as2 0.3.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3c28a94ec5915cd8930ba91814dea748017f86d0cbe2be94719fa54df5e6774f
-  data.tar.gz: 47239349434164df4c1833561b6942e458f9b919415d221b9ae376b4a28755fe
+  metadata.gz: 0225c8faac2c9bb92938878b8f2f2f919c50589d368fe4480d5ad96541d3e0ca
+  data.tar.gz: 897d1831f060e7ee248e2a0a6031d5b76d47b5f099d3d46ef93a000a78712873
 SHA512:
-  metadata.gz: b7f77c9176b2f279d5a678f72494f746b687432487df3b2c1d338754b89e5942e9af4798360a39528514cb826cc923148ac4a812cc64d65b7f9f4a104eb71b2f
-  data.tar.gz: efdc7d01786e56ad1aabbbd9c373aa9d835bb299c775423df0470e622916efe080a0abc3b7bc6173e39b80223824d3c3bb885b6fe8d6b93405329dcaf9f82fd5
+  metadata.gz: 0c2a13a733a35bf8a284077258a52ed3e1da95d4c70b23053b220ff89050178be6a4478f859aba6c341866295dc1abf501ddae322f83ddcc38a297adea4c6559
+  data.tar.gz: af1bfdcad847e185db4cb1b0be09b2c49e8b6d8d8cf77c2abe8357fcaae1e8f5018688088eb8161e30fcf3c820b5fc6c0c5e3ade286123f2a51087697f105089

data/.github/workflows/test.yml

@@ -0,0 +1,34 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: test suite
+
+on:
+  push:
+    branches: '**'
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ['2.5', '2.6', '2.7', '3.0', '3.1']
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake test

data/.gitignore

@@ -1,3 +1,4 @@
 certs
 .DS_Store
 Gemfile.lock
+pkg

data/CHANGELOG.md

@@ -1,9 +1,34 @@
+## 0.5.1, August 10, 2022
+
+  * Any HTTP 2xx status received from a partner should be considered successful. [#12](https://github.com/andjosh/as2/pull/12)
+
+## 0.5.0, March 21, 2022
+
+  * improvements to `As2::Client`. improve compatibility with non-Mendelson AS2 servers. [#8](https://github.com/andjosh/as2/pull/8)
+  * improve MDN generation, especially when an error occurs. [#9](https://github.com/andjosh/as2/pull/9)
+  * successfully parse unsigned MDNs. [#10](https://github.com/andjosh/as2/pull/10)
+
+## 0.4.0, March 3, 2022
+
+  * client: correct MIC & signature verification when processing MDN response [#7](https://github.com/andjosh/as2/pull/7)
+    * also improves detection of successful & unsuccessful transmissions.
+  * client can transmit content which is not in a local file [#5](https://github.com/andjosh/as2/pull/5)
+    * also enables `As2::Client` and `As2::Server` can be used without reference to
+      the `As2::Config` global configuration.
+    * This allows certificate selection to be determined at runtime, making certificate
+      expiration & changeover much easier to orchestrate.
+
 ## 0.3.0, Dec 22, 2021
 
   * fix MIC calculation. [#1](https://github.com/andjosh/as2/pull/1)
   * allow loading of private key and certificates without local files. [#2](https://github.com/andjosh/as2/pull/2)
   * fix signature verification. [#3](https://github.com/andjosh/as2/pull/3)
 
+### breaking changes
+
+  * removed `As2::Message#original_message`
+  * removed `As2::Server::HEADER_MAP`
+
 ## prior to 0.3.0
 
 Initial work by [@andjosh](https://github.com/andjosh) and [@datanoise](https://github.com/datanoise).

data/Gemfile

@@ -2,3 +2,12 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in as2.gemspec
 gemspec
+
+# from https://github.com/rails/rails/pull/42308/files
+if RUBY_VERSION >= "3.1"
+  # net-smtp, net-imap and net-pop were removed from default gems in Ruby 3.1, but is used by the `mail` gem.
+  # So we need to add them as dependencies until `mail` is fixed: https://github.com/mikel/mail/pull/1439
+  gem "net-smtp", require: false
+  gem "net-imap", require: false
+  gem "net-pop", require: false
+end

data/README.md

@@ -4,6 +4,38 @@ This is a proof of concept implementation of AS2 protocol: http://www.ietf.org/r
 
 Tested with the mendelson AS2 implementation from http://as2.mendelson-e-c.com
 
+## Build Status
+
+[![Test Suite](https://github.com/andjosh/as2/actions/workflows/test.yml/badge.svg)](https://github.com/andjosh/as2/actions/workflows/test.yml)
+
+## Known Limitations
+
+These limitations may be removed over time as demand (and pull requests!) come
+along.
+
+  1. RFC defines a number of optional features that partners can pick and choose
+     amongst. We currently have hard-coded options for many of these. Our current
+     choices are likely the most common ones in use, but we do not offer all the
+     configuration options needed for a fully-compliant implementation. https://datatracker.ietf.org/doc/html/rfc4130#section-2.4.2
+     1. Encrypted or Unencrypted Data: We assume all messages are encrypted. An
+       error will result if partner sends us an unencrypted message.
+     2. Signed or Unsigned Data: We error if partner sends an unsigned message.
+       Partners can request unsigned MDNs, but we always send signed MDNs.
+     3. Optional Use of Receipt: We always send a receipt.
+     4. Use of Synchronous or Asynchronous Receipts: We do not support asynchronous
+       delivery of MDNs.
+     5. Security Formatting: We should be reasonably compliant here.
+     6. Hash Function, Message Digest Choices: We currently always use sha256. If a
+       partner asks for a different algorithm, we'll always use sha256 and partner
+       will see a MIC verification failure. AS2 RFC specifically prefers sha1 and
+       mentions md5. Mendelson AS2 server supports a number of other algorithms.
+       (sha256, sha512, etc)
+  2. Payload bodies can have a few different mime types. We expect a type that
+     matches `application/EDI-*`. We're unable to receive content that has any other
+     mime type. https://datatracker.ietf.org/doc/html/rfc1767#section-1
+  3. AS2 partners may agree to use separate certificates for data encryption and data signing.
+     We do not support separate certificates for these purposes.
+
 ## Installation
 
 Add this line to your application's Gemfile:

data/as2.gemspec

@@ -6,12 +6,12 @@ require 'as2/version'
 Gem::Specification.new do |spec|
   spec.name          = "as2"
   spec.version       = As2::VERSION
-  spec.authors       = ["OfficeLuv", "Transfix"]
-  spec.email         = ["development@officeluv.com", "alexdean@transfix.io"]
+  spec.authors       = ["OfficeLuv", "Alex Dean"]
+  spec.email         = ["development@officeluv.com", "github@mostlyalex.com"]
 
   spec.summary       = %q{Simple AS2 server and client implementation}
   spec.description   = %q{Simple AS2 server and client implementation. Follows the AS2 implementation from http://as2.mendelson-e-c.com}
-  spec.homepage      = "https://github.com/officeluv/as2"
+  spec.homepage      = "https://github.com/andjosh/as2"
   spec.license       = "MIT"
 
   # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
@@ -34,4 +34,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake", ">= 10.0"
   spec.add_development_dependency "thin"
   spec.add_development_dependency "minitest"
+  spec.add_development_dependency "minitest-focus"
+  spec.add_development_dependency "webmock"
+  spec.add_development_dependency "pry"
 end

data/lib/as2/client/result.rb

@@ -0,0 +1,40 @@
+module As2
+  class Client
+    class Result
+      attr_reader :response, :mic_matched, :mid_matched, :body, :disposition, :signature_verification_error, :exception, :outbound_message_id
+
+      def initialize(response:, mic_matched:, mid_matched:, body:, disposition:, signature_verification_error:, exception:, outbound_message_id:)
+        @response = response
+        @mic_matched = mic_matched
+        @mid_matched = mid_matched
+        @body = body
+        @disposition = disposition
+        @signature_verification_error = signature_verification_error
+        @exception = exception
+        @outbound_message_id = outbound_message_id
+      end
+
+      def signature_verified
+        self.signature_verification_error.nil?
+      end
+
+      # legacy name. accessor for backwards-compatibility.
+      def disp_code
+        self.disposition
+      end
+
+      def success
+        # 'processed' is good (though may include warnings.)
+        # 'processed/error' is not.
+        downcased_disposition = self.disposition.to_s.downcase
+
+        # TODO: we'll never have success if MDN is unsigned.
+        self.signature_verified &&
+        self.mic_matched &&
+        self.mid_matched &&
+        downcased_disposition.include?('processed') &&
+        !downcased_disposition.include?('processed/error')
+      end
+    end
+  end
+end

data/lib/as2/client.rb

@@ -2,96 +2,185 @@ require 'net/http'
 
 module As2
   class Client
-    def initialize(partner_name)
-      @partner = Config.partners[partner_name]
-      unless @partner
-        raise "Partner #{partner_name} is not registered"
+    attr_reader :partner, :server_info
+
+    # @param [As2::Config::Partner,String] partner The partner to send a message to.
+    #   If a string is given, it should be a partner name which has been registered
+    #   via a call to #add_partner.
+    # @param [As2::Config::ServerInfo,nil] server_info The server info used to identify
+    #   this client to the partner. If omitted, the main As2::Config.server_info will be used.
+    def initialize(partner, server_info: nil)
+      if partner.is_a?(As2::Config::Partner)
+        @partner = partner
+      else
+        @partner = Config.partners[partner]
+        unless @partner
+          raise "Partner #{partner} is not registered"
+        end
+      end
+
+      @server_info = server_info || Config.server_info
+    end
+
+    def as2_to
+      @partner.name
+    end
+
+    def as2_from
+      @server_info.name
+    end
+
+    # Send a file to a partner
+    #
+    #   * If the content parameter is omitted, then `file_name` must be a path
+    #     to a local file, whose contents will be sent to the partner.
+    #   * If content parameter is specified, file_name is only used to tell the
+    #     partner the original name of the file.
+    #
+    # @param [String] file_name
+    # @param [String] content
+    # @param [String] content_type This is the MIME Content-Type describing the `content` param,
+    #   and will be included in the SMIME payload. It is not the HTTP Content-Type.
+    # @return [As2::Client::Result]
+    def send_file(file_name, content: nil, content_type: 'application/EDI-Consent')
+      outbound_mic_algorithm = 'sha256'
+      outbound_message_id = As2.generate_message_id(@server_info)
+
+      req = Net::HTTP::Post.new @partner.url.path
+      req['AS2-Version'] = '1.0' # 1.1 includes compression support, which we dont implement.
+      req['AS2-From'] = as2_from
+      req['AS2-To'] = as2_to
+      req['Subject'] = 'AS2 Transaction'
+      req['Content-Type'] = 'application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m'
+      req['Date'] = Time.now.rfc2822
+      req['Disposition-Notification-To'] = @server_info.url.to_s
+      req['Disposition-Notification-Options'] = "signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, #{outbound_mic_algorithm}"
+      req['Content-Disposition'] = 'attachment; filename="smime.p7m"'
+      req['Recipient-Address'] = @partner.url.to_s
+      req['Message-ID'] = outbound_message_id
+
+      document_content = content || File.read(file_name)
+
+      document_payload =  "Content-Type: #{content_type}\r\n"
+      document_payload << "Content-Transfer-Encoding: base64\r\n"
+      document_payload << "Content-Disposition: attachment; filename=#{file_name}\r\n"
+      document_payload << "\r\n"
+      document_payload << Base64.strict_encode64(document_content)
+
+      signature = OpenSSL::PKCS7.sign @server_info.certificate, @server_info.pkey, document_payload
+      signature.detached = true
+      container = OpenSSL::PKCS7.write_smime signature, document_payload
+      cipher = OpenSSL::Cipher::AES256.new(:CBC) # default, but we might have to make this configurable
+      encrypted = OpenSSL::PKCS7.encrypt [@partner.certificate], container, cipher
+
+      # > HTTP can handle binary data and so there is no need to use the
+      # > content transfer encodings of MIME
+      #
+      # https://datatracker.ietf.org/doc/html/rfc4130#section-5.2.1
+      req.body = encrypted.to_der
+
+      resp = nil
+      exception = nil
+      mdn_report = {}
+
+      begin
+        # note: to pass this traffic through a debugging proxy (like Charles)
+        # set ENV['http_proxy'].
+        http = Net::HTTP.new(@partner.url.host, @partner.url.port)
+        http.use_ssl = @partner.url.scheme == 'https'
+        # http.set_debug_output $stderr
+        # http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+        http.start do
+          resp = http.request(req)
+        end
+
+        if resp && resp.code.start_with?('2')
+          mdn_report = evaluate_mdn(
+                         mdn_content_type: resp['Content-Type'],
+                         mdn_body: resp.body,
+                         original_message_id: req['Message-ID'],
+                         original_body: document_payload
+                       )
+        end
+      rescue => e
+        exception = e
       end
-      @info = Config.server_info
+
+      Result.new(
+        response: resp,
+        mic_matched: mdn_report[:mic_matched],
+        mid_matched: mdn_report[:mid_matched],
+        body: mdn_report[:plain_text_body],
+        disposition: mdn_report[:disposition],
+        signature_verification_error: mdn_report[:signature_verification_error],
+        exception: exception,
+        outbound_message_id: outbound_message_id
+      )
     end
 
-    Result = Struct.new :success, :response, :mic_matched, :mid_matched, :body, :disp_code
-
-    def send_file(file_name)
-      http = Net::HTTP.new(@partner.url.host, @partner.url.port)
-      http.use_ssl = @partner.url.scheme == 'https'
-      # http.set_debug_output $stderr
-      http.start do
-        req = Net::HTTP::Post.new @partner.url.path
-        req['AS2-Version'] = '1.2'
-        req['AS2-From'] = @info.name
-        req['AS2-To'] = @partner.name
-        req['Subject'] = 'AS2 EDI Transaction'
-        req['Content-Type'] = 'application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m'
-        req['Disposition-Notification-To'] = @info.url.to_s
-        req['Disposition-Notification-Options'] = 'signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, sha1'
-        req['Content-Disposition'] = 'attachment; filename="smime.p7m"'
-        req['Recipient-Address'] = @info.url.to_s
-        req['Content-Transfer-Encoding'] = 'base64'
-        req['Message-ID'] = "<#{@info.name}-#{Time.now.strftime('%Y%m%d%H%M%S')}@#{@info.url.host}>"
-
-        body = StringIO.new
-        body.puts "Content-Type: application/EDI-Consent"
-        body.puts "Content-Transfer-Encoding: base64"
-        body.puts "Content-Disposition: attachment; filename=#{file_name}"
-        body.puts
-        body.puts [File.read(file_name)].pack("m*")
-
-        mic = OpenSSL::Digest::SHA1.base64digest(body.string.gsub(/\n/, "\r\n"))
-
-        pkcs7 = OpenSSL::PKCS7.sign @info.certificate, @info.pkey, body.string
-        pkcs7.detached = true
-        smime_signed = OpenSSL::PKCS7.write_smime pkcs7, body.string
-        pkcs7 = OpenSSL::PKCS7.encrypt [@partner.certificate], smime_signed
-        smime_encrypted = OpenSSL::PKCS7.write_smime pkcs7
-
-        req.body = smime_encrypted.sub(/^.+?\n\n/m, '')
-
-        resp = http.request(req)
-
-        success = resp.code == '200'
-        mic_matched = false
-        mid_matched = false
-        disp_code = nil
-        body = nil
-        if success
-          body = resp.body
-
-          smime = OpenSSL::PKCS7.read_smime "Content-Type: #{resp['Content-Type']}\r\n#{body}"
-          smime.verify [@partner.certificate], Config.store
-
-          mail = Mail.new smime.data
-          mail.parts.each do |part|
-            case part.content_type
-            when 'text/plain'
-              body = part.body
-            when 'message/disposition-notification'
-              options = {}
-              part.body.to_s.lines.each do |line|
-                if line =~ /^([^:]+): (.+)$/
-                  options[$1] = $2
-                end
-              end
-
-              if req['Message-ID'] == options['Original-Message-ID']
-                mid_matched = true
-              else
-                success = false
-              end
-
-              if options['Received-Content-MIC'].start_with?(mic)
-                mic_matched = true
-              else
-                success = false
-              end
-
-              disp_code = options['Disposition']
-              success = disp_code.end_with?('processed')
+    def evaluate_mdn(mdn_body:, mdn_content_type:, original_message_id:, original_body:)
+      report = {
+        signature_verification_error: :not_checked,
+        mic_matched: nil,
+        mid_matched: nil,
+        disposition: nil,
+        plain_text_body: nil
+      }
+
+      # MDN bodies we've seen so far don't include Content-Type, which causes `read_smime` to fail.
+      response_content = "Content-Type: #{mdn_content_type.to_s.strip}\r\n\r\n#{mdn_body}"
+
+      if mdn_content_type.start_with?('multipart/signed')
+        smime = OpenSSL::PKCS7.read_smime(response_content)
+
+        # create mail instance before #verify call.
+        # `smime.data` is emptied if verification fails, which means we wouldn't know disposition & other details.
+        mail = Mail.new(smime.data)
+
+        # based on As2::Message version
+        # TODO: test cases based on valid/invalid responses. (response signed with wrong certificate, etc.)
+        smime.verify [@partner.certificate], OpenSSL::X509::Store.new, nil, OpenSSL::PKCS7::NOVERIFY | OpenSSL::PKCS7::NOINTERN
+        report[:signature_verification_error] = smime.error_string
+      else
+        # MDN may be unsigned if an error occurred, like if we sent an unrecognized As2-From header.
+        mail = Mail.new(response_content)
+      end
+
+      mail.parts.each do |part|
+        if part.content_type.start_with?('text/plain')
+          report[:plain_text_body] = part.body.to_s.strip
+        elsif part.content_type.start_with?('message/disposition-notification')
+          # "The rules for constructing the AS2-disposition-notification content..."
+          # https://datatracker.ietf.org/doc/html/rfc4130#section-7.4.3
+
+          options = {}
+          # TODO: can we use Mail built-ins for this?
+          part.body.to_s.lines.each do |line|
+            if line =~ /^([^:]+): (.+)$/
+              # downcase because we've seen both 'Disposition' and 'disposition'
+              options[$1.to_s.downcase] = $2
             end
           end
+
+          report[:disposition] = options['disposition']
+          report[:mid_matched] = original_message_id == options['original-message-id']
+
+          if options['received-content-mic']
+            # do mic calc using the algorithm specified by server.
+            # (even if we specify sha1, server may send back MIC using a different algo.)
+            received_mic, micalg = options['received-content-mic'].split(',').map(&:strip)
+
+            # if they don't specify, we'll use the algorithm we specified in the outbound transmission.
+            # but it's only a guess & may fail.
+            micalg ||= outbound_mic_algorithm
+
+            mic = As2::DigestSelector.for_code(micalg).base64digest(original_body)
+            report[:mic_matched] = received_mic == mic
+          end
         end
-        Result.new success, resp, mic_matched, mid_matched, body, disp_code
       end
+      report
     end
   end
 end

data/lib/as2/config.rb

@@ -97,6 +97,11 @@ module As2
       def store
         @store ||= OpenSSL::X509::Store.new
       end
+
+      def reset!
+        @partners = {}
+        @store = OpenSSL::X509::Store.new
+      end
     end
   end
 end

data/lib/as2/digest_selector.rb

@@ -0,0 +1,24 @@
+require 'openssl'
+
+module As2
+  class DigestSelector
+    @map = {
+      'sha1' => OpenSSL::Digest::SHA1,
+      'sha256' => OpenSSL::Digest::SHA256,
+      'sha384' => OpenSSL::Digest::SHA384,
+      'sha512' => OpenSSL::Digest::SHA512,
+      'md5' => OpenSSL::Digest::MD5
+    }
+
+    def self.valid_codes
+      @map.keys
+    end
+
+    def self.for_code(code)
+      # we may receive 'sha256', 'sha-256', or 'SHA256'.
+      normalized = code.strip.downcase.gsub(/[^a-z0-9]/, '')
+
+      @map[normalized] || OpenSSL::Digest::SHA1
+    end
+  end
+end

data/lib/as2/message.rb

@@ -29,7 +29,10 @@ module As2
         # https://datatracker.ietf.org/doc/html/rfc3851#section-3.4.3.1
 
         # TODO: more robust detection of content vs signature (if they're ever out of order).
-        content = mail.parts[0].raw_source.strip
+        content = mail.parts[0].raw_source
+        # remove any leading \r\n characters (between headers & body i think).
+        content = content.gsub(/\A\s+/, '')
+
         signature = OpenSSL::PKCS7.new(mail.parts[1].body.to_s)
 
         # using an empty CA store. see notes on NOVERIFY flag below.
@@ -77,13 +80,20 @@ module As2
     end
 
     def mic
-      OpenSSL::Digest::SHA1.base64digest(attachment.raw_source.strip)
+      digest = As2::DigestSelector.for_code(mic_algorithm)
+      digest.base64digest(attachment.raw_source.strip)
+    end
+
+    def mic_algorithm
+      'sha256'
     end
 
     # Return the attached file, use .filename and .body on the return value
     def attachment
       if mail.has_attachments?
-        mail.attachments.find{|a| a.content_type == "application/edi-consent"}
+        # TODO: match 'application/edi*', test with 'application/edi-x12'
+        # test also with "application/edi-consent; name=this_is_a_filename.txt"
+        mail.parts.find{ |a| a.content_type.match(/^application\/edi/) }
       else
         mail
       end

data/lib/as2/mime_generator.rb

@@ -5,6 +5,7 @@ module As2
         @parts = []
         @body = ""
         @headers = {}
+        @id = nil
       end
 
       def [](name)

data/lib/as2/server.rb

@@ -8,28 +8,36 @@ module As2
   class Server
     attr_accessor :logger
 
-    def initialize(options = {}, &block)
+    # @param [As2::Config::ServerInfo] server_info Config used for naming of this
+    #   server and key/certificate selection. If omitted, the main As2::Config.server_info is used.
+    # @param [As2::Config::Partner] partner Which partner to receive messages from.
+    #   If omitted, the partner is determined by incoming HTTP headers.
+    # @param [Proc] on_signature_failure A proc which will be called if signature verification fails.
+    # @param [Proc] block A proc which will be called with file_name and file content.
+    def initialize(server_info: nil, partner: nil, on_signature_failure: nil, &block)
       @block = block
-      @info = Config.server_info
-      @options = options
+      @server_info = server_info || Config.server_info
+      @partner = partner
+      @signature_failure_handler = on_signature_failure
     end
 
     def call(env)
-      if env['HTTP_AS2_TO'] != @info.name
+      if env['HTTP_AS2_TO'] != @server_info.name
         return send_error(env, "Invalid destination name #{env['HTTP_AS2_TO']}")
       end
 
-      partner = Config.partners[env['HTTP_AS2_FROM']]
-      unless partner
+      partner = @partner || Config.partners[env['HTTP_AS2_FROM']]
+
+      if !partner || env['HTTP_AS2_FROM'] != partner.name
         return send_error(env, "Invalid partner name #{env['HTTP_AS2_FROM']}")
       end
 
       request = Rack::Request.new(env)
-      message = Message.new(request.body.read, @info.pkey, @info.certificate)
+      message = Message.new(request.body.read, @server_info.pkey, @server_info.certificate)
 
       unless message.valid_signature?(partner.certificate)
-        if @options[:on_signature_failure]
-          @options[:on_signature_failure].call({
+        if @signature_failure_handler
+          @signature_failure_handler.call({
             env: env,
             smime_string: message.decrypted_message,
             verification_error: message.verification_error
@@ -47,48 +55,41 @@ module As2
         end
       end
 
-      send_mdn(env, message.mic)
+      send_mdn(env, message.mic, message.mic_algorithm)
     end
 
-    private
-
-    def logger(env)
-      @logger ||= Logger.new env['rack.errors']
-    end
+    def send_mdn(env, mic, mic_algorithm, failed = nil)
+      # rules for MDN construction are covered in
+      # https://datatracker.ietf.org/doc/html/rfc4130#section-7.4.2
 
-    def send_error(env, msg)
-      logger(env).error msg
-      send_mdn env, nil, msg
-    end
+      options = {
+        'Reporting-UA' => @server_info.name,
+        'Original-Recipient' => "rfc822; #{@server_info.name}",
+        'Final-Recipient' => "rfc822; #{@server_info.name}",
+        'Original-Message-ID' => env['HTTP_MESSAGE_ID']
+      }
+      if failed
+        options['Disposition'] = 'automatic-action/MDN-sent-automatically; failed'
+        options['Failure'] = failed
+        text_body = "There was an error with the AS2 transmission.\r\n\r\n#{failed}"
+      else
+        options['Disposition'] = 'automatic-action/MDN-sent-automatically; processed'
+        text_body = "The AS2 message has been received successfully"
+      end
+      options['Received-Content-MIC'] = "#{mic}, #{mic_algorithm}" if mic
 
-    def send_mdn(env, mic, failed = nil)
       report = MimeGenerator::Part.new
       report['Content-Type'] = 'multipart/report; report-type=disposition-notification'
 
       text = MimeGenerator::Part.new
       text['Content-Type'] = 'text/plain'
       text['Content-Transfer-Encoding'] = '7bit'
-      text.body = "The AS2 message has been received successfully"
-
+      text.body = text_body
       report.add_part text
 
       notification = MimeGenerator::Part.new
       notification['Content-Type'] = 'message/disposition-notification'
       notification['Content-Transfer-Encoding'] = '7bit'
-
-      options = {
-        'Reporting-UA' => @info.name,
-        'Original-Recipient' => "rfc822; #{@info.name}",
-        'Final-Recipient' => "rfc822; #{@info.name}",
-        'Original-Message-ID' => env['HTTP_MESSAGE_ID']
-      }
-      if failed
-        options['Disposition'] = 'automatic-action/MDN-sent-automatically; failed'
-        options['Failure'] = failed
-      else
-        options['Disposition'] = 'automatic-action/MDN-sent-automatically; processed'
-      end
-      options['Received-Content-MIC'] = "#{mic}, sha1" if mic
       notification.body = options.map{|n, v| "#{n}: #{v}"}.join("\r\n")
       report.add_part notification
 
@@ -96,23 +97,35 @@ module As2
 
       report.write msg_out
 
-      pkcs7 = OpenSSL::PKCS7.sign @info.certificate, @info.pkey, msg_out.string
+      pkcs7 = OpenSSL::PKCS7.sign @server_info.certificate, @server_info.pkey, msg_out.string
       pkcs7.detached = true
       smime_signed = OpenSSL::PKCS7.write_smime pkcs7, msg_out.string
 
       content_type = smime_signed[/^Content-Type: (.+?)$/m, 1]
-      smime_signed.sub!(/\A.+?^(?=---)/m, '')
+      # smime_signed.sub!(/\A.+?^(?=---)/m, '')
 
       headers = {}
       headers['Content-Type'] = content_type
+      # TODO: if MIME-Version header is actually needed, should extract it out of smime_signed.
       headers['MIME-Version'] = '1.0'
-      headers['Message-ID'] = "<#{@info.name}-#{Time.now.strftime('%Y%m%d%H%M%S')}@#{@info.domain}>"
-      headers['AS2-From'] = @info.name
+      headers['Message-ID'] = As2.generate_message_id(@server_info)
+      headers['AS2-From'] = @server_info.name
       headers['AS2-To'] = env['HTTP_AS2_FROM']
-      headers['AS2-Version'] = '1.2'
+      headers['AS2-Version'] = '1.0'
       headers['Connection'] = 'close'
 
       [200, headers, ["\r\n" + smime_signed]]
     end
+
+    private
+
+    def logger(env)
+      @logger ||= Logger.new env['rack.errors']
+    end
+
+    def send_error(env, msg)
+      logger(env).error msg
+      send_mdn env, nil, 'sha1', msg
+    end
   end
 end

data/lib/as2/version.rb

@@ -1,3 +1,3 @@
 module As2
-  VERSION = "0.3.0"
+  VERSION = "0.5.1"
 end

data/lib/as2.rb

@@ -1,12 +1,23 @@
 require 'openssl'
 require 'mail'
+require 'securerandom'
 require 'as2/config'
 require 'as2/server'
 require 'as2/client'
+require 'as2/client/result'
+require 'as2/digest_selector'
 require "as2/version"
 
 module As2
   def self.configure(&block)
     Config.configure(&block)
   end
+
+  def self.reset_config!
+    Config.reset!
+  end
+
+  def self.generate_message_id(server_info)
+    "<#{server_info.name}-#{Time.now.strftime('%Y%m%d-%H%M%S')}-#{SecureRandom.uuid}@#{server_info.domain}>"
+  end
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: as2
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.1
 platform: ruby
 authors:
 - OfficeLuv
-- Transfix
+- Alex Dean
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-22 00:00:00.000000000 Z
+date: 2022-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail
@@ -95,15 +95,58 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-focus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Simple AS2 server and client implementation. Follows the AS2 implementation
   from http://as2.mendelson-e-c.com
 email:
 - development@officeluv.com
-- alexdean@transfix.io
+- github@mostlyalex.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/test.yml"
 - ".gitignore"
 - CHANGELOG.md
 - Gemfile
@@ -118,12 +161,14 @@ files:
 - lib/as2.rb
 - lib/as2/base64_helper.rb
 - lib/as2/client.rb
+- lib/as2/client/result.rb
 - lib/as2/config.rb
+- lib/as2/digest_selector.rb
 - lib/as2/message.rb
 - lib/as2/mime_generator.rb
 - lib/as2/server.rb
 - lib/as2/version.rb
-homepage: https://github.com/officeluv/as2
+homepage: https://github.com/andjosh/as2
 licenses:
 - MIT
 metadata: