Added algorithm check for signing algorithm as well

phax · Dec 2, 2024 · 7ca9726 · 7ca9726
1 parent 90485ce
commit 7ca9726
Showing 1 changed file with 28 additions and 8 deletions.
diff --git a/...e4-lib/src/main/java/com/helger/phase4/incoming/soap/SoapHeaderElementProcessorWSS4J.java b/...e4-lib/src/main/java/com/helger/phase4/incoming/soap/SoapHeaderElementProcessorWSS4J.java
@@ -153,22 +153,42 @@ private ESuccess _verifyAndDecrypt (@Nonnull final Document aSOAPDoc,
       aRequestData.setWssConfig (aWSSConfig);
       aRequestData.setSignatureProvider (m_aSecurityProviderSignVerify);
 
-      // Undocumented property "phase4.decrypt.verify.algorithm" - set to
+      // Undocumented property "phase4.incoming.verify.algorithms" - set to
       // "false" to disable this check
-      if (AS4Configuration.getConfig ().getAsBoolean ("phase4.decrypt.verify.algorithm", true))
+      if (AS4Configuration.getConfig ().getAsBoolean ("phase4.incoming.verify.algorithms", true))
       {
         // Add a test that only the algorithm from the PMode is effectively
         // delivered
         final PModeLeg aPModeLeg = aIncomingState.getEffectivePModeLeg ();
         if (aPModeLeg != null && aPModeLeg.getSecurity () != null)
         {
-          final String sAlgorithmURI = aPModeLeg.getSecurity ().getX509EncryptionAlgorithm ().getAlgorithmURI ();
-          if (LOGGER.isDebugEnabled ())
-            LOGGER.debug ("Testing that the received message was encrypted with algorithm '" + sAlgorithmURI + "'");
-
           final AlgorithmSuite aAlgorithmSuite = new AlgorithmSuite ();
-          aAlgorithmSuite.addEncryptionMethod (sAlgorithmURI);
-          aRequestData.setAlgorithmSuite (aAlgorithmSuite);
+          boolean bUseAlgorithmSuite = false;
+
+          // Does the PMode leg define an encryption algorithm?
+          if (aPModeLeg.getSecurity ().getX509EncryptionAlgorithm () != null)
+          {
+            final String sAlgorithmURI = aPModeLeg.getSecurity ().getX509EncryptionAlgorithm ().getAlgorithmURI ();
+            if (LOGGER.isDebugEnabled ())
+              LOGGER.debug ("Testing that the received message was encrypted with algorithm '" + sAlgorithmURI + "'");
+
+            aAlgorithmSuite.addEncryptionMethod (sAlgorithmURI);
+            bUseAlgorithmSuite = true;
+          }
+
+          // Does the PMode leg define an signing algorithm?
+          if (aPModeLeg.getSecurity ().getX509SignatureAlgorithm () != null)
+          {
+            final String sAlgorithmURI = aPModeLeg.getSecurity ().getX509SignatureAlgorithm ().getAlgorithmURI ();
+            if (LOGGER.isDebugEnabled ())
+              LOGGER.debug ("Testing that the received message was signed with algorithm '" + sAlgorithmURI + "'");
+
+            aAlgorithmSuite.addSignatureMethod (sAlgorithmURI);
+            bUseAlgorithmSuite = true;
+          }
+
+          if (bUseAlgorithmSuite)
+            aRequestData.setAlgorithmSuite (aAlgorithmSuite);
         }
       }