Digest of MDN not taken from micalg in Disposition-Notification-Options but from digest of the original message signature

[open-gdsn]

In the As2InboundHandler, the digest for the MDN is taken from the digest of the original message and not from the Disposition-Notification-Options.

I skimmed through the PEPPOL specs about AS2 usage and did not find a reference to the two required to be equal (would be strange anyway)

The following patch fixes this:

SMimeDigestMethod mdnDigestMethod;
String preferredMicAlgorithm = null;
try {
    As2DispositionNotificationOptions dno = As2DispositionNotificationOptions.valueOf(httpHeaders.getHeader(As2Header.DISPOSITION_NOTIFICATION_OPTIONS)[0]);
    if (dno == null || dno.getSignedReceiptMicalg() == null) {
        throw new Exception(String.format("Could not parse '%s'", httpHeaders.getHeader(As2Header.DISPOSITION_NOTIFICATION_OPTIONS)[0]));
    }
    preferredMicAlgorithm = dno.getPreferredSignedReceiptMicAlgorithmName();
    mdnDigestMethod = SMimeDigestMethod.findByIdentifier(preferredMicAlgorithm);
} catch (NoSuchAlgorithmException nsae) {
    throw new NoSuchAlgorithmException(String.format(
            "Requested digest method for MDN '%s' not known.", preferredMicAlgorithm));
}

// Create receipt (MDN)
mdnBuilder.addHeader(MdnHeader.DISPOSITION, Disposition.PROCESSED);
MimeMessage mdn = sMimeMessageFactory.createSignedMimeMessage(mdnBuilder.build(), mdnDigestMethod);

[open-gdsn]

Anything on this issue? Or at least a comment?

[kukel]

Yes, I'm curious too

[aaron-kumar]

Closing this issue since as per OpenPeppol, AS2 is Optional protocol starting 2020-02-01 and AS2 protocol will be removed soon. We in Oxalis community also starting process to deprecate and removing AS2 protocol support completely from Oxalis.