Examples with SMPMarshallerSignedServiceMetadataType com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType used on opensource projects

Example 1 with SMPMarshallerSignedServiceMetadataType

use of com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType in project peppol-commons by phax.

the class SignedServiceMetadataTypeFuncTest method testReadValid.

@Test
public void testReadValid() throws Exception {
    final SMPMarshallerSignedServiceMetadataType aMarshaller = new SMPMarshallerSignedServiceMetadataType(true);
    aMarshaller.setValidationEventHandlerFactory(x -> new LoggingValidationEventHandler());
    final byte[] aBytes = StreamHelper.getAllBytes(new ClassPathResource("smp/signed-service-metadata2.xml"));
    assertNotNull(aBytes);
    final SignedServiceMetadataType aSSM = aMarshaller.read(aBytes);
    assertNotNull(aSSM);
    final Document aDocument = DOMReader.readXMLDOM(aBytes);
    assertNotNull(aDocument);
    final TrustStoreBasedX509KeySelector aKeySelector = new TrustStoreBasedX509KeySelector(SMPClientConfiguration.loadTrustStore());
    // Certificate expired 2021-03-01
    aKeySelector.setValidationDateTime(PDTFactory.createLocalDateTime(2021, Month.JANUARY, 1));
    final ESuccess eSuccess = SMPHttpResponseHandlerSigned.checkSignature(aDocument, aKeySelector);
    assertTrue(eSuccess.isSuccess());
}

Example 2 with SMPMarshallerSignedServiceMetadataType

use of com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType in project peppol-commons by phax.

the class SignedServiceMetadataTypeFuncTest method testReadC14NInclusive.

@Test
public void testReadC14NInclusive() throws Exception {
    final SMPMarshallerSignedServiceMetadataType aMarshaller = new SMPMarshallerSignedServiceMetadataType(true);
    aMarshaller.setValidationEventHandlerFactory(x -> new LoggingValidationEventHandler());
    final byte[] aBytes = StreamHelper.getAllBytes(new ClassPathResource("smp/signed-service-metadata3-c14n-inclusive.xml"));
    assertNotNull(aBytes);
    final SignedServiceMetadataType aSSM = aMarshaller.read(aBytes);
    assertNotNull(aSSM);
    final Document aDocument = DOMReader.readXMLDOM(aBytes);
    assertNotNull(aDocument);
    final TrustStoreBasedX509KeySelector aKeySelector = new TrustStoreBasedX509KeySelector(SMPClientConfiguration.loadTrustStore());
    // Certificate expired 2020-08-05
    aKeySelector.setValidationDateTime(PDTFactory.createLocalDateTime(2020, Month.AUGUST, 1));
    final ESuccess eSuccess = SMPHttpResponseHandlerSigned.checkSignature(aDocument, aKeySelector);
    assertTrue(eSuccess.isSuccess());
}

Example 3 with SMPMarshallerSignedServiceMetadataType

use of com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType in project phoss-smp by phax.

the class APIExecutorServiceMetadataGet method invokeAPI.

public void invokeAPI(@Nonnull final IAPIDescriptor aAPIDescriptor, @Nonnull @Nonempty final String sPath, @Nonnull final Map<String, String> aPathVariables, @Nonnull final IRequestWebScopeWithoutResponse aRequestScope, @Nonnull final UnifiedResponse aUnifiedResponse) throws Exception {
    final String sPathServiceGroupID = aPathVariables.get(SMPRestFilter.PARAM_SERVICE_GROUP_ID);
    final String sPathDocumentTypeID = aPathVariables.get(SMPRestFilter.PARAM_DOCUMENT_TYPE_ID);
    final ISMPServerAPIDataProvider aDataProvider = new SMPRestDataProvider(aRequestScope, sPathServiceGroupID);
    // Create the unsigned response document
    final Document aDoc;
    switch(SMPServerConfiguration.getRESTType()) {
        case PEPPOL:
            {
                final com.helger.xsds.peppol.smp1.SignedServiceMetadataType ret = new SMPServerAPI(aDataProvider).getServiceRegistration(sPathServiceGroupID, sPathDocumentTypeID);
                // Convert to DOM document
                // Disable XSD check, because Signature is added later
                final SMPMarshallerSignedServiceMetadataType aMarshaller = new SMPMarshallerSignedServiceMetadataType(false);
                aDoc = aMarshaller.getAsDocument(ret);
                break;
            }
        case OASIS_BDXR_V1:
            {
                final com.helger.xsds.bdxr.smp1.SignedServiceMetadataType ret = new BDXR1ServerAPI(aDataProvider).getServiceRegistration(sPathServiceGroupID, sPathDocumentTypeID);
                // Convert to DOM document
                // Disable XSD check, because Signature is added later
                final BDXR1MarshallerSignedServiceMetadataType aMarshaller = new BDXR1MarshallerSignedServiceMetadataType(false);
                aDoc = aMarshaller.getAsDocument(ret);
                break;
            }
        default:
            throw new UnsupportedOperationException("Unsupported REST type specified!");
    }
    if (aDoc == null)
        throw new IllegalStateException("Failed to serialize unsigned node!");
    // Sign the document
    try {
        SMPKeyManager.getInstance().signXML(aDoc.getDocumentElement(), SMPServerConfiguration.getRESTType().isBDXR());
        LOGGER.info("Successfully signed response XML");
    } catch (final Exception ex) {
        throw new SMPInternalErrorException("Error in signing the response XML", ex);
    }
    // Serialize the signed document
    try (final NonBlockingByteArrayOutputStream aBAOS = new NonBlockingByteArrayOutputStream()) {
        if (false) {
            // IMPORTANT: no indent and no align!
            final IXMLWriterSettings aSettings = XMLWriterSettings.createForCanonicalization();
            // Write the result to a byte array
            if (XMLWriter.writeToStream(aDoc, aBAOS, aSettings).isFailure())
                throw new IllegalStateException("Failed to serialize signed node!");
        } else {
            // for validating the signature!
            try {
                final Transformer aTransformer = XMLTransformerFactory.newTransformer();
                aTransformer.transform(new DOMSource(aDoc), new StreamResult(aBAOS));
            } catch (final TransformerException ex) {
                throw new IllegalStateException("Failed to serialized signed node", ex);
            }
        }
        aUnifiedResponse.setContent(aBAOS.toByteArray()).setMimeType(CMimeType.TEXT_XML).setCharset(XMLWriterSettings.DEFAULT_XML_CHARSET_OBJ);
    }
}

Example 4 with SMPMarshallerSignedServiceMetadataType

use of com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType in project peppol-commons by phax.

the class SMPClientReadOnly method getServiceMetadata.

/**
 * Gets a signed service metadata object given by its service group id and its
 * document type. This is a specification compliant method.
 *
 * @param aServiceGroupID
 *        The service group id of the service metadata to get. May not be
 *        <code>null</code>.
 * @param aDocumentTypeID
 *        The document type of the service metadata to get. May not be
 *        <code>null</code>.
 * @return A signed service metadata object. Never <code>null</code>.
 * @throws SMPClientException
 *         in case something goes wrong
 * @throws SMPClientUnauthorizedException
 *         A HTTP Forbidden was received, should not happen.
 * @throws SMPClientNotFoundException
 *         The service group id or document type did not exist.
 * @throws SMPClientBadRequestException
 *         The request was not well formed.
 * @see #getServiceMetadataOrNull(IParticipantIdentifier,
 *      IDocumentTypeIdentifier)
 * @since v8.0.0
 */
@Nonnull
public SignedServiceMetadataType getServiceMetadata(@Nonnull final IParticipantIdentifier aServiceGroupID, @Nonnull final IDocumentTypeIdentifier aDocumentTypeID) throws SMPClientException {
    ValueEnforcer.notNull(aServiceGroupID, "ServiceGroupID");
    ValueEnforcer.notNull(aDocumentTypeID, "DocumentTypeID");
    final String sURI = getSMPHostURI() + aServiceGroupID.getURIPercentEncoded() + "/" + URL_PART_SERVICES + "/" + aDocumentTypeID.getURIPercentEncoded();
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("SMPClient getServiceRegistration@" + sURI);
    final boolean bXSDValidation = isXMLSchemaValidation();
    final boolean bVerifySignature = isVerifySignature();
    final KeyStore aTrustStore = getTrustStore();
    HttpGet aRequest = new HttpGet(sURI);
    SMPMarshallerSignedServiceMetadataType aMarshaller = new SMPMarshallerSignedServiceMetadataType(bXSDValidation);
    customizeMarshaller(aMarshaller);
    SignedServiceMetadataType aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
    if (LOGGER.isDebugEnabled())
        LOGGER.debug("Received response: " + aMetadata);
    // If the Redirect element is present, then follow 1 redirect.
    if (isFollowSMPRedirects()) {
        if (aMetadata.getServiceMetadata() != null && aMetadata.getServiceMetadata().getRedirect() != null) {
            final RedirectType aRedirect = aMetadata.getServiceMetadata().getRedirect();
            // Follow the redirect
            if (LOGGER.isInfoEnabled())
                LOGGER.info("Following a redirect from '" + sURI + "' to '" + aRedirect.getHref() + "'");
            aRequest = new HttpGet(aRedirect.getHref());
            // Create a new Marshaller to ensure customization is simple
            aMarshaller = new SMPMarshallerSignedServiceMetadataType(bXSDValidation);
            customizeMarshaller(aMarshaller);
            aMetadata = executeGenericRequest(aRequest, new SMPHttpResponseHandlerSigned<>(aMarshaller, aTrustStore).setVerifySignature(bVerifySignature));
            // Check that the certificateUID is correct.
            boolean bCertificateSubjectFound = false;
            for (final Object aObj : aMetadata.getSignature().getKeyInfo().getContent()) {
                final Object aInfoValue = ((JAXBElement<?>) aObj).getValue();
                if (aInfoValue instanceof X509DataType) {
                    final X509DataType aX509Data = (X509DataType) aInfoValue;
                    if (containsRedirectSubject(aX509Data, aRedirect.getCertificateUID())) {
                        bCertificateSubjectFound = true;
                        break;
                    }
                }
            }
            if (!bCertificateSubjectFound)
                throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
        }
    } else {
        if (LOGGER.isDebugEnabled())
            LOGGER.debug("Following SMP redirects is disabled");
    }
    return aMetadata;
}

Example 5 with SMPMarshallerSignedServiceMetadataType

use of com.helger.smpclient.peppol.marshal.SMPMarshallerSignedServiceMetadataType in project peppol-commons by phax.

the class SignedServiceMetadataTypeFuncTest method testReadInvalid.

@Test
public void testReadInvalid() throws Exception {
    final SMPMarshallerSignedServiceMetadataType aMarshaller = new SMPMarshallerSignedServiceMetadataType(true);
    aMarshaller.setValidationEventHandlerFactory(x -> new LoggingValidationEventHandler());
    final byte[] aBytes = StreamHelper.getAllBytes(new ClassPathResource("smp/signed-service-metadata1.xml"));
    assertNotNull(aBytes);
    final SignedServiceMetadataType aSSM = aMarshaller.read(aBytes);
    assertNotNull(aSSM);
    final Document aDocument = DOMReader.readXMLDOM(aBytes);
    assertNotNull(aDocument);
    final TrustStoreBasedX509KeySelector aKeySelector = new TrustStoreBasedX509KeySelector(SMPClientConfiguration.loadTrustStore());
    // Certificate expired 2021-03-01
    aKeySelector.setValidationDateTime(PDTFactory.createLocalDateTime(2021, Month.JANUARY, 1));
    final ESuccess eSuccess = SMPHttpResponseHandlerSigned.checkSignature(aDocument, aKeySelector);
    assertTrue(eSuccess.isFailure());
}