Merge pull request #12 from OpenAS2/signingbug

Signingbug

.classpath

@@ -4,13 +4,13 @@
 	<classpathentry kind="src" path="Server/src"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="lib" path="Remote/lib/servlet.jar"/>
-	<classpathentry kind="lib" path="Server/lib/bcmail-jdk15on-152.jar"/>
-	<classpathentry kind="lib" path="Server/lib/bcpg-jdk15on-152.jar"/>
-	<classpathentry kind="lib" path="Server/lib/bcpkix-jdk15on-152.jar"/>
-	<classpathentry kind="lib" path="Server/lib/bcprov-jdk15on-152.jar"/>
 	<classpathentry kind="lib" path="Server/lib/commons-lang3-3.4.jar"/>
 	<classpathentry kind="lib" path="Server/lib/commons-logging-1.2.jar"/>
 	<classpathentry kind="lib" path="Server/lib/dom4j-1.6.1.jar"/>
 	<classpathentry kind="lib" path="Server/lib/javax.mail.jar"/>
+	<classpathentry kind="lib" path="Server/lib/bcmail-jdk15on-154.jar"/>
+	<classpathentry kind="lib" path="Server/lib/bcpg-jdk15on-154.jar"/>
+	<classpathentry kind="lib" path="Server/lib/bcpkix-jdk15on-154.jar"/>
+	<classpathentry kind="lib" path="Server/lib/bcprov-jdk15on-154.jar"/>
 	<classpathentry kind="output" path="classes"/>
 </classpath>

RELEASE-NOTES.txt

@@ -1,23 +1,21 @@
               OpenAS2 Server
-              Version 1.3.6
+              Version 1.3.7
               RELEASE NOTES
 
-The OpenAS2 project is pleased to announce the release of OpenAS2 1.3.6
+The OpenAS2 project is pleased to announce the release of OpenAS2 1.3.7
 
 The release download file is: OpenAS2Server-1.3.6.zip
 The zip file contains a PDF document providing information on installing and using the application.
 
-UPGRADE Instructions:
- 1. As of version 1.3.6, a new "errordir" parameter is required on the processor element to specify where files that fail resend attempts are stored.
-    It defaults to a sub-directory named "error" off the directory pointed to by the "pendingMDN" parameter. 
-
 This release is an enhancement and bugfix release:
-  1. Fix handling creating a unique file name for storing message info for ASYNC MDN
-  2. Rationalise the handling of received MDN so that there is a common handler for Async and Sync MDN
-  3. Fix moving pending messages that fail after retries to the error folder.
-  4. Enhance logging to pass MEssage object to log manager to facilitate finer grained and more targeted logging
-
+  1. Fix generator encoding for compression, encryption and signing
+  2. Support configurable control of canonicalization when signing
+  3. Support overriding digest "sha-1" algorithm name in signing to use "old" name without dash ("sha1")
+  4. Support AES128, AES192, AES256 ciphers
+  
 Java 1.5 or later is required.
+NOTE FOR JAVA 1.5: Prior to java 1.6, the Javabeans Activation Framework is NOT included in the standard Java install. Download the 1.1.1 version and extract from the zip file from this web page: http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jaf-1.1.1-fcs-oth-JPR
+The activation.jar must be placed into the “lib” folder of the OpenAS2 server install and added to the class path in the shell or batch file as appropriate.
 
 
 Historical list of changes: see the changes.txt file in the release package

Remote/src/org/openas2/remote/CommandLine.java

@@ -16,7 +16,7 @@
  * a test program but usable with the SocketCommandProcessor which in turns passes to 
  * command off to the OpenAS2Server.
  * 
- * uses SSL_DH_anon_WITH_RC4_128_MD5 cipher for the secure socket layer; 
+ * uses TLS_DH_anon_WITH_AES_256_CBC_SHA cipher for the secure socket layer; 
  * 
  */
 public class CommandLine {
@@ -27,13 +27,13 @@ public static void main(String args[]) {
 			String host, port, name, pwd;
 			if (args.length == 0) {
 				host = "localhost";
-				port = "4321";
+				port = "14322";
 				name = "userID";
 				pwd = "pWd"; 
 
 			} else 
 			if (args.length != 4) {
-				System.out.println("format: java org.openas2.remote.CommandLine ipaddresss portnumber userid password command");
+				System.out.println("format: java org.openas2.remote.CommandLine ipaddresss portnumber userid password");
 				return;
 			} else {
 				host = args[0];
@@ -43,14 +43,24 @@ public static void main(String args[]) {
 			}
 			int iport = Integer.parseInt(port);
 			while (true) {
+				System.out.print("Enter command: ");
 				String icmd = br.readLine().trim();
+				System.out.print("");
 				if (icmd.length() < 1) {
 					System.out.println("adios");
 					return;
 				}
 				s = (SSLSocket) SSLSocketFactory.getDefault().createSocket(InetAddress.getByName(host), iport);
-				final String[] enabledCipherSuites = { "SSL_DH_anon_WITH_RC4_128_MD5" };
-				s.setEnabledCipherSuites(enabledCipherSuites);
+				String cipherSuites = System.getProperty("CmdProcessorSocketCipher", "TLS_DH_anon_WITH_AES_256_CBC_SHA");
+				final String[] enabledCipherSuites = { cipherSuites };
+				try
+				{
+					s.setEnabledCipherSuites(enabledCipherSuites);
+				} catch (IllegalArgumentException e)
+				{
+					e.printStackTrace();
+					System.out.println("Cipher is not supported. Try using the command line switch -DCmdProcessorSocketCipher=<some cipher suite> to use one supported by your version of java security.");
+				}
 				String cmd = "<command id=\"" + name + 
 					"\" password=\"" + pwd + "\">" + 
 					icmd + "</command>";

Remote/src/org/openas2/remote/OpenAS2Servlet.java

@@ -408,8 +408,16 @@ public static String xmlNormalize(String in) {
 	public String remoteCommandCall(String command) throws UnknownHostException, IOException
 	{
 	SSLSocket s = (SSLSocket) SSLSocketFactory.getDefault().createSocket(InetAddress.getByName(commandHostID), commandPort);
-	final String[] enabledCipherSuites = { "SSL_DH_anon_WITH_RC4_128_MD5" };
-	s.setEnabledCipherSuites(enabledCipherSuites);
+	String cipherSuites = System.getProperty("CmdProcessorSocketCipher", "TLS_DH_anon_WITH_AES_256_CBC_SHA");
+	final String[] enabledCipherSuites = { cipherSuites };
+	try
+	{
+		s.setEnabledCipherSuites(enabledCipherSuites);
+	} catch (IllegalArgumentException e)
+	{
+		e.printStackTrace();
+		System.out.println("Cipher is not supported. Try using the command line switch -DCmdProcessorSocketCipher=<some cipher suite> to use one supported by your version of java security.");
+	}
 	String cmd = "<command id=\"" + commandUserID + 	"\" password=\"" + commandPWD + "\">" + 		command + "</command>\n";
 	s.getOutputStream().write(cmd.getBytes());
 	s.getOutputStream().flush();

Server/bin/start-openas2.bat

@@ -1,6 +1,11 @@
 @echo off
 rem Purpose:  runs the OpenAS2 application
 
+rem Uncomment any of the following for enhanced debug
+rem set EXTRA_PARMS=%EXTRA_PARMS% -Dmaillogger.debug.enabled=true
+rem set EXTRA_PARMS=%EXTRA_PARMS% -DlogRxdMsgMimeBodyParts=true
+rem set EXTRA_PARMS=%EXTRA_PARMS% -DlogRxdMdnMimeBodyParts=true
+
 rem Setup the Java Virtual Machine
 if not "%JAVA%" == "" goto :Check_JAVA_END
     if not "%JAVA_HOME%" == "" goto :TryJDKEnd
@@ -53,7 +58,7 @@ if not "%JAVA%" == "" goto :Check_JAVA_END
 rem    
 rem remove -Dorg.apache.commons.logging.Log=org.openas2.logging.Log if using another logging package
 rem
-"%JAVA%" -Xms32m -Xmx384m  -Dorg.apache.commons.logging.Log=org.openas2.logging.Log  -cp .;../lib/javax.mail.jar;../lib/bcpkix-jdk15on-152.jar;../lib/bcprov-jdk15on-152.jar;../lib/bcmail-jdk15on-152.jar;../lib/bcprov-jdk15on-152;../lib/commons-logging-1.2.jar;../lib/openas2-server.jar org.openas2.app.OpenAS2Server ../config/config.xml
+"%JAVA%" "%EXTRA_PARMS% -Xms32m -Xmx384m  -Dorg.apache.commons.logging.Log=org.openas2.logging.Log  -cp .;../lib/javax.mail.jar;../lib/bcpkix-jdk15on-154.jar;../lib/bcprov-jdk15on-154.jar;../lib/bcmail-jdk15on-154.jar;../lib/commons-logging-1.2.jar;../lib/openas2-server.jar org.openas2.app.OpenAS2Server ../config/config.xml
 
 :warn
 :END

Server/bin/start-openas2.sh

@@ -4,6 +4,11 @@ x=`basename $0`
 
 keyStorePwd=$1
 PWD_OVERRIDE=""
+# Uncomment any of the following for enhanced debug
+#EXTRA_PARMS="$EXTRA_PARMS -Dmaillogger.debug.enabled=true"
+#EXTRA_PARMS="$EXTRA_PARMS -DlogRxdMsgMimeBodyParts=true"
+#EXTRA_PARMS="$EXTRA_PARMS -DlogRxdMdnMimeBodyParts=true"
+
 if [  ! -z $keyStorePwd ]; then
   PWD_OVERRIDE="-Dorg.openas2.cert.Password=$keyStorePwd"
 fi
@@ -30,4 +35,4 @@ JAVA_EXE=$JAVA_HOME/bin/java
 #    
 # remove -Dorg.apache.commons.logging.Log=org.openas2.logging.Log if using another logging package    
 #
-$JAVA_EXE ${PWD_OVERRIDE} -Xms32m -Xmx384m -Dorg.apache.commons.logging.Log=org.openas2.logging.Log  -cp .:../lib/javax.mail.jar:../lib/bcpkix-jdk15on-152.jar:../lib/bcprov-jdk15on-152.jar:../lib/bcmail-jdk15on-152.jar:../lib/bcprov-jdk15on-152:../lib/commons-logging-1.2.jar:../lib/openas2-server.jar org.openas2.app.OpenAS2Server ../config/config.xml
+$JAVA_EXE ${PWD_OVERRIDE} -Xms32m -Xmx384m -Dorg.apache.commons.logging.Log=org.openas2.logging.Log  -cp .:../lib/javax.mail.jar:../lib/bcpkix-jdk15on-154.jar:../lib/bcprov-jdk15on-154.jar:../lib/bcmail-jdk15on-154.jar:../lib/commons-logging-1.2.jar:../lib/openas2-server.jar org.openas2.app.OpenAS2Server ../config/config.xml

Server/config/config.xml

@@ -13,9 +13,13 @@
 		<!-- Remove this comment to enable emailing of exceptions
 		<logger classname="org.openas2.logging.EmailLogger"
 			show="terminated"
+			javax.mail.properties.file="%home%/java.mail.properties"
 			from="openas2"
 			to="your email address"
 			smtpserver="your smtp server"
+			smtpauth="true"
+			smtpuser="mySmtpUserId"
+			smtppwd="mySmtpPwd"
 			subject="$exception.name$: $exception.message$"
 			bodytemplate="%home%/emailtemplate.txt"/>
 		-->

Server/config/partnerships.xml

@@ -18,7 +18,7 @@
 		<attribute name="as2_url" value="http://localhost:10080"/>
 		<attribute name="as2_mdn_to" value="[email protected]"/>
 		<!--  <attribute name="as2_receipt_option" value="http://localhost:10080"/>   ...for async MDN-->
-		<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA1"/>
+		<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256"/>
 		<attribute name="encrypt" value="3DES"/>
 		<attribute name="sign" value="MD5"/>
 		<attribute name="resend_max_retries" value="3"/>
@@ -33,9 +33,9 @@
 		<attribute name="as2_url" value="http://localhost:10080"/>
 		<attribute name="as2_mdn_to" value="[email protected]"/>
 		<!--  <attribute name="as2_receipt_option" value="http://localhost:10080"/>   ...for async MDN-->
-		<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA1"/>
+		<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256"/>
 		<attribute name="encrypt" value="3DES"/>
-		<attribute name="sign" value="SHA1"/>
+		<attribute name="sign" value="SHA256"/>
 	</partnership>
 </partnerships>
 

Server/src/org/openas2/Session.java

@@ -20,11 +20,13 @@
  */
 public interface Session {
     /** Official OpenAS2 release version */
-    public static final String VERSION = "1.3.6";
+    public static final String VERSION = "1.3.7";
 
     /** Official OpenAS2 title */
     public static final String TITLE = "OpenAS2 v" + VERSION;
 
+    public static final String DEFAULT_CONTENT_TRANSFER_ENCODING = "binary";
+
     /**
      * Short-cut method to retrieve a certificate factory.
      *

Server/src/org/openas2/app/OpenAS2Server.java

@@ -33,6 +33,7 @@ public static void main(String[] args) {
 	public void start(String[] args) {
 		BaseCommandProcessor cmd = null;
 		XMLSession session = null;
+		int exitStatus = 0;
 
 		try {
 			Log logger = LogFactory.getLog(OpenAS2Server.class.getSimpleName());
@@ -86,8 +87,10 @@ public void start(String[] args) {
 			}
 			logger.info("- OpenAS2 Stopped -");
 		} catch (Exception e) {
+			exitStatus = -1;
 			e.printStackTrace();
 		} catch (Error err) {
+			exitStatus = -1;
 			err.printStackTrace();
 		} finally {
 
@@ -109,7 +112,7 @@ public void start(String[] args) {
 
 			write("OpenAS2 has shut down\r\n");
 
-			System.exit(0);
+			System.exit(exitStatus);
 		}
 	}
 

Server/src/org/openas2/cmd/processor/SocketCommandProcessor.java

@@ -61,8 +61,17 @@ public void init(Session session, Map<String,String> parameters) throws OpenAS2E
                 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
 			 sslserversocket =
                 (SSLServerSocket) sslserversocketfactory.createServerSocket(port);
-			final String[] enabledCipherSuites = { "SSL_DH_anon_WITH_RC4_128_MD5" };
-			sslserversocket.setEnabledCipherSuites(enabledCipherSuites);
+			String cipherSuites = System.getProperty("CmdProcessorSocketCipher", "TLS_DH_anon_WITH_AES_256_CBC_SHA");
+			final String[] enabledCipherSuites = { cipherSuites };
+			try
+			{
+				sslserversocket.setEnabledCipherSuites(enabledCipherSuites);
+			} catch (IllegalArgumentException e)
+			{
+				throw new OpenAS2Exception(
+						"Cipher is not supported. Use command line switch -DCmdProcessorSocketCipher=<some cipher suite> to use one supported by your version of java security."
+						, e);
+			}
 
 
 		} catch (IOException e) {

Server/src/org/openas2/lib/MDNEngine.java

@@ -6,6 +6,7 @@
 import javax.mail.internet.MimeBodyPart;
 
 import org.apache.commons.lang3.SystemUtils;
+import org.openas2.Session;
 import org.openas2.lib.cert.ICertificateChooser;
 import org.openas2.lib.helper.EDIINTHelper;
 import org.openas2.lib.helper.ICryptoHelper;
@@ -20,6 +21,8 @@
 import org.openas2.lib.message.EDIINTMessageMDN;
 import org.openas2.lib.message.MDNData;
 import org.openas2.lib.partner.IPartnershipChooser;
+import org.openas2.message.Message;
+import org.openas2.partner.Partnership;
 
 public class MDNEngine {
     private EDIINTHelper ediintHelper;
@@ -124,7 +127,7 @@ protected AS2MessageMDN createAS2MDN(AS2Message msg, EngineResults results) thro
                 boolean includeHeaders = results.getEncryption() != EngineResults.STATUS_NONE
                         && results.getSignature() != EngineResults.STATUS_NONE;
                 String mic = getCryptoHelper().calculateMIC(msg.getData(),
-                        dispOptions.getMicAlgorithm(), includeHeaders);
+                        dispOptions.getMicAlgorithm(), includeHeaders, ((Message)msg).getPartnership().isPreventCanonicalization());
                 mdnData.setReceivedContentMIC(mic);
             }
         } catch (Exception e) {
@@ -137,8 +140,12 @@ protected AS2MessageMDN createAS2MDN(AS2Message msg, EngineResults results) thro
                 ICertificateChooser certChooser = getCertificateChooser();
                 Certificate senderCert = certChooser.getSenderCertificate(mdn);
                 Key senderKey = certChooser.getSenderKey(mdn);
+        		String contentTxfrEncoding =  ((Message)msg).getPartnership().getAttribute(Partnership.PA_CONTENT_TRANSFER_ENCODING);
+        		if (contentTxfrEncoding == null)
+        			contentTxfrEncoding = Session.DEFAULT_CONTENT_TRANSFER_ENCODING;
+                // sign the data using CryptoHelper
                 MimeBodyPart signedData = getCryptoHelper().sign(mdn.getData(), senderCert,
-                        senderKey, dispOptions.getMicAlgorithm());
+                        senderKey, dispOptions.getMicAlgorithm(),contentTxfrEncoding, false);
                 mdn.setData(signedData);
                 mdn.setContentType(signedData.getContentType());
             }