SPAZIO MFT/S AS2 Connectorfor Distributed Platforms Installation and Configuration Guide Version 2 Release 5 EMAFTM091/06 - October 2014 SPAZIO MFT/S AS2 Connector for Distributed Platforms Installation and Configuration Guide Date of issue Reference number Brief description March 2011 EMAFTM091/01 First edition May 14th, 2012 EMAFTM091/02 Updates for Service Pack 1 - sections 2.1.1, 2.1.3, 3.2, 3.5.2, 4.2.1, 4.3, 4.4 January 21st, 2013 EMAFTM091/03 Updated sections 1.4.4, 3.4.2, 4.2.2 March 21st, 2013 EMAFTM091/04 Updated sections 1.3.2, 1.3.3, 1.4.2, 1.4.3, 3.4.2, 3.5.5, 4.2.1, 4.2.2 April 29th, 2013 EMAFTM091/05 Updated section 4.2.2 October 15th, 2014 EMAFTM091/06 Updated sections 1.2, 1.3.2, 1.4.2, 1.4.5, 2.1.1, 2.1.2, 4.2.1, 4.2.2 Added sections 1.4.7, 3.6.1 Copyright © 2014 Primeur Ltd. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any other language in whole or in part, in any form or by any means, whether it be electronic, mechanical, magnetic, optical, manual or otherwise, without prior written consent of Primeur Ltd. Primeur Ltd may revise this publication from time to time without notice. A new release of this manual contains changes made to the product since the previous version. The software product that this manual documents is the exclusive property of Primeur Ltd. The use of this software is governed by the license agreement that accompanies the product. The following conditions must be observed in all cases: The product may be used only on the number of computers for which the client is licensed. The client may make only one copy of the product, and this only for backup purposes. The client may not reverse engineer, decompile, or disassemble the product. The client may not loan, rent or lease neither the product, nor any of the documentation or user manuals related to the product, whether this is for free or for a fee. Primeur Ltd warrants that the product will perform substantially in accordance with the accompanying product manual(s). Primeur Ltd disclaims all other warranties either expressed or implied. Primeur Ltd and its suppliers shall not be liable for any damages whatsoever (including damages for loss of business profits, business interruption, loss of business information or other pecuniary loss) arising out of the use of, or inability to use, the product. SPAZIO, SPAZIO MFT/S, SPAZIO Orchestration Suite, SPAZIO FTFI, SPAZIO Messaging & Queuing, SPAZIO M&Q, SPAZIO File Transport, SPAZIO Data Extract, SPAZIO Legacy Interface, SPAZIO Data Secure, SPAZIO DSSP, SPAZIO DSMQ, SPAZIO Data Compress, SPAZIO JMS and THEMA are trademarks of Primeur Ltd. Other brands and their products are trademarks or registered trademarks of their respective holders and should be noted as such. Company Headquarters Local Agent Corso Paganini 3 16125 Genova Italy Tel: +39 010 27811 Fax: +39 010 8684913 Web: www.primeur.com Mail:
[email protected] About this manual Purpose This manual provides a brief guide to the installation and configuration of Spazio MFT/S AS2 Connector for Distributed Platforms. It starts by providing an overview of the various Spazio MFT/S configuration files that must be configured to run AS2 Connector, and a description of the parameters that they contain. The chapters that follow provide a detailed description of the configuration and the parameters for the configuration files. You are recommended to use this manual as a reference during installation/configuration. Reader This manual is provided for Spazio system administrators. Typically these persons will be either experienced System Programmers or experienced software developers. It is assumed that the reader has a broad knowledge of computer systems. Mainframe, UNIX, Windows and other operating system experience will help in understanding this manual, but is not essential. Related Publications A comprehensive suite of manuals is provided to support the implementation and usage of SPAZIO MFT/S. These manuals are divided into three categories: z/OS - manuals for the z/OS Mainframe platform Distributed platforms - manuals for non-Mainframe platforms including SPAZIO workstation General - manuals for both the Mainframe and non-Mainframe platforms. The key manuals for z/OS are: SPAZIO MFT/S for z/OS: Installation and Configuration Guide SPAZIO MFT/S for z/OS: System Administrator’s Guide SPAZIO MFT/S for z/OS: File Transport User's Guide SPAZIO MFT/S for z/OS: Messages and Codes SPAZIO MFT/S for z/OS: Extended Event Manager Administrator's Guide SPAZIO MFT/S for z/OS: Application Log Administrator's Guide The key manuals for Distributed Platforms are: SPAZIO MFT/S for Distributed Platforms: Installation and Configuration Guide SPAZIO MFT/S for Distributed Platforms: System Administrator’s Guide SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 i About this manual SPAZIO MFT/S for Distributed Platforms: File Transport User's Guide SPAZIO MFT/S for Distributed Platforms: SPXP Transports SPAZIO MFT/S for Distributed Platforms: SPFAB Service Container SPAZIO MFT/S for Distributed Platforms: Management Console Guide SPAZIO MFT/S for Distributed Platforms: Extended Event Manager Administrator's Guide SPAZIO MFT/S for Distributed Platforms: Messages and Codes SPAZIO MFT/S for Distributed Platforms: Static Agenda User's Guide SPAZIO MFT/S for Distributed Platforms: SPAZIO DMZ Gateway The key general manuals are: Data Secure for SPAZIO MFT/S (DSSP) Installation, Configuration and User Guide Data Secure for SPAZIO MFT/S Open Protocols (DSSP Open) Installation, Configuration and User Guide AAA Security for Spazio MFT/S (A3SP): Installation, Configuration and User's Guide SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide ii EMAFTM091/06 Table of Contents About this manual i Purpose i Reader i Related Publications i Table of Contents iii Chapter 1 Overview and concepts 1 1.1 Introduction 1 1.2 Introduction to AS2 protocol 1 1.3 Function overview 3 1.3.1 Spazio MFT/S roles 3 1.3.2 Spazio MFT/S to AS2 use cases overview (Push Master) 4 1.3.3 AS2 to Spazio MFT/S use cases overview (Server) 5 1.4 Architectural overview 6 1.4.1 Implementation of AS2 protocol in Spazio 6 1.4.2 Understanding AS2 Connector components 6 1.4.3 Sending files with AS2 protocol 8 1.4.4 Retrieving files as AS2 server 9 1.4.5 Spazio Security and AS2 Connector 10 1.4.6 Spazio AS2 Connector DB 10 1.4.7 Implementation of the AS2 CEM protocol in Spazio 10 Chapter 2 Installation 21 2.1 Post installation tasks 21 2.1.1 Creation of working folder for Spazio MFT/S AS2 Connector 21 2.1.2 Creation of Spazio MFT/S AS2 Connector Persistency Tables in RDBMS 22 Chapter 3 Configuration Overview 25 3.1 Configuration files 25 3.2 Persistent Data Storage 25 3.3 Enabling the SPXP AS2 transport protocol 26 3.4 Configuring SPXP AS2 Spazio Server 27 3.4.1 Enabling server behavior 27 3.4.2 Reviewing general Server settings 27 3.5 Configuring Push Masters 28 3.5.1 Enabling Push Master behavior 28 3.5.2 Creating the transport class 28 3.5.3 Defining remote nodes 29 3.5.4 Defining remote queues 29 3.5.5 Reviewing Push Master general settings 29 3.6 Security 30 3.6.1 AS2CL Command Reference 31 Chapter 4 Configuration Reference 35 4.1 Notation 35 4.2 AS2 protocol reference (spxp.as2.properties) 35 4.2.1 AS2 Connector Server Section 35 4.2.2 AS2 Connector Push Sections(AS2.Target[destination].* prefix) 39 4.3 AS2 security configuration 43 4.4 AS2 DBMS connectivity configuration 48 SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 iii Table of Contents SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide iv EMAFTM091/06 . It even allows companies to continue to use existing internal processes. It allows data to be sent over the Internet using the HTTP/S protocol. Unlike traditional data oriented protocols AS2 addresses issues such as document encryption and signatures. Chapter 1 Overview and concepts 1. A specific feature of the AS2 protocol is that it has just one verb: SEND. and it can handle any kind of document but is ideally suited to the kind of transactions that have traditionally made up the bulk of EDI exchanges. AS2 has been designed for both business messaging and the Internet. For further information please refer to Spazio MFT/S documentation and in particular to the SPAZIO MFT/S for Distributed Platforms: SPXP Transports manual. SPXP is a transport container which can host several transport protocols and transport instances.4 onwards Spazio MFT/S supports a new Java based runtime framework for transports and server extensions (sometimes collectively referred to as transports) called SPXP. and offers receipts.3. demanding changes only to the mechanisms actually used to exchange documents with partners. Knowledge of the Spazio MFT/S product and in particular of the SPXP transport framework is a requirement for reading this manual. from a runtime and functional perspective it is fully integrated with Spazio MFT/S core. Although SPXP has its own configuration files and paradigm. For further information on AS2 please refer to theofficial AS2 protocol documentation as RFC-4130 and addendum. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 1 . knowledge of the AS2 protocolstandard is a requirement for reading this book. In addition. This means that in AS2 it is only possible for a client to send files.1 Introduction From version 2.2 Introduction to AS2 protocol Applicability Statement 2 (AS2) is a protocol developed by the IETF and introduced in 2002 to implement secure and reliable messaging over HTTP using SMIME. AS2 works by providing an envelope for the data. with guarantees in place to ensure a document is not lost. meaning it works particularly well for the exchange of business documents. 1. but not to receive them. Spazio MFT/S AS2 Connectoris an optional component of the SPXP runtime that delivers support for AS2 protocol as defined in the RFC-4130. and therefore for bidirectional communication the two parties must act alternatively as client and server depending on who is to send or receive files. allowing it to be sent over an TCP/IP-based network (as Internet) using the HTTP protocol. That there is a non-repudiation of receipt. If an MDN is enabled. however. Even the MDN can be encrypted and signed. That the integrity of the data exchanged was verified by the receiving partner. the most important are: Message Disposition Notification (MDN) Security Optional profiles MDN The Message Disposition Notification (MDN) is the acknowledgment sent in response to an AS2 message. in order to guarantee interoperability between products that support the same optional profile. by sending back the MIC calculated by the receiver on the message. to ensure the smooth possibility for different As2 compliant software to exchange documents without any conflicts or problems. A document also can be digitally signed. Secure transfer AS2 offers options for security ranging from sending data over a secure connection (HTTP/S) to package encryption (using a digital certificate to completely encrypt the business document). letting a receiver be confident the document is valid. the AS2 transmission is not complete until the MDN has been received and verified.Overview and concepts The current AS2 specification and the AS2 community have a major focus on interoperability. following clearly defined specifications. by sending back the MessageID of the original sent message. Optional profiles The optional profiles define extensions of the AS2 protocol that can be optionally implemented by different software. The MDN provides verification of the following: That the original message was successfully received by the receiving party. Many concepts are behind the global AS2 protocol. as required from the sender. Currently the optional profiles (OPs) are: Certificate Exchange Messaging (CEM) Multiple Attachments (MA) Filename Preservation AS2 Reliability Chunked Transfer Encoding AS2 Restart for Very Large Messages SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 2 EMAFTM091/06 . Optional Profile Master (Client) Source (Server) Multiple Attachments (MA) No Yes Filename Preservation (FN) Yes Yes Filename Preservation with No Yes Multiple Attachments (FN-MA) Filename Preservation with No No associated MDN (FN-MDN) Certificate Exchange Messaging Yes Yes (CEM) AS2 Reliability Yes Partially AS2 Restart Yes Yes Chunked Transfer Encoding Yes Yes (CTE) 1. and in a different way for the Client and the Server parts of the connector.3 Function overview 1.3. In practice there is only one possible action in AS2: Push-based sending of a file. while the Server (Source from the SPXP point of view) is passive and can only receive the file and if necessary send back an MDN depending on the behavior requested by the client. Overview and concepts Spazio MFT/S AS2 Connector implements some of the optional profiles.1 Spazio MFT/S roles In SPXP terms AS2 is seen as a protocol where Spazio MFT/S can perform one of the following two roles in a file transfer: Push Master: Spazio MFT/S is a submitter of AS2 file transfer requests that sends (pushes) files stored on a Spazio MFT/S remote queue to a remote AS2 server Server: Spazio MFT/S listens for AS2 file transfers on a local URL where AS2 HTTP/S communication is performed. where the Master is the active part (or client) of the system. divided by server-side and client-side support. For example. the Multiple Attachments profile is fully supported by the Server (which can receive an AS2 message with multiple files sent as come attachments and insert them in a Spazio queue) while it is not supported by the Client part (because in Spazio each file travels as a separate message and therefore there is no native aggregation policy). The following is a list of optional profiles that are supported by the current version of the Spazio AS2 connector. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 3 . When the file is sent completely. encryption and digital signature) are applied. Since when we act as client we are defining which kind of MDN we are waiting for. synchronous or asynchronous. selected files belonging to Spazio MFT/S remote queues will be sent to a target AS2 destination (AS2 Server) using the AS2 protocol. Based on the configuration parameters. i. HTTPS. Spazio MFT/S submits singleton file transfers. we can assume as first implementation that we are not supporting the request of a MDN via SMTP. SMTP. Main Use Cases: Sending a file without MDN request Sending a file with synchronous MDN request Sending a file with asynchronous MDN request to be returned via HTTP or HTTPS MDNs received can be optionally saved in the Spazio MFT/S queues.2 Spazio MFT/S to AS2 use cases overview (Push Master) Optionally saved MDN Figure 1 Spazio MFT/S server plays the role of an AS2client and sends files to a remote AS2 Server. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 4 EMAFTM091/06 . it appears as complete from the MFT point of view. The MDN can be required or not. The files can embedded in the message as EDIData or as attachment of the message itself. In this scenario one or more files are sent via AS2 to a remote recipient. and should be in the correct format (encryption and digital signature) and through one of the following channels: HTTP. the necessary services (compression.Overview and concepts 1.3.e. When the file is sent. file transfers having just one file member. in practice a HTTP/S server that listens on a port defined in the configuration parameters manages the MDNs sent by the remote AS2 servers in reply to the sending of the file by Spazio. An ad hoc configuration parameter will tell the connector how to manage the file. In addition Spazio MFT/S AS2 Connector includes a component for the reception of asynchronous MDNs. 3. HTTPS or SMTP. the necessary services (decompression. the appropriate MDN must be generated and returned to the partner. When the file is received. waiting for incoming messages from any AS2 remote client and dispatching the files into a Spazio MFT/S queue. the entire cycle is seen from Governance. Also in this case. decryption and signature verification) are applied. Overview and concepts 1. The target queues used in this scenario may be remote and possibly associated with a different transport protocol. effectively enabling the support of multi-hopped file transfers with protocol switching. In this scenario one or more files are received via AS2 from a remote partner. Therefore we could have only one receiving queue for an AS2 Server or multiple receiving queues. Receiving queues can be selected based on the AS2-From field belonging to the AS2 Remote Client. one for each client that uses the server. In case of MDN required. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 5 .3 AS2 to Spazio MFT/S use cases overview (Server) Figure 2 Spazio MFT/S Server with AS2 Connector correctly configured plays the role of an AS2 server. Main Use Cases: Receiving a file without MDN request Receiving a file with synchronous MDN request Receiving a file with asynchronous MDN request to be returned via HTTP. By using this certified library Spazio MFT/S guarantees that it is interoperable with all other AS2 protocols certified by the Drummond Group.4 Architectural overview 1. This module is based on the /nSoftware AS2 component. not the Multiple Attach Optional Profile. In the current release.4.2 Understanding AS2 Connector components The Spazio MFT/S AS2 Connector module consists of the following elements: Master Push Client File Server MDN Receiver RDBMS storage Master Push Client The Master Push scenario of the AS2 Connector is based on a set of different elements: Client for sending the files and receiving the synchronous MDN HTTP/S Server for receiving asynchronous HTTP or HTTPS MDN. Spazio MFT/S uses a library created by /nSoftware.4. This module task is to extract a file from a Spazio remote queue and submit it to a remote AS2 server. a company certified by the Drummond Group for inter-product compatibility. It uses a RDBMS to store the information for the asynchronous MDN reconciliation. precisely for the AS2 protocol. integrating it into the SPXP environment.Overview and concepts 1. the MDNs received in reply to the files sent can be optionally stored in a Spazio local queue. 1. The current implementation supports only single file sending. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 6 EMAFTM091/06 . called MDN Receiver.1 Implementation of AS2 protocol in Spazio To implement the AS2 protocol. The above assumption enables the AS2 HTTP/S Server to put the received files directly into Spazio MFT/S queue. If the customer requires multiple File Server and/or MDN Receiver to be active in the single Spazio environment multiple SPXP AS2 Server will be configured. The MDN Receiver stores information about the sent messages and files. Since both Master Push HTTP Server (MDN Receiver) and Server Transport (File Server) could be operating on the same port. AS2 File Server AS2 File Server is an HTTP/S server listening for connections from remote clients and processing their request. Overview and concepts File Server and MDN Receiver Both the server and the client architecture require the embedding of an HTTP server in our product: in the server because the whole protocol is based on the idea of an HTTP server receiving messages in the client because of the asynchronous MDN reception feature. for the Reliability implementation in a persistence structure. possibly behind the inner DMZ firewall. and could be a customer requirement that both of them work on the same port. So the system is designed to be able to: Do not have any HTTP/S server active Have only one HTTP/S server acting as both File Server and MDN Receiver Have one or more File Servers and one or more MDN Receivers active on different ports Have one or more File Servers and no MDN Receivers active Have no File Servers and one or more MDN Receivers active. they are both part of the same deployment. As for the Master Push HTTP Server component. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 7 . a Servlet container is installed within Spazio MFT/S in order to implement all the needed HTTP/S Server functionality. The AS2 MDN Receiver is optionally capable of storing received MDNs in a Spazio local queue. The standard architecture assumes that AS2 HTTP/HTTPS Server will be hosted embedded into Spazio MFT/S. AS2 MDN Receiver The standard architecture assumes that this AS2 HTTP/S Server is hosted behind the inner DMZ firewall to ensure high security. The File Server and the MDN Receiver are both HTTP/S servers. If an asynchronous MDN or no MDN is requested. is handled by the AS2 connector. Using this connection. saving all the data required for implementing the necessary message traffic for AS2 Reliability in a series of tables. RDBMS storage Both the Master Push and the Server components need to store long term information on the transport. 1. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 8 EMAFTM091/06 . in particular the following data: Authentication. encryption and signing certificates Reconciliation of the files sent with return MDNs. according to the configuration properties of the queue and connector. Master Push side Sending MDNs for files processed correctly by the back office. inserted directly in the remote queue on the Queue Manager to which it belongs or routed through a series of interconnected queues. server side Checking of multiple sends for the AS2 Reliability profile. for the Reliability implementation in a persistence repository. dispatching received files based on the field AS2-From policy.Overview and concepts The Embedded HTTP/S Servlet Container where AS2 File Server executes is the same from the one used for the Master Push HTTP Server (MDN Receiver) component. Information about partner management is stored in this repository. The connector.4.3 Sending files with AS2 protocol Sending a Spazio file to an external server using the AS2 protocol consists of simply inserting the file in an appropriately configured remote queue. Even the Server Transport needs to store information about the incoming messages. The File Servers are capable of storing received files in a single default Spazio queue. but different servlets are implementing the two components since different behaviors are request. the connector completes its work after saving the message data in the RDBMS tables to enable subsequent reconciliation with the MDN when this is managed by the MDN reception servlet. through history recording of the Message-IDs and MICs (Message Integrity Check) of the messages already received For this purpose the Spazio AS2 connector uses a RDBMS. if required by the configuration. The file. waits for the synchronous MDN. prepares the AS2 envelope with all the necessary signatures and security and opens the connection to remote AS2 server (not necessarily Spazio). the connector sends the previously enveloped file to the remote server and. or can alternatively use multiple queues. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 9 . interpreted and verified. the Server will send an appropriately configured MDN back to the client .4.4 Retrieving files as AS2 server When Spazio works as an AS2 server. it is possible to store received MDNs (sync or async) in a Spazio local queue. Optionally. and its job is to change the status of transports from waiting for MDN to completed when it receives an MDN corresponding to a transport that is still on hold. the Server saves all the information in the RDBMS tables that is necessary for recognizing possible multiple sends of the same message. An AS2 server is a completely passive component which can never initiate communications with the client. and therefore it is not able to group multiple files and send them as a single AS2 message (check the MA profile). delegated to the reception of asynchronous MDNs listens on a specific URL and replies to the calls of remote servers. When a message arrives it is opened. the Spazio AS2 connector instantiates a HTTP/S server that listens on a specific URL waiting for AS2 messages containing files. Each server instance can store incoming file(s) selecting the destination queue based on the AS2-From field of the received AS2 envelope or in the default queue for that server. A message is verified on the basis of the certificates available on the Server and which correspond to the sender message. not corresponding to intrinsic validity restrictions of the certificate itself) in order to guarantee a CEM Level 1 profile. most importantly. thereby partially implementing the optional AS2 Reliability profile. through configuration. 1. Depending on which request options are provided by the client through the envelope parameters. Overview and concepts This servlet.especially regarding asynchronous or synchronous mode - via HTTP/S or SMTP. and discarding any messages whose MIC (Message Integrity Code) or Message-ID is already present in the DB. The Spazio AS2 connector doesn't support the optional Multiple Attachments profile because it process the files that it receives on the remote queue in a serial manner. certificates that are managed in such a way as to allow the use of multiple certificates for the same user that have distinct application validity (and. and finally the file (or files in the case of Multiple Attachments) is inserted in the associated Spazio queue. In addition. the AS2 Connector uses the JDBC standard for accessing the data stored in a DB. and can therefore theoretically use any RDBMS.Overview and concepts 1. obtained from the configuration files and in the dedicated RDBMS tables for partner profiling. Terminology CEMRequest The EDIINT Certificate Exchange Messaging (CEM) Request is one of two possible CEM messages. 1. and the AS2 connector invokes those services with the necessary parameters. both to verify a message containing a file arriving at the server and to validate a MDN in reply to the send. The AS2 protocol supports the following security features: Authentication using tokens and certificates Digital signature for files and messages Encryption The DSSP component provides services that implement these functions. DSSP provides a certificate storage system.6 Spazio AS2 Connector DB The Spazio Connector for AS2 uses a RDBMS for storing long term information for the management of the MDNs and the management of the partner profiles.4.5 Spazio Security and AS2 Connector Spazio security is implemented through the DSSP system. the AS2 Connector is released with its own embedded RDBMS. which allows the creation of a Spazio MFT/S solution with AS2 without having to install any additional RDBMS. the AS2 connector makes use of a catalog of the partners and certificates that is managed in the RDBMS. Since it is developed in Java technology. Using accessory information stored in the tables of the RDBMS the connector is able to identify which of the various counterpart's certificates to use.4. but in order to determine which particular certificate corresponds to the counterpart with which communication is taking place. and above all which of all those belonging the counterpart is to be used at that precise moment. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 10 EMAFTM091/06 . In fact.7 Implementation of the AS2 CEM protocol in Spazio The CEM protocol allows a company to automatically share a replacement certificate with their trading partners.4. and therefore the AS2 connector uses and integrates with this component. It presents a certificate to be introduced into the trading partner relationship along with relevant information on how it is to be implemented. 1. To simplify installation and configuration. it is considered REJECTED. AS2CEM REQUEST AS2CemRequest Usage: AS2CemRequest -flag Value -r RequestId The RequestId of the outgoing CEMRequest -f From The As2From identifier -t To The As2To identifier SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 11 . only the sentences ?type=CEMRequest or ?type=CEMResponse are mandatory. the AS2 server is able to receive CEM messages from the counterpart at the following URLs: http://SpazioAs2Server:8010/receiver?type=CEMRequest http://SpazioAs2Server:8010/receiver?type=CEMResponse Where server name. this operation can be done by sending a CEMRequest with the AS2CEM REQUEST command. Overview and concepts CEMResponse The EDIINT Certificate Exchange Messaging (CEM) Response is one of two possible CEM messages. REJECTED If a pending certificate is not trusted. server port and servlet name are configurable through properties. ACCEPTED Once a pending certificate has been trusted. Received CEM messages are notified through an e-mail to the configured account and the details are displayed using the AS2CEM LIST command. Certificate States PENDING Upon receiving a certificate from a trading partner. based on command-line parameters and property file parameters. Sent and received CEM messages are stored in the Spazio AS2 database. An accepted certificate may be used in secure transactions. to keep track of the various CEM operations. The AS2CEM command line has been introduced to manage the CEM request/response functionality in Spazio MFT/S. It is the response to the CEM Request indicating whether or not the end entity certificate present in the CEM Request was accepted. it is possible to use a mixed method of function configuration. the certificate is marked as PENDING until a decision can be made to trust it or if its validity period has not yet begun. How to send a CEMRequest Once a new certificate is ready to be used it has to be sent to the counterpart. it is considered ACCEPTED. In addition. Because of the number of parameters required by the AS2CEM command. all done The above parameters can be provided either by the command line or by a specific property file (there is a CemRequest.sample file in the $SPAZIO/cfg folder).properties contains the following for your counterpart: AS2Master. in the format YYYY-MM-DD.properties). -d / DB_URL The SpazioAS2 database URL.").TO fields. Description Flag/Property name Description / Value -r / REQUEST_ID The RequestId of the outgoing CEMRequest. -u / URL The counterpart URL where the current CEMRequest is to be sent. It must be a unique identifier for the same couple of FROM . -U / RESPONSE_URL The URL where the counterpart must send the CEMResponse. -p / CERT_PATH Absolute path to the certificate (one or more delimited by ". e.) -U ResponseUrl URL where the counterpart must send theCEMResponse -u Url Counterpart URL where the CEMRequest is to be sent -T TransportDomain AS2 Transport Domain -N Name SpazioAS2 configuration property name -d DatabaseUrl SpazioAS2 database URL -D DatabaseDriver SpazioAS2 database driver -l LogPath Logfile directory -c ConfigFile CEMRequest configuration property filepath AS2 jar version : 9..TRANSPORT _DOMAIN=TestDomain the NAME will be AS2QM.as2.0.g.properties. -t / TO The As2To identifier. e.g. -N / NAME The SpazioAS2 configuration property name (see spazio. if your spazio. -R / RESPOND_DATE Limit date for CEMRequest expiration.as2. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 12 EMAFTM091/06 . Command-line parameters take priority over property file properties.as2.5365 .Target[AS2QM].Target[AS2QM].properties).properties contains the following for your counterpart: AS2Master. if your spazio. If omitted the default is 30 days from the CEMRequest submit date. -f / FROM The As2From identifier. -T / TRANSPORT_DOMAIN The AS2 Transport Domain (see spazio. in the format YYYY-MM-DD -p CertPath Absolute path to the certificate (one ormore delimited by .TRANSPORT _DOMAIN=TestDomain you must use the value TestDomain.0.Overview and concepts -R RespondDate Date limit for CEMRequest expiration..as2. h2.properties. Overview and concepts Flag/Property name Description / Value -D / DB_DRIVER The SpazioAS2 database driver. in our example: C:/Tmp/RequestId001_SpazioAS2_CounterpartAS2 where a complete log set will be present. A new folder will be created in the LOG_DIR directory with the name of REQUEST_ID + FROM + TO. The following example illustrates a sample CEMRequest sent to the counterpart with the command: AS2CEM REQUEST -c $SPAZIO/cfg/CemRequest.As2Path=C:/SpazioAs2 Then it is possible to reply with a CEMResponse message using the AS2CEM RESPONSE command.cer RESPONSE_URL=http://SpazioAs2Server:8010/receiver?type=CEMResponse URL=http://CounterpartAs2Server:8080/receiver?type=CEMRequest DB_URL=jdbc:h2:tcp://localhost:9092/C:/spazio/spdata/spfab/persistent/ system/h2/as2data DB_DRIVER=org.sample using values from the following property file: REQUEST_ID=RequestId001 FROM=SpazioAS2 TO=CounterpartAS2 RESPOND_DATE= CERT_PATH=C:/SpazioAS2/Certs/NewCertificate001. For path separator use slash "/" instead of backslash "\". (For path separator use slash "/" instead of backslash "\". The reply is expected at the URL http://SpazioAs2Server:8010/receiver?type=CEMResponse. -c The full filesystem path for the configuration property file.Driver TRANSPORT_DOMAIN=TestDomain NAME=AS2QM LOG_DIR=C:/Tmp The command sends a CEMRequest named RequestId001 to CounterpartAS2 at the URL http://CounterpartAs2Server:8080/receiver with the certificate C:/SpazioAS2/Certs/NewCertificate001.Source[ServerName].cer. -l / LOG_DIR The full filesystem path for operation logs. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 13 . How to send a CEMResponse When receiving a CEMRequest from a counterpart the received certificates are placed in the filesystem in the folder CEMCertDir under the root path indicated by the property: AS2Server. as2.g.5365 .Overview and concepts AS2CEM RESPONSE AS2CemResponse Usage: AS2CemResponse -flag Value -r RequestId The RequestId of the corresponding CEMRequest -f From The As2From identifier -t To The As2To identifier -a CertAccept Acceptance for every certificate (one or more delimited by . e. For a rejection reason there must be a blank between NO and the reason string. It must be a unique identifier for the same couple of FROM . NO or NO reason to reject it (one or more delimited by ". -f / FROM The As2From identifier.as2.properties.sample file in the $SPAZIO/cfg folder). Command-line parameters take priority over property file properties.. -a / CERT_ACCEPT YES to accept the certificate.TO fields.properties). -T / TRANSPORT_DOMAIN The AS2 Transport Domain (see spazio. you can supply an acceptance for each certificate (delimited by ".0.) -T TransportDomain AS2 Transport Domain -N Name SpazioAS2 configuration property name -d DatabaseUrl SpazioAS2 database URL -D DatabaseDriver SpazioAS2 database driver -l LogPath Logfile directory -c ConfigFile CEMResponse configuration property file path AS2 jar version : 9. all done The above parameters can be supplied either by the command line or by a specific property file (there is a CemResponse. Description Flag / Property name Description / Value -r / REQUEST_ID The RequestId of the corresponding CEMRequest.0.if your spazio.properties contains the following for your counterpart: S2Master.") or you can supply only one acceptance valid for all the certificates. -t / TO The As2To identifier. If the corresponding CEMRequest contains more than one certificate.. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 14 EMAFTM091/06 .Target[AS2QM].TRANSPORT_ DOMAIN=TestDomain you must use the value TestDomain."). -l / LOG_DIR The full filesystem path for operation logs. e.Driver TRANSPORT_DOMAIN=TestDomain NAME=AS2QM LOG_DIR=C:/Tmp The command sends a CEMResponse named CemRequest1 to CounterpartAS2 at the URL specified in the native request received with the acceptance of the first certificate and the rejection of the second. -c The full filesystem path for the configuration property file. For path separator use slash "/" instead of backslash "\". Overview and concepts Flag / Property name Description / Value -N / NAME The SpazioAS2 configuration property name (see spazio.TRANSPORT _DOMAIN=TestDomain the NAME will be AS2QM. The following example illustrates a sample CEMResponse sent to the counterpart with the command: AS2CEM RESPONSE -c $SPAZIO/cfg/CemResponse.g. with the reason of Bad certificate.properties contains the following for your counterpart: AS2Master. (For path separator use slash "/" instead of backslash "\".as2.h2. in our example: C:/Tmp/CemRequest1_SpazioAS2_CounterpartAS2 where a complete log set will be present. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 15 .NO Bad certificate DB_URL=jdbc:h2:tcp://localhost:9097/C:/spazio/spdata/spfab/ persistent/system/h2/as2data DB_DRIVER=org. -d / DB_URL The SpazioAS2 database URL.properties.Target[AS2QM].properties).sample using the following property file values: REQUEST_ID=CemRequest1 FROM=SpazioAS2 TO=CounterpartAS2 CERT_ACCEPT=YES.as2. A new folder will be created in the LOG_DIR directory with the name REQUEST_ID + FROM + TO. If your spazio. -D / DB_DRIVER The SpazioAS2 database driver. Status AS2 jar version : 9.. -v / DIRECTION Specify the direction of the request/response.sample file in the $SPAZIO/cfg folder). Direction. -d / DB_URL The SpazioAS2 database URL. It must be a unique identifier for the same couple of FROM .. Description Flag / Property name Description / Value -T / PRINT_TYPE The display type. all done The above parameters can be provided either by the command line or by a specific property file (there is a CemList. -r / REQUEST_ID The RequestId of the corresponding CEMRequest. -f / FROM The As2From identifier. The list or the details of these operations can be obtained by using the AS2CEM LIST command.0.TO fields. To. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 16 EMAFTM091/06 . CEMType.properties.Overview and concepts How to display CEM situation CEM operation messages (request and response) are stored in the Spazio AS2 database. -t / TO The As2To identifier. Allowed values are: DETAIL or LIST.0. -D / DB_DRIVER The SpazioAS2 database driver. Allowed values are: INGOING or OUTGOING. Command-line parameters take priority over property file properties. AS2CEM LIST AS2CemList Usage: AS2CemList -flag Value -T PrintType The type of data to display -r RequestId The RequestId of the corresponding CEMRequest -f From The As2From identifier -t To The As2To identifier -d DatabaseUrl SpazioAS2 database URL -D DatabaseDriver SpazioAS2 database driver -c ConfigFile CEMList configuration property file path -v Direction INGOING / OUTGOING -s Status PENDING / ACCEPTED / REJECTED -R CEMType REQUEST / RESPONSE PrintType specification: DETAIL Display data related to a specific RequestId + From + To LIST Display list of data related to a specific From.5365 . Driver Note that some parameters are supplied from the command line.new1.h2.properties.new2. The following example illustrates a sample of CEM list with the command: AS2CEM LIST-T LIST -c $SPAZIO/cfg/CemList. Allowed values are: REQUEST or RESPONSE.[C:/spazio/CERT/client.cer] ------------------------------------------------------------------------------------- . -c The full filesystem path for the configuration property file.sample using the following property file values: DB_URL=jdbc:h2:tcp://localhost:9097/C:/spazio/spdata/ spfab/persistent/system/h2/as2data DB_DRIVER=org.01 - [C:\SpazioAs2\CEMCertDir\CemRequest1_0f1f46e3aa110c8c_695c73fb_1473a8559ba_-7ffe. ACCEPTED or REJECTED. -R / CEMTYPE Specify the type of CEM request/response.h2.Driver Note that some parameters are provided from the command line..[C:/spazio/CERT/client.cer] 14 RequestId_001 SpazioAS2CounterpartAS2 REQUEST OUTGOING REJECTED Bad certificate CN=AS2 Test Receiving Organization . (For path separator use slash "/" instead of backslash "\". all done The following example illustrates a sample of CEM detail list with the command: AS2CEM LIST -T DETAIL -r RequestId_001 -f SpazioAS2 -t CounterpartAS2 -c %SPAZIO%/cfg/CemList.. Overview and concepts Flag / Property name Description / Value -s / STATUS Specify the current status of the request/response.properties.sample using the following property file values: DB_URL=jdbc:h2:tcp://localhost:9097/C:/spazio/spdata/spfab/persistent/ system/h2/as2data DB_DRIVER=org.cer] 15 CemRequest1 CounterpartAS2 SpazioAS2 REQUEST INGOING REJECTED Bad certificates CN=AS2 Test Sending Organization .01 - [C:\SpazioAs2\CEMCertDir\CemRequest1_0f1f46e3aa110c8c_695c73fb_1473a8559ba_-7ffd.01 .01 . SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 17 .cer] 15 CemRequest1 CounterpartAS2 SpazioAS2 REQUEST INGOING ACCEPTED CN=AS2 Test Receiving Organization . The output of the above command should be like the following: ------------------------------------------------------------------------------------- 14 RequestId_001 SpazioAS2CounterpartAS2 REQUEST OUTGOING ACCEPTED CN=AS2 Test Sending Organization . Allowed values are: PENDING. ....0 RESPONSE_URL ........ CN=AS2 Test Sending Organization USAGE ...... AS2CEM DELETE AS2CemDelete Remove the RequestId from AS2From to AS2To on database Usage: AS2CemDelete -flag Value -r RequestId The RequestId of the outgoing CEMRequest -f From The As2From identifier -t To The As2To identifier -d DatabaseUrl SpazioAS2 database URL -D DatabaseDriver SpazioAS2 database driver -c ConfigFile CEMDelete configuration property file path AS2 jar version : 9. CN=AS2 Test Receiving Organization USAGE ......... C:/spazio/CERT/client...sample file is present in the $SPAZIO/cfg folder). 15 SERIAL_NUMBER .. all done The above parameters can be provided either by the command line or by a specific property file (a CemDelete...... REJECTED REJECT_REASON ..... 01 RESPONDE_DATE .88 REPLY_DATE ......52 ------------------------------------------------------------------- Certificate n......new2. 2014-07-15 16:27:15.. REQUEST DIRECTION . Bad certificate SUBMIT_DATE .. all done How to remove CEM records from the database It is possible to maintain the CEM operation database in order to remove obsolete or incorrect records by using the AS2CEM DELETE command...2 STORE ... SpazioAS2 AS2_TO ....... http://CounterpartAS2:8010/receiver?type=CEMRequest Number of attached certificates: 2 ------------------------------------------------------------------- Certificate n..... C:/spazio/CERT/client....properties.......... 2014-07-15 16:28:02. 14 REQUEST_ID . CounterpartAS2 CEM_TYPE ..... OUTGOING TRANSPORT_DOMAIN .. SUBMIT_DATE ....... Command-line parameters take priority over property file properties.88 REPLY_DATE . http://SpazioAS2:8010/receiver?type=CEMResponse STATUS .......... 2014-08-14 00:00:00.... TestDomain URL ........Overview and concepts The output of the above command should be like the following: CEM_ID ........ 2014-08-14 00:00:00..52 ------------------------------------------------------------------- .... 01 RESPONDE_DATE . CN=AS2 Test Receiving Organization SUBJECT ... SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 18 EMAFTM091/06 .5365 ..... CN=AS2 Test Sending Organization SUBJECT ....new1.cer ISSUER ....0.... 15 SERIAL_NUMBER .. ACCEPTED REJECT_REASON ..............1 STORE ..cer ISSUER ..0 RESPONSE_URL ...0.... 2014-07-15 16:27:15.. RequestId_001 AS2_FROM ..... 2014-07-15 16:28:02............... http://SpazioAS2:8010/receiver?type=CEMResponse STATUS ........... TO fields. -c The full filesystem path for the configuration property file. It must be a unique identifier for the same couple of FROM . For path separator use slash "/" instead of backslash "\". -D / DB_DRIVER The SpazioAS2 database driver. -d / DB_URL The SpazioAS2 database URL. Overview and concepts Description Flag / Property name Description / Value -r / REQUEST_ID The RequestId of the corresponding CEMRequest. -t / TO The As2To identifier. -f / FROM The As2From identifier. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 19 . Overview and concepts SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 20 EMAFTM091/06 . the Spazio AS2 Connector creates the following sub-directory for the master side: <SpazioAS2>/AS2ClientLogs <SpazioAS2>/EncodeTempDir <SpazioAS2>/ ClientRestartDir and the following for the server side: <SpazioAS2>/AS2ServerLogs <SpazioAS2>/DecodeTempDir <SpazioAS2>/IncomingDir <SpazioAS2>/ServerRestartDir <SpazioAS2>/CEMCertDir If the root directory (<SpazioAS2> in this example) is not present (for the master or the server side) the Spazio AS2 Connector will raise an error at the first operation executed.as2.1.Source.properties. logs and otherwise.Target.properties configuration file.[Name].As2Path=… SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 21 .[Name]. also inside the directory where Spazio MFT/S is installed.As2Path=… AS2Master. on the first run.as2. Under this root path. Afterwards you must insert the full path of the root directories created into the previously mentioned configuration file spxp. temporary. under the items: AS2Server. This root directory can be used for master and server components or you can distinguish them by setting some configurations in the spxp.1 Post installation tasks 2. Chapter 2 Installation 2. It is a good practice to create a base directory (from this point on indicated as <SpazioAS2>).1 Creation of working folder for Spazio MFT/S AS2 Connector You need to create a series of directories where the Spazio AS2 connector will save its data. To simplify and streamline the installation of the Spazio MFT/S AS2 connector. Embedded RDBMS managed by SPFAB (recommended) When the embedded DB managed by SPFAB is used. The user. status of the transports. Embedded RDBMS managed by the AS2 connector These parameters include one specifically for the embedded RDBMS when it is not managed by the SPFAB but directly by the connector: DBMS_H2_SERVER_PARAM=-tcpAllowOthers SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 22 EMAFTM091/06 . this involves the use of date storage for saving and retrieving the information for the actual transport (signatures of partner's certificates. The only difference in the installation of the two Embedded RDBMS usage modes is where to create the new DB: in the address space managed by SPFAB or in a separate directory. you need to create a new DB before activating the AS2 connector. The user is however given the choice whether or not to use this opportunity for simplification or to use an existing external enterprise RDBMS. has two possible choices. etc. you do not need to configure any parameters because all the information for the connection is obtained through SPFAB. This pure Java RDBMS embedded allows the installation of the AS2 connector for Spazio to be decoupled from an external RDBMS appropriately sized.2 Creation of Spazio MFT/S AS2 Connector Persistency Tables in RDBMS The AS2 protocol can be used for long term flows. Embedded RDBMS To use the Embedded RDBMS. therefore. MDNs and MessageIDs. the installation will follow different paths from this point on. in order of complexity: embedded RDBMS managed via SPFAB (recommended) embedded RDBMS managed directly by the AS2 connector Depending on whether you wish to use SPFAB or not. and then configure the JDBC connection parameters appropriately.Installation 2. it has been equipped with an optional embedded RDBMS. These parameters are included in the relevant section of the chapter on the configuration of the protocol.).1. configured and above all accessible by Spazio. In order to use the embedded RDBMS you just need to create a new empty database into the relevant directory. . Creation of the DB for AS2 The command used for the creation of a new database is AS2DB.. DB creation in a user-defined directory. The following are the available parameters: as2db -? AS2DBCreator Usage: Allowed options are: -u Database URL -d Database driver -U Database user -f SQL file path -x Activate debugging (true/false) -? Prints this help . on the other hand. to avoid interfere with the H2 instance started by SPFAB. It is in fact possible to use an RDBMS external to Spazio or delegate Spazio the task of starting the RDBMS server. The name of the DBMS must be as2data. all done In Database URL you must insert the full path for the creation of the DB. If there are no applications external to Spazio that use the same H2 embedded RDBMS. creates a new database in the directory belonging to SPFAB: as2db -u "jdbc:h2:tcp://localhost:port/%SPAZIO%/spdata/spfab /persistent/system/h2/as2data" -d org. you are advised to delegate the start-up and management of the RDBMS server to Spazio SPFAB component. to which a file is passed as a parameter containing a series of SQL statements that create and configure the various tables.Driver -f %SPAZIO%/cfg/Extended-DB-H2.sql SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 23 .h2. in the latter case the parameter DBMS_H2_SERVER_PARAM allows you to define the parameters with which this embedded server is to be started up.sql The command must be run with Spazio stopped.h2. For the parameter -f SQL file path you need to supply the path of the file Extended-DB-H2. DB creation using SPFAB The following command. Installation This parameter specifies the start-up mode for the embedded server if it is started up internally by Spazio. which will be subsequently used in the settings paragraph. not using SPFAB The following is an example of the creation of the database in a user defined directory: as2db -u "jdbc:h2:tcp://localhost/C:/as2/h2dbms/as2data" -d org.Driver -f %SPAZIO%/cfg/Extended-DB-H2.sql which is located in the Spazio cfg directory. you must upgrade it with the following two commands: as2db -u "jdbc:h2:tcp://localhost/C:/as2/h2dbms/as2data" -d org. creates a new empty database.h2. see above.h2.properties configuration file in the Spazio cfg folder).5.sql as2db -u "jdbc:h2:tcp://localhost/C:/as2/h2dbms/as2data" -d org.system.sql.Driver -f %SPAZIO%/cfg/AddEtagField-DB-H2.h2. after the localhost definition (retrieve this information in the spfab.Installation This command must be run with Spazio started. If you are coming from an older Spazio AS2 version and want to keep the current AS2 database.sql SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 24 EMAFTM091/06 . If the as2db command was successful. Upgrading from an older Spazio AS2 version (2. must be present in the specified folder the file as2data.0): The as2db command with Extended-DB-H2.db.Driver -f %SPAZIO%/cfg/AddCemTable-DB-H2. If the H2 database instance started by SPFAB is not using the default port (9092). it is necessary to specify it in the command. DBMS_DRIVER JDBC driver used for accessing the RDBMS DBMS_URL Parameters for accessing the specific DB SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 25 . an AS2 related configuration is performed mostly in spxp.2 Persistent Data Storage As already mentioned. etc. If it is set to true.ini. transport status. use different RDBMS or RDBMS users.as2. for separation purposes. which could.properties (actually spxp. In the next few sections we will also discuss the role played in this context by other Spazio MFT/S core configuration files such as spline. such as MDN. fingerprint of the messages. all the following parameters will be ignored. Chapter 3 Configuration Overview 3. The configuration for accessing the appropriate Data Storage is specified through 3 parameters. where linename is the name of the JXP line instance associated to the protocol in spline. The configuration parameters can be provided explicitly in the configuration file or retrieved using SPFAB. you are advised to use appropriate DEFAULT sections to reduce the amount of duplicated parameters with the subsequent risk of inconsistency when modifications are made. it is assumed that SPFAB is being used. one of which is specific to the H2 RDBMS in the case where it is used in embedded mode (in other words. By default.ini and converted to lower case).1 Configuration files Like other SPXP transports. If there is a single RDBMS. if you do not specify any parameter relating to the management of the AS2 database.db The parameters are the following (appropriately specified for the various sections): DBMS_SPFAB Flag to enable/disable the use of SpFab as the manager of the connection parameters (default = true). and this involves the use of tables in a database for storing and retrieving information required by the transport.ini. These parameters are replicated for the various sections of the configuration file spxp. This means the database used will be the one created in: $SPAZIO/spdata/spfab/persistent/system/h2/as2data.properties. the AS2 protocol is often used for long term flows. started up internally by Spazio).h2.linename.properties in order to fine tune the configuration of the various components. sprnode. 3.ini and spsmon.as2. you choose to use SPFAB with: AS2Master. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 26 EMAFTM091/06 . those used by all subsequently defined master push transmissions: ## Database definition section for MASTER .DBMS_URL=jdbc:h2:tcp: //localhost/C:/as2/h2dbms/as2data.Driver AS2Master. Note that if no value is assigned to the parameter DBMS_SPFAB.DBMS_SPFAB=false AS2Master.. For more information on the spline.DBMS_DRIVER=org.h2. A line section template for AS2 transport protocol can be found in the shipped template named spline. the connector will assume the value true by default.Target[DEFAULT]. The same parameters can be used in the Server section for the definition of the database to be used.IFEXISTS=TRUE AS2Master. i..Target[DEFAULT]. Here is an excerpt of this file: [CommLine1] Name= AS2 Type= JXP Direction= A Startup = 1 Trace = 3 TimeOut = 90 Param = prot(AS2) MaxConv= 60 MaxInConv= 30 MaxOutConv= 30 Each line will be associated to a protocol specific JVM instance at runtime. instead. To enable an SPXP transport container you must create a new section in spline. the actual SPXP protocol that will be started is identified by the line prot() parameter.sample.ini defining a new JXP type line.Target[DEFAULT]. 3. The following configuration illustrates the explicit default database parameters.Target[DEFAULT].ini.Configuration Overview DBMS_H2_SERVER_PARAM Start-up parameters for the H2 server embedded in Spazio MFT/S. AS2Master.DBMS_SPFAB=true all the other parameters are ignored.Target[DEFAULT]. and will therefore access the DB managed through SPFAB.3 Enabling the SPXP AS2 transport protocol By default JXP lines hosting SPXP protocol specific transport containers are not started.ini configuration file please refer to the SPAZIO MFT/S for Distributed Platforms: Installation and Configuration Guide.DBMS_H2_SERVER_PARAM=-tcpAllowOthers If.e.as2. MdnOptions= AS2Server.Source[SERVERFILE].Source[SERVERFILE].Source[SERVERFILE].4.MdnMailFrom= AS2Server.Source[SERVERFILE]. on different ip ports.TRANSPORT_DOMAIN=TestDomain AS2Server.Source[SERVERFILE].properties section AS2Server.Source[SERVERFILE].Source[SERVERFILE].AsynchMdnBehaviour=DIRECT AS2Server. The server respond at this address: http://myipaddress:8010/receiver The received files are stored in the default queue AS2TEST in DemoQm queue manager.1 Enabling server behavior To enable server behavior in an SPXP AS2 Connector protocol instance.QMPassword= AS2Server.Source[SERVERFILE].Source[SERVERFILE].Queue=AS2TEST AS2Server.Source[SERVERFILE].Source[SERVERFILE].FlexQueue_1= SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 27 .Source[SERVERFILE].MdnQueue= AS2Server.Source[SERVERFILE].QMUser= AS2Server.MdnMailServer= AS2Server. the Direction property in the associated spline.Source[SERVERFILE].Source[SERVERFILE]. Each name basically defines a separate http/https server started by Spazio.Source[SERVERFILE].MdnMailSubject= AS2Server.2 Reviewing general Server settings SPXP AS2 Connector general server settings are controlled by the spxp.ini section must be set to either A or I.MoveType=MOVE AS2Server. AS2Server.QMPasswordEncoded= AS2Server.As2Path=C:/SpazioAS2 AS2Server.Source[SERVERFILE].ServerPort=8010 AS2Server.FlexFrom_1= AS2Server.MdnServletPath= AS2Server.Source[SERVERFILE]. This section contains several AS2Server. Example of file receiving server Here is the example of an AS2 server for receiving files and putting them in a Spazio local queue.4 Configuring SPXP AS2 Spazio Server 3.ConnectorType=HTTP AS2Server.FileServletPath=/receiver AS2Server.Source[PolicyId] subsections.Source[SERVERFILE].4.linename.Source[SERVERFILE]. Configuration Overview 3. 3. each of which identifies a policy that must be applied to all transfers terminating on an AS2 Connector enabled node where Spazio MFT/S is installed.QM=DemoQM AS2Server. Source[SERVERMDN].Source[SERVERMDN].AsynchMdnBehaviour= AS2Server.FileServletPath= AS2Server.MdnOptions= AS2Server.Configuration Overview Example of MDN receiving server Here is the example of an AS2 MDN server for receiving asynchronous MDNs and optionally putting them in a Spazio local queue. a new section like the one below must be added to spsmon.ServerPort=8011 AS2Server.QMUser= AS2Server.Source[SERVERMDN].2 Creating the transport class The usual Spazio MFT/S transport class selection by the transport monitor applies to SPXP Push Master transports. AS2Server.Source[SERVERMDN].ConnectorType=HTTP AS2Server.Source[SERVERMDN].Source[SERVERMDN].Source[SERVERMDN].MdnQueue=AS2MDN AS2Server. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 28 EMAFTM091/06 .5 Configuring Push Masters 3.Source[SERVERMDN].Source[SERVERMDN].Source[SERVERMDN].Source[SERVERMDN].Queue= AS2Server.Source[SERVERMDN].1 Enabling Push Master behavior To enable Push Master behavior in an SPXP AS2 Connector protocol instance. the Direction property in the associated spline. The server responds at this address: http://myipaddress:8011/mdn If required (MdnSaved=YES).MdnSaved=YES AS2Server.QM=DemoQM AS2Server.Source[SERVERMDN].TRANSPORT_DOMAIN=TestDomain 3.Source[SERVERMDN].MdnServletPath=/mdn AS2Server.ini: [Class1] ClassName = AS2 Description = AS2 Class FTrAgentName = AS2P ParallFTr = 4 FTrParam = MaxWaitFDNDelay(600) The FTrParam = MaxWaitFDNDelay specifies how long the Transport Monitor should wait for an MDN (File Delivery Notification in SPXP terminology).Source[SERVERMDN].Source[SERVERMDN].QMPasswordEncoded= AS2Server.ini section must be set to either A or O.QMPassword= AS2Server.5.As2Path=C:/SpazioAS2 AS2Server. 3.5.MoveType= AS2Server. the MDNs received are stored as files in the queue AS2MDN in queue manager DemoQm and will contain the value of the field AS2-To in the CorrelationId. ini and the correct transport class specified in spsmon. 3. the default value for this parameter is 0. Each configured target is identified in spxp.5. which means wait forever. Below is a remote node definition that can be used as a basis when creating a new AS2 Connector destination: [DirNode1] NodeName = AS2NOD NumQM = 1 QmName_1 = AS2QM NumCommLines = 1 CLineName_1 = AS2 3.properties by a user defined destination label that must match the name specified as RemoteQMgr in the remote queue definition and associated definitions in sprnode. No other SPXP specific configuration is required in spsmon.5.Target[myDestination].5. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 29 . Remote node definitions must reference the correct line name created previously.*.4 Defining remote queues Remote queues can now be defined and associated to the correct RemoteQMgr specified in sprnode.ini. to proceed with the definition of an SPXP destination you must create a remote AS2 Connector node definition in sprnode.ini as long as it includes this section and any remote queues reference the correct transport class name.5 Reviewing Push Master general settings SPXP AS2 Connector Push Master transports are transports that move files from a Spazio MFT/S Queue Manager remote queue to a remote AS2 server via AS2 Connector. The configuration stanza associated with the destination named DEFAULT is special: it contains the values that will be used at runtime for parameters not specified in other user-defined destination specific stanzas. NOTE: the DEFAULT section must not be removed from the configuration.ini. For example configuration keys for myDestination will be specified using properties with the prefix AS2Master. Configuration Overview This value is expressed in minutes and accepts values from 0 to 43200. corresponding to approximately one month.3 Defining remote nodes Once transport classes are correctly set up.linename. 3.ini that will in turn enable the creation of Spazio MFT/S remote queues associated with the destination. MYAS2SRV: qcreate DemoQM TO.ini: [DirNodeX] NodeName = MYAS2SRV NumQM = 1 QmName_1 = AS2QM NumCommLines = 1 CLineName_1 = AS2 The NodeNamevalue is not relevant for addressing and CLineName_1. for this destination we will create a remote node definition in sprnode.Target[AS2QM]. Similarly the RemoteQName(/QANYNAME) is not relevant for configuring target destinations.ini SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 30 EMAFTM091/06
[email protected][AS2QM].properties for destination AS2QM. The following is an example of how such a stanza might appear: AS2Master..6 Security The security configuration files used by the AS2 protocol are: spxp.MDN_DELIVERY_URL=http://spazioas2: . signed-receipt- .Enabled=true AS2Master.TO=OtherCompany AS2Master. any name can be used here.Target[AS2QM].ini dstk. Here is a walkthrough of the necessary configuration steps. sha1.Target[AS2QM]. micalg=optional. pkcs7-signature.As2Path=C:/SpazioAS2 AS2Master..Target[AS2QM].Configuration Overview Example A new AS2 Connector push master transport must be defined in order to connect the queue TO.Target[AS2QM].. protocol=optional.Target[AS2QM]. Create the remote queue TO..properties as2.Target[AS2QM].MDN_SYNCHRO=synchronous AS2Master.Target[AS2QM].MYAS2SRV /qAS2QM /QANYNAME /xTranspClass(AS2) The destination – which corresponds to RemoteQMgr – is AS2QM.MDN_OPTIONS=signed-receipt- .EDITYPE=text/plain AS2Master.SEND_TIMEOUT=60 AS2Master. Finally we create a new destination specific stanza in spxp.MYAS2SRV – a remote queue defined on queue manager DemoQM – to a remote machine MYAS2SRV2 running an AS2 Server listening on the URL http://remotehost:8010/receiver.com AS2Master. md5 AS2Master. 8011/mdn 3.Target[AS2QM].FROM=MyCompany AS2Master.URL=http://remotehost:8010/receiver AS2Master.Target[AS2QM]. 3 .ini file define the list of Master and Source components in as2. delete and update) -s validity start date in 'yyyy-MM-dd HH-mm-ss' format(for update) -e validity end date in 'yyyy-MM-dd HH-mm-ss' format(for update) -u DB Connection URL -d DB Driver SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 31 .AS2 Security Configuration. For details of the various configurations and the meaning of the individual parameters please refer to section 4. the steps to configure security for the AS2 protocol are: optionally define default parameters in the dstk. Configuration Overview Once the various Master and Source components have been defined in the spxp. between the local station and the various partners.k options) Allowed options are: -t CEM AS2 Transport Domain (default TD) -f CEM AS2 Function (default MASTER) -k CEM Key value (AS2_FROM or AS2_TO value) -U CEM User -i Record ID (for detail.as2. The command usage is: AS2ManageCert AS2ManageCert <certificate file><options> AS2ManageCert <command><options> Allowed commands: LIST List all the Entries in the CEM DB DETAIL Detail of an entry in the CEM DB ( -i ID ) DELETE Delete an entry in the CEM DB ( -i ID ) UPDATE Update an entry in the CEM DB ( -i ID -s START_DATE -e END_DATE ) GET Dump an Entry in the CEM DB as if requested from AS2 Transport (use t. 3.ini and to associate them to the previously defined security rules.1 AS2CL Command Reference The AS2CL command is used to manage and maintain the certificate archive for AS2 communications and performs the following operations: Reads the certificate from the file Calculates the hash of the certificate Inserts a record in the AS2 Certificate Correlation table Inserts the certificate in the DSSP It can also: List the archived certificate records and get detail on a specific entry Remove certificate records Update the validity date of a certificate record The archived certificates are used by the Spazio AS2 connector in sign and/or decrypt operations. The main key to identify a certificate is the AS2_ID.ini file define security rules in the as2.6.properties file.f. used in Update operations. -u / DB_URL The full database connection URL.properties in H2 Database Section (mod-h2. The accepted format is yyyy-MM-dd HH-mm-ss. For a database managed by SPFAB this value is: $SPAZIO/spdata/spfab/persistent/system/h2/as2data Description Flag / Property name Description / Value -t / TRANSPORT_DOMAIN The AS2 Transport Domain (see spazio.. using the SPFAB support. is formed as follow: jdbc:h2:tcp:// host[:port]/PathToDatabase where: The host is normally the localhost. Its generic format.h2. -f / FUNCT The role in which the certificate will be used. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 32 EMAFTM091/06 . -i The recordID for Detail. This information can be found in the spfab. Update and Delete operations. as shown above. all done The first basic item of information you need is the AS2 database path.. PathToDatabase is the full path to the as2data. Allowed values are: MASTER or SERVER.tcpPort). The accepted format is: yyyy-MM-dd HH-mm-ss. -k / KEY The As2identifier of the partner to which the certificate relates.properties).Configuration Overview -c Config File in the format of properties DB_URL = DB JDBC Url DB_DRIVER = DB JDBC Driver TRANSPORT_DOMAIN = CEM AS2 Transport Domain FUNCT = CEM AS2 Function KEY = CEM AS2 Key USER = CEM User -x Activate debugging (true/false) . -e The certificate validity end date.system. used in Update operations. -s The certificate validity start date.as2. -U / USER The user that performs the operation (optional). The optional :port specification is needed only if the SPFAB H2 port was not the standard port.db file. The next example shows the command for listing all the certificates in the database: AS2CL. NOTE: the -t DomainName parameter in the AS2CL command must match the corresponding TRANSPORT_DOMAIN key in spxp. used for MASTER operation..CEMCorrId[18] TrDom[TestDomain] Funct[SERVER] Key[SP251WXPVM] Start[0000-00-00] End[0000-00-00] : 10 .h2. CEMCorrId[6] TrDom[TestDomain] Funct[MASTER] Key[NARSIL181] Start[0000-00-00] End[0000-00-00] : 5 .bat %SPAZIO%/SpazioAs2/CERT/as2test.as2.driver).CEMCorrId[16] TrDom[TestDomain] Funct[MASTER] Key[SP251WXPVM] Start[0000-00-00] End[0000-00-00] : 9 .CEMCorrId[15] TrDom[TestDomain] Funct[SERVER] Key[VmLinux] Start[2013-01-01 00-00-00] … … End[2016-12-31 00-00-00] : 8 ..cer to communicate with the partner AS2-Prova_To for MASTER operations (send files). CEMCorrId[1] TrDom[TestDomain] Funct[MASTER] Key[VmLinux] Start[0000-00-00] End[0000-00-00] : 1 .cer -k AS2-Prova_To -t TestDomain -f MASTER -u "jdbc:h2:tcp://localhost/%SPAZIO%/… … spdata/spfab/persistent/system/h2/as2data" This command inserts the certificate as2test. -c The path to a configuration file. -x Activate debug information. in the format shown above. Allowed values are: true or false. CEMCorrId[9] TrDom[TestDomain] Funct[SERVER] Key[AS2_From] Start[2014-03-27 00-00-00] … … End[2015-12-31 00-00-00] : 7 .properties. CEMCorrId[5] TrDom[TestDomain] Funct[SERVER] Key[AS2_From] Start[0000-00-00] End[0000-00-00] : 4 . CEMCorrId[2] TrDom[TestDomain] Funct[MASTER] Key[AS2_To] Start[0000-00-00] End[0000-00-00] : 2 . An example is provided below to simply insert a new certificate into the database. with the "-i" flag. Configuration Overview Flag / Property name Description / Value -d / DB_DRIVER The database driver (usually org. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 33 . CEMCorrId[3] TrDom[TestDomain] Funct[SERVER] Key[AS2_To] Start[0000-00-00] End[0000-00-00] : 3 . CEMCorrId[7] TrDom[TestDomain] Funct[MASTER] Key[MaxPcAS2] Start[0000-00-00] End[0000-00-00] : 6 . AS2CL.bat LIST -u "jdbc:h2:tcp://localhost/%SPAZIO%/… … spdata/spfab/persistent/system/h2/as2data" The console output should look like this: Certificate List: . all done The index between square brackets is the RecordID of the record and is needed for the detail/update/delete command. Configuration Overview SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 34 EMAFTM091/06 . spxp.h2.as2.1 Notation For the sake of clarity. the rest of this book will assume that the default line names will be adopted for protocol lines. -tcpAllowOthers –trace Description Properties Description / Value DBMS_SPFAB Flag to enable/disable the use of SPFAB as manager of the connection parameters.as2.DBMS_H2_SERVER_PARAM= .2.DBMS_DRIVER=org..Source[DEFAULT].properties is the main SPXP configuration file for both server and master components. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 35 . the file is divided into stanzas with a prefix that determines transport type and transport protocol.. The remainder of this section is divided into several subsections.Source[DEFAULT].2 AS2 protocol reference (spxp.Driver AS2Server. Therefore. one for each main stanza type. DBMS_DRIVER The JDBC driver of the database DBMS_URL The URL to locate the database DBMS_H2_SERVER_PARAM Embedded H2 DBMS start-up parameters.DBMS_URL= .. Chapter 4 Configuration Reference 4.Source[DEFAULT].properties..properties will actually be referred to as: spxp.properties) spxp. 4. jdbc:h2:tcp://localhost/C:/AS2dir/h2dbms/test AS2Server.* prefix This section describes the default common parameters used for setting Spazio AS2 server side parameters.linename. The following is an example: AS2Server. Allowed values are: true (default) or false.Source[DEFAULT]. 4.1 AS2 Connector Server Section AS2Server.as2. Source[SERVERFILE].LogOptions=Status.TRANSPORT_DOMAIN=TestDomain AS2Server.FlexFrom_1= AS2Server.com AS2Server.As2Path=C:/SpazioAs2 AS2Server. As2Path The working root path for AS2.myorg.Source[SERVERFILE]
[email protected]. LogOptions The information to be written to AS2 log files.Source[SERVERFILE].CEMMAIL_SMTP_AUTH_PWD=mypassword AS2Server.OriginalFilename=false AS2Server.Source[SERVERFILE]
[email protected][SERVERFILE].ConnectorType=http AS2Server.Source[SERVERFILE].Source[SERVERFILE].CEMMAIL_SMTP_HOST_PORT=25 AS2Server.CEMMAIL_AUTHENTICATION=true AS2Server.Source[SERVERFILE].Source[SERVERFILE].Source[SERVERFILE].Queue=AS2TEST AS2Server.Source[SERVERFILE].MdnQueue= AS2Server.MdnServletPath= AS2Server.* prefix This multiple section describes the various Source instances of the protocol.MoveType=COPY AS2Server.Source[SERVERFILE].Source[SERVERFILE]. Response.AsynchMdnBehaviour=DIRECT AS2Server. Errors AS2Server.com Description Properties Description / Value ServerPort The HTTP port number where file receiving is active.Source[SERVERFILE].MdnSaved= AS2Server.CEMMAIL_SMTP_AUTH_USER=myname AS2Server.Source[SERVERFILE].FileServletPath=/receiver AS2Server. See the note for allowed values.MdnMailSubject= MDN from SpazioAS2 AS2Server.Source[SERVERFILE]. ConnectorType Defines the type of server connector.QM=SPXP AS2Server.Source[SERVERFILE].QMUser= AS2Server.MdnMailServer=smtp.Source[SERVERFILE]. Here is an example of setting the values: AS2Server.Source[SERVERFILE].Source[SERVERFILE]. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 36 EMAFTM091/06 .Source[SERVERFILE].Source[SERVERFILE].Source[SERVERFILE].FlexQueue_1= AS2Server. Allowed values are: HTTP (default).QMPassword= AS2Server. FileServletPath The servlet path where file receiving is active (e.Source[SERVERFILE].com AS2Server.CEMMAIL_PROTOCOL=smtp AS2Server. QM Name of the Queue Manager where files are queued.Source[SERVERFILE]. HTTPS.Source[ServerName].ServerPort=8010 AS2Server.Source[SERVERFILE].CEMMAIL_SMTP_HOST_NAME=smtp. http://localhost:8010/receiver).com AS2Server.Source[SERVERFILE].Source[SERVERFILE].myorg.Configuration Reference AS2Server. Allowed values are: true (default) or false. put the AS2 name in Spazio External Filename. MoveType Spazio move type flag. DBMS_H2_SERVER_PARAM Embedded H2 DBMS start-up parameters. where x is from 1 to 99 (ascending and in sequence). Allowed values are: MOVE. MdnServletPath The servlet path where MDN receiving is active (e. DBMS_URL The URL to locate the database. In DIRECT mode the MDN is sent immediately after the file is received and stored in the defined queue. If true. http://localhost:8011/mdn). Allowed values are: true or false (default). SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 37 . MdnMailFrom Mail account to be used as sender when sending MDN by email. See the note below for details. TRANSPORT_DOMAIN Certificates AS2 Transport Domain. put the original file name in Spazio External Filename.g. Allowed values are: DIRECT (default). If false or absent. for standard AS2 behavior. AsynchMdnBehaviour Asynchronous MDN type. MdnMailServer SMTP Server to send MDN by mail. MdnMailSubject Subject to be used when sending MDN by email. QMPassword User password to insert the received files into Spazio Queue Manager. The default is false. OriginalFilename Flag to manage the Spazio External filename. Configuration Reference Properties Description / Value Queue Name of the default Queue where files are queued. DBMS_DRIVER The JDBC driver of the database. COPY (default) and LINK. DBMS_SPFAB Flag to enable/disable the use of SPFAB as manager of the connection parameters. QMUser User ID to insert the received files into Spazio Queue Manager. FlexFrom_x Multiple queue association based on AS2-From FlexQueue_x field. Note for FlexFrom and FlexQueue Server parameters With these parameter you can configure an association between the sender and the receiving Spazio queue. based on the AS2-From field of the AS2 transmission. Note for LogOptions Server parameters This parameter manages the information to be written to AS2 log files. When specifying multiple values. All All of the above. Payload Contains a log of the processed payload after transmission.e. Request Contains the raw incoming request before processing. If set to false. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 38 EMAFTM091/06 . the server will use the AS2Restart feature when receiving files from a partner that supports this functionality. MDN Contains the MDN receipt response to a request. CEMMAIL_PROTOCOL Mail server parameters and mail address for CEMMAIL_SMTP_HOST_NAME CEMRequest and CEMResponse notifications. the server will not use the AS2Restart. LogOptions=Status. Payload). include them in the same comma-separated string (i. Allowed values: YES or NO (default).Configuration Reference Properties Description / Value MdnSaved Option to save MDNs as files in a Spazio queue. Errors This is only written if an error is encountered and contains the error. Allowed values: true or false (default). Allowed values are: Status Contains information on applied security options and pass/fail status of transmission. MdnQueue Spazio queue where MDNs are saved (if MdnSaved=YES). CEMMAIL_SMTP_HOST_PORT CEMMAIL_AUTHENTICATION CEMMAIL_SMTP_AUTH_USER CEMMAIL_SMTP_AUTH_PWD CEMMAIL_TO EnableAs2Restart If EnableAs2Restart is set to true. Request. identifying each MDN as a file with a CorrelationId calculated using the AS2-To field. by configuring the SYNC_MDN_QUEUE and the SYNC_MDN_QM parameters in the AS2 master properties section.* prefix) This set of properties is used to configure SPXP AS2 Connector Master Push transports.Source[SERVERFILE].e. AS2Server.FlexQueue_1=QUEUE01 AS2Server. i. files received from the server SERVERFILE with AS2- FromFromCustXXX are placed in the Spazio queue QUEUE01. If not present. If it is necessary to store these MDNs. Files received with AS2-FromFromCustYYY are placed in the Spazio queue QUEUE02. Each configured target is identified with a user defined <destination> label that must match the name specified as RemoteQMgr in the remote queue definition and associated definitions in sprnode. by configuring the MdnSaved and the MdnQueue parameters in the AS2 server properties section. the AS2 Connector allows you to do this as described below: For asynchronous MDNs. Note for MDNs stored in Spazio queues Normally.Source[SERVERFILE]. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 39 .. all the MDNs received by that server will be stored in the specified queue.Source[SERVERFILE]. transports that move files from a Spazio MFT/S Queue Manager remote queue to a target AS2 compliant server.Source[SERVERFILE]. only the default Spazio queue for that server will be used.Queue=AS2TEST . this is done by the master component of the AS2 Connector. with the following configuration: AS2Server. this is done by the server component of the AS2 Connector. Files received with any other value in the AS2-From field are placed in the default Spazio queue AS2TEST. Configuration Reference For example.2.FlexFrom_1=FromCustXXX AS2Server.. If enabled. The fields FlexFrom_x and FlexQueue_x must both be present and filled in correctly. all MDNs returned from that connection will be stored in the specified queue. otherwise the association will be discarded.2 AS2 Connector Push Sections(AS2. 4. returned MDNs are evaluated (to establish the result of the transmission) and then discarded by Spazio (they could be present in log directories depending on the LogOptions setting). identifying each MDN as a file with a CorrelationId calculated using the AS2-To field.FlexQueue_2=QUEUE02 In this scenario. If these values are present.Target[destination].ini. For synchronous MDNs.Source[SERVERFILE].FlexFrom_2=FromCustYYY AS2Server. Target[DEFAULT].Target[AS2QM].Target[AS2QM].SPProxy.Target[AS2QM].LogOptions=Status.URL=remote AS2 Server URL AS2Master.Target[DEFAULT].Target[AS2QM].SYNC_MDN_QMPassword=User Password AS2Master.Enabled=true AS2Master.SYNC_MDN_QUEUE=Queue Name AS2Master. The DEFAULT master section is shown below.Enabled=false AS2Master.EDITYPE=EDI file type AS2Master.SPProxy.Target[AS2QM].FROM=Default-AS2-From AS2Master.TO=AS2-To AS2Master. To configure a new destination: Create a remote queue definition Create a remote node definition Create a JXP transport line (if a suitable one is not available) Create an AS2 transport class (if a suitable one is not available) Create a new properties section by overriding one or more of the properties provided in the default one.As2Path=C:/SpazioAs2 AS2Master.Target[AS2QM]. It must be filled in to detail the specific configuration of the Target.TRANSPORT_DOMAIN=AS2Master AS2Master.Target[AS2QM].TRANSPORT_DOMAIN=TestDomain AS2Master. Errors AS2Master. AS2Master.Enabled=false AS2Master. Response.Target[AS2QM].Target[DEFAULT].Target[AS2QM].Target[AS2QM]. as long as it differs from DEFAULT one.Target[AS2QM].SEND_TIMEOUT=send file timeout AS2Master.Port=10810 SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 40 EMAFTM091/06 .Target[AS2QM].Target[AS2QM].Target[DEFAULT].Target[DEFAULT].TO=Default-AS2-To AS2Master.Target[AS2QM].MDN_SYNCHRO=synchronicity type AS2Master. It must be filled in properly if no such target is provided.MDN_OPTIONS=MDN format required AS2Master.Target[DEFAULT].Target[AS2QM].FROM=AS2-From AS2Master.Target[DEFAULT].Configuration Reference The <destination> named DEFAULT is special: it contains the values that will be used at runtime for parameters not specified in user-defined destination specific sections.MDN_TO=email address for SMTP MDN AS2Master.Target[AS2QM].Target[AS2QM]. AS2Master.SYNC_MDN_QMUser=User Name AS2Master.MDN_DELIVERY_URL=URL for MDN DeliveryAS2Master.Target[DEFAULT].Target[AS2QM].MESSAGE_SUBJECT=Subject for eMail AS2Master.EDITYPE=EDI file type AS2Master.DBMS_SPFAB=true AS2Master.Target[DEFAULT].Target[AS2QM].DBMS_SPFAB=true The specific section for an AS2 Master Target (AS2QM for example) is shown below.URL=remote AS2 Server URL AS2Master.SYNC_MDN_QM=QueueManager Name AS2Master. Configuration Reference Description Properties Description / Value Enabled Switch to disable a definition in the properties file without removing it. If it’s preferred to receive an unsigned receipt set MDN_Options to an empty string. EDITYPE The EDI message type to be sent. application/xml. See the note for allowed values. If Request MDN is selected. FROM The AS2 Identifier of the sending system TO The AS2 Identifier of the receiving system URL The URL of the remote AS2 server to post to SEND_TIMEOUT Timeout in seconds for the submission of files. A value of 0 means infinite wait.e. As2Path The working root path for AS2. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 41 . i. During transmission of big files the connection idle time could be very large. defines a set of protocol parameter as the MIC algorithm that is preferred for use by the receiving party in signing the returned receipt. MESSAGE_SUBJECT The e-mail subject of the MDN message MDN_SYNCHRO The type transmission of the MDN. use a SEND_TIMEOUT=0 to avoid timeout error. Allowed values are: synchronous and asynchronous: Value Description synchronous MDN sent back in the same HTTP/S session of the message submission asynchronous MDN sent via a new HTTP/S session to a specified URL MDN_OPTIONS Used to indicate the options requested for the MDN receipt. with a Received-Content-MIC value that establishes digital non-repudiation. By default the connector will request a SIGNED receipt. LogOptions The information to be written to AS2 log files. Allowed values are: true or false. Can be MD5 or SHA1. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 42 EMAFTM091/06 . the connector will use HTTP chunked encoding when posting if possible. Allowed values are: true or false(default). Allowed values are: true or false(default). This URL must correspond to an active Spazio AS2 MDN receiver. SPProxy. SYNC_MDN_QUEUE QueueManager and Queue where synchronous SYNC_MDN_QM MNDs are to be stored. SendContentTransfer If set to true force the sending of Content- Encoding Transfer-Encoding header in the request. signed-receipt-micalg=optional. If ChunkedEncoding is set to true. MDN_DELIVERY_URL The destination URL for reply. Use this option to send large files and if the receiving server supports this mode. defined in the Server section. pkcs7-signature.Configuration Reference Properties Description / Value The default value is signed-receipt- protocol=optional. ChunkSize Specifies the chunk size in bytes when using chunked encoding. MDN_TO The e-mail address for SMTP MDNs. SYNC_MDN_QMUser User and Password are required to access SYNC_MDN_QMPassword secured Queue Managers. See the SPAZIO MFT/S for Distributed Platforms: SPAZIO DMZ Gateway manual for further details. sha1. md5 . HTTP chunked encoding allows large files to be sent in chunks instead of all at once. If set to false. TRANSPORT_DOMAIN Certificates AS2 Transport Domain.Enabled Switch to enable the Spazio DMZGateway proxy support. The default value is 16384.Port Port for Spazio DMZGateway proxy. If QM or QUEUE is empty. Allowed values are: true or false(default). the bean will not use HTTP chunked encoding. where the asynchronous MDN should be sent. SPProxy. ChunkedEncoding Enables or Disables HTTP chunked encoding (CTE) for transfers. This is only applicable when ChunkedEncoding is true. synchronous MDNs are only evaluated and then discarded. If not present the MDNs are not requested. ini As2. Request.err extension is written when an error is encountered. For asynchronous requests. LocalAddress Source bind address for multihomed machine. include them in the same string (i. The default value is false to maintain backward compatibility with AS2 partners. Request Contains the outgoing transmission.ini The first dstk. Note for LogOptions Master parameters This parameter manages the information to be written to AS2 log files. the connector will not use the AS2Restart. if sent. 4.ini file is generic for all the aspects of security managed through the Spazio proprietary DSSP system and all the default values that the AS2 connector will use unless they are specifically defined are configured in this file.e. Allowed values are: Status Contains information on applied security options and pass/fail status of transmissions.3 AS2 security configuration Security for the AS2 transport is defined and configured through two files: Dstk. Response For synchronous requests or asynchronous receipts verified. contains MDN receipt. If set to false. When specifying multiple values. SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 43 . Payload Contains a log of unsecured payloads prior to transmission. LogOptions=Status. Allowed values are: true or false. Payload"). ErrFile A separate file with an . with applied security options. Configuration Reference Properties Description / Value EnableAs2Restart If EnableAs2Restart is set to true. All All of the above. contains server acknowledgement. the connector will use the AS2Restart feature when sending a file to a partner. . .encryption.ini configuration .MD5 HashingAlgorithm= . . dstk. A set of rules is identified by a <ProtocolName>. the name of a server stanza in spxp. values that will be used unless they have been redefined in as2. private key KeyID= . .Encryption algorithm for outgoing AS2 messages. Then the parameters for the various security rules used in these lists are configured. Allowed values 3DES. Quality of protection to be applied to outgoing AS2 messages. =================================================== [ACCEPT] . key alias of the signing . Allowed values : SHA1. =================================================== SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 44 EMAFTM091/06 . Allowed values : none. .digitalSignature. .properties . Servers to a custom set of rules. . which default configuration parameters are overridden.AESCBC192.AES. Allowed values : JKS. AS2 Servers are identified by a <name> that is . Hashing algorithm for outgoing AS2 messages. in which a set of applicable security rules is associated to each instance. Name of Software Token to use for AS2 Security. =================================================== . Servers to a custom set of rules. A row in this section is written in the following way: . CryptoSystem to use for AS2 Security. encryption. a free section name in . keys and signing certificates. KeyID: signer's identifier within Token. TokenName . signature and any other security related operations. <name>=ProtocolName . .Configuration Reference The as2. The following section contains rows that associate . The following section contains rows that associate .ini configuration This generic DSSP file contains a section for the general default parameters of the AS2 protocol.ini: [AS2] . for each Master or Source instance. Following section contains rows that associate target . and so on. PKCS12 CryptoSystem .as2.ini file is specific for the AS2 connector and allows you to define in detail the security parameters such as authentication token.AESCBC256 EncryptionAlgorithm= as2. =================================================== . encryption and compression protocols.compression MessageQOP= . This is followed by a series of steps necessary for loading the certificates and tokens used by DSSP to perform authentication. This definition starts from the creation of two lists of Master ([CONNECT]) and Server ([ACCEPT]) components. Servers to a custom set of rules. . =================================================== [ProtocolName] .AESCBC256 .MessageQOP& MessageQOP= . . . . if Token contains a single private key/cert. . KeyID: Signer's identifier within Token. DEFAULT: &AS2. CONNECT section and is associated to a target server. . A set of rules is identified by a <ProtocolName>. OPTIONAL. DEFAULT: &AS2. . Configuration Reference [CONNECT] .AESCBC192. . of a master stanza in spxp.compression . ACCEPT section and is associated to a target server. It allows you to override client Token. CryptoSystem to use for AS2 Security. . that is the name . <name>=ProtocolName . target AS2 server. a free section name . =================================================== . It allows you to override server Token. in which default configuration parameters are overridden.TokenName& TokenName= .Encryption algorithm for outgoing AS2 messages. DEFAULT : &AS2. . key alias of the signing private key . Hashing algorithms for signature creation.EncryptionAlgorithm& EncryptionAlgorithm= . DEFAULT: &AS2. PKCS12 . default configuration for all clients connecting to .digitalSignature. =================================================== . . and other .properties . Allowed values : JKS.encryption. Quality of protection to be applied to outgoing AS2 messages. CryptoSystem to use for AS2 Security. . command KeyID= . =================================================== [ProtocolName] . Name of Software Token to use for AS2 Security.CryptoSystem& CryptoSystem= . DEFAULT : &AS2. PKCS12 . .CryptoSystem& CryptoSystem= . Need to use the "Nome Alias" as reported from . Name of Software Token to use for AS2 Security. .MD5 . "c:\java\jdk1. The following section name is defined in the . DEFAULT: &AS2. A row in this section is written in the following way: . KeyID: Signer's identifier within Token. key alias of the signing private key . Allowed values : SHA1.pfx -storetype pkcs12 -v" .TokenName& TokenName= .AES. token parameters . . DEFAULT : &AS2. Allowed values : JKS. ./as2sender. Allowed values : 3DES. .KeyID& . Allowed values : none. Target AS2 Server are identified by <name>. DEFAULT: &AS2. .6\bin\keytool -list -keystore . . and related .as2. The following section name is defined in the . . Need to use the "Nome Alias" as reported from SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 45 .HashingAlgorithm& HashingAlgorithm= . after having inserted the corresponding password.pfx you can use the keytool command: %SPAZIO%\bin\jre\bin\keytool -list -keystore C:\SpazioAS2\CERT\as2sender.pfx -storetype pkcs12 –v which.6\bin\keytool -list -keystore . "c:\java\jdk1.pfx KeyID=633452433461101480 MessageQOP=digitalSignature HashingAlgorithm=SHA1 EncryptionAlgorithm=3DES To view the data of the keystore as2sender.ini the following is added: [CONNECT] AS2QM=client and as a result a new “client” section is created: [client] CryptoSystem=PKCS12 TokenName=C:\SpazioAS2\CERT\as2sender./as2receiver. responds with: Insert the keystore password: Keystore type: PKCS12 Keystore provider: SunJSSE The keystore contains 1 entry Alias name: 633452433461101480 Creation date: 21-Mar-2012 Item type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=AS2 Test Sending Organization Issuing authority: CN=AS2 Test Sending Organization Serial number: 1 Valid from: Thu May 01 18:55: 46 CEST 2008 to: Sun Apr 29 18:55: 46 CEST 2018 Certificate digital fingerprints: MD5: DF:8D:53:26:1C:5A:74:7B:6A:4E:72:81:29:51:9A:C3 SHA1: 30:92:1D:B4:78:82:47:C0:AF:90:F1:44:D2:6B:D7:AB:C2:D5:E2:A3 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* ******************************************* SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 46 EMAFTM091/06 .pfx -storetype pkcs12 -v" . command KeyID= Sample configuration of Spazio (MASTER) client with digitalSignatureMDN In the CONNECT section of as2.Configuration Reference . .] was modified as described below: AS2Master.pfx Command 'list' completed successfully Loading partner certificates in the repository of AS2 and DSSP.properties the item MDN_OPTIONS in the section AS2Master. md5 Inserting the client-security-token in the Spazio DSSP password database. Use the command AS2CL: AS2CL C:\SpazioAS2\CERT\as2receiver...IFEXISTS=TRUE" SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide EMAFTM091/06 47 .pwd' for: Owner='Administrator' Type ='PKCS12' Name ='C:\SpazioAS2\CERT\as2sender. StackTrace details .pwd' contents: Pwd | Owner | Type | Name ----|----------------|------------|----------------------------------- x | Administrator | PKCS12 | C:\SpazioAS2\CERT\as2sender. ##################### ERROR ###################### To check the content of the database you can use the command: dbputil –l that replies with: Listing db 'c:\spazio/dssp/db. Configuration Reference In spxp. the error is reported in the AS2 traces (spxp.pfx' Password: Reenter Password: Command 'add' completed successfully Make sure that you insert the full path of the certificate and the correct user.Target[AS2QM]..as2.trace) with the following message: ##################### ERROR ###################### Digital signature certificate error : . signed-receipt-micalg=sha1.... If the certificate is not inserted correctly.MDN_OPTIONS=signed-receipt- protocol=pkcs7-signature.Target[..cer -k AS2-To -t TestDomain -f MASTER -u "jdbc:h2:tcp://localhost/C:/spazio/ spdata/spfab/persistent/system/h2/as2data.pfx -t PKCS12 -u Administrator that responds with: Adding a new password to 'c:\spazio/dssp/db. Use the dbputil command: dbputil -a C:\SpazioAS2\CERT\as2sender.as2. IFEXISTS=TRUE (spxp. If the user chooses to use the H2 embedded RDBMS as made available by SPFAB.DBMS_DRIVER=org. the following values must be assigned (or you can also leave the DBMS_SPFAB parameter undefined in order to accept the default true value): (spxp.properties file the parameters for accessing the RDBMS that is used by the AS2 connector to store communication information must be configured.as2. IFEXISTS=TRUE specifies that the DB is to be accessed only if already exists and without recreating it if it doesn't. /as2/h2dbms/test.properties section). as already seen in the previous sections.Driver (spxp.as2.DBMS_SPFAB=true If the user chooses to use the embedded RDBMS server without passing via SPFAB..properties section).as2.h2.as2.h2. in this case located on localhost (i.DBMS_H2_SERVER_PARAM=-tcpAllowOthers Where: org.properties section).DBMS_URL=jdbc:h2:tcp://localhost/C: . The parameters.4 AS2 DBMS connectivity configuration In the spxp.properties section).Driver is the name of the standard H2 Driver jdbc:h2:tcp specifies a TCP connection to the H2 server //localhost/C:/as2/h2dbms/test.Configuration Reference 4. are: DBMS_SPFAB Flag to enable/disable the use of SPFAB as manager of the connection parameters.DBMS_SPFAB=false (spxp.e.as2. the following values must be assigned: (spxp. Allowed values are: true (default) or false. specifies test as the name of the DB used. DBMS_URL Parameters for accessing the specific DB DBMS_H2_SERVER_PARAM Start-up parameters for the H2 server embedded in Spazio MFT/S. the same machine on which Spazio is running) in the folder C:/as2/h2dbms/ (obviously in a Windows environment). DBMS_DRIVER JDBC driver used for accessing the RDBMS.as2.properties section). SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide 48 EMAFTM091/06 .