use of com.helger.phase4.model.pmode.PMode in project phase4 by phax.
the class AS4Signer method _createSignedMessage.
@Nonnull
private static Document _createSignedMessage(@Nonnull final IAS4CryptoFactory aCryptoFactory, @Nonnull final Document aPreSigningMessage, @Nonnull final ESoapVersion eSoapVersion, @Nonnull @Nonempty final String sMessagingID, @Nullable final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull @WillNotClose final AS4ResourceHelper aResHelper, final boolean bMustUnderstand, @Nonnull final AS4SigningParams aSigningParams) throws WSSecurityException {
ValueEnforcer.notNull(aCryptoFactory, "CryptoFactory");
ValueEnforcer.notNull(aPreSigningMessage, "PreSigningMessage");
ValueEnforcer.notNull(eSoapVersion, "SoapVersion");
ValueEnforcer.notEmpty(sMessagingID, "MessagingID");
ValueEnforcer.notNull(aResHelper, "ResHelper");
ValueEnforcer.notNull(aSigningParams, "SigningParams");
if (LOGGER.isInfoEnabled())
LOGGER.info("Now signing AS4 message");
// Start signing the document
final WSSecHeader aSecHeader = new WSSecHeader(aPreSigningMessage);
aSecHeader.insertSecurityHeader();
final WSSecSignature aBuilder = new WSSecSignature(aSecHeader);
aBuilder.setKeyIdentifierType(aSigningParams.getKeyIdentifierType().getTypeID());
// Set keystore alias and key password
aBuilder.setUserInfo(aCryptoFactory.getKeyAlias(), aCryptoFactory.getKeyPassword());
aBuilder.setSignatureAlgorithm(aSigningParams.getAlgorithmSign().getAlgorithmURI());
// PMode indicates the DigestAlgorithm as Hash Function
aBuilder.setDigestAlgo(aSigningParams.getAlgorithmSignDigest().getAlgorithmURI());
aBuilder.setSigCanonicalization(aSigningParams.getAlgorithmC14N().getAlgorithmURI());
// Sign the Ebms3 Messaging element itself
aBuilder.getParts().add(new WSEncryptionPart(sMessagingID, "Content"));
// Sign the SOAP body
aBuilder.getParts().add(new WSEncryptionPart("Body", eSoapVersion.getNamespaceURI(), "Content"));
if (CollectionHelper.isNotEmpty(aAttachments)) {
// Modify builder for attachments
// "cid:Attachments" is a predefined ID used inside WSSecSignatureBase
aBuilder.getParts().add(new WSEncryptionPart(MessageHelperMethods.PREFIX_CID + "Attachments", "Content"));
final WSS4JAttachmentCallbackHandler aAttachmentCallbackHandler = new WSS4JAttachmentCallbackHandler(aAttachments, aResHelper);
aBuilder.setAttachmentCallbackHandler(aAttachmentCallbackHandler);
}
// Set the mustUnderstand header of the wsse:Security element as well
final Attr aMustUnderstand = aSecHeader.getSecurityHeaderElement().getAttributeNodeNS(eSoapVersion.getNamespaceURI(), "mustUnderstand");
if (aMustUnderstand != null)
aMustUnderstand.setValue(eSoapVersion.getMustUnderstandValue(bMustUnderstand));
return aBuilder.build(aCryptoFactory.getCrypto());
}
use of com.helger.phase4.model.pmode.PMode in project phase4 by phax.
the class Phase4PeppolServletMessageProcessorSPI method processAS4UserMessage.
@Nonnull
public AS4MessageProcessorResult processAS4UserMessage(@Nonnull final IAS4IncomingMessageMetadata aMessageMetadata, @Nonnull final HttpHeaderMap aHttpHeaders, @Nonnull final Ebms3UserMessage aUserMessage, @Nonnull final IPMode aSrcPMode, @Nullable final Node aPayload, @Nullable final ICommonsList<WSS4JAttachment> aIncomingAttachments, @Nonnull final IAS4MessageState aState, @Nonnull final ICommonsList<Ebms3Error> aProcessingErrorMessages) {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Invoking processAS4UserMessage");
final String sMessageID = aUserMessage.getMessageInfo().getMessageId();
final String sService = aUserMessage.getCollaborationInfo().getServiceValue();
final String sAction = aUserMessage.getCollaborationInfo().getAction();
final String sConversationID = aUserMessage.getCollaborationInfo().getConversationId();
final String sLogPrefix = "[" + sMessageID + "] ";
final Locale aDisplayLocale = aState.getLocale();
// Debug log
if (LOGGER.isDebugEnabled()) {
if (aSrcPMode == null)
LOGGER.debug(sLogPrefix + " No Source PMode present");
else
LOGGER.debug(sLogPrefix + " Source PMode = " + aSrcPMode.getID());
LOGGER.debug(sLogPrefix + " AS4 Message ID = '" + sMessageID + "'");
LOGGER.debug(sLogPrefix + " AS4 Service = '" + sService + "'");
LOGGER.debug(sLogPrefix + " AS4 Action = '" + sAction + "'");
LOGGER.debug(sLogPrefix + " AS4 ConversationId = '" + sConversationID + "'");
// Log source properties
if (aUserMessage.getMessageProperties() != null && aUserMessage.getMessageProperties().hasPropertyEntries()) {
LOGGER.debug(sLogPrefix + " AS4 MessageProperties:");
for (final Ebms3Property p : aUserMessage.getMessageProperties().getProperty()) LOGGER.debug(sLogPrefix + " [" + p.getName() + "] = [" + p.getValue() + "]");
} else
LOGGER.debug(sLogPrefix + " No AS4 Mesage Properties present");
if (aPayload == null)
LOGGER.debug(sLogPrefix + " No SOAP Body Payload present");
else
LOGGER.debug(sLogPrefix + " SOAP Body Payload = " + XMLWriter.getNodeAsString(aPayload));
}
// Read all attachments
final ICommonsList<ReadAttachment> aReadAttachments = new CommonsArrayList<>();
if (aIncomingAttachments != null) {
int nAttachmentIndex = 0;
for (final IAS4Attachment aIncomingAttachment : aIncomingAttachments) {
final ReadAttachment a = new ReadAttachment();
a.m_sID = aIncomingAttachment.getId();
a.m_sMimeType = aIncomingAttachment.getMimeType();
a.m_sUncompressedMimeType = aIncomingAttachment.getUncompressedMimeType();
a.m_aCharset = aIncomingAttachment.getCharset();
a.m_eCompressionMode = aIncomingAttachment.getCompressionMode();
try (final InputStream aSIS = aIncomingAttachment.getSourceStream()) {
final NonBlockingByteArrayOutputStream aBAOS = new NonBlockingByteArrayOutputStream();
if (StreamHelper.copyInputStreamToOutputStreamAndCloseOS(aSIS, aBAOS).isSuccess()) {
a.m_aPayloadBytes = aBAOS.getBufferOrCopy();
}
} catch (final IOException | AS4DecompressException ex) {
// Fall through
}
if (a.m_aPayloadBytes == null) {
LOGGER.error(sLogPrefix + "Failed to decompress the payload");
aProcessingErrorMessages.add(EEbmsError.EBMS_DECOMPRESSION_FAILURE.getAsEbms3Error(aDisplayLocale, aState.getMessageID()));
return AS4MessageProcessorResult.createFailure(null);
}
// Read data as SBDH
// Hint for production systems: this may take a huge amount of memory,
// if the payload is large
final ErrorList aSBDHErrors = new ErrorList();
a.m_aSBDH = SBDHReader.standardBusinessDocument().setValidationEventHandler(new WrappedCollectingValidationEventHandler(aSBDHErrors)).read(a.m_aPayloadBytes);
if (a.m_aSBDH == null) {
if (aSBDHErrors.isEmpty()) {
final String sMsg = "Failed to read the provided SBDH document";
LOGGER.error(sLogPrefix + sMsg);
aProcessingErrorMessages.add(EEbmsError.EBMS_OTHER.getAsEbms3Error(aDisplayLocale, aState.getMessageID(), sMsg));
} else {
for (final IError aError : aSBDHErrors) {
final String sMsg = "Peppol SBDH Issue: " + aError.getAsString(aDisplayLocale);
LOGGER.error(sLogPrefix + sMsg);
aProcessingErrorMessages.add(EEbmsError.EBMS_OTHER.getAsEbms3Error(aDisplayLocale, aState.getMessageID(), sMsg));
}
}
return AS4MessageProcessorResult.createFailure(null);
}
aReadAttachments.add(a);
if (LOGGER.isDebugEnabled())
LOGGER.debug(sLogPrefix + "AS4 Attachment " + nAttachmentIndex + " with ID [" + a.m_sID + "] uses [" + a.m_sMimeType + (a.m_sUncompressedMimeType == null ? null : " - uncompressed " + a.m_sUncompressedMimeType) + "] and [" + StringHelper.getToString(a.m_aCharset, "no charset") + "] and length is " + (a.m_aPayloadBytes == null ? "<error>" : Integer.toString(a.m_aPayloadBytes.length)) + " bytes" + (a.m_eCompressionMode == null ? "" : " of compressed payload"));
nAttachmentIndex++;
}
}
if (aReadAttachments.size() != 1) {
// In Peppol there must be exactly one payload
final String sMsg = "In Peppol exactly one payload attachment is expected. This request has " + aReadAttachments.size() + " attachments";
LOGGER.error(sLogPrefix + sMsg);
return AS4MessageProcessorResult.createFailure(sMsg);
}
// The one and only
final ReadAttachment aReadAttachment = aReadAttachments.getFirst();
// Extract Peppol values from SBD
final PeppolSBDHDocument aPeppolSBD;
try {
if (LOGGER.isDebugEnabled())
LOGGER.debug(sLogPrefix + "Now evaluating the SBDH against Peppol rules");
final boolean bPerformValueChecks = Phase4PeppolServletConfiguration.isPerformSBDHValueChecks();
aPeppolSBD = new PeppolSBDHDocumentReader(SimpleIdentifierFactory.INSTANCE).setPerformValueChecks(bPerformValueChecks).extractData(aReadAttachment.standardBusinessDocument());
if (LOGGER.isDebugEnabled())
LOGGER.debug(sLogPrefix + "The provided SBDH is valid according to Peppol rules, with value checks being " + (bPerformValueChecks ? "enabled" : "disabled"));
} catch (final PeppolSBDHDocumentReadException ex) {
final String sMsg = "Failed to extract the Peppol data from SBDH. Technical details: " + ex.getClass().getName() + " - " + ex.getMessage();
LOGGER.error(sLogPrefix + sMsg);
return AS4MessageProcessorResult.createFailure(sMsg);
}
if (m_aHandlers.isEmpty()) {
LOGGER.error(sLogPrefix + "No SPI handler is present - the message is unhandled and discarded");
} else {
// Start consistency checks?
final Phase4PeppolReceiverCheckData aReceiverCheckData = m_aReceiverCheckData != null ? m_aReceiverCheckData : Phase4PeppolServletConfiguration.getAsReceiverCheckData();
if (aReceiverCheckData != null) {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Performing check if the provided data is registered in our SMP");
try {
// Get the endpoint information required from the recipient
// Check if an endpoint is registered
final IParticipantIdentifier aReceiverID = aPeppolSBD.getReceiverAsIdentifier();
final IDocumentTypeIdentifier aDocTypeID = aPeppolSBD.getDocumentTypeAsIdentifier();
final IProcessIdentifier aProcessID = aPeppolSBD.getProcessAsIdentifier();
final EndpointType aReceiverEndpoint = _getReceiverEndpoint(sLogPrefix, aReceiverCheckData.getSMPClient(), aReceiverID, aDocTypeID, aProcessID);
if (aReceiverEndpoint == null) {
final String sMsg = "Failed to resolve SMP endpoint for provided receiver ID (" + (aReceiverID == null ? "null" : aReceiverID.getURIEncoded()) + ")/documentType ID (" + (aDocTypeID == null ? "null" : aDocTypeID.getURIEncoded()) + ")/process ID (" + (aProcessID == null ? "null" : aProcessID.getURIEncoded()) + ")/transport profile (" + m_aTransportProfile.getID() + ") - not handling incoming AS4 document";
LOGGER.error(sLogPrefix + sMsg);
return AS4MessageProcessorResult.createFailure(sMsg);
}
// Check if the message is for us
_checkIfReceiverEndpointURLMatches(sLogPrefix, aReceiverCheckData.getAS4EndpointURL(), aReceiverEndpoint);
// Get the recipient certificate from the SMP
_checkIfEndpointCertificateMatches(sLogPrefix, aReceiverCheckData.getAPCertificate(), aReceiverEndpoint);
} catch (final Phase4Exception ex) {
final String sMsg = "The addressing data contained in the SBDH could not be verified. Technical details: " + ex.getClass().getName() + " - " + ex.getMessage();
LOGGER.error(sLogPrefix + sMsg);
return AS4MessageProcessorResult.createFailure(sMsg);
}
} else {
LOGGER.info(sLogPrefix + "Endpoint checks for incoming AS4 messages are disabled");
}
for (final IPhase4PeppolIncomingSBDHandlerSPI aHandler : m_aHandlers) {
try {
if (LOGGER.isDebugEnabled())
LOGGER.debug(sLogPrefix + "Invoking Peppol handler " + aHandler);
aHandler.handleIncomingSBD(aMessageMetadata, aHttpHeaders.getClone(), aUserMessage.clone(), aReadAttachment.payloadBytes(), aReadAttachment.standardBusinessDocument(), aPeppolSBD, aState);
} catch (final Exception ex) {
LOGGER.error(sLogPrefix + "Error invoking Peppol handler " + aHandler, ex);
if (aHandler.exceptionTranslatesToAS4Error()) {
final String sMsg = "The incoming Peppol message could not be processed. Technical details: " + ex.getClass().getName() + " - " + ex.getMessage();
LOGGER.error(sLogPrefix + sMsg);
return AS4MessageProcessorResult.createFailure(sMsg);
}
}
}
}
return AS4MessageProcessorResult.createSuccess();
}
use of com.helger.phase4.model.pmode.PMode in project phase4 by phax.
the class CEFPMode method createCEFPMode.
/**
* One-Way Version of the CEF pmode uses one-way push
*
* @param sInitiatorID
* Initiator ID
* @param sResponderID
* Responder ID
* @param sResponderAddress
* Responder URL
* @param aPModeIDProvider
* PMode ID provider
* @param bPersist
* <code>true</code> to persist the PMode in the PModeManager,
* <code>false</code> to have it only in memory.
* @return New PMode
*/
@Nonnull
public static PMode createCEFPMode(@Nonnull @Nonempty final String sInitiatorID, @Nonnull @Nonempty final String sResponderID, @Nullable final String sResponderAddress, @Nonnull final IPModeIDProvider aPModeIDProvider, final boolean bPersist) {
final PModeParty aInitiator = PModeParty.createSimple(sInitiatorID, CAS4.DEFAULT_INITIATOR_URL);
final PModeParty aResponder = PModeParty.createSimple(sResponderID, CAS4.DEFAULT_RESPONDER_URL);
final PMode aPMode = new PMode(aPModeIDProvider.getPModeID(sInitiatorID, sResponderID), aInitiator, aResponder, DEFAULT_AGREEMENT_ID, EMEP.ONE_WAY, EMEPBinding.PUSH, generatePModeLeg(sResponderAddress), (PModeLeg) null, (PModePayloadService) null, generatePModeReceptionAwareness());
if (bPersist) {
// Ensure it is stored
MetaAS4Manager.getPModeMgr().createOrUpdatePMode(aPMode);
}
return aPMode;
}
use of com.helger.phase4.model.pmode.PMode in project phase4 by phax.
the class ENTSOGCompatibilityValidator method validatePMode.
@Override
public void validatePMode(@Nonnull final IPMode aPMode, @Nonnull final ErrorList aErrorList) {
ValueEnforcer.isTrue(aErrorList.isEmpty(), () -> "Errors in global PMode validation: " + aErrorList.toString());
try {
MetaAS4Manager.getPModeMgr().validatePMode(aPMode);
} catch (final PModeValidationException ex) {
aErrorList.add(_createError(ex.getMessage()));
}
final EMEP eMEP = aPMode.getMEP();
final EMEPBinding eMEPBinding = aPMode.getMEPBinding();
if ((eMEP == EMEP.ONE_WAY && eMEPBinding == EMEPBinding.PUSH) || (eMEP == EMEP.TWO_WAY && eMEPBinding == EMEPBinding.PUSH_PUSH)) {
// Valid
} else {
aErrorList.add(_createError("An invalid combination of PMode MEP (" + eMEP + ") and MEP binding (" + eMEPBinding + ") was specified, valid are only one-way/push and two-way/push-push."));
}
// Leg1 must be present
final PModeLeg aPModeLeg1 = aPMode.getLeg1();
if (aPModeLeg1 == null) {
aErrorList.add(_createError("PMode.Leg[1] is missing"));
} else {
_checkIfLegIsValid(aErrorList, aPModeLeg1, "PMode.Leg[1].");
}
if (aPMode.getLeg2() != null) {
aErrorList.add(_createError("PMode.Leg[2] must not be present"));
}
final PModePayloadService aPayloadService = aPMode.getPayloadService();
if (aPayloadService != null) {
final EAS4CompressionMode eCompressionMode = aPayloadService.getCompressionMode();
if (eCompressionMode != null) {
if (!eCompressionMode.equals(EAS4CompressionMode.GZIP))
aErrorList.add(_createError("PMode.PayloadService.CompressionMode must be " + EAS4CompressionMode.GZIP + " instead of " + eCompressionMode));
} else {
aErrorList.add(_createError("PMode.PayloadService.CompressionMode is missing"));
}
} else {
aErrorList.add(_createError("PMode.PayloadService is missing"));
}
}
use of com.helger.phase4.model.pmode.PMode in project phase4 by phax.
the class ENTSOGCompatibilityValidator method validateUserMessage.
@Override
public void validateUserMessage(@Nonnull final Ebms3UserMessage aUserMsg, @Nonnull final ErrorList aErrorList) {
ValueEnforcer.notNull(aUserMsg, "UserMsg");
if (aUserMsg.getMessageInfo() == null) {
aErrorList.add(_createError("MessageInfo is missing"));
} else {
if (StringHelper.hasNoText(aUserMsg.getMessageInfo().getMessageId()))
aErrorList.add(_createError("MessageInfo/MessageId is missing"));
if (StringHelper.hasText(aUserMsg.getMessageInfo().getRefToMessageId()))
aErrorList.add(_createError("MessageInfo/RefToMessageId must not be set"));
}
if (aUserMsg.getPartyInfo() == null) {
aErrorList.add(_createError("PartyInfo is missing"));
} else {
final Ebms3From aFrom = aUserMsg.getPartyInfo().getFrom();
if (aFrom != null) {
if (aFrom.getPartyIdCount() > 1)
aErrorList.add(_createError("PartyInfo/From must contain no more than one PartyID"));
}
final Ebms3To aTo = aUserMsg.getPartyInfo().getTo();
if (aTo != null) {
if (aTo.getPartyIdCount() > 1)
aErrorList.add(_createError("PartyInfo/To must contain no more than one PartyID"));
}
}
if (aUserMsg.getCollaborationInfo() == null) {
aErrorList.add(_createError("CollaborationInfo is missing"));
} else {
final Ebms3AgreementRef aAgreementRef = aUserMsg.getCollaborationInfo().getAgreementRef();
if (StringHelper.hasNoText(aAgreementRef.getValue()))
aErrorList.add(_createError("CollaborationInfo/AgreementRef value is missing"));
if (aAgreementRef.getPmode() != null)
aErrorList.add(_createError("CollaborationInfo/PMode has not to be set!"));
}
}
Aggregations