Skip to content

Commit

Permalink
Separated cryptoFactory for sign and crypt; #139
Browse files Browse the repository at this point in the history
  • Loading branch information
@phax
phax committed Aug 3, 2023
1 parent f817521 commit 5ad3ddc
Show file tree
Hide file tree
Showing 27 changed files with 577 additions and 191 deletions.
4 changes: 3 additions & 1 deletion phase4-bdew-client/src/main/java/com/helger/phase4/bdew/Phase4BDEWSender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,8 @@ protected final void mainSendMessage () throws Phase4Exception
aUserMsg.addAttachment (WSS4JAttachment.createOutgoingFileAttachment (aAttachment, aResHelper));

// Main sending
AS4BidirectionalClientHelper.sendAS4UserMessageAndReceiveAS4SignalMessage (m_aCryptoFactory,
AS4BidirectionalClientHelper.sendAS4UserMessageAndReceiveAS4SignalMessage (m_aCryptoFactorySign,
m_aCryptoFactoryCrypt,
pmodeResolver (),
incomingAttachmentFactory (),
incomingProfileSelector (),
Expand All @@ -254,6 +255,7 @@ protected final void mainSendMessage () throws Phase4Exception
m_aBuildMessageCallback,
m_aOutgoingDumper,
m_aIncomingDumper,
m_aDecryptRequestDataModifier,
m_aRetryCallback,
m_aResponseConsumer,
m_aSignalMsgConsumer);
Expand Down
4 changes: 3 additions & 1 deletion phase4-entsog-client/src/main/java/com/helger/phase4/entsog/Phase4ENTSOGSender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,8 @@ protected final void mainSendMessage () throws Phase4Exception
aUserMsg.addAttachment (WSS4JAttachment.createOutgoingFileAttachment (aAttachment, aResHelper));

// Main sending
AS4BidirectionalClientHelper.sendAS4UserMessageAndReceiveAS4SignalMessage (m_aCryptoFactory,
AS4BidirectionalClientHelper.sendAS4UserMessageAndReceiveAS4SignalMessage (m_aCryptoFactorySign,
m_aCryptoFactoryCrypt,
pmodeResolver (),
incomingAttachmentFactory (),
incomingProfileSelector (),
Expand All @@ -201,6 +202,7 @@ protected final void mainSendMessage () throws Phase4Exception
m_aBuildMessageCallback,
m_aOutgoingDumper,
m_aIncomingDumper,
m_aDecryptRequestDataModifier,
m_aRetryCallback,
m_aResponseConsumer,
m_aSignalMsgConsumer);
Expand Down
4 changes: 2 additions & 2 deletions phase4-lib/src/main/java/com/helger/phase4/client/AS4ClientPullRequestMessage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,10 @@ public AS4ClientBuiltMessage buildMessage (@Nonnull @Nonempty final String sMess
Document aDoc = aPureDoc;
if (signingParams ().isSigningEnabled ())
{
final IAS4CryptoFactory aCryptoFactory = internalCreateCryptoFactory ();
final IAS4CryptoFactory aCryptoFactorySign = internalGetCryptoFactorySign ();

final boolean bMustUnderstand = true;
final Document aSignedDoc = AS4Signer.createSignedMessage (aCryptoFactory,
final Document aSignedDoc = AS4Signer.createSignedMessage (aCryptoFactorySign,
aDoc,
getSoapVersion (),
aPullRequest.getMessagingID (),
Expand Down
4 changes: 2 additions & 2 deletions phase4-lib/src/main/java/com/helger/phase4/client/AS4ClientReceiptMessage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,10 +165,10 @@ public AS4ClientBuiltMessage buildMessage (@Nonnull @Nonempty final String sMess

if (m_bReceiptShouldBeSigned && signingParams ().isSigningEnabled ())
{
final IAS4CryptoFactory aCryptoFactory = internalCreateCryptoFactory ();
final IAS4CryptoFactory aCryptoFactorySign = internalGetCryptoFactorySign ();

final boolean bMustUnderstand = true;
final Document aSignedDoc = AS4Signer.createSignedMessage (aCryptoFactory,
final Document aSignedDoc = AS4Signer.createSignedMessage (aCryptoFactorySign,
aDoc,
getSoapVersion (),
aReceiptMsg.getMessagingID (),
Expand Down
15 changes: 8 additions & 7 deletions phase4-lib/src/main/java/com/helger/phase4/client/AS4ClientUserMessage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -637,8 +637,7 @@ public AS4ClientBuiltMessage buildMessage (@Nonnull @Nonempty final String sMess
aEbms3CollaborationInfo,
aEbms3PartyInfo,
aEbms3MessageProperties,
getSoapVersion ())
.setMustUnderstand (true);
getSoapVersion ()).setMustUnderstand (true);

if (aCallback != null)
aCallback.onAS4Message (aUserMsg);
Expand All @@ -659,13 +658,13 @@ public AS4ClientBuiltMessage buildMessage (@Nonnull @Nonempty final String sMess
AS4HttpDebug.debug ( () -> "Unsigned/unencrypted UserMessage:\n" +
XMLWriter.getNodeAsString (aPureDoc, AS4HttpDebug.getDebugXMLWriterSettings ()));

final IAS4CryptoFactory aCryptoFactory = internalCreateCryptoFactory ();

// 2a. sign
if (bSign)
{
final IAS4CryptoFactory aCryptoFactorySign = internalGetCryptoFactorySign ();

final boolean bMustUnderstand = true;
final Document aSignedDoc = AS4Signer.createSignedMessage (aCryptoFactory,
final Document aSignedDoc = AS4Signer.createSignedMessage (aCryptoFactorySign,
aDoc,
getSoapVersion (),
aUserMsg.getMessagingID (),
Expand All @@ -685,14 +684,16 @@ public AS4ClientBuiltMessage buildMessage (@Nonnull @Nonempty final String sMess
// 2b. encrypt
if (bEncrypt)
{
final IAS4CryptoFactory aCryptoFactoryCrypt = internalGetCryptoFactoryCrypt ();

// MustUnderstand always set to true
final boolean bMustUnderstand = true;
if (bAttachmentsPresent)
{
aMimeMsg = AS4Encryptor.encryptMimeMessage (getSoapVersion (),
aDoc,
m_aAttachments,
aCryptoFactory,
aCryptoFactoryCrypt,
bMustUnderstand,
getAS4ResourceHelper (),
cryptParams ().getClone ());
Expand All @@ -702,7 +703,7 @@ public AS4ClientBuiltMessage buildMessage (@Nonnull @Nonempty final String sMess
}
else
{
final Document aEncryptedDoc = AS4Encryptor.encryptSoapBodyPayload (aCryptoFactory,
final Document aEncryptedDoc = AS4Encryptor.encryptSoapBodyPayload (aCryptoFactoryCrypt,
getSoapVersion (),
aDoc,
bMustUnderstand,
Expand Down
82 changes: 75 additions & 7 deletions phase4-lib/src/main/java/com/helger/phase4/client/AbstractAS4Client.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,8 @@ public static Supplier <String> createDefaultMessageIDFactory ()
private final EAS4MessageType m_eMessageType;
private final AS4ResourceHelper m_aResHelper;

private IAS4CryptoFactory m_aCryptoFactory;
private IAS4CryptoFactory m_aCryptoFactorySign;
private IAS4CryptoFactory m_aCryptoFactoryCrypt;
private final AS4SigningParams m_aSigningParams = new AS4SigningParams ();
private final AS4CryptParams m_aCryptParams = new AS4CryptParams ();

Expand Down Expand Up @@ -125,12 +126,39 @@ public final AS4ResourceHelper getAS4ResourceHelper ()
}

/**
* This API is no longer usable, because the crypto factories for sign and
* crypt are separated. Use {@link #getAS4CryptoFactorySign()} or
* {@link #getAS4CryptoFactoryCrypt()} instead.
*
* @return The currently set crypto factory. <code>null</code> by default.
*/
@Nullable
@Deprecated (forRemoval = true, since = "2.2.0")
public final IAS4CryptoFactory getAS4CryptoFactory ()
{
return m_aCryptoFactory;
return getAS4CryptoFactorySign ();
}

/**
* @return The currently set crypto factory for signing. <code>null</code> by
* default.
* @since 2.2.0
*/
@Nullable
public final IAS4CryptoFactory getAS4CryptoFactorySign ()
{
return m_aCryptoFactorySign;
}

/**
* @return The currently set crypto factory for crypting. <code>null</code> by
* default.
* @since 2.2.0
*/
@Nullable
public final IAS4CryptoFactory getAS4CryptoFactoryCrypt ()
{
return m_aCryptoFactoryCrypt;
}

/**
Expand All @@ -143,7 +171,38 @@ public final IAS4CryptoFactory getAS4CryptoFactory ()
@Nonnull
public final IMPLTYPE setAS4CryptoFactory (@Nullable final IAS4CryptoFactory aCryptoFactory)
{
m_aCryptoFactory = aCryptoFactory;
return setAS4CryptoFactorySign (aCryptoFactory).setAS4CryptoFactoryCrypt (aCryptoFactory);
}

/**
* Set the crypto factory to be used for signing.
*
* @param aCryptoFactorySign
* The crypto factory to be used. May be <code>null</code>.
* @return this for chaining
* @see #setAS4CryptoFactoryCrypt(IAS4CryptoFactory)
* @since 2.2.0
*/
@Nonnull
public final IMPLTYPE setAS4CryptoFactorySign (@Nullable final IAS4CryptoFactory aCryptoFactorySign)
{
m_aCryptoFactorySign = aCryptoFactorySign;
return thisAsT ();
}

/**
* Set the crypto factory to be used for crypting.
*
* @param aCryptoFactoryCrypt
* The crypto factory to be used. May be <code>null</code>.
* @return this for chaining
* @see #setAS4CryptoFactorySign(IAS4CryptoFactory)
* @since 2.2.0
*/
@Nonnull
public final IMPLTYPE setAS4CryptoFactoryCrypt (@Nullable final IAS4CryptoFactory aCryptoFactoryCrypt)
{
m_aCryptoFactoryCrypt = aCryptoFactoryCrypt;
return thisAsT ();
}

Expand Down Expand Up @@ -357,12 +416,21 @@ public final HttpRetrySettings httpRetrySettings ()
}

@Nonnull
protected IAS4CryptoFactory internalCreateCryptoFactory ()
protected IAS4CryptoFactory internalGetCryptoFactorySign ()
{
if (m_aCryptoFactorySign == null)
throw new IllegalStateException ("No CryptoFactory for signing is configured.");

return m_aCryptoFactorySign;
}

@Nonnull
protected IAS4CryptoFactory internalGetCryptoFactoryCrypt ()
{
if (m_aCryptoFactory == null)
throw new IllegalStateException ("No CryptoFactory is configured.");
if (m_aCryptoFactoryCrypt == null)
throw new IllegalStateException ("No CryptoFactory for crypting is configured.");

return m_aCryptoFactory;
return m_aCryptoFactoryCrypt;
}

public final void setValuesFromPMode (@Nullable final IPMode aPMode, @Nullable final PModeLeg aLeg)
Expand Down
15 changes: 4 additions & 11 deletions phase4-lib/src/main/java/com/helger/phase4/crypto/AS4CryptoFactoryProperties.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,8 +135,7 @@ public final KeyStore getKeyStore ()
{
ret = m_aKeyStore = KeyStoreHelper.loadKeyStore (m_aCryptoProps.getKeyStoreType (),
m_aCryptoProps.getKeyStorePath (),
m_aCryptoProps.getKeyStorePassword ())
.getKeyStore ();
m_aCryptoProps.getKeyStorePassword ()).getKeyStore ();
}
return ret;
}
Expand All @@ -154,8 +153,8 @@ public final KeyStore.PrivateKeyEntry getPrivateKeyEntry ()
ret = m_aPK = KeyStoreHelper.loadPrivateKey (aKeyStore,
m_aCryptoProps.getKeyStorePath (),
m_aCryptoProps.getKeyAlias (),
sKeyPassword == null ? ArrayHelper.EMPTY_CHAR_ARRAY
: sKeyPassword.toCharArray ())
sKeyPassword == null ? ArrayHelper.EMPTY_CHAR_ARRAY : sKeyPassword
.toCharArray ())
.getKeyEntry ();
}
}
Expand Down Expand Up @@ -194,17 +193,11 @@ public final KeyStore getTrustStore ()
{
ret = m_aTrustStore = KeyStoreHelper.loadKeyStore (m_aCryptoProps.getTrustStoreType (),
m_aCryptoProps.getTrustStorePath (),
m_aCryptoProps.getTrustStorePassword ())
.getKeyStore ();
m_aCryptoProps.getTrustStorePassword ()).getKeyStore ();
}
return ret;
}

public boolean isAllowRSA15KeyTransportAlgorithm ()
{
return m_aCryptoProps.isAllowRSA15KeyTransportAlgorithm ();
}

/**
* Read crypto properties from the specified file path.
*
Expand Down
20 changes: 1 addition & 19 deletions phase4-lib/src/main/java/com/helger/phase4/crypto/AS4CryptoProperties.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,6 @@ public class AS4CryptoProperties implements Serializable, ICloneable <AS4CryptoP
/** Truststore password */
public static final String TRUSTSTORE_PASSWORD = "org.apache.wss4j.crypto.merlin.truststore.password";

/** Allow RSA15 Key Transport Algorithm */
public static final String ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM = "org.apache.wss4j.dom.handler.RequestData.allowRSA15KeyTransportAlgorithm";

private NonBlockingProperties m_aProps;

/**
Expand All @@ -86,7 +83,6 @@ public AS4CryptoProperties ()
{
m_aProps = new NonBlockingProperties ();
setCryptoProviderDefault ();
setAllowRSA15KeyTransportAlgorithm (IAS4CryptoFactory.DEFAULT_ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM);
}

/**
Expand Down Expand Up @@ -324,19 +320,6 @@ public final AS4CryptoProperties setTrustStorePassword (@Nullable final String s
return this;
}

public boolean isAllowRSA15KeyTransportAlgorithm ()
{
final String sProp = _getProperty (ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM);
return StringParser.parseBool (sProp, IAS4CryptoFactory.DEFAULT_ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM);
}

@Nonnull
public final AS4CryptoProperties setAllowRSA15KeyTransportAlgorithm (@Nullable final boolean sAllowRSA15KeyTransportAlgorithm)
{
_setProperty (ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, Boolean.toString (sAllowRSA15KeyTransportAlgorithm));
return this;
}

@Nonnull
@ReturnsMutableCopy
public AS4CryptoProperties getClone ()
Expand Down Expand Up @@ -374,8 +357,7 @@ public static AS4CryptoProperties createFromConfig ()
TRUSTSTORE_PROVIDER,
TRUSTSTORE_TYPE,
TRUSTSTORE_FILE,
TRUSTSTORE_PASSWORD,
ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM })
TRUSTSTORE_PASSWORD })
{
final String sConfigValue = aConfig.getAsString (sKey);
if (sConfigValue != null)
Expand Down
Loading

0 comments on commit 5ad3ddc

Please sign in to comment.