Used provided enc cert, added enc BST, and handled multiple certifica…

…tes(#28)

src/main/java/no/difi/oxalis/as4/inbound/As4InboundHandler.java

@@ -460,10 +460,12 @@ private As4EnvelopeHeader parseAs4EnvelopeHeader(UserMessage userMessage) {
     private X509Certificate extractSenderCertificate(SOAPHeader header) throws OxalisAs4Exception {
         Map<String, String> ns = new TreeMap<>();
         ns.put("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
+        ns.put("secutil", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
+        ns.put("xmldsig", "http://www.w3.org/2000/09/xmldsig#");
         XPathUtils xu = new XPathUtils(ns);
-        String cert = xu.getValueString("//wsse:BinarySecurityToken[1]/text()", header);
-
 
+        // Thanks to 'tjeb' for good info in PR #28
+        String cert = xu.getValueString("//wsse:BinarySecurityToken[@secutil:Id=substring-after(//xmldsig:Signature/xmldsig:KeyInfo/wsse:SecurityTokenReference/wsse:Reference[1]/@URI, '#')]", header);
         if (cert == null) {
             throw new OxalisAs4Exception("Unable to locate sender certificate");
         }

src/main/java/no/difi/oxalis/as4/inbound/As4Servlet.java

@@ -6,6 +6,7 @@
 import no.difi.oxalis.api.settings.Settings;
 import no.difi.oxalis.as4.config.TrustStore;
 import no.difi.oxalis.commons.security.KeyStoreConf;
+import org.apache.cxf.ext.logging.LoggingInInterceptor;
 import org.apache.cxf.jaxws.EndpointImpl;
 import org.apache.cxf.transport.servlet.CXFNonSpringServlet;
 import org.apache.cxf.ws.security.SecurityConstants;
@@ -65,11 +66,11 @@ protected void loadBus(ServletConfig servletConfig) {
         endpointImpl.getProperties().put(SecurityConstants.SIGNATURE_CRYPTO, encryptCrypto);
         endpointImpl.getProperties().put(SecurityConstants.SIGNATURE_PASSWORD, settings.getString(KeyStoreConf.KEY_PASSWORD));
         endpointImpl.getProperties().put(SecurityConstants.SIGNATURE_USERNAME, settings.getString(KeyStoreConf.KEY_ALIAS));
-        endpointImpl.getProperties().put(ConfigurationConstants.SIG_VER_PROP_REF_ID, "oxalisTrustStore");
+//        endpointImpl.getProperties().put(ConfigurationConstants.SIG_VER_PROP_REF_ID, "oxalisTrustStore");
 
         endpointImpl.getProperties().put(SecurityConstants.ENCRYPT_CRYPTO, encryptCrypto);
         endpointImpl.getProperties().put(SecurityConstants.ENCRYPT_USERNAME, settings.getString(KeyStoreConf.KEY_ALIAS));
-        endpointImpl.getProperties().put(ConfigurationConstants.DEC_PROP_REF_ID, "oxalisAPCrypto");
+//        endpointImpl.getProperties().put(ConfigurationConstants.DEC_PROP_REF_ID, "oxalisAPCrypto");
 
         endpointImpl.getInInterceptors().add(new PolicyBasedWSS4JInInterceptor());
         endpointImpl.getOutInterceptors().add(new PolicyBasedWSS4JOutInterceptor());

src/main/java/no/difi/oxalis/as4/outbound/As4MessageSender.java

@@ -15,6 +15,7 @@
 import org.apache.cxf.Bus;
 import org.apache.cxf.attachment.AttachmentUtil;
 import org.apache.cxf.binding.soap.SoapHeader;
+import org.apache.cxf.ext.logging.LoggingFeature;
 import org.apache.cxf.headers.Header;
 import org.apache.cxf.jaxws.DispatchImpl;
 import org.apache.cxf.message.Attachment;
@@ -79,7 +80,7 @@ public TransmissionResponse send(TransmissionRequest request) throws OxalisAs4Tr
 
         final String address = request.getEndpoint().getAddress().toString();
 
-        Service service = Service.create(SERVICE_NAME, new WSPolicyFeature());
+        Service service = Service.create(SERVICE_NAME, new LoggingFeature(), new WSPolicyFeature());
         service.addPort(PORT_NAME, SOAPBinding.SOAP12HTTP_BINDING, "BindingProvider.ENDPOINT_ADDRESS_PROPERTY placeholder");
 
 
@@ -116,22 +117,16 @@ public TransmissionResponse send(TransmissionRequest request) throws OxalisAs4Tr
         dispatch.getRequestContext().put(Message.ATTACHMENTS, attachments);
 
 
+        Merlin signatureCrypto = new Merlin();
+        signatureCrypto.setCryptoProvider(BouncyCastleProvider.PROVIDER_NAME);
+        signatureCrypto.setKeyStore(keyStore);
+        signatureCrypto.setTrustStore(trustStore);
 
-
-        Merlin encryptCrypto = new Merlin();
-        encryptCrypto.setCryptoProvider(BouncyCastleProvider.PROVIDER_NAME);
-        encryptCrypto.setKeyStore(keyStore);
-        encryptCrypto.setTrustStore(trustStore);
-
-        dispatch.getRequestContext().put(SecurityConstants.SIGNATURE_CRYPTO, encryptCrypto);
+        dispatch.getRequestContext().put(SecurityConstants.SIGNATURE_CRYPTO, signatureCrypto);
         dispatch.getRequestContext().put(SecurityConstants.SIGNATURE_PASSWORD, settings.getString(KeyStoreConf.KEY_PASSWORD));
         dispatch.getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, settings.getString(KeyStoreConf.KEY_ALIAS));
-        dispatch.getRequestContext().put(ConfigurationConstants.SIG_VER_PROP_REF_ID, "oxalisTrustStore");
-
-        dispatch.getRequestContext().put(SecurityConstants.ENCRYPT_CRYPTO, encryptCrypto);
-        dispatch.getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, settings.getString(KeyStoreConf.KEY_ALIAS));
-        dispatch.getRequestContext().put(ConfigurationConstants.DEC_PROP_REF_ID, "oxalisAPCrypto");
 
+        dispatch.getRequestContext().put(SecurityConstants.ENCRYPT_CERT, request.getEndpoint().getCertificate());
 
 
         try {

src/main/resources/policy.xml

@@ -20,7 +20,7 @@
                     <sp:RecipientToken>
                         <wsp:Policy>
                             <sp:X509Token
-                                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                                 <wsp:Policy>
                                     <sp:WssX509V3Token10/>
                                 </wsp:Policy>