Lack of Content-Transfer-Encoding of a binary message causing signature validation failure

[daviialvesjr]

We are receiving a message from IBM Starling. The message is encrypted, signed and compressed. The symptom is that the self.digest_alg = verify_message(mic_content, signature, verify_cert) function fails. We realised that the canonicalize is not treating the message as binary as it should because of the lack of the Content-Transfer-Encoding property. Inside canonicalize the email_message has the following header: Content-Type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m By forcing the message as binary everything works well, however it will probably break other messages. What is the best way to deal with this case?

[abhishek-ram]

Well we cannot always assume that it is binary as the message could also be base64 encoded. There are a few options:

• Make the canonicalize method configurable i.e. pass in a custom function as part of Message.parse
• Take in an argument canonicalize_as_binary as part of Message.parse that force treats the message as binary, the idea being that a particular partner will always send in binary and for that partner you can set this argument to True

Let me know your thoughts @daviialvesjr
cc @chadgates

[chadgates]

I'd suggest to extend Partner class with canonicalize_as_binary option and make it configurable in django-pyas2 on a partner level as well.

[daviialvesjr]

All right, I'll do it as suggested by @chadgates. Thanks!!