File Coverage

blib/lib/Net/AS2.pm

Criterion	Covered	Total	%
statement	16	18	88.8
branch			n/a
condition			n/a
subroutine	6	6	100.0
pod			n/a
total	22	24	91.6

line	stmt	sub	time	code
1				package Net::AS2;
2	4	4	212072	use strict;
	4		7
	4		160
3	4	4	18	use warnings qw(all);
	4		4
	4		246
4
5				=head1 NAME
6
7				Net::AS2 - AS2 Protocol implementation (RFC 4130) used in Electronic Data Exchange (EDI)
8
9				=head1 SYNOPSIS
10
11				### Create an AS2 handler
12				my $as2 = Net::AS2->new(
13				MyId => 'alice',
14				MyKey => '...RSA KEY in PEM...',
15				MyCert => '...X509 Cert in PEM...'
16				PartnerId => 'bob', PartnerCert => '...X509 Cert in PEM...'
17				);
18
19				### Sending Message (Sync MDN)
20				my $mdn = $as2->send($body, Type => 'application/xml', MessageId => 'my-message-id-12345@localhost')
21
22				### Receiving MDN (Async MDN)
23				my $mdn = $as2->decode_mdn($headers, $body);
24
25				### Receiving Message and sending MDN
26				my $message = $as2->decode_message($headers, $post_body);
27
28				if ($message->is_success) {
29				print $message->content;
30				}
31
32				if ($message->is_mdn_async) {
33				# ASYNC MDN is expected
34
35				# stored the state for later use
36				my $state = $message->serialized_state;
37
38				# ...in another perl instance...
39				my $message = Net::AS2::Message->create_from_serialized_state($state);
40				$as2->send_async_mdn(
41				$message->is_success ?
42				Net::AS2::MDN->create_success($message) :
43				Net::AS2::MDN->create_from_unsuccessful_message($message),
44				'id-23456@localhost'
45				);
46				} else
47				{
48				# SYNC MDN is expected
49				my ($new_headers, $mdn_body) = $as2->prepare_sync_mdn(
50				$message->is_success ?
51				Net::AS2::MDN->create_success($message) :
52				Net::AS2::MDN->create_from_unsuccessful_message($message),
53				'id-23456@localhost'
54				);
55
56				# ... Send headers and body ...
57				}
58
59				=head1 DESCRIPTION
60
61				This is a class for handling AS2 (RFC-4130) communication - sending
62				message (optionally sign and encrypt), decoding MDN. Receving message
63				and produce corresponding MDN.
64
65				=head2 Protocol Introduction
66
67				AS2 is a protocol that defines communication over HTTP(s), and
68				optionally using SMIME as payload container, plus a mandated
69				multipart/report machine readable Message Disposition Notification
70				response (MDN).
71
72				When encryption and signature are used in SMIME payload (agree between
73				parties), as well as a signed MDN, the protocol offers data
74				confidentiality, data integrity/authenticity, non-repudiation of
75				origin, and non-repudiation of receipt over HTTP.
76
77				In AS2, MDN can only be signed but not encrypted, some MIME headers
78				are also exposed in the HTTP headers when sending. Use HTTPS if this
79				is a concerns.
80
81				Encryption and Signature are done in PKCS7/SMIME favor. The certifacate
82				are usually exchanged out of band before establishing communication.
83				The certificates could be self-signed.
84
85				=head1 PUBLIC INTERFACE
86
87				=cut
88
89	4	4	1773	use Net::AS2::MDN;
	4		19
	4		138
90	4	4	2377	use Net::AS2::Message;
	4		9
	4		144
91	4	4	25	use Carp;
	4		6
	4		232
92	4	4	2094	use Crypt::SMIME;
	0
	0
93				use LWP::UserAgent;
94				use HTTP::Request;
95				use Digest::SHA1;
96				use MIME::Base64;
97				use MIME::Parser;
98				use Encode;
99				use MIME::Entity;
100				use Sys::Hostname;
101
102				my $crlf = "\x0d\x0a";
103
104				our $VERSION = "0.03";
105
106				=head2 Constructor
107
108				=over 4
109
110				=item $as2 = Net::AS2->new(%ARGS)
111
112				Create an AS2 handler. For preparing keys and certificates, see L
113
114				The arguments are:
115
116				=over 4
117
118				=item MyId
119
120				I
121				Your AS2 name. This will be used in the AS2-From header.
122
123				=item PartnerId
124
125				I
126				The AS2 name of the partner. This will be used in the AS2-To header.
127
128				=item PartnerUrl
129
130				I
131				The Url of partner where message would be sent to.
132
133				=item MyKey
134
135				I
136				Our private key in PEM format.
137				Please includes the C<-----BEGIN RSA PRIVATE KEY-----> and C<-----END RSA PRIVATE KEY-----> line.
138
139				=item MyEncryptionKey, MySignatureKey
140
141				I
142				Different private keys could be used for encryption and signing. L will be used if not independently supplied.
143
144				=item MyCertificate
145
146				I
147				Our corresponding certificate in PEM format.
148				Please includes the C<-----BEGIN CERTIFICATE-----> and C<-----END CERTIFICATE-----> line.
149
150				=item MyEncryptionKey, MySignatureKey
151
152				I
153				Different certificate could be used for encryption and signing. L will be used if not independently supplied.
154
155				=item PartnerCertificate
156
157				I
158				Partner's certificate in PEM format.
159				Please includes the C<-----BEGIN CERTIFICATE-----> and C<-----END CERTIFICATE-----> line.
160
161				=item PartnerEncryptionCertificate, PartnerSignatureCertificate
162
163				I
164				Different certificate could be used for encryption and signing. If so, load them here.
165				L will be used if not independently supplied.
166
167				=item Encryption
168
169				I
170				Encryption alogrithm used in SMIME encryption operation. Only C<3des> is supported at this moment.
171
172				If left undefined, encryption is enabled and C<3des> would be used.
173				A false value must be specified to disable encryption.
174
175				If enabled, encryption would also be required for receiving.
176				Otherwise, encryption would be optional for receiving.
177
178				=item Signature
179
180				I
181				Signing alogrithm used in SMIME signing operation. Only C is supported at this moment.
182
183				If left undefined, signing is enabled and C would be used.
184				A false value must be specified to disable signature.
185
186				If enabled, signature would also be required for receiving.
187				Otherwise, signature would be optional for receiving.
188
189				Also, if enabled, signed MDN would be requested.
190
191				=item Mdn
192
193				I
194				The preferred MDN method - C or C. The default is C.
195
196				=item MdnAsyncUrl
197
198				i.
199				The Url where the parten should send the async MDN to.
200
201				=item Timeout
202
203				i
204				The timeout in seconds for HTTP communication. The default is 30.
205
206				This is passed to LWP::UserAgent.
207
208				=item UserAgent
209
210				I
211				User Agent name used in HTTP communication.
212
213				This is passed to LWP::UserAgent.
214
215				=back
216
217				=cut
218
219				sub new
220				{
221				my ($class, %opts) = @_;
222
223				$class = ref($class) \|\| $class;
224				my $self = { %opts };
225				bless ($self, $class);
226
227				$self->_validations();
228
229				my $s_e = $self->{_smime_enc} = Crypt::SMIME->new();
230
231				eval { $s_e->setPrivateKey($self->{MyEncryptionKey}, $self->{MyEncryptionCertificate}); };
232				croak "Unable to load private key/certificate for encryption: $@" if $@;
233
234				eval { $s_e->setPublicKey($self->{PartnerEncryptionCertificate}); };
235				croak "Unable to load public certificate for encryption: $@" if $@;
236
237				if (
238				$self->{MyEncryptionKey} eq $self->{MySignatureKey} &&
239				$self->{MyEncryptionCertificate} eq $self->{MySignatureCertificate} &&
240				$self->{PartnerEncryptionCertificate} eq $self->{PartnerSignatureCertificate}
241				) {
242				$self->{_smime_sign} = $self->{_smime_enc};
243				} else
244				{
245				my $s_s = $self->{_smime_sign} = Crypt::SMIME->new();
246
247				eval { $s_s->setPrivateKey($self->{MySignatureKey}, $self->{MySignatureCertificate}); };
248				croak "Unable to load private key/certificate for signature: $@" if $@;
249
250				eval { $s_s->setPublicKey($self->{PartnerSignatureCertificate}); };
251				croak "Unable to load public certificate for signature: $@" if $@;
252				}
253
254				return $self;
255				}
256
257				sub _validations
258				{
259				my ($self) = @_;
260
261				$self->{Encryption} = lc($self->{Encryption} // '3des');
262				croak sprintf("encryption %s is not supported", $self->{Encryption})
263				unless !$self->{Encryption} \|\| $self->{Encryption} ~~ ['3des'];
264
265				$self->{Signature} = lc($self->{Signature} // 'sha1');
266				croak sprintf("signature %s is not supported", $self->{Signature})
267				unless !$self->{Signature} \|\| $self->{Signature} ~~ ['sha1'];
268
269				$self->{MyEncryptionKey} //= $self->{MyKey};
270				$self->{MyEncryptionCertificate} //= $self->{MyCertificate};
271				$self->{MySignatureKey} //= $self->{MyKey};
272				$self->{MySignatureCertificate} //= $self->{MyCertificate};
273				$self->{PartnerEncryptionCertificate} //= $self->{PartnerCertificate};
274				$self->{PartnerSignatureCertificate} //= $self->{PartnerCertificate};
275				delete $self->{MyKey};
276				delete $self->{MyCertificate};
277				delete $self->{PartnerCertificate};
278
279				foreach my $t (qw(
280				MyId
281				MyEncryptionKey MyEncryptionCertificate
282				MySignatureKey MySignatureCertificate
283				PartnerId
284				PartnerEncryptionCertificate PartnerSignatureCertificate
285				))
286				{
287				croak "$t is not valid"
288				unless defined $self->{$t} && $self->{$t} =~ /^[\r\n\x20-\x7E]+$/;
289				}
290				croak "PartnerUrl is invalid"
291				unless defined $self->{PartnerUrl} && $self->{PartnerUrl} =~ m{^https?://[\x20-\x7E]+$};
292
293				$self->{Mdn} = lc($self->{Mdn} // 'sync');
294				croak sprintf("mdn %s is not supported", $self->{Mdn})
295				unless lc($self->{Mdn}) ~~ [qw(sync async)];
296
297				croak "mdn_async_url is invalid"
298				unless
299				!defined $self->{MdnAsyncUrl} && $self->{Mdn} eq 'sync' \|\|
300				defined $self->{MdnAsyncUrl} && $self->{MdnAsyncUrl} =~ m{^https?://[\x20-\x7E]+$} &&
301				$self->{Mdn} eq 'async';
302
303				$self->{Timeout} //= 30;
304				croak "timeout is invalid"
305				unless $self->{Timeout} =~ /^[0-9]+$/;
306
307				$self->{UserAgent} //= "Perl AS2/$VERSION";
308				}
309
310				=back
311
312				=head2 Methods
313
314				=over 4
315
316				=item $message = $as2->decode_message($headers, $content)
317
318				Decode the incoming HTTP request as AS2 Message.
319
320				Headers is an hash ref and should be supplied in PSGI format, or C<\%ENV> in CGI mode.
321				Content is the raw POST body of the request.
322
323				This method always returns a C object and never dies.
324				The message could be successfully parsed, or contains corresponding error message.
325
326				Check the C<$message-Eis_async> property and send the MDN accordingly.
327
328				If ASYNC MDN is requested, it should be sent after this HTTP request is returned
329				or in another thread - some AS2 server might block otherwise, YMMV. How to handle
330				this is out of topic.
331
332				=cut
333
334				sub decode_message
335				{
336				my ($self, $headers, $content) = @_;
337				croak "headers must be an hash reference"
338				unless ref $headers eq 'HASH';
339				croak "content is undefined"
340				unless defined $content;
341
342				my $message_id = $headers->{HTTP_MESSAGE_ID};
343				my $async_url = $headers->{HTTP_RECEIPT_DELIVERY_OPTION};
344				my @new_prefix = ($message_id, $async_url, 0);
345
346				unless (!defined $async_url \|\| $async_url =~ m{^https?://}) {
347				$new_prefix[1] = undef;
348				return Net::AS2::Message->create_failure_message(@new_prefix, 'Async transport other than http/https is not supported');
349				}
350
351				if ($headers->{HTTP_DISPOSITION_NOTIFICATION_OPTIONS}) {
352				my $status = Net::AS2::Message::notification_options_check($headers->{HTTP_DISPOSITION_NOTIFICATION_OPTIONS});
353				return Net::AS2::Message->create_failure_message(@new_prefix, $status)
354				if defined $status;
355				$new_prefix[2] = 1;
356				}
357
358				unless (
359				defined $headers->{CONTENT_TYPE} &&
360				defined $headers->{HTTP_MESSAGE_ID} &&
361				defined $headers->{HTTP_AS2_VERSION} &&
362				defined $headers->{HTTP_AS2_FROM} &&
363				defined $headers->{HTTP_AS2_TO})
364				{
365				return Net::AS2::Message->create_error_message(@new_prefix, 'unexpected-processing-error', 'Malformed AS2 Message, crucial headers are missing.');
366				}
367
368				if (
369				_parse_as2_id($headers->{HTTP_AS2_FROM}) ne $self->{PartnerId} \|\|
370				_parse_as2_id($headers->{HTTP_AS2_TO}) ne $self->{MyId}
371				) {
372				return Net::AS2::Message->create_error_message(@new_prefix, 'authentication-failed', 'AS2-From or AS2-To is not expected');
373				}
374
375				my $is_content_raw = 1;
376
377				my $raw_content = $content;
378				my $merged_headers =
379				join($crlf, map {
380				if (/^HTTP_/ \|\| /^CONTENT_TYPE$/) {
381				my $key = $_;
382				$key =~ s/^HTTP_//;
383				$key =~ s/_/-/g;
384				"$key: ". $headers->{$_};
385				} else { (); }
386				} keys %{$headers}) . "$crlf$crlf";
387
388				if ($self->{_smime_enc}->isEncrypted($merged_headers . $content))
389				{
390				# OpenSSL (Crypt::SMIME) in Windows cannot handle binary content,
391				# convert the data to base64
392				$content =
393				"Content-Transfer-Encoding: base64$crlf" .
394				$merged_headers .
395				encode_base64($content);
396				$is_content_raw = 0;
397
398				$content = eval { $self->{_smime_enc}->decrypt($content); };
399				return Net::AS2::Message->create_error_message(@new_prefix,
400				'decryption-failed', 'Unable to decrypt the message')
401				if $@;
402				} else {
403				return Net::AS2::Message->create_error_message(@new_prefix,
404				'insufficient-message-security', 'Encryption is expected but the message is not encrypted')
405				if $self->{Encryption};
406				}
407
408				if ($self->{_smime_sign}->isSigned($is_content_raw ? $merged_headers . $content : $content))
409				{
410				if ($is_content_raw) {
411				$content =
412				$merged_headers .
413				$content;
414				$is_content_raw = 0;
415				}
416				$content = eval { $self->{_smime_sign}->check($content); };
417
418				return Net::AS2::Message->create_error_message(@new_prefix,
419				'insufficient-message-security', 'Unable to verify the signature')
420				if $@;
421				} else {
422				return Net::AS2::Message->create_error_message(@new_prefix,
423				'insufficient-message-security', 'Signature is expected but the message is not signed')
424				if $self->{Signature};
425				}
426
427				my $mic = Digest::SHA1::sha1_base64($content) . '=';
428
429				my $parser = new MIME::Parser;
430				$parser->output_to_core(1);
431				$parser->tmp_to_core(1);
432				my $entity = $parser->parse_data($is_content_raw ? $merged_headers . $content : $content);
433				my $bh = $entity->bodyhandle;
434
435				return Net::AS2::Message->create_failure_message(@new_prefix,
436				'unexpected-processing-error',
437				'MIME has no body (multipart message is not supported)')
438				unless defined $bh;
439
440				$content = $bh->as_string;
441				return Net::AS2::Message->new(@new_prefix, $mic, $content);
442				}
443
444				=item $mdn = $as2->decode_mdn($headers, $content)
445
446				I
447				Decode the incoming HTTP request as AS2 MDN.
448
449				Headers is an hash ref and should be supplied in PSGI format, or C<\%ENV> in CGI mode.
450				Content is the raw POST body of the request.
451
452				This method always returns a C object and never dies.
453				The MDN could be successfully parsed, or contains unparsable error details
454				if it is malformed, or signature could not be verified.
455
456				C<$mdn-Ematch_mic($content_mic)> should be called afterward with the
457				pre-calculated MIC from the outgoing message to verify the correctness
458				of the MIC.
459
460				=cut
461
462				sub decode_mdn
463				{
464				my ($self, $headers, $content) = @_;
465				croak "headers must be an hash reference"
466				unless ref $headers eq 'HASH';
467				croak "content is undefined"
468				unless defined $content;
469
470				unless (
471				defined $headers->{CONTENT_TYPE} &&
472				defined $headers->{HTTP_MESSAGE_ID} &&
473				defined $headers->{HTTP_AS2_VERSION} &&
474				defined $headers->{HTTP_AS2_FROM} &&
475				defined $headers->{HTTP_AS2_TO})
476				{
477				return Net::AS2::MDN->create_unparsable_mdn('Malformed AS2 MDN, crucial headers are missing.')
478				}
479
480				if (
481				_parse_as2_id($headers->{HTTP_AS2_FROM}) ne $self->{PartnerId} \|\|
482				_parse_as2_id($headers->{HTTP_AS2_TO}) ne $self->{MyId}
483				) {
484				return Net::AS2::MDN->create_unparsable_mdn('AS2-From or AS2-To is not expected')
485				}
486
487				my $merged_headers =
488				join($crlf, map {
489				if (/^HTTP_/ \|\| /^CONTENT_TYPE$/) {
490				my $key = $_;
491				$key =~ s/^HTTP_//;
492				$key =~ s/_/-/g;
493				"$key: ". $headers->{$_};
494				} else { (); }
495				} keys %{$headers}) . "$crlf$crlf";
496
497				$content =
498				$merged_headers .
499				$content;
500
501				return $self->_parse_mdn($content);
502				}
503
504				=item ($headers, $content) = $as2->prepare_sync_mdn($mdn, $message_id)
505
506				Returns the headers and content to be sent in a HTTP response for a sync MDN.
507
508				The MDN is usually created after an incoming message is received, with
509				Ccreate_success> or Ccreate_from_unsuccessful_message>.
510
511				The headers are in arrayref format in PSGI response format.
512				The content is raw and ready to be sent.
513
514				For CGI, it should be sent like this:
515
516				my ($headers, $content) = $as2->prepare_sync_mdn($mdn, $message_id);
517
518				my $mh = '';
519				for (my $i = 0; $i < scalar @{$headers}; $i += 2)
520				{
521				$mh .= $headers->[$i] . ': ' . $headers->[$i+1] . "\x0d\x0a";
522				}
523
524				binmode(STDOUT);
525				print $mh . "\x0d\x0a" . $content;
526
527				If message id not specified, a random one will be generated.
528
529				=cut
530
531				sub prepare_sync_mdn
532				{
533				my ($self, $mdn, $message_id) = @_;
534
535				$mdn->recipient($self->{MyId});
536
537				$message_id =
538				defined $message_id && $message_id =~ /@/ ? $message_id :
539				sprintf('<%s@%s>', ($message_id \|\| time + rand()), hostname);
540				my ($headers, $payload) =
541				$self->_send_preprocess($mdn->as_mime->stringify, $message_id, undef, undef,
542				1, $mdn->should_sign);
543
544				return ($headers, $payload);
545				}
546
547				=item $resp = $as2->send_async_mdn($mdn, $message_id)
548
549				Send an ASYNC MDN requested by partner. Returns a L.
550
551				The MDN is usually created after an incoming message is received, with
552				Ccreate_success> or Ccreate_from_unsuccessful_message>.
553
554				If message id is not specified, a random one will be generated.
555
556				Note that the destination URL is passed by the partner in its request,
557				but not specified during construction.
558
559				=cut
560
561				sub send_async_mdn
562				{
563				my ($self, $mdn, $message_id) = @_;
564
565				$mdn->recipient($self->{MyId});
566				my $target_url = $mdn->async_url;
567
568				croak "MDN async url is not defined" unless $target_url;
569				croak "MDN async url is not valid" unless $target_url =~ m{^https?://};
570
571				$message_id =
572				defined $message_id && $message_id =~ /@/ ? $message_id :
573				sprintf('<%s@%s>', ($message_id \|\| time + rand()), hostname);
574				my ($headers, $payload) =
575				$self->_send_preprocess($mdn->as_mime->stringify, $message_id, $target_url, undef,
576				1, $mdn->should_sign);
577
578				my $req = HTTP::Request->new(POST => $target_url, \@$headers);
579				$req->content($payload);
580
581				my $ua = $self->create_useragent;
582				my $resp = $ua->request($req);
583
584				return $resp;
585				}
586
587
588				=item ($mdn, $mic) = $as2->send($data, %MIMEHEADERS)
589
590				Send a message to the partner. Returns a C object and calculated SHA-1 MIC.
591
592				The data should be encoded (or assumed to be UTF-8 encoded).
593
594				The mime headers should be listed in a hash.
595				It will be passed to C almost transparently with some defaults dedicated for AS2,
596				at least the following must also be supplied
597
598				=over 4
599
600				=item MessageId
601
602				Message id of this request should be supplied, or a random one would be generated.
603
604				=item Type
605
606				Content type of the message should be supplied.
607
608				=back
609
610				In case of HTTP failure, the MDN object will be marked with C<$mdn-Eis_error>.
611
612				In case ASYNC MDN is expected, the MDN object returned will most likely be marked with
613				C<$mdn-Eis_unparsable> and should be ignored. A misbehave AS2 server could returns
614				a valid MDN even if async was requested - in this case the C<$mdn-Eis_success> would
615				be true.
616
617				=cut
618
619				sub send
620				{
621				my ($self, $data, %opts) = @_;
622
623				croak "data is not defined"
624				unless defined $data;
625
626				$data = utf8::is_utf8($data) ? encode("utf8", $data) : $data;
627				my $mic;
628				$mic = Digest::SHA1::sha1_base64($data) . '='
629				unless $self->{Signature} \|\| $self->{Encryption};
630
631				my $message_id = $opts{MessageId} // '';
632				$message_id =
633				$message_id =~ /@/ ? $message_id :
634				sprintf('<%s@%s>', ($message_id \|\| time + rand()), hostname);
635
636				$opts{Encoding} = 'base64';
637				$opts{Disposition} //= 'attachment';
638				$opts{Subject} //= 'AS2 Message';
639				$opts{'X-Mailer'} = undef;
640
641				my $mime = new MIME::Entity->build(Data => $data, %opts);
642				return $self->_send($mime->stringify, $message_id, $mic);
643				}
644
645				sub _send_preprocess
646				{
647				my ($self, $data, $message_id, $target_url, $pre_mic, $is_mdn, $should_mdn_signed) = @_;
648
649				$data =~ s/(?:$crlf\|\n)/$crlf/g;
650				my $mic = $is_mdn ? undef : ($pre_mic // Digest::SHA1::sha1_base64($data) . '=');
651
652				if ($is_mdn && $should_mdn_signed \|\| !$is_mdn && $self->{Signature}) {
653				$data = $self->{_smime_sign}->sign($data);
654				}
655				if ($self->{Encryption} && !$is_mdn) {
656				$data = $self->{_smime_enc}->encrypt($data);
657				}
658
659				my ($header, $payload) = $data =~ /^(.?)$crlf$crlf(.)$/s;
660
661				$header =~ //;
662
663				my @header;
664				my ($prev_head, $prev_value);
665				my $is_base64 = 0;
666				foreach my $line (split(/$crlf/, $header))
667				{
668				if ($line =~ m/^([^:]+):\s(.)/) {
669				my ($key, $value) = ($1, $2);
670				push @header, ($prev_head => $prev_value)
671				if defined $prev_head;
672				if (lc($key) eq 'content-type') {
673				$value =~ s{application/x-pkcs7}{application/pkcs7};
674				} elsif (lc($key) eq 'content-transfer-encoding') {
675				$is_base64 = 1 if lc($value) eq 'base64';
676				$key = undef;
677				}
678				$prev_head = $key;
679				$prev_value = $value;
680				} elsif (defined $prev_head) {
681				$prev_value .= " $line";
682				}
683				}
684				push @header, ($prev_head => $prev_value)
685				if defined $prev_head;
686
687				push @header, (
688				defined $target_url ? ('Recipient-Address' => $target_url) : (),
689				'Message-Id' => $message_id,
690				'AS2-Version' => '1.0',
691				'AS2-From' => _encode_as2_id($self->{MyId}), 'AS2-To' => _encode_as2_id($self->{PartnerId}),
692				$is_mdn ? () : (
693				'Disposition-notification-To' => 'example@example.com',
694				($self->{Signature} ? (
695				'Disposition-Notification-Options' => 'signed-receipt-protocol=required, pkcs7-signature; signed-receipt-micalg=required, sha1'
696				) : ()),
697				($self->{MdnAsyncUrl} ? (
698				'Receipt-Delivery-Option' => $self->{MdnAsyncUrl}
699				) : ())
700				),
701				);
702				$payload = decode_base64($payload)
703				if $is_base64;
704				return (\@header, $payload, $mic);
705				}
706
707				=back
708
709				=head2 Test Hooks
710
711				=over 4
712
713				=item $as2->create_useragent()
714
715				This should return a C usable for handling HTTP request.
716
717				This allows test code to monitor the HTTP request sending out.
718
719				=cut
720
721				sub create_useragent
722				{
723				my $self = shift;
724				my $ua = new LWP::UserAgent(timeout => $self->{Timeout}, agent => $self->{UserAgent});
725				return $ua;
726				}
727
728				sub _send
729				{
730				my ($self, $data, $message_id, $pre_mic) = @_;
731
732				my $target_url = $self->{PartnerUrl};
733				my ($headers, $payload, $mic) =
734				$self->_send_preprocess($data, $message_id, $target_url, $pre_mic);
735
736				my $req = HTTP::Request->new(POST => $target_url, \@$headers);
737				$req->content($payload);
738
739				my $test = $req->as_string;
740
741				my $ua = $self->create_useragent;
742				my $resp = $ua->request($req);
743
744				my $mdn;
745				if ($resp->is_success)
746				{
747				my $content = $resp->as_string;
748				# Remove the status line
749				$content =~ s{^.*?\r?\n}{};
750				$mdn = $self->_parse_mdn($content);
751				$mdn->match_mic($mic, 'sha1');
752
753				} else {
754				$mdn =
755				Net::AS2::MDN->create_error_mdn(sprintf('HTTP failure: %s', $resp->status_line));
756				}
757				return wantarray ? ($mdn, $mic) : $mdn;
758				}
759
760				sub _parse_mdn
761				{
762				my ($self, $content) = @_;
763
764				if ($self->{_smime_sign}->isSigned($content))
765				{
766				# OpenSSL (Crypt::SMIME) in Windows cannot handle binary content,
767				# convert signature part to base64
768				$content = _pkcs7_base64($content);
769				$content = eval { $self->{_smime_sign}->check($content); };
770				return Net::AS2::MDN->create_unparsable_mdn('MDN signature failed verification: ' . $@)
771				if $@;
772				} else {
773				return Net::AS2::MDN->create_unparsable_mdn('MDN is not signed')
774				if $self->{Signature};
775				}
776				return Net::AS2::MDN->parse_mdn($content);
777				}
778
779
780				sub _parse_as2_id {
781				my $as2_id = shift;
782				$as2_id =~ /^ (?: ([!\x23-\x5B\x5D-\x7E]+) \| "((?:\\\\\|\\"\|[!\x23-\x5B\x5D-\x7E ])+)" ) $/x;
783				if (defined $1) {
784				return $1;
785				} elsif (defined $2) {
786				$as2_id = $2;
787				$as2_id =~ s/\\(\\\|")/$1/g;
788				return $as2_id;
789				}
790				return undef;
791				}
792
793				sub _encode_as2_id {
794				my $as2_id = shift;
795				if ($as2_id =~ s/(\\\|")/\\$1/g \|\| $as2_id =~ / /) {
796				return qq{"$as2_id"};
797				} else {
798				return $as2_id;
799				}
800				}
801
802				sub _pkcs7_base64
803				{
804				my ($content) = @_;
805				my $parser = new MIME::Parser;
806
807				$parser->output_to_core(1);
808				$parser->tmp_to_core(1);
809				my $entity = $parser->parse_data($content);
810
811				if ($entity->parts == 2)
812				{
813				my $p = $entity->parts(1);
814				if (defined $p && $p->head &&
815				$p->head->get('Content-type') =~ m{^application/(x-)?pkcs7-signature($\|;)} &&
816				($p->head->get('Content-transfer-encoding') // '') ne 'base64'
817				) {
818				$p->head->replace('Content-transfer-encoding', 'base64');
819				return $entity->stringify;
820				}
821				}
822
823				return $content;
824				}
825
826				1;
827
828				=back
829
830				=head1 BUGS
831
832				=over 4
833
834				=item *
835
836				A bug in L will caused test to fail - specifically failed to add public key after decryption failure.
837				I applied the fixes and fork it to L.
838
839				=back
840
841				=head1 SEE ALSO
842
843				L, L, L, L
844
845				Source code is maintained here at L. Patches are welcome.
846
847				=head1 COPYRIGHT AND LICENSE
848
849				This software is copyright (c) 2012 by Sam Wong.
850
851				This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
852
853				=head1 DISCLAIMER OF WARRANTY
854
855				This module is not certificated by any AS2 body. This module generates MDN on behave of you.
856				When using this module, you must have reviewed and responsible for all the actions and in-actions caused by this module.
857
858				More legal jargon follows:
859
860				BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.
861
862				IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
863
864