AS4RequestHandler does not use correct BDEW profile crypto and signing params

[problemzebra2]

AS4RequestHandler for handling incoming AS 4 messages seems to construct new instances of AS4SigningParams and AS4CryptParams. The required parameters according to the official BDEW profile are only set in Phase4BDEWSender.AbstractBDEWUserMessageBuilder

// Other crypt parameters are located in the PMode security part
cryptParams ().setKeyIdentifierType (DEFAULT_KEY_IDENTIFIER_TYPE);
cryptParams ().setKeyEncAlgorithm (ECryptoKeyEncryptionAlgorithm.ECDH_ES_KEYWRAP_AES_128);
cryptParams ().setEncryptSymmetricSessionKey (false);

/**
 * Assumption: the BST "ValueType" attribute is set to
 * "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
 * by WSS4J automatically (see WSSecSignature#addBST)
 */

// See BDEW specs 2.2.6.2
// Other signing parameters are located in the PMode security part
signingParams ().setKeyIdentifierType (DEFAULT_KEY_IDENTIFIER_TYPE);
signingParams ().setAlgorithmC14N (ECryptoAlgorithmC14N.C14N_EXCL_OMIT_COMMENTS);
// Use the BST value type "#X509PKIPathv1"
signingParams ().setUseSingleCertificate (false);

Is this a bug or is there a way to specify the required crypto and signing params for the AS4RequestHandler used for incoming AS 4 messages?

[phax]

That seems to be very related to #165 isn't it?

[problemzebra2]

Yes, this seems to be a more general issue. #165 refers to a specific signing setting.

[phax]

I am trying to get a hold of this - I totally see the issue here

[problemzebra2]

By the way cryptParams ().setKeyIdentifierType (DEFAULT_KEY_IDENTIFIER_TYPE); seems to be wrong. According to the BDEW profile SKI_KEY_IDENTIFIER should be used. I will make a own issue for this.

[problemzebra2]

-> #167

[phax]

The resolution is implemented in a02ebf6
It changes IAS4IncomingSecurityConfiguration to include the full AS4SigningParams and AS4CryptParams objects.

[phax]

This should be resolved with the 2.3.0 release