abhishek-ram/django-pyas2

Message Digest does not match

hgooijen opened this issue · 4 comments

Hi,

For some reason pyas2 throws an error message and sends a failure MDN, allthough the payload is received correctly and can be processed.
"pyas2lib.exceptions.IntegrityError: Failed to verify message signature: Message Digest does not match."
Can this have something to do with the compression of the message? the partner only had the option to set compression levels 1-9. Or maybe because they are using HTTPS? I checked and unchecked "Verify SSL Certificate", but that didn't help.

Does anyone has an idea?

`2020-12-31 13:08:01,605 pyas2lib DEBUG Compressed message 160941648160.129888.8010119924120103265@as2.organisation.nl payload as:
b'MIME-Version: 1.0\r\nContent-Type: application/pkcs7-mime; name="smime.p7z"; smime-type="compressed-data"\r\nContent-Disposition: attachment; filename="smime.p7z"\r\nContent-Transfer-Encoding: binary\r\n\r\n0\x81\xc4\x06\x0b*.....'
2020-12-31 13:08:01,618 pyas2lib DEBUG Signed message 160941648160.129888.8010119924120103265@as2.organisation.nl payload as:
b'Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha512"; boundary="===============1985204697163016904=="\r\n\r\n--===============1985204697163016904==\r\nMIME-Version: 1.0\r\nContent-Type: application/pkcs7-mime; name="smime.p7z"; smime-type="compressed-data"\r\nContent-Disposition: attachment; filename="smime.p7z"\r\nContent-Transfer-Encoding: binary\r\n\r\n0\x81\xc4\x06\x0b*\x86H\x86\xf7\r\x01.........x0fc<\x03\r\n--===============1985204697163016904==\r\nContent-Type: application/pkcs7-signature; name="smime.p7s"; smime-type="signed-data"\r\nContent-Disposition: attachment; filename="smime.p7s"\r\nContent-Transfer-Encoding: base64\r\n\r\nMIIHZwYJKoZIhvcNAQcCoII..........\r\n\r\n--===============1985204697163016904==--\r\n'
2020-12-31 13:08:01,622 pyas2lib DEBUG Encrypted message 160941648160.129888.8010119924120103265@as2.organisation.nl payload as:
b'MIME-Version: 1.0\r\nContent-Type: application/pkcs7-mime; name="smime.p7m"; smime-type="enveloped-data"\r\nContent-Disposition: attachment; filename="smime.p7m"\r\nContent-Transfer-Encoding: binary\r\n\r\n0\x82\x0f_\x06\t*\x86H\x86\xf7\r\x01............\xd8\xad'
2020-12-31 13:08:01,622 pyas2 INFO Sending message 160941618822.128612.7181410625899148109@as2.organisation.nl from organization "organisation Entertainment" to partner "partner TEST".
2020-12-31 13:08:01,871 pyas2 DEBUG Received an HTTP POST from 85.158.120.86 with payload :
b'user-agent: curl/7.23.1 (i686-pc-linux-gnu) libcurl/7.23.1 OpenSSL/1.0.2a zlib/1.1.4 libssh2/1.3.0\nhost: as2.organisation.nl:5443\naccept: /\nas2-from: partnerB2B.NET_SECU\nas2-to: 8719329013005\nas2-version: 1.2\ncontent-disposition: attachment;filename="smime.p7m"\ncontent-transfer-encoding: binary\ncontent-type: application/pkcs7-mime;smime-type=enveloped-data;name="smime.p7m"\ndate: Thu, 31 Dec 2020 12:08:01 GMT\ndisposition-notification-options: signed-receipt-protocol=optional,pkcs7-signature;signed-receipt-micalg=optional,sha1\ndisposition-notification-to: ediint-sync-mdn\nediint-features: multiple-attachments\nmessage-id: 20201231130801.15421.7213193@as2-server-pp1.partner.com\nsubject: partner-MPRP TO organisation\ncontent-length: 5162\n\r\n0\x82\x14&\x06\t*\x86H\x86\xf7\r\x01...........'
2020-12-31 13:08:01,871 pyas2 DEBUG Check to see if payload is an Asynchronous MDN.
2020-12-31 13:08:01,872 pyas2 DEBUG Payload is not an MDN parse it as an AS2 Message
2020-12-31 13:08:01,894 pyas2lib DEBUG Decrypting message 20201231130801.15421.7213193@as2-server-pp1.partner.com payload :
b'user-agent: curl/7.23.1 (i686-pc-linux-gnu) libcurl/7.23.1 OpenSSL/1.0.2a zlib/1.1.4 libssh2/1.3.0\r\nhost: as2.organisation.nl:5443\r\naccept: /\r\nas2-from: partnerB2B.NET_SECU\r\nas2-to: 8719329013005\r\nas2-version: 1.2\r\ncontent-disposition: attachment;filename="smime.p7m"\r\ncontent-transfer-encoding: binary\r\ncontent-type: application/pkcs7-mime;smime-type=enveloped-data;name="smime.p7m"\r\ndate: Thu, 31 Dec 2020 12:08:01 GMT\r\ndisposition-notification-options: signed-receipt-protocol=optional,pkcs7-signature;signed-receipt-micalg=optional,sha1\r\ndisposition-notification-to: ediint-sync-mdn\r\nediint-features: multiple-attachments\r\nmessage-id: 20201231130801.15421.7213193@as2-server-pp1.partner.com\r\nsubject: partner-MPRP TO organisation\r\ncontent-length: 5162\r\n\r\n0\x82\x14&\x06\t*\x86H\x86..............'
2020-12-31 13:08:01,898 pyas2lib DEBUG Verifying signed message 20201231130801.15421.7213193@as2-server-pp1.partner.com payload:
b'Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------15FEDBF21822FA6D11609416481B3C3D1"\r\n\r\n\r\n--------15FEDBF21822FA6D11609416481B3C3D1\r\nContent-Disposition: attachment; filename="test_as2.txt"\r\nContent-Type: Application/octet-stream\r\n\r\n..................................this is an AS2 test file by partner......................................\r\n......................................please ignore this message...........................................\r\n...........................................................................................................\r\n...............................................................................((((/.......................\r\n................................................................................./(//......................\r\n...........................................................................................................\r\n......../((((((((((((//.(((((((((....(((...((/((((/......(/(((/(((.../(((...(/((/((/(.((((/.....((((.......\r\n....../(((...../(((../((((.....((((../(((((/...(((((../((((.....(/((./(((((((....((((...(((/../(((/........\r\n...../(/(/....../(((/(((/........(((/((((......./(((//(((......../(((/((((.......((((....((..((((..........\r\n....../(((......((/(/(((((((((((((((/((((........((((((((((/(((((((((/(((........((((......//((/...........\r\n........((/(((((/(..(((/.............((((........(((((((/............/(((........((((...../.((((/..........\r\n....../((/........../((//............((((......./((///(((/.........../(((........((((....(((./((((.........\r\n......((((............(((((/..../(/..((((........((((..(/(/(/..../(/./(((/.......((((..(((/....((//........\r\n......./(((/(((((/((/(...(((/((/(/...(((/........((((.....((((((((/../(((........((((/(((......./((((......\r\n.....(((/..........((((....................................................................................\r\n.....(((/.........(/((.....................................................................................\r\n.......(((((/((((((/.......................................................................................\r\n...........................................................................................................\r\n--------15FEDBF21822FA6D11609416481B3C3D1\r\nContent-Transfer-Encoding: binary\r\nContent-Disposition: attachment; filename="smime.p7s"\r\nContent-Type: application/pkcs7-signature; name="smime.p7s"\r\n\r\n0\x82\x08=\x06\t*\x86H\x86..............\r\n--------15FEDBF21822FA6D11609416481B3C3D1--\r\n'
2020-12-31 13:08:01,899 pyas2lib ERROR Failed to parse AS2 message
: Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/pyas2lib/as2.py", line 629, in parse
self.digest_alg = verify_message(mic_content, signature, verify_cert)
File "/usr/local/lib/python3.6/dist-packages/pyas2lib/cms.py", line 488, in verify_message
"Failed to verify message signature: Message Digest does not match."
pyas2lib.exceptions.IntegrityError: Failed to verify message signature: Message Digest does not match.

2020-12-31 13:08:01,900 pyas2lib DEBUG Building the MDN for message 20201231130801.15421.7213193@as2-server-pp1.partner.com with status processed/Error and detailed-status authentication-failed.
2020-12-31 13:08:01,900 pyas2lib DEBUG MDN report for message 20201231130801.15421.7213193@as2-server-pp1.partner.com created:
b'Content-Type: message/disposition-notification\r\nContent-Transfer-Encoding: 7bit\r\n\r\nReporting-UA: pyAS2 Open Source AS2 Software\r\nOriginal-Recipient: rfc822; 8719329013005\r\nFinal-Recipient: rfc822; 8719329013005\r\nOriginal-Message-ID: 20201231130801.15421.7213193@as2-server-pp1.partner.com\r\nDisposition: automatic-action/MDN-sent-automatically; processed/Error: authentication-failed\r\n'
2020-12-31 13:08:01,910 pyas2lib DEBUG Signing the MDN for message 20201231130801.15421.7213193@as2-server-pp1.partner.com
2020-12-31 13:08:01,912 pyas2lib DEBUG MDN generated for message 20201231130801.15421.7213193@as2-server-pp1.partner.com with content:
b'Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="===============0089551447359942500=="\r\nAS2-Version: 1.2\r\nediint-features: CMS\r\nMessage-ID: 160941648190.97934.14366446894084658445@as2.organisation.nl\r\nAS2-From: 8719329013005\r\nAS2-To: partnerB2B.NET_SECU\r\nDate: Thu, 31 Dec 2020 13:08:01 +0100\r\nuser-agent: pyAS2 Open Source AS2 Software\r\n\r\n--===============0089551447359942500==\r\nContent-Type: multipart/report; report-type="disposition-notification"; boundary="===============7671050814658493779=="\r\nMIME-Version: 1.0\r\n\r\n--===============7671050814658493779==\r\nContent-Type: text/plain\r\nContent-Transfer-Encoding: 7bit\r\n\r\nThe AS2 message could not be processed. The disposition-notification report has additional details.\r\n\r\n--===============7671050814658493779==\r\nContent-Type: message/disposition-notification\r\nContent-Transfer-Encoding: 7bit\r\n\r\nReporting-UA: pyAS2 Open Source AS2 Software\r\nOriginal-Recipient: rfc822; 8719329013005\r\nFinal-Recipient: rfc822; 8719329013005\r\nOriginal-Message-ID: 20201231130801.15421.7213193@as2-server-pp1.partner.com\r\nDisposition: automatic-action/MDN-sent-automatically; processed/Error: authentication-failed\r\n\r\n--===============7671050814658493779==--\r\n\r\n--===============0089551447359942500==\r\nContent-Type: application/pkcs7-signature; name="smime.p7s"; smime-type="signed-data"\r\nContent-Disposition: attachment; filename="smime.p7s"\r\nContent-Transfer-Encoding: base64\r\n\r\nMIIHMwYJKoZIhvcNAQc............=\r\n\r\n--===============0089551447359942500==--\r\n'
2020-12-31 13:08:01,912 pyas2 INFO Received an AS2 message with id 20201231130801.15421.7213193@as2-server-pp1.partner.com for organization 8719329013005 from partner partnerB2B.NET_SECU.
2020-12-31 13:08:01,962 pyas2 DEBUG Received MDN response for message 160941618822.128612.7181410625899148109@as2.organisation.nl with content: b'message-id: 160941618822.128612.7181410625899148109@as2.organisation.nl\ncontent-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha512; boundary="------15FEDBF2182020F511609416481B3C501"\n\n\r\n--------15FEDBF2182020F511609416481B3C501\r\nContent-Type: multipart/report; report-type=disposition-notification; boundary="------25FEDBF2182020F521609416481B3C502"\r\n\r\n\r\n--------25FEDBF2182020F521609416481B3C502\r\nContent-Type: text/plain\r\n\r\nMessage 160941648160.129888.8010119924120103265@as2.organisation.nl was authenticated and decrypted;\r\nEDI processing was initiated.\r\n\r\n\r\n--------25FEDBF2182020F521609416481B3C502\r\nContent-Type: message/disposition-notification\r\n\r\nOriginal-Message-ID: 160941648160.129888.8010119924120103265@as2.organisation.nl\r\nOriginal-Recipient: rfc822; partnerB2B.NET_SECU\r\nFinal-Recipient: rfc822; partnerB2B.NET_SECU\r\nReceived-content-MIC: +mQvTwObpKabsK/S0UnsQ2t1lJsuEwf1i1ZTGlSCvH9o4gh5E2vcA6CzuqiyTa7Btscr3F+/0VnLsTY7AqhUXA==,sha512\r\nDisposition: automatic-action/MDN-sent-automatically;processed\r\n\r\n\r\n--------25FEDBF2182020F521609416481B3C502--\r\n\r\n--------15FEDBF2182020F511609416481B3C501\r\nContent-Transfer-Encoding: binary\r\nContent-Disposition: attachment; filename="smime.p7s"\r\nContent-Type: application/pkcs7-signature; name="smime.p7s"\r\n\r\n0\x82\x08=\x06\t*\x86H\x86..................\r\n--------15FEDBF2182020F511609416481B3C501--\r\n'
2020-12-31 13:08:01,970 pyas2lib DEBUG Verifying signed MDN:
b'message-id: 160941618822.128612.7181410625899148109@as2.organisation.nl\r\ncontent-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha512; boundary="------15FEDBF2182020F511609416481B3C501"\r\n\r\n\r\n--------15FEDBF2182020F511609416481B3C501\r\nContent-Type: multipart/report; report-type=disposition-notification; boundary="------25FEDBF2182020F521609416481B3C502"\r\n\r\n\r\n--------25FEDBF2182020F521609416481B3C502\r\nContent-Type: text/plain\r\n\r\nMessage 160941648160.129888.8010119924120103265@as2.organisation.nl was authenticated and decrypted;\r\nEDI processing was initiated.\r\n\r\n\r\n--------25FEDBF2182020F521609416481B3C502\r\nContent-Type: message/disposition-notification\r\n\r\nOriginal-Message-ID: 160941648160.129888.8010119924120103265@as2.organisation.nl\r\nOriginal-Recipient: rfc822; partnerB2B.NET_SECU\r\nFinal-Recipient: rfc822; partnerB2B.NET_SECU\r\nReceived-content-MIC: +mQvTwObpKabsK/S0UnsQ2t1lJsuEwf1i1ZTGlSCvH9o4gh5E2vcA6CzuqiyTa7Btscr3F+/0VnLsTY7AqhUXA==,sha512\r\nDisposition: automatic-action/MDN-sent-automatically;processed\r\n\r\n\r\n--------25FEDBF2182020F521609416481B3C502--\r\n\r\n--------15FEDBF2182020F511609416481B3C501\r\nContent-Transfer-Encoding: binary\r\nContent-Disposition: attachment; filename="smime.p7s"\r\nContent-Type: application/pkcs7-signature; name="smime.p7s"\r\n\r\n0\x82\x08=\x06\t*\x86H\x86\xf7\r.................\xfc\xceI\r\n--------15FEDBF2182020F511609416481B3C501--\r\n'
2020-12-31 13:08:01,971 pyas2lib DEBUG MDN report for message 160941618822.128612.7181410625899148109@as2.organisation.nl:
Content-Type: message/disposition-notification

Original-Message-ID: 160941648160.129888.8010119924120103265@as2.organisation.nl
Original-Recipient: rfc822; partnerB2B.NET_SECU
Final-Recipient: rfc822; partnerB2B.NET_SECU
Received-content-MIC: +mQvTwObpKabsK/S0UnsQ2t1lJsuEwf1i1ZTGlSCvH9o4gh5E2vcA6CzuqiyTa7Btscr3F+/0VnLsTY7AqhUXA==,sha512
Disposition: automatic-action/MDN-sent-automatically;processed
`

Issue is because the signature could not be verified. I will need to dig into it further to find the root cause

Hi @abhishek-ram,
Are you able to find anything? is there anything i can do to help?

I did not get the time to check this and there is no easy way to figure this out. What we need to do is see what digest was sent by the partner and what we are calculating, tweak the canonicalize method to see if we can get a match.

The partner changed something what resulted in a succesfull transaction.
I still don't know what the issue was, but because i don't have a way to reproduce the issue, i'll close it.
Thanks
Hans