diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 1fb0298d..85962a8a 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,32 +1,29 @@ # OpenAS2 Server -# Version 4.0.0 +# Version 4.1.0 # RELEASE NOTES ----- -The OpenAS2 project is pleased to announce the release of OpenAS2 4.0.0 +The OpenAS2 project is pleased to announce the release of OpenAS2 4.1.0 -The release download file is: OpenAS2Server-4.0.0.zip +The release download file is: OpenAS2Server-4.1.0.zip The zip file contains a PDF document (OpenAS2HowTo.pdf) providing information on installing and using the application. ## NOTE: Testing covers Java 11 to 21. ## Java 8 is NO LONGER SUPPORTED. -Version 4.0.0 - 2024-10-15 +Version 4.1.0 - 2024-12-04 -This is an major change and enhancement release. +This is an enhancement release. **IMPORTANT NOTE**: Please review upgrade notes below if you are upgrading -1. Java 8 is NO LONGER supported. Support is for Java 11 and newer releases only. -2. The logging facade was switched from Jakarta Commons Logging to SLF4J and the default implementation uses the Logback framework. -3. The DB state logging for external databases now uses an Hikari connection pool and persists to the database using a separate thread to improve performance. -4. Switch to Jakarta package for mail and REST API implementations -5. Remove the insecure "remote" socket command processor and associated support class in the OpenAS2 server. -6. Remove redundant packages from maven build. -7. Fix MDN cleanup occurring when resend mode is entered. +1. Support for Elliptic curve certificates. +2. Enhanced support for using SSL with self signed certificates +3. Support PKCS12 certificate keystore for SSL certificates. +4. Significantly updated the OpenAS2HowTo documentation. ##Upgrade Notes See the openAS2HowTo appendix for the general process on upgrading OpenAS2. -### Upgrading to 4.0 or newer any older version: +### Upgrading to 4.0 or newer from any older version: 1. Ensure you implement all logging that you had configured for ealrier versions using the logback configuration or replace with another framework that works with SLF4J facade. See the OpenAS2HowTo.pdf logging section for more details. 2. The property for email configuration in the config.xml changed: Change ALL occurrences of javax.mail.properties to jakarta.mail.properties in config.xml and the .properties file if you implemented it. diff --git a/Server/pom.xml b/Server/pom.xml index a95b5ab4..14a36e3b 100644 --- a/Server/pom.xml +++ b/Server/pom.xml @@ -7,7 +7,7 @@ net.sf.openas2 OpenAS2 - 4.0.0 + 4.1.0 ../pom.xml @@ -24,6 +24,7 @@ ${project.parent.artifactId}Server-${project.version}.zip UTF-8 ${project.basedir}/../docs/OpenAS2HowTo.pdf + ${project.basedir}/../LICENSE.txt ${project.basedir}/../RELEASE-NOTES.md ${project.basedir}/../changes.txt ${project.build.directory}/dist @@ -95,6 +96,8 @@ todir="${package.assembly.dir}" verbose="true"/> + diff --git a/Server/src/bin/gen_p12_key_par.sh b/Server/src/bin/gen_p12_key_par.sh index 39ab7997..aab6c19d 100755 --- a/Server/src/bin/gen_p12_key_par.sh +++ b/Server/src/bin/gen_p12_key_par.sh @@ -73,7 +73,7 @@ if [ "1" != "$IS_AUTOMATED_EXEC" ]; then echo "Generate a certificate to a PKCS12 key store." echo "Generating certificate: using alias $certAlias to ${tgtStore}.p12 $PRE_GEN_MSG_ADDITIONAL" read -p "Do you wish to execute this request? [Y/N]" Response - if [ $Response != "Y" -a $Response != "y" ] ; then + if [ "$Response" != "Y" -a "$Response" != "y" ] ; then exit 1 fi read -p "Enter password for keystore:" ksPwd diff --git a/Server/src/config/config.xml b/Server/src/config/config.xml index 026e4dd4..e4a3db99 100644 --- a/Server/src/config/config.xml +++ b/Server/src/config/config.xml @@ -1,10 +1,22 @@ - + interval="$properties.as2_keystore.refresh_interval$"/> + @@ -117,20 +135,6 @@ format="sender.as2_id, receiver.as2_id, attributes.filename" mimetype="application/EDI-X12"/> --> - - + protocol="$properties.module.HealthCheckModule.protocol" + address="$properties.module.HealthCheckModule.address$" + port="$properties.module.HealthCheckModule.port$" + ssl_keystore="$properties.module.HealthCheckModule.ssl_keystore$" + ssl_keystore_password="$properties.module.HealthCheckModule.ssl_keystore_password$"/> - + diff --git a/Server/src/config/openas2.properties.sample b/Server/src/config/openas2.properties.sample index 7d75929a..dea476f3 100644 --- a/Server/src/config/openas2.properties.sample +++ b/Server/src/config/openas2.properties.sample @@ -1,10 +1,31 @@ storageBaseDir=/opt/MyCompanyAS2/data -as2_keystore=$properties.storageBaseDir$/as2_certs.p12 +# Where to find the partnerships XML file partnership_file=$properties.storageBaseDir$/partnerships.xml +# the path to and name ofthe keystore fiule containing the AS2 certificates +as2_keystore=$properties.storageBaseDir$/as2_certs.p12 +# The password for the AS2 certificates keystore as2_keystore_password=032scali +# The time between checks for a changed AS2 keystore file +as2_keystore.refesh_interval=300 +# The keystore for SSL certificates if SSL is enabled +ssl_keystore=$properties.storageBaseDir$/ssl_certs.jks +# The SSL certificates keystore password +ssl_keystore_password=testas2 +# The SSL certificates keystore interval in seconds checking for changed file +ssl_trust_keystore.refresh_interval=300 +# The trusted Self Signed SSL certificates keystore +ssl_trust_keystore=%home%/ssl_trust_certs.p12 +# The trusted Self Signed SSL certificates keystore password +ssl_trust_keystore_password=testas2 +# The trusted Self Signed SSL certificates keystore interval in seconds checking for changed file +ssl_trust_keystore.refresh_interval=300 +# The format of the logging entry timestamp log_date_format=yyyy-MM-dd HH:mm:ss.SSS +# The SQL servers timestamp format - default is SQL92 so should work for most DB's sql_timestamp_format=yyyy-MM-dd HH:mm:ss.SSS +# The AS2 message ID is generated using this property as2_message_id_format=$date.ddMMyyyyHHmmssZ$-$rand.UUID$ +# The AS2 message payload file name fallback option if it is not passed in the AS2 message headers as2_receive_message_filename_fallback=$rand.shortUUID$ log_invalid_http_request=false # The command processor that works within the command line console after startup. NOT to be used for production deployments. @@ -46,26 +67,47 @@ module.AS2MDNReceiverModule.https.enabled=false module.AS2MDNReceiverModule.https.port=10444 # Supports a healthcheck API to monitor the OpenAS2 server module.HealthCheckModule.enabled=false +# The host address that the healthcheck module binds to +module.HealthCheckModule.address=localhost # What port can the healthcheck module run on -module.HealthCheckModule.port="10099" +module.HealthCheckModule.port=10099 # The ASYNC URL that will be used if you tunr on ASYN mode MDN for a partner. Can be overridden explicitly in the partnership definition #as2_async_mdn_url=https://myas2.mycomany.com:$properties.module.AS2MDNReceiverModule.https.port$ -# The keystore for SSL certificates if SSL is enabled -ssl_keystore=$properties.storageBaseDir$/ssl_certs.jks -# The SSL certificates keystore password -ssl_keystore_password=Fantini0101 # The location of the DB tracking database if using the H@ database which is the default in OpenAS2 msg_tracking.db_directory=$properties.storageBaseDir$/DB +# Use the H2 embedded database that is the default for OpenAS2. Change to false for other DB's msg_tracking.use_embedded_db=true +# Only necessary for older JDBC drivers. Mostly just ignored. msg_tracking.force_load_jdbc_driver=false +# Database user name msg_tracking.db_user=sa +# Database password msg_tracking.db_pwd=OpenAS2 +# Database instance name msg_tracking.db_name=openas2 +# Database tracking table name msg_tracking.table_name=msg_metadata +# Database JDBC driver msg_tracking.jdbc_driver=org.h2.Driver +# The JDBC connect string. The below string is specific to H2 database msg_tracking.jdbc_connect_string=jdbc:h2:$component.db_directory$/$component.db_name$ msg_tracking.sql_escape_character=' +# Specific to the embedded database that comes with OpenAS2. Ignored otherwise. msg_tracking.tcp_server_start=true +# Specific to the embedded database that comes with OpenAS2. Ignored otherwise. msg_tracking.tcp_server_port=10092 +# Specific to the embedded database that comes with OpenAS2. Ignored otherwise. msg_tracking.tcp_server_password=openas2 +# Requires all received AS2 messages to be signed. If you have a partner who requires sending unsigned messages then change this to false reject_unsigned_messages=true +# The following are all related to the partnership based directory poller. +pollerConfigBase.outboxdir=$properties.storageBaseDir$/outbox/$partnership.receiver.as2_id$ +pollerConfigBase.errordir=$properties.storageBaseDir$/outbox/error/$date.YYYY$-$date.MM$-$date.dd$/$partnership.receiver.as2_id$ +pollerConfigBase.interval=5 +pollerConfigBase.defaults=sender.as2_id=$partnership.sender.as2_id$, receiver.as2_id=$partnership.receiver.as2_id$ +pollerConfigBase.sendfilename=true +pollerConfigBase.mimetype=application/EDI-X12 +pollerConfigBase.process_files_in_paralllel=false +pollerConfigBase.max_parallel_files=20 +# The time between checks for a changed partnerships.xml file for auto reload. +partnerships.polling.interval=120 \ No newline at end of file diff --git a/Server/src/main/java/CheckCertificate.java b/Server/src/main/java/CheckCertificate.java index 60f66db5..ccd543f6 100644 --- a/Server/src/main/java/CheckCertificate.java +++ b/Server/src/main/java/CheckCertificate.java @@ -221,7 +221,7 @@ public int CheckCertStore(String host, int port, String uri, String targetKeySto private void checkUsingApacheHttp(String host, int port, String uri, String targetKeyStore, String keyStorePwd) throws Exception { System.out.println("Trying using Apache HTTP Client..."); - Map httpOptions = new HashMap(); + Map httpOptions = new HashMap(); if (auth_user != null) { httpOptions.put(HTTPUtil.PARAM_HTTP_USER, auth_user); httpOptions.put(HTTPUtil.PARAM_HTTP_PWD, auth_pwd); diff --git a/Server/src/main/java/org/openas2/BaseSession.java b/Server/src/main/java/org/openas2/BaseSession.java index 3c9697e7..b6ca390d 100644 --- a/Server/src/main/java/org/openas2/BaseSession.java +++ b/Server/src/main/java/org/openas2/BaseSession.java @@ -54,8 +54,8 @@ public void stop() throws Exception { } } - public CertificateFactory getCertificateFactory() throws ComponentNotFoundException { - return (CertificateFactory) getComponent(CertificateFactory.COMPID_CERTIFICATE_FACTORY); + public CertificateFactory getCertificateFactory(String componentID) throws ComponentNotFoundException { + return (CertificateFactory) getComponent(componentID); } public Map> getPolledDirectories() { @@ -71,10 +71,14 @@ public void setPolledDirectories(Map> polledDirector * * @param componentID registers the component to this ID * @param comp component to register + * @throws OpenAS2Exception * @see Component */ - public void setComponent(String componentID, Component comp) { + public void setComponent(String componentID, Component comp) throws OpenAS2Exception { Map objects = getComponents(); + if (objects.containsKey(componentID)) { + throw new OpenAS2Exception("A component with this ID has already been regiostered: " + componentID); + } objects.put(componentID, comp); } @@ -207,6 +211,10 @@ public DirectoryPollingModule getPartnershipPoller(String senderAs2Id, String re public void loadPartnershipPoller(Node moduleNode, String partnershipName, String configSource) throws OpenAS2Exception { DirectoryPollingModule procmod = (DirectoryPollingModule) XMLUtil.getComponent(moduleNode, this); + if (procmod == null) { + // Must be disable so do nothing + return; + } String pollerDir = procmod.getParameters().get(DirectoryPollingModule.PARAM_OUTBOX_DIRECTORY); try { checkPollerModuleConfig(pollerDir); diff --git a/Server/src/main/java/org/openas2/Session.java b/Server/src/main/java/org/openas2/Session.java index 3640e5ff..4213a719 100644 --- a/Server/src/main/java/org/openas2/Session.java +++ b/Server/src/main/java/org/openas2/Session.java @@ -51,7 +51,7 @@ public interface Session { * @see CertificateFactory * @see Component */ - CertificateFactory getCertificateFactory() throws ComponentNotFoundException; + CertificateFactory getCertificateFactory(String componentID) throws ComponentNotFoundException; /** * Gets the Component currently registered with an ID diff --git a/Server/src/main/java/org/openas2/XMLSession.java b/Server/src/main/java/org/openas2/XMLSession.java index 2e086db9..5229594b 100644 --- a/Server/src/main/java/org/openas2/XMLSession.java +++ b/Server/src/main/java/org/openas2/XMLSession.java @@ -5,9 +5,9 @@ import org.openas2.cmd.CommandManager; import org.openas2.cmd.CommandRegistry; import org.openas2.cmd.processor.BaseCommandProcessor; +import org.openas2.lib.util.StringEnvVarReplacer; import org.openas2.lib.xml.PropertyReplacementFilter; import org.openas2.params.CompositeParameters; -import org.openas2.params.InvalidParameterException; import org.openas2.params.ParameterParser; import org.openas2.message.MessageFactory; import org.openas2.partner.Partnership; @@ -137,10 +137,10 @@ protected void load(InputStream in) throws Exception { * Finally checks if an additional property file was provided and loads those. * * @param propNode - the "properties" element of the configuration file containing property values - * @throws InvalidParameterException * @throws IOException + * @throws OpenAS2Exception */ - private void loadProperties(Node propNode) throws InvalidParameterException, IOException { + private void loadProperties(Node propNode) throws IOException, OpenAS2Exception { LOGGER.info("Loading properties..."); Map properties = XMLUtil.mapAttributes(propNode, false); @@ -151,7 +151,11 @@ private void loadProperties(Node propNode) throws InvalidParameterException, IOE Properties.setProperties(properties); String appPropsFile = System.getProperty(Properties.OPENAS2_PROPERTIES_FILE_PROP); if (appPropsFile != null && appPropsFile.length() > 1) { + LOGGER.info("Processing OpenAS2 configuration properties file: {}", appPropsFile); java.util.Properties appProps = new java.util.Properties(); + // Support $ENV{some_env_var} reploacement in properties + StringEnvVarReplacer envVarReplacer = new StringEnvVarReplacer(); + envVarReplacer.setAppHomeDir(getBaseDirectory()); FileInputStream fis = null; try { fis = new FileInputStream(appPropsFile); @@ -159,11 +163,13 @@ private void loadProperties(Node propNode) throws InvalidParameterException, IOE Enumeration enuKeys = appProps.keys(); while (enuKeys.hasMoreElements()) { String key = (String) enuKeys.nextElement(); - Properties.setProperty(key, appProps.getProperty(key)); + String val = envVarReplacer.replace(appProps.getProperty(key)); + Properties.setProperty(key, val); + LOGGER.debug("Adding OpenAS2 properties file property: {} : {}", key, val); } } catch (FileNotFoundException e) { - LOGGER.warn("Custom properties file specified but cannot be located:" + appPropsFile); + throw new OpenAS2Exception("Custom properties file specified but cannot be located:" + appPropsFile, e); } catch (IOException e) { LOGGER.warn("Custom properties file load failed:" + appPropsFile, e); } finally { @@ -171,8 +177,7 @@ private void loadProperties(Node propNode) throws InvalidParameterException, IOE try { fis.close(); } catch (IOException e) { - // TODO Auto-generated catch block - LOGGER.warn("Failed to close properties fiel input stream.", e); + LOGGER.warn("Failed to close properties file input stream.", e); } } } @@ -184,15 +189,14 @@ private void loadProperties(Node propNode) throws InvalidParameterException, IOE // Pass "true" to ignore unmatched parse ID's in case the properties contain dynamic parameters needed for JIT evaluation CompositeParameters parser = new CompositeParameters(true); parser.setReturnParamStringForMissingParsers(true); - for (Map.Entry entry : properties.entrySet()) { + for (Map.Entry entry : Properties.getProperties().entrySet()) { + String key = entry.getKey(); String val = entry.getValue(); - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Parsing property: " + entry.getKey() + " : " + val); - } + LOGGER.debug("Parsing property: {} : {}", key, val); String parsedVal = ParameterParser.parse(val, parser); // Parser will return empty string if there is an unmatched parser ID in the string if (parsedVal.length() > 0 && !val.equals(parsedVal)) { - String key = entry.getKey(); + LOGGER.debug("Overriding property with new parsed value: {} : {}", key, parsedVal); // Put the changed value into the Properties set Properties.setProperty(key, parsedVal); } @@ -217,7 +221,12 @@ private void loadProperties(Node propNode) throws InvalidParameterException, IOE private void loadCertificates(Node rootNode) throws OpenAS2Exception { CertificateFactory certFx = (CertificateFactory) XMLUtil.getComponent(rootNode, this); - setComponent(CertificateFactory.COMPID_CERTIFICATE_FACTORY, certFx); + if (certFx == null) { + // Must be disable so do nothing + return; + } + String identifier = certFx.getIdentifier(); + setComponent(identifier, certFx); } private void loadBasePartnershipPollerConfig(Node node) throws OpenAS2Exception { @@ -230,6 +239,10 @@ public Node getBasePartnershipPollerConfig() throws OpenAS2Exception { private void loadCommands(Node rootNode) throws OpenAS2Exception { Component component = XMLUtil.getComponent(rootNode, this); + if (component == null) { + // Must be disable so do nothing + return; + } commandRegistry = (CommandRegistry) component; } @@ -256,6 +269,10 @@ private void loadCommandProcessors(Node rootNode) throws OpenAS2Exception { private void loadCommandProcessor(CommandManager manager, Node cmdPrcessorNode) throws OpenAS2Exception { BaseCommandProcessor cmdProcesor = (BaseCommandProcessor) XMLUtil.getComponent(cmdPrcessorNode, this); + if (cmdProcesor == null) { + // Must be disable so do nothing + return; + } manager.addProcessor(cmdProcesor); setComponent(cmdProcesor.getName(), cmdProcesor); @@ -265,11 +282,19 @@ private void loadPartnerships(Node rootNode) throws OpenAS2Exception { LOGGER.info("Loading partnerships..."); PartnershipFactory partnerFx = (PartnershipFactory) XMLUtil.getComponent(rootNode, this); + if (partnerFx == null) { + // Must be disable so do nothing + return; + } setComponent(PartnershipFactory.COMPID_PARTNERSHIP_FACTORY, partnerFx); } private void loadProcessor(Node rootNode) throws OpenAS2Exception { Processor proc = (Processor) XMLUtil.getComponent(rootNode, this); + if (proc == null) { + // Must be disable so do nothing + return; + } setComponent(Processor.COMPID_PROCESSOR, proc); LOGGER.info("Loading processor nodes..."); @@ -308,7 +333,7 @@ private void loadProcessorModule(Processor proc, Node moduleNode) throws OpenAS2 // If there is a format node then this is a generic poller module Node formatNode = moduleNode.getAttributes().getNamedItem("format"); if (formatNode == null) { - throw new OpenAS2Exception("Invalid poller module coniguration: " + moduleNode.toString()); + throw new OpenAS2Exception("Invalid poller module coniguration. Missing the \"format\" attribute in the module: " + moduleNode.getNodeName()); } partnershipName = "generic"; } else { @@ -319,6 +344,10 @@ private void loadProcessorModule(Processor proc, Node moduleNode) throws OpenAS2 return; } ProcessorModule procmod = (ProcessorModule) XMLUtil.getComponent(moduleNode, this); + if (procmod == null) { + // Must be disable so do nothing + return; + } proc.getModules().add(procmod); } @@ -369,6 +398,10 @@ public String getAppTitle() { private void loadMessages(Node rootNode) throws OpenAS2Exception { LOGGER.info("Loading messages..."); MessageFactory messageFx = (MessageFactory) XMLUtil.getComponent(rootNode, this); + if (messageFx == null) { + // Must be disable so do nothing + return; + } setComponent(MessageFactory.COMPID_MESSAGE_FACTORY, messageFx); } } diff --git a/Server/src/main/java/org/openas2/app/cert/AliasedCertCommand.java b/Server/src/main/java/org/openas2/app/cert/AliasedCertCommand.java index b89afab0..1ff13c50 100644 --- a/Server/src/main/java/org/openas2/app/cert/AliasedCertCommand.java +++ b/Server/src/main/java/org/openas2/app/cert/AliasedCertCommand.java @@ -11,7 +11,7 @@ public abstract class AliasedCertCommand extends BaseCommand { public CommandResult execute(Object[] params) { try { - CertificateFactory certFx = getSession().getCertificateFactory(); + CertificateFactory certFx = getSession().getCertificateFactory(CertificateFactory.COMPID_AS2_CERTIFICATE_FACTORY); if (certFx instanceof AliasedCertificateFactory) { return execute((AliasedCertificateFactory) certFx, params); diff --git a/Server/src/main/java/org/openas2/app/cert/ImportCertCommand.java b/Server/src/main/java/org/openas2/app/cert/ImportCertCommand.java index 35f92bb8..2e7ff041 100644 --- a/Server/src/main/java/org/openas2/app/cert/ImportCertCommand.java +++ b/Server/src/main/java/org/openas2/app/cert/ImportCertCommand.java @@ -9,12 +9,8 @@ import java.io.BufferedInputStream; import java.io.FileInputStream; import java.io.IOException; -import java.security.Key; import java.security.KeyStore; -import java.security.cert.Certificate; import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Enumeration; public class ImportCertCommand extends AliasedCertCommand { public String getDefaultDescription() { @@ -61,22 +57,11 @@ public CommandResult execute(AliasedCertificateFactory certFx, Object[] params) protected CommandResult importCert(AliasedCertificateFactory certFx, String alias, String filename) throws IOException, CertificateException, OpenAS2Exception { FileInputStream fis = new FileInputStream(filename); BufferedInputStream bis = new BufferedInputStream(fis); - - java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509"); - - CommandResult cmdRes = new CommandResult(CommandResult.TYPE_OK, "Certificate(s) imported successfully"); - - while (bis.available() > 0) { - Certificate cert = cf.generateCertificate(bis); - - if (cert instanceof X509Certificate) { - certFx.addCertificate(alias, (X509Certificate) cert, true); - cmdRes.getResults().add("Imported certificate: " + cert.toString()); - - return cmdRes; - } + if (certFx.importCert(alias, bis)) { + CommandResult cmdRes = new CommandResult(CommandResult.TYPE_OK, "Certificate(s) imported successfully"); + cmdRes.getResults().add("Imported certificate: " + certFx.getCertificate(alias).toString()); + return cmdRes; } - return new CommandResult(CommandResult.TYPE_ERROR, "No valid X509 certificates found"); } @@ -84,23 +69,9 @@ protected CommandResult importPrivateKey(AliasedCertificateFactory certFx, Strin KeyStore ks = AS2Util.getCryptoHelper().getKeyStore(); ks.load(new FileInputStream(filename), password.toCharArray()); - Enumeration aliases = ks.aliases(); - - while (aliases.hasMoreElements()) { - String certAlias = aliases.nextElement(); - Certificate cert = ks.getCertificate(certAlias); - - if (cert instanceof X509Certificate) { - certFx.addCertificate(alias, (X509Certificate) cert, true); - - Key certKey = ks.getKey(certAlias, password.toCharArray()); - certFx.addPrivateKey(alias, certKey, password); - - return new CommandResult(CommandResult.TYPE_OK, "Imported certificate and key: " + cert.toString()); - } + if (certFx.importPrivateKey(alias, ks, password)) { + return new CommandResult(CommandResult.TYPE_OK, "Imported certificate and key: " + certFx.getPrivateKey(alias).toString()); } - return new CommandResult(CommandResult.TYPE_ERROR, "No valid X509 certificates found"); - } } diff --git a/Server/src/main/java/org/openas2/app/cert/ImportCertInEncodedStreamCommand.java b/Server/src/main/java/org/openas2/app/cert/ImportCertInEncodedStreamCommand.java index 1c76ffd9..16806fda 100644 --- a/Server/src/main/java/org/openas2/app/cert/ImportCertInEncodedStreamCommand.java +++ b/Server/src/main/java/org/openas2/app/cert/ImportCertInEncodedStreamCommand.java @@ -42,20 +42,10 @@ public CommandResult execute(AliasedCertificateFactory certFx, Object[] params) protected CommandResult importCert(AliasedCertificateFactory certFx, String alias, String encodedCert) throws IOException, CertificateException, OpenAS2Exception { ByteArrayInputStream bais = new ByteArrayInputStream(ByteCoder.decode(encodedCert).getBytes()); - - java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509"); - - CommandResult cmdRes = new CommandResult(CommandResult.TYPE_OK, "Certificate(s) imported successfully"); - - while (bais.available() > 0) { - Certificate cert = cf.generateCertificate(bais); - - if (cert instanceof X509Certificate) { - certFx.addCertificate(alias, (X509Certificate) cert, true); - cmdRes.getResults().add("Imported certificate: " + cert.toString()); - - return cmdRes; - } + if (certFx.importCert(alias, bais)) { + CommandResult cmdRes = new CommandResult(CommandResult.TYPE_OK, "Certificate(s) imported successfully"); + cmdRes.getResults().add("Imported certificate: " + certFx.getCertificate(alias).toString()); + return cmdRes; } return new CommandResult(CommandResult.TYPE_ERROR, "No valid X509 certificates found"); diff --git a/Server/src/main/java/org/openas2/cert/AliasedCertificateFactory.java b/Server/src/main/java/org/openas2/cert/AliasedCertificateFactory.java index 9b9d7d1c..bf90acea 100644 --- a/Server/src/main/java/org/openas2/cert/AliasedCertificateFactory.java +++ b/Server/src/main/java/org/openas2/cert/AliasedCertificateFactory.java @@ -2,7 +2,14 @@ import org.openas2.OpenAS2Exception; +import java.io.IOException; +import java.io.InputStream; import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Map; @@ -21,4 +28,8 @@ public interface AliasedCertificateFactory extends CertificateFactory { void removeCertificate(X509Certificate cert) throws OpenAS2Exception; void removeCertificate(String alias) throws OpenAS2Exception; + + boolean importCert(String alias, InputStream encodedCertStream) throws IOException, CertificateException, OpenAS2Exception; + + boolean importPrivateKey(String alias, KeyStore ks, String password) throws KeyStoreException, OpenAS2Exception, UnrecoverableKeyException, NoSuchAlgorithmException; } diff --git a/Server/src/main/java/org/openas2/cert/CertificateFactory.java b/Server/src/main/java/org/openas2/cert/CertificateFactory.java index b4e85c31..0f0c2db6 100644 --- a/Server/src/main/java/org/openas2/cert/CertificateFactory.java +++ b/Server/src/main/java/org/openas2/cert/CertificateFactory.java @@ -2,14 +2,18 @@ import org.openas2.Component; import org.openas2.OpenAS2Exception; +import org.openas2.params.InvalidParameterException; import java.security.PrivateKey; import java.security.cert.X509Certificate; public interface CertificateFactory extends Component { - String COMPID_CERTIFICATE_FACTORY = "certificatefactory"; + String COMPID_AS2_CERTIFICATE_FACTORY = "as2_certs"; + String COMPID_SSL_TRUST_CERTIFICATE_FACTORY = "ssl_trust_certs"; PrivateKey getPrivateKey(String alias) throws OpenAS2Exception; X509Certificate getCertificate(String alias) throws OpenAS2Exception; + + String getIdentifier() throws InvalidParameterException; } diff --git a/Server/src/main/java/org/openas2/cert/PKCS12CertificateFactory.java b/Server/src/main/java/org/openas2/cert/PKCS12CertificateFactory.java index e49522c5..96a00baa 100644 --- a/Server/src/main/java/org/openas2/cert/PKCS12CertificateFactory.java +++ b/Server/src/main/java/org/openas2/cert/PKCS12CertificateFactory.java @@ -1,305 +1,28 @@ package org.openas2.cert; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import java.io.File; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.TimeUnit; + import org.openas2.OpenAS2Exception; -import org.openas2.Session; -import org.openas2.WrappedException; import org.openas2.params.InvalidParameterException; import org.openas2.schedule.HasSchedule; import org.openas2.support.FileMonitorAdapter; -import org.openas2.util.AS2Util; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.PrivateKey; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; -import java.util.concurrent.ScheduledExecutorService; -import java.util.concurrent.TimeUnit; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -public class PKCS12CertificateFactory extends BaseCertificateFactory implements AliasedCertificateFactory, KeyStoreCertificateFactory, StorableCertificateFactory, HasSchedule { - public static final String PARAM_FILENAME = "filename"; - public static final String PARAM_PASSWORD = "password"; - public static final String PARAM_INTERVAL = "interval"; - private KeyStore keyStore; +/** + * Supports keystores on the file system that require automatic refresh of the cached certs + * when changes to the file occurs whilst OpenAS2 is running. + */ +public class PKCS12CertificateFactory extends X509CertificateFactory implements HasSchedule { private Logger logger = LoggerFactory.getLogger(PKCS12CertificateFactory.class); - public X509Certificate getCertificate(String alias) throws OpenAS2Exception { - try { - KeyStore ks = getKeyStore(); - X509Certificate cert = (X509Certificate) ks.getCertificate(alias); - - if (cert == null) { - throw new CertificateNotFoundException(null, alias); - } - - return cert; - } catch (KeyStoreException kse) { - throw new WrappedException(kse); - } - } - - public Map getCertificates() throws OpenAS2Exception { - KeyStore ks = getKeyStore(); - - try { - Map certs = new HashMap(); - String certAlias; - - Enumeration e = ks.aliases(); - - while (e.hasMoreElements()) { - certAlias = e.nextElement(); - certs.put(certAlias, (X509Certificate) ks.getCertificate(certAlias)); - } - - return certs; - } catch (GeneralSecurityException gse) { - throw new WrappedException(gse); - } - } - private int getRefreshInterval() throws InvalidParameterException { return getParameterInt(PARAM_INTERVAL, false); } - public String getFilename() throws InvalidParameterException { - return getParameter(PARAM_FILENAME, true); - } - - public void setFilename(String filename) { - getParameters().put(PARAM_FILENAME, filename); - } - - public KeyStore getKeyStore() { - return keyStore; - } - - public void setKeyStore(KeyStore keyStore) { - this.keyStore = keyStore; - } - - public char[] getPassword() throws InvalidParameterException { - return getParameter(PARAM_PASSWORD, true).toCharArray(); - } - - public void setPassword(char[] password) { - getParameters().put(PARAM_PASSWORD, new String(password)); - } - - public PrivateKey getPrivateKey(String alias) throws OpenAS2Exception { - if (alias == null) { - throw new OpenAS2Exception("Keystore alias cannot be found for method getPrivateKey(alias) call. Check that the x509_alias attribute is set correctly in the partnership."); - } - KeyStore ks = getKeyStore(); - try { - PrivateKey key = (PrivateKey) ks.getKey(alias, getPassword()); - if (key == null) { - throw new OpenAS2Exception("The private key was not found for alias. Check that the private key has been added to the keystore for the alias: " + alias); - } - return key; - } catch (GeneralSecurityException e) { - throw new OpenAS2Exception("Unexpected error occured fetching private key: " + e.getMessage(), e); - } - } - - @SuppressWarnings("unused") - private PrivateKey getPrivateKey(X509Certificate cert) throws OpenAS2Exception { - KeyStore ks = getKeyStore(); - String alias = null; - - try { - alias = ks.getCertificateAlias(cert); - - if (alias == null) { - throw new KeyNotFoundException(cert, "-- alias null from getCertificateAlias(cert) call. Check that the x509_alias attribute is set correctly in the partnership."); - } - - PrivateKey key = (PrivateKey) ks.getKey(alias, getPassword()); - - if (key == null) { - throw new KeyNotFoundException(cert, "-- key null from getKey(" + alias + ") call. Check that the private key has been added to the keystore for the alias: " + alias); - } - - return key; - } catch (GeneralSecurityException e) { - throw new KeyNotFoundException(cert, alias, e); - } - } - - public void addCertificate(String alias, X509Certificate cert, boolean overwrite) throws OpenAS2Exception { - KeyStore ks = getKeyStore(); - - try { - if (ks.containsAlias(alias) && !overwrite) { - throw new CertificateExistsException(alias); - } - - ks.setCertificateEntry(alias, cert); - save(getFilename(), getPassword()); - } catch (GeneralSecurityException gse) { - throw new WrappedException(gse); - } - } - - public void addPrivateKey(String alias, Key key, String password) throws OpenAS2Exception { - KeyStore ks = getKeyStore(); - - try { - if (!ks.containsAlias(alias)) { - throw new CertificateNotFoundException(null, alias); - } - - Certificate[] certChain = ks.getCertificateChain(alias); - if (certChain == null) { - X509Certificate x509cert = (X509Certificate) ks.getCertificate(alias); - if (x509cert.getSubjectX500Principal().equals(x509cert.getIssuerX500Principal())) { - // Trust chain is to itself - certChain = new X509Certificate[]{x509cert, x509cert}; - if (logger.isInfoEnabled()) { - logger.info("Detected self-signed certificate and allowed import. Alias: " + alias); - } - } - } - ks.setKeyEntry(alias, key, password.toCharArray(), certChain); - - save(getFilename(), getPassword()); - } catch (GeneralSecurityException gse) { - throw new WrappedException(gse); - } - } - - public void clearCertificates() throws OpenAS2Exception { - KeyStore ks = getKeyStore(); - - try { - Enumeration aliases = ks.aliases(); - - while (aliases.hasMoreElements()) { - ks.deleteEntry(aliases.nextElement()); - } - - save(getFilename(), getPassword()); - } catch (GeneralSecurityException gse) { - throw new WrappedException(gse); - } - } - - public void init(Session session, Map options) throws OpenAS2Exception { - super.init(session, options); - - // Override the password if it was passed as a system property - String pwd = System.getProperty("org.openas2.cert.Password"); - if (pwd != null) { - setPassword(pwd.toCharArray()); - } - try { - this.keyStore = AS2Util.getCryptoHelper().getKeyStore(); - } catch (Exception e) { - throw new WrappedException(e); - } - load(); - } - - public void load(String filename, char[] password) throws OpenAS2Exception { - try { - FileInputStream fIn = new FileInputStream(filename); - - load(fIn, password); - - fIn.close(); - } catch (IOException ioe) { - throw new WrappedException(ioe); - } - } - - public void load(InputStream in, char[] password) throws OpenAS2Exception { - try { - KeyStore ks = getKeyStore(); - - synchronized (ks) { - ks.load(in, password); - } - } catch (IOException ioe) { - throw new WrappedException(ioe); - } catch (GeneralSecurityException gse) { - throw new WrappedException(gse); - } - } - - public void load() throws OpenAS2Exception { - load(getFilename(), getPassword()); - } - - public void removeCertificate(X509Certificate cert) throws OpenAS2Exception { - KeyStore ks = getKeyStore(); - - try { - String alias = ks.getCertificateAlias(cert); - - if (alias == null) { - throw new CertificateNotFoundException(cert); - } - - removeCertificate(alias); - } catch (GeneralSecurityException gse) { - throw new WrappedException(gse); - } - } - - public void removeCertificate(String alias) throws OpenAS2Exception { - KeyStore ks = getKeyStore(); - - try { - if (ks.getCertificate(alias) == null) { - throw new CertificateNotFoundException(null, alias); - } - - ks.deleteEntry(alias); - save(getFilename(), getPassword()); - } catch (GeneralSecurityException gse) { - throw new WrappedException(gse); - } - } - - public void save() throws OpenAS2Exception { - save(getFilename(), getPassword()); - } - - public void save(String filename, char[] password) throws OpenAS2Exception { - try { - FileOutputStream fOut = new FileOutputStream(filename, false); - - save(fOut, password); - - fOut.close(); - } catch (IOException ioe) { - throw new WrappedException(ioe); - } - } - - public void save(OutputStream out, char[] password) throws OpenAS2Exception { - try { - getKeyStore().store(out, password); - } catch (IOException ioe) { - throw new WrappedException(ioe); - } catch (GeneralSecurityException gse) { - throw new WrappedException(gse); - } - } @Override public void schedule(ScheduledExecutorService executor) throws OpenAS2Exception { diff --git a/Server/src/main/java/org/openas2/cert/X509CertificateFactory.java b/Server/src/main/java/org/openas2/cert/X509CertificateFactory.java new file mode 100644 index 00000000..cc764771 --- /dev/null +++ b/Server/src/main/java/org/openas2/cert/X509CertificateFactory.java @@ -0,0 +1,485 @@ +package org.openas2.cert; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.openas2.OpenAS2Exception; +import org.openas2.Session; +import org.openas2.WrappedException; +import org.openas2.params.InvalidParameterException; +import org.openas2.util.AS2Util; +import org.apache.commons.io.FileUtils; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.FileWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.Key; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; +import java.util.Random; + +public class X509CertificateFactory extends BaseCertificateFactory implements AliasedCertificateFactory, KeyStoreCertificateFactory, StorableCertificateFactory { + public static final String PARAM_IDENTIFIER = "identifier"; + public static final String PARAM_FILENAME = "filename"; + public static final String PARAM_PASSWORD = "password"; + public static final String PARAM_INTERVAL = "interval"; + private KeyStore keyStore; + + private Logger logger = LoggerFactory.getLogger(X509CertificateFactory.class); + + public X509Certificate getCertificate(String alias) throws OpenAS2Exception { + try { + KeyStore ks = getKeyStore(); + X509Certificate cert = (X509Certificate) ks.getCertificate(alias); + + if (cert == null) { + throw new CertificateNotFoundException(null, alias); + } + + return cert; + } catch (KeyStoreException kse) { + throw new WrappedException(kse); + } + } + + public Map getCertificates() throws OpenAS2Exception { + KeyStore ks = getKeyStore(); + + try { + Map certs = new HashMap(); + String certAlias; + + Enumeration e = ks.aliases(); + + while (e.hasMoreElements()) { + certAlias = e.nextElement(); + certs.put(certAlias, (X509Certificate) ks.getCertificate(certAlias)); + } + + return certs; + } catch (GeneralSecurityException gse) { + throw new WrappedException(gse); + } + } + + public String getIdentifier() throws InvalidParameterException { + String identifier = getParameter(PARAM_IDENTIFIER, false); + if (identifier == null) { + // For backwards compatibility, no identifier means the original as2_certs factory + identifier = CertificateFactory.COMPID_AS2_CERTIFICATE_FACTORY; + } + return identifier; + } + + public String getFilename() throws InvalidParameterException { + return getParameter(PARAM_FILENAME, true); + } + + public void setFilename(String filename) { + getParameters().put(PARAM_FILENAME, filename); + } + + public KeyStore getKeyStore() { + return keyStore; + } + + public void setKeyStore(KeyStore keyStore) { + this.keyStore = keyStore; + } + + public char[] getPassword() throws InvalidParameterException { + return getParameter(PARAM_PASSWORD, true).toCharArray(); + } + + public void setPassword(char[] password) { + getParameters().put(PARAM_PASSWORD, new String(password)); + } + + public PrivateKey getPrivateKey(String alias) throws OpenAS2Exception { + if (alias == null) { + throw new OpenAS2Exception("Keystore alias not set in call to method getPrivateKey(alias). Check that the x509_alias attribute is set correctly in the partnership."); + } + KeyStore ks = getKeyStore(); + try { + PrivateKey key = (PrivateKey) ks.getKey(alias, getPassword()); + if (key == null) { + throw new OpenAS2Exception("The private key was not found for alias: " + alias + " -- Check that the private key has been added to the keystore for the alias: " + alias); + } + return key; + } catch (GeneralSecurityException e) { + throw new OpenAS2Exception("Unexpected error occured fetching private key for alias: " + alias + " -- " + e.getMessage(), e); + } + } + + @SuppressWarnings("unused") + private PrivateKey getPrivateKey(X509Certificate cert) throws OpenAS2Exception { + KeyStore ks = getKeyStore(); + String alias = null; + + try { + alias = ks.getCertificateAlias(cert); + + if (alias == null) { + throw new KeyNotFoundException(cert, "-- certificate lookup for matching certificate failed. Make sure the correct matching certificate has been installed in the keystore."); + } + + PrivateKey key = (PrivateKey) ks.getKey(alias, getPassword()); + + if (key == null) { + throw new KeyNotFoundException(cert, "-- private key not found in certificate. Check that the private key has been added to the keystore for the alias: " + alias); + } + + return key; + } catch (GeneralSecurityException e) { + throw new KeyNotFoundException(cert, alias, e); + } + } + + public void addCertificate(String alias, X509Certificate cert, boolean overwrite) throws OpenAS2Exception { + KeyStore ks = getKeyStore(); + + try { + if (ks.containsAlias(alias) && !overwrite) { + throw new CertificateExistsException(alias); + } + + ks.setCertificateEntry(alias, cert); + save(getFilename(), getPassword()); + } catch (GeneralSecurityException gse) { + throw new WrappedException(gse); + } + } + + public void addPrivateKey(String alias, Key key, String password) throws OpenAS2Exception { + KeyStore ks = getKeyStore(); + + try { + if (!ks.containsAlias(alias)) { + throw new CertificateNotFoundException(null, alias); + } + + Certificate[] certChain = ks.getCertificateChain(alias); + if (certChain == null) { + X509Certificate x509cert = (X509Certificate) ks.getCertificate(alias); + if (x509cert.getSubjectX500Principal().equals(x509cert.getIssuerX500Principal())) { + // Trust chain is to itself + certChain = new X509Certificate[]{x509cert, x509cert}; + if (logger.isInfoEnabled()) { + logger.info("Detected self-signed certificate and allowed import. Alias: " + alias); + } + } + } + ks.setKeyEntry(alias, key, password.toCharArray(), certChain); + + save(getFilename(), getPassword()); + } catch (GeneralSecurityException gse) { + throw new WrappedException(gse); + } + } + + public boolean importCert(String alias, InputStream encodedCertStream) throws IOException, CertificateException, OpenAS2Exception { + java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509"); + while (encodedCertStream.available() > 0) { + Certificate cert = cf.generateCertificate(encodedCertStream); + if (cert instanceof X509Certificate) { + addCertificate(alias, (X509Certificate) cert, true); + return true; + } + } + // Could not convert stream to a certificate + return false; + } + + public boolean importPrivateKey(String alias, KeyStore ks, String password) throws KeyStoreException, OpenAS2Exception, UnrecoverableKeyException, NoSuchAlgorithmException { + Enumeration aliases = ks.aliases(); + while (aliases.hasMoreElements()) { + String certAlias = aliases.nextElement(); + Certificate cert = ks.getCertificate(certAlias); + if (cert instanceof X509Certificate) { + addCertificate(alias, (X509Certificate) cert, true); + Key certKey = ks.getKey(certAlias, password.toCharArray()); + addPrivateKey(alias, certKey, password); + return true; + } + } + return false; + } + + public void clearCertificates() throws OpenAS2Exception { + KeyStore ks = getKeyStore(); + + try { + Enumeration aliases = ks.aliases(); + + while (aliases.hasMoreElements()) { + ks.deleteEntry(aliases.nextElement()); + } + + save(getFilename(), getPassword()); + } catch (GeneralSecurityException gse) { + throw new WrappedException(gse); + } + } + + /** + * @param keyAlg - key algorithm eg RSA, DSA, EC + * @param keySize - normally a binary multiple eg 2048 + * @return - the key pair + * @throws OpenAS2Exception + * @throws NoSuchAlgorithmException + */ + public KeyPair generateKeyPair(String keyAlg, int keySize) throws OpenAS2Exception { + KeyPairGenerator keyPairGenerator; + try { + keyPairGenerator = KeyPairGenerator.getInstance(keyAlg); + } catch (NoSuchAlgorithmException e) { + throw new OpenAS2Exception("Failed to create key pair genertor.", e); + } + keyPairGenerator.initialize(keySize, new SecureRandom()); + return keyPairGenerator.generateKeyPair(); + } + + /** + * @param alias + * @param distinguishedName - provide in this format: "CN=test.openas2.org,O=OpenAS2 Foundation,L=London,C=UK" + * @param hashAlg - hashing algorithm for the certificate;; eg "SHA256" + * @param keyAlg - key algorithm for the certificate. eg. RSA, EC + * @param keySizec - typically at least 2048 for security + * @param validDays - how many days from current time will the certificate be valid for + * @throws OpenAS2Exception + */ + public void genSelfSignedCertificate( + String alias, + String distinguishedName, + String hashAlg, + String keyAlg, + int keySize, + int validDays) throws OpenAS2Exception { + + KeyPair kp = generateKeyPair(keyAlg, keySize); + ASN1Sequence seq = null; + try (ASN1InputStream asn1InputStream = new ASN1InputStream(kp.getPublic().getEncoded())) { + seq= (ASN1Sequence) asn1InputStream.readObject(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + //SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded()); + SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(seq); + String signatureAlg = hashAlg + "With" + keyAlg; + if (keyAlg=="EC") { + signatureAlg += "DSA"; + } + X500Name x500Name = new X500Name(distinguishedName); + long currentTime = System.currentTimeMillis(); + Date notBefore = new Date(currentTime); + Date notAfter = new Date(currentTime + (1000L * 3600L * 24 * validDays)); + X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( + x500Name, + new BigInteger(64, new Random()), + notBefore, + notAfter, + x500Name, + subPubKeyInfo + ); + try { + SubjectKeyIdentifier ski = new SubjectKeyIdentifier(subPubKeyInfo.getEncoded()); + certBuilder.addExtension(Extension.subjectKeyIdentifier, false, ski); + } catch (IOException e) { + throw new OpenAS2Exception("Failed to add SubjectKeyIdentifier extension when generating certificate.", e); + } + ContentSigner signer; + try { + signer = new JcaContentSignerBuilder(signatureAlg) + .setProvider(new BouncyCastleProvider()) + .build(kp.getPrivate()); + } catch (OperatorCreationException e) { + throw new OpenAS2Exception("Failed to create signer when generating certificate.", e); + } + X509CertificateHolder certificateHolder = certBuilder.build(signer); + try { + X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder); + addCertificate(alias, cert, false); + addPrivateKey(alias, kp.getPrivate(), new String(getPassword())); + } catch (CertificateException e) { + throw new OpenAS2Exception("Failed to generate new certificate.", e); + } + } + + public void init(Session session, Map options) throws OpenAS2Exception { + super.init(session, options); + + // Override the password if it was passed as a system property + String pwd = System.getProperty("org.openas2.cert.Password"); + if (pwd != null) { + setPassword(pwd.toCharArray()); + } + try { + this.keyStore = AS2Util.getCryptoHelper().getKeyStore(); + } catch (Exception e) { + throw new WrappedException(e); + } + load(); + } + + public void load(String filename, char[] password) throws OpenAS2Exception { + try { + FileInputStream fIn = new FileInputStream(filename); + + load(fIn, password); + + fIn.close(); + } catch (IOException ioe) { + throw new WrappedException(ioe); + } + } + + public void load(InputStream in, char[] password) throws OpenAS2Exception { + try { + KeyStore ks = getKeyStore(); + + synchronized (ks) { + ks.load(in, password); + } + } catch (IOException ioe) { + throw new WrappedException(ioe); + } catch (GeneralSecurityException gse) { + throw new WrappedException(gse); + } + } + + public void load() throws OpenAS2Exception { + load(getFilename(), getPassword()); + } + + public void removeCertificate(X509Certificate cert) throws OpenAS2Exception { + KeyStore ks = getKeyStore(); + + try { + String alias = ks.getCertificateAlias(cert); + + if (alias == null) { + throw new CertificateNotFoundException(cert); + } + + removeCertificate(alias); + } catch (GeneralSecurityException gse) { + throw new WrappedException(gse); + } + } + + public void removeCertificate(String alias) throws OpenAS2Exception { + KeyStore ks = getKeyStore(); + + try { + if (ks.getCertificate(alias) == null) { + throw new CertificateNotFoundException(null, alias); + } + + ks.deleteEntry(alias); + save(getFilename(), getPassword()); + } catch (GeneralSecurityException gse) { + throw new WrappedException(gse); + } + } + + public void save() throws OpenAS2Exception { + save(getFilename(), getPassword()); + } + + public void save(String filename, char[] password) throws OpenAS2Exception { + try { + FileOutputStream fOut = new FileOutputStream(filename, false); + + save(fOut, password); + + fOut.close(); + } catch (IOException ioe) { + throw new WrappedException(ioe); + } + } + + public void save(OutputStream out, char[] password) throws OpenAS2Exception { + try { + getKeyStore().store(out, password); + } catch (IOException ioe) { + throw new WrappedException(ioe); + } catch (GeneralSecurityException gse) { + throw new WrappedException(gse); + } + } + + /** + * Exports the public key to a PKCS12 keystore file. + * + * @param filename - name of the Keystore file to export the certificate to + * @param password - password for the keystore + * @throws Exception + */ + public void exportPublicKey(String filename, String srcAlias, String tgtAlias, char[] password) throws Exception { + KeyStore ks = AS2Util.getCryptoHelper().getKeyStore(); + ks.load(null, null); // Inialises keystore + // Get the certificate entry containing public key and insert to keystore + ks.setCertificateEntry(tgtAlias, getCertificate(srcAlias)); + try (FileOutputStream fOut = new FileOutputStream(filename, false)) { + ks.store(fOut, password); + } catch (IOException ioe) { + throw new WrappedException(ioe); + } + } + + /** + * Exports public key in PEM or DER encoding to a file. + * @param filename - name of the file to store the encoded certificate to + * @param srcAlias - the alis of the public key in the factory object + * @param outputFormat - supports "DER" or "PEM + * @throws Exception + */ + public void exportPublicKey(String filename, String srcAlias, String outputFormat) throws Exception { + File certFile = new File(filename); + if ("DER".equalsIgnoreCase(outputFormat)) { + byte[] derEncodedCert = getCertificate(srcAlias).getEncoded(); + FileUtils.writeByteArrayToFile(certFile, derEncodedCert); + } else if ("PEM".equalsIgnoreCase(outputFormat)) { + try (FileWriter fw = new FileWriter(certFile); JcaPEMWriter pemWriter = new JcaPEMWriter(fw)) { + //String pemStr = Base64.getEncoder().encodeToString(derEncodedCert); + pemWriter.writeObject(getCertificate(srcAlias)); + pemWriter.flush(); + } + } else { + throw new OpenAS2Exception("Unsupported certificate encoding format: " + outputFormat); + } + } +} diff --git a/Server/src/main/java/org/openas2/cmd/XMLCommandRegistry.java b/Server/src/main/java/org/openas2/cmd/XMLCommandRegistry.java index 673d7aff..87bc5883 100644 --- a/Server/src/main/java/org/openas2/cmd/XMLCommandRegistry.java +++ b/Server/src/main/java/org/openas2/cmd/XMLCommandRegistry.java @@ -63,7 +63,10 @@ public void refresh() throws OpenAS2Exception { protected void loadCommand(Node node, MultiCommand parent) throws OpenAS2Exception { Command cmd = (Command) XMLUtil.getComponent(node, getSession()); - + if (cmd == null) { + // Must be disabled so do nothing + return; + } if (parent != null) { parent.getCommands().add(cmd); } else { diff --git a/Server/src/main/java/org/openas2/cmd/processor/restapi/ApiResource.java b/Server/src/main/java/org/openas2/cmd/processor/restapi/ApiResource.java index 0a9768f5..a5bf91a2 100644 --- a/Server/src/main/java/org/openas2/cmd/processor/restapi/ApiResource.java +++ b/Server/src/main/java/org/openas2/cmd/processor/restapi/ApiResource.java @@ -8,6 +8,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; import org.openas2.cert.AliasedCertificateFactory; +import org.openas2.cert.CertificateFactory; import org.openas2.cmd.CommandResult; import org.openas2.cmd.processor.RestCommandProcessor; @@ -225,7 +226,7 @@ private CommandResult importCertificateByStream(String itemId, MultivaluedMap envVars; + private final String HOME_DIR_PLACEHOLDER = "%home%"; + private String appHomeDir = null; + + public StringEnvVarReplacer() { + super(); + this.envVars = System.getenv(); + } + + public StringEnvVarReplacer(Map env_vars) { + super(); + this.envVars = env_vars; + } + + public void setEnvVarMap(Map envVarMap) { + this.envVars = envVarMap; + } + + public void setAppHomeDir(String appHomeDir) { + this.appHomeDir = appHomeDir; + } + + public String replace(String input) throws OpenAS2Exception { + if (this.appHomeDir != null) { + input = input.replace(this.HOME_DIR_PLACEHOLDER, this.appHomeDir); + } + StringBuffer strBuf = new StringBuffer(); + Matcher matcher = ENV_VAR_PATTERN.matcher(input); + while (matcher.find()) { + String key = matcher.group(1); + String value = envVars.get(key); + + if (value == null) { + throw new OpenAS2Exception("Missing environment variable for replacement: " + matcher.group() + " Using key: " + key); + } else { + matcher.appendReplacement(strBuf, Matcher.quoteReplacement(value)); + } + } + matcher.appendTail(strBuf); + + return strBuf.toString(); + } + +} diff --git a/Server/src/main/java/org/openas2/lib/xml/PropertyReplacementFilter.java b/Server/src/main/java/org/openas2/lib/xml/PropertyReplacementFilter.java index 23c1d437..1e3eb952 100644 --- a/Server/src/main/java/org/openas2/lib/xml/PropertyReplacementFilter.java +++ b/Server/src/main/java/org/openas2/lib/xml/PropertyReplacementFilter.java @@ -1,5 +1,7 @@ package org.openas2.lib.xml; +import org.openas2.OpenAS2Exception; +import org.openas2.lib.util.StringEnvVarReplacer; import org.xml.sax.Attributes; import org.xml.sax.SAXException; import org.xml.sax.XMLReader; @@ -7,12 +9,9 @@ import org.xml.sax.helpers.XMLFilterImpl; import java.util.Map; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - /** - * Supports replacing XML element properties with system environment variables. + * An XML handler to support replacing XML element properties with system environment variables. * Support for system properties is provided in the AS2Util.attributeEnhancer method * */ @@ -23,32 +22,32 @@ public void endElement(String uri, String localName, String qName) throws SAXExc super.endElement(uri, localName, qName); } - private static final Pattern ENV_VAR_PATTERN = Pattern.compile("\\$ENV\\{([^\\}]++)\\}"); - private final Map env_vars; - private final String HOME_DIR_PLACEHOLDER = "%home%"; + @SuppressWarnings("unused") private String appHomeDir = null; + private final StringEnvVarReplacer envVarReplacer = new StringEnvVarReplacer(); public PropertyReplacementFilter() { super(); - this.env_vars = System.getenv(); + envVarReplacer.setEnvVarMap(System.getenv()); } - public PropertyReplacementFilter(Map env_vars) { + public PropertyReplacementFilter(Map envVars) { super(); - this.env_vars = env_vars; + envVarReplacer.setEnvVarMap(envVars); } public PropertyReplacementFilter(XMLReader parent) { this(parent, System.getenv()); } - public PropertyReplacementFilter(XMLReader parent, Map env_vars) { + public PropertyReplacementFilter(XMLReader parent, Map envVars) { super(parent); - this.env_vars = env_vars; + envVarReplacer.setEnvVarMap(envVars); } public void setAppHomeDir(String appHomeDir) { this.appHomeDir = appHomeDir; + envVarReplacer.setAppHomeDir(appHomeDir); } /** @@ -58,7 +57,12 @@ public void setAppHomeDir(String appHomeDir) { */ @Override public void characters(char[] data, int start, int length) throws SAXException { - char[] value = this.replace(String.copyValueOf(data, start, length)).toCharArray(); + char[] value; + try { + value = envVarReplacer.replace(String.copyValueOf(data, start, length)).toCharArray(); + } catch (OpenAS2Exception e) { + throw new SAXException(e); + } super.characters(value, 0, value.length); } @@ -74,31 +78,13 @@ public void startElement(String uri, String localName, String qName, Attributes int length = attributes.getLength(); for (int i = 0; i < length; ++i) { - attributes.setValue(i, this.replace(attributes.getValue(i))); - } - - super.startElement(uri, localName, qName, attributes); - } - - private String replace(String input) throws SAXException { - if (this.appHomeDir != null) { - input = input.replace(this.HOME_DIR_PLACEHOLDER, this.appHomeDir); - } - StringBuffer strBuf = new StringBuffer(); - Matcher matcher = ENV_VAR_PATTERN.matcher(input); - while (matcher.find()) { - String key = matcher.group(1); - String value = env_vars.get(key); - - if (value == null) { - throw new SAXException("Missing environment variable for replacement: " + matcher.group() + " Using key: " + key); - } else { - matcher.appendReplacement(strBuf, Matcher.quoteReplacement(value)); + try { + attributes.setValue(i, envVarReplacer.replace(attributes.getValue(i))); + } catch (OpenAS2Exception e) { + throw new SAXException(e); } } - matcher.appendTail(strBuf); - return strBuf.toString(); + super.startElement(uri, localName, qName, attributes); } - } diff --git a/Server/src/main/java/org/openas2/processor/receiver/AS2ReceiverHandler.java b/Server/src/main/java/org/openas2/processor/receiver/AS2ReceiverHandler.java index f0af3707..32967676 100644 --- a/Server/src/main/java/org/openas2/processor/receiver/AS2ReceiverHandler.java +++ b/Server/src/main/java/org/openas2/processor/receiver/AS2ReceiverHandler.java @@ -311,7 +311,7 @@ protected AS2Message createMessage(Socket s) { } protected String decryptAndVerify(AS2Message msg) throws OpenAS2Exception { - CertificateFactory certFx = getModule().getSession().getCertificateFactory(); + CertificateFactory certFx = getModule().getSession().getCertificateFactory(CertificateFactory.COMPID_AS2_CERTIFICATE_FACTORY); ICryptoHelper ch; String mic = null; @@ -633,7 +633,7 @@ public void createMDNData(Session session, MessageMDN mdn, String micAlg, String reportPart.setHeader(MimeUtil.MIME_CONTENT_TYPE_KEY, unfoldHeaders?MimeUtility.unfold(reportMultiPart.getContentType()):reportMultiPart.getContentType()); // Sign the data if needed if (signatureProtocol != null) { - CertificateFactory certFx = session.getCertificateFactory(); + CertificateFactory certFx = session.getCertificateFactory(CertificateFactory.COMPID_AS2_CERTIFICATE_FACTORY); try { // The receiver of the original message is the sender of the MDN - sign with the receivers private key diff --git a/Server/src/main/java/org/openas2/processor/receiver/NetModule.java b/Server/src/main/java/org/openas2/processor/receiver/NetModule.java index adfc0aa0..61940e45 100644 --- a/Server/src/main/java/org/openas2/processor/receiver/NetModule.java +++ b/Server/src/main/java/org/openas2/processor/receiver/NetModule.java @@ -102,7 +102,7 @@ public boolean healthcheck(List failures) { if (logger.isTraceEnabled()) { logger.trace("Helthcheck about to try URL: " + urlString); } - Map options = new HashMap(); + Map options = new HashMap(); options.put(HTTPUtil.HTTP_PROP_OVERRIDE_SSL_CHECKS, "true"); ResponseWrapper rw = HTTPUtil.execRequest(HTTPUtil.Method.GET, urlString, null, null, null, options, 0L, false); if (200 != rw.getStatusCode()) { @@ -209,18 +209,20 @@ protected class HTTPServerThread extends Thread { ksPass = owner.getParameter(PARAM_SSL_KEYSTORE_PASSWORD, true).toCharArray(); } catch (InvalidParameterException e) { logger.error("Required SSL parameter missing.", e); - throw new IOException("Failed to retireve require SSL parameters. Check config XML"); + throw new IOException("Failed to retrieve required SSL parameters. Check config XML"); } + // Support either JKS or PKCS12 keystores with default being JKS (for now) + String keyStoreType = (ksName.endsWith(".p12")?"PKCS12":"JKS"); KeyStore ks; try { - ks = KeyStore.getInstance("JKS"); + ks = KeyStore.getInstance(keyStoreType); } catch (KeyStoreException e) { logger.error("Failed to initialise SSL keystore.", e); throw new IOException("Error initialising SSL keystore"); } - try { - ks.load(new FileInputStream(ksName), ksPass); - } catch (NoSuchAlgorithmException e) { + try (FileInputStream fis = new FileInputStream(ksName)) { + ks.load(fis, ksPass); + } catch (NoSuchAlgorithmException | IOException e) { logger.error("Failed to load keystore: " + ksName, e); throw new IOException("Error loading SSL keystore"); } catch (CertificateException e) { @@ -229,7 +231,7 @@ protected class HTTPServerThread extends Thread { } KeyManagerFactory kmf; try { - kmf = KeyManagerFactory.getInstance("SunX509"); + kmf = KeyManagerFactory.getInstance("PKIX"); } catch (NoSuchAlgorithmException e) { logger.error("Failed to create key manager instance", e); throw new IOException("Error creating SSL key manager instance"); @@ -243,7 +245,7 @@ protected class HTTPServerThread extends Thread { // setup the trust manager factory TrustManagerFactory tmf; try { - tmf = TrustManagerFactory.getInstance("SunX509"); + tmf = TrustManagerFactory.getInstance("PKIX"); tmf.init(ks); } catch (Exception e1) { logger.error("Failed to create trust manager instance", e1); diff --git a/Server/src/main/java/org/openas2/processor/sender/AS2SenderModule.java b/Server/src/main/java/org/openas2/processor/sender/AS2SenderModule.java index 1d5d8ee0..adb796f0 100644 --- a/Server/src/main/java/org/openas2/processor/sender/AS2SenderModule.java +++ b/Server/src/main/java/org/openas2/processor/sender/AS2SenderModule.java @@ -183,7 +183,7 @@ private void sendMessage(String url, Message msg, MimeBodyPart securedData) thro logger.info("Connecting to: " + url + msg.getLogMsgID()); } - Map httpOptions = getHttpOptions(); + Map httpOptions = getHttpOptions(); httpOptions.put(HTTPUtil.PARAM_HTTP_USER, msg.getPartnership().getAttribute(HTTPUtil.PARAM_HTTP_USER)); httpOptions.put(HTTPUtil.PARAM_HTTP_PWD, msg.getPartnership().getAttribute(HTTPUtil.PARAM_HTTP_PWD)); long maxSize = msg.getPartnership().getNoChunkedMaxSize(); @@ -268,7 +268,7 @@ private boolean resend(Message msg, OpenAS2Exception cause, boolean keepRestored * @return The secured mimebodypart * @throws Exception some unforseen issue has occurred */ - protected MimeBodyPart secure(Message msg) throws Exception { + public MimeBodyPart secure(Message msg) throws Exception { // Set up encrypt/sign variables MimeBodyPart dataBP = msg.getData(); /* @@ -331,7 +331,7 @@ protected MimeBodyPart secure(Message msg) throws Exception { dataBP = AS2Util.getCryptoHelper().compress(msg, dataBP, compressionType, contentTxfrEncoding); } // Encrypt and/or sign the data if requested - CertificateFactory certFx = getSession().getCertificateFactory(); + CertificateFactory certFx = getSession().getCertificateFactory(CertificateFactory.COMPID_AS2_CERTIFICATE_FACTORY); // Sign the data if requested if (sign) { @@ -437,7 +437,7 @@ protected void addCustomOuterMimeHeaders(Message msg, MimeBodyPart dataBP) throw } } - protected InternetHeaders getHttpHeaders(Message msg, MimeBodyPart securedData) throws MessagingException { + public InternetHeaders getHttpHeaders(Message msg, MimeBodyPart securedData) throws MessagingException { Partnership partnership = msg.getPartnership(); InternetHeaders ih = new InternetHeaders(); diff --git a/Server/src/main/java/org/openas2/processor/sender/HttpSenderModule.java b/Server/src/main/java/org/openas2/processor/sender/HttpSenderModule.java index b38cab8f..000c198d 100644 --- a/Server/src/main/java/org/openas2/processor/sender/HttpSenderModule.java +++ b/Server/src/main/java/org/openas2/processor/sender/HttpSenderModule.java @@ -3,7 +3,10 @@ import java.util.HashMap; import java.util.Map; +import org.openas2.ComponentNotFoundException; import org.openas2.OpenAS2Exception; +import org.openas2.cert.CertificateFactory; +import org.openas2.cert.X509CertificateFactory; import org.openas2.util.HTTPUtil; public abstract class HttpSenderModule extends BaseSenderModule { @@ -11,14 +14,22 @@ public abstract class HttpSenderModule extends BaseSenderModule { public static final String PARAM_READ_TIMEOUT = "readtimeout"; public static final String PARAM_CONNECT_TIMEOUT = "connecttimeout"; public static final String PARAM_SOCKET_TIMEOUT = "sockettimeout"; + public static final String PARAM_CUSTOM_SSL_TRUST_STORE = "custom_ssl_trust_store"; // private Logger logger = LoggerFactory.getLogger(HttpSenderModule.class); - public Map getHttpOptions() throws OpenAS2Exception { - Map options = new HashMap(); + public Map getHttpOptions() throws OpenAS2Exception { + Map options = new HashMap(); options.put(HTTPUtil.PARAM_READ_TIMEOUT, getParameter(PARAM_READ_TIMEOUT, "60000")); options.put(HTTPUtil.PARAM_CONNECT_TIMEOUT, getParameter(PARAM_CONNECT_TIMEOUT, "60000")); options.put(HTTPUtil.PARAM_SOCKET_TIMEOUT, getParameter(PARAM_SOCKET_TIMEOUT, "60000")); + try { + X509CertificateFactory cf = (X509CertificateFactory) getSession().getCertificateFactory(CertificateFactory.COMPID_SSL_TRUST_CERTIFICATE_FACTORY); + if (cf != null) { + options.put(PARAM_CUSTOM_SSL_TRUST_STORE, cf.getKeyStore()); + } + } catch (ComponentNotFoundException e) { + } return options; } } diff --git a/Server/src/main/java/org/openas2/processor/sender/MDNSenderModule.java b/Server/src/main/java/org/openas2/processor/sender/MDNSenderModule.java index 5e012d76..ed15e7e4 100644 --- a/Server/src/main/java/org/openas2/processor/sender/MDNSenderModule.java +++ b/Server/src/main/java/org/openas2/processor/sender/MDNSenderModule.java @@ -142,7 +142,7 @@ private boolean sendAsyncMDN(MessageMDN mdn, String url, DispositionType disposi logger.debug("ASYNC MDN attempting connection to: " + url + mdn.getMessage().getLogMsgID()); } long maxSize = msg.getPartnership().getNoChunkedMaxSize(); - Map httpOptions = getHttpOptions(); + Map httpOptions = getHttpOptions(); httpOptions.put(HTTPUtil.PARAM_HTTP_USER, msg.getPartnership().getAttribute(HTTPUtil.PARAM_HTTP_USER)); httpOptions.put(HTTPUtil.PARAM_HTTP_PWD, msg.getPartnership().getAttribute(HTTPUtil.PARAM_HTTP_PWD)); // Convert the MimebodyPart to a string so we know how big it is to set Content-Length diff --git a/Server/src/main/java/org/openas2/test/MimeBodyPartEncodingTest.java b/Server/src/main/java/org/openas2/test/MimeBodyPartEncodingTest.java index 280fe856..d2062253 100644 --- a/Server/src/main/java/org/openas2/test/MimeBodyPartEncodingTest.java +++ b/Server/src/main/java/org/openas2/test/MimeBodyPartEncodingTest.java @@ -105,7 +105,7 @@ public static void main(String[] args) { session.getPartnershipFactory().updatePartnership(msg, true); msg.updateMessageID(); - CertificateFactory certFx = session.getCertificateFactory(); + CertificateFactory certFx = session.getCertificateFactory(CertificateFactory.COMPID_AS2_CERTIFICATE_FACTORY); String x509_alias = msg.getPartnership().getAlias(Partnership.PTYPE_SENDER); X509Certificate senderCert = certFx.getCertificate(x509_alias); diff --git a/Server/src/main/java/org/openas2/util/AS2Util.java b/Server/src/main/java/org/openas2/util/AS2Util.java index f5f8a8a4..2071d862 100644 --- a/Server/src/main/java/org/openas2/util/AS2Util.java +++ b/Server/src/main/java/org/openas2/util/AS2Util.java @@ -54,13 +54,20 @@ public static ICryptoHelper getCryptoHelper() throws Exception { public static String generateMessageID(Message msg, boolean isMDN) throws InvalidParameterException { String idFormat = null; - CompositeParameters params = new CompositeParameters(false).add("date", new DateParameters()).add("msg", new MessageParameters(msg)).add("rand", new RandomParameters()); + CompositeParameters params = new CompositeParameters( + false).add("date", + new DateParameters()).add("msg", + new MessageParameters(msg)).add("rand",new RandomParameters() + ); if (isMDN) { params.add("mdn", new MessageMDNParameters(msg.getMDN())); idFormat = msg.getPartnership().getAttributeOrProperty(Properties.AS2_MDN_MESSAGE_ID_FORMAT, null); } if (idFormat == null) { - idFormat = msg.getPartnership().getAttributeOrProperty(Properties.AS2_MESSAGE_ID_FORMAT, ""); + idFormat = msg.getPartnership().getAttributeOrProperty( + Properties.AS2_MESSAGE_ID_FORMAT, + "" + ); } String id = ParameterParser.parse(idFormat, params); // RFC822 requires enclosing message in <> but AS2 spec provides for this to be @@ -497,7 +504,7 @@ public static boolean processMDN(AS2Message msg, byte[] data, OutputStream out, logger.error(msg.getLogMsg(), e1); return AS2Util.resend(session, sourceClass, SenderModule.DO_SEND, msg, new OpenAS2Exception(e1), true, false); } - CertificateFactory cFx = session.getCertificateFactory(); + CertificateFactory cFx = session.getCertificateFactory(CertificateFactory.COMPID_AS2_CERTIFICATE_FACTORY); String x509_alias = mdn.getPartnership().getAlias(Partnership.PTYPE_RECEIVER); X509Certificate senderCert = cFx.getCertificate(x509_alias); diff --git a/Server/src/main/java/org/openas2/util/HTTPUtil.java b/Server/src/main/java/org/openas2/util/HTTPUtil.java index 9f63b666..a9babb82 100644 --- a/Server/src/main/java/org/openas2/util/HTTPUtil.java +++ b/Server/src/main/java/org/openas2/util/HTTPUtil.java @@ -31,9 +31,8 @@ import org.apache.http.protocol.HTTP; import org.apache.http.ssl.SSLContexts; import org.openas2.OpenAS2Exception; -import org.openas2.WrappedException; import org.openas2.message.Message; -import org.openas2.processor.receiver.AS2ReceiverHandler; +import org.openas2.processor.sender.HttpSenderModule; import jakarta.mail.Header; import jakarta.mail.MessagingException; @@ -75,9 +74,9 @@ public class HTTPUtil { public static final String SSL_KEYSTORE_PATH_ENV = "SSL_KEYSTORE_PATH"; public static final String SSL_KEYSTORE_PASSWORD_ENV = "SSL_KEYSTORE_PASSWORD"; private static Set cachedFingerprints = ConcurrentHashMap.newKeySet(); - private static KeyStore cachedCustomKeyStore = null; + private static KeyStore cachedJavaKeyStore = null; - private static final Logger LOG = LoggerFactory.getLogger(AS2ReceiverHandler.class); + private static final Logger LOG = LoggerFactory.getLogger(HTTPUtil.class); public abstract static class Method { public static final String GET = "GET"; @@ -323,7 +322,15 @@ public static String[] readRequest(InputStream in) throws IOException { * @return ResponseWrapper * @throws Exception */ - public static ResponseWrapper execRequest(String method, String url, InternetHeaders headers, NameValuePair[] params, InputStream inputStream, Map options, long noChunkMaxSize, boolean preventChunking) throws Exception { + public static ResponseWrapper execRequest( + String method, + String url, + InternetHeaders headers, + NameValuePair[] params, + InputStream inputStream, + Map options, + long noChunkMaxSize, + boolean preventChunking) throws Exception { HttpClientBuilder httpBuilder = HttpClientBuilder.create(); //org.apache.http.protocol.RequestContent @@ -338,7 +345,13 @@ public static ResponseWrapper execRequest(String method, String url, InternetHea * The custom SSLSocketFactory needs to be registered together with the connection manager. */ SSLConnectionSocketFactory sslCsf = buildSslFactory(urlObj, options); - httpBuilder.setConnectionManager(new BasicHttpClientConnectionManager(RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslCsf).build())); + httpBuilder.setConnectionManager( + new BasicHttpClientConnectionManager( + RegistryBuilder.create() + .register("http", PlainConnectionSocketFactory.getSocketFactory()) + .register("https", sslCsf).build() + ) + ); } else { httpBuilder.setConnectionManager(new BasicHttpClientConnectionManager()); } @@ -355,9 +368,9 @@ public static ResponseWrapper execRequest(String method, String url, InternetHea setProxyConfig(httpBuilder, rcBuilder, urlObj.getProtocol()); rb.setConfig(rcBuilder.build()); - String httpUser = options.get(HTTPUtil.PARAM_HTTP_USER); - String httpPwd = options.get(HTTPUtil.PARAM_HTTP_PWD); + String httpUser = (String) options.get(HTTPUtil.PARAM_HTTP_USER); if (httpUser != null) { + String httpPwd = (String) options.get(HTTPUtil.PARAM_HTTP_PWD); CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(httpUser, httpPwd)); httpBuilder.setDefaultCredentialsProvider(credentialsProvider); @@ -408,48 +421,43 @@ public static ResponseWrapper execRequest(String method, String url, InternetHea } } - private static SSLConnectionSocketFactory buildSslFactory(URL urlObj, Map options) throws Exception { - - boolean isCustomSelfSignedHandling = isCustomSelfSignedHandling(); - boolean overrideSslChecks = "true".equalsIgnoreCase(options.get(HTTPUtil.HTTP_PROP_OVERRIDE_SSL_CHECKS)); - SSLContext sslcontext; + private static SSLConnectionSocketFactory buildSslFactory(URL urlObj, Map options) throws Exception { + // Support various ways of doing the connection trusting + // There is a custom keystore to verify self signed certs against + boolean isExtendedSelfsignedTrustCheck = options.containsKey(HttpSenderModule.PARAM_CUSTOM_SSL_TRUST_STORE); + // this is only currently used by the Health check module + boolean overrideSslChecks = "true".equalsIgnoreCase((String) options.get(HTTPUtil.HTTP_PROP_OVERRIDE_SSL_CHECKS)); + // The original method where hostnames to be trusted can be passed in a system property String selfSignedCN = System.getProperty("org.openas2.cert.TrustSelfSignedCN"); + boolean isTrustSelfSignedCNHandling = (selfSignedCN != null && selfSignedCN.contains(urlObj.getHost()))?true:false; - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - X509TrustManager defaultTrustManager = null; + LOG.warn("SSL factory building using:\n\tisExtendedSelfsignedTrustCheck: {}\n\toverrideSslChecks: {}\n\tisTrustSelfSignedCNHandling: {}", isExtendedSelfsignedTrustCheck, overrideSslChecks, isTrustSelfSignedCNHandling); + // Find a keystore to verify the self signed certs against if required + // Even if TrustSelfSignedCN is passed, use the custom keystore if it is defined + KeyStore selfsignedCertsKeystore = null; + if (isExtendedSelfsignedTrustCheck) { + selfsignedCertsKeystore = (KeyStore) options.get(HttpSenderModule.PARAM_CUSTOM_SSL_TRUST_STORE); + } else if (isTrustSelfSignedCNHandling) { + selfsignedCertsKeystore = getTrustedCertsKeystore(); + } - if ((selfSignedCN != null && selfSignedCN.contains(urlObj.getHost())) || overrideSslChecks) { + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + SSLContext sslcontext; - File file = getTrustedCertsKeystore(); - KeyStore ks = null; - try (InputStream in = new FileInputStream(file)) { - ks = KeyStore.getInstance(KeyStore.getDefaultType()); - ks.load(in, "changeit".toCharArray()); - tmf.init(ks); - } + if (selfsignedCertsKeystore != null) { try { // Trust own CA and all self-signed certs - sslcontext = SSLContexts.custom().loadTrustMaterial(ks, new TrustSelfSignedStrategy()).build(); - defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; - // Allow TLSv1 protocol only by default + sslcontext = SSLContexts.custom().loadTrustMaterial(selfsignedCertsKeystore, new TrustSelfSignedStrategy()).build(); + LOG.debug("SSL context built using self signed trust store..."); } catch (Exception e) { - throw new OpenAS2Exception("Self-signed certificate URL connection failed connecting to : " + urlObj.toString(), e); + throw new OpenAS2Exception("Attempted connection using self-signed manager failed connecting to : " + urlObj.toString(), e); } - } else if(isCustomSelfSignedHandling) { - - KeyStore ks = getCustomKeyStore(); - sslcontext = SSLContexts.custom().loadTrustMaterial(ks, new TrustSelfSignedStrategy()).build(); - tmf.init(ks); - defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; } else { sslcontext = SSLContexts.createSystemDefault(); - tmf.init((KeyStore) null); - defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; } - // String [] protocols = Properties.getProperty(HTTP_PROP_SSL_PROTOCOLS, - // "TLSv1").split("\\s*,\\s*"); - HostnameVerifier hnv = SSLConnectionSocketFactory.getDefaultHostnameVerifier(); - SelfSignedTrustManager tm = new SelfSignedTrustManager(defaultTrustManager); + // For normal SSL operation a null KeyStore passed in defaults to the Java trust store + tmf.init(selfsignedCertsKeystore); + HostnameVerifier hnv = null; if (overrideSslChecks) { hnv = new HostnameVerifier() { @@ -458,27 +466,40 @@ public boolean verify(String hostname, SSLSession session) { return true; } }; - } else if(isCustomSelfSignedHandling) { - hnv = new HostnameVerifier() { - @Override - public boolean verify(String hostname, SSLSession session) { - try { - // Check if the certificate's fingerprint is cached or if it exists in the custom keystore - X509Certificate[] certs = (X509Certificate[]) session.getPeerCertificates(); - String fingerprint = tm.getCertificateFingerprint(certs[0]); - - if (cachedFingerprints.contains(fingerprint) || tm.isCertificateInCustomKeystore(certs[0], fingerprint)) { - LOG.info("Hostname verification skipped for trusted certificate: " + certs[0].getSubjectX500Principal().getName()); - return true; + } else if(selfsignedCertsKeystore != null) { + SelfSignedTrustManager tm = new SelfSignedTrustManager((X509TrustManager) tmf.getTrustManagers()[0]); + if (isTrustSelfSignedCNHandling) { + tm.setTrustCN(selfSignedCN); + } + tm.setCustomSelfSignedHandling(isExtendedSelfsignedTrustCheck); + tm.setCustomTrustKeyStore(selfsignedCertsKeystore); + if(isExtendedSelfsignedTrustCheck) { + hnv = new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + try { + // Check if the certificate's fingerprint is cached or if it exists in the custom keystore + X509Certificate[] certs = (X509Certificate[]) session.getPeerCertificates(); + String fingerprint = tm.getCertificateFingerprint(certs[0]); + + if (cachedFingerprints.contains(fingerprint) || tm.isCertificateInCustomKeystore(certs[0], fingerprint)) { + LOG.info("Hostname verification skipped for trusted certificate: " + certs[0].getSubjectX500Principal().getName()); + return true; + } + } catch (Exception e) { + LOG.error("Hostname verification failed: " + e.getMessage(), e); } - } catch (Exception e) { - LOG.error("Hostname verification failed: " + e.getMessage(), e); + + // fallback to default hostname verifier + return SSLConnectionSocketFactory.getDefaultHostnameVerifier().verify(hostname, session); } - - // fallback to default hostname verifier - return SSLConnectionSocketFactory.getDefaultHostnameVerifier().verify(hostname, session); - } - }; + }; + } + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory + .getDefaultAlgorithm()); + kmf.init(selfsignedCertsKeystore, null); + // Now add the custom trust manager to the SSL context + sslcontext.init(kmf.getKeyManagers(), new TrustManager[]{tm}, null); } SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, null, null, hnv); return sslsf; @@ -522,10 +543,10 @@ private static RequestBuilder getRequestBuilder(String method, URL urlObj, NameV return req; } - private static RequestConfig.Builder buildRequestConfig(Map options) { + private static RequestConfig.Builder buildRequestConfig(Map options) { - String connectTimeOutStr = options.get(PARAM_CONNECT_TIMEOUT); - String socketTimeOutStr = options.get(PARAM_SOCKET_TIMEOUT); + String connectTimeOutStr = (String) options.get(PARAM_CONNECT_TIMEOUT); + String socketTimeOutStr = (String) options.get(PARAM_SOCKET_TIMEOUT); RequestConfig.Builder rcBuilder = RequestConfig.custom(); if (connectTimeOutStr != null) { rcBuilder.setConnectTimeout(Integer.parseInt(connectTimeOutStr)); @@ -621,7 +642,11 @@ public static String printHeaders(Enumeration
hdrs, String nameValueSepa } - public static File getTrustedCertsKeystore() throws OpenAS2Exception { + public static KeyStore getTrustedCertsKeystore() throws OpenAS2Exception { + if (cachedJavaKeyStore != null) { + return cachedJavaKeyStore; + } + File file = new File("jssecacerts"); if (!file.isFile()) { char SEP = File.separatorChar; @@ -638,7 +663,13 @@ public static File getTrustedCertsKeystore() throws OpenAS2Exception { file = new File(dir, "cacerts"); } } - return file; + try (InputStream in = new FileInputStream(file)) { + cachedJavaKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + cachedJavaKeyStore.load(in, "changeit".toCharArray()); + } catch (Exception e) { + throw new OpenAS2Exception("failed to load Java keystore file: " + file.getAbsolutePath(), e); + } + return cachedJavaKeyStore; } public static String getParamsString(Map params) throws UnsupportedEncodingException { @@ -669,92 +700,6 @@ public static boolean isLocalhostBound(InetAddress addr) { } } - /** - * @param url - * @param output - * @param input - * @param useCaches - * @param requestMethod - * @return - * @throws OpenAS2Exception - * @deprecated Use post method to send messages - */ - public static HttpURLConnection getConnection(String url, boolean output, boolean input, boolean useCaches, String requestMethod) throws OpenAS2Exception { - if (url == null) { - throw new OpenAS2Exception("HTTP getConnection method received empty URL string."); - } - try { - initializeProxyAuthenticator(); - HttpURLConnection conn; - URL urlObj = new URL(url); - if (urlObj.getProtocol().equalsIgnoreCase("https")) { - HttpsURLConnection connS = (HttpsURLConnection) urlObj.openConnection(getProxy("https")); - String selfSignedCN = System.getProperty("org.openas2.cert.TrustSelfSignedCN"); - if (selfSignedCN != null) { - File file = new File("jssecacerts"); - if (file.isFile() == false) { - char SEP = File.separatorChar; - File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security"); - /* Check if this is a JDK home */ - if (!dir.isDirectory()) { - dir = new File(System.getProperty("java.home") + SEP + "jre" + SEP + "lib" + SEP + "security"); - } - if (!dir.isDirectory()) { - throw new OpenAS2Exception("The JSSE folder could not be identified. Please check that JSSE is installed."); - } - file = new File(dir, "jssecacerts"); - if (file.isFile() == false) { - file = new File(dir, "cacerts"); - } - } - InputStream in = new FileInputStream(file); - try { - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - ks.load(in, "changeit".toCharArray()); - in.close(); - SSLContext context = SSLContext.getInstance("TLS"); - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ks); - X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; - SelfSignedTrustManager tm = new SelfSignedTrustManager(defaultTrustManager); - tm.setTrustCN(selfSignedCN); - context.init(null, new TrustManager[]{tm}, null); - connS.setSSLSocketFactory(context.getSocketFactory()); - } catch (Exception e) { - throw new OpenAS2Exception("Self-signed certificate URL connection failed connecting to : " + url, e); - } - } else if(isCustomSelfSignedHandling()) { - try { - KeyStore ks = getCustomKeyStore(); - SSLContext context = SSLContext.getInstance("TLS"); - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ks); - X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; - SelfSignedTrustManager tm = new SelfSignedTrustManager(defaultTrustManager); - tm.setTrustCN(selfSignedCN); - context.init(null, new TrustManager[]{tm}, null); - connS.setSSLSocketFactory(context.getSocketFactory()); - - } catch (Exception e) { - throw new OpenAS2Exception("Self-signed certificate URL connection failed connecting to : " + url, e); - } - - } - conn = connS; - } else { - conn = (HttpURLConnection) urlObj.openConnection(getProxy("http")); - } - conn.setDoOutput(output); - conn.setDoInput(input); - conn.setUseCaches(useCaches); - conn.setRequestMethod(requestMethod); - - return conn; - } catch (IOException ioe) { - throw new WrappedException("URL connection failed connecting to: " + url, ioe); - } - } - private static void setProxyConfig(HttpClientBuilder builder, RequestConfig.Builder rcBuilder, String protocol) throws OpenAS2Exception { String proxyHost = Properties.getProperty(protocol + ".proxyHost", null); if (proxyHost == null) { @@ -790,50 +735,6 @@ private static void setProxyConfig(HttpClientBuilder builder, RequestConfig.Buil builder.setRoutePlanner(routePlanner); } - /** - * @param protocol - * @return - * @throws OpenAS2Exception - * @deprecated - use post method to send messages - */ - private static Proxy getProxy(String protocol) throws OpenAS2Exception { - String proxyHost = Properties.getProperty(protocol + ".proxyHost", null); - if (proxyHost == null) { - proxyHost = System.getProperty(protocol + ".proxyHost"); - } - if (proxyHost == null) { - return Proxy.NO_PROXY; - } - String proxyPort = Properties.getProperty(protocol + ".proxyPort", null); - if (proxyPort == null) { - proxyPort = System.getProperty(protocol + ".proxyPort"); - } - if (proxyPort == null) { - throw new OpenAS2Exception("Missing PROXY port since Proxy host is set"); - } - int port = Integer.parseInt(proxyPort); - return new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, port)); - - } - - /** - * @deprecated - use post method to send messages - */ - private static void initializeProxyAuthenticator() { - String proxyUser1 = Properties.getProperty("http.proxyUser", null); - final String proxyUser = proxyUser1 == null ? System.getProperty("http.proxyUser") : proxyUser1; - String proxyPwd1 = Properties.getProperty("http.proxyPassword", null); - final String proxyPassword = proxyPwd1 == null ? System.getProperty("http.proxyPassword") : proxyPwd1; - - if (proxyUser != null && proxyPassword != null) { - Authenticator.setDefault(new Authenticator() { - public PasswordAuthentication getPasswordAuthentication() { - return new PasswordAuthentication(proxyUser, proxyPassword.toCharArray()); - } - }); - } - } - // Copy headers from an Http connection to an InternetHeaders object public static void copyHttpHeaders(HttpURLConnection conn, InternetHeaders headers) { Iterator>> connHeadersIt = conn.getHeaderFields().entrySet().iterator(); @@ -873,41 +774,16 @@ public static void copyHttpHeaders(HttpURLConnection conn, InternetHeaders heade } } - private static boolean isCustomSelfSignedHandling() { - return System.getenv(SSL_KEYSTORE_PATH_ENV) != null && System.getenv(SSL_KEYSTORE_PASSWORD_ENV) != null; - } - - public static KeyStore getCustomKeyStore() throws OpenAS2Exception { - - if (cachedCustomKeyStore != null) { - return cachedCustomKeyStore; - } - - String keystorePath = System.getenv(SSL_KEYSTORE_PATH_ENV); - String keystorePassword = System.getenv(SSL_KEYSTORE_PASSWORD_ENV); - - LOG.info("Using environment variable for trust store path: " + keystorePath); - - if (keystorePath == null) { - throw new OpenAS2Exception("No trust store path set in environment variables"); - } - - try (InputStream in = new FileInputStream(keystorePath)) { - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - ks.load(in, keystorePassword.toCharArray()); - LOG.info("Trust store loaded successfully from: " + keystorePath); - - cachedCustomKeyStore = ks; - return ks; - } catch (Exception e) { - throw new OpenAS2Exception("Failed to load trust store from path: " + keystorePath, e); - } - } - private static class SelfSignedTrustManager implements X509TrustManager { private final X509TrustManager tm; private String[] trustCN = null; + private KeyStore customTrustKeyStore = null; + private boolean isExtendedSelfsignedTrustCheck = false; + + public void setCustomSelfSignedHandling(boolean isExtendedSelfsignedTrustCheck) { + this.isExtendedSelfsignedTrustCheck = isExtendedSelfsignedTrustCheck; + } SelfSignedTrustManager(X509TrustManager tm) { this.tm = tm; @@ -925,7 +801,7 @@ public void checkServerTrusted(X509Certificate[] chain, String authType) throws if (chain.length == 1) { // check if certificate is in the truststore or is cached - IF SSL_KEYSTORE_PATH && SSL_KEYSTORE PASSWORD ARE SET - if(isCustomSelfSignedHandling()) { + if(this.isExtendedSelfsignedTrustCheck) { String fingerprint = getCertificateFingerprint(chain[0]); @@ -936,20 +812,20 @@ public void checkServerTrusted(X509Certificate[] chain, String authType) throws } // Proceed with custom keystore handling if not cached - if (isCustomSelfSignedHandling() && isCertificateInCustomKeystore(chain[0], fingerprint)) { + if (isCertificateInCustomKeystore(chain[0], fingerprint)) { LOG.info("Custom self-signed certificate validation passed for " + chain[0].getSubjectX500Principal().getName()); return; } } else { - // Only ignore the check for self signed certs where CN (Canonical Name) matches - DEFAULT BEHAVIOUR - String dn = chain[0].getIssuerX500Principal().getName(); - for (int i = 0; i < trustCN.length; i++) { - if (dn.contains("CN=" + trustCN[i])) { - return; + // Only ignore the check for self signed certs where CN (Canonical Name) matches - DEFAULT BEHAVIOUR + String dn = chain[0].getIssuerX500Principal().getName(); + for (int i = 0; i < trustCN.length; i++) { + if (dn.contains("CN=" + trustCN[i])) { + return; + } } } } - } tm.checkServerTrusted(chain, authType); } @@ -969,8 +845,7 @@ private String getCertificateFingerprint(X509Certificate cert) throws Certificat private boolean isCertificateInCustomKeystore(X509Certificate cert, String fingerprint) { try { - KeyStore keyStore = getCustomKeyStore(); - String alias = keyStore.getCertificateAlias(cert); + String alias = this.customTrustKeyStore.getCertificateAlias(cert); if (alias != null) { cachedFingerprints.add(fingerprint); // Cache the fingerprint return true; @@ -985,5 +860,8 @@ public void setTrustCN(String trustCN) { this.trustCN = trustCN.split(","); } + public void setCustomTrustKeyStore(KeyStore trustKeyStore) { + this.customTrustKeyStore = trustKeyStore; + } } } diff --git a/Server/src/main/java/org/openas2/util/XMLUtil.java b/Server/src/main/java/org/openas2/util/XMLUtil.java index 698a734c..57c136da 100644 --- a/Server/src/main/java/org/openas2/util/XMLUtil.java +++ b/Server/src/main/java/org/openas2/util/XMLUtil.java @@ -4,6 +4,8 @@ import org.openas2.OpenAS2Exception; import org.openas2.Session; import org.openas2.WrappedException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.w3c.dom.Document; import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; @@ -32,6 +34,8 @@ public class XMLUtil { + private static final Logger LOG = LoggerFactory.getLogger(XMLUtil.class); + public static Document parseXML(InputStream in, XMLFilterImpl handler) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); SAXParser parser = factory.newSAXParser(); @@ -47,28 +51,27 @@ public static Document parseXML(InputStream in, XMLFilterImpl handler) throws Ex } public static Component getComponent(Node node, Session session) throws OpenAS2Exception { - Node classNameNode = node.getAttributes().getNamedItem("classname"); + Map parameters = XMLUtil.mapAttributes(node); + AS2Util.attributeEnhancer(parameters); + String enabledNodeVal = parameters.getOrDefault("enabled", "true"); + if (!"true".equalsIgnoreCase(enabledNodeVal)) { + LOG.info("Component node ignored as it is not enabled: {}", parameters); + return null; + } + Node classNameNode = node.getAttributes().getNamedItem("classname"); if (classNameNode == null) { throw new OpenAS2Exception("Missing classname"); } - String className = classNameNode.getNodeValue(); - try { Class objClass = Class.forName(className); if (!Component.class.isAssignableFrom(objClass)) { throw new OpenAS2Exception("Class " + className + " must implement " + Component.class.getName()); } - Component obj = (Component) objClass.getDeclaredConstructor().newInstance(); - - Map parameters = XMLUtil.mapAttributes(node); - AS2Util.attributeEnhancer(parameters); - obj.init(session, parameters); - return obj; } catch (Exception e) { throw new WrappedException("Error creating component: " + className, e); diff --git a/Server/src/test/java/org/openas2/app/BaserServerSetup.java b/Server/src/test/java/org/openas2/app/BaseServerSetup.java similarity index 51% rename from Server/src/test/java/org/openas2/app/BaserServerSetup.java rename to Server/src/test/java/org/openas2/app/BaseServerSetup.java index 7264f2e4..8a57fc48 100644 --- a/Server/src/test/java/org/openas2/app/BaserServerSetup.java +++ b/Server/src/test/java/org/openas2/app/BaseServerSetup.java @@ -1,27 +1,31 @@ package org.openas2.app; import java.io.File; +import java.nio.charset.Charset; import java.nio.file.Files; +import org.apache.commons.io.FileUtils; import org.apache.commons.lang3.exception.ExceptionUtils; import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.io.TempDir; import org.openas2.TestResource; import org.openas2.XMLSession; import org.openas2.message.AS2Message; +import org.openas2.message.FileAttribute; import org.openas2.message.Message; import org.openas2.partner.Partnership; +import org.openas2.processor.receiver.api.AS2FileReceiverModule; import org.openas2.util.Properties; -public class BaserServerSetup { +public class BaseServerSetup { private static final TestResource RESOURCE = TestResource.forGroup("SingleServerTest"); static String myCompanyOid = "MyCompany_OID"; static String myPartnerOid = "PartnerA_OID"; + private boolean startActiveModules = false; - // private static File openAS2AHome; protected static XMLSession session; - protected static Message msg; + protected static Message simpleTestMsg; @TempDir public static File tmpDir; @@ -32,6 +36,31 @@ public void refresh() throws Exception { setup(); } + public AS2Message getSimpleTestMsg() throws Exception { + AS2Message msg = new AS2Message(); + Partnership myPartnership = msg.getPartnership(); + myPartnership.setSenderID(Partnership.PID_AS2, myCompanyOid); + myPartnership.setReceiverID(Partnership.PID_AS2, myPartnerOid); + myPartnership.setSenderID(Partnership.PID_AS2, myCompanyOid); + session.getPartnershipFactory().updatePartnership(msg, true); + return msg; + } + + public void addSendPayloadStuffToMsg(String fileName, Message msg) throws Exception { + AS2FileReceiverModule frm = new AS2FileReceiverModule(); + msg.setAttribute(FileAttribute.MA_FILENAME, fileName); + msg.setHeader("AS2-To", msg.getPartnership().getReceiverID(Partnership.PID_AS2)); + msg.setHeader("AS2-From", msg.getPartnership().getSenderID(Partnership.PID_AS2)); + msg.updateMessageID(); + File testFile = new File(tmpDir, fileName); + FileUtils.writeStringToFile(testFile, "Show me the money!", Charset.forName("UTF-8")); + frm.buildMessageData(msg, testFile, null); + } + + public void setStartActiveModules(boolean startActiveModules) { + this.startActiveModules = startActiveModules; + } + public void createFileSystemResources() throws Exception { tmpDir = Files.createTempDirectory("testResources").toFile(); openAS2PropertiesFile = new File(tmpDir, "test.openas2.properties"); @@ -39,17 +68,15 @@ public void createFileSystemResources() throws Exception { public void setup() throws Exception { try { - System.setProperty("OPENAS2_LOG_LEVEL", "trace"); + //System.setProperty("OPENAS2_LOG_LEVEL", "trace"); if (openAS2PropertiesFile.exists()) { System.setProperty(Properties.OPENAS2_PROPERTIES_FILE_PROP, openAS2PropertiesFile.getAbsolutePath()); } session = new XMLSession(RESOURCE.get("MyCompany", "config", "config.xml").getAbsolutePath()); - msg = new AS2Message(); - Partnership myPartnership = msg.getPartnership(); - myPartnership.setSenderID(Partnership.PID_AS2, myCompanyOid); - myPartnership.setReceiverID(Partnership.PID_AS2, myPartnerOid); - myPartnership.setSenderID(Partnership.PID_AS2, myCompanyOid); - session.getPartnershipFactory().updatePartnership(msg, true); + simpleTestMsg = getSimpleTestMsg(); + if (startActiveModules) { + session.start(); + } } catch (Throwable e) { // aid for debugging JUnit tests System.err.println("ERROR occurred: " + ExceptionUtils.getStackTrace(e)); diff --git a/Server/src/test/java/org/openas2/app/CertificatesTest.java b/Server/src/test/java/org/openas2/app/CertificatesTest.java new file mode 100644 index 00000000..04cd8f80 --- /dev/null +++ b/Server/src/test/java/org/openas2/app/CertificatesTest.java @@ -0,0 +1,167 @@ +package org.openas2.app; + +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.security.KeyStore; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.SSLHandshakeException; + +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.MethodOrderer; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; +import org.junit.jupiter.api.TestMethodOrder; +import org.mockito.Mockito; +import org.junit.jupiter.api.TestInstance.Lifecycle; +import org.openas2.util.AS2Util; +import org.openas2.util.HTTPUtil; +import org.openas2.util.Properties; +import org.openas2.util.ResponseWrapper; + +import jakarta.mail.internet.InternetHeaders; +import jakarta.mail.internet.MimeBodyPart; + +import org.openas2.cert.X509CertificateFactory; +import org.openas2.message.Message; +import org.openas2.message.NetAttribute; +import org.openas2.processor.sender.AS2SenderModule; +import org.openas2.processor.sender.HttpSenderModule; + +@TestInstance(Lifecycle.PER_CLASS) +@TestMethodOrder(MethodOrderer.MethodName.class) +public class CertificatesTest extends BaseServerSetup { + private static char[] password = "testas2".toCharArray(); + private X509CertificateFactory certFx = null; + private String alias = null; + private static final String receiverPort = "10443"; + private static final String url = "https://localhost:" + receiverPort + "/"; + private File customPropsFile = null; + private File sslCertsFile = null; // The private key and certificate for the HTTPS + private String sslTrustCertsFilePath = null; // The public key for the SSL private key + private X509CertificateFactory trustFx = null; // The trust certificates + protected static Message testMsg; // Created just once for all tests to minimise runtime + private InternetHeaders ih = null; + Map httpOptions = null; + InputStream securedDataInputStream = null; + + + public X509CertificateFactory genSelfSignedCert( + String alias, + String keystorePath, + String keyAlg, + String hashAlg, + int keySize, + String certHostName) throws Exception { + X509CertificateFactory certFx = new X509CertificateFactory(); + // Create and initialise the KeyStore object + KeyStore ks = AS2Util.getCryptoHelper().getKeyStore(); + ks.load(null, null); + // Now make it available to factory + certFx.setKeyStore(ks); + certFx.setFilename(keystorePath); + certFx.setPassword(password); + String dn = "CN=" + certHostName + ",O=OpenAS2 Foundation,L=London,C=UK"; + int validDays = 365; + certFx.genSelfSignedCertificate(alias, dn, hashAlg, keyAlg, keySize, validDays); + certFx.save(); + return certFx; + } + + @BeforeAll + public void setUp() throws Exception { + super.createFileSystemResources(); + String tmpDirAbsolutePath = tmpDir.getAbsolutePath(); + sslCertsFile = Files.createFile(Paths.get(tmpDirAbsolutePath, "ssl_certs.p12")).toFile(); + String tgtHostName = "test.openas2.org"; + this.alias = tgtHostName; + // Create the SSL file for the server to use + // Switch to forward slash to avoid backslash being dropped when creating property string when on Windows + String sslCertsFilePath = sslCertsFile.getAbsolutePath().replace("\\", "/"); + this.certFx = genSelfSignedCert(alias, sslCertsFilePath, "RSA", "SHA256", 2048, tgtHostName); + // Create the trust store with the public key so the certificate returned from the server is trusted + File sslTrustCertsFile = Files.createFile(Paths.get(tmpDirAbsolutePath, "ssl_trust_certs.p12")).toFile(); + // Switch to forward slash to avoid backslash being dropped when creating property string when on Windows + sslTrustCertsFilePath = sslTrustCertsFile.getAbsolutePath().replace("\\", "/"); + String trustAlias = "trust-" + tgtHostName; + this.certFx.exportPublicKey(sslTrustCertsFilePath, this.alias, trustAlias, password); + this.trustFx = new X509CertificateFactory(); + this.trustFx.setFilename(sslTrustCertsFilePath); + this.trustFx.setPassword(password); + this.trustFx.setKeyStore(AS2Util.getCryptoHelper().getKeyStore()); + this.trustFx.load(); + + customPropsFile = Files.createFile(Paths.get(tmpDirAbsolutePath, "openas2.properties")).toFile(); + System.setProperty(Properties.OPENAS2_PROPERTIES_FILE_PROP, customPropsFile.getAbsolutePath()); + FileOutputStream fos = new FileOutputStream(customPropsFile); + // Switch to forward slash to avoid backslash being dropped when creating property string when on Windows + fos.write(("ssl_keystore=" + sslCertsFilePath + "\n").getBytes()); + fos.write(("ssl_keystore_password=" + new String(password) + "\n").getBytes()); + //fos.write(("ssl_trust_keystore=" + sslTrustCertsFile.getAbsolutePath() + "\n").getBytes()); + fos.write(("module.AS2ReceiverModule.http.enabled=false\n").getBytes()); + fos.write(("module.AS2ReceiverModule.https.enabled=true\n").getBytes()); + fos.write(("module.AS2ReceiverModule.https.port=" + receiverPort + "\n").getBytes()); + fos.write(("module.HealthCheckModule.enabled=false\n").getBytes()); + fos.write(("module.HealthCheckModule.protocol=https\n").getBytes()); + fos.write(("module.DbTrackingModule.enabled=false\n").getBytes()); + fos.close(); + super.setStartActiveModules(true); + super.setup(); + testMsg = getSimpleTestMsg(); + addSendPayloadStuffToMsg("fake.txt", testMsg); + AS2SenderModule sm = new AS2SenderModule(); + AS2SenderModule smSpy = Mockito.spy(sm); + Mockito.doReturn(session).when(smSpy).getSession(); + MimeBodyPart securedData = smSpy.secure(testMsg); + securedDataInputStream = securedData.getInputStream(); + ih = sm.getHttpHeaders(testMsg, securedData); + testMsg.setAttribute(NetAttribute.MA_DESTINATION_IP, "localhost"); + testMsg.setAttribute(NetAttribute.MA_DESTINATION_PORT, receiverPort); + //Map httpOptions = new HashMap(); + httpOptions = smSpy.getHttpOptions(); + httpOptions.put(HttpSenderModule.PARAM_CUSTOM_SSL_TRUST_STORE, trustFx.getKeyStore()); + } + + @AfterAll + public void tearDown() throws Exception { + super.tearDown(); + } + + @Test + public void a1_shouldFailSSLConnect() throws Exception { + // No access to the trust keystore means it should fail + Map httpOptions = new HashMap(); + assertThrows( + SSLHandshakeException.class, + ()->{ + HTTPUtil.execRequest(HTTPUtil.Method.POST, url, null, null, null, httpOptions, -1, false); + } + ); + } + + @Test + public void a2_shouldConnect() throws Exception { + FileOutputStream fos = new FileOutputStream(customPropsFile, true); + fos.write(("ssl_trust_keystore.enabled=true\n").getBytes()); + fos.write(("ssl_trust_keystore=" + sslTrustCertsFilePath + "\n").getBytes()); + fos.write(("ssl_trust_keystore_password=" + new String(password) + "\n").getBytes()); + fos.close(); + super.refresh(); + + ResponseWrapper resp = null; + try { + resp = HTTPUtil.execRequest(HTTPUtil.Method.POST, url, ih, null, securedDataInputStream, httpOptions, -1, false); + } catch (Exception e) { + e.printStackTrace(); + } + assertTrue(200 == resp.getStatusCode(), "Check default is mapping off."); + } +} \ No newline at end of file diff --git a/Server/src/test/java/org/openas2/app/FilenameParsingTest.java b/Server/src/test/java/org/openas2/app/FilenameParsingTest.java index 3f629301..aee29b03 100644 --- a/Server/src/test/java/org/openas2/app/FilenameParsingTest.java +++ b/Server/src/test/java/org/openas2/app/FilenameParsingTest.java @@ -17,7 +17,7 @@ @ExtendWith(MockitoExtension.class) @TestInstance(Lifecycle.PER_CLASS) -public class FilenameParsingTest extends BaserServerSetup { +public class FilenameParsingTest extends BaseServerSetup { private static String testFileNamePart1 = "abc"; private static String testFileNamePart2 = "123"; private static String testFileName = testFileNamePart1 + "-" + testFileNamePart2 + ".txt"; @@ -34,13 +34,13 @@ public void setup() throws Exception { super.createFileSystemResources(); super.setup(); try { - msg = new AS2Message(); - msg.setAttribute(FileAttribute.MA_FILENAME, testFileName); + simpleTestMsg = new AS2Message(); + simpleTestMsg.setAttribute(FileAttribute.MA_FILENAME, testFileName); PartnershipFactory pf = session.getPartnershipFactory(); - Partnership myPartnership = msg.getPartnership(); - myPartnership.setSenderID(Partnership.PID_AS2, BaserServerSetup.myCompanyOid); - myPartnership.setReceiverID(Partnership.PID_AS2, BaserServerSetup.myPartnerOid); - myPartnership.setSenderID(Partnership.PID_AS2, BaserServerSetup.myCompanyOid); + Partnership myPartnership = simpleTestMsg.getPartnership(); + myPartnership.setSenderID(Partnership.PID_AS2, BaseServerSetup.myCompanyOid); + myPartnership.setReceiverID(Partnership.PID_AS2, BaseServerSetup.myPartnerOid); + myPartnership.setSenderID(Partnership.PID_AS2, BaseServerSetup.myCompanyOid); Partnership configuredPartnership = pf.getPartnership(myPartnership, false); @@ -48,7 +48,7 @@ public void setup() throws Exception { configuredPartnership.setAttribute(Partnership.PAIB_NAMES_FROM_FILENAME, attribNamesFromFileName); configuredPartnership.setAttribute(Partnership.PA_SUBJECT, subjectAttrib); // update the message's partnership with any stored information - pf.updatePartnership(msg, true); + pf.updatePartnership(simpleTestMsg, true); } catch (Throwable e) { // aid for debugging JUnit tests @@ -64,9 +64,9 @@ public void tearDown() throws Exception { @Test public void shouldHaveAddedAttributes() throws Exception { - assertThat("Verify 1st attribute added from filename", msg.getAttribute(attribNamesFromFileName1), equalTo(testFileNamePart1)); - assertThat("Verify 2nd attribute added from filename", msg.getAttribute(attribNamesFromFileName2), equalTo(testFileNamePart2)); - assertThat("Verify message subject", msg.getSubject(), equalTo(expectedSubject)); + assertThat("Verify 1st attribute added from filename", simpleTestMsg.getAttribute(attribNamesFromFileName1), equalTo(testFileNamePart1)); + assertThat("Verify 2nd attribute added from filename", simpleTestMsg.getAttribute(attribNamesFromFileName2), equalTo(testFileNamePart2)); + assertThat("Verify message subject", simpleTestMsg.getSubject(), equalTo(expectedSubject)); } } diff --git a/Server/src/test/java/org/openas2/app/OpenAS2ServerTest.java b/Server/src/test/java/org/openas2/app/OpenAS2ServerTest.java index e0adb70b..133b00d5 100644 --- a/Server/src/test/java/org/openas2/app/OpenAS2ServerTest.java +++ b/Server/src/test/java/org/openas2/app/OpenAS2ServerTest.java @@ -143,8 +143,8 @@ public static void tearDown() throws Exception { } private TestMessage sendMessage(TestPartner fromPartner, TestPartner toPartner) throws IOException { - String outgoingMsgFileName = RandomStringUtils.randomAlphanumeric(10) + ".txt"; - String outgoingMsgBody = RandomStringUtils.randomAlphanumeric(1024); + String outgoingMsgFileName = RandomStringUtils.secure().nextAlphanumeric(10) + ".txt"; + String outgoingMsgBody = RandomStringUtils.secure().nextAlphanumeric(1024); File outgoingMsg = Files.createFile(Paths.get(tmp.toString(), outgoingMsgFileName)).toFile(); FileUtils.write(outgoingMsg, outgoingMsgBody, "UTF-8"); System.out.println("Copying a file to send to:" + fromPartner.getOutbox()); diff --git a/Server/src/test/java/org/openas2/app/RestApiTest.java b/Server/src/test/java/org/openas2/app/RestApiTest.java index 235fd2a0..56de6068 100644 --- a/Server/src/test/java/org/openas2/app/RestApiTest.java +++ b/Server/src/test/java/org/openas2/app/RestApiTest.java @@ -28,6 +28,7 @@ import org.openas2.TestResource; import org.openas2.TestUtils; import org.openas2.cmd.processor.restapi.AuthenticationRequestFilter; +import org.openas2.util.Properties; import java.io.File; import java.io.FileOutputStream; @@ -65,7 +66,7 @@ public static void start_A_Server() throws Exception { // to make sure the release package is fully tested scratchpad = Files.createTempDirectory("tempResources"); File customPropsFile = Files.createFile(Paths.get(scratchpad.toString(), "openas2.properties")).toFile(); - System.setProperty("openas2.properties.file", customPropsFile.getAbsolutePath()); + System.setProperty(Properties.OPENAS2_PROPERTIES_FILE_PROP, customPropsFile.getAbsolutePath()); FileOutputStream fos = new FileOutputStream(customPropsFile); fos.write("restapi.command.processor.enabled=true\n".getBytes()); fos.write(("restapi.command.processor.baseuri=" + restHostAddr + "\n").getBytes()); @@ -201,7 +202,7 @@ public void shouldRespondWith_G_AddPartnerShipStored() throws Exception { params.add(new BasicNameValuePair("1", TEST_PARTNER_NAME)); // the sender params.add(new BasicNameValuePair("2", "PartnerA")); // the receiver params.add(new BasicNameValuePair("as2_url", "http://my.as2host.io:10080")); - params.add(new BasicNameValuePair("pollerConfig.enabled", "true")); + params.add(new BasicNameValuePair("pollerConfig.enabled", "false")); String buffer = this.doPost("partnership/add", true, params); assertThat("Add partnership via API ", buffer.replaceAll("[\\n\\r]+", ":"), matchesPattern(".*\"type\"[ ]*:[ ]*\"OK\".*\"Stored partnerships\".*")); } diff --git a/Server/src/test/java/org/openas2/message/DynamicContentTypeTest.java b/Server/src/test/java/org/openas2/message/DynamicContentTypeTest.java index 513fac00..d27fc506 100644 --- a/Server/src/test/java/org/openas2/message/DynamicContentTypeTest.java +++ b/Server/src/test/java/org/openas2/message/DynamicContentTypeTest.java @@ -1,7 +1,7 @@ package org.openas2.message; import org.mockito.junit.jupiter.MockitoExtension; -import org.openas2.app.BaserServerSetup; +import org.openas2.app.BaseServerSetup; import org.openas2.partner.Partnership; import org.openas2.processor.receiver.DirectoryPollingModule; import org.openas2.util.Properties; @@ -29,7 +29,7 @@ @ExtendWith(MockitoExtension.class) @TestInstance(Lifecycle.PER_CLASS) @TestMethodOrder(MethodOrderer.MethodName.class) -public class DynamicContentTypeTest extends BaserServerSetup { +public class DynamicContentTypeTest extends BaseServerSetup { private DirectoryPollingModule poller; public static File systemContentTypesMappingFile; @@ -65,7 +65,7 @@ public void setUp() throws Exception { } writer2.close(); super.setup(); - this.poller = session.getPartnershipPoller(msg.getPartnership().getName()); + this.poller = session.getPartnershipPoller(simpleTestMsg.getPartnership().getName()); } @AfterAll @@ -76,7 +76,7 @@ public void tearDown() throws Exception { @Test public void a1_shouldHaveNoMappingEnabled() throws Exception { // The default is to not have dynamic mapping so check - Partnership myPartnership = msg.getPartnership(); + Partnership myPartnership = simpleTestMsg.getPartnership(); assertFalse(myPartnership.isUseDynamicContentTypeLookup(), "Check default is mapping off."); } @@ -84,7 +84,7 @@ public void a1_shouldHaveNoMappingEnabled() throws Exception { @Test public void a2_shouldFailNoMapping() throws Exception { // Make sure that there is an error if no mapping file defined but trying to use mapping - Partnership myPartnership = msg.getPartnership(); + Partnership myPartnership = simpleTestMsg.getPartnership(); assertThrows(Exception.class, () -> { myPartnership.setUseDynamicContentTypeLookup(true);}, "No config for Content-Type mapping should throw exception."); } @@ -93,26 +93,26 @@ public void a2_shouldFailNoMapping() throws Exception { public void b_shouldGetDefaultContentType() throws Exception { // Partnership not set for dynamic mapping so should return system poller default String testFilename = "random." + ediFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check default Content-Type returned when no mapping.", poller.getMessageContentType(msg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check default Content-Type returned when no mapping.", poller.getMessageContentType(simpleTestMsg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); } @Test public void c_shouldGetPartnershipMappedContentTypeWhenNoSystemMapping() throws Exception { // Set the partnership to have dynamic mapping file - msg.getPartnership().setAttribute(Partnership.PA_CONTENT_TYPE_MAPPING_FILE, partnershipContentTypesMappingFile.getAbsolutePath()); + simpleTestMsg.getPartnership().setAttribute(Partnership.PA_CONTENT_TYPE_MAPPING_FILE, partnershipContentTypesMappingFile.getAbsolutePath()); // Force load the partnership mapping - msg.getPartnership().setUseDynamicContentTypeLookup(true); + simpleTestMsg.getPartnership().setUseDynamicContentTypeLookup(true); // Now check that we get the system property when no override and override when set String testFilename = "random." + ediFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check system default Content-Type returned when not overridden.", poller.getMessageContentType(msg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check system default Content-Type returned when not overridden.", poller.getMessageContentType(simpleTestMsg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); testFilename = "random." + xmlFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check partnership mapped Content-Type returned when partnership mapping setup.", poller.getMessageContentType(msg).matches(partnershipMappedContentTypes.get(xmlFileExtension)), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check partnership mapped Content-Type returned when partnership mapping setup.", poller.getMessageContentType(simpleTestMsg).matches(partnershipMappedContentTypes.get(xmlFileExtension)), is(true)); testFilename = "random." + unmappedFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check system mapped default Content-Type returned when no system or partnership mapping defined.", poller.getMessageContentType(msg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check system mapped default Content-Type returned when no system or partnership mapping defined.", poller.getMessageContentType(simpleTestMsg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); } @Test @@ -125,16 +125,16 @@ public void d_shouldGetSystemMappedContentType() throws Exception { // Now reload the session to get new properties file that then loads system mapping super.refresh(); // Force the partnership to have dynamic mapping enabled - msg.getPartnership().setUseDynamicContentTypeLookup(true); + simpleTestMsg.getPartnership().setUseDynamicContentTypeLookup(true); String testFilename = "random." + ediFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check system mapped Content-Type returned when system mapping setup.", poller.getMessageContentType(msg).matches(systemMappedContentTypes.get(ediFileExtension)), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check system mapped Content-Type returned when system mapping setup.", poller.getMessageContentType(simpleTestMsg).matches(systemMappedContentTypes.get(ediFileExtension)), is(true)); testFilename = "random." + xmlFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check system mapped Content-Type returned when system mapping setup.", poller.getMessageContentType(msg).matches(systemMappedContentTypes.get(xmlFileExtension)), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check system mapped Content-Type returned when system mapping setup.", poller.getMessageContentType(simpleTestMsg).matches(systemMappedContentTypes.get(xmlFileExtension)), is(true)); testFilename = "random." + unmappedFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check system mapped Content-Type returned when system mapping setup.", poller.getMessageContentType(msg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check system mapped Content-Type returned when system mapping setup.", poller.getMessageContentType(simpleTestMsg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); } @Test @@ -146,18 +146,18 @@ public void e_shouldGetPartnershipOverrideMappedContentType() throws Exception { // Now reload the session to get new properties file that then loads system mapping super.refresh(); // Set the partnership to have dynamic mapping file - msg.getPartnership().setAttribute(Partnership.PA_CONTENT_TYPE_MAPPING_FILE, partnershipContentTypesMappingFile.getAbsolutePath()); + simpleTestMsg.getPartnership().setAttribute(Partnership.PA_CONTENT_TYPE_MAPPING_FILE, partnershipContentTypesMappingFile.getAbsolutePath()); // Force load the override - msg.getPartnership().setUseDynamicContentTypeLookup(true); + simpleTestMsg.getPartnership().setUseDynamicContentTypeLookup(true); // Now check that we get the system property when no override and override when set String testFilename = "random." + ediFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check system mapped Content-Type returned when not overridden.", poller.getMessageContentType(msg).matches(systemMappedContentTypes.get(ediFileExtension)), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check system mapped Content-Type returned when not overridden.", poller.getMessageContentType(simpleTestMsg).matches(systemMappedContentTypes.get(ediFileExtension)), is(true)); testFilename = "random." + xmlFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check partnership mapped Content-Type returned when partnership mapping setup.", poller.getMessageContentType(msg).matches(partnershipMappedContentTypes.get(xmlFileExtension)), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check partnership mapped Content-Type returned when partnership mapping setup.", poller.getMessageContentType(simpleTestMsg).matches(partnershipMappedContentTypes.get(xmlFileExtension)), is(true)); testFilename = "random." + unmappedFileExtension; - poller.addMessageMetadata(msg, testFilename); - assertThat("Check system mapped default Content-Type returned when no system or partnership mapping defined.", poller.getMessageContentType(msg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); + poller.addMessageMetadata(simpleTestMsg, testFilename); + assertThat("Check system mapped default Content-Type returned when no system or partnership mapping defined.", poller.getMessageContentType(simpleTestMsg).matches(Properties.getProperty("pollerConfigBase.mimetype", "FakeValue")), is(true)); } } diff --git a/Server/src/test/resources/OpenAS2ServerTest/OpenAS2A/config/config.xml b/Server/src/test/resources/OpenAS2ServerTest/OpenAS2A/config/config.xml index 50aae6c7..dae30c2d 100644 --- a/Server/src/test/resources/OpenAS2ServerTest/OpenAS2A/config/config.xml +++ b/Server/src/test/resources/OpenAS2ServerTest/OpenAS2A/config/config.xml @@ -1,7 +1,7 @@ - + diff --git a/Server/src/test/resources/SingleServerTest/MyCompany/config/config.xml b/Server/src/test/resources/SingleServerTest/MyCompany/config/config.xml index 31f584ac..902d870d 100644 --- a/Server/src/test/resources/SingleServerTest/MyCompany/config/config.xml +++ b/Server/src/test/resources/SingleServerTest/MyCompany/config/config.xml @@ -1,146 +1,194 @@ - + /> + identifier="as2_certs" + filename="$properties.as2_keystore$" + password="$properties.as2_keystore_password$" + interval="$properties.as2_keystore.refresh_interval$"/> + - + pendingMDNinfo="$properties.storageBaseDir$/pendinginfoMDN3" + resend_max_retries="$properties.processor.resend_max_retries$"> + readtimeout="$properties.module.AS2SenderModule.readtimeout$" /> + classname="org.openas2.processor.sender.MDNSenderModule"/> + - + --> + use_embedded_db="$properties.msg_tracking.use_embedded_db$" + force_load_jdbc_driver="$properties.msg_tracking.force_load_jdbc_driver$" + db_user="$properties.msg_tracking.db_user$" + db_pwd="$properties.msg_tracking.db_pwd$" + db_name="$properties.msg_tracking.db_name$" + table_name="$properties.msg_tracking.table_name$" + db_directory="$properties.msg_tracking.db_directory$" + jdbc_driver="$properties.msg_tracking.jdbc_driver$" + jdbc_connect_string="$properties.msg_tracking.jdbc_connect_string$" + sql_escape_character="$properties.msg_tracking.sql_escape_character$" + tcp_server_start="$properties.msg_tracking.tcp_server_start$" + tcp_server_port="$properties.msg_tracking.tcp_server_port$" + tcp_server_password="$properties.msg_tracking.tcp_server_password$"/> + tempdir="$properties.module.MDNFileModule.tempdir$"/> + tempdir="$properties.module.MessageFileModule.tempdir$"/> + port="$properties.async_mdn_receiver_port$"/> + ssl_keystore="$properties.ssl_keystore$" + ssl_keystore_password="$properties.ssl_keystore_password$"/> + resenddelay="$properties.module.DirectoryResenderModule.resenddelay$"/> + port="$properties.module.HealthCheckModule.port$"/> + mimetype="$properties.pollerConfigBase.mimetype$" + process_files_in_paralllel="$properties.pollerConfigBase.process_files_in_paralllel$" + max_parallel_files="$properties.pollerConfigBase.max_parallel_files$"/> + + diff --git a/changes.txt b/changes.txt index 45e5d40c..fe53f7d0 100644 --- a/changes.txt +++ b/changes.txt @@ -1,3 +1,13 @@ +Version 4.1.0 - 2024-12-04 + +This is an enhancement release. + **IMPORTANT NOTE**: Please review upgrade notes below if you are upgrading + +1. Support for Elliptic curve certificates. +2. Enhanced support for using SSL with self signed certificates +3. Support PKCS12 certificate keystore for SSL certificates. +4. Significantly updated the OpenAS2HowTo documentation. + Version 4.0.0 - 2024-10-15 This is an major change and enhancement release: **IMPORTANT NOTE**: Please review upgrade notes in the RELEASE-NOTES.md if you are upgrading diff --git a/docs/OpenAS2HowTo.odt b/docs/OpenAS2HowTo.odt index d156e955..38f398dc 100644 Binary files a/docs/OpenAS2HowTo.odt and b/docs/OpenAS2HowTo.odt differ diff --git a/docs/OpenAS2HowTo.pdf b/docs/OpenAS2HowTo.pdf index 346b124a..8a6d1e0d 100644 Binary files a/docs/OpenAS2HowTo.pdf and b/docs/OpenAS2HowTo.pdf differ diff --git a/pom.xml b/pom.xml index 65884262..695bb0eb 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ 4.0.0 net.sf.openas2 OpenAS2 - 4.0.0 + 4.1.0 OpenAS2 pom @@ -51,17 +51,17 @@ org.bouncycastle bcjmail-jdk18on - 1.78.1 + 1.79 org.bouncycastle bcpkix-jdk18on - 1.78.1 + 1.79 org.bouncycastle bcprov-jdk18on - 1.78.1 + 1.79 org.bouncycastle @@ -71,7 +71,7 @@ org.bouncycastle bcpg-jdk18on - 1.78.1 + 1.79 org.apache.commons @@ -108,7 +108,7 @@ org.junit.jupiter junit-jupiter - 5.11.2 + 5.11.3 test @@ -116,14 +116,14 @@ org.mockito mockito-core - 5.14.1 + 5.14.2 test org.mockito mockito-junit-jupiter - 5.14.1 + 5.14.2 test @@ -136,7 +136,7 @@ commons-io commons-io - 2.17.0 + 2.18.0 org.slf4j @@ -146,12 +146,12 @@ ch.qos.logback logback-classic - 1.5.8 + 1.5.12 jakarta.ws.rs jakarta.ws.rs-api - [3] + 3.1.0 jakarta.annotation @@ -161,32 +161,31 @@ org.glassfish.jersey.containers jersey-container-grizzly2-http - [3] + 3.1.9 jar com.fasterxml.jackson.core jackson-databind - 2.18.0 + 2.18.2 jar com.fasterxml.jackson.module jackson-module-jaxb-annotations - 2.18.0 + 2.18.2 org.glassfish.jersey.media jersey-media-json-jackson - [3] + 3.1.9 jar org.glassfish.jersey.inject jersey-hk2 - [3] + 3.1.9 - jakarta.xml.bind jakarta.xml.bind-api @@ -205,7 +204,7 @@ com.zaxxer HikariCP - 6.0.0 + 6.2.1 @@ -232,7 +231,7 @@ uhurusurfa Christopher Broderick - uhurusurfa@users.sf.net + uhurusurfa@gmail.com diff --git a/version-rules.xml b/version-rules.xml index bb557d96..cfb62cb0 100644 --- a/version-rules.xml +++ b/version-rules.xml @@ -9,6 +9,7 @@ .*-b[0-9]* .*-a[0-9]*.[0-9]* .*-b[0-9]*\.[0-9]* + .*-M[0-9]*