Package com.helger.smpclient.httpclient

Class SMPHttpResponseHandlerSigned<T>

java.lang.Object
com.helger.smpclient.httpclient.AbstractSMPResponseHandler<T>
com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned<T>
Type Parameters:
T - The type of object to be handled.
All Implemented Interfaces:
org.apache.hc.core5.http.io.HttpClientResponseHandler<T>
public class SMPHttpResponseHandlerSigned<T> extends AbstractSMPResponseHandler<T>
This is the Apache HTTP client response handler to verify signed HTTP response messages.

Note: this class is also licensed under Apache 2 license, as it was not part of the original implementation

Author:
Philip Helger

  • Field Details

    • DEFAULT_VERIFY_SIGNATURE

      public static final boolean DEFAULT_VERIFY_SIGNATURE
      See Also:

    • DEFAULT_SECURE_VALIDATION

      public static final boolean DEFAULT_SECURE_VALIDATION
      See Also:

  • Constructor Details

    • SMPHttpResponseHandlerSigned

      public SMPHttpResponseHandlerSigned(@Nonnull com.helger.jaxb.GenericJAXBMarshaller<T> aMarshaller, @Nullable KeyStore aTrustStore)
      Constructor
      Parameters:
      aMarshaller - The JAXB marshaller to be used. May not be null.
      aTrustStore - The trust store to be used. May be null.
      Since:
      8.1.1

  • Method Details

    • isVerifySignature

      public final boolean isVerifySignature()
      Returns:
      true if SMP client response certificate checking is enabled, false if it is disabled. By default this check is enabled (see DEFAULT_VERIFY_SIGNATURE).
      Since:
      8.0.3

    • setVerifySignature

      @Nonnull public final SMPHttpResponseHandlerSigned<T> setVerifySignature(boolean bVerifySignature)
      Check the certificate retrieved from a signed SMP response? This may be helpful for debugging and testing of SMP client connections!
      Uses the trust store configured in the SMP client configuration.
      Parameters:
      bVerifySignature - true to enable SMP response checking (on by default) or false to disable it.
      Returns:
      this for chaining
      Since:
      8.0.3

    • isSecureValidation

      public final boolean isSecureValidation()
      Returns:
      true if SMP client response certificate checking should use secure validation, false if validation also allows deprecated algorithms. By default this check is enabled (see DEFAULT_SECURE_VALIDATION).
      Since:
      9.0.5

    • setSecureValidation

      @Nonnull public final SMPHttpResponseHandlerSigned<T> setSecureValidation(boolean bSecureValidation)
      Enable or disable the usage of secure XMLDsig validation. By default secure validation is enabled. Java 17 disables the usage of SHA-1 in XMLDsig by default, as documented in https://bugs.openjdk.org/browse/JDK-8261246. Currently the Peppol SMP still uses SHA-1 so you might want to disable this for the sake of sanity.
      Parameters:
      bSecureValidation - true to enable SMP secure certificate validation (enabled by default) or false to disable it.
      Returns:
      this for chaining
      Since:
      9.0.5

    • getTrustStore

      @Nullable public final KeyStore getTrustStore()
      Returns:
      The trust store to be used for verifying the signature. May be null if an invalid trust store is configured.
      Since:
      8.1.1

    • setTrustStore

      @Nonnull public final SMPHttpResponseHandlerSigned<T> setTrustStore(@Nullable KeyStore aTrustStore)
      Set the trust store to be used. If signature verification is enabled, a trust store MUST be preset.
      Parameters:
      aTrustStore - The trust store to be used. May be null.
      Returns:
      this for chaining
      Since:
      8.1.1

    • checkSignature

      @Nonnull public static com.helger.commons.state.ESuccess checkSignature(@Nonnull Document aDocument, @Nonnull KeySelector aKeySelector, boolean bSecureValidation) throws MarshalException, XMLSignatureException
      Throws:
      MarshalException
      XMLSignatureException

    • handleEntity

      @Nonnull public T handleEntity(@Nonnull org.apache.hc.core5.http.HttpEntity aEntity) throws SMPClientBadResponseException, IOException
      Description copied from class: AbstractSMPResponseHandler
      Handle the response entity and transform it into the actual response object.
      Specified by:
      handleEntity in class AbstractSMPResponseHandler<T>
      Parameters:
      aEntity - The entity to handle. Never null.
      Returns:
      the result. May be null.
      Throws:
      SMPClientBadResponseException - if something goes wrong
      IOException - on IO error