Search in sources :

Example 46 with PModeLeg

use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.

the class CEFCompatibilityValidatorTest method testValidatePModeSecurityNoX509SignatureAlgorithm.

@Test
public void testValidatePModeSecurityNoX509SignatureAlgorithm() {
    final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
    aSecurityLeg.setX509SignatureAlgorithm(null);
    m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, PModeLegErrorHandling.createUndefined(), null, aSecurityLeg));
    VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
    assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("X509SignatureAlgorithm is missing")));
}
Also used : Ebms3SignalMessage(com.helger.phase4.ebms3header.Ebms3SignalMessage) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity) MessageHelperMethods(com.helger.phase4.messaging.domain.MessageHelperMethods) EMEP(com.helger.phase4.model.EMEP) ErrorList(com.helger.commons.error.list.ErrorList) ETriState(com.helger.commons.state.ETriState) ESoapVersion(com.helger.phase4.soap.ESoapVersion) Assert.assertNotSame(org.junit.Assert.assertNotSame) EPModeSendReceiptReplyPattern(com.helger.phase4.model.pmode.leg.EPModeSendReceiptReplyPattern) ECryptoAlgorithmSign(com.helger.phase4.crypto.ECryptoAlgorithmSign) Locale(java.util.Locale) Ebms3MessageInfo(com.helger.phase4.ebms3header.Ebms3MessageInfo) PMode(com.helger.phase4.model.pmode.PMode) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) ClassRule(org.junit.ClassRule) PModeLegErrorHandling(com.helger.phase4.model.pmode.leg.PModeLegErrorHandling) PhotonAppWebTestRule(com.helger.photon.app.mock.PhotonAppWebTestRule) Before(org.junit.Before) Ebms3PartyId(com.helger.phase4.ebms3header.Ebms3PartyId) PModeLegProtocol(com.helger.phase4.model.pmode.leg.PModeLegProtocol) Ebms3UserMessage(com.helger.phase4.ebms3header.Ebms3UserMessage) ECryptoAlgorithmSignDigest(com.helger.phase4.crypto.ECryptoAlgorithmSignDigest) EWSSVersion(com.helger.phase4.wss.EWSSVersion) Assert.assertTrue(org.junit.Assert.assertTrue) EMEPBinding(com.helger.phase4.model.EMEPBinding) Test(org.junit.Test) Ebms3To(com.helger.phase4.ebms3header.Ebms3To) ECryptoAlgorithmCrypt(com.helger.phase4.crypto.ECryptoAlgorithmCrypt) Ebms3From(com.helger.phase4.ebms3header.Ebms3From) Ignore(org.junit.Ignore) Ebms3PartyInfo(com.helger.phase4.ebms3header.Ebms3PartyInfo) IPModeIDProvider(com.helger.phase4.model.pmode.IPModeIDProvider) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity) Test(org.junit.Test)

Example 47 with PModeLeg

use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.

the class CEFCompatibilityValidatorTest method testValidatePModeSecurityResponsePatternWrongBoolean.

@Test
public void testValidatePModeSecurityResponsePatternWrongBoolean() {
    final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
    aSecurityLeg.setSendReceipt(true);
    aSecurityLeg.setSendReceiptReplyPattern(EPModeSendReceiptReplyPattern.CALLBACK);
    m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, null, null, aSecurityLeg));
    VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
    assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("Security.SendReceiptReplyPattern must use the value RESPONSE instead of CALLBACK")));
}
Also used : Ebms3SignalMessage(com.helger.phase4.ebms3header.Ebms3SignalMessage) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity) MessageHelperMethods(com.helger.phase4.messaging.domain.MessageHelperMethods) EMEP(com.helger.phase4.model.EMEP) ErrorList(com.helger.commons.error.list.ErrorList) ETriState(com.helger.commons.state.ETriState) ESoapVersion(com.helger.phase4.soap.ESoapVersion) Assert.assertNotSame(org.junit.Assert.assertNotSame) EPModeSendReceiptReplyPattern(com.helger.phase4.model.pmode.leg.EPModeSendReceiptReplyPattern) ECryptoAlgorithmSign(com.helger.phase4.crypto.ECryptoAlgorithmSign) Locale(java.util.Locale) Ebms3MessageInfo(com.helger.phase4.ebms3header.Ebms3MessageInfo) PMode(com.helger.phase4.model.pmode.PMode) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) ClassRule(org.junit.ClassRule) PModeLegErrorHandling(com.helger.phase4.model.pmode.leg.PModeLegErrorHandling) PhotonAppWebTestRule(com.helger.photon.app.mock.PhotonAppWebTestRule) Before(org.junit.Before) Ebms3PartyId(com.helger.phase4.ebms3header.Ebms3PartyId) PModeLegProtocol(com.helger.phase4.model.pmode.leg.PModeLegProtocol) Ebms3UserMessage(com.helger.phase4.ebms3header.Ebms3UserMessage) ECryptoAlgorithmSignDigest(com.helger.phase4.crypto.ECryptoAlgorithmSignDigest) EWSSVersion(com.helger.phase4.wss.EWSSVersion) Assert.assertTrue(org.junit.Assert.assertTrue) EMEPBinding(com.helger.phase4.model.EMEPBinding) Test(org.junit.Test) Ebms3To(com.helger.phase4.ebms3header.Ebms3To) ECryptoAlgorithmCrypt(com.helger.phase4.crypto.ECryptoAlgorithmCrypt) Ebms3From(com.helger.phase4.ebms3header.Ebms3From) Ignore(org.junit.Ignore) Ebms3PartyInfo(com.helger.phase4.ebms3header.Ebms3PartyInfo) IPModeIDProvider(com.helger.phase4.model.pmode.IPModeIDProvider) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity) Test(org.junit.Test)

Example 48 with PModeLeg

use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.

the class CEFCompatibilityValidatorTest method testValidatePModeSecurityNoX509SignatureHashFunction.

@Test
public void testValidatePModeSecurityNoX509SignatureHashFunction() {
    final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
    aSecurityLeg.setX509SignatureHashFunction(null);
    m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, null, null, aSecurityLeg));
    VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
    assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("X509SignatureHashFunction is missing")));
}
Also used : Ebms3SignalMessage(com.helger.phase4.ebms3header.Ebms3SignalMessage) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity) MessageHelperMethods(com.helger.phase4.messaging.domain.MessageHelperMethods) EMEP(com.helger.phase4.model.EMEP) ErrorList(com.helger.commons.error.list.ErrorList) ETriState(com.helger.commons.state.ETriState) ESoapVersion(com.helger.phase4.soap.ESoapVersion) Assert.assertNotSame(org.junit.Assert.assertNotSame) EPModeSendReceiptReplyPattern(com.helger.phase4.model.pmode.leg.EPModeSendReceiptReplyPattern) ECryptoAlgorithmSign(com.helger.phase4.crypto.ECryptoAlgorithmSign) Locale(java.util.Locale) Ebms3MessageInfo(com.helger.phase4.ebms3header.Ebms3MessageInfo) PMode(com.helger.phase4.model.pmode.PMode) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) ClassRule(org.junit.ClassRule) PModeLegErrorHandling(com.helger.phase4.model.pmode.leg.PModeLegErrorHandling) PhotonAppWebTestRule(com.helger.photon.app.mock.PhotonAppWebTestRule) Before(org.junit.Before) Ebms3PartyId(com.helger.phase4.ebms3header.Ebms3PartyId) PModeLegProtocol(com.helger.phase4.model.pmode.leg.PModeLegProtocol) Ebms3UserMessage(com.helger.phase4.ebms3header.Ebms3UserMessage) ECryptoAlgorithmSignDigest(com.helger.phase4.crypto.ECryptoAlgorithmSignDigest) EWSSVersion(com.helger.phase4.wss.EWSSVersion) Assert.assertTrue(org.junit.Assert.assertTrue) EMEPBinding(com.helger.phase4.model.EMEPBinding) Test(org.junit.Test) Ebms3To(com.helger.phase4.ebms3header.Ebms3To) ECryptoAlgorithmCrypt(com.helger.phase4.crypto.ECryptoAlgorithmCrypt) Ebms3From(com.helger.phase4.ebms3header.Ebms3From) Ignore(org.junit.Ignore) Ebms3PartyInfo(com.helger.phase4.ebms3header.Ebms3PartyInfo) IPModeIDProvider(com.helger.phase4.model.pmode.IPModeIDProvider) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity) Test(org.junit.Test)

Example 49 with PModeLeg

use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.

the class MockPModeGenerator method _createPModeLeg.

@Nonnull
private static PModeLeg _createPModeLeg(@Nonnull final ESoapVersion eSOAPVersion) {
    final PModeLegReliability aPModeLegReliability = null;
    final PModeLegSecurity aPModeLegSecurity = null;
    return new PModeLeg(_createPModeLegProtocol(eSOAPVersion), _createPModeLegBusinessInformation(eSOAPVersion), _createPModeLegErrorHandling(), aPModeLegReliability, aPModeLegSecurity);
}
Also used : PModeLegReliability(com.helger.phase4.model.pmode.leg.PModeLegReliability) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity) Nonnull(javax.annotation.Nonnull)

Example 50 with PModeLeg

use of com.helger.phase4.model.pmode.leg.PModeLeg in project phase4 by phax.

the class SOAPHeaderElementProcessorWSS4J method processHeaderElement.

@Nonnull
public ESuccess processHeaderElement(@Nonnull final Document aSOAPDoc, @Nonnull final Element aSecurityNode, @Nonnull final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull final AS4MessageState aState, @Nonnull final ErrorList aErrorList) {
    IPMode aPMode = aState.getPMode();
    if (aPMode == null)
        aPMode = m_aFallbackPMode;
    // Safety Check
    if (aPMode == null)
        throw new IllegalStateException("No PMode contained in AS4 state - seems like Ebms3 Messaging header is missing!");
    // Default is Leg 1, gets overwritten when a reference to a message id
    // exists and then uses leg2
    final Locale aLocale = aState.getLocale();
    PModeLeg aPModeLeg = aPMode.getLeg1();
    final Ebms3UserMessage aUserMessage = aState.getEbmsUserMessage();
    if (aUserMessage != null && StringHelper.hasText(aUserMessage.getMessageInfo().getRefToMessageId()))
        aPModeLeg = aPMode.getLeg2();
    // Does security - leg part checks if not <code>null</code>
    if (aPModeLeg.getSecurity() != null) {
        // Get Signature Algorithm
        Element aSignedNode = XMLHelper.getFirstChildElementOfName(aSecurityNode, CAS4.DS_NS, "Signature");
        if (aSignedNode != null) {
            // Go through the security nodes to find the algorithm attribute
            aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "SignedInfo");
            final Element aSignatureAlgorithm = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "SignatureMethod");
            String sAlgorithm = aSignatureAlgorithm == null ? null : aSignatureAlgorithm.getAttribute("Algorithm");
            final ECryptoAlgorithmSign eSignAlgo = ECryptoAlgorithmSign.getFromURIOrNull(sAlgorithm);
            if (eSignAlgo == null) {
                LOGGER.error("Error processing the Security Header, your signing algorithm '" + sAlgorithm + "' is incorrect. Expected one of the following '" + Arrays.asList(ECryptoAlgorithmSign.values()) + "' algorithms");
                aErrorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            if (LOGGER.isDebugEnabled())
                LOGGER.debug("Using signature algorithm " + eSignAlgo);
            // Get Signature Digest Algorithm
            aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "Reference");
            aSignedNode = XMLHelper.getFirstChildElementOfName(aSignedNode, CAS4.DS_NS, "DigestMethod");
            sAlgorithm = aSignedNode == null ? null : aSignedNode.getAttribute("Algorithm");
            final ECryptoAlgorithmSignDigest eSignDigestAlgo = ECryptoAlgorithmSignDigest.getFromURIOrNull(sAlgorithm);
            if (eSignDigestAlgo == null) {
                LOGGER.error("Error processing the Security Header, your signing digest algorithm is incorrect. Expected one of the following'" + Arrays.toString(ECryptoAlgorithmSignDigest.values()) + "' algorithms");
                aErrorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(aLocale));
                return ESuccess.FAILURE;
            }
            if (LOGGER.isDebugEnabled())
                LOGGER.debug("Using signature digest algorithm " + eSignDigestAlgo);
        }
        // Check attachment validity only if a PartInfo element is available
        if (aUserMessage != null) {
            final boolean bBodyPayloadPresent = aState.isSoapBodyPayloadPresent();
            // Check if Attachment IDs are the same
            for (int i = 0; i < aAttachments.size(); i++) {
                String sAttachmentID = aAttachments.get(i).getHeaders().get(AttachmentUtils.MIME_HEADER_CONTENT_ID);
                if (StringHelper.hasNoText(sAttachmentID)) {
                    LOGGER.error("The provided attachment ID in the 'Content-ID' header may not be empty.");
                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                    return ESuccess.FAILURE;
                }
                if (!sAttachmentID.startsWith(WSS4JAttachment.CONTENT_ID_PREFIX)) {
                    LOGGER.error("The provided attachment ID '" + sAttachmentID + "' in the 'Content-ID' header does not start with the required prefix '" + WSS4JAttachment.CONTENT_ID_PREFIX + "'");
                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                    return ESuccess.FAILURE;
                }
                if (!sAttachmentID.endsWith(WSS4JAttachment.CONTENT_ID_SUFFIX)) {
                    LOGGER.error("The provided attachment ID '" + sAttachmentID + "' in the 'Content-ID' header does not end with the required suffix '" + WSS4JAttachment.CONTENT_ID_SUFFIX + "'");
                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                    return ESuccess.FAILURE;
                }
                // Strip prefix and suffix
                sAttachmentID = sAttachmentID.substring(WSS4JAttachment.CONTENT_ID_PREFIX.length(), sAttachmentID.length() - WSS4JAttachment.CONTENT_ID_SUFFIX.length());
                // Add +1 because the payload has index 0
                final String sHref = aUserMessage.getPayloadInfo().getPartInfoAtIndex((bBodyPayloadPresent ? 1 : 0) + i).getHref();
                if (!sHref.contains(sAttachmentID)) {
                    LOGGER.error("The usermessage part information '" + sHref + "' does not reference the respective attachment ID '" + sAttachmentID + "'");
                    aErrorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(aLocale));
                    return ESuccess.FAILURE;
                }
            }
        }
        final ESuccess eSuccess;
        if (AS4Configuration.isWSS4JSynchronizedSecurity()) {
            // Use static WSSConfig creation
            eSuccess = WSSSynchronizer.call(() -> _verifyAndDecrypt(aSOAPDoc, aAttachments, aState, aErrorList, WSSConfigManager::createStaticWSSConfig));
        } else {
            // Use instance WSSConfig creation
            eSuccess = _verifyAndDecrypt(aSOAPDoc, aAttachments, aState, aErrorList, WSSConfigManager.getInstance()::createWSSConfig);
        }
        if (eSuccess.isFailure())
            return ESuccess.FAILURE;
    }
    return ESuccess.SUCCESS;
}
Also used : Locale(java.util.Locale) ESuccess(com.helger.commons.state.ESuccess) PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) Element(org.w3c.dom.Element) IPMode(com.helger.phase4.model.pmode.IPMode) ECryptoAlgorithmSignDigest(com.helger.phase4.crypto.ECryptoAlgorithmSignDigest) WSSConfigManager(com.helger.phase4.wss.WSSConfigManager) Ebms3UserMessage(com.helger.phase4.ebms3header.Ebms3UserMessage) ECryptoAlgorithmSign(com.helger.phase4.crypto.ECryptoAlgorithmSign) Nonnull(javax.annotation.Nonnull)

Aggregations

PModeLeg (com.helger.phase4.model.pmode.leg.PModeLeg)99 PMode (com.helger.phase4.model.pmode.PMode)91 PModeLegSecurity (com.helger.phase4.model.pmode.leg.PModeLegSecurity)89 EMEP (com.helger.phase4.model.EMEP)88 EMEPBinding (com.helger.phase4.model.EMEPBinding)88 Ebms3UserMessage (com.helger.phase4.ebms3header.Ebms3UserMessage)87 PModeLegErrorHandling (com.helger.phase4.model.pmode.leg.PModeLegErrorHandling)87 PModeLegProtocol (com.helger.phase4.model.pmode.leg.PModeLegProtocol)86 ESoapVersion (com.helger.phase4.soap.ESoapVersion)86 Before (org.junit.Before)86 Ebms3SignalMessage (com.helger.phase4.ebms3header.Ebms3SignalMessage)85 Locale (java.util.Locale)85 ErrorList (com.helger.commons.error.list.ErrorList)84 ECryptoAlgorithmSign (com.helger.phase4.crypto.ECryptoAlgorithmSign)84 ECryptoAlgorithmSignDigest (com.helger.phase4.crypto.ECryptoAlgorithmSignDigest)84 Ebms3MessageInfo (com.helger.phase4.ebms3header.Ebms3MessageInfo)84 Ebms3PartyId (com.helger.phase4.ebms3header.Ebms3PartyId)84 Ignore (org.junit.Ignore)84 Test (org.junit.Test)84 ETriState (com.helger.commons.state.ETriState)83