protected void decrypt(@Nonnull final IMessage aMsg) throws OpenAS2Exception {
final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory();
final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();
try {
final boolean bDisableDecrypt = aMsg.getPartnership().isDisableDecrypt();
final boolean bMsgIsEncrypted = aCryptoHelper.isEncrypted(aMsg.getData());
final boolean bForceDecrypt = aMsg.getPartnership().isForceDecrypt();
if (bMsgIsEncrypted && bDisableDecrypt) {
s_aLogger.info(
"Message claims to be encrypted but decryption is disabled" + aMsg.getLoggingText());
} else if (bMsgIsEncrypted || bForceDecrypt) {
// Decrypt
if (bForceDecrypt && !bMsgIsEncrypted)
s_aLogger.info("Forced decrypting" + aMsg.getLoggingText());
else if (s_aLogger.isDebugEnabled()) s_aLogger.debug("Decrypting" + aMsg.getLoggingText());
final X509Certificate aReceiverCert =
aCertFactory.getCertificate(aMsg, ECertificatePartnershipType.RECEIVER);
final PrivateKey aReceiverKey = aCertFactory.getPrivateKey(aMsg, aReceiverCert);
final MimeBodyPart aDecryptedData =
aCryptoHelper.decrypt(aMsg.getData(), aReceiverCert, aReceiverKey, bForceDecrypt);
aMsg.setData(aDecryptedData);
// Remember that message was encrypted
aMsg.setAttribute(AS2Message.ATTRIBUTE_RECEIVED_ENCRYPTED, Boolean.TRUE.toString());
s_aLogger.info("Successfully decrypted incoming AS2 message" + aMsg.getLoggingText());
}
} catch (final Exception ex) {
s_aLogger.error("Error decrypting " + aMsg.getLoggingText() + ": " + ex.getMessage());
throw new DispositionException(
DispositionType.createError("decryption-failed"),
AbstractActiveNetModule.DISP_DECRYPTION_ERROR,
ex);
}
}
protected void verify(@Nonnull final IMessage aMsg) throws OpenAS2Exception {
final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory();
final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();
try {
final boolean bDisableVerify = aMsg.getPartnership().isDisableVerify();
final boolean bMsgIsSigned = aCryptoHelper.isSigned(aMsg.getData());
final boolean bForceVerify = aMsg.getPartnership().isForceVerify();
if (bMsgIsSigned && bDisableVerify) {
s_aLogger.info(
"Message claims to be signed but signature validation is disabled"
+ aMsg.getLoggingText());
} else if (bMsgIsSigned || bForceVerify) {
if (bForceVerify && !bMsgIsSigned)
s_aLogger.info("Forced verify signature" + aMsg.getLoggingText());
else if (s_aLogger.isDebugEnabled())
s_aLogger.debug("Verifying signature" + aMsg.getLoggingText());
final X509Certificate aSenderCert =
aCertFactory.getCertificateOrNull(aMsg, ECertificatePartnershipType.SENDER);
boolean bUseCertificateInBodyPart;
final ETriState eUseCertificateInBodyPart =
aMsg.getPartnership().getVerifyUseCertificateInBodyPart();
if (eUseCertificateInBodyPart.isDefined()) {
// Use per partnership
bUseCertificateInBodyPart = eUseCertificateInBodyPart.getAsBooleanValue();
} else {
// Use global value
bUseCertificateInBodyPart =
m_aReceiverModule.getSession().isCryptoVerifyUseCertificateInBodyPart();
}
final MimeBodyPart aVerifiedData =
aCryptoHelper.verify(
aMsg.getData(), aSenderCert, bUseCertificateInBodyPart, bForceVerify);
aMsg.setData(aVerifiedData);
// Remember that message was signed and verified
aMsg.setAttribute(AS2Message.ATTRIBUTE_RECEIVED_SIGNED, Boolean.TRUE.toString());
s_aLogger.info(
"Successfully verified signature of incoming AS2 message" + aMsg.getLoggingText());
}
} catch (final Exception ex) {
s_aLogger.error(
"Error verifying signature " + aMsg.getLoggingText() + ": " + ex.getMessage());
throw new DispositionException(
DispositionType.createError("integrity-check-failed"),
AbstractActiveNetModule.DISP_VERIFY_SIGNATURE_FAILED,
ex);
}
}
