-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to enforce signature and encryption for receiving messages? #162
Comments
@sopgreg what you can do today already, is to query the signature and decryption state in your code via the
|
Thanks @phax! I put this in our
The usage of both the |
Yes that looks good. I am working on an additional "profile requirement" to make that check on a deeper level automatically as you suggested. |
EBMS:0103 sounds fine, thanks.
I actually do like the error message in There is no easy way to get that
EDIT: seems that
Great if this can be handled on a deeper level, then we could remove our code in the SPI again later. |
To access the "RefToMessageID" please use
The problem with the |
@sopgreg I thought this through a little more and I stumbled upon an issue we haven't considered previously: when making the decision in the profile, it means that this applies to ALL messages. As Receipts may not be encrypted and Error Messages may not even be signed, I decided to remove this feature from the release. It would be an option to configure this requirement in the PMode on a per message type basis (UserMessage, PullRequest, Error, Receipt), but that looks like too much overhead. Any thoughts from you on this? |
I also can't image all possible combinations right now when and under which circumstances a response message may or may not be signed/encrypted. At least for BDEW, PullRequests are out of scope. So any UserMessage and all signal that do not contain errors should be technically signed and encrypted. Is this assumption correct or did I miss some edge cases?
In the code you committed today you used |
Okay, thanks for your understanding.
When dealing with the "source user message" |
Discussed in #161
Originally posted by sopgreg August 29, 2023
Is there a way to enforce a (valid) signature and encryption in the receiving AS4 message? Right now, it seems that it's possible to send a completely unencrypted, unsigned message to the
AS4IncomingHandler
and it will process the message without any warnings.Is there an interface/propery to enforce signatures and encryption?
E.g. here, if the SOAP does not contain a
Security
element, this is just logged in debug mode.The text was updated successfully, but these errors were encountered: