AS2协议详解(三)[通俗易懂]

AS2协议详解(三)[通俗易懂]AS2协议本身比较复杂,我们不需要了解其中太多细节,只需要知道一些重要概念就行了。AS2是基于HTTP/HTTPS的,消息的格式使用MIME,就

AS2协议本身比较复杂,我们不需要了解其中太多细节,只需要知道一些重要概念就行了。

AS2是基于HTTP/HTTPS的,消息的格式使用MIME,就是邮件的格式,使用SHA1或SHA2加RSA进行签名,使用S/MIME进行加密。S/MIME加密本质就是3DES或者AES加RSA加密,有了之前的基础应该就很清楚了。

AS2的通信双方称为partner,每个partner有个partnerId,通信双方需要交互彼此的公钥。

自己实现S/MIME加密比较复杂,我们引入以下包来加密,jdk15on支持jdk1.5-jdk1.8,其他jdk版可去maven上搜索对应的版本

    <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcmail-jdk15on</artifactId>
        <version>1.70</version>
    </dependency>

AS2协议详解(三)[通俗易懂]

接下来是实现AS2发送文件的JAVA版本

@Test
public void testAS2() throws Exception {
    //注册证书提供者BC
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    String password = "testas2";
    //生成mime消息体,放入待发送文件
    MimeBodyPart finalMessage = new MimeBodyPart();
    File file = new File("D:\\workspace\\data\\a.xml");
    finalMessage.setDataHandler(new DataHandler(new FileDataSource(file)));
    finalMessage.setHeader("Content-Type", "application/xml");
    finalMessage.setHeader("Content-Transfer-Encoding", "base64");
    finalMessage.setFileName(file.getName());
    //加载证书
    FileInputStream fis = new FileInputStream(new File("D:\\workspace\\OpenAs2App\\Server\\src\\config\\as2_certs.p12"));
    KeyStore keyStore = getKeyStore(fis, password, "PKCS12", "BC");
    PrivateKey privateKey = getPrivateKeyFromKeyStore(keyStore, "mycompany", "password");
    //签名
    X509Certificate signCert = getCertificate(keyStore, "mycompany");
    List certList = new ArrayList();
    certList.add(signCert);
    Store certs = new JcaCertStore(certList);

    SMIMESignedGenerator signer = new SMIMESignedGenerator();
    signer.setContentTransferEncoding("base64");
    //使用SHA1进行签名
    signer.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC")
            .build("SHA1WITHRSA", privateKey, signCert));
    signer.addCertificates(certs);
    MimeMultipart signedMimeMultipart = signer.generate(finalMessage);
    finalMessage = new MimeBodyPart();
    finalMessage.setContent(signedMimeMultipart);
    finalMessage.setHeader("Content-Type", signedMimeMultipart.getContentType());

    //加密
    // 加载partner的数字证书
    X509Certificate cert = getCertificate(keyStore, "partnera");
    // 创建加密器
    SMIMEEnvelopedGenerator encryptor = new SMIMEEnvelopedGenerator();
    encryptor.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider("BC"));
    encryptor.setContentTransferEncoding("base64");
    //3DES加密
    JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder =
            new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(SMIMEEnvelopedGenerator.DES_EDE3_CBC)).setProvider("BC");
    jceCMSContentEncryptorBuilder.setSecureRandom(new SecureRandom());
    // 进行加密
    MimeBodyPart encryptedPart = encryptor.generate(finalMessage, jceCMSContentEncryptorBuilder.build());

    //准备头字段
    InternetHeaders ih = new InternetHeaders();
    ih.addHeader("Connection", "close, TE");
    ih.addHeader("Message-ID", UUID.randomUUID().toString());
    ih.addHeader("Mime-Version", "1.0");
    ih.addHeader("Content-Type", encryptedPart.getContentType());
    ih.addHeader("AS2-To", "PartnerA_OID");
    ih.addHeader("AS2-From", "MyCompany_OID");
    ih.addHeader("Subject", "Subject: File a.xml sent from MyCompany to PartnerA");
    ih.addHeader("Disposition-Notification-To", "edi@myCompany.com");
    ih.addHeader("Content-Disposition", "attachment");

    String url = "http://localhost:10080";
    execRequest("POST", url, ih.getAllHeaders(), null, encryptedPart.getInputStream());
}

private static X509Certificate getCertificate(KeyStore keyStore,
                                              String alias) throws Exception {
    Certificate certificate = keyStore.getCertificate(alias);
    return (X509Certificate) certificate;
}

AS2协议详解(三)[通俗易懂]

发送http请求的代码

public static void execRequest(String method, String url, Enumeration<Header> headers, NameValuePair[] params, InputStream inputStream) throws Exception {
    HttpClientBuilder httpBuilder = HttpClientBuilder.create();
    URL urlObj = new URL(url);
    /*
     * httpClient is used for this request only,
     * set a connection manager that manages just one connection.
     */
    if (urlObj.getProtocol().equalsIgnoreCase("https")) {
        /*
         * Note: registration of a custom SSLSocketFactory via httpBuilder.setSSLSocketFactory is ignored when a connection manager is set.
         * The custom SSLSocketFactory needs to be registered together with the connection manager.
         */
        SSLConnectionSocketFactory sslCsf = buildSslFactory();
        httpBuilder.setConnectionManager(new BasicHttpClientConnectionManager(RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslCsf).build()));
    } else {
        httpBuilder.setConnectionManager(new BasicHttpClientConnectionManager());
    }
    RequestBuilder rb = getRequestBuilder(method, urlObj, params, headers);

    if (inputStream != null) {
        InputStreamEntity ise = new InputStreamEntity(inputStream);
        rb.setEntity(ise);
    }
    final HttpUriRequest request = rb.build();

    try (CloseableHttpClient httpClient = httpBuilder.build()) {
        try (CloseableHttpResponse response = httpClient.execute(request)) {
            HttpEntity entity = response.getEntity();
            String result = EntityUtils.toString(entity);
            System.out.println(result);
        }
    }
}

private static SSLConnectionSocketFactory buildSslFactory() throws Exception {
    boolean overrideSslChecks = true;
    SSLContext sslcontext;
    sslcontext = SSLContexts.createSystemDefault();
    // String [] protocols = Properties.getProperty(HTTP_PROP_SSL_PROTOCOLS,
    // "TLSv1").split("\\s*,\\s*");
    HostnameVerifier hnv = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
    if (overrideSslChecks) {
        hnv = new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };
    }
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, null, null, hnv);
    return sslsf;
}

private static RequestBuilder getRequestBuilder(String method, URL urlObj, NameValuePair[] params, Enumeration<Header> headers) throws URISyntaxException {
    RequestBuilder req = null;
    if (method == null || method.equalsIgnoreCase(Method.GET)) {
        //default get
        req = RequestBuilder.get();
    } else if (method.equalsIgnoreCase(Method.POST)) {
        req = RequestBuilder.post();
    } else if (method.equalsIgnoreCase(Method.HEAD)) {
        req = RequestBuilder.head();
    } else if (method.equalsIgnoreCase(Method.PUT)) {
        req = RequestBuilder.put();
    } else if (method.equalsIgnoreCase(Method.DELETE)) {
        req = RequestBuilder.delete();
    } else if (method.equalsIgnoreCase(Method.TRACE)) {
        req = RequestBuilder.trace();
    } else {
        throw new IllegalArgumentException("Illegal HTTP Method: " + method);
    }
    req.setUri(urlObj.toURI());
    if (params != null && params.length > 0) {
        req.addParameters(params);
    }
    if (headers != null) {
        while (headers.hasMoreElements()) {
            Header header = headers.nextElement();
            String headerValue = header.getValue();
            req.setHeader(header.getName(), headerValue);
        }
    }
    return req;
}

public abstract static class Method {
    public static final String GET = "GET";
    public static final String HEAD = "HEAD";
    public static final String POST = "POST";
    public static final String PUT = "PUT";
    public static final String DELETE = "DELETE";
    public static final String TRACE = "TRACE";
    public static final String CONNECT = "CONNECT";
}

AS2协议详解(三)[通俗易懂]

代码讲解

来看这段代码,这段代码是加载证书库,方法上篇给出了,类型是PKCS12,BC是什么鬼?BC是证书提供者,如果是自己生成的证书,提供者是SUN,就不需要传了,我们这个证书是BC提供的所以需要传。

KeyStore keyStore = getKeyStore(fis, password, "PKCS12", "BC");

AS2协议详解(三)[通俗易懂]

生成mime消息体,放入待发送文件那段代码很简单,就是获取待发送文件的输入流然后生成mime消息体,没啥好讲的,加载证书库获取私钥的代码前篇都讲过了,也很简单。

接下来是签名和加密,都是固定写法,唯一有改动的可能是签名的算法是SHA1还是SHA2,加密算法是3DES还是AES,需要告知接收方。这边需要注意的是签名是使用自己的私钥,对方用我们的公钥进行验签,加密是使用对方的公钥,对方用自己的私钥进行解密。

接下去就是准备头字段,填写自己的partnerId和对方的partnerId就行了

其实有现成的代码,集成AS2不难,如果是自己去找协议去实现,难度就相当大了。

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
转载请注明出处: https://daima100.com/11955.html

(0)

相关推荐

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注