Hi,
Recently I am exploring Mendelson Test Server to send EDI data using AS2 communication protocol. As per the documentation I have set ‘mycompanyAS2’ as the sender and ‘mendelsontestAS2’ as receiver. In security setting I have configured the sender and receiver as per the screenshot provided. Now I have created a C# client application using which I want to send EDI data to Mendelson Test Server. I have tried to Sign the data using private key ‘Key3’ and Encrypted the data using ‘Key4’ certificate. Both the private key and certificate I have exported using the export option provided by the Mendelson Test Server. But while sending the data I am getting the following error ‘An error occurred during the AS2 message processing: Incoming messages from AS2 partner mycompanyAS2 are defined to be encrypted’. For reference I am also giving sample code
var config = new AS2Configuration
{
LocalPartyId = "mycompanyAS2",
RemotePartyId = "mendelsontestAS2",
EncryptionAlgo = EncryptionAlgo.AES_256,
SigningAlgorithm = SigningAlgorithm.SHA256,
LocalCertificate = new X509Certificate2("C:\\mendelson\\opensource\\as2\\key_export20240423.p12", "test"),
RemoteCertificate = new X509Certificate2("C:\\mendelson\\opensource\\as2\\key4-cert.cer"),
HttpUrl = http://testas2.mendelson-e-c.com:8080/as2/HttpReceiver,
HttpUsername = "your-username",
HttpPassword = "your-password"
};
// Create an AS2 client
var client = new AS2Client(config);
// Send a message
var messageContent = Encoding.UTF8.GetBytes("This is the message content.");
var response = client.SendMessage(messageContent, "some-file-name.txt");
================================================= SendMessage method =====================================
var message = new AS2Message
{
MessageId = Guid.NewGuid().ToString(),
From = _configuration.LocalPartyId,
To = _configuration.RemotePartyId,
Content = content,
EncryptionAlgorithm = _configuration.EncryptionAlgo.ToString(),
SignatureAlgorithm = _configuration.SigningAlgorithm.ToString()
};
message.Encrypt(_configuration.RemoteCertificate);
message.Sign(_configuration.LocalCertificate);
var returnMsg = SendHttpMessage(message, fileName);
======================================== Encrypt Method=====================
public void Encrypt(X509Certificate2 certificate)
{
using (var rsa = certificate.GetRSAPublicKey())
{
if (EncryptionAlgorithm == EncryptionAlgo.TripleDES_168.ToString())
{
using (var des = TripleDES.Create())
{
des.KeySize = 192;
des.Mode = CipherMode.CBC;
des.Padding = PaddingMode.PKCS7;
var key = des.Key;
var iv = des.IV;
var encryptedKey = rsa.Encrypt(key, RSAEncryptionPadding.Pkcs1);
var encryptedIV = rsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1);
EncryptedContent = des.CreateEncryptor().TransformFinalBlock(Content, 0, Content.Length);
// Assume EncryptedContent is a List
EncryptedContent = encryptedKey.Concat(encryptedIV).Concat(EncryptedContent).ToArray();
}
}
else if (EncryptionAlgorithm == EncryptionAlgo.AES_128.ToString())
{
// Implement AES-128 encryption logic
throw new NotImplementedException();
}
else if (EncryptionAlgorithm == EncryptionAlgo.AES_256.ToString())
{
using (var aes = Aes.Create())
{
aes.KeySize = 256;
aes.Mode = CipherMode.ECB;
aes.Padding = PaddingMode.PKCS7;
aes.GenerateKey();
using (var encryptor = aes.CreateEncryptor(aes.Key, null))
{
try
{
// Perform encryption
EncryptedContent = encryptor.TransformFinalBlock(Content, 0, Content.Length);
}
catch (Exception ex)
{
Console.WriteLine($"Encryption failed: {ex.Message}");
}
}
}
}
else if (EncryptionAlgorithm == EncryptionAlgo.SHA256withRSA.ToString())
{
using (var sha256 = SHA256.Create())
{
// Compute the hash of the data
byte[] hash = sha256.ComputeHash(Content);
// Encrypt the hash using the RSA private key
EncryptedContent = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
}
}
}
========================================= Sign Method ===========================
public void Sign(X509Certificate2 certificate)
{
using (var rsa = certificate.GetRSAPrivateKey())
{
if (SignatureAlgorithm == SigningAlgorithm.SHA1.ToString())
{
Signature = rsa.SignData(Content, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}
else if (SignatureAlgorithm == SigningAlgorithm.SHA256.ToString())
{
Signature = rsa.SignData(Content, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
// Add more signing algorithm implementations as needed
}
}
========================================= SendHttpMessage =============================
private AS2MessageResponse SendHttpMessage(AS2Message message, string fileName)
{
using (var httpClient = new HttpClient())
{
var requestMessage = new HttpRequestMessage(HttpMethod.Post, _configuration.HttpUrl);
requestMessage.Headers.Add("AS2-From", _configuration.LocalPartyId);
requestMessage.Headers.Add("AS2-To", _configuration.RemotePartyId);
requestMessage.Headers.Add("AS2-Version", "1.2");
requestMessage.Headers.Add("Message-ID", message.MessageId);
//requestMessage.Headers.Add("Content-Type", "application/as2");
requestMessage.Headers.Add("Disposition-Notification-To", _configuration.LocalPartyId);
requestMessage.Headers.Add("Disposition-Notification-Options", $"signed-receipt-protocol=required, pkcs7-signature; signed-receipt-micalg=required, {message.SignatureAlgorithm.ToString().ToLower()}");
var content = new ByteArrayContent(message.EncryptedContent ?? message.Content);
content.Headers.Add("Content-Type", "application/as2");
requestMessage.Content = content;
var response = httpClient.SendAsync(requestMessage).Result;
if (response.StatusCode == HttpStatusCode.OK)
{
return new AS2MessageResponse
{
Status = AS2MessageStatus.Successful,
Content = response.Content.ReadAsByteArrayAsync().Result,
ResponseContent= response.Content.ReadAsStringAsync().Result
};
}
else
{
return new AS2MessageResponse
{
Status = AS2MessageStatus.Failed,
Content = null
};
}
}
}
