protected void decrypt(@Nonnull final IMessage aMsg) throws OpenAS2Exception { final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory(); final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper(); try { final boolean bDisableDecrypt = aMsg.getPartnership().isDisableDecrypt(); final boolean bMsgIsEncrypted = aCryptoHelper.isEncrypted(aMsg.getData()); final boolean bForceDecrypt = aMsg.getPartnership().isForceDecrypt(); if (bMsgIsEncrypted && bDisableDecrypt) { s_aLogger.info( "Message claims to be encrypted but decryption is disabled" + aMsg.getLoggingText()); } else if (bMsgIsEncrypted || bForceDecrypt) { // Decrypt if (bForceDecrypt && !bMsgIsEncrypted) s_aLogger.info("Forced decrypting" + aMsg.getLoggingText()); else if (s_aLogger.isDebugEnabled()) s_aLogger.debug("Decrypting" + aMsg.getLoggingText()); final X509Certificate aReceiverCert = aCertFactory.getCertificate(aMsg, ECertificatePartnershipType.RECEIVER); final PrivateKey aReceiverKey = aCertFactory.getPrivateKey(aMsg, aReceiverCert); final MimeBodyPart aDecryptedData = aCryptoHelper.decrypt(aMsg.getData(), aReceiverCert, aReceiverKey, bForceDecrypt); aMsg.setData(aDecryptedData); // Remember that message was encrypted aMsg.setAttribute(AS2Message.ATTRIBUTE_RECEIVED_ENCRYPTED, Boolean.TRUE.toString()); s_aLogger.info("Successfully decrypted incoming AS2 message" + aMsg.getLoggingText()); } } catch (final Exception ex) { s_aLogger.error("Error decrypting " + aMsg.getLoggingText() + ": " + ex.getMessage()); throw new DispositionException( DispositionType.createError("decryption-failed"), AbstractActiveNetModule.DISP_DECRYPTION_ERROR, ex); } }
protected void verify(@Nonnull final IMessage aMsg) throws OpenAS2Exception { final ICertificateFactory aCertFactory = m_aReceiverModule.getSession().getCertificateFactory(); final ICryptoHelper aCryptoHelper = AS2Helper.getCryptoHelper(); try { final boolean bDisableVerify = aMsg.getPartnership().isDisableVerify(); final boolean bMsgIsSigned = aCryptoHelper.isSigned(aMsg.getData()); final boolean bForceVerify = aMsg.getPartnership().isForceVerify(); if (bMsgIsSigned && bDisableVerify) { s_aLogger.info( "Message claims to be signed but signature validation is disabled" + aMsg.getLoggingText()); } else if (bMsgIsSigned || bForceVerify) { if (bForceVerify && !bMsgIsSigned) s_aLogger.info("Forced verify signature" + aMsg.getLoggingText()); else if (s_aLogger.isDebugEnabled()) s_aLogger.debug("Verifying signature" + aMsg.getLoggingText()); final X509Certificate aSenderCert = aCertFactory.getCertificateOrNull(aMsg, ECertificatePartnershipType.SENDER); boolean bUseCertificateInBodyPart; final ETriState eUseCertificateInBodyPart = aMsg.getPartnership().getVerifyUseCertificateInBodyPart(); if (eUseCertificateInBodyPart.isDefined()) { // Use per partnership bUseCertificateInBodyPart = eUseCertificateInBodyPart.getAsBooleanValue(); } else { // Use global value bUseCertificateInBodyPart = m_aReceiverModule.getSession().isCryptoVerifyUseCertificateInBodyPart(); } final MimeBodyPart aVerifiedData = aCryptoHelper.verify( aMsg.getData(), aSenderCert, bUseCertificateInBodyPart, bForceVerify); aMsg.setData(aVerifiedData); // Remember that message was signed and verified aMsg.setAttribute(AS2Message.ATTRIBUTE_RECEIVED_SIGNED, Boolean.TRUE.toString()); s_aLogger.info( "Successfully verified signature of incoming AS2 message" + aMsg.getLoggingText()); } } catch (final Exception ex) { s_aLogger.error( "Error verifying signature " + aMsg.getLoggingText() + ": " + ex.getMessage()); throw new DispositionException( DispositionType.createError("integrity-check-failed"), AbstractActiveNetModule.DISP_VERIFY_SIGNATURE_FAILED, ex); } }