as2 0.5.2 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2cc88a7c3befd19715a142f886fcac0429911b1b2c6d4df8e5c6f6797c6469c2
-  data.tar.gz: ba6943a989242be148d7e39c896f61747b8455888883b60ff179d6bf53e25309
+  metadata.gz: 78765b4a0fba8aaa7e3531ee9e3841a0774d72b6a1d09b18a69b53117cf26e22
+  data.tar.gz: c020c365f57a2dd428501b453bb349483bc98baf6db263dab7dfdfbab33b70a6
 SHA512:
-  metadata.gz: 14dc1ecb69d8678db913d9ee2425ae35f3e2e1b9a927a3a573e36e9a704dd4a7ab994d7c98182bf0053f40520040f0001fbc8b1390c82ebd57aa7e5c3495e99c
-  data.tar.gz: e43327ebbeac9bd46a2ccc4e3cd13f6354de46a3507fe01b134ecf33feef6643555c63e2ad2310debf8b3a23ec88c985d869087bf4cce29a2c54d8d06cfa753a
+  metadata.gz: 13155476fe9dab95fa56e29ec8dc842c86d4cdba0bf296aec518801d4ff8ef3f963bdb7e20d9e17bbc58bfdf334d9c760ccd712b267f70882b8e7ec79fa9230a
+  data.tar.gz: 1c6806d55b297222c0133e27f53914143ba0b3b35891c8076e93befe9d375534551b492890092432015a793dd88d97d8489ce69635e6ceeb8495f00880c5bd82

data/.gitignore

@@ -2,3 +2,4 @@ certs
 .DS_Store
 Gemfile.lock
 pkg
+tmp/inbox/*

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+## 0.7.0, August 25, 2023
+
+Two improvements in compatibility with IBM Sterling, which could not understand
+our existing message & MDN formats.
+
+These changes are opt-in only, and require a config change to use. See linked PRs for
+details.
+
+  * Improved formatting of MDN messages. [#25](https://github.com/alexdean/as2/pull/25)
+  * Improved formatting of outbound messages. [#28](https://github.com/alexdean/as2/pull/28)
+
+## 0.6.0, April 4, 2023
+
+  * allow verification of signed MDNs which use `Content-Transfer-Encoding: binary`. [#22](https://github.com/alexdean/as2/pull/22)
+  * Improve example server to make it more useful for local testing & development. [#17](https://github.com/alexdean/as2/pull/17)
+  * Support `Content-Tranfer-Encoding: binary`. [#11](https://github.com/alexdean/as2/pull/11)
+  * Server can choose MIC algorithm based on HTTP `Disposition-Notification-Options` header. [#20](https://github.com/alexdean/as2/pull/20)
+
 ## 0.5.1, August 10, 2022
 
   * Any HTTP 2xx status received from a partner should be considered successful. [#12](https://github.com/andjosh/as2/pull/12)

data/README.md

@@ -3,10 +3,11 @@
 This is a proof of concept implementation of AS2 protocol: http://www.ietf.org/rfc/rfc4130.txt.
 
 Tested with the mendelson AS2 implementation from http://as2.mendelson-e-c.com
+and with [OpenAS2](https://github.com/OpenAS2/OpenAs2App).
 
 ## Build Status
 
-[![Test Suite](https://github.com/andjosh/as2/actions/workflows/test.yml/badge.svg)](https://github.com/andjosh/as2/actions/workflows/test.yml)
+[![Test Suite](https://github.com/alexdean/as2/actions/workflows/test.yml/badge.svg)](https://github.com/alexdean/as2/actions/workflows/test.yml)
 
 ## Known Limitations
 
@@ -25,15 +26,10 @@ along.
      4. Use of Synchronous or Asynchronous Receipts: We do not support asynchronous
        delivery of MDNs.
      5. Security Formatting: We should be reasonably compliant here.
-     6. Hash Function, Message Digest Choices: We currently always use sha256. If a
-       partner asks for a different algorithm, we'll always use sha256 and partner
-       will see a MIC verification failure. AS2 RFC specifically prefers sha1 and
-       mentions md5. Mendelson AS2 server supports a number of other algorithms.
-       (sha256, sha512, etc)
-  2. Payload bodies can have a few different mime types. We expect a type that
-     matches `application/EDI-*`. We're unable to receive content that has any other
-     mime type. https://datatracker.ietf.org/doc/html/rfc1767#section-1
-  3. AS2 partners may agree to use separate certificates for data encryption and data signing.
+     6. Hash Function, Message Digest Choices: We currently always use sha256 for
+        signing. Since [#20](https://github.com/alexdean/as2/pull/20) we have supported
+        allowing partners to request which algorithm we use for MIC generation in MDNs.
+  2. AS2 partners may agree to use separate certificates for data encryption and data signing.
      We do not support separate certificates for these purposes.
 
 ## Installation
@@ -78,7 +74,7 @@ You can run a local server with `bundle exec ruby examples/server.rb` and send i
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/as2.
+Bug reports and pull requests are welcome on GitHub at https://github.com/alexdean/as2.
 
 
 ## License

data/as2.gemspec

@@ -32,7 +32,8 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", ">= 1.10"
   spec.add_development_dependency "rake", ">= 10.0"
-  spec.add_development_dependency "thin"
+  spec.add_development_dependency "rackup"
+  spec.add_development_dependency "puma"
   spec.add_development_dependency "minitest"
   spec.add_development_dependency "minitest-focus"
   spec.add_development_dependency "webmock"

data/examples/server.rb

@@ -1,32 +1,104 @@
+# test server receives files & saves them to the local filesystem
+#
+# `bundle exec ruby examples/server.rb`
 require 'as2'
-require 'rack'
+require 'rackup'
+require 'rack/handler/puma'
+require 'pathname'
+require 'fileutils'
+
+this_dir = Pathname.new(File.expand_path('..', __FILE__))
+root_dir = this_dir.join('..')
 
 As2.configure do |conf|
-  conf.name = 'MyServer'
+  conf.name = 'RUBYAS2'
   conf.url = 'http://localhost:3000/as2'
   conf.certificate = 'test/certificates/server.crt'
   conf.pkey = 'test/certificates/server.key'
-  conf.domain = 'mydomain.com'
+  conf.domain = 'localhost'
+
   conf.add_partner do |partner|
-    partner.name = 'MyClient'
+    partner.name = 'MENDELSON'
     partner.url = 'http://localhost:8080/as2/HttpReceiver'
     partner.certificate = 'test/certificates/client.crt'
   end
+
+  conf.add_partner do |partner|
+    partner.name = 'OPENAS2'
+    partner.url = 'http://localhost:4088'
+    partner.certificate = 'test/certificates/client.crt'
+  end
+end
+
+def log(message, transmission_id: nil)
+  puts "#{Time.now.strftime('%F %T')} [#{transmission_id}] #{message}"
 end
 
-handler = As2::Server.new do |filename, body|
-  puts "SUCCESSFUL DOWNLOAD"
-  puts "FILENAME: #{filename}"
-  puts
-  puts body
+# TODO: there are a lot of potential failure cases we're not handling
+# (failed decryption, unsigned message, etc), because this script is intended for
+# local debugging.
+handler = Proc.new do |env|
+  transmission_id = "#{Time.now.strftime('%Y%m%d_%H%M%S_%L')}_#{SecureRandom.hex(6)}"
+  log("start.", transmission_id: transmission_id)
+
+  server_info = As2::Config.server_info
+
+  partner_name = env['HTTP_AS2_FROM']
+  partner = As2::Config.partners[partner_name]
+
+  log("partner:#{partner_name} known_partner?:#{!!partner}", transmission_id: transmission_id)
+  partner_dir = root_dir.join('tmp/inbox/', partner_name)
+  if !File.exist?(partner_dir)
+    FileUtils.mkdir_p(partner_dir)
+  end
+
+  raw_request_body = env['rack.input'].read
+
+  mic_algorithm = As2.choose_mic_algorithm(env['HTTP_DISPOSITION_NOTIFICATION_OPTIONS'])
+  message = As2::Message.new(raw_request_body, server_info.pkey, server_info.certificate,
+              mic_algorithm: mic_algorithm
+            )
+
+  # do this before writing to disk, in case we have to fix content.
+  # @see https://github.com/alexdean/as2/pull/11
+  valid_signature = message.valid_signature?(partner.certificate)
+
+  original_filename = message.attachment.filename
+  extname = File.extname(original_filename)
+  basename = partner_dir.join(File.basename(message.attachment.filename, extname)).to_s
+  encrypted_filename = "#{basename}.pkcs7" # exactly what we got on the wire
+  decrypted_filename = "#{basename}.mime"  # full message, all parts
+  body_filename = "#{basename}#{extname}"  # just the body part, w/o signature
+
+  File.open(encrypted_filename, 'wb') { |f| f.write(raw_request_body) }
+  File.open(decrypted_filename, 'wb') { |f| f.write(message.decrypted_message) }
+  File.open(body_filename, 'wb') { |f| f.write(message.attachment.raw_source) }
+
+  # filenames are absolute paths to each file.
+  # when we print output, nicer to read a path relative to the project's root.
+  prefix_length = root_dir.to_s.length + 1
+  verification_error = message.verification_error
+
+  report = <<~EOF
+  filename:#{original_filename}
+       #{encrypted_filename[prefix_length..]}
+       #{decrypted_filename[prefix_length..]}
+       #{body_filename[prefix_length..]}
+       valid_signature?:#{valid_signature}#{verification_error && " error:'#{verification_error}'"}
+       MIC: '#{message.mic}' (#{message.mic_algorithm})
+  EOF
+  log(report, transmission_id: transmission_id)
+
+  server = As2::Server.new(server_info: server_info, partner: partner)
+  server.send_mdn(env, message.mic, message.mic_algorithm, message.verification_error)
 end
 
 builder = Rack::Builder.new do
-  use Rack::CommonLogger
+  use Rack::ShowExceptions
   map '/as2' do
     run handler
   end
 end
 
-puts "As2 version: #{As2::VERSION}"
-Rack::Handler::Thin.run builder, Port: 3000
+puts "ruby-as2 version: #{As2::VERSION}"
+Rack::Handler::Puma.run builder, Port: 3002, Host: '0.0.0.0'

data/lib/as2/client.rb

@@ -4,12 +4,20 @@ module As2
   class Client
     attr_reader :partner, :server_info
 
+    def self.valid_outbound_formats
+      ['v0', 'v1']
+    end
+
     # @param [As2::Config::Partner,String] partner The partner to send a message to.
     #   If a string is given, it should be a partner name which has been registered
     #   via a call to #add_partner.
     # @param [As2::Config::ServerInfo,nil] server_info The server info used to identify
     #   this client to the partner. If omitted, the main As2::Config.server_info will be used.
-    def initialize(partner, server_info: nil)
+    # @param [Logger, nil] logger If supplied, some additional information about how
+    #   messages are processed will be written here.
+    def initialize(partner, server_info: nil, logger: nil)
+      @logger = logger || Logger.new('/dev/null')
+
       if partner.is_a?(As2::Config::Partner)
         @partner = partner
       else
@@ -60,18 +68,22 @@ module As2
       req['Message-ID'] = outbound_message_id
 
       document_content = content || File.read(file_name)
+      outbound_format = @partner&.outbound_format || 'v0'
 
-      document_payload =  "Content-Type: #{content_type}\r\n"
-      document_payload << "Content-Transfer-Encoding: base64\r\n"
-      document_payload << "Content-Disposition: attachment; filename=#{file_name}\r\n"
-      document_payload << "\r\n"
-      document_payload << Base64.strict_encode64(document_content)
+      if outbound_format == 'v1'
+        format_method = :format_body_v1
+      else
+        format_method = :format_body_v0
+      end
+
+      document_payload, request_body = send(format_method,
+                                         document_content,
+                                         content_type: content_type,
+                                         file_name: file_name
+                                       )
 
-      signature = OpenSSL::PKCS7.sign @server_info.certificate, @server_info.pkey, document_payload
-      signature.detached = true
-      container = OpenSSL::PKCS7.write_smime signature, document_payload
       cipher = OpenSSL::Cipher::AES256.new(:CBC) # default, but we might have to make this configurable
-      encrypted = OpenSSL::PKCS7.encrypt [@partner.certificate], container, cipher
+      encrypted = OpenSSL::PKCS7.encrypt([@partner.certificate], request_body, cipher)
 
       # > HTTP can handle binary data and so there is no need to use the
       # > content transfer encodings of MIME
@@ -119,6 +131,109 @@ module As2
       )
     end
 
+    # 'original' body formatting
+    #
+    # 1. uses OpenSSL::PKCS7.write_smime to build MIME body
+    #   * includes plain-text "this is an S/MIME message" note prior to initial
+    #     MIME boundary
+    # 2. uses non-standard application/x-pkcs7-* content types
+    # 3. MIME boundaries and signature have \n line endings
+    #
+    # this format is understood by Mendelson, OpenAS2, and several commercial
+    # products (GoAnywhere MFT). it is not understood by IBM Sterling B2B Integrator.
+    #
+    # @param [String] document_content the content to be transmitted
+    # @param [String] content_type the MIME type for document_content
+    # @param [String] file_name The filename to be transmitted to the partner
+    # @return [Array]
+    #   first item is the full document part of the transmission (including) MIME headers.
+    #   second item is the complete HTTP body.
+    def format_body_v0(document_content, content_type:, file_name:)
+      document_payload =  "Content-Type: #{content_type}\r\n"
+      document_payload << "Content-Transfer-Encoding: base64\r\n"
+      document_payload << "Content-Disposition: attachment; filename=#{file_name}\r\n"
+      document_payload << "\r\n"
+      document_payload << Base64.strict_encode64(document_content)
+
+      signature = OpenSSL::PKCS7.sign(@server_info.certificate, @server_info.pkey, document_payload)
+      signature.detached = true
+
+      [document_payload, OpenSSL::PKCS7.write_smime(signature, document_payload)]
+    end
+
+    # updated body formatting
+    #
+    # 1. no content before the first MIME boundary
+    # 2. uses standard application/pkcs7-* content types
+    # 3. MIME boundaries and signature have \r\n line endings
+    # 4. adds parameter smime-type=signed-data to the signature's Content-Type
+    #
+    # this format is understood by Mendelson, OpenAS2, and several commercial
+    # products (GoAnywhere MFT) and IBM Sterling B2B Integrator.
+    #
+    # @param [String] document_content the content to be transmitted
+    # @param [String] content_type the MIME type for document_content
+    # @param [String] file_name The filename to be transmitted to the partner
+    # @return [Array]
+    #   first item is the full document part of the transmission (including) MIME headers.
+    #   second item is the complete HTTP body.
+    def format_body_v1(document_content, content_type:, file_name:)
+      document_payload =  "Content-Type: #{content_type}\r\n"
+      document_payload << "Content-Transfer-Encoding: base64\r\n"
+      document_payload << "Content-Disposition: attachment; filename=#{file_name}\r\n"
+      document_payload << "\r\n"
+      document_payload << Base64.strict_encode64(document_content)
+
+      signature = OpenSSL::PKCS7.sign(@server_info.certificate, @server_info.pkey, document_payload)
+      signature.detached = true
+
+      # PEM (base64-encoded) signature
+      bare_pem_signature = signature.to_pem
+      # strip off the '-----BEGIN PKCS7-----' / '-----END PKCS7-----' delimiters
+      bare_pem_signature.gsub!(/^-----[^\n]+\n/, '')
+      # and update to canonical \r\n line endings
+      bare_pem_signature.gsub!(/(?<!\r)\n/, "\r\n")
+
+      # this is a hack until i can determine a better way to get the micalg parameter
+      # from the pkcs7 signature generated above...
+      # https://stackoverflow.com/questions/75934159/how-does-openssl-smime-determine-micalg-parameter
+      #
+      # also tried approach outlined in https://stackoverflow.com/questions/53044007/how-to-use-sha1-digest-during-signing-with-opensslpkcs7-sign-when-creating-smi
+      # but the signature generated by that method lacks some essential data. verifying those
+      # signatures results in an openssl error "unable to find message digest"
+      smime_body = OpenSSL::PKCS7.write_smime(signature, document_payload)
+      micalg = smime_body[/^Content-Type: multipart\/signed.*micalg=\"([^"]+)/m, 1]
+
+      # generate a MIME part boundary
+      #
+      # > A good strategy is to choose a boundary that includes
+      # > a character sequence such as "=_" which can never appear in a
+      # > quoted-printable body.
+      #
+      # https://www.rfc-editor.org/rfc/rfc2045#page-21
+      boundary = "----=_#{SecureRandom.hex(16).upcase}"
+      body_boundary = "--#{boundary}"
+
+      # body's mime headers
+      body = "Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=#{micalg};  boundary=\"#{boundary}\"\r\n"
+      body += "\r\n"
+
+      # first body part: the document
+      body += body_boundary + "\r\n"
+      body += document_payload + "\r\n"
+
+      # second body part: the signature
+      body += body_boundary + "\r\n"
+      body += "Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data\r\n"
+      body += "Content-Transfer-Encoding: base64\r\n"
+      body += "Content-Disposition: attachment; filename=\"smime.p7s\"\r\n"
+      body += "\r\n"
+      body += bare_pem_signature
+      body += body_boundary + "--\r\n"
+
+      [document_payload, body]
+    end
+
     def evaluate_mdn(mdn_body:, mdn_content_type:, original_message_id:, original_body:)
       report = {
         signature_verification_error: :not_checked,
@@ -132,22 +247,18 @@ module As2
       response_content = "Content-Type: #{mdn_content_type.to_s.strip}\r\n\r\n#{mdn_body}"
 
       if mdn_content_type.start_with?('multipart/signed')
-        smime = OpenSSL::PKCS7.read_smime(response_content)
-
-        # create mail instance before #verify call.
-        # `smime.data` is emptied if verification fails, which means we wouldn't know disposition & other details.
-        mail = Mail.new(smime.data)
-
-        # based on As2::Message version
-        # TODO: test cases based on valid/invalid responses. (response signed with wrong certificate, etc.)
-        smime.verify [@partner.certificate], OpenSSL::X509::Store.new, nil, OpenSSL::PKCS7::NOVERIFY | OpenSSL::PKCS7::NOINTERN
-        report[:signature_verification_error] = smime.error_string
+        result = parse_signed_mdn(
+                                   multipart_signed_message: response_content,
+                                   certificate: @partner.certificate
+                                 )
+        mdn_report = result[:mdn_report]
+        report[:signature_verification_error] = result[:signature_verification_error]
       else
         # MDN may be unsigned if an error occurred, like if we sent an unrecognized As2-From header.
-        mail = Mail.new(response_content)
+        mdn_report = Mail.new(response_content)
       end
 
-      mail.parts.each do |part|
+      mdn_report.parts.each do |part|
         if part.content_type.start_with?('text/plain')
           report[:plain_text_body] = part.body.to_s.strip
         elsif part.content_type.start_with?('message/disposition-notification')
@@ -163,8 +274,8 @@ module As2
             end
           end
 
-          report[:disposition] = options['disposition']
-          report[:mid_matched] = original_message_id == options['original-message-id']
+          report[:disposition] = options['disposition'].strip
+          report[:mid_matched] = original_message_id == options['original-message-id'].strip
 
           if options['received-content-mic']
             # do mic calc using the algorithm specified by server.
@@ -182,5 +293,98 @@ module As2
       end
       report
     end
+
+    private
+
+    # extract the MDN body from a multipart/signed wrapper & attempt to verify
+    # the signature
+    #
+    # @param [String] multipart_signed_message The 'outer' MDN body, containing MIME header,
+    #   MDN body (which itself is likely a multi-part object) and a signature.
+    # @param [OpenSSL::X509::Certificate] verify that the MDN body was signed using this certificate
+    # @return [Hash] results of the check
+    #   * :mdn_mime_body [Mail::Message] The 'inner' MDN body, with signature removed
+    #   * :signature_verification_error [String] Any error which resulted when checking the
+    #     signature. If this is empty it means the signature was valid.
+    def parse_signed_mdn(multipart_signed_message:, certificate:)
+      smime = nil
+
+      begin
+        # This will fail if the signature is binary-encoded. In that case
+        # we rescue so we can continue to extract other data from the MDN.
+        # User can decide how to proceed after the signature verification failure.
+        #
+        # > The parser assumes that the PKCS7 structure is always base64 encoded
+        # > and will not handle the case where it is in binary format or uses quoted
+        # > printable format.
+        #
+        # https://www.openssl.org/docs/man3.1/man3/SMIME_read_PKCS7.html
+        #
+        # Likely we can resolve this by building a PKCS7 manually from the MDN
+        # payload, rather than using `read_smime`.
+        #
+        # An aside: manually base64-encoding the binary signature allows the MDN
+        # to be parsed & verified via `read_smime`, so that could also be an option.
+        smime = OpenSSL::PKCS7.read_smime(multipart_signed_message)
+      rescue => e
+        @logger.warn "error checking signature using read_smime. #{e.message}"
+        signature_verification_error = e.message
+      end
+
+      if smime
+        # create mail instance before #verify call.
+        # `smime.data` is emptied if verification fails, which means we wouldn't know disposition & other details.
+        mdn_report = Mail.new(smime.data)
+
+        # based on As2::Message version
+        # TODO: test cases based on valid/invalid responses. (response signed with wrong certificate, etc.)
+        # See notes in As2::Message.verify for reasoning on flag usage
+        smime.verify [certificate], OpenSSL::X509::Store.new, nil, OpenSSL::PKCS7::NOVERIFY | OpenSSL::PKCS7::NOINTERN
+
+        signature_verification_error = smime.error_string
+      else
+        @logger.info "trying fallback sigature verification."
+        # read_smime will fail on binary-encoded MDNs. in this case, we can attempt
+        # to parse the structure using Mail and do signature verification
+        # slightly differently.
+        #
+        # what follows is the same process applied in As2::Message#valid_signature?.
+        # see notes there for more info on "multipart/signed" MIME messages.
+        #
+        #   1. maybe unify these at some point?
+        #   2. maybe always use this process, and drop initial attempt at
+        #      `OpenSSL::PKCS7.read_smime` above.
+        #
+        # refactoring to allow using As2::Message#valid_signature? here
+        # would also allow us to utilize the line-ending fixup code there
+
+        # this should have 2 parts. the MDN report (parts[0]) and the signature (parts[1])
+        #
+        #  * https://datatracker.ietf.org/doc/html/rfc3851#section-3.4.3
+        #  * see also https://datatracker.ietf.org/doc/html/rfc1847#section-2.1
+        outer_mail = Mail.new(multipart_signed_message)
+
+        mdn_report = outer_mail.parts[0]
+
+        content = mdn_report.raw_source
+        content = content.gsub(/\A\s+/, '')
+
+        signature = outer_mail.parts[1]
+        signature_text = signature.body.to_s
+
+        result = As2::Message.verify(
+                   content: content,
+                   signature_text: signature_text,
+                   certificate: @partner.certificate
+                 )
+
+        signature_verification_error = result[:error]
+      end
+
+      {
+        mdn_report: mdn_report,
+        signature_verification_error: signature_verification_error
+      }
+    end
   end
 end

data/lib/as2/config.rb

@@ -12,7 +12,7 @@ module As2
       end
     end
 
-    class Partner < Struct.new :name, :url, :certificate
+    class Partner < Struct.new :name, :url, :certificate, :mdn_format, :outbound_format
       def url=(url)
         if url.kind_of? String
           self['url'] = URI.parse url
@@ -21,6 +21,24 @@ module As2
         end
       end
 
+      def mdn_format=(format)
+        format_s = format.to_s
+        valid_formats = As2::Server.valid_mdn_formats
+        if !valid_formats.include?(format_s)
+          raise ArgumentError, "mdn_format '#{format_s}' must be one of #{valid_formats.inspect}"
+        end
+        self['mdn_format'] = format_s
+      end
+
+      def outbound_format=(format)
+        format_s = format.to_s
+        valid_formats = As2::Client.valid_outbound_formats
+        if !valid_formats.include?(format_s)
+          raise ArgumentError, "outbound_format '#{format_s}' must be one of #{valid_formats.inspect}"
+        end
+        self['outbound_format'] = format_s
+      end
+
       def certificate=(certificate)
         self['certificate'] = As2::Config.build_certificate(certificate)
       end

data/lib/as2/digest_selector.rb

@@ -14,11 +14,17 @@ module As2
       @map.keys
     end
 
+    def self.valid?(code)
+      @map[normalized(code)]
+    end
+
     def self.for_code(code)
-      # we may receive 'sha256', 'sha-256', or 'SHA256'.
-      normalized = code.strip.downcase.gsub(/[^a-z0-9]/, '')
+      @map[normalized(code)] || OpenSSL::Digest::SHA1
+    end
 
-      @map[normalized] || OpenSSL::Digest::SHA1
+    def self.normalized(code)
+      # we may receive 'sha256', 'sha-256', or 'SHA256'.
+      code.to_s.strip.downcase.gsub(/[^a-z0-9]/, '')
     end
   end
 end

data/lib/as2/message.rb

@@ -2,9 +2,10 @@ module As2
   class Message
     attr_reader :verification_error
 
-    # given multiple parts of a message, choose the one most likely to be the actual content we care about
+    # given multiple parts of a message, choose the one most likely to be the
+    # actual content we care about
     #
-    # @param [Array<Mail::Part>]
+    # @param [Mail::PartsList] mail_parts
     # @return [Mail::Part, nil]
     def self.choose_attachment(mail_parts)
       return nil if mail_parts.nil?
@@ -16,6 +17,18 @@ module As2
       candidates[0]
     end
 
+    # return the mail part containing a digital signature
+    #
+    # @param [Mail::PartsList] mail_parts
+    # @return [Mail::Part, nil]
+    def self.choose_signature(mail_parts)
+      return nil if mail_parts.nil?
+
+      mail_parts.find { |part| part.content_type.to_s['pkcs7-signature'] }
+    end
+
+    # calculate the MIC for a given mail part
+    #
     # @param [Mail::Part] attachment
     # @param [String] mic_algorithm
     # @return [String] message integrity check string
@@ -24,50 +37,37 @@ module As2
       digest.base64digest(attachment.raw_source.lstrip)
     end
 
-    def initialize(message, private_key, public_certificate)
-      # TODO: might need to use OpenSSL::PKCS7.read_smime rather than .new sometimes
-      @pkcs7 = OpenSSL::PKCS7.new(message)
-      @private_key = private_key
-      @public_certificate = public_certificate
-      @verification_error = nil
-    end
-
-    def decrypted_message
-      @decrypted_message ||= @pkcs7.decrypt @private_key, @public_certificate
-    end
-
-    def valid_signature?(partner_certificate)
-      content_type = mail.header_fields.find { |h| h.name == 'Content-Type' }.content_type
-      if content_type == "multipart/signed"
-        # for a "multipart/signed" message, we will do 'detatched' signature
-        # verification, where we supply the data to be verified as the 3rd parameter
-        # to OpenSSL::PKCS7#verify. this is in keeping with how this content type
-        # is described in the S/MIME RFC.
-        #
-        # > The multipart/signed MIME type has two parts.  The first part contains
-        # > the MIME entity that is signed; the second part contains the "detached signature"
-        # > CMS SignedData object in which the encapContentInfo eContent field is absent.
-        #
-        # https://datatracker.ietf.org/doc/html/rfc3851#section-3.4.3.1
-
-        # TODO: more robust detection of content vs signature (if they're ever out of order).
-        content = mail.parts[0].raw_source
-        # remove any leading \r\n characters (between headers & body i think).
-        content = content.gsub(/\A\s+/, '')
-
-        signature = OpenSSL::PKCS7.new(mail.parts[1].body.to_s)
+    # Check that the signature is valid.
+    #
+    # This confirms 2 things:
+    #
+    #   1. The `signature_text` is valid for `content`, ie: the `content` has
+    #      not been altered.
+    #   2. The `signature_text` was generated by the party who owns `certificate`,
+    #      ie: The same private key generated `signature_text` and `certificate`.
+    #
+    # @param [String] content
+    # @param [String] signature_text
+    # @param [OpenSSL::X509::Certificate] certificate
+    # @return [Hash]
+    #   * :valid [boolean] was the verification successful or not?
+    #   * :error [String, nil] a verification error message.
+    #                          will be empty when `valid` is true.
+    def self.verify(content:, signature_text:, certificate:)
+      begin
+        signature = OpenSSL::PKCS7.new(signature_text)
 
         # using an empty CA store. see notes on NOVERIFY flag below.
         store = OpenSSL::X509::Store.new
 
-        # notes on verification proces and flags used
+        # notes on verification process and flags used
         #
         # ## NOINTERN
         #
         # > If PKCS7_NOINTERN is set the certificates in the message itself are
         # > not searched when locating the signer's certificate. This means that
         # > all the signers certificates must be in the certs parameter.
-        #
+        # >
         # > One application of PKCS7_NOINTERN is to only accept messages signed
         # > by a small number of certificates. The acceptable certificates would
         # > be passed in the certs parameter. In this case if the signer is not
@@ -89,10 +89,112 @@ module As2
         # CA (in `store`, which is empty). alternately, we could instead remove
         # this flag, and add `partner_certificate` to `store`. but what's the point?
         # we'd only be verifying that `partner_certificate` is connected to `partner_certificate`.
-        output = signature.verify([partner_certificate], store, content, OpenSSL::PKCS7::NOVERIFY | OpenSSL::PKCS7::NOINTERN)
+        valid = signature.verify([certificate], store, content, OpenSSL::PKCS7::NOVERIFY | OpenSSL::PKCS7::NOINTERN)
 
         # when `signature.verify` fails, signature.error_string will be populated.
-        @verification_error = signature.error_string
+        error = signature.error_string
+      rescue => e
+        valid = false
+        error = "#{e.class}: #{e.message}"
+      end
+
+      {
+        valid: valid,
+        error: error
+      }
+    end
+
+    def initialize(message, private_key, public_certificate, mic_algorithm: nil)
+      # TODO: might need to use OpenSSL::PKCS7.read_smime rather than .new sometimes
+      @pkcs7 = OpenSSL::PKCS7.new(message)
+      @private_key = private_key
+      @public_certificate = public_certificate
+      @verification_error = nil
+
+      @mic_algorithm = mic_algorithm || 'sha256'
+      if !As2::DigestSelector.valid?(@mic_algorithm)
+        raise ArgumentError, "'#{@mic_algorithm}' is not a valid MIC algorithm."
+      end
+    end
+
+    def decrypted_message
+      @decrypted_message ||= @pkcs7.decrypt @private_key, @public_certificate
+    end
+
+    def valid_signature?(partner_certificate)
+      content_type = mail.header_fields.find { |h| h.name == 'Content-Type' }.content_type
+      # TODO: substantial overlap between this code & the fallback/rescue code in
+      # As2::Client#verify_mdn_signature
+      if content_type == "multipart/signed"
+        # for a "multipart/signed" message, we will do 'detatched' signature
+        # verification, where we supply the data to be verified as the 3rd parameter
+        # to OpenSSL::PKCS7#verify. this is in keeping with how this content type
+        # is described in the S/MIME RFC.
+        #
+        # > The multipart/signed MIME type has two parts.  The first part contains
+        # > the MIME entity that is signed; the second part contains the "detached signature"
+        # > CMS SignedData object in which the encapContentInfo eContent field is absent.
+        #
+        # https://datatracker.ietf.org/doc/html/rfc3851#section-3.4.3
+        #
+        # see also https://datatracker.ietf.org/doc/html/rfc1847#section-2.1
+
+        content = attachment.raw_source
+        # remove any leading \r\n characters (between headers & body i think).
+        content = content.gsub(/\A\s+/, '')
+
+        # TODO: why is signature.body.to_s different from signature.body.raw_source?
+        signature_text = signature.body.to_s
+
+        result = self.class.verify(
+                                    content: content,
+                                    signature_text: signature_text,
+                                    certificate: partner_certificate
+                                  )
+
+        output = result[:valid]
+        @verification_error = result[:error]
+
+        # HACK until https://github.com/mikel/mail/pull/1511 is available
+        #
+        # due to a bug in the mail gem (fixed in PR above), when using
+        # 'Content-Transfer-Encoding: binary', the body given by `attachment.raw_source`
+        # will have all "\n" replaced by "\r\n". This causes a signature verification
+        # failure.
+        #
+        # here, we try reversing this behavior (changing "\r\n" in the body back
+        # to "\n") and re-attempt verification.
+        #
+        # this entire block can should removed once the bugfix in mail gem is
+        # released & integrated into as2.
+        #
+        # we don't really know that verification failed due to line-ending mismatch.
+        # it's only a guess.
+        if !output && attachment.content_transfer_encoding == 'binary'
+          # TODO: log when this happens.
+          # include attachment.content_transfer_encoding, the results of the initial verification
+          # and the results of the re-attempted verification
+
+          body_delimiter = "\r\n\r\n"
+          # split on first occurrence of `body_delimiter`
+          # any trailing occurrences of `body_delimiter` are preserved as part of `body`
+          headers, _, body = content.partition(body_delimiter)
+
+          body.gsub!("\r\n", "\n") # cross fingers...
+          content = headers + body_delimiter + body
+
+          retry_output = self.class.verify(
+                                            content: content,
+                                            signature_text: signature_text,
+                                            certificate: partner_certificate
+                                          )
+
+          if retry_output[:valid]
+            @attachment = Mail::Part.new(content)
+            @verification_error = retry_output[:error]
+            output = retry_output[:valid]
+          end
+        end
 
         output
       else
@@ -106,14 +208,27 @@ module As2
     end
 
     def mic_algorithm
-      'sha256'
+      @mic_algorithm
     end
 
     # Return the attached file, use .filename and .body on the return value
+    # This is the content the sender is sending to us.
+    #
+    # @todo maybe rename this to `payload`. 'attachment' sounds very email.
+    # @return [Mail::Part]
     def attachment
-      self.class.choose_attachment(parts)
+      @attachment ||= self.class.choose_attachment(parts)
+    end
+
+    # Return the digital signature which is part of the incoming message.
+    # Will return `nil` for unsigned messages
+    #
+    # @return [Mail::Part]
+    def signature
+      @signature ||= self.class.choose_signature(parts)
     end
 
+    # TODO: deprecate this, or make it private
     def parts
       mail&.parts
     end

data/lib/as2/parser/disposition_notification_options.rb

@@ -0,0 +1,71 @@
+module As2
+  module Parser
+    # parse an AS2 HTTP Content-Disposition-Options header
+    # Structure is described in https://datatracker.ietf.org/doc/html/rfc4130#section-7.3
+    #
+    # don't use this directly. use As2.choose_mic_algorithm instead.
+    #
+    # @api private
+    class DispositionNotificationOptions
+      Result = Struct.new(:value, :attributes, :raw, keyword_init: true) do
+               def [](key)
+                 normalized = As2::Parser::DispositionNotificationOptions.normalize_key(key)
+                 attributes[normalized]
+               end
+
+               def to_s
+                 raw.to_s
+               end
+             end
+
+      def self.normalize_key(raw)
+        raw.to_s.downcase
+      end
+
+      # parse a single header body (without the name)
+      #
+      # @example parse('signed-receipt-protocol=required, pkcs7-signature; signed-receipt-micalg=optional, sha1')
+      # @return [As2::Parser::DispositionNotificationOptions::Result]
+      def self.parse(raw_body)
+        value = nil
+        attributes = {}
+
+        body_parts = raw_body.to_s.split(';').map(&:strip)
+
+        body_parts.each do |part|
+          if part.include?('=')
+            part_key, _, part_value = part.partition('=')
+            part_value = split_part(part_value)
+
+            # force lower-case to make access more reliable
+            part_key = normalize_key(part_key)
+
+            attributes[part_key] = part_value
+          else
+            value = split_part(part)
+          end
+        end
+
+        Result.new(raw: raw_body, value: value, attributes: attributes)
+      end
+
+      private
+
+      # convert CSV to array
+      # remove quotes
+      # single value returned as scalar not array
+      def self.split_part(part)
+        part_value = part.split(',').map do |value|
+                           out = value.strip
+                           # remove quotes
+                           if out[0] == out[-1] && (out[0] == "'" || out[0] == '"')
+                             out = out[1..-2]
+                           end
+                           out
+                         end
+
+        part_value
+      end
+    end
+  end
+end

data/lib/as2/parser.rb

@@ -0,0 +1,11 @@
+module As2
+  # namespace to hold parsers for various HTTP headers & perhaps other kinds of
+  # structured content.
+  #
+  # clients should not use this directly. use the public api exposed in the
+  # top-level `As2` module itself.
+  #
+  # @api private
+  module Parser
+  end
+end

data/lib/as2/server.rb

@@ -8,6 +8,11 @@ module As2
   class Server
     attr_accessor :logger
 
+    # each of these should be understandable by send_mdn
+    def self.valid_mdn_formats
+      ['v0', 'v1']
+    end
+
     # @param [As2::Config::ServerInfo] server_info Config used for naming of this
     #   server and key/certificate selection. If omitted, the main As2::Config.server_info is used.
     # @param [As2::Config::Partner] partner Which partner to receive messages from.
@@ -81,27 +86,61 @@ module As2
       report = MimeGenerator::Part.new
       report['Content-Type'] = 'multipart/report; report-type=disposition-notification'
 
-      text = MimeGenerator::Part.new
-      text['Content-Type'] = 'text/plain'
-      text['Content-Transfer-Encoding'] = '7bit'
-      text.body = text_body
-      report.add_part text
+      text_part = MimeGenerator::Part.new
+      text_part['Content-Type'] = 'text/plain'
+      text_part['Content-Transfer-Encoding'] = '7bit'
+      text_part.body = text_body
+      report.add_part text_part
 
-      notification = MimeGenerator::Part.new
-      notification['Content-Type'] = 'message/disposition-notification'
-      notification['Content-Transfer-Encoding'] = '7bit'
-      notification.body = options.map{|n, v| "#{n}: #{v}"}.join("\r\n")
-      report.add_part notification
+      notification_part = MimeGenerator::Part.new
+      notification_part['Content-Type'] = 'message/disposition-notification'
+      notification_part['Content-Transfer-Encoding'] = '7bit'
+      notification_part.body = options.map{|n, v| "#{n}: #{v}"}.join("\r\n")
+      report.add_part notification_part
 
       msg_out = StringIO.new
-
       report.write msg_out
+      mdn_text = msg_out.string
+
+      mdn_format = @partner&.mdn_format || 'v0'
+      if mdn_format == 'v1'
+        format_method = :format_mdn_v1
+      else
+        format_method = :format_mdn_v0
+      end
 
-      pkcs7 = OpenSSL::PKCS7.sign @server_info.certificate, @server_info.pkey, msg_out.string
+      headers, body = send(
+                        format_method,
+                        mdn_text,
+                        as2_to: env['HTTP_AS2_FROM']
+                      )
+
+      [200, headers, ["\r\n" + body]]
+    end
+
+    # 'original' MDN formatting
+    #
+    # 1. uses OpenSSL::PKCS7.write_smime to build MIME body
+    #   * includes MIME headers in HTTP body
+    #   * includes plain-text "this is an S/MIME message" note prior to initial
+    #     MIME boundary
+    # 2. uses non-standard application/x-pkcs7-* content types
+    # 3. MIME boundaries and signature have \n line endings
+    #
+    # this format is understood by Mendelson, OpenAS2, and several commercial
+    # products (GoAnywhere MFT). it is not understood by IBM Sterling B2B Integrator.
+    #
+    # @param [String] mdn_text MIME multipart/report body containing text/plain
+    #   and message/disposition-notification parts
+    # @param [String] mic_algorithm
+    # @param [String] as2_to
+    def format_mdn_v0(mdn_text, as2_to:)
+      pkcs7 = OpenSSL::PKCS7.sign @server_info.certificate, @server_info.pkey, mdn_text
       pkcs7.detached = true
-      smime_signed = OpenSSL::PKCS7.write_smime pkcs7, msg_out.string
 
-      content_type = smime_signed[/^Content-Type: (.+?)$/m, 1]
+      body = OpenSSL::PKCS7.write_smime pkcs7, mdn_text
+
+      content_type = body[/^Content-Type: (.+?)$/m, 1]
       # smime_signed.sub!(/\A.+?^(?=---)/m, '')
 
       headers = {}
@@ -110,11 +149,67 @@ module As2
       headers['MIME-Version'] = '1.0'
       headers['Message-ID'] = As2.generate_message_id(@server_info)
       headers['AS2-From'] = @server_info.name
-      headers['AS2-To'] = env['HTTP_AS2_FROM']
+      headers['AS2-To'] = as2_to
+      headers['AS2-Version'] = '1.0'
+      headers['Connection'] = 'close'
+
+      [headers, body]
+    end
+
+    def format_mdn_v1(mdn_text, as2_to:)
+      pkcs7 = OpenSSL::PKCS7.sign(@server_info.certificate, @server_info.pkey, mdn_text)
+      pkcs7.detached = true
+
+      # PEM (base64-encoded) signature
+      bare_pem_signature = pkcs7.to_pem
+      # strip off the '-----BEGIN PKCS7-----' / '-----END PKCS7-----' delimiters
+      bare_pem_signature.gsub!(/^-----[^\n]+\n/, '')
+      # and update to canonical \r\n line endings
+      bare_pem_signature.gsub!(/(?<!\r)\n/, "\r\n")
+
+      # this is a hack until i can determine a better way to get the micalg parameter
+      # from the pkcs7 signature generated above...
+      # https://stackoverflow.com/questions/75934159/how-does-openssl-smime-determine-micalg-parameter
+      #
+      # also tried approach outlined in https://stackoverflow.com/questions/53044007/how-to-use-sha1-digest-during-signing-with-opensslpkcs7-sign-when-creating-smi
+      # but the signature generated by that method lacks some essential data. verifying those
+      # signatures results in an openssl error "unable to find message digest"
+      smime_body = OpenSSL::PKCS7.write_smime(pkcs7, mdn_text)
+      micalg = smime_body[/^Content-Type: multipart\/signed.*micalg=\"([^"]+)/m, 1]
+
+      # generate a MIME part boundary
+      #
+      # > A good strategy is to choose a boundary that includes
+      # > a character sequence such as "=_" which can never appear in a
+      # > quoted-printable body.
+      #
+      # https://www.rfc-editor.org/rfc/rfc2045#page-21
+      boundary = "----=_#{SecureRandom.hex(16).upcase}"
+      body_boundary = "--#{boundary}"
+
+      headers = {}
+      headers['Content-Type'] = "multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=\"#{micalg}\"; boundary=\"#{boundary}\""
+      headers['MIME-Version'] = '1.0'
+      headers['Message-ID'] = As2.generate_message_id(@server_info)
+      headers['AS2-From'] = @server_info.name
+      headers['AS2-To'] = as2_to
       headers['AS2-Version'] = '1.0'
       headers['Connection'] = 'close'
 
-      [200, headers, ["\r\n" + smime_signed]]
+      # this is the MDN report, with text/plain and message/disposition-notification parts
+      body = body_boundary + "\r\n"
+      body += mdn_text + "\r\n"
+
+      # this is the signature generated over that report
+      body += body_boundary + "\r\n"
+      body += "Content-Type: application/pkcs7-signature; name=\"smime.p7s\"\r\n"
+      body += "Content-Transfer-Encoding: base64\r\n"
+      body += "Content-Disposition: attachment; filename=\"smime.p7s\"\r\n"
+      body += "\r\n"
+      body += bare_pem_signature
+      body += body_boundary + "--\r\n"
+
+      [headers, body]
     end
 
     private

data/lib/as2/version.rb

@@ -1,3 +1,3 @@
 module As2
-  VERSION = "0.5.2"
+  VERSION = "0.7.0"
 end

data/lib/as2.rb

@@ -1,12 +1,14 @@
-require 'openssl'
 require 'mail'
+require 'openssl'
 require 'securerandom'
-require 'as2/config'
-require 'as2/server'
+
 require 'as2/client'
 require 'as2/client/result'
+require 'as2/config'
 require 'as2/digest_selector'
-require "as2/version"
+require 'as2/parser/disposition_notification_options'
+require 'as2/server'
+require 'as2/version'
 
 module As2
   def self.configure(&block)
@@ -20,4 +22,17 @@ module As2
   def self.generate_message_id(server_info)
     "<#{server_info.name}-#{Time.now.strftime('%Y%m%d-%H%M%S')}-#{SecureRandom.uuid}@#{server_info.domain}>"
   end
+
+  # Select which algorithm to use for calculating a MIC, based on preferences
+  # stated by sender & our list of available algorithms.
+  #
+  # @see https://datatracker.ietf.org/doc/html/rfc4130#section-7.3
+  #
+  # @param [String] disposition_notification_options The content of an HTTP
+  #   Disposition-Notification-Options header
+  # @return [String, nil] either an algorithm name, or nil if none is found in given header
+  def self.choose_mic_algorithm(disposition_notification_options)
+    parsed = As2::Parser::DispositionNotificationOptions.parse(disposition_notification_options)
+    Array(parsed['signed-receipt-micalg']).find { |m| As2::DigestSelector.valid?(m) }
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: as2
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.7.0
 platform: ruby
 authors:
 - OfficeLuv
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-09-15 00:00:00.000000000 Z
+date: 2023-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail
@@ -68,7 +68,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '10.0'
 - !ruby/object:Gem::Dependency
-  name: thin
+  name: rackup
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: puma
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -166,8 +180,11 @@ files:
 - lib/as2/digest_selector.rb
 - lib/as2/message.rb
 - lib/as2/mime_generator.rb
+- lib/as2/parser.rb
+- lib/as2/parser/disposition_notification_options.rb
 - lib/as2/server.rb
 - lib/as2/version.rb
+- tmp/inbox/.keep
 homepage: https://github.com/alexdean/as2
 licenses:
 - MIT