use of com.helger.phase4.model.pmode.leg.PModeLegSecurity in project phase4 by phax.
the class PeppolCompatibilityValidatorTest method testValidatePModeSecurityNoX509SignatureCertificate.
@Test
@Ignore("The X509 certificate is always null, as it is received from the SMP")
public void testValidatePModeSecurityNoX509SignatureCertificate() {
final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
aSecurityLeg.setX509SignatureCertificate(null);
m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, null, null, aSecurityLeg));
VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("X509SignatureCertificate is missing")));
}
use of com.helger.phase4.model.pmode.leg.PModeLegSecurity in project phase4 by phax.
the class PeppolCompatibilityValidatorTest method testValidatePModeSecurityResponsePatternWrongBoolean.
@Test
public void testValidatePModeSecurityResponsePatternWrongBoolean() {
final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
aSecurityLeg.setSendReceipt(true);
aSecurityLeg.setSendReceiptReplyPattern(EPModeSendReceiptReplyPattern.CALLBACK);
m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, null, null, aSecurityLeg));
VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("Security.SendReceiptReplyPattern must use the value RESPONSE instead of CALLBACK")));
}
use of com.helger.phase4.model.pmode.leg.PModeLegSecurity in project phase4 by phax.
the class PeppolCompatibilityValidatorTest method testValidatePModeSecurityNoX509SignatureAlgorithm.
@Test
public void testValidatePModeSecurityNoX509SignatureAlgorithm() {
final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
aSecurityLeg.setX509SignatureAlgorithm(null);
m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, null, null, aSecurityLeg));
VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("X509SignatureAlgorithm is missing")));
}
use of com.helger.phase4.model.pmode.leg.PModeLegSecurity in project phase4 by phax.
the class CEFCompatibilityValidator method _checkIfLegIsValid.
private static void _checkIfLegIsValid(@Nonnull final ErrorList aErrorList, @Nonnull final PModeLeg aPModeLeg, @Nonnull @Nonempty final String sFieldPrefix) {
final PModeLegProtocol aLegProtocol = aPModeLeg.getProtocol();
if (aLegProtocol == null) {
aErrorList.add(_createError(sFieldPrefix + "Protocol is missing"));
} else {
// PROTOCOL Address only https allowed
final String sAddressProtocol = aLegProtocol.getAddressProtocol();
if (StringHelper.hasText(sAddressProtocol)) {
if (sAddressProtocol.equalsIgnoreCase("https")) {
// Always okay
} else if (sAddressProtocol.equalsIgnoreCase("http") && GlobalDebug.isDebugMode()) {
// Okay in debug mode only
} else {
// Other protocol
aErrorList.add(_createError(sFieldPrefix + "AddressProtocol '" + sAddressProtocol + "' is unsupported"));
}
} else {
// Empty address protocol
if (false)
aErrorList.add(_createError(sFieldPrefix + "AddressProtocol is missing"));
}
final ESoapVersion eSOAPVersion = aLegProtocol.getSoapVersion();
if (!eSOAPVersion.isAS4Default()) {
aErrorList.add(_createError(sFieldPrefix + "SoapVersion '" + eSOAPVersion.getVersion() + "' is unsupported"));
}
}
// Only check the security features if a Security Leg is currently present
final PModeLegSecurity aPModeLegSecurity = aPModeLeg.getSecurity();
if (aPModeLegSecurity != null) {
// certificate is in Partner/SMP - therefore not here :)
if (false)
if (aPModeLegSecurity.getX509SignatureCertificate() == null) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureCertificate is missing"));
}
// Check Signature Algorithm
if (aPModeLegSecurity.getX509SignatureAlgorithm() == null) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureAlgorithm is missing"));
} else if (!aPModeLegSecurity.getX509SignatureAlgorithm().equals(ECryptoAlgorithmSign.RSA_SHA_256)) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureAlgorithm must use the value '" + ECryptoAlgorithmSign.RSA_SHA_256.getID() + "'"));
}
// Check Hash Function
if (aPModeLegSecurity.getX509SignatureHashFunction() == null) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureHashFunction is missing"));
} else if (!aPModeLegSecurity.getX509SignatureHashFunction().equals(ECryptoAlgorithmSignDigest.DIGEST_SHA_256)) {
aErrorList.add(_createError(sFieldPrefix + "Securoty.X509SignatureHashFunction must use the value '" + ECryptoAlgorithmSignDigest.DIGEST_SHA_256.getID() + "'"));
}
// Check Encrypt algorithm
if (aPModeLegSecurity.getX509EncryptionAlgorithm() == null) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509EncryptionAlgorithm is missing"));
} else if (!aPModeLegSecurity.getX509EncryptionAlgorithm().equals(ECryptoAlgorithmCrypt.AES_128_GCM)) {
aErrorList.add(_createError(sFieldPrefix + "Securoty.X509EncryptionAlgorithm must use the value '" + ECryptoAlgorithmCrypt.AES_128_GCM.getID() + "' instead of '" + aPModeLegSecurity.getX509EncryptionAlgorithm().getID() + "'"));
}
// Check WSS Version = 1.1.1
if (aPModeLegSecurity.getWSSVersion() != null) {
// Check for WSS - Version if there is one present
if (!aPModeLegSecurity.getWSSVersion().equals(EWSSVersion.WSS_111))
aErrorList.add(_createError(sFieldPrefix + "Security.WSSVersion must use the value " + EWSSVersion.WSS_111 + " instead of " + aPModeLegSecurity.getWSSVersion()));
}
// PModeAuthorize
if (aPModeLegSecurity.isPModeAuthorizeDefined()) {
if (aPModeLegSecurity.isPModeAuthorize())
aErrorList.add(_createError(sFieldPrefix + "Security.PModeAuthorize must be set to 'false'"));
} else {
aErrorList.add(_createError(sFieldPrefix + "Security.PModeAuthorize is missing"));
}
// SEND RECEIPT TRUE/FALSE when false don't send receipts anymore
if (aPModeLegSecurity.isSendReceiptDefined()) {
if (aPModeLegSecurity.isSendReceipt()) {
// set response required
if (aPModeLegSecurity.getSendReceiptReplyPattern() != EPModeSendReceiptReplyPattern.RESPONSE)
aErrorList.add(_createError(sFieldPrefix + "Security.SendReceiptReplyPattern must use the value " + EPModeSendReceiptReplyPattern.RESPONSE + " instead of " + aPModeLegSecurity.getSendReceiptReplyPattern()));
}
}
} else {
aErrorList.add(_createError(sFieldPrefix + "Security is missing"));
}
// Error Handling
final PModeLegErrorHandling aErrorHandling = aPModeLeg.getErrorHandling();
if (aErrorHandling != null) {
if (aErrorHandling.isReportAsResponseDefined()) {
if (!aErrorHandling.isReportAsResponse())
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.AsResponse must be 'true'"));
} else {
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.AsResponse is missing"));
}
if (aErrorHandling.isReportProcessErrorNotifyConsumerDefined()) {
if (!aErrorHandling.isReportProcessErrorNotifyConsumer())
aErrorList.add(_createWarn(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyConsumer should be 'true'"));
} else {
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyConsumer is missing"));
}
if (aErrorHandling.isReportProcessErrorNotifyProducerDefined()) {
if (!aErrorHandling.isReportProcessErrorNotifyProducer())
aErrorList.add(_createWarn(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyProducer should be 'true'"));
} else {
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyProducer is missing"));
}
} else {
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling is missing"));
}
}
use of com.helger.phase4.model.pmode.leg.PModeLegSecurity in project phase4 by phax.
the class CEFCompatibilityValidatorTest method testValidatePModeSecurityNoX509SignatureAlgorithm.
@Test
public void testValidatePModeSecurityNoX509SignatureAlgorithm() {
final PModeLegSecurity aSecurityLeg = m_aPMode.getLeg1().getSecurity();
aSecurityLeg.setX509SignatureAlgorithm(null);
m_aPMode.setLeg1(new PModeLeg(PModeLegProtocol.createForDefaultSoapVersion("http://test.example.org"), null, PModeLegErrorHandling.createUndefined(), null, aSecurityLeg));
VALIDATOR.validatePMode(m_aPMode, m_aErrorList);
assertTrue(m_aErrorList.containsAny(x -> x.getErrorText(LOCALE).contains("X509SignatureAlgorithm is missing")));
}
Aggregations