-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calculating MIC for signed message when *not* having MDN options fails #50
Comments
This is what I ended up with:
And the following piece of code is superfluous then in the
Will setup my github correctly so I can create PR's |
|
I do not completely understand your question in this context. One of the reasons we are looking for newer software is that ours does not support modern algorithms and sha-1 is the max. (Sorry, closed by accident) |
Well, this is a tricky one. There are the What you are outlining suits my understanding:
|
Yes this is what I think it should be... But in the MDN creation it still works, unrelated pieces of code. So the fix I proposed is safe (afaics) |
I changed it slightly, so that a default algorithm is used (depending on the algorithm suite used), if none, or an invalid one is provided. |
SNAPSHOT 12 and onwards contain this fix. Thanks again for pointing it out. |
Providing a default if none is provided sounds ok, but I am not a fan of defaults if invalid ones are provided. It's masking wrong configurations. |
That's why I added an extra logging, so that it gets obvious |
Thankls, that makes it better (although logging tends to be 'neglected' way too often is our experience if there is additional (error) logging that should be ignored) |
Version: AS2-LIB 4.1.1-SNAPSHOT from 'master'
I'm sending (or at least trying to send) an encrypted and signed message while at the same time not requesting an MDN and (sort of consequently) not having an 'MDNOptions' on the partnership. From our documentation, it is a valid (albeit strange) test case.
Securing the message happens in
handle()
inAS2SenderModule
The securing part works and in the
secure(aMsg)
the signing algorithm is taken from the partnership:After the signing the MIC is calculated and this part fails with the following exception
The reason being that in
protected String calculateAndStoreMIC (@Nonnull final AS2Message aMsg)
Disposition options (a string here!) are being parsed to a DispositionOptions object and from that the fist mic is read.It looks like this is a copy/paste from an MDN related method and since it is only used in the AS2SenderModule, I think
should be replaced by
ECryptoAlgorithmSign.getFromIDOrThrow(aPartnership.getSigningAlgorithm()),
Or an assignment, a null check like for the encryption or...
The text was updated successfully, but these errors were encountered: