oscerd opened a new pull request, #24115: URL: https://github.com/apache/camel/pull/24115
Fixes [CAMEL-23764](https://issues.apache.org/jira/browse/CAMEL-23764). ## Problem The AS2 server consumer delivered the payload of an inbound `multipart/signed` message **without verifying its signature** when no `validateSigningCertificateChain` was configured (the default). Signature validation only ran when a chain was set; otherwise the signed payload was delivered as-is, with no indication that it was unverified. ## Change Adds an opt-in `signatureVerificationRequired` option to the AS2 server consumer (`@UriParam(label = "security")`, default `false`): - **`false` (default)** — behaviour is unchanged and backward compatible, except a **warning is now logged** when a signed message is delivered without a configured validation chain, so the unverified delivery is visible. - **`true`** — a signed message that cannot be verified (because no `validateSigningCertificateChain` is configured) is **rejected** with an `insufficient-message-security` error instead of being delivered unverified. The option has no effect when `validateSigningCertificateChain` is set (signatures are always validated then) or for unsigned messages (nothing to verify). The decision is isolated to the consumer payload-extraction path via a shared `verifySignedEntity(...)` helper in `HttpMessageUtils`; `MicUtils`/MDN generation is unaffected (it navigates signed structures directly and never reaches this path for signed messages). ## Implementation - `HttpMessageUtils` — shared `verifySignedEntity(...)` helper replacing the three identical inline signature gates (top-level, enveloped, compressed signed); new `signatureVerificationRequired` flag on `DecrpytingAndSigningInfo` (2-arg constructor retained, defaults `false`). - `AS2Configuration` / `AS2Endpoint` — new option + accessors. - `AS2Consumer` — threads the endpoint flag into payload extraction. ## Tests - New `AS2ServerSecSignatureRequiredIT` — verifies signed messages (`SIGNED`, `COMPRESSED_SIGNED`, `SIGNED_COMPRESSED`) are rejected when the flag is set with no chain, and that unsigned messages are unaffected. - All existing camel-as2 tests pass (api 94, component 111). The default-preserves-delivery behaviour is guarded by the existing `AS2ServerSecUnsignedUnencryptedIT`. - Full reactor build (`mvn clean install -DskipTests`, 1917 modules) is green with no regen drift. ## Compatibility / backport Default behaviour is unchanged (non-breaking), so this is suitable for backport to `camel-4.18.x` and `camel-4.14.x` (per the Jira `fixVersions`). An upgrade-guide note will accompany the backports. --- _Claude Code on behalf of Andrea Cosentino_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
