James Mahoney

Notes on AS2 MDNs

Jun 18th 2019

The goto help for .NET developers wanting to send or receive AS2 without a third party library is this one

Unfortunately the detail about creating an MDN to return in response to receiving a file is somewhat lacking...

After a bit of toing and froing of deconstructing a real MDN generated by another RSS solution I managed to figure it out.

MDN overview

A signed MDN is a multipart message made up of the following

  • Message - multipart/signed
    • Part 1 - multipart/report
      • Part a - text/plain - a human friendly response
      • Part a - message/disposition-notification - the actual response that the sending AS2 server can do something with
    • Part 2 - application/pkcs7-signature
      • Digital signature of the first part i.e. parts a and b

Part a

A human friendly string

Content-Type: text/plain

A message of some kind. Something that would make sense to a human e.g. message with id 'blah' sent from 'sender' to 'recipient' has been received and processed successfully

Part b

A collection of data taking the form of HTTP headers

Content-Type: message/disposition-notification

Original-Recipient: rfc822; mendelsontestAS2
Final-Recipient: rfc822; mendelsontestAS2
Original-Message-ID: <AS2_024737Thu>
Disposition: automatic-action/MDN-sent-automatically; processed
Received-Content-MIC: ztIqTMkKwPDxQRhvQajdHfOVx8A=, sha1
  • Received-Content-MIC: this is the hash of the original message
    • If the original message was signed then only hash the message portion, not the signature

Part 1

Combine part a and part b together!

A common convention is to use "MDNBoundary" as the multipart boundary

--MDNBoundary
Content-Type: text/plain

The incoming message from ThirdPartyCompany to UnitTests with Id <[email protected]_UnitTests> was received successfully. This is not a guarantee that the message has been processed by the receiving translator.

--MDNBoundary
Content-Type: message/disposition-notification

Original-Recipient: rfc822;UnitTests
Final-Recipient: rfc822;UnitTests
Original-Message-ID: <[email protected]_UnitTests>
Disposition: automatic-action/MDN-sent-automatically; processed

--MDNBoundary--

Part 2

Generate a signature for Part 1

This involves hashing the contents of that first part i.e. start at --MDNBoundary and finish at --MDNBoundary--

Remember to include the trailing \r\n

Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition:  attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIIFNQYJKoZIhvcNAQcCoIIFJjCCBSICAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCA0Yw
ggNCMIICKqADAgECAhAEgxCDCl5FL5NapV+Kxn8gMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMT
EkRldmZ1c2lvblVuaXRUZXN0czAgFw0xOTA1MzAwODM4MDVaGA8yMTAyMDkzMDA4NDgwNVowHTEb
MBkGA1UEAxMSRGV2ZnVzaW9uVW5pdFRlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy2lr1pIqvGbQrZpUfP1HsVVt4I9IxKq4mKMJZ3uqMi5IiM/7UzQwiiXhOPQTg8Yn0LZTW+D+
efG0N8zWhWmWz4XWDjo/+cFxZrtKpEdizD1ZPtDQicMX0Zyumt9pcKdw+VDOGbPOTmM/JA1DaB2/
TBh+LTtOpcYp0Z+YVWfT8nC+12FqF6wC3SmE/C/FnpEKEg6L8sv/T4FHxpZZnuJ4I3/bqXKsmaCd
M5dImbcqpRjimoquQutCMi/s5i1hTbGq7Mqpqq1PgLCieYAy5DOKYpYQbkpZdTZBsr4ryS5z5olg
fh6bBLlHHxGWMwLMMx0sn/9q93GOTE8wCkhA3dui5QIDAQABo3wwejAOBgNVHQ8BAf8EBAMCBaAw
CQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUt+AL
fRABCUQtVgPSqpMQJCdYxuswHQYDVR0OBBYEFLfgC30QAQlELVYD0qqTECQnWMbrMA0GCSqGSIb3
DQEBCwUAA4IBAQAz7VST1StdPp0Z6DJIz4NSqJ6pWwvO3SZKv8k6IwVd5ltDA9Aw3eAlgjMCVR+x
CyaB90cqxexVmgas+xvgrf3QpW1/5RlAGQ5MP804Tgm1VO9B/JVn5xgSfNCpivv2n8rApFRAnRM8
ItFBFHaUPu4IeuegPIMQg1AeiHHFQqxQ+1AG3OwTUvHvKCNFhC1+dhAgUPX277tb+5UbSP0FKk7n
huF0Rp+MjbC+FRCyPLAMhBz+HuCUtpT3IEBB33mh3WTq8yViRiq6Ccm5W0ovFL56Dqb4gLwAUwg1
eiauoITdk9qeOyk2dzvzyfbsHjqG+sCYLWVxjoI3HfU/f5/W3lCPMYIBtzCCAbMCAQEwMTAdMRsw
GQYDVQQDExJEZXZmdXNpb25Vbml0VGVzdHMCEASDEIMKXkUvk1qlX4rGfyAwCQYFKw4DAhoFAKBd
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE5MDYwNTE1MzA1MFow
IwYJKoZIhvcNAQkEMRYEFI5sPRPBcHqkVpCvMJexDAcssa2hMA0GCSqGSIb3DQEBAQUABIIBAFGb
cJmSxiPj0BgvSXUswCYUH5rA6eQAVXt8cLdRhAwaGqGpEoa13OQojF5mkU8Kql8q1gXPRlmG71dV
pT1ysgN26CNssOM21MsUMLCQuD2PQ1yJLXERbNw4K9vUwDga3U+H6YpsW4REclxhVUoaJm2EoQ+G
upuicCALP9lc80NtFr2vPYenBr7E2Yv64IqQX0jb8u8OMtkpCnojXtEuRhcUHfxhDjBRq2SJ9cKC
kexKFEm6IgvYWMrdlObSTuXo5zdAp3HJQIpmk8kFwDeECxiCe5o6UCE44PATmzREyYO0CYw3SXNF
qUZ3l86qxJO1V4jGxXto71WdXMxEiUNlPHA=

Message

Join parts 1 and 2 together using another multipart boundary marker


--80edd8a5-c53b-499d-8929-61a027d449d5
Content-Type: multipart/report; report-type=disposition-notification; boundary="MDNBoundary"
Content-Transfer-Encoding: 8bit


--MDNBoundary
Content-Type: text/plain

The incoming message from ThirdPartyCompany to UnitTests with Id <[email protected]_UnitTests> was received successfully. This is not a guarantee that the message has been processed by the receiving translator.

--MDNBoundary
Content-Type: message/disposition-notification

Original-Recipient: rfc822; mendelsontestAS2
Final-Recipient: rfc822; mendelsontestAS2
Original-Message-ID: <AS2_024737Thu>
Disposition: automatic-action/MDN-sent-automatically; processed
Received-Content-MIC: ztIqTMkKwPDxQRhvQajdHfOVx8A=, sha1

--MDNBoundary--

--80edd8a5-c53b-499d-8929-61a027d449d5
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition:  attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIIFNQYJKoZIhvcNAQcCoIIFJjCCBSICAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCA0Yw
ggNCMIICKqADAgECAhAEgxCDCl5FL5NapV+Kxn8gMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMT
EkRldmZ1c2lvblVuaXRUZXN0czAgFw0xOTA1MzAwODM4MDVaGA8yMTAyMDkzMDA4NDgwNVowHTEb
MBkGA1UEAxMSRGV2ZnVzaW9uVW5pdFRlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy2lr1pIqvGbQrZpUfP1HsVVt4I9IxKq4mKMJZ3uqMi5IiM/7UzQwiiXhOPQTg8Yn0LZTW+D+
efG0N8zWhWmWz4XWDjo/+cFxZrtKpEdizD1ZPtDQicMX0Zyumt9pcKdw+VDOGbPOTmM/JA1DaB2/
TBh+LTtOpcYp0Z+YVWfT8nC+12FqF6wC3SmE/C/FnpEKEg6L8sv/T4FHxpZZnuJ4I3/bqXKsmaCd
M5dImbcqpRjimoquQutCMi/s5i1hTbGq7Mqpqq1PgLCieYAy5DOKYpYQbkpZdTZBsr4ryS5z5olg
fh6bBLlHHxGWMwLMMx0sn/9q93GOTE8wCkhA3dui5QIDAQABo3wwejAOBgNVHQ8BAf8EBAMCBaAw
CQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUt+AL
fRABCUQtVgPSqpMQJCdYxuswHQYDVR0OBBYEFLfgC30QAQlELVYD0qqTECQnWMbrMA0GCSqGSIb3
DQEBCwUAA4IBAQAz7VST1StdPp0Z6DJIz4NSqJ6pWwvO3SZKv8k6IwVd5ltDA9Aw3eAlgjMCVR+x
CyaB90cqxexVmgas+xvgrf3QpW1/5RlAGQ5MP804Tgm1VO9B/JVn5xgSfNCpivv2n8rApFRAnRM8
ItFBFHaUPu4IeuegPIMQg1AeiHHFQqxQ+1AG3OwTUvHvKCNFhC1+dhAgUPX277tb+5UbSP0FKk7n
huF0Rp+MjbC+FRCyPLAMhBz+HuCUtpT3IEBB33mh3WTq8yViRiq6Ccm5W0ovFL56Dqb4gLwAUwg1
eiauoITdk9qeOyk2dzvzyfbsHjqG+sCYLWVxjoI3HfU/f5/W3lCPMYIBtzCCAbMCAQEwMTAdMRsw
GQYDVQQDExJEZXZmdXNpb25Vbml0VGVzdHMCEASDEIMKXkUvk1qlX4rGfyAwCQYFKw4DAhoFAKBd
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE5MDYwNTE1MzA1MFow
IwYJKoZIhvcNAQkEMRYEFI5sPRPBcHqkVpCvMJexDAcssa2hMA0GCSqGSIb3DQEBAQUABIIBAFGb
cJmSxiPj0BgvSXUswCYUH5rA6eQAVXt8cLdRhAwaGqGpEoa13OQojF5mkU8Kql8q1gXPRlmG71dV
pT1ysgN26CNssOM21MsUMLCQuD2PQ1yJLXERbNw4K9vUwDga3U+H6YpsW4REclxhVUoaJm2EoQ+G
upuicCALP9lc80NtFr2vPYenBr7E2Yv64IqQX0jb8u8OMtkpCnojXtEuRhcUHfxhDjBRq2SJ9cKC
kexKFEm6IgvYWMrdlObSTuXo5zdAp3HJQIpmk8kFwDeECxiCe5o6UCE44PATmzREyYO0CYw3SXNF
qUZ3l86qxJO1V4jGxXto71WdXMxEiUNlPHA=

--80edd8a5-c53b-499d-8929-61a027d449d5--