Search in sources :

Example 31 with ESoapVersion

use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.

the class AS4Signer method _createSignedMessage.

@Nonnull
private static Document _createSignedMessage(@Nonnull final IAS4CryptoFactory aCryptoFactory, @Nonnull final Document aPreSigningMessage, @Nonnull final ESoapVersion eSoapVersion, @Nonnull @Nonempty final String sMessagingID, @Nullable final ICommonsList<WSS4JAttachment> aAttachments, @Nonnull @WillNotClose final AS4ResourceHelper aResHelper, final boolean bMustUnderstand, @Nonnull final AS4SigningParams aSigningParams) throws WSSecurityException {
    ValueEnforcer.notNull(aCryptoFactory, "CryptoFactory");
    ValueEnforcer.notNull(aPreSigningMessage, "PreSigningMessage");
    ValueEnforcer.notNull(eSoapVersion, "SoapVersion");
    ValueEnforcer.notEmpty(sMessagingID, "MessagingID");
    ValueEnforcer.notNull(aResHelper, "ResHelper");
    ValueEnforcer.notNull(aSigningParams, "SigningParams");
    if (LOGGER.isInfoEnabled())
        LOGGER.info("Now signing AS4 message");
    // Start signing the document
    final WSSecHeader aSecHeader = new WSSecHeader(aPreSigningMessage);
    aSecHeader.insertSecurityHeader();
    final WSSecSignature aBuilder = new WSSecSignature(aSecHeader);
    aBuilder.setKeyIdentifierType(aSigningParams.getKeyIdentifierType().getTypeID());
    // Set keystore alias and key password
    aBuilder.setUserInfo(aCryptoFactory.getKeyAlias(), aCryptoFactory.getKeyPassword());
    aBuilder.setSignatureAlgorithm(aSigningParams.getAlgorithmSign().getAlgorithmURI());
    // PMode indicates the DigestAlgorithm as Hash Function
    aBuilder.setDigestAlgo(aSigningParams.getAlgorithmSignDigest().getAlgorithmURI());
    aBuilder.setSigCanonicalization(aSigningParams.getAlgorithmC14N().getAlgorithmURI());
    // Sign the Ebms3 Messaging element itself
    aBuilder.getParts().add(new WSEncryptionPart(sMessagingID, "Content"));
    // Sign the SOAP body
    aBuilder.getParts().add(new WSEncryptionPart("Body", eSoapVersion.getNamespaceURI(), "Content"));
    if (CollectionHelper.isNotEmpty(aAttachments)) {
        // Modify builder for attachments
        // "cid:Attachments" is a predefined ID used inside WSSecSignatureBase
        aBuilder.getParts().add(new WSEncryptionPart(MessageHelperMethods.PREFIX_CID + "Attachments", "Content"));
        final WSS4JAttachmentCallbackHandler aAttachmentCallbackHandler = new WSS4JAttachmentCallbackHandler(aAttachments, aResHelper);
        aBuilder.setAttachmentCallbackHandler(aAttachmentCallbackHandler);
    }
    // Set the mustUnderstand header of the wsse:Security element as well
    final Attr aMustUnderstand = aSecHeader.getSecurityHeaderElement().getAttributeNodeNS(eSoapVersion.getNamespaceURI(), "mustUnderstand");
    if (aMustUnderstand != null)
        aMustUnderstand.setValue(eSoapVersion.getMustUnderstandValue(bMustUnderstand));
    return aBuilder.build(aCryptoFactory.getCrypto());
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) WSSecHeader(org.apache.wss4j.dom.message.WSSecHeader) WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature) WSS4JAttachmentCallbackHandler(com.helger.phase4.attachment.WSS4JAttachmentCallbackHandler) Attr(org.w3c.dom.Attr) Nonnull(javax.annotation.Nonnull)

Example 32 with ESoapVersion

use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.

the class AS4ReceiptMessage method create.

/**
 * This method creates a receipt message.
 *
 * @param eSoapVersion
 *        SOAP Version which should be used
 * @param sMessageID
 *        Message ID to use. May neither be <code>null</code> nor empty.
 * @param aEbms3UserMessage
 *        The received usermessage which should be responded too
 * @param aSoapDocument
 *        If the SOAPDocument has WSS4j elements and the following parameter
 *        is true NonRepudiation will be used if the message is signed
 * @param bShouldUseNonRepudiation
 *        If NonRepudiation should be used or not
 * @return AS4ReceiptMessage
 */
@Nonnull
public static AS4ReceiptMessage create(@Nonnull final ESoapVersion eSoapVersion, @Nonnull @Nonempty final String sMessageID, @Nullable final Ebms3UserMessage aEbms3UserMessage, @Nullable final Node aSoapDocument, @Nonnull final boolean bShouldUseNonRepudiation) {
    // Only for signed messages
    final ICommonsList<Node> aDSRefs = _getAllReferences(aSoapDocument);
    final Ebms3SignalMessage aSignalMessage = new Ebms3SignalMessage();
    // Message Info
    {
        // Always use "now" as date time
        final Ebms3MessageInfo aEbms3MessageInfo = MessageHelperMethods.createEbms3MessageInfo(sMessageID, aEbms3UserMessage != null ? aEbms3UserMessage.getMessageInfo().getMessageId() : null);
        aSignalMessage.setMessageInfo(aEbms3MessageInfo);
    }
    final Ebms3Receipt aEbms3Receipt = new Ebms3Receipt();
    if (aDSRefs.isNotEmpty() && bShouldUseNonRepudiation) {
        final NonRepudiationInformation aNonRepudiationInformation = new NonRepudiationInformation();
        for (final Node aRef : aDSRefs) {
            // Read XMLDsig Reference
            final ReferenceType aRefObj = XMLDSigReaderBuilder.dsigReference().read(aRef);
            // Add to NR response
            final MessagePartNRInformation aMessagePartNRInformation = new MessagePartNRInformation();
            aMessagePartNRInformation.setReference(aRefObj);
            aNonRepudiationInformation.addMessagePartNRInformation(aMessagePartNRInformation);
        }
        aEbms3Receipt.addAny(Ebms3WriterBuilder.nonRepudiationInformation().getAsDocument(aNonRepudiationInformation).getDocumentElement());
    } else {
        if (aDSRefs.isEmpty())
            LOGGER.info("Found no ds:Reference elements in the source message, hence returning the source UserMessage in the Receipt");
        else
            LOGGER.info("Non-repudiation is disabled, hence returning the source UserMessage in the Receipt");
        // If the original usermessage is not signed, the receipt will contain the
        // original message part without wss4j security
        aEbms3Receipt.addAny(AS4UserMessage.create(eSoapVersion, aEbms3UserMessage).getAsSoapDocument().getDocumentElement());
    }
    aSignalMessage.setReceipt(aEbms3Receipt);
    return new AS4ReceiptMessage(eSoapVersion, aSignalMessage);
}
Also used : Ebms3SignalMessage(com.helger.phase4.ebms3header.Ebms3SignalMessage) Ebms3Receipt(com.helger.phase4.ebms3header.Ebms3Receipt) NonRepudiationInformation(com.helger.phase4.ebms3header.NonRepudiationInformation) Node(org.w3c.dom.Node) MessagePartNRInformation(com.helger.phase4.ebms3header.MessagePartNRInformation) Ebms3MessageInfo(com.helger.phase4.ebms3header.Ebms3MessageInfo) ReferenceType(com.helger.xsds.xmldsig.ReferenceType) Nonnull(javax.annotation.Nonnull)

Example 33 with ESoapVersion

use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.

the class PeppolCompatibilityValidator method _checkIfLegIsValid.

private static void _checkIfLegIsValid(@Nonnull final ErrorList aErrorList, @Nonnull final PModeLeg aPModeLeg, @Nonnull @Nonempty final String sFieldPrefix) {
    final PModeLegProtocol aLegProtocol = aPModeLeg.getProtocol();
    if (aLegProtocol == null) {
        aErrorList.add(_createError(sFieldPrefix + "Protocol is missing"));
    } else {
        // PROTOCOL Address only https allowed
        final String sAddressProtocol = aLegProtocol.getAddressProtocol();
        if (StringHelper.hasText(sAddressProtocol)) {
            if (sAddressProtocol.equalsIgnoreCase("https")) {
            // Always okay
            } else if (sAddressProtocol.equalsIgnoreCase("http") && GlobalDebug.isDebugMode()) {
            // Okay in debug mode only
            } else {
                // Other protocol
                aErrorList.add(_createError(sFieldPrefix + "AddressProtocol '" + sAddressProtocol + "' is unsupported"));
            }
        } else {
            // Empty address protocol
            if (false)
                aErrorList.add(_createError(sFieldPrefix + "AddressProtocol is missing"));
        }
        final ESoapVersion eSOAPVersion = aLegProtocol.getSoapVersion();
        if (!eSOAPVersion.isAS4Default()) {
            aErrorList.add(_createError(sFieldPrefix + "SoapVersion '" + eSOAPVersion.getVersion() + "' is unsupported"));
        }
    }
    // Only check the security features if a Security Leg is currently present
    final PModeLegSecurity aPModeLegSecurity = aPModeLeg.getSecurity();
    if (aPModeLegSecurity != null) {
        // certificate is in Partner/SMP - therefore not here :)
        if (false)
            if (aPModeLegSecurity.getX509SignatureCertificate() == null) {
                aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureCertificate is missing"));
            }
        // Check Signature Algorithm
        if (aPModeLegSecurity.getX509SignatureAlgorithm() == null) {
            aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureAlgorithm is missing"));
        } else if (!aPModeLegSecurity.getX509SignatureAlgorithm().equals(ECryptoAlgorithmSign.RSA_SHA_256)) {
            aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureAlgorithm must use the value '" + ECryptoAlgorithmSign.RSA_SHA_256.getID() + "'"));
        }
        // Check Hash Function
        if (aPModeLegSecurity.getX509SignatureHashFunction() == null) {
            aErrorList.add(_createError(sFieldPrefix + "Security.X509SignatureHashFunction is missing"));
        } else if (!aPModeLegSecurity.getX509SignatureHashFunction().equals(ECryptoAlgorithmSignDigest.DIGEST_SHA_256)) {
            aErrorList.add(_createError(sFieldPrefix + "Securoty.X509SignatureHashFunction must use the value '" + ECryptoAlgorithmSignDigest.DIGEST_SHA_256.getID() + "'"));
        }
        // Check Encrypt algorithm
        if (aPModeLegSecurity.getX509EncryptionAlgorithm() == null) {
            aErrorList.add(_createError(sFieldPrefix + "Security.X509EncryptionAlgorithm is missing"));
        } else if (!aPModeLegSecurity.getX509EncryptionAlgorithm().equals(ECryptoAlgorithmCrypt.AES_128_GCM)) {
            aErrorList.add(_createError(sFieldPrefix + "Securoty.X509EncryptionAlgorithm must use the value '" + ECryptoAlgorithmCrypt.AES_128_GCM.getID() + "' instead of '" + aPModeLegSecurity.getX509EncryptionAlgorithm().getID() + "'"));
        }
        // Check WSS Version = 1.1.1
        if (aPModeLegSecurity.getWSSVersion() != null) {
            // Check for WSS - Version if there is one present
            if (!aPModeLegSecurity.getWSSVersion().equals(EWSSVersion.WSS_111))
                aErrorList.add(_createError(sFieldPrefix + "Security.WSSVersion must use the value " + EWSSVersion.WSS_111 + " instead of " + aPModeLegSecurity.getWSSVersion()));
        }
        // PModeAuthorize
        if (aPModeLegSecurity.isPModeAuthorizeDefined()) {
            if (aPModeLegSecurity.isPModeAuthorize())
                aErrorList.add(_createError(sFieldPrefix + "Security.PModeAuthorize must be set to 'false'"));
        } else {
            aErrorList.add(_createError(sFieldPrefix + "Security.PModeAuthorize is missing"));
        }
        // SEND RECEIPT TRUE/FALSE when false don't send receipts anymore
        if (aPModeLegSecurity.isSendReceiptDefined()) {
            if (aPModeLegSecurity.isSendReceipt()) {
                // set response required
                if (aPModeLegSecurity.getSendReceiptReplyPattern() != EPModeSendReceiptReplyPattern.RESPONSE)
                    aErrorList.add(_createError(sFieldPrefix + "Security.SendReceiptReplyPattern must use the value " + EPModeSendReceiptReplyPattern.RESPONSE + " instead of " + aPModeLegSecurity.getSendReceiptReplyPattern()));
            }
        }
    } else {
        aErrorList.add(_createError(sFieldPrefix + "Security is missing"));
    }
    // Error Handling
    final PModeLegErrorHandling aErrorHandling = aPModeLeg.getErrorHandling();
    if (aErrorHandling != null) {
        if (aErrorHandling.isReportAsResponseDefined()) {
            if (!aErrorHandling.isReportAsResponse())
                aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.AsResponse must be 'true'"));
        } else {
            aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.AsResponse is missing"));
        }
        if (aErrorHandling.isReportProcessErrorNotifyConsumerDefined()) {
            if (!aErrorHandling.isReportProcessErrorNotifyConsumer())
                aErrorList.add(_createWarn(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyConsumer should be 'true'"));
        } else {
            aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyConsumer is missing"));
        }
        if (aErrorHandling.isReportProcessErrorNotifyProducerDefined()) {
            if (!aErrorHandling.isReportProcessErrorNotifyProducer())
                aErrorList.add(_createWarn(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyProducer should be 'true'"));
        } else {
            aErrorList.add(_createError(sFieldPrefix + "ErrorHandling.Report.ProcessErrorNotifyProducer is missing"));
        }
    } else {
        aErrorList.add(_createError(sFieldPrefix + "ErrorHandling is missing"));
    }
}
Also used : ESoapVersion(com.helger.phase4.soap.ESoapVersion) PModeLegErrorHandling(com.helger.phase4.model.pmode.leg.PModeLegErrorHandling) PModeLegProtocol(com.helger.phase4.model.pmode.leg.PModeLegProtocol) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity)

Example 34 with ESoapVersion

use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.

the class MockPModeGenerator method getTestPModeWithSecurity.

@Nonnull
public static PMode getTestPModeWithSecurity(@Nonnull final ESoapVersion eSOAPVersion) {
    final PMode aPMode = getTestPMode(eSOAPVersion);
    final PModeLegSecurity aPModeLegSecurity = new PModeLegSecurity();
    aPModeLegSecurity.setWSSVersion(EWSSVersion.WSS_111);
    aPModeLegSecurity.setX509SignatureAlgorithm(ECryptoAlgorithmSign.SIGN_ALGORITHM_DEFAULT);
    aPModeLegSecurity.setX509SignatureHashFunction(ECryptoAlgorithmSignDigest.SIGN_DIGEST_ALGORITHM_DEFAULT);
    aPModeLegSecurity.setX509EncryptionAlgorithm(ECryptoAlgorithmCrypt.ENCRPYTION_ALGORITHM_DEFAULT);
    aPModeLegSecurity.setSendReceiptReplyPattern(EPModeSendReceiptReplyPattern.RESPONSE);
    aPModeLegSecurity.setSendReceiptNonRepudiation(true);
    aPMode.setLeg1(new PModeLeg(_createPModeLegProtocol(eSOAPVersion), _createPModeLegBusinessInformation(eSOAPVersion), _createPModeLegErrorHandling(), null, aPModeLegSecurity));
    // Leg 2 stays null, because we only use one-way
    return aPMode;
}
Also used : PModeLeg(com.helger.phase4.model.pmode.leg.PModeLeg) PModeLegSecurity(com.helger.phase4.model.pmode.leg.PModeLegSecurity) PMode(com.helger.phase4.model.pmode.PMode) DefaultPMode(com.helger.phase4.model.pmode.DefaultPMode) Nonnull(javax.annotation.Nonnull)

Example 35 with ESoapVersion

use of com.helger.phase4.soap.ESoapVersion in project phase4 by phax.

the class MockPModeGenerator method getTestPMode.

@Nonnull
public static PMode getTestPMode(@Nonnull final ESoapVersion eSOAPVersion) {
    final PModeParty aInitiator = _createInitiatorOrResponder(true, eSOAPVersion);
    final PModeParty aResponder = _createInitiatorOrResponder(false, eSOAPVersion);
    final PMode aConfig = new PMode(IPModeIDProvider.DEFAULT_DYNAMIC.getPModeID(aInitiator.getID(), aResponder.getID()), aInitiator, aResponder, DEFAULT_AGREEMENT, EMEP.ONE_WAY, EMEPBinding.PUSH, _createPModeLeg(eSOAPVersion), null, null, null);
    // Leg 2 stays null, because we only use one-way
    return aConfig;
}
Also used : PModeParty(com.helger.phase4.model.pmode.PModeParty) PMode(com.helger.phase4.model.pmode.PMode) DefaultPMode(com.helger.phase4.model.pmode.DefaultPMode) Nonnull(javax.annotation.Nonnull)

Aggregations

Nonnull (javax.annotation.Nonnull)29 Document (org.w3c.dom.Document)13 CommonsArrayList (com.helger.commons.collection.impl.CommonsArrayList)12 ESoapVersion (com.helger.phase4.soap.ESoapVersion)12 Ebms3MessageInfo (com.helger.phase4.ebms3header.Ebms3MessageInfo)9 Ebms3Property (com.helger.phase4.ebms3header.Ebms3Property)9 AS4UserMessage (com.helger.phase4.messaging.domain.AS4UserMessage)9 WSS4JAttachment (com.helger.phase4.attachment.WSS4JAttachment)8 Ebms3CollaborationInfo (com.helger.phase4.ebms3header.Ebms3CollaborationInfo)8 Ebms3MessageProperties (com.helger.phase4.ebms3header.Ebms3MessageProperties)8 Ebms3PartyInfo (com.helger.phase4.ebms3header.Ebms3PartyInfo)8 Ebms3PayloadInfo (com.helger.phase4.ebms3header.Ebms3PayloadInfo)8 Node (org.w3c.dom.Node)8 Ebms3Error (com.helger.phase4.ebms3header.Ebms3Error)6 Ebms3SignalMessage (com.helger.phase4.ebms3header.Ebms3SignalMessage)6 IOException (java.io.IOException)6 MessagingException (javax.mail.MessagingException)6 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6 AS4DecompressException (com.helger.phase4.attachment.AS4DecompressException)5 Ebms3UserMessage (com.helger.phase4.ebms3header.Ebms3UserMessage)5