use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.
the class AS4Signer method _createSignedMessage.
@Nonnull
private static Document _createSignedMessage(@Nonnull final IAS4CryptoFactory aCryptoFactory, @Nonnull final Document aPreSigningMessage, @Nonnull final ESoapVersion eSoapVersion, @Nonnull @Nonempty final String sMessagingID, @Nullable final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull @WillNotClose final AS4ResourceHelper aResHelper, final boolean bMustUnderstand, @Nonnull final AS4SigningParams aSigningParams) throws WSSecurityException {
ValueEnforcer.notNull(aCryptoFactory, "CryptoFactory");
ValueEnforcer.notNull(aPreSigningMessage, "PreSigningMessage");
ValueEnforcer.notNull(eSoapVersion, "SoapVersion");
ValueEnforcer.notEmpty(sMessagingID, "MessagingID");
ValueEnforcer.notNull(aResHelper, "ResHelper");
ValueEnforcer.notNull(aSigningParams, "SigningParams");
if (LOGGER.isInfoEnabled())
LOGGER.info("Now signing AS4 message");
// Start signing the document
final WSSecHeader aSecHeader = new WSSecHeader(aPreSigningMessage);
aSecHeader.insertSecurityHeader();
final WSSecSignature aBuilder = new WSSecSignature(aSecHeader);
aBuilder.setKeyIdentifierType(aSigningParams.getKeyIdentifierType().getTypeID());
// Set keystore alias and key password
aBuilder.setUserInfo(aCryptoFactory.getKeyAlias(), aCryptoFactory.getKeyPassword());
aBuilder.setSignatureAlgorithm(aSigningParams.getAlgorithmSign().getAlgorithmURI());
// PMode indicates the DigestAlgorithm as Hash Function
aBuilder.setDigestAlgo(aSigningParams.getAlgorithmSignDigest().getAlgorithmURI());
aBuilder.setSigCanonicalization(aSigningParams.getAlgorithmC14N().getAlgorithmURI());
// Sign the Ebms3 Messaging element itself
aBuilder.getParts().add(new WSEncryptionPart(sMessagingID, "Content"));
// Sign the SOAP body
aBuilder.getParts().add(new WSEncryptionPart("Body", eSoapVersion.getNamespaceURI(), "Content"));
if (CollectionHelper.isNotEmpty(aAttachments)) {
// Modify builder for attachments
// "cid:Attachments" is a predefined ID used inside WSSecSignatureBase
aBuilder.getParts().add(new WSEncryptionPart(MessageHelperMethods.PREFIX_CID + "Attachments", "Content"));
final WSS4JAttachmentCallbackHandler aAttachmentCallbackHandler = new WSS4JAttachmentCallbackHandler(aAttachments, aResHelper);
aBuilder.setAttachmentCallbackHandler(aAttachmentCallbackHandler);
}
// Set the mustUnderstand header of the wsse:Security element as well
final Attr aMustUnderstand = aSecHeader.getSecurityHeaderElement().getAttributeNodeNS(eSoapVersion.getNamespaceURI(), "mustUnderstand");
if (aMustUnderstand != null)
aMustUnderstand.setValue(eSoapVersion.getMustUnderstandValue(bMustUnderstand));
return aBuilder.build(aCryptoFactory.getCrypto());
}
use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.
the class AS4ReceiptMessage method create.
/**
* This method creates a receipt message.
*
* @param eSoapVersion
* SOAP Version which should be used
* @param sMessageID
* Message ID to use. May neither be <code>null</code> nor empty.
* @param aEbms3UserMessage
* The received usermessage which should be responded too
* @param aSoapDocument
* If the SOAPDocument has WSS4j elements and the following parameter
* is true NonRepudiation will be used if the message is signed
* @param bShouldUseNonRepudiation
* If NonRepudiation should be used or not
* @return AS4ReceiptMessage
*/
@Nonnull
public static AS4ReceiptMessage create(@Nonnull final ESoapVersion eSoapVersion, @Nonnull @Nonempty final String sMessageID, @Nullable final Ebms3UserMessage aEbms3UserMessage, @Nullable final Node aSoapDocument, @Nonnull final boolean bShouldUseNonRepudiation) {
// Only for signed messages
final ICommonsList<Node> aDSRefs = _getAllReferences(aSoapDocument);
final Ebms3SignalMessage aSignalMessage = new Ebms3SignalMessage();
// Message Info
{
// Always use "now" as date time
final Ebms3MessageInfo aEbms3MessageInfo = MessageHelperMethods.createEbms3MessageInfo(sMessageID, aEbms3UserMessage != null ? aEbms3UserMessage.getMessageInfo().getMessageId() : null);
aSignalMessage.setMessageInfo(aEbms3MessageInfo);
}
final Ebms3Receipt aEbms3Receipt = new Ebms3Receipt();
if (aDSRefs.isNotEmpty() && bShouldUseNonRepudiation) {
final NonRepudiationInformation aNonRepudiationInformation = new NonRepudiationInformation();
for (final Node aRef : aDSRefs) {
// Read XMLDsig Reference
final ReferenceType aRefObj = XMLDSigReaderBuilder.dsigReference().read(aRef);
// Add to NR response
final MessagePartNRInformation aMessagePartNRInformation = new MessagePartNRInformation();
aMessagePartNRInformation.setReference(aRefObj);
aNonRepudiationInformation.addMessagePartNRInformation(aMessagePartNRInformation);
}
aEbms3Receipt.addAny(Ebms3WriterBuilder.nonRepudiationInformation().getAsDocument(aNonRepudiationInformation).getDocumentElement());
} else {
if (aDSRefs.isEmpty())
LOGGER.info("Found no ds:Reference elements in the source message, hence returning the source UserMessage in the Receipt");
else
LOGGER.info("Non-repudiation is disabled, hence returning the source UserMessage in the Receipt");
// If the original usermessage is not signed, the receipt will contain the
// original message part without wss4j security
aEbms3Receipt.addAny(AS4UserMessage.create(eSoapVersion, aEbms3UserMessage).getAsSoapDocument().getDocumentElement());
}
aSignalMessage.setReceipt(aEbms3Receipt);
return new AS4ReceiptMessage(eSoapVersion, aSignalMessage);
}
use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.
the class PeppolCompatibilityValidator method _checkIfLegIsValid.
private static void _checkIfLegIsValid(@Nonnull final ErrorList aErrorList, @Nonnull final PModeLeg aPModeLeg, @Nonnull @Nonempty final String sFieldPrefix) {
final PModeLegProtocol aLegProtocol = aPModeLeg.getProtocol();
if (aLegProtocol == null) {
aErrorList.add(_createError(sFieldPrefix + "Protocol is missing"));
} else {
// PROTOCOL Address only https allowed
final String sAddressProtocol = aLegProtocol.getAddressProtocol();
if (StringHelper.hasText(sAddressProtocol)) {
if (sAddressProtocol.equalsIgnoreCase("https")) {
// Always okay
} else if (sAddressProtocol.equalsIgnoreCase("http") && GlobalDebug.isDebugMode()) {
// Okay in debug mode only
} else {
// Other protocol
aErrorList.add(_createError(sFieldPrefix + "AddressProtocol '" + sAddressProtocol + "' is unsupported"));
}
} else {
// Empty address protocol
if (false)
aErrorList.add(_createError(sFieldPrefix + "AddressProtocol is missing"));
}
final ESoapVersion eSOAPVersion = aLegProtocol.getSoapVersion();
if (!eSOAPVersion.isAS4Default()) {
aErrorList.add(_createError(sFieldPrefix + "SoapVersion '" + eSOAPVersion.getVersion() + "' is unsupported"));
}
}
// Only check the security features if a Security Leg is currently present
final PModeLegSecurity aPModeLegSecurity = aPModeLeg.getSecurity();
if (aPModeLegSecurity != null) {
// certificate is in Partner/SMP - therefore not here :)
if (false)
if (aPModeLegSecurity.getX509SignatureCertificate() == null) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureCertificate is missing"));
}
// Check Signature Algorithm
if (aPModeLegSecurity.getX509SignatureAlgorithm() == null) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureAlgorithm is missing"));
} else if (!aPModeLegSecurity.getX509SignatureAlgorithm().equals(ECryptoAlgorithmSign.RSA_SHA_256)) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureAlgorithm must use the value '" + ECryptoAlgorithmSign.RSA_SHA_256.getID() + "'"));
}
// Check Hash Function
if (aPModeLegSecurity.getX509SignatureHashFunction() == null) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureHashFunction is missing"));
} else if (!aPModeLegSecurity.getX509SignatureHashFunction().equals(ECryptoAlgorithmSignDigest.DIGEST_SHA_256)) {
aErrorList.add(_createError(sFieldPrefix + "Securoty.X509SignatureHashFunction must use the value '" + ECryptoAlgorithmSignDigest.DIGEST_SHA_256.getID() + "'"));
}
// Check Encrypt algorithm
if (aPModeLegSecurity.getX509EncryptionAlgorithm() == null) {
aErrorList.add(_createError(sFieldPrefix + "Security.X509EncryptionAlgorithm is missing"));
} else if (!aPModeLegSecurity.getX509EncryptionAlgorithm().equals(ECryptoAlgorithmCrypt.AES_128_GCM)) {
aErrorList.add(_createError(sFieldPrefix + "Securoty.X509EncryptionAlgorithm must use the value '" + ECryptoAlgorithmCrypt.AES_128_GCM.getID() + "' instead of '" + aPModeLegSecurity.getX509EncryptionAlgorithm().getID() + "'"));
}
// Check WSS Version = 1.1.1
if (aPModeLegSecurity.getWSSVersion() != null) {
// Check for WSS - Version if there is one present
if (!aPModeLegSecurity.getWSSVersion().equals(EWSSVersion.WSS_111))
aErrorList.add(_createError(sFieldPrefix + "Security.WSSVersion must use the value " + EWSSVersion.WSS_111 + " instead of " + aPModeLegSecurity.getWSSVersion()));
}
// PModeAuthorize
if (aPModeLegSecurity.isPModeAuthorizeDefined()) {
if (aPModeLegSecurity.isPModeAuthorize())
aErrorList.add(_createError(sFieldPrefix + "Security.PModeAuthorize must be set to 'false'"));
} else {
aErrorList.add(_createError(sFieldPrefix + "Security.PModeAuthorize is missing"));
}
// SEND RECEIPT TRUE/FALSE when false don't send receipts anymore
if (aPModeLegSecurity.isSendReceiptDefined()) {
if (aPModeLegSecurity.isSendReceipt()) {
// set response required
if (aPModeLegSecurity.getSendReceiptReplyPattern() != EPModeSendReceiptReplyPattern.RESPONSE)
aErrorList.add(_createError(sFieldPrefix + "Security.SendReceiptReplyPattern must use the value " + EPModeSendReceiptReplyPattern.RESPONSE + " instead of " + aPModeLegSecurity.getSendReceiptReplyPattern()));
}
}
} else {
aErrorList.add(_createError(sFieldPrefix + "Security is missing"));
}
// Error Handling
final PModeLegErrorHandling aErrorHandling = aPModeLeg.getErrorHandling();
if (aErrorHandling != null) {
if (aErrorHandling.isReportAsResponseDefined()) {
if (!aErrorHandling.isReportAsResponse())
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.AsResponse must be 'true'"));
} else {
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.AsResponse is missing"));
}
if (aErrorHandling.isReportProcessErrorNotifyConsumerDefined()) {
if (!aErrorHandling.isReportProcessErrorNotifyConsumer())
aErrorList.add(_createWarn(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyConsumer should be 'true'"));
} else {
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyConsumer is missing"));
}
if (aErrorHandling.isReportProcessErrorNotifyProducerDefined()) {
if (!aErrorHandling.isReportProcessErrorNotifyProducer())
aErrorList.add(_createWarn(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyProducer should be 'true'"));
} else {
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyProducer is missing"));
}
} else {
aErrorList.add(_createError(sFieldPrefix + "ErrorHandling is missing"));
}
}
use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.
the class MockPModeGenerator method getTestPModeWithSecurity.
@Nonnull
public static PMode getTestPModeWithSecurity(@Nonnull final ESoapVersion eSOAPVersion) {
final PMode aPMode = getTestPMode(eSOAPVersion);
final PModeLegSecurity aPModeLegSecurity = new PModeLegSecurity();
aPModeLegSecurity.setWSSVersion(EWSSVersion.WSS_111);
aPModeLegSecurity.setX509SignatureAlgorithm(ECryptoAlgorithmSign.SIGN_ALGORITHM_DEFAULT);
aPModeLegSecurity.setX509SignatureHashFunction(ECryptoAlgorithmSignDigest.SIGN_DIGEST_ALGORITHM_DEFAULT);
aPModeLegSecurity.setX509EncryptionAlgorithm(ECryptoAlgorithmCrypt.ENCRPYTION_ALGORITHM_DEFAULT);
aPModeLegSecurity.setSendReceiptReplyPattern(EPModeSendReceiptReplyPattern.RESPONSE);
aPModeLegSecurity.setSendReceiptNonRepudiation(true);
aPMode.setLeg1(new PModeLeg(_createPModeLegProtocol(eSOAPVersion), _createPModeLegBusinessInformation(eSOAPVersion), _createPModeLegErrorHandling(), null, aPModeLegSecurity));
// Leg 2 stays null, because we only use one-way
return aPMode;
}
use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.
the class MockPModeGenerator method getTestPMode.
@Nonnull
public static PMode getTestPMode(@Nonnull final ESoapVersion eSOAPVersion) {
final PModeParty aInitiator = _createInitiatorOrResponder(true, eSOAPVersion);
final PModeParty aResponder = _createInitiatorOrResponder(false, eSOAPVersion);
final PMode aConfig = new PMode(IPModeIDProvider.DEFAULT_DYNAMIC.getPModeID(aInitiator.getID(), aResponder.getID()), aInitiator, aResponder, DEFAULT_AGREEMENT, EMEP.ONE_WAY, EMEPBinding.PUSH, _createPModeLeg(eSOAPVersion), null, null, null);
// Leg 2 stays null, because we only use one-way
return aConfig;
}
Aggregations