I'm trying to get the attachments of a signed mail via the microsoft-graph-api.
I use a GET-Request on this URL:
https://graph.microsoft.com/v1.0/me/messages/AAMkAG.../attachments
This should return a list of objects for the specified mail. Every object contains metadata like "name" and "contentType" of one attachment as well as the attribute "contentBytes" which contains the content of the attachment as a base64-string.
If the mail has no attachments this list is empty.
This works fine so far with every mail that is not signed via S/MIME.
However, if the mail is signed with S/MIME, I get strange results in the response list.
No matter how many attachments the mail has, the response list only contains one element. This element then comes with the name "smime.p7m" and the contentType "multipart/signed" while the contentBytes attribute contains almost the entire MIME of the mail instead of the content of a single attachment.
I can't imagine that this is desired behaviour, so I'm asking:
Is this a bug in the microsoft-graph-api or am I doing something wrong in the request and if so, how can I fix this?
This is not a bug but the expected behavior in case of a 'multipart/signed' message.
From RFC5751 (bottom of page 26):
The multipart/signed media type has two parts. The first part contains the MIME entity that is signed; the second part contains the "detached signature" CMS SignedData object in which the encapContentInfo eContent field is absent.
So the signed content, including any attachments, is stored inside the one smime.p7m attachment. It is up to you to extract it.
Assuming you are using .Net, you can use the SignedCms class to validate the signature and retrieve the content using the ContentInfo property.