def save_message(message, raw_payload):
""" Function decompresses, decrypts and verifies the received message"""
try:
payload = email.message_from_string(raw_payload)
micContent = None
models.Log.objects.create(message=message, status="S", text=_(u"Begin Processing of received AS2 message"))
if not models.Organization.objects.filter(as2_name=as2utils.unescape_as2name(payload.get("as2-to"))).exists():
raise as2utils.as2partnernotfound("Unknown AS2 organization with id %s" % payload.get("as2-to"))
message.organization = models.Organization.objects.get(
as2_name=as2utils.unescape_as2name(payload.get("as2-to"))
)
if not models.Partner.objects.filter(as2_name=as2utils.unescape_as2name(payload.get("as2-from"))).exists():
raise as2utils.as2partnernotfound("Unknown AS2 Trading partner with id %s" % payload.get("as2-from"))
message.partner = models.Partner.objects.get(as2_name=as2utils.unescape_as2name(payload.get("as2-from")))
models.Log.objects.create(
message=message,
status="S",
text=_(u'Message is for Organization "%s" from partner "%s"' % (message.organization, message.partner)),
)
# micContent = payload.get_payload()
filename = payload.get_filename()
if message.partner.encryption and payload.get_content_type() != "application/pkcs7-mime":
raise as2utils.as2insufficientsecurity(
"Incoming messages from AS2 partner %s are defined to be encrypted" % message.partner.as2_name
)
if (
payload.get_content_type() == "application/pkcs7-mime"
and payload.get_param("smime-type") == "enveloped-data"
):
models.Log.objects.create(
message=message,
status="S",
text=_(u"Decrypting the payload using private key %s" % message.organization.encryption_key),
)
message.encrypted = True
### Check if data is base64, if not then encode
try:
payload.get_payload().encode("ascii")
except Exception, e:
payload.set_payload(payload.get_payload().encode("base64"))
pyas2init.logger.debug("Decrypting the payload :\n%s" % payload.get_payload())
try:
decrypted_content = as2utils.decrypt_payload(
as2utils.mimetostring(payload, 78),
str(message.organization.encryption_key.certificate.path),
str(message.organization.encryption_key.certificate_passphrase),
)
# micContent,raw_payload = as2utils.canonicalize(decrypted_content),decrypted_content
raw_payload = decrypted_content
payload = email.message_from_string(decrypted_content)
### Check if decrypted content is the actual content
if payload.get_content_type() == "text/plain":
payload = email.Message.Message()
payload.set_payload(decrypted_content)
payload.set_type("application/edi-consent")
if filename:
payload.add_header("Content-Disposition", "attachment", filename=filename)
except Exception, msg:
raise as2utils.as2decryptionfailed("Failed to decrypt message, exception message is %s" % msg)
str(message.organization.encryption_key.certificate_passphrase)
)
#micContent,raw_payload = as2utils.canonicalize(decrypted_content),decrypted_content
raw_payload = decrypted_content
payload = email.message_from_string(decrypted_content)
### Check if decrypted content is the actual content
if payload.get_content_type() == 'text/plain':
payload = email.Message.Message()
payload.set_payload(decrypted_content)
payload.set_type('application/edi-consent')
if filename:
payload.add_header('Content-Disposition', 'attachment', filename=filename)
except Exception, msg:
raise as2utils.as2decryptionfailed('Failed to decrypt message, exception message is %s' %msg)
if message.partner.signature and payload.get_content_type() != 'multipart/signed':
raise as2utils.as2insufficientsecurity('Incoming messages from AS2 partner %s are defined to be signed'%message.partner.as2_name)
if payload.get_content_type() == 'multipart/signed':
if not message.partner.signature_key:
raise as2utils.as2insufficientsecurity('Partner has no signature verification key defined')
micalg = payload.get_param('micalg').lower() or 'sha1'
models.Log.objects.create(message=message, status='S', text=_(u'Message is signed, Verifying it using public key %s'%message.partner.signature_key))
pyas2init.logger.debug('Verifying the signed payload:\n%s'%payload.as_string())
message.signed = True
main_boundary = '--' + payload.get_boundary()
cert = str(message.partner.signature_key.certificate.path)
ca_cert = cert
if message.partner.signature_key.ca_cert:
ca_cert = str(message.partner.signature_key.ca_cert.path)
verify_cert = message.partner.signature_key.verify_cert
### Extract the base64 encoded signature
for part in payload.walk():
