransferEncoding(EContentTransferEncoding.BINARY);
        }
    }
    // Use the encrypted attachments!
    try {
        return MimeMessageCreator.generateMimeMessage(eSoapVersion, aEncryptedDoc, aEncryptedAttachments);
    } catch (final MessagingException ex) {
        throw new WSSecurityException(ErrorCode.FAILURE, ex, "Failed to generate MIME message");
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) SecretKey(javax.crypto.SecretKey) WSSecHeader(org.apache.wss4j.dom.message.WSSecHeader) WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt) MessagingException(javax.mail.MessagingException) WSS4JAttachmentCallbackHandler(com.helger.phase4.attachment.WSS4JAttachmentCallbackHandler) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) KeyGenerator(javax.crypto.KeyGenerator) Attr(org.w3c.dom.Attr) WSS4JAttachment(com.helger.phase4.attachment.WSS4JAttachment) Nonnull(javax.annotation.Nonnull)

Aggregations

WSS4JAttachment (com.helger.phase4.attachment.WSS4JAttachment)57 CommonsArrayList (com.helger.commons.collection.impl.CommonsArrayList)56 Test (org.junit.Test)44 AS4MimeMessage (com.helger.phase4.messaging.mime.AS4MimeMessage)39 HttpMimeMessageEntity (com.helger.phase4.http.HttpMimeMessageEntity)36 Document (org.w3c.dom.Document)36 Nonnull (javax.annotation.Nonnull)29 AS4UserMessage (com.helger.phase4.messaging.domain.AS4UserMessage)23 Ebms3Property (com.helger.phase4.ebms3header.Ebms3Property)15 Ebms3CollaborationInfo (com.helger.phase4.ebms3header.Ebms3CollaborationInfo)13 Ebms3MessageInfo (com.helger.phase4.ebms3header.Ebms3MessageInfo)13 Ebms3PayloadInfo (com.helger.phase4.ebms3header.Ebms3PayloadInfo)13 Ebms3PartyInfo (com.helger.phase4.ebms3header.Ebms3PartyInfo)12 Ebms3MessageProperties (com.helger.phase4.ebms3header.Ebms3MessageProperties)11 IOException (java.io.IOException)11 Node (org.w3c.dom.Node)11 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)9 ClassPathResource (com.helger.commons.io.resource.ClassPathResource)7 Phase4Exception (com.helger.phase4.util.Phase4Exception)7 MessagingException (javax.mail.MessagingException)7