phax · sopgreg · Jun 29, 2023 · Jul 18, 2023 · Jul 20, 2023
diff --git a/phase4-lib/src/main/java/com/helger/phase4/servlet/AS4RequestHandler.java b/phase4-lib/src/main/java/com/helger/phase4/servlet/AS4RequestHandler.java
@@ -28,6 +28,7 @@
 import javax.annotation.Nullable;
 import javax.annotation.WillClose;
 
+import com.helger.phase4.crypto.IAS4PModeAwareCryptoFactory;
 import org.apache.hc.core5.http.HttpEntity;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.slf4j.Logger;
@@ -361,6 +362,7 @@ public boolean hasAsyncResponseURL ()
 
   private final AS4ResourceHelper m_aResHelper;
   private final IAS4CryptoFactory m_aCryptoFactory;
+  private final IAS4CryptoFactory m_aResponseCryptoFactory;
   private final IPModeResolver m_aPModeResolver;
   private final IAS4IncomingAttachmentFactory m_aIAF;
   private final IAS4IncomingSecurityConfiguration m_aIncomingSecurityConfig;
@@ -381,15 +383,27 @@ public AS4RequestHandler (@Nonnull final IAS4CryptoFactory aCryptoFactory,
                             @Nonnull final IAS4IncomingAttachmentFactory aIAF,
                             @Nonnull final IAS4IncomingSecurityConfiguration aISC,
                             @Nonnull final IAS4IncomingMessageMetadata aMessageMetadata)
+  {
+    this(aCryptoFactory, aCryptoFactory, aPModeResolver, aIAF, aISC, aMessageMetadata);
+  }
+
+  public AS4RequestHandler (@Nonnull final IAS4CryptoFactory aCryptoFactory,
+                            @Nonnull final IAS4CryptoFactory aResponseCryptoFactory,
+                            @Nonnull final IPModeResolver aPModeResolver,
+                            @Nonnull final IAS4IncomingAttachmentFactory aIAF,
+                            @Nonnull final IAS4IncomingSecurityConfiguration aISC,
+                            @Nonnull final IAS4IncomingMessageMetadata aMessageMetadata)
   {
     ValueEnforcer.notNull (aCryptoFactory, "CryptoFactory");
+    ValueEnforcer.notNull (aResponseCryptoFactory, "ResponseCryptoFactory");
     ValueEnforcer.notNull (aPModeResolver, "PModeResolver");
     ValueEnforcer.notNull (aIAF, "IAF");
     ValueEnforcer.notNull (aISC, "ISC");
     ValueEnforcer.notNull (aMessageMetadata, "MessageMetadata");
     // Create dynamically here, to avoid leaving too many streams open
     m_aResHelper = new AS4ResourceHelper ();
     m_aCryptoFactory = aCryptoFactory;
+    m_aResponseCryptoFactory = aResponseCryptoFactory;
     m_aPModeResolver = aPModeResolver;
     m_aIAF = aIAF;
     m_aIncomingSecurityConfig = aISC;
@@ -1095,7 +1109,7 @@ private Document _signResponseIfNeeded (@Nullable final ICommonsList <WSS4JAttac
     {
       // Sign
       final boolean bMustUnderstand = true;
-      ret = AS4Signer.createSignedMessage (m_aCryptoFactory,
+      ret = AS4Signer.createSignedMessage (m_aResponseCryptoFactory,
                                            aDocToBeSigned,
                                            eSoapVersion,
                                            sMessagingID,
@@ -1208,7 +1222,7 @@ private AS4MimeMessage _createMimeMessageForResponse (@Nonnull final Document aR
       aMimeMsg = AS4Encryptor.encryptMimeMessage (eSoapVersion,
                                                   aResponseDoc,
                                                   aResponseAttachments,
-                                                  m_aCryptoFactory,
+                                                  m_aResponseCryptoFactory,
                                                   bMustUnderstand,
                                                   m_aResHelper,
                                                   aCryptParms);
@@ -1310,6 +1324,13 @@ private IAS4ResponseFactory _handleSoapMessage (@Nonnull final HttpHeaderMap aHt
 
     // Evaluate the results of processing
     final IPMode aPMode = aState.getPMode ();
+
+    // response CryptoFactory might also be dependent on the detected PMode, assign it
+    if (aPMode != null && m_aResponseCryptoFactory instanceof IAS4PModeAwareCryptoFactory)
+    {
+      ((IAS4PModeAwareCryptoFactory) m_aResponseCryptoFactory).setContextPMode (aPMode);
+    }
+
     final PModeLeg aEffectiveLeg = aState.getEffectivePModeLeg ();
     final String sMessageID = aState.getMessageID ();
     final ICommonsList <WSS4JAttachment> aDecryptedAttachments = aState.hasDecryptedAttachments () ? aState.getDecryptedAttachments ()

diff --git a/phase4-lib/src/main/java/com/helger/phase4/servlet/AS4XServletHandler.java b/phase4-lib/src/main/java/com/helger/phase4/servlet/AS4XServletHandler.java
@@ -89,6 +89,7 @@ default void customizeAfterHandling (@Nonnull final IRequestWebScopeWithoutRespo
   private static final Logger LOGGER = LoggerFactory.getLogger (AS4XServletHandler.class);
 
   private Supplier <? extends IAS4CryptoFactory> m_aCryptoFactorySupplier;
+  private Supplier <? extends IAS4CryptoFactory> m_aResponseCryptoFactorySupplier;
   private IPModeResolver m_aPModeResolver;
   private IAS4IncomingAttachmentFactory m_aIAF;
   private IAS4IncomingSecurityConfiguration m_aICS = AS4IncomingSecurityConfiguration.createDefaultInstance ();
@@ -123,8 +124,31 @@ public AS4XServletHandler ()
   public AS4XServletHandler (@Nonnull final Supplier <? extends IAS4CryptoFactory> aCryptoFactorySupplier,
                              @Nonnull final IPModeResolver aPModeResolver,
                              @Nonnull final IAS4IncomingAttachmentFactory aIAF)
+  {
+    this(aCryptoFactorySupplier, aCryptoFactorySupplier, aPModeResolver, aIAF);
+  }
+
+  /**
+   * Constructor
+   *
+   * @param aCryptoFactorySupplier
+   *        Crypto factory supplier. May not be <code>null</code>.
+   * @param aResponseCryptoFactorySupplier
+   *        Crypto factory supplier for response messages. May not be <code>null</code>.
+   * @param aPModeResolver
+   *        PMode resolved to be used. May not be <code>null</code>.
+   * @param aIAF
+   *        The attachment factory for incoming attachments. May not be
+   *        <code>null</code>.
+   * @since v0.9.8
+   */
+  public AS4XServletHandler (@Nonnull final Supplier <? extends IAS4CryptoFactory> aCryptoFactorySupplier,
+                             @Nonnull final Supplier <? extends IAS4CryptoFactory> aResponseCryptoFactorySupplier,
+                             @Nonnull final IPModeResolver aPModeResolver,
+                             @Nonnull final IAS4IncomingAttachmentFactory aIAF)
   {
     setCryptoFactorySupplier (aCryptoFactorySupplier);
+    setResponseCryptoFactorySupplier (aResponseCryptoFactorySupplier);
     setPModeResolver (aPModeResolver);
     setIncomingAttachmentFactory (aIAF);
   }
@@ -154,6 +178,31 @@ public final AS4XServletHandler setCryptoFactorySupplier (@Nonnull final Supplie
     return this;
   }
 
+  /**
+   * @return The supplier for the {@link IAS4CryptoFactory} for response messages. May not be
+   *         <code>null</code>.
+   * @since x.x.x
+   */
+  @Nonnull
+  public final Supplier <? extends IAS4CryptoFactory> getResponseCryptoFactorySupplier ()
+  {
+    return m_aResponseCryptoFactorySupplier;
+  }
+
+  /**
+   * @param aResponseCryptoFactorySupplier
+   *        Crypto factory supplier for response messages. May not be <code>null</code>.
+   * @return this for chaining
+   * @since x.x.x
+   */
+  @Nonnull
+  public final AS4XServletHandler setResponseCryptoFactorySupplier (@Nonnull final Supplier <? extends IAS4CryptoFactory> aResponseCryptoFactorySupplier)
+  {
+    ValueEnforcer.notNull (aResponseCryptoFactorySupplier, "ResponseCryptoFactorySupplier");
+    m_aResponseCryptoFactorySupplier = aResponseCryptoFactorySupplier;
+    return this;
+  }
+
   /**
    * @return The {@link IPModeResolver} to be used. Never <code>null</code>.
    * @since 0.9.15
@@ -317,6 +366,7 @@ protected AS4IncomingMessageMetadata createIncomingMessageMetadata (@Nonnull fin
   protected void handleRequest (@Nonnull final IRequestWebScopeWithoutResponse aRequestScope,
                                 @Nonnull final AS4UnifiedResponse aHttpResponse,
                                 @Nonnull final IAS4CryptoFactory aCF,
+                                @Nonnull final IAS4CryptoFactory aResponseCF,
                                 @Nonnull final IPModeResolver aPModeResolver,
                                 @Nonnull final IAS4IncomingAttachmentFactory aIAF,
                                 @Nonnull final IAS4IncomingSecurityConfiguration aISC,
@@ -325,7 +375,7 @@ protected void handleRequest (@Nonnull final IRequestWebScopeWithoutResponse aRe
     // Start metadata
     final IAS4IncomingMessageMetadata aMessageMetadata = createIncomingMessageMetadata (aRequestScope);
 
-    try (final AS4RequestHandler aHandler = new AS4RequestHandler (aCF, aPModeResolver, aIAF, aISC, aMessageMetadata))
+    try (final AS4RequestHandler aHandler = new AS4RequestHandler (aCF, aResponseCF, aPModeResolver, aIAF, aISC, aMessageMetadata))
     {
       // Customize before handling
       if (aHandlerCustomizer != null)
@@ -368,13 +418,18 @@ public void handleRequest (@Nonnull final IRequestWebScopeWithoutResponse aReque
   {
     // Resolved once per request
     final IAS4CryptoFactory aCF = m_aCryptoFactorySupplier.get ();
+    // Fallback to regular CryptoFactory if no specific CryptoFactory for response messages was provided
+    final IAS4CryptoFactory aResponseCF = (m_aResponseCryptoFactorySupplier != null) ? m_aResponseCryptoFactorySupplier.get () : aCF;
     if (aCF == null)
       throw new IllegalStateException ("Failed to get an AS4 CryptoFactory");
+    if (aResponseCF == null)
+      throw new IllegalStateException ("Failed to get an AS4 response CryptoFactory");
 
     // Created above in #createUnifiedResponse
     handleRequest (aRequestScope,
                    (AS4UnifiedResponse) aUnifiedResponse,
                    aCF,
+                   aResponseCF,
                    m_aPModeResolver,
                    m_aIAF,
                    m_aICS,

diff --git a/...e4-spring-boot-demo/src/main/java/com/helger/phase4/springboot/servlet/ServletConfig.java b/...e4-spring-boot-demo/src/main/java/com/helger/phase4/springboot/servlet/ServletConfig.java
@@ -85,8 +85,9 @@ public MyAS4Servlet ()
       settings ().setMultipartEnabled (false);
       // HTTP POST only
       final AS4XServletHandler hdl = new AS4XServletHandler ();
-      // This method refers to the outer static methid
+      // This method refers to the outer static method
       hdl.setCryptoFactorySupplier (ServletConfig::getCryptoFactoryToUse);
+      hdl.setResponseCryptoFactorySupplier (ServletConfig::getCryptoFactoryToUse);
       handlerRegistry ().registerHandler (EHttpMethod.POST, hdl);
     }
   }