def save_message(message, raw_payload): """ Function decompresses, decrypts and verifies the received message""" try: payload = email.message_from_string(raw_payload) micContent = None models.Log.objects.create(message=message, status="S", text=_(u"Begin Processing of received AS2 message")) if not models.Organization.objects.filter(as2_name=as2utils.unescape_as2name(payload.get("as2-to"))).exists(): raise as2utils.as2partnernotfound("Unknown AS2 organization with id %s" % payload.get("as2-to")) message.organization = models.Organization.objects.get( as2_name=as2utils.unescape_as2name(payload.get("as2-to")) ) if not models.Partner.objects.filter(as2_name=as2utils.unescape_as2name(payload.get("as2-from"))).exists(): raise as2utils.as2partnernotfound("Unknown AS2 Trading partner with id %s" % payload.get("as2-from")) message.partner = models.Partner.objects.get(as2_name=as2utils.unescape_as2name(payload.get("as2-from"))) models.Log.objects.create( message=message, status="S", text=_(u'Message is for Organization "%s" from partner "%s"' % (message.organization, message.partner)), ) # micContent = payload.get_payload() filename = payload.get_filename() if message.partner.encryption and payload.get_content_type() != "application/pkcs7-mime": raise as2utils.as2insufficientsecurity( "Incoming messages from AS2 partner %s are defined to be encrypted" % message.partner.as2_name ) if ( payload.get_content_type() == "application/pkcs7-mime" and payload.get_param("smime-type") == "enveloped-data" ): models.Log.objects.create( message=message, status="S", text=_(u"Decrypting the payload using private key %s" % message.organization.encryption_key), ) message.encrypted = True ### Check if data is base64, if not then encode try: payload.get_payload().encode("ascii") except Exception, e: payload.set_payload(payload.get_payload().encode("base64")) pyas2init.logger.debug("Decrypting the payload :\n%s" % payload.get_payload()) try: decrypted_content = as2utils.decrypt_payload( as2utils.mimetostring(payload, 78), str(message.organization.encryption_key.certificate.path), str(message.organization.encryption_key.certificate_passphrase), ) # micContent,raw_payload = as2utils.canonicalize(decrypted_content),decrypted_content raw_payload = decrypted_content payload = email.message_from_string(decrypted_content) ### Check if decrypted content is the actual content if payload.get_content_type() == "text/plain": payload = email.Message.Message() payload.set_payload(decrypted_content) payload.set_type("application/edi-consent") if filename: payload.add_header("Content-Disposition", "attachment", filename=filename) except Exception, msg: raise as2utils.as2decryptionfailed("Failed to decrypt message, exception message is %s" % msg)
str(message.organization.encryption_key.certificate_passphrase) ) #micContent,raw_payload = as2utils.canonicalize(decrypted_content),decrypted_content raw_payload = decrypted_content payload = email.message_from_string(decrypted_content) ### Check if decrypted content is the actual content if payload.get_content_type() == 'text/plain': payload = email.Message.Message() payload.set_payload(decrypted_content) payload.set_type('application/edi-consent') if filename: payload.add_header('Content-Disposition', 'attachment', filename=filename) except Exception, msg: raise as2utils.as2decryptionfailed('Failed to decrypt message, exception message is %s' %msg) if message.partner.signature and payload.get_content_type() != 'multipart/signed': raise as2utils.as2insufficientsecurity('Incoming messages from AS2 partner %s are defined to be signed'%message.partner.as2_name) if payload.get_content_type() == 'multipart/signed': if not message.partner.signature_key: raise as2utils.as2insufficientsecurity('Partner has no signature verification key defined') micalg = payload.get_param('micalg').lower() or 'sha1' models.Log.objects.create(message=message, status='S', text=_(u'Message is signed, Verifying it using public key %s'%message.partner.signature_key)) pyas2init.logger.debug('Verifying the signed payload:\n%s'%payload.as_string()) message.signed = True main_boundary = '--' + payload.get_boundary() cert = str(message.partner.signature_key.certificate.path) ca_cert = cert if message.partner.signature_key.ca_cert: ca_cert = str(message.partner.signature_key.ca_cert.path) verify_cert = message.partner.signature_key.verify_cert ### Extract the base64 encoded signature for part in payload.walk():