Added customizer and improved clone API

phax · Jul 20, 2023 · 939399d · 939399d
1 parent b785a5f
commit 939399d
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 17 deletions.
diff --git a/phase4-lib/src/main/java/com/helger/phase4/crypto/AS4CryptParams.java b/phase4-lib/src/main/java/com/helger/phase4/crypto/AS4CryptParams.java
@@ -25,6 +25,7 @@
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import javax.annotation.OverridingMethodsMustInvokeSuper;
 import javax.annotation.concurrent.NotThreadSafe;
 
 import org.apache.wss4j.common.WSS4JConstants;
@@ -77,6 +78,7 @@ public class AS4CryptParams implements Serializable, ICloneable <AS4CryptParams>
   private ICryptoSessionKeyProvider m_aSessionKeyProvider = DEFAULT_SESSION_KEY_PROVIDER;
   private Provider m_aSecurityProvider;
   private boolean m_bEncryptSymmetricSessionKey = DEFAULT_ENCRYPT_SYMMETRIC_SESSION_KEY;
+  private IWSSecEncryptCustomizer m_aWSSecEncryptCustomizer;
 
   /**
    * Default constructor using default
@@ -370,6 +372,24 @@ public final AS4CryptParams setEncryptSymmetricSessionKey (final boolean b)
     return this;
   }
 
+  @Nullable
+  public final IWSSecEncryptCustomizer getWSSecEncryptCustomizer ()
+  {
+    return m_aWSSecEncryptCustomizer;
+  }
+
+  public final boolean hasWSSecEncryptCustomizer ()
+  {
+    return m_aWSSecEncryptCustomizer != null;
+  }
+
+  @Nonnull
+  public final AS4CryptParams setWSSecEncryptCustomizer (@Nullable final IWSSecEncryptCustomizer a)
+  {
+    m_aWSSecEncryptCustomizer = a;
+    return this;
+  }
+
   /**
    * This method calls {@link #setAlgorithmCrypt(ECryptoAlgorithmCrypt)} based
    * on the PMode parameters. If the PMode parameter is <code>null</code> the
@@ -393,20 +413,30 @@ public final AS4CryptParams setFromPMode (@Nullable final PModeLegSecurity aSecu
     return this;
   }
 
+  @OverridingMethodsMustInvokeSuper
+  public void cloneTo (@Nonnull final AS4CryptParams aTarget)
+  {
+    ValueEnforcer.notNull (aTarget, "Target");
+    aTarget.setKeyIdentifierType (m_eKeyIdentifierType)
+           .setAlgorithmCrypt (m_eAlgorithmCrypt)
+           .setKeyEncAlgorithm (m_eKeyEncAlgorithm)
+           .setMGFAlgorithm (m_sMGFAlgorithm)
+           .setDigestAlgorithm (m_sDigestAlgorithm)
+           .setCertificate (m_aCert)
+           .setAlias (m_sAlias)
+           .setSessionKeyProvider (m_aSessionKeyProvider)
+           .setSecurityProvider (m_aSecurityProvider)
+           .setEncryptSymmetricSessionKey (m_bEncryptSymmetricSessionKey)
+           .setWSSecEncryptCustomizer (m_aWSSecEncryptCustomizer);
+  }
+
   @Nonnull
   @ReturnsMutableCopy
   public AS4CryptParams getClone ()
   {
-    return new AS4CryptParams ().setKeyIdentifierType (m_eKeyIdentifierType)
-                                .setAlgorithmCrypt (m_eAlgorithmCrypt)
-                                .setKeyEncAlgorithm (m_eKeyEncAlgorithm)
-                                .setMGFAlgorithm (m_sMGFAlgorithm)
-                                .setDigestAlgorithm (m_sDigestAlgorithm)
-                                .setCertificate (m_aCert)
-                                .setAlias (m_sAlias)
-                                .setSessionKeyProvider (m_aSessionKeyProvider)
-                                .setSecurityProvider (m_aSecurityProvider)
-                                .setEncryptSymmetricSessionKey (m_bEncryptSymmetricSessionKey);
+    final AS4CryptParams ret = new AS4CryptParams ();
+    cloneTo (ret);
+    return ret;
   }
 
   @Override
@@ -422,6 +452,7 @@ public String toString ()
                                        .append ("SessionKeyProvider", m_aSessionKeyProvider)
                                        .append ("SecurityProvider", m_aSecurityProvider)
                                        .append ("EncryptSymmetricSessionKey", m_bEncryptSymmetricSessionKey)
+                                       .append ("WSSecEncryptCustomizer", m_aWSSecEncryptCustomizer)
                                        .getToString ();
   }
 

diff --git a/phase4-lib/src/main/java/com/helger/phase4/crypto/AS4SigningParams.java b/phase4-lib/src/main/java/com/helger/phase4/crypto/AS4SigningParams.java
@@ -21,6 +21,7 @@
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import javax.annotation.OverridingMethodsMustInvokeSuper;
 import javax.annotation.concurrent.NotThreadSafe;
 
 import com.helger.commons.ValueEnforcer;
@@ -219,15 +220,24 @@ public final AS4SigningParams setFromPMode (@Nullable final PModeLegSecurity aSe
     return this;
   }
 
+  @OverridingMethodsMustInvokeSuper
+  public void cloneTo (@Nonnull final AS4SigningParams aTarget)
+  {
+    ValueEnforcer.notNull (aTarget, "Target");
+    aTarget.setKeyIdentifierType (m_eKeyIdentifierType)
+           .setAlgorithmSign (m_eAlgorithmSign)
+           .setAlgorithmSignDigest (m_eAlgorithmSignDigest)
+           .setAlgorithmC14N (m_eAlgorithmC14N)
+           .setSecurityProvider (m_aSecurityProvider);
+  }
+
   @Nonnull
   @ReturnsMutableCopy
   public AS4SigningParams getClone ()
   {
-    return new AS4SigningParams ().setKeyIdentifierType (m_eKeyIdentifierType)
-                                  .setAlgorithmSign (m_eAlgorithmSign)
-                                  .setAlgorithmSignDigest (m_eAlgorithmSignDigest)
-                                  .setAlgorithmC14N (m_eAlgorithmC14N)
-                                  .setSecurityProvider (m_aSecurityProvider);
+    final AS4SigningParams ret = new AS4SigningParams ();
+    cloneTo (ret);
+    return ret;
   }
 
   @Override

diff --git a/phase4-lib/src/main/java/com/helger/phase4/crypto/IWSSecEncryptCustomizer.java b/phase4-lib/src/main/java/com/helger/phase4/crypto/IWSSecEncryptCustomizer.java
@@ -0,0 +1,25 @@
+package com.helger.phase4.crypto;
+
+import javax.annotation.Nonnull;
+
+import org.apache.wss4j.dom.message.WSSecEncrypt;
+
+/**
+ * Customize the {@link WSSecEncrypt} object additional to what is possible via
+ * the {@link AS4CryptParams} class.
+ *
+ * @author Philip Helger
+ * @since 2.1.4
+ */
+@FunctionalInterface
+public interface IWSSecEncryptCustomizer
+{
+  /**
+   * The customization happens AFTER all the default properties are applied. So
+   * be sure you know what to do when overwriting stuff.
+   *
+   * @param aWSSecEncrypt
+   *        The object to modify. May not be <code>null</code>.
+   */
+  void customize (@Nonnull WSSecEncrypt aWSSecEncrypt);
+}
diff --git a/phase4-lib/src/main/java/com/helger/phase4/messaging/crypto/AS4Encryptor.java b/phase4-lib/src/main/java/com/helger/phase4/messaging/crypto/AS4Encryptor.java
@@ -80,9 +80,8 @@ private static WSSecEncrypt _createEncrypt (@Nonnull final WSSecHeader aSecHeade
     aBuilder.setKeyEncAlgo (aCryptParams.getKeyEncAlgorithm ().getID ());
     aBuilder.setMGFAlgorithm (aCryptParams.getMGFAlgorithm ());
     aBuilder.setDigestAlgorithm (aCryptParams.getDigestAlgorithm ());
-    aBuilder.setEncryptSymmKey (aCryptParams.isEncryptSymmetricSessionKey ());
     aBuilder.setSecurityProviderKey (aCryptParams.getSecurityProvider ());
-
+    aBuilder.setEncryptSymmKey (aCryptParams.isEncryptSymmetricSessionKey ());
     if (aCryptParams.hasCertificate ())
     {
       // Certificate was provided externally
@@ -94,6 +93,15 @@ private static WSSecEncrypt _createEncrypt (@Nonnull final WSSecHeader aSecHeade
         // No PW needed here, because we encrypt with the public key
         aBuilder.setUserInfo (aCryptParams.getAlias ());
       }
+
+    // Customizer to be invoked as the last action
+    if (aCryptParams.hasWSSecEncryptCustomizer ())
+    {
+      if (LOGGER.isDebugEnabled ())
+        LOGGER.debug ("Running WSSecEncryptCustomizer.customize");
+      aCryptParams.getWSSecEncryptCustomizer ().customize (aBuilder);
+    }
+
     return aBuilder;
   }