[
https://issues.apache.org/jira/browse/CAMEL-21296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen updated CAMEL-21296:
--------------------------------
Priority: Minor (was: Major)
> Camel AS2 Sender application couldn't validate MDN message
> ----------------------------------------------------------
>
> Key: CAMEL-21296
> URL: https://issues.apache.org/jira/browse/CAMEL-21296
> Project: Camel
> Issue Type: Bug
> Components: camel-as2
> Affects Versions: 4.5.0
> Reporter: RAVI
> Priority: Minor
>
> Hi Team,
>
> We are conducting a POC using the Camel-AS2 project (version 4.5.0) to
> facilitate communication with the OpenText tool, with plans to extend this
> setup for communication with our trading partners in the future.
>
> We’ve implemented a Camel-AS2 sender application, which has been configured
> to send EDI messages to the OpenText AS2 receiver. The OpenText AS2 receiver
> successfully receives the messages and sends back a signed MDN. However, our
> Camel-AS2 sender application encounters the following exception during MDN
> validation.
>
> Based on the Camel documentation, it appears that MDN verification on the
> client side isn’t fully supported by Camel. To address this, we are utilizing
> the org.apache.camel.component.as2.api.util.SigningUtils.isValid() method,
> but this is where the exception arises.
>
> We’ve identified that the message digest value computed on the MDN by
> OpenText (included in the Signature object) doesn’t match the one computed by
> the Camel-AS2 sender application upon receiving the MDN.
>
> We suspect this discrepancy may be related to line separator differences in
> the MDN message. Could you provide further insights or guidance on this issue?
>
> Here’s the relevant code snippet we are using to validate after recieving
> response from Open text:
>
> if (exchange.getMessage().getBody() instanceof MultipartSignedEntity) {
> MultipartSignedEntity responseSignedEntity = (MultipartSignedEntity)
> exchange.getMessage().getBody();
> AS2Component component = exchange.getContext().getComponent("as2",
> AS2Component.class);
> AS2Configuration configuration = component.getConfiguration();
> System.out.println("count " + responseSignedEntity.getPartCount());
> boolean verifiedFlag = SigningUtils.isValid(responseSignedEntity,
> configuration.getValidateSigningCertificateChain());
> }
>
>
> org.bouncycastle.cms.CMSSignerDigestMismatchException: message-digest
> attribute value does not match calculated value
> at
> org.bouncycastle.cms.SignerInformation.verifyMessageDigestAttribute(SignerInformation.java:550)
> ~[bcpkix-debug-jdk18on-1.77.jar:1.77.00.0]
> at
> org.bouncycastle.cms.SignerInformation.doVerify(SignerInformation.java:452)
> ~[bcpkix-debug-jdk18on-1.77.jar:1.77.00.0]
> at org.bouncycastle.cms.SignerInformation.verify(SignerInformation.java:659)
> ~[bcpkix-debug-jdk18on-1.77.jar:1.77.00.0]
> at
> org.bouncycastle.cms.CMSSignedData.verifySignatures(CMSSignedData.java:436)
> ~[bcpkix-debug-jdk18on-1.77.jar:1.77.00.0]
> at
> org.bouncycastle.cms.CMSSignedData.verifySignatures(CMSSignedData.java:411)
> ~[bcpkix-debug-jdk18on-1.77.jar:1.77.00.0]
> at
> org.apache.camel.component.as2.api.util.SigningUtils.isValidSigned(SigningUtils.java:155)
> ~[classes/:na]
> at
> org.apache.camel.component.as2.api.util.SigningUtils.isValid(SigningUtils.java:191)
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
