获取 S/MIME 签名邮件的附件 [英] Getting attachments of a S/MIME signed mail
问题描述
我正在尝试通过 microsoft-graph-api 获取签名邮件的附件.
I'm trying to get the attachments of a signed mail via the microsoft-graph-api.
我在此 URL 上使用了 GET 请求:
I use a GET-Request on this URL:
https://graph.microsoft.com/v1.0/me/messages/AAMkAG.../attachments
这应该返回指定邮件的对象列表.每个对象都包含一个附件的name"和contentType"等元数据,以及包含附件内容的属性contentBytes"附件为 base64-string.
This should return a list of objects for the specified mail. Every object contains metadata like "name" and "contentType" of one attachment as well as the attribute "contentBytes" which contains the content of the attachment as a base64-string.
如果邮件没有附件,则此列表为空.
If the mail has no attachments this list is empty.
到目前为止,对于每封未通过 S/MIME 签名的邮件,这都可以正常工作.
但是,如果邮件使用 S/MIME 签名,我会在响应列表中得到奇怪的结果.
This works fine so far with every mail that is not signed via S/MIME.
However, if the mail is signed with S/MIME, I get strange results in the response list.
无论邮件有多少附件,回复列表都只包含一个元素.该元素随后带有名称smime.p7m"和内容类型multipart/signed",而 contentBytes 属性几乎包含邮件的整个 MIME 而不是内容单个附件.
No matter how many attachments the mail has, the response list only contains one element. This element then comes with the name "smime.p7m" and the contentType "multipart/signed" while the contentBytes attribute contains almost the entire MIME of the mail instead of the content of a single attachment.
我无法想象这是理想的行为,所以我问:
I can't imagine that this is desired behaviour, so I'm asking:
这是 microsoft-graph-api 中的错误还是我在请求中做错了什么,如果是,我该如何解决?
推荐答案
这不是错误,而是多部分/签名"消息时的预期行为.
This is not a bug but the expected behavior in case of a 'multipart/signed' message.
来自 RFC5751(第 26 页底部):
From RFC5751 (bottom of page 26):
多部分/签名媒体类型有两个部分.第一部分包含已签名的 MIME 实体;第二部分包含分离签名" CMS SignedData 对象,其中encapContentInfo eContent 字段不存在.
The multipart/signed media type has two parts. The first part contains the MIME entity that is signed; the second part contains the "detached signature" CMS SignedData object in which the encapContentInfo eContent field is absent.
所以签名的内容,包括任何附件,都存储在一个 smime.p7m 附件中.由您来提取它.
So the signed content, including any attachments, is stored inside the one smime.p7m attachment. It is up to you to extract it.
假设您使用的是 .Net,您可以使用 SignedCms 类来验证签名并使用 ContentInfo 属性检索内容.
Assuming you are using .Net, you can use the SignedCms class to validate the signature and retrieve the content using the ContentInfo property.
这篇关于获取 S/MIME 签名邮件的附件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
