AS4RequestHandler: Different keystores for decryption and signing of response message

[phax]

Discussed in #138

^{Originally posted by sopgreg June 27, 2023}
Right now, in the AS4RequestHandler the same IAS4CryptoFactory is used for decryption/signature verification as well as for signing/encrypting the response message (signal/error) message.

In the German BDEW process, different keys must be used for encryption and signature purposes. Right now, since the same crypto factory is used, the response message will be signed with the private key defined in the crypto factory, which actually is the private key used for decryption.

Here, a different private key must be used.

Is there currently a way to achieve this, or would a change be necessary in the AS4RequestHandler code, like two separate IAS4CryptoFactory instances?

[sopgreg]

Thanks! Do you expect a PR or are you going to have a look at it first?

[phax]

I don't expect anything, but I am happy about ideas how to add that feature in a backwards compatible way :) Lets really use it for discussion here.

[sopgreg]

I created a draft PR with a solution that I got managed working using a IAS4PModeAwareCryptoFactory on the incoming side.

Involves some bit of chaining new and existing constructors, but that should help maintaining backwards compatibility for current solutions that only work with a single crypto factory.

Feedback is welcome.

[phax]

So the different cryptoFactories are available from v2.2.0 onwards - please bare in mind, that some of the (especially internal) APIs have changed to allow for 2 different cryptoFactories.