[jira] [Commented] (CAMEL-18017) camel-as2 - Signed content in MDN gets corrupted and is not possible to validate

Claus Ibsen (Jira) Sun, 07 Apr 2024 09:40:03 -0700


    [ 
https://issues.apache.org/jira/browse/CAMEL-18017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834699#comment-17834699
 ]


Claus Ibsen commented on CAMEL-18017:
-------------------------------------

[~jono] do you think we can backport your patch to 4.4.x branch as well ?

> camel-as2 - Signed content in MDN gets corrupted and is not possible to 
> validate
> --------------------------------------------------------------------------------
>
>                 Key: CAMEL-18017
>                 URL: https://issues.apache.org/jira/browse/CAMEL-18017
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-as2
>    Affects Versions: 3.16.0
>            Reporter: Ted Lundqvist
>            Assignee: Jono Morris
>            Priority: Minor
>             Fix For: 4.6.0
>
>
> When the http response with an MDN is received it is parsed to a 
> MultipartSignedEntity-object. 
> When the object is serialized back to an outputstream using the method 
> AS2MessageDispositionNotificationEntity#writeTo the string is not guaranteed 
> to be identical to the the string received in the original http-response.
> This makes it impossible to calculate an correct message-digest and the 
> method MultipartSignedEntity#isValid returns false because the following 
> exception is thrown:
> "org.bouncycastle.cms.CMSSignerDigestMismatchException: message-digest 
> attribute value does not match calculated value"
> when calling: 
> signer.verify(new 
> JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)
> I tried to use the AS2-client to send messeages to both IBM Datapower and 
> ArcESB and it was not possible to validate the MDN from neither of them.
> A few examples of differences between the actual received string and the 
> reconstructed string are (see the full examples further down):
>  # The order of the fields in the disposition-notification was in the wrong 
> order:
> In the original string they where ordered as follows:
> Reporting-UA
> Original-Recipient
> Final-Recipient
> Original-Message-ID
> Disposition
> Received-content-MIC
> But in the reconstructed string the field Original-Recipient had been moved 
> down and was placed before Received-content-MIC.
>  # Received-content-MIC returned from both Datapower and ArcESB had a space 
> between the comma-sign and the algorithmId.
> In the reconstructed string the space-character was removed.
> According to the example in RFC4130 
> ([https://datatracker.ietf.org/doc/html/rfc4130)] is seems as if it should be 
> ok to have a space-character.
>  # In the MDN from ArcESB the field Received-content-MIC the word content was 
> written with a capital 'C' i.e. Received-Content-MIC.
> I'm not sure if that is valid according to the standard or not.
> The actual string received in the http-response:
> {code:java}
> Content-Type: multipart/report; report-type=disposition-notification; 
> boundary=8e7e662d-3449-4777-96dc-7a6ba5ddbfb3
> --8e7e662d-3449-4777-96dc-7a6ba5ddbfb3
> Content-Type: text/plain; charset=us-asciiThis MDN response message is 
> for:Original-Message-ID: <52vncg5lq4.1sqyji9ko4...@camel.apache.org>
> From: AMFAutoTest_AS2--8e7e662d-3449-4777-96dc-7a6ba5ddbfb3
> Content-Type: message/disposition-notificationReporting-UA: DataPower
> Original-Recipient: rfc822; "TEST"
> Final-Recipient: rfc822; "TEST"
> Original-Message-ID: <52vncg5lq4.1sqyji9ko4...@camel.apache.org>
> Disposition: automatic-action/MDN-sent-automatically; processed
> Received-content-MIC: 
> vUE91/gKwRCPdosfVE3H/VQNy1xHgZ+YWoVgcM5mVBya/ggZb7KxjozNUk7ewsrHOxoI9BDY2uURCcxpKU9dYA==,
>  sha-512
> --8e7e662d-3449-4777-96dc-7a6ba5ddbfb3-- {code}
> The String reconstructed from the MultipartSignedEntity:
> {code:java}
> Content-Type: multipart/report; report-type=disposition-notification; 
> boundary=8e7e662d-3449-4777-96dc-7a6ba5ddbfb3
> --8e7e662d-3449-4777-96dc-7a6ba5ddbfb3
> Content-Type: text/plain; charset=us-asciiThis MDN response message is 
> for:Original-Message-ID: <52vncg5lq4.1sqyji9ko4...@camel.apache.org>
> From: AMFAutoTest_AS2--8e7e662d-3449-4777-96dc-7a6ba5ddbfb3
> Content-Type: message/disposition-notificationReporting-UA: DataPower
> Final-Recipient: rfc822;"TEST"
> Original-Message-ID: <52vncg5lq4.1sqyji9ko4...@camel.apache.org>
> Disposition: automatic-action/MDN-sent-automatically;processed
> Original-Recipient: rfc822; "TEST"
> Received-content-MIC: 
> vUE91/gKwRCPdosfVE3H/VQNy1xHgZ+YWoVgcM5mVBya/ggZb7KxjozNUk7ewsrHOxoI9BDY2uURCcxpKU9dYA==,sha-512
> --8e7e662d-3449-4777-96dc-7a6ba5ddbfb3-- {code}
> In order to always being able to calculate a correct digest the original 
> string that was signed should be preserved as is.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CAMEL-18017) camel-as2 - Signed content in MDN gets corrupted and is not possible to validate

Reply via email to