use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.
the class CEFCompatibilityValidatorTest method testValidatePModeSecurityNoX509SignatureAlgorithm.
@Test
public void testValidatePModeSecurityNoX509SignatureAlgorithm() {
final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
aSecurityLeg.setX509SignatureAlgorithm(null);
m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, PModeLegErrorHandling.createUndefined(), null, aSecurityLeg));
VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("X509SignatureAlgorithm is missing")));
}
use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.
the class CEFCompatibilityValidatorTest method testValidatePModeSecurityResponsePatternWrongBoolean.
@Test
public void testValidatePModeSecurityResponsePatternWrongBoolean() {
final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
aSecurityLeg.setSendReceipt(true);
aSecurityLeg.setSendReceiptReplyPattern(EPModeSendReceiptReplyPattern.CALLBACK);
m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, null, null, aSecurityLeg));
VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("Security.SendReceiptReplyPattern must use the value RESPONSE instead of CALLBACK")));
}
use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.
the class CEFCompatibilityValidatorTest method testValidatePModeSecurityNoX509SignatureHashFunction.
@Test
public void testValidatePModeSecurityNoX509SignatureHashFunction() {
final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
aSecurityLeg.setX509SignatureHashFunction(null);
m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, null, null, aSecurityLeg));
VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("X509SignatureHashFunction is missing")));
}
use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.
the class MockPModeGenerator method _createPModeLeg.
@Nonnull
private static PModeLeg _createPModeLeg(@Nonnull final ESoapVersion eSOAPVersion) {
final PModeLegReliability aPModeLegReliability = null;
final PModeLegSecurity aPModeLegSecurity = null;
return new PModeLeg(_createPModeLegProtocol(eSOAPVersion), _createPModeLegBusinessInformation(eSOAPVersion), _createPModeLegErrorHandling(), aPModeLegReliability, aPModeLegSecurity);
}
use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.
the class SOAPHeaderElementProcessorWSS4J method processHeaderElement.
@Nonnull
public ESuccess processHeaderElement(@Nonnull final Document aSOAPDoc, @Nonnull final Element aSecurityNode, @Nonnull final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull final AS4MessageState aState, @Nonnull final ErrorList aErrorList) {
IPMode aPMode = aState.getPMode();
if (aPMode == null)
aPMode = m_aFallbackPMode;
// Safety Check
if (aPMode == null)
throw new IllegalStateException("No PMode contained in AS4 state - seems like Ebms3 Messaging header is missing!");
// Default is Leg 1, gets overwritten when a reference to a message id
// exists and then uses leg2
final Locale aLocale = aState.getLocale();
PModeLeg aPModeLeg = aPMode.getLeg1();
final Ebms3UserMessage aUserMessage = aState.getEbmsUserMessage();
if (aUserMessage != null && StringHelper.hasText(aUserMessage.getMessageInfo().getRefToMessageId()))
aPModeLeg = aPMode.getLeg2();
// Does security - leg part checks if not <code>null</code>
if (aPModeLeg.getSecurity() != null) {
// Get Signature Algorithm
Element aSignedNode = XMLHelper.getFirstChildElementOfName(aSecurityNode, CAS4.DS_NS, "Signature");
if (aSignedNode != null) {
// Go through the security nodes to find the algorithm attribute
aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "SignedInfo");
final Element aSignatureAlgorithm = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "SignatureMethod");
String sAlgorithm = aSignatureAlgorithm == null ? null : aSignatureAlgorithm.getAttribute("Algorithm");
final ECryptoAlgorithmSign eSignAlgo = ECryptoAlgorithmSign.getFromURIOrNull(sAlgorithm);
if (eSignAlgo == null) {
LOGGER.error("Error processing the Security Header, your signing algorithm '" + sAlgorithm + "' is incorrect. Expected one of the following '" + Arrays.asList(ECryptoAlgorithmSign.values()) + "' algorithms");
aErrorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(aLocale));
return ESuccess.FAILURE;
}
if (LOGGER.isDebugEnabled())
LOGGER.debug("Using signature algorithm " + eSignAlgo);
// Get Signature Digest Algorithm
aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "Reference");
aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "DigestMethod");
sAlgorithm = aSignedNode == null ? null : aSignedNode.getAttribute("Algorithm");
final ECryptoAlgorithmSignDigest eSignDigestAlgo = ECryptoAlgorithmSignDigest.getFromURIOrNull(sAlgorithm);
if (eSignDigestAlgo == null) {
LOGGER.error("Error processing the Security Header, your signing digest algorithm is incorrect. Expected one of the following'" + Arrays.toString(ECryptoAlgorithmSignDigest.values()) + "' algorithms");
aErrorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(aLocale));
return ESuccess.FAILURE;
}
if (LOGGER.isDebugEnabled())
LOGGER.debug("Using signature digest algorithm " + eSignDigestAlgo);
}
// Check attachment validity only if a PartInfo element is available
if (aUserMessage != null) {
final boolean bBodyPayloadPresent = aState.isSoapBodyPayloadPresent();
// Check if Attachment IDs are the same
for (int i = 0; i < aAttachments.size(); i++) {
String sAttachmentID = aAttachments.get(i).getHeaders().get(AttachmentUtils.MIME_HEADER_CONTENT_ID);
if (StringHelper.hasNoText(sAttachmentID)) {
LOGGER.error("The provided attachment ID in the 'Content-ID' header may not be empty.");
aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
return ESuccess.FAILURE;
}
if (!sAttachmentID.startsWith(WSS4JAttachment.CONTENT_ID_PREFIX)) {
LOGGER.error("The provided attachment ID '" + sAttachmentID + "' in the 'Content-ID' header does not start with the required prefix '" + WSS4JAttachment.CONTENT_ID_PREFIX + "'");
aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
return ESuccess.FAILURE;
}
if (!sAttachmentID.endsWith(WSS4JAttachment.CONTENT_ID_SUFFIX)) {
LOGGER.error("The provided attachment ID '" + sAttachmentID + "' in the 'Content-ID' header does not end with the required suffix '" + WSS4JAttachment.CONTENT_ID_SUFFIX + "'");
aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
return ESuccess.FAILURE;
}
// Strip prefix and suffix
sAttachmentID = sAttachmentID.substring(WSS4JAttachment.CONTENT_ID_PREFIX.length(), sAttachmentID.length() - WSS4JAttachment.CONTENT_ID_SUFFIX.length());
// Add +1 because the payload has index 0
final String sHref = aUserMessage.getPayloadInfo().getPartInfoAtIndex((bBodyPayloadPresent ? 1 : 0) + i).getHref();
if (!sHref.contains(sAttachmentID)) {
LOGGER.error("The usermessage part information '" + sHref + "' does not reference the respective attachment ID '" + sAttachmentID + "'");
aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
return ESuccess.FAILURE;
}
}
}
final ESuccess eSuccess;
if (AS4Configuration.isWSS4JSynchronizedSecurity()) {
// Use static WSSConfig creation
eSuccess = WSSSynchronizer.call(() -> _verifyAndDecrypt(aSOAPDoc, aAttachments, aState, aErrorList, WSSConfigManager::createStaticWSSConfig));
} else {
// Use instance WSSConfig creation
eSuccess = _verifyAndDecrypt(aSOAPDoc, aAttachments, aState, aErrorList, WSSConfigManager.getInstance()::createWSSConfig);
}
if (eSuccess.isFailure())
return ESuccess.FAILURE;
}
return ESuccess.SUCCESS;
}
Aggregations