Skip to content

Commit

Permalink
Changed the IncomingSecurityConfiguration to not use the
Browse files Browse the repository at this point in the history 
SecurityProvider but the full (Signing|Crypt)Params
  • Loading branch information
@phax
phax committed Sep 19, 2023
1 parent cd10b22 commit a02ebf6
Show file tree
Hide file tree
Showing 6 changed files with 89 additions and 42 deletions.
38 changes: 15 additions & 23 deletions phase4-lib/src/main/java/com/helger/phase4/crypto/AS4IncomingSecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,6 @@
*/
package com.helger.phase4.crypto;

import java.security.Provider;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.NotThreadSafe;
Expand All @@ -33,45 +31,39 @@
@NotThreadSafe
public class AS4IncomingSecurityConfiguration implements IAS4IncomingSecurityConfiguration
{
private Provider m_aSecurityProviderSign;
private Provider m_aSecurityProviderCrypt;
private AS4SigningParams m_aSigningParams;
private AS4CryptParams m_aCryptParams;
private IAS4DecryptParameterModifier m_aDecryptParameterModifier;

public AS4IncomingSecurityConfiguration ()
{}

@Nullable
public Provider getSecurityProviderSign ()
public AS4SigningParams getSigningParams ()
{
return m_aSecurityProviderSign;
return m_aSigningParams;
}

@Nonnull
public AS4IncomingSecurityConfiguration setSecurityProviderSign (@Nullable final Provider a)
public AS4IncomingSecurityConfiguration setSigningParams (@Nullable final AS4SigningParams a)
{
m_aSecurityProviderSign = a;
m_aSigningParams = a;
return this;
}

@Nullable
public Provider getSecurityProviderCrypt ()
public AS4CryptParams getCryptParams ()
{
return m_aSecurityProviderCrypt;
return m_aCryptParams;
}

@Nonnull
public AS4IncomingSecurityConfiguration setSecurityProviderCrypt (@Nullable final Provider a)
public AS4IncomingSecurityConfiguration setCryptParams (@Nullable final AS4CryptParams a)
{
m_aSecurityProviderCrypt = a;
m_aCryptParams = a;
return this;
}

@Nonnull
public AS4IncomingSecurityConfiguration setSecurityProvider (@Nullable final Provider a)
{
return setSecurityProviderSign (a).setSecurityProviderCrypt (a);
}

@Nullable
public IAS4DecryptParameterModifier getDecryptParameterModifier ()
{
Expand All @@ -88,18 +80,18 @@ public AS4IncomingSecurityConfiguration setDecryptParameterModifier (@Nullable f
@Override
public String toString ()
{
return new ToStringGenerator (null).append ("SecurityProviderSign", m_aSecurityProviderSign)
.append ("SecurityProviderCrypt", m_aSecurityProviderCrypt)
return new ToStringGenerator (null).append ("SigningParams", m_aSigningParams)
.append ("CryptParams", m_aCryptParams)
.append ("DecryptParameterModifier", m_aDecryptParameterModifier)
.getToString ();
}

@Nonnull
public static AS4IncomingSecurityConfiguration createDefaultInstance ()
{
// No SecurityProviderSign
// No SecurityProviderCrypt
// No RequestDataModifier
// No SigningParams
// No CryptParams
// No DecryptParameterModifier
return new AS4IncomingSecurityConfiguration ();
}
}
56 changes: 54 additions & 2 deletions phase4-lib/src/main/java/com/helger/phase4/crypto/IAS4IncomingSecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import java.security.Provider;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/**
Expand All @@ -28,21 +29,72 @@
*/
public interface IAS4IncomingSecurityConfiguration
{

/**
* @return The signing parameters to be used for incoming messages. May be
* <code>null</code>.
* @since 2.3.0
*/
@Nullable
AS4SigningParams getSigningParams ();

/**
* @return A clone of the existing signing parameters or a new object. Never
* <code>null</code>.
* @since 2.3.0
*/
@Nonnull
default AS4SigningParams getSigningParamsCloneOrNew ()
{
final AS4SigningParams a = getSigningParams ();
return a == null ? new AS4SigningParams () : a.getClone ();
}

/**
* @return The crypt parameters to be used for incoming messages. May be
* <code>null</code>.
* @since 2.3.0
*/
@Nullable
AS4CryptParams getCryptParams ();

/**
* @return A clone of the existing crypt parameters or a new object. Never
* <code>null</code>.
* @since 2.3.0
*/
@Nonnull
default AS4CryptParams getCryptParamsCloneOrNew ()
{
final AS4CryptParams a = getCryptParams ();
return a == null ? new AS4CryptParams () : a.getClone ();
}

/**
* @return The Java Security provider to be used for incoming messages. May be
* <code>null</code> to indicate the usage of the default JDK security
* provider.
*/
@Nullable
Provider getSecurityProviderSign ();
@Deprecated (forRemoval = true, since = "2.3.0")
default Provider getSecurityProviderSign ()
{
final AS4SigningParams a = getSigningParams ();
return a == null ? null : a.getSecurityProvider ();
}

/**
* @return The Java Security provider to be used for incoming messages. May be
* <code>null</code> to indicate the usage of the default JDK security
* provider.
*/
@Nullable
Provider getSecurityProviderCrypt ();
@Deprecated (forRemoval = true, since = "2.3.0")
default Provider getSecurityProviderCrypt ()
{
final AS4CryptParams a = getCryptParams ();
return a == null ? null : a.getSecurityProvider ();
}

/**
* @return An optional modifier to customize WSS4J
Expand Down
4 changes: 2 additions & 2 deletions phase4-lib/src/main/java/com/helger/phase4/sender/AbstractAS4PullRequestBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,8 +193,8 @@ protected final void mainSendMessage () throws Phase4Exception
}

// Create on demand with all necessary parameters
final AS4IncomingSecurityConfiguration aIncomingSecurityConfiguration = new AS4IncomingSecurityConfiguration ().setSecurityProviderSign (m_aSigningParams.getSecurityProvider ())
.setSecurityProviderCrypt (m_aCryptParams.getSecurityProvider ())
final AS4IncomingSecurityConfiguration aIncomingSecurityConfiguration = new AS4IncomingSecurityConfiguration ().setSigningParams (m_aSigningParams.getClone ())
.setCryptParams (m_aCryptParams.getClone ())
.setDecryptParameterModifier (m_aDecryptParameterModifier);

// Main sending
Expand Down
4 changes: 2 additions & 2 deletions ...-lib/src/main/java/com/helger/phase4/sender/AbstractAS4UserMessageBuilderMIMEPayload.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,8 +164,8 @@ protected final void mainSendMessage () throws Phase4Exception
aUserMsg.addAttachment (WSS4JAttachment.createOutgoingFileAttachment (aAttachment, aResHelper));

// Create on demand with all necessary parameters
final AS4IncomingSecurityConfiguration aIncomingSecurityConfiguration = new AS4IncomingSecurityConfiguration ().setSecurityProviderSign (m_aSigningParams.getSecurityProvider ())
.setSecurityProviderCrypt (m_aCryptParams.getSecurityProvider ())
final AS4IncomingSecurityConfiguration aIncomingSecurityConfiguration = new AS4IncomingSecurityConfiguration ().setSigningParams (m_aSigningParams.getClone ())
.setCryptParams (m_aCryptParams.getClone ())
.setDecryptParameterModifier (m_aDecryptParameterModifier);

// Main sending
Expand Down
24 changes: 12 additions & 12 deletions phase4-lib/src/main/java/com/helger/phase4/servlet/AS4RequestHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1157,8 +1157,8 @@ private IAS4ResponseFactory _createResponseReceiptMessage (@Nonnull final IAS4Me

// We've got our response
final Document aResponseDoc = aReceiptMessage.getAsSoapDocument ();
final AS4SigningParams aSigningParams = new AS4SigningParams ().setFromPMode (aEffectiveLeg.getSecurity ())
.setSecurityProvider (m_aIncomingSecurityConfig.getSecurityProviderSign ());
final AS4SigningParams aSigningParams = m_aIncomingSecurityConfig.getSigningParamsCloneOrNew ()
.setFromPMode (aEffectiveLeg.getSecurity ());
final ESoapVersion eResponseSoapVersion = aEffectiveLeg.getProtocol ().getSoapVersion ();
if (eResponseSoapVersion != eSoapVersion)
LOGGER.warn ("Received message with " +
Expand Down Expand Up @@ -1439,14 +1439,14 @@ private IAS4ResponseFactory _handleSoapMessage (@Nonnull final HttpHeaderMap aHt
aLocalResponseAttachments);

// Send UserMessage
final AS4SigningParams aSigningParams = new AS4SigningParams ().setFromPMode (aEffectiveLeg.getSecurity ())
.setSecurityProvider (m_aIncomingSecurityConfig.getSecurityProviderSign ());
final AS4SigningParams aSigningParams = m_aIncomingSecurityConfig.getSigningParamsCloneOrNew ()
.setFromPMode (aEffectiveLeg.getSecurity ());
// Use the original receiver ID as the alias into the keystore for
// encrypting the response message
final String sEncryptionAlias = aEbmsUserMessage.getPartyInfo ().getTo ().getPartyIdAtIndex (0).getValue ();
final AS4CryptParams aCryptParams = new AS4CryptParams ().setFromPMode (aEffectiveLeg.getSecurity ())
.setAlias (sEncryptionAlias)
.setSecurityProvider (m_aIncomingSecurityConfig.getSecurityProviderCrypt ());
final AS4CryptParams aCryptParams = m_aIncomingSecurityConfig.getCryptParamsCloneOrNew ()
.setFromPMode (aEffectiveLeg.getSecurity ())
.setAlias (sEncryptionAlias);

aAsyncResponseFactory = _createResponseUserMessage (aState,
aEffectiveLeg.getProtocol ().getSoapVersion (),
Expand Down Expand Up @@ -1673,15 +1673,15 @@ private IAS4ResponseFactory _handleSoapMessage (@Nonnull final HttpHeaderMap aHt
aEbmsUserMessage,
aResponseAttachments);

final AS4SigningParams aSigningParams = new AS4SigningParams ().setFromPMode (aLeg2.getSecurity ())
.setSecurityProvider (m_aIncomingSecurityConfig.getSecurityProviderSign ());
final AS4SigningParams aSigningParams = m_aIncomingSecurityConfig.getSigningParamsCloneOrNew ()
.setFromPMode (aLeg2.getSecurity ());
final String sEncryptionAlias = aEbmsUserMessage.getPartyInfo ()
.getTo ()
.getPartyIdAtIndex (0)
.getValue ();
final AS4CryptParams aCryptParams = new AS4CryptParams ().setFromPMode (aLeg2.getSecurity ())
.setAlias (sEncryptionAlias)
.setSecurityProvider (m_aIncomingSecurityConfig.getSecurityProviderCrypt ());
final AS4CryptParams aCryptParams = m_aIncomingSecurityConfig.getCryptParamsCloneOrNew ()
.setFromPMode (aLeg2.getSecurity ())
.setAlias (sEncryptionAlias);
ret = _createResponseUserMessage (aState,
aLeg2.getProtocol ().getSoapVersion (),
aResponseUserMsg,
Expand Down
5 changes: 4 additions & 1 deletion ...-lib/src/main/java/com/helger/phase4/servlet/soap/SOAPHeaderElementProcessorRegistry.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import com.helger.commons.collection.impl.CommonsLinkedHashMap;
import com.helger.commons.collection.impl.ICommonsOrderedMap;
import com.helger.commons.equals.EqualsHelper;
import com.helger.phase4.crypto.AS4SigningParams;
import com.helger.phase4.crypto.IAS4CryptoFactory;
import com.helger.phase4.crypto.IAS4IncomingSecurityConfiguration;
import com.helger.phase4.crypto.IAS4PModeAwareCryptoFactory;
Expand Down Expand Up @@ -122,10 +123,12 @@ public static SOAPHeaderElementProcessorRegistry createDefault (@Nonnull final I

// WSS4J must be after Ebms3Messaging handler!
final Supplier <? extends IPMode> aFallbackPModeProvider = () -> aFallbackPMode;
final AS4SigningParams aSigningParams = aIncomingSecurityConfiguration.getSigningParams ();
ret.registerHeaderElementProcessor (SOAPHeaderElementProcessorWSS4J.QNAME_SECURITY,
new SOAPHeaderElementProcessorWSS4J (aCryptoFactorySign,
aCryptoFactoryCrypt,
aIncomingSecurityConfiguration.getSecurityProviderSign (),
aSigningParams == null ? null
: aSigningParams.getSecurityProvider (),
aFallbackPModeProvider,
aIncomingSecurityConfiguration.getDecryptParameterModifier ()));
return ret;
Expand Down

0 comments on commit a02ebf6

Please sign in to comment.