Example #1
0
  protected void decrypt(@Nonnull final IMessage aMsg) throws OpenAS2Exception {
    final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory();
    final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();

    try {
      final boolean bDisableDecrypt = aMsg.getPartnership().isDisableDecrypt();
      final boolean bMsgIsEncrypted = aCryptoHelper.isEncrypted(aMsg.getData());
      final boolean bForceDecrypt = aMsg.getPartnership().isForceDecrypt();
      if (bMsgIsEncrypted && bDisableDecrypt) {
        s_aLogger.info(
            "Message claims to be encrypted but decryption is disabled" + aMsg.getLoggingText());
      } else if (bMsgIsEncrypted || bForceDecrypt) {
        // Decrypt
        if (bForceDecrypt && !bMsgIsEncrypted)
          s_aLogger.info("Forced decrypting" + aMsg.getLoggingText());
        else if (s_aLogger.isDebugEnabled()) s_aLogger.debug("Decrypting" + aMsg.getLoggingText());

        final X509Certificate aReceiverCert =
            aCertFactory.getCertificate(aMsg, ECertificatePartnershipType.RECEIVER);
        final PrivateKey aReceiverKey = aCertFactory.getPrivateKey(aMsg, aReceiverCert);
        final MimeBodyPart aDecryptedData =
            aCryptoHelper.decrypt(aMsg.getData(), aReceiverCert, aReceiverKey, bForceDecrypt);
        aMsg.setData(aDecryptedData);
        // Remember that message was encrypted
        aMsg.setAttribute(AS2Message.ATTRIBUTE_RECEIVED_ENCRYPTED, Boolean.TRUE.toString());
        s_aLogger.info("Successfully decrypted incoming AS2 message" + aMsg.getLoggingText());
      }
    } catch (final Exception ex) {
      s_aLogger.error("Error decrypting " + aMsg.getLoggingText() + ": " + ex.getMessage());
      throw new DispositionException(
          DispositionType.createError("decryption-failed"),
          AbstractActiveNetModule.DISP_DECRYPTION_ERROR,
          ex);
    }
  }
Example #2
0
  protected void verify(@Nonnull final IMessage aMsg) throws OpenAS2Exception {
    final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory();
    final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper();

    try {
      final boolean bDisableVerify = aMsg.getPartnership().isDisableVerify();
      final boolean bMsgIsSigned = aCryptoHelper.isSigned(aMsg.getData());
      final boolean bForceVerify = aMsg.getPartnership().isForceVerify();
      if (bMsgIsSigned && bDisableVerify) {
        s_aLogger.info(
            "Message claims to be signed but signature validation is disabled"
                + aMsg.getLoggingText());
      } else if (bMsgIsSigned || bForceVerify) {
        if (bForceVerify && !bMsgIsSigned)
          s_aLogger.info("Forced verify signature" + aMsg.getLoggingText());
        else if (s_aLogger.isDebugEnabled())
          s_aLogger.debug("Verifying signature" + aMsg.getLoggingText());

        final X509Certificate aSenderCert =
            aCertFactory.getCertificateOrNull(aMsg, ECertificatePartnershipType.SENDER);
        boolean bUseCertificateInBodyPart;
        final ETriState eUseCertificateInBodyPart =
            aMsg.getPartnership().getVerifyUseCertificateInBodyPart();
        if (eUseCertificateInBodyPart.isDefined()) {
          // Use per partnership
          bUseCertificateInBodyPart = eUseCertificateInBodyPart.getAsBooleanValue();
        } else {
          // Use global value
          bUseCertificateInBodyPart =
              m_aReceiverModule.getSession().isCryptoVerifyUseCertificateInBodyPart();
        }

        final MimeBodyPart aVerifiedData =
            aCryptoHelper.verify(
                aMsg.getData(), aSenderCert, bUseCertificateInBodyPart, bForceVerify);
        aMsg.setData(aVerifiedData);
        // Remember that message was signed and verified
        aMsg.setAttribute(AS2Message.ATTRIBUTE_RECEIVED_SIGNED, Boolean.TRUE.toString());
        s_aLogger.info(
            "Successfully verified signature of incoming AS2 message" + aMsg.getLoggingText());
      }
    } catch (final Exception ex) {
      s_aLogger.error(
          "Error verifying signature " + aMsg.getLoggingText() + ": " + ex.getMessage());
      throw new DispositionException(
          DispositionType.createError("integrity-check-failed"),
          AbstractActiveNetModule.DISP_VERIFY_SIGNATURE_FAILED,
          ex);
    }
  }