From a60f7c2eeb723185c59fb10497ba3830b235bc0f Mon Sep 17 00:00:00 2001 From: Philip Helger <philip@helger.com> Date: Sun, 19 Nov 2023 23:49:54 +0100 Subject: [PATCH] Updated docs --- .../soap/SOAPHeaderElementProcessorWSS4J.java | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/phase4-lib/src/main/java/com/helger/phase4/servlet/soap/SOAPHeaderElementProcessorWSS4J.java b/phase4-lib/src/main/java/com/helger/phase4/servlet/soap/SOAPHeaderElementProcessorWSS4J.java index f8c175230..a005222e7 100644 --- a/phase4-lib/src/main/java/com/helger/phase4/servlet/soap/SOAPHeaderElementProcessorWSS4J.java +++ b/phase4-lib/src/main/java/com/helger/phase4/servlet/soap/SOAPHeaderElementProcessorWSS4J.java @@ -112,7 +112,7 @@ private ESuccess _verifyAndDecrypt (@Nonnull final Document aSOAPDoc, @Nonnull final ICommonsList <WSS4JAttachment> aAttachments, @Nonnull final AS4MessageState aState, @Nonnull final ErrorList aErrorList, - @Nonnull final Supplier <WSSConfig> aWSSConfigSupplier) + @Nonnull final Supplier <? extends WSSConfig> aWSSConfigSupplier) { // Default is Leg 1, gets overwritten when a reference to a message id // exists and then uses leg2 @@ -126,7 +126,8 @@ private ESuccess _verifyAndDecrypt (@Nonnull final Document aSOAPDoc, final WSS4JAttachmentCallbackHandler aAttachmentCallbackHandler = new WSS4JAttachmentCallbackHandler (aAttachments, aState.getResourceHelper ()); - // Resolve the WSS config here to ensure the context matches + // Resolve the WSS config here to ensure the context matches (either from + // an instance of globally) final WSSConfig aWSSConfig = aWSSConfigSupplier.get (); if (m_aDecryptParameterModifier != null) @@ -364,6 +365,8 @@ public ESuccess processHeaderElement (@Nonnull final Document aSOAPDoc, final Element aSignatureAlgorithm = XMLHelper.getFirstChildElementOfName (aSignedNode, CAS4.DS_NS, "SignatureMethod"); + + // Get Signing algorithm String sAlgorithm = aSignatureAlgorithm == null ? null : aSignatureAlgorithm.getAttribute ("Algorithm"); final ECryptoAlgorithmSign eSignAlgo = ECryptoAlgorithmSign.getFromURIOrNull (sAlgorithm); if (eSignAlgo == null) @@ -371,14 +374,11 @@ public ESuccess processHeaderElement (@Nonnull final Document aSOAPDoc, LOGGER.error ("Error processing the Security Header, your signing algorithm '" + sAlgorithm + "' is incorrect. Expected one of the following '" + - Arrays.asList (ECryptoAlgorithmSign.values ()) + + Arrays.toString (ECryptoAlgorithmSign.values ()) + "' algorithms"); - aErrorList.add (EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError (aLocale)); - return ESuccess.FAILURE; } - if (LOGGER.isDebugEnabled ()) LOGGER.debug ("Using signature algorithm " + eSignAlgo); @@ -392,11 +392,10 @@ public ESuccess processHeaderElement (@Nonnull final Document aSOAPDoc, LOGGER.error ("Error processing the Security Header, your signing digest algorithm is incorrect. Expected one of the following'" + Arrays.toString (ECryptoAlgorithmSignDigest.values ()) + "' algorithms"); - aErrorList.add (EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError (aLocale)); - return ESuccess.FAILURE; } + if (LOGGER.isDebugEnabled ()) LOGGER.debug ("Using signature digest algorithm " + eSignDigestAlgo); } @@ -409,6 +408,7 @@ public ESuccess processHeaderElement (@Nonnull final Document aSOAPDoc, // Check if Attachment IDs are the same for (int i = 0; i < aAttachments.size (); i++) { + // Get "Content-ID" header String sAttachmentID = aAttachments.get (i).getHeaders ().get (AttachmentUtils.MIME_HEADER_CONTENT_ID); if (StringHelper.hasNoText (sAttachmentID)) { @@ -416,6 +416,8 @@ public ESuccess processHeaderElement (@Nonnull final Document aSOAPDoc, aErrorList.add (EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError (aLocale)); return ESuccess.FAILURE; } + + // Starts with "<attachment="? if (!sAttachmentID.startsWith (WSS4JAttachment.CONTENT_ID_PREFIX)) { LOGGER.error ("The provided attachment ID '" + @@ -426,6 +428,8 @@ public ESuccess processHeaderElement (@Nonnull final Document aSOAPDoc, aErrorList.add (EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError (aLocale)); return ESuccess.FAILURE; } + + // Ends with ">"? if (!sAttachmentID.endsWith (WSS4JAttachment.CONTENT_ID_SUFFIX)) { LOGGER.error ("The provided attachment ID '" + @@ -436,6 +440,7 @@ public ESuccess processHeaderElement (@Nonnull final Document aSOAPDoc, aErrorList.add (EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError (aLocale)); return ESuccess.FAILURE; } + // Strip prefix and suffix sAttachmentID = sAttachmentID.substring (WSS4JAttachment.CONTENT_ID_PREFIX.length (), sAttachmentID.length () -