0

I'm currently working on a proof of concept to implement an AS2 client. I have set up a consle application that works as the sender, and a ASP .Net API that works as the receiver. I tried to achieve this using the Windows.Security library but there too, there were problem with verifying the signatutre. Then I found MimeKit which seemed easier to use.

While trying to find a solution to my problem it seemed to me that most of the questions on "how to verify a signature" the answers where to do a foreach loop on the signatures in a MultipartSigned, I tried to do that, but it didn't help me.

decrypted is a MimeEntity that contains the whole message.

The null reference occurs the when I call signed.Verify();.

var signed = decrypted as MultipartSigned;
if (signed != null) {
    using (var ctx = new TemporaryMimeContext ()) {
        foreach (var signature in signed.Verify (ctx)) {
            try {
                bool valid = signature.Verify ();
            } catch (DigitalSignatureVerifyException) {
                // There was an error verifying the signature.
            }
        }
    }
}

What should happen is that the signatures should be OK, but what actually happens is that an null refrence exception occurs inside of the assembly files.

The stack trace looks like this

   at MimeKit.Cryptography.BouncyCastleSecureMimeContext.<GetDigitalSignaturesAsync>d__28.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at MimeKit.Cryptography.BouncyCastleSecureMimeContext.Verify(Stream content, Stream signatureData, CancellationToken cancellationToken)
   at MimeKit.Cryptography.MultipartSigned.Verify(CryptographyContext ctx, CancellationToken cancellationToken)
   at AS2_Proof_of_Concept.WebAPI.Controllers.MimeKitController.IncomingMessage() in C:\Users\chris\source\repos\AS2 Proof of Concept\AS2_Proof_of_Concept\AS2_Proof_of_Concept.WebAPI\Controllers\MimeKitController.cs:line 104
   at Microsoft.Extensions.Internal.ObjectMethodExecutor.<>c__DisplayClass33_0.<WrapVoidMethod>b__0(Object target, Object[] parameters)
   at Microsoft.Extensions.Internal.ObjectMethodExecutor.Execute(Object target, Object[] parameters)
   at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.VoidResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()

EDIT

Here is how the signed message looks like.

Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="----=_Part_946d8daa50ab44b699f82dbd3c6bacc0"

------=_Part_946d8daa50ab44b699f82dbd3c6bacc0
Content-Type: application/EDIFACT
Content-Transfer-Encoding: binary
Content-Disposition: attachment filename= HelloWorld.txt

test
------=_Part_946d8daa50ab44b699f82dbd3c6bacc0
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment filename="smime.p7s"

MIIEmQYJKoZIhvcNAQcCoIIEijCCBIYCAQExDTALBglghkgBZQMEAgEwCwYJKoZIhvcNAQcBoIID
EzCCAw8wggH3oAMCAQICEHRJ0r9pduGJTCHsDzuElc4wDQYJKoZIhvcNAQELBQAwETEPMA0GA1UE
AwwGTXlDZXJ0MB4XDTE5MDMyNTEzNTQzMloXDTIwMDMyNTE0MTQzMlowETEPMA0GA1UEAwwGTXlD
ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOwOacjTjhHOqTzq3EhnQG3HHfO8
YjCE/+CKcbz++mCQ2gkNVyx37rnrNrSuPp6rYZioKss9sYtwaYUe4iyisZBe7rKWNE9itScZBnwj
SCWDId0zrdd+74bkoz8OOvCizjhIcQNmuq5IyCtwB6kF3VAs58QWacjT1C7sVO+YlZdItp97LqzD
s3N8ERCJWRwWawER9h3lkg+WZWSCG2D9SYaU5fv8PNLmQyTYaacRT32WPLjSoM3YB4J9/LXrfPg+
zrK1z+TByyCmnAeFUo3f7VLrtLZYlnbqEz+WkCmZLh9BQvPjt5M2FU+uljIhaooehEPjQa9MRnUY
il4/inh+FQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
AQUFBwMBMBEGA1UdEQQKMAiCBk15Q2VydDAdBgNVHQ4EFgQUaPko4FVtzSG9dxjfY30qhq3sGd0w
DQYJKoZIhvcNAQELBQADggEBAEcfxDHRyfjr378ieNwXRodb6/tCZoFXAHaJtEnNfMfbxit324cW
rKt43dQTYg/ByFRV3HZooeNDp8lNCT7zSfiBnxLaqyDPeNuoG910CVdJ3dp2fh5Jphof4R9hgVdx
FX8BNQYH+QdrNndbCdQr/UPbuc+lmuKMCHDW8HtEOcaMoa5CvIZtL6+w9ofFAz8nWEmngagCYavb
x0fz/XZGQ4zriFs9LZEuAF36QJWsbIc53r0KwZY5r7PTuipqQu5BdkF71ljqE39e9A0nLeYN0D/u
hqstrv4+koq1EiDL/hSJLDjLJF9WZK6UYZobikhWo2QCzMapo5nPHxbTWr98bCgxggFMMIIBSAIB
ATAlMBExDzANBgNVBAMMBk15Q2VydAIQdEnSv2l24YlMIewPO4SVzjALBglghkgBZQMEAgEwCwYJ
KoZIhvcNAQEBBIIBAJyIRI42Um2T1PCq/1rmAagSvogVPinemzQHBwxMN+GNDbyOxDom2jN5j7bC
6xb5PIA/hGGhGcPxY7056Llk/FV3nxN1fjiap7sS7HOzY3YkyzlxWMt93VE0auJJKmDCg1+0tTxs
IjXVYRSIwyiMXNltkGCPH4mTWCgy+M9XsQa5iPm/v+9XPcStnO8b/k8Cy3WWxEztwEl6wwiCywUU
V0OUUAZis5zkoYKrmpSZMN+T5jW6IJ566e1lc/jV5CX6D5Ukcskpmd8WdJyO5mPVRpbXuAJnzkoj
66KO8IjHRQzN8ihB3rj9+yZVdFQNobXBzNH4cVqO845OwhD5JbJFtWQ=
------=_Part_946d8daa50ab44b699f82dbd3c6bacc0--
Chrilleson
  • 1
  • 1
  • 2
  • Would it be possible to save the `signed` part to disk and send it to me so that I can figure out what is `null`? Looking at the code, I don't see any obvious cause of an NRE. The other option is to build a debug version of MimeKit and step thru the `BouncyCastleSecureMimeContext.GetDigitalSignaturesAsync()` method to see what the problem is and let me know what variable is null so that I can fix it. – jstedfast May 03 '19 at 21:17

2 Answers2

0

While stepping through the BounncyCastleMimeContext.GetDigitalSignatureAsync() method, I found out that the SignerInformation.SignedAttributes at SecureMimeDigitalSignature (SignerInformation signerInfo, X509Certificate certificate) was null and then that null refrence caused the signature.EncryptionAlgorithms to be null too.

Chrilleson
  • 1
  • 1
  • 2
  • This is now fixed in the latest pre-release builds located at https://www.myget.org/feed/mimekit/package/nuget/MimeKit – jstedfast May 07 '19 at 17:51
0

This was a legitimate bug in Mime 2.1.4 that is now fixed in build 2.1.4.9 located at https://www.myget.org/feed/mimekit/package/nuget/MimeKit

jstedfast
  • 35,744
  • 5
  • 97
  • 110