Sun B2B Suite AS2 Protocol Manager User's Guide
Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A.
Part No: 820–1228 December 2007 Copyright 2007 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK and SunTM Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written license agreements. Products covered by and information contained in this publication are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical or biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the deniedpersons and specially designated nationals lists is strictly prohibited. DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
Copyright 2007 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. Tous droits réservés. Sun Microsystems, Inc. détient les droits de propriété intellectuelle relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats-Unis et dans d'autres pays. Cette distribution peut comprendre des composants développés par des tierces personnes. Certaines composants de ce produit peuvent être dérivées du logiciel Berkeley BSD, licenciés par l'Université de Californie. UNIX est une marque déposée aux Etats-Unis et dans d'autres pays; elle est licenciée exclusivement par X/Open Company, Ltd. Sun, Sun Microsystems, le logo Sun, le logo Solaris, le logo Java Coffee Cup, docs.sun.com, Java et Solaris sont des marques de fabrique ou des marquesdéposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc. L'interface d'utilisation graphique OPEN LOOK et Sun a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts de pionniers de Xerox pour la recherche et le développement du concept des interfaces d'utilisation visuelle ou graphique pour l'industrie de l'informatique. Sun détient une licence non exclusive de Xerox sur l'interface d'utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l'interface d'utilisation graphique OPEN LOOK et qui, en outre, se conforment aux licences écrites de Sun. Les produits qui font l'objet de cette publication et les informations qu'il contient sont régis par la legislation américaine en matière de contrôle des exportations et peuvent être soumis au droit d'autres pays dans le domaine des exportations et importations. Les utilisations finales, ou utilisateurs finaux, pour des armes nucléaires, des missiles, des armes chimiques ou biologiques ou pour le nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou réexportations vers des pays sous embargo des Etats-Unis, ou vers des entités figurant sur les listes d'exclusion d'exportation américaines, ycompris, mais de manière non exclusive, la liste de personnes qui font objet d'un ordre de ne pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la legislation américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement designés, sont rigoureusement interdites. LA DOCUMENTATION EST FOURNIE "EN L'ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE UTILISATION PARTICULIERE OU A L'ABSENCE DE CONTREFACON.
081126@21288 Contents
Preface ...... 7
1 Introduction to AS2 PM ...... 11 About the AS2 Protocol ...... 11 General History and Definitions ...... 11 AS2 Message Format ...... 12 Packaging Layer References ...... 13 Additional AS2 References ...... 14
2 Overview of AS2 PM ...... 15 AS2 PM: Introduction ...... 15 Business Problem-Solving With AS2 PM ...... 16 Installing AS2 PM ...... 17 Version Information ...... 18 Configuring eGate Projects for Large Messages ...... 18 After You Install ...... 19 Database Scripts ...... 19 Configuring Cryptographic Features ...... 19
3 Using SME/KSWith AS2 PM ...... 23 About SME/KS ...... 23 About Security Certificates ...... 24 About MIME Formatting ...... 24 About S/MIME Cryptography ...... 25 About SME/KS Processes ...... 26 Key Pair Encryption ...... 26 Signatures and Verification ...... 27
3 Contents
Compression and Decompression ...... 29 Attached and Detached Digital Signatures ...... 29 Attached Signatures ...... 29 Detached Signatures ...... 30 Private Keys ...... 30 Certificate Formats ...... 30 ▼ To Create a Certificate File ...... 30 ▼ To Convert Certificates With Internet Explorer ...... 31 ▼ To Use Internet Explorer To Transfer Certificate Formats ...... 36 About Keystores and Truststores ...... 39 Creating and Managing Private Keys ...... 40 ▼ To Create and Configure a Keystore ...... 40
4 Configuring AS2 PM ...... 41 Configuring eXchange Partner Manager: Overview ...... 41 ePM, B2B Hosts, and Trading Partners ...... 41 eXchange ePM ...... 42 Configuring B2B Hosts and TPs in ePM ...... 46 Tabs in the ePM Canvas ...... 46 Parameter Types ...... 47 Additional Information ...... 47 Configuring AS2 PM ePM Parameters ...... 47 ToPartner and FromPartner Messaging Model ...... 48 Message Attribute Definition Parameters ...... 49 Transport Attribute Definition Parameters ...... 57 Cryptography Settings ...... 58 Handler Type Settings ...... 60
5 Quick Start for AS2 PM ...... 63 Using the Quick Start Procedures ...... 63 Quick Start, Tutorial, or Both? ...... 63 Overview of Basic Setup Steps ...... 64 Atlanta and Berlin: Sample Business Scenario ...... 65 Sample Scenario Business Description ...... 65 Sample Scenario Project Folders ...... 66
4 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Contents
Beginning Operations ...... 67 Before Starting Enterprise Designer ...... 67 Exporting Sample Files ...... 68 Editing the Sample XML File ...... 69 Constructing the Environments: Summary ...... 69 Before You Begin ...... 69 Creating External Systems ...... 70 Configuring External Systems ...... 70 Using Deployment Profiles ...... 70 Locating the Projects ...... 71 Deploying the Deployment Profiles ...... 71 Importing Files for ePM ...... 72 Running the ePM Interface ...... 72 Importing B2B Hosts ...... 72 Importing Security Files ...... 72 Importing Trading Partners ...... 73 Running the Sample Scenario ...... 73 ▼ To Transport Data Between the TPs ...... 73 Monitoring Messages ...... 74
6 AS2 PM Sample ScenarioTutorial ...... 75 Using This Tutorial ...... 75 Quick Start and Tutorial Approaches ...... 75 Introduction to the Sample Scenario ...... 76 Operational Diagram ...... 76 Server Configurations ...... 77 Preconfiguration for Atlanta and Berlin Environments ...... 78 Creating and Starting the Domains ...... 78 Adding a New User to ePM and Message Tracking ...... 79 Adding the Application Server Instances ...... 81 Initializing and Running Enterprise Designer ...... 82 Editing the Sample Data XML File ...... 83 ▼ To Export the Sample Data Files ...... 83 ▼ To Edit the Atlanta Data File ...... 83 Constructing the Environments ...... 85
5 Contents
Using Environment Explorer ...... 85 Setting up the Environments ...... 86 ▼ To Prepare for the Next Steps ...... 94 Constructing the Projects and Their Deployment Profiles ...... 95 Constructing the B2B Host Project ...... 95 Constructing the eXchange Deployment Project ...... 97 Constructing the Remaining Deployment Profiles ...... 99 Summary of Sample Scenario Projects ...... 99 Importing and Configuring Components in ePM ...... 100 Before Using ePM ...... 100 Running ePM ...... 101 The ePM Window ...... 102 Importing B2B Hosts ...... 103 Importing TPs ...... 103 Importing Keys and Certificates ...... 106 Using Action Groups and Transaction Profiles ...... 106 Using Configuration Parameters in ePM ...... 107 Configuring the TPs in the Sample Scenario ...... 108 Running the Sample ...... 124 Using Message Tracking ...... 124 Before You Begin ...... 124 Accessing Message Tracking ...... 124 Message Tracking Window ...... 125
Glossary ...... 127
Index ...... 129
6 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Preface
AS2 Protocol Manager User's Guide explains how to install, configure, deploy, and use the Sun JavaTM Composite Application Platform Suite (Java CAPS) AS2 Protocol Manager (PM). This product is part of the Sun B2B Suite.
Who Should UseThis Book This book is intended for computer users who have the ability and responsibility of setting up and maintaining a fully functioning Java CAPS system.
These persons must also understand any operating systems on which Java CAPS is installed, for example, and must be thoroughly familiar with Windows-style user interface operations, as well as having a familiarity with the Applicability Statement 2(AS2) protocol for business messaging.
BeforeYou ReadThis Book Before your try to understand the concepts presented in this book and begin using the tutorial and reference materials it presents, make sure you read or are familiar with the references listed under “Related Books” on page 8. You must be especially proficient in the basic use of eGateTM Integrator, eWayTM Adapters, eInsightTM Business Process Manager, and eXchangeTM Integrator.
HowThis Book Is Organized This book contains the following chapters:
■ Chapter 1, “Introduction to AS2 PM,” provides a brief summary ofAS2 and its operation with AS2 PM. ■ Chapter 2, “Overview of AS2 PM,” gives an overview of AS2 PM and its basic features, including installation information. ■ Chapter 3, “Using SME/KS With AS2 PM,” gives an overview of the eXchange Secure Messaging Extension With Keystore (SME/KS), including its general operation. ■ Chapter 4, “Configuring AS2 PM,” explains the eXchange ePartner Manager (ePM) configuration steps necessary to allow AS2 PM to operate in your environment.
7 Preface
■ Chapter 5, “Quick Start for AS2 PM,” provides a brief overview of how to set up and run the AS2 PM sample scenario provided with the product. ■ Chapter 6, “AS2 PM Sample Scenario Tutorial,” explains in detail, how to implement and use the AS2 PM sample Project scenario.
Related Books The following books provide additional related information about topics in this book:
■ Java Composite Application Platform Suite Installation Guide ■ Java Composite Application Platform Suite Deployment Guide ■ Sun SeeBeyond eGate Integrator User’s Guide ■ Sun SeeBeyond eGate Integrator System Administration Guide ■ Sun SeeBeyond eGate Integrator JMS Reference Guide ■ Sun SeeBeyond File eWay Adapter User’s Guide ■ Sun SeeBeyond Batch eWay Adapter User’s Guide ■ Sun SeeBeyond Oracle eWay Adapter User’s Guide ■ Sun SeeBeyond LDAP eWay Adapter User’s Guide ■ Sun SeeBeyond HTTP(S) eWay Adapter User’s Guide ■ Sun SeeBeyond eInsight Business Process Manager User’s Guide ■ Sun B2B Suite eXchange Integrator User’s Guide ■ Sun B2B Suite eXchange Integrator Developer's Guide
Screen Captures Depending on what products you have installed, and how they are configured, the screen captures in this book may differ from what you see on your system.
RelatedThird-PartyWeb Site References Third-party URLs are referenced in this book and provide additional related information.
Note – Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources.
8 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Preface
Documentation, Support, andTraining
The Sun web site provides information about the following additional resources:
■ Documentation (http://www.sun.com/documentation/) ■ Support (http://www.sun.com/support/) ■ Training (http://www.sun.com/training/)
Typographic Conventions
The following table describes the typographic conventions that are used in this book.
TABLE P–1 Typographic Conventions
Typeface Meaning Example
AaBbCc123 The names of commands, files, and directories, Edit your .login file. and onscreen computer output Use ls -a to list all files. machine_name% you have mail.
AaBbCc123 What you type, contrasted with onscreen machine_name% su computer output Password:
aabbcc123 Placeholder: replace with a real name or value The command to remove a file is rm filename.
AaBbCc123 Book titles, new terms, and terms to be Read Chapter 6 in the User's Guide. emphasized A cache is a copy that is stored locally. Do not save the file. Note: Some emphasized items appear bold online.
Shell Prompts in Command Examples
The following table shows the default UNIX® system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
9 Preface
TABLE P–2 Shell Prompts
Shell Prompt
C shell machine_name%
C shell for superuser machine_name#
Bourne shell and Korn shell $
Bourne shell and Korn shell for superuser #
10 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 1CHAPTER 1 Introduction to AS2 PM
This chapter provides a basic introduction to AS2 protocol, as well as how it operates with AS2 PM. It is not intended to be a thorough tutorial for all the features this protocol.
This chapter covers the following topics: ■ “About the AS2 Protocol” on page 11 ■ “Additional AS2 References” on page 14 About the AS2 Protocol AS2 is an Internet Draft security standard defined by the IETF (Internet Engineering Task Force) and designed to allow business transactions to move securely over the Internet. The standard that is defined is referred to as AS2.
The AS2 specification describes how applications communicate Electronic Data Interchange (EDI) transaction data over the Internet using HTTP,in a secure and interoperable manner. AS2 emphasizes the following key aspects of data security: ■ Privacy ■ Data integrity ■ Authenticity ■ Nonrepudiation of origin and receipt
AS2 specifies the means to connect and to deliver, validate, and reply to data, securelyand reliably. The purpose of this chapter is to assist you in developing an AS2-compliant eXchange system deployment that is interoperable with other implementations used by your TPs.
General History and Definitions AS2 is an extension to Applicability Statement 1 (AS1), the standard for secure message transport based on the Simple Mail Transfer Protocol (SMTP). The extension from AS1 to AS2
11 About the AS2 Protocol
consists mainly of compatibility with HTTP(S ), that is, HTTP with the Secure Sockets Layer (SSL), and S/Multipurpose Internet Mail Extensions (S/MIME).
Definition of EDI-INT EDI-INT is an Internet Engineering Task Force (IETF) Working Group that exists to document the requirements and best practices for secure, interoperable EDI. The EDI-INT Requirements document contains sufficient background material to give the EDI community an explanation of any Internet-related issues.
The EDI-INT Requirements and Applicability Statements are general in nature, so they can be applied to all types of eBusiness transfers across nonsecure networks. The message payload itself does not have to be EDI. The data being transferred can be in the form of Extensible Markup Language (XML) business documents or any other data format.
Definition of AS1 AS1 is an Applicability Statement that described how then-current Internet standards could be leveraged to achieve EDI-INT using SMTP transport technologies. AS1 was published by the IETF EDI-INT Working Group.
Definition of AS2 AS2 is also an IETF EDI-INT Working Group specification. It extends AS1 to include real-time EDI based on S/MIME and HTTP(S ). AS2 security constructs are the same as AS1, with the addition of session-based cryptographic features and authentication.
AS2 Message Format An AS2 message conforms using the following structure: ■ HTTP header package: RFC2616/RFC2045 ■ Encryption package: RFC2633 (application/pkcs7-mime) ■ Digitally signed package: RFC1847 (multipart/signed) (encrypted) ■ Message payload: RFC2376 (application/xml) (encrypted) ■ Digital signature: RFC2633 (application/pkcs7-signature) (encrypted) The HTTP header is the outermost package, which is supplemented by the headers of the encryption package, which envelopes the signed multipart, which in turn binds the payload and signature parts.
Figure 1–1 shows a diagram of the basic AS2 protocol message format.
12 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 About the AS2 Protocol
FIGURE 1–1 AS2 Message Format Packaging Layer References
The following list details references for the packaging layers for S/MIME signed, encrypted messages:
■ RFC2616 ■ Hypertext Transfer Protocol: HTTP/1.1 ■ http://www.ietf.org/rfc/rfc2616.txt ■ RFC2045 ■ MIME Part One: Format of Internet Message Bodies ■ http://www.ietf.org/rfc/rfc2045.txt ■ RFC2633 ■ S/MIME Version 3 Message Specification ■ http://www.ietf.org/rfc/rfc2633.txt ■ RFC1847 ■ Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted ■ http://www.ietf.org/rfc/rfc1847.txt rex ■ RFC2376 ■ XML Media Types ■ http://www.ietf.org/rfc/rfc2376.txt
Chapter 1 • Introduction to AS2 PM 13 Additional AS2 References
■ RFC2298 ■ An Extensible Message Format for Message Disposition Notifications ■ http://www.ietf.org/rfc/rfc2298.txt
Additional AS2 References You can find the current standards-track drafts of the EDI-INT Requirements document, as well as AS2 specifications, at the following web sites:
■ For MIME-based secure peer-to-peer business data interchange over the Internet:
http://www.ietf.org/rfc/rfc3335.txt?number=3335 ■ For HTTP transport for secure peer-to-peer business data interchange over the Internet:
http://www.ietf.org/proceedings/02jul/I-D/draft-ietf-ediint-as2-11.txt
http://www.ietf.org/proceedings/02mar/I-D/draft-ietf-ediint-as2-10.txt
14 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 CHAPTER2 2 Overview of AS2 PM
This chapter provides a general overview of AS2 PM as it functions in the context of Java CAPS and the Sun B2B Suite. The chapter includes system descriptions, AS2 PM information, general operation, and basic features.
This chapter covers the following topics:
■ “AS2 PM: Introduction” on page 15 ■ “Business Problem-Solving With AS2 PM” on page 16 ■ “Installing AS2 PM” on page 17
Note – For more information about eGate, eInsight, and eXchange, see the appropriate user’s guides.
AS2 PM: Introduction AS2 PM works primarily with eGate, eInsight, and eXchange. You can use AS2 PM to design Java CAPS Projects to process and validate messages using AS2 messaging protocol.
AS2 PM is designed to work with the eXchange B2B framework to expose all of its Projects’ components. This feature allows you to easily expand and customize your Projects.
AS2 PM performs the following basic operations:
■ Uses a Messaging Service (also called a business service), that is, a sequence of events incorporating rules set by the protocol specifications. ■ Uses information in the message itself and in the eXchange Trading Partner (TP) to prepare messages according to AS2 standards. ■ Works with common eXchange Services to prepare and deliver messages, employing the following features:
15 Business Problem-SolvingWith AS2 PM
■ Visibility of the business logic implemented, using eXchange Business Processes (BPs). ■ Error handling ■ Message tracking ■ TP database lookup ■ PKI cryptographic services, such as encryption and signature creation and verification
For complete instructions on how to use AS2 PM see the following books or chapters in this book:
■ Installation, operating system (OS) compatibility, dependencies, and related information, eXchange Integrator Release Notes. ■ Configuration and an explanation of the configuration parameters in eXchange Partner Manager (ePM), a feature of eXchange, Chapter 4, “Configuring AS2 PM.” ■ General summary of how to get started and use AS2 PM,Chapter 5, “Quick Start for AS2 PM” . ■ Complete explanation of a sample AS2 PM scenario with operation procedures, Chapter 6, “AS2 PM Sample Scenario Tutorial.”
Business Problem-SolvingWith AS2 PM
This book provides instructions and background information for all users of AS2. The book also gives the following types of information about AS2 PM and AS2, to assist in solving your business problems:
■ The relationship of AS2 PM to other components of the Java CAPS, including eGate, eInsight, and eXchange, as well as the appropriate eWays . ■ The AS2 PM components and editors and how to use them in your system environment. ■ How to use the AS2-related features employed by AS2 PM. ■ Importing and implementing an AS2 PM sample scenario provided with the product.
Figure 2–1 shows a diagram of howAS2 PM operates in the context of eXchange and the Sun B2B Suite.
16 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Installing AS2 PM
FIGURE 2–1 AS2 PM/eXchange Operation With Sun B2B Suite Installing AS2 PM
Open and review the README file for the Java CAPS to gain current information youmay need, for example for eGate or eInsight, before installing AS2 PM. You can find this file in the root directory of the Java CAPS installation’s Repository CD-ROM.
Install AS2 PM, using Java CAPS Installer. Figure 2–2 shows an example of this user interface.
Chapter 2 • Overview of AS2 PM 17 Installing AS2 PM
FIGURE 2–2 Java CAPS Installer Example Version Information
Note – See the Sun Java Composite Application Platform Installation Guide for details on how to obtain the README and documentation files for the suite.
This version of AS2 PM is compatible with Java CAPS version 5.1.2 (eGate and eInsight).
Configuring eGate Projects for Large Messages
If an eGate Project uses Sun SeeBeyond JMS (Java Messaging Service) IQ Manager and is estimated to process messages or transactions over 8 megabytes for Windows, or 16 megabytes for UNIX, you must increase the Segment Size property of JMS IQ Manager as explained in the eGate Integrator JMS Reference Guide.
18 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Installing AS2 PM
AfterYouInstall
Once AS2 PM is installed and configured, it must then operate in conjunction with aneGate Project before it can perform its intended functions. You must create these Projects specifically for AS2 PM, or you must import one or more AS2 PM Projects.
See the eXchange Integrator User’s Guide for detailed information on incorporating these types of Projects into eGate, as well as for more detailed information on PM installation. Also, see the eGate Integrator User’s Guide for information on eGate Projects and their architecture.
Also, see Chapter Chapter 6, “AS2 PM Sample Scenario Tutorial,” for detailed information on a sample business scenario with Projects already created, using eXchange and AS2 PM.
Database Scripts eXchange allows you to collect database information and persist data about your TPs and their operation. eXchange provides database scripts to create and upgrade this database feature for eXchange. For more information, see the eXchange Integrator User’s Guide.
Configuring Cryptographic Features
Your use of the AS2 protocol assumes you are also using its cryptographic features (encryption, decryption, signatures, and verifications). Additional configuration steps are required in setting up the eXchange Service to use these features. The eXchange Secure Messaging Extension With Keystore (SME/KS) feature enables protected transmission of messages over public domains by providing message encryption, decryption, digital signing, and signature verification.
Note – For more information on this feature, see Chapter 3, “Using SME/KS With AS2 PM.”
You must associate encryption information with each XDC eXchange Service. For complete information on setting up an eXchange Service with cryptographic features for protocol managers, see the eXchange Integrator User’s Guide.
Note – For specific examples of this operation, see the encryption setup used in thesample scenario explained in Chapter 6, “AS2 PM Sample Scenario Tutorial.”
The rest of this section describes and explains how to install necessary files that allow SME/KS to operate with your AS2 PM system.
Chapter 2 • Overview of AS2 PM 19 Installing AS2 PM
Java Cryptography Extension Framework The Java Cryptography Extension (JCE) framework includes the ability to enforce restrictions on the cryptographic algorithms and strengths. These restrictions are specified in jurisdiction policy files. These files are necessary to enable operation of SME/KS features.
Import control restrictions imposed by some governments require that the default jurisdiction policy files packaged with the Java Run-time Environment (JRE) specify that only strong but limited cryptography may be used. An unlimited strength policy file with no restrictions on cryptographic strength is available for most countries. However, only the strong but limited version can be readily imported into those countries where the governments restrict cryptography. In your JRE environment, the strong but limited default policy files are located as follows:
■
Where,
The JCE framework has been through the U.S. export review process and is certified for export. Consult with your export/import control authority to determine your policy requirements.
Installing Policy JAR Files for SME/KS Before you can implement security using SME/KS, you must replace the existing policy files. You will download different files based on the version of your JRE and your operating system. See Table 2–1 to determine which JRE is running on your logical hosts.
TABLE 2–1 JRE Versions Listed by Operating System
Operating System JRE URL
Solaris, Windows, Linux, HP-UX, 1.5.0 http://java.sun.com/j2se/1.5.0/download.html Tru64
AIX 1.4.1 http://java.sun.com/products/archive/j2se/1.4.1_07/index.html
To download the files, go to the appropriate URL for your operating system and followthe instructions under “To Download and Install the Policy Files” on page 21.
20 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Installing AS2 PM
Note – Some governments may allow certain applications to be exempt from cryptographic restrictions, that is, exempt applications may implement stronger encryption than nonexempt applications. For an application to be recognized as exempt at run time, it must meet the following criteria:
■ The application must have its policy file bundled with it ina .jar file. ■ The .jar file containing the application and the policy file must be signed usinga code-signing certificate issued after the application was designated exempt.
▼ To Download and Install the Policy Files
1 Open your browser.
2 Based on your operating system, do one of the following actions:
■ For Solaris, Windows, Linux, HP-UX, and Tru64 (JRE 1.5.0) , go to:
http://java.sun.com/j2se/1.5.0/download.html ■ For AIX (JRE 1.4.1) , go to:
http://java.sun.com/products/archive/j2se/1.4.1_07/index.html
3 For Solaris,Windows, Linux, HP-UX, orTru64, do the following operation:
a. On the JSE 1.5.0 web page, scroll down to Other Downloads.
b. Click Download for Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 and download jse_policy-1_5_0.zip (8.64 kilobytes, including two .jar files each somewhat less than 2500 bytes).
c. After downloading the archive file, extract the following .jar files:
■ local.policy.jar ■ US_export_policy.jar
d. For each of your Logical Hosts, replace the existing policy file in the following directory: Logical Host/jre/lib/security/
4 For AIX, do the following operation:
a. On the Archive-JavaTechnology Products Download page, scroll down to Other Downloads.
Chapter 2 • Overview of AS2 PM 21 Installing AS2 PM
b. Click the Download link for Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 1.4.1 and download jce_policy-1.4.1.zip (9.48 kilobytes, contains two files approximately 4300 bytes each).
c. After downloading the archive file, extract the following .jar files:
■ local.policy.jar ■ US_export_policy.jar
d. For each of your logical hosts, replace the existing policy files in the following directories:
■
Logical Host/jre/lib/security/
■
Logical Host/jre/1.4.1/security
22 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 CHAPTER3 3 Using SME/KSWith AS2 PM
This chapter provides a general overview of the eXchange SME/KS feature, as it operates with AS2 PM, including basic information, general operation, and setup.
This chapter covers the following topics:
■ “About SME/KS” on page 23 ■ “About Security Certificates” on page 24 ■ “About MIME Formatting” on page 24 ■ “About S/MIME Cryptography” on page 25 ■ “About SME/KS Processes” on page 26 ■ “Attached and Detached Digital Signatures” on page 29 ■ “Private Keys” on page 30 ■ “Certificate Formats” on page 30 ■ “About Keystores and Truststores” on page 39 ■ “Creating and Managing Private Keys” on page 40
About SME/KS The SME/KS feature enables the protected transmission of messages over public domains by providing message encryption, decryption, digital signing, and signature verification. SME/KS uses Public Key Infrastructure (PKI) technology to ensure the confidentiality of message exchanges by digitally signing and encrypting messages when they are sent, and decrypting and authenticating messages when they are received.
SME/KS encrypts and decrypts messages using the Secure Multipurpose Internet Mail Extensions (S/MIME0 messaging format. For more information on the S/MIME format, see “About S/MIME Cryptography” on page 25
Compression reduces the physical size of string and binary file formats using Java-based mathematical equations that scan and index repetitive patterns. Most files contain repetitive patterns. For example, in a color image, the number and placement of repetitive colors are
23 About Security Certificates
indexed. The information is indexed, which reduces the size of the file. When the file is decompressed, the index regenerates the patterns and reinflates the file to its original size.
SME/KS enables eGate to process events via S/MIME. SME/KS is interoperable with any other client application that supports S/MIME.
A SME/KS implementation adds the following security attributes to message transactions:
■ Encryption and decryption ■ Data compression and decompression ■ Transaction privacy ■ Message authentication ■ Sender authentication ■ Message nonrepudiation
About Security Certificates A security certificate (generally called a certificate) is an electronic document that establishes credentials for performing transactions over the Internet. In addition to a certificate, you must also have both private and public keys. A private key is an encryption/decryption key known only to you. A public key is a value provided by a certificate authority (CA). When a public keyis combined with a private key derived from the public key, it can be used to encrypt messages and digital signatures. For more information on acquiring a certificate, see “Certificate Formats” on page 30.
You must acquire your security components from a CA. A CA is a company that issues and manages security credentials and public keys for message encryption and decryption. For example, VeriSignTM is a leading CA. To acquire your certificate and keys, you order them from your designated CA.
About MIME Formatting Multipurpose Internet Mail Extension (MIME) is a specification for formatting non-ASCII message that enables the transfer and acceptance of files over the Internet. MIME-compliant messages can contain multiple data types, for example:
■ Text messages in US-ASCII format ■ Messages of unlimited length ■ Binary files ■ Character sets other than US-ASCII ■ Multimedia: image, audio, and video objects ■ Multiple, nested objects in a single message
24 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 About S/MIME Cryptography
MIME is a two-part message format with a header and a body. The header metadata provides the information for message transmission and interpretation. The body contains the bulk data. MIME messages can remain in binary format when transmitted over a protocol such as HTTP or FTP.
However, if a MIME message is sent by SMTP or another text-only protocol, is must be base64 encoded (base64 encoding is a text-based representation of binary data). For more information, see the Internet Engineering Task Force Text Messages specification (RFC 822) and the MIME Message Body Format (RFC 2045), at http://www.ietf.org.
Note – The S/MIME Version 3 specification (RFC 2623) is also found at the same URL.
About S/MIME Cryptography
The S/MIME format is the IETF RFC 2311 specification for encrypting and signing message data. This format creates one-way hash algorithms that ensure data integrity by verifying that no modifications are made to a message while in transit. The sender’s identity is validated using a digital signature. S/MIME is the encryption-supported version of the MIME protocol, based on Public Key Cryptography Standards (PKCS).
PKCS standards specify how RSA Data Security public-key cryptographic algorithms are used to implement enveloped encryption and digital signatures. The RSA public-key system uses two related keys to perform the mathematical algorithms that encrypt and decrypt data: a public key, which may be made available to any prospective correspondent, and a private key known only to the key’s owner, for example:
■ A public key can be published openly, allowing anyone to send secure messages that can only be decrypted by the owner of the private key. Public keys are stored as certificates that comply with the X.509 standard. In addition to the public key, a certificate also contains information about the key owner’s identity, the key’s validity, and the CA that issued the certificate. ■ Private key encryption can be decrypted with a corresponding public key. This encryption method creates a digital signature, which guarantees that the signed message is authentic and came from the originator.
Digital signatures provide data integrity, authentication and nonrepudiation of electronic documents. Digital signature verification ensures that:
■ The document received is identical to the document sent. ■ There is authentication of the identity of the sender. ■ No subsequent repudiation of the document by the originator occurs.
Chapter 3 • Using SME/KSWith AS2 PM 25 About SME/KS Processes
About SME/KS Processes
This section describes how v encrypts and decrypts message data, verifies digital signatures, and compresses and decompresses message files.
Key Pair Encryption
In key pair encryption, the sender's message is encrypted with the public key and signed by the sender. The signature is then encrypted with the sender’s private key. Upon receipt, the message is decrypted with recipient's private key. In the Keystore, the sender’s public certificate is used to validate the authenticity of the public key. The public certificate contains the sender’s name, institution, and email address, and is signed by a trusted CA. The certificate alias identifies the certificate in the Keystore. The recipient's private key alias and password is used toaccessthe private key from the Keystore and decrypt the message. See Figure 3–1.
26 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 About SME/KS Processes
FIGURE 3–1 Encryption Process
Note – Input parameters labeled with an asterisk (*) show the default values.
Signatures andVerification
Signature verification begins when a subscriber publishes a certificate to a CA. Published certificates contain the subscriber’s identity and public key, and are digitally signed bytheCA, which safeguards access to the subscriber’s private key. When a subscriber signs and sends a message, SME/KS converts the message to S/MIME format. The message now contains the
Chapter 3 • Using SME/KSWith AS2 PM 27 About SME/KS Processes
digital footprint of the subscribers private key. When the message is received, the public key validates the digital signature created by the private key. See Figure 3–2.
FIGURE 3–2 Verification Process
Note – Input parameters labeled with an asterisk (*) show the default values.
28 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Attached and Detached Digital Signatures
Compression and Decompression The compression process converts byte type files into PKCS#7 format using the zlib compression library. See Figure 3–3. For more information on the zlib compression library, visit the gzip product home page at http://www.gzip.org.
FIGURE 3–3 The Compression/Decompression Process Attached and Detached Digital Signatures Digital signatures are normally attached to the message. However, digital signatures can also be detached. A detached signature may be stored and transmitted separately from the message it signs. In an S/MIME message with a detached signature, the signature is calculated over on the entire payload data, in addition to its MIME headers. The default Content-Type for this MIME part is text plain. If signing a Content-Type other than text plain, you must generate a Content-Type header line for the payload. All other MIME headers and boundaries, including those for the detached signature part, are produced by SME/KS.
Attached Signatures The characteristics of attached digital signatures in PKCS#7 and S/MIME formats are:
■ PKCS#7: ■ Includes the document in plain text with digital signature. ■ Ensures that certificates are encoded in Abstract Syntax Notation One (ASN.1) format, where ASN.1 is an ISO/IEC standard for encoding rules used in ANSI X.509 certificates and PKCS documents.
Chapter 3 • Using SME/KSWith AS2 PM 29 Private Keys
■ S/MIME2: ■ Includes MIME headers and PKCS#7 with the signature attached.
Detached Signatures The characteristics of detached digital signatures in PKCS#7 and S/MIME formats are as follows:
■ PKCS#7: Includes the signature and certificate without the signed data. ■ RNIF1.1: Uses PKCS#7 and a detached format. ■ S/MIME2: May include a MIME multipart message consisting of the original data in one segment and a binary format signature or a base64-encoded signature in a second segment.
Private Keys AS2 requires that private keys be in PKCS#12 format. If a key has been generated through a browser-based process and appears among your personal certificates in Microsoft Internet Explorer, and you want to use it with AS2, you must export it to a PKCS#12 file.
Note – Remember the password you specify to encrypt the exported file. You will need it during theAS2 PM configuration process to allow decryption and use of the key.
Certificate Formats A public key certificate is an electronic message issued by a CA that matches the value ofthe public key to the identity of the person, device, or service that holds the corresponding private key.AS2 only accepts certificates in PKCS#7 format and DER-encoded binary X.509.
▼ To Create a Certificate File After you pay a fee, your certificate is transmitted to you as an email or file attachment. Then, you copy the contents from the CA certificate into a text file to create your own certificate file.
1 Open the certificate email or file.
2 Select the file contents between the header and trailer text.
30 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Certificate Formats
Note – Make sure you exclude the header and trailer.
3 Copy the contents of the certificate to the buffer.
4 Create a new text file.
5 Paste the certificate file contents into the empty file.
6 Save the file as machine name.cert. Where: machine name is the name of the computer that is hosting the SME/KS files.
Note – The .cert extension is arbitrary. Certificate and key files can have any extension, butthe extension you use should imply the contents of the file.
▼ To Convert CertificatesWith Internet Explorer Microsoft Internet Explorer provides a Certificate wizard tool to convert between formats. For more information, see “To Convert Certificates With Internet Explorer” on page 31.
1 Double-click the certificate file. The Certificate Information window appears. See Figure 3–4.
Chapter 3 • Using SME/KSWith AS2 PM 31 Certificate Formats
FIGURE 3–4 Certificate Information Window
2 Click the Details tab. See Figure 3–5.
32 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Certificate Formats
FIGURE 3–5 Certificate Details Tab
3 Click Copy to File. The Certificate Export wizard appears. See Figure 3–6.
FIGURE 3–6 Certificate Export Wizard
Chapter 3 • Using SME/KSWith AS2 PM 33 Certificate Formats
4 Click Next. The Export File Format window appears. See Figure 3–7
FIGURE 3–7 Export File Format Window
5 Click Next. The File to Export window appears. See Figure 3–8.
34 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Certificate Formats
FIGURE 3–8 File To Export Window
6 Browse to the certificate file name.
7 Select the certificate file and click Next. The certificate details are displayed in the window. See Figure 3–9.
FIGURE 3–9 Certificate Details
8 Click Finish to exit the wizard.
Chapter 3 • Using SME/KSWith AS2 PM 35 Certificate Formats
▼ To Use Internet ExplorerToTransfer Certificate Formats
1 From theTools menu, click Internet Options.
2 Click the Content tab and then click Certificates. The Certificates dialog box appears. See Figure 3–10.
FIGURE 3–10 Internet Explorer Certificates Dialog Box
3 Click Import. The Certificate Import wizard appears. See Figure 3–11.
36 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Certificate Formats
FIGURE 3–11 Certificate Import Wizard
4 Click Next. The File to Import window appears. See Figure 3–12.
FIGURE 3–12 File to Import Window
5 Browse to the certificate file you want to open. See Figure 3–13.
Chapter 3 • Using SME/KSWith AS2 PM 37 Certificate Formats
FIGURE 3–13 Certificate File To Open
6 Click Next. The Certificate Store window appears. See Figure 3–14.
FIGURE 3–14 Certificate Store Window
38 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 About Keystores andTruststores
7 Browse to the location where you want to store the certificate and click Next. Details of the completed certificate import appear. See Figure 3–15.
FIGURE 3–15 Completed Certificate Details
8 Click Finish to exit the wizard.
About Keystores andTruststores A Keystore is a special file type that holds the keys and certificates. A Keystore is a repository for sensitive cryptographic key information for self-authentication. Key entries are private keys accompanied by the certificate chain for the corresponding public key.
A Truststore holds public key certificates belonging to the message sender. Certificates heldin the Truststore are trusted certificates, that is, the Keystore owner trusts that the public keyinthe certificate belongs to the certificate owner.
At run time, one Keystore is created for each Java CAPS Environment. Several Truststores may exist to accommodate the different relationships between TPs. Java CAPS groups both Keystores and Truststores under the common name Keystore. However, both are regarded as separate entities.
Chapter 3 • Using SME/KSWith AS2 PM 39 Creating and Managing Private Keys
Creating and Managing Private Keys eGate Integrator provides manages Keystores in Environments. The following procedure assumes you already have an existing Environment to which you want to add a Keystore.
▼ To Create and Configure a Keystore
1 In Environment Explorer, right-click the Environment and chooseNew Keystore.
2 Provide a meaningful name for the new Keystore.
3 Open the Keystore's properties page and configure appropriately under Environment Configuration > Connection Settings. For an example, see “To Create and Configure the Keystore External System” on page91.
40 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 CHAPTER4 4 Configuring AS2 PM
This chapter explains how to configure eXchange Partner Manager (ePM) parameters foruse with AS2 PM and AS2.
This chapter covers the following topics:
■ “Configuring eXchange Partner Manager: Overview” on page41 ■ “Configuring B2B Hosts and TPs in ePM” on page 46 ■ “Configuring AS2 PM ePM Parameters” on page 47
Configuring eXchange Partner Manager: Overview
This chapter explains the configuration parameters required for AS2 PM Projects and their operation with AS2 and other Java CAPS applications. You can configure these parameter values for AS2 PM using the eXchange ePM user interface.
Note – For more information on how to do these operations in ePM, including default values for general eXchange parameters and how to override them, see the eXchange Integrator User’s Guide.
ePM, B2B Hosts, andTrading Partners
The ePM interface allows you to set up and configure AS2 PM parameters at B2B Host and Trading Partner (TP) configuration levels for the Projects in a business scenario. In ePM,B2B Hosts and TPs can be created from scratch or imported. These components derive their default parameter properties from the B2B Host you built in Enterprise Designer, which contains the default AS2 PM configuration parameters.
41 Configuring eXchange Partner Manager: Overview
eXchange ePM
The eXchange ePM interface allows you to set essential parameter properties for your AS2 PM eXchange Projects. This tool also allows you to configure the specific business and messaging functions you want implemented by your B2B Hosts and TPs.
Ensuring that you have configured the appropriate values in ePM allows the B2B Hosts andTPs you configure to operate completely integrated with eXchange, AS2 PM, and AS2 withinyour own B2B scenario.
For more information on B2B Hosts and TPs, see “Constructing the B2B Host Project” on page 95 and “Importing and Configuring Components in ePM” on page 100.
Using ePM: Overview The eXchange ePM contains configurable parameters for AS2 PM. These parameters allow you to set values that control eXchange communication with the AS2 B2B Host and TP business, delivery, and transport information used for sending and receiving B2B messages.
Categories of Configurable Properties
There are three categories of configurable parameter properties in ePM, as follows:
■ Business Protocol ■ Delivery Protocol ■ Transport
In general, the parameters under Business Protocols allow you to configure data payload-related operations within your business, if you are using a business protocol-type PM. Generally, parameters under Delivery Protocols determine data unrelated to message payloads (for example, security) if you are using a delivery protocol-type PM. Parameters under Transports are directly related to eXchange and remain the same regardless of which PM or type of PM you are using.
Note – See the eXchange Integrator User’s Guide for more information on configuring Business Protocol, Delivery Protocol, and Transport parameters.
Locate the current B2B Host or TP in ePM Explorer, by clicking the B2B Host Configuration or Trading Partner Configuration tab. The B2B Host acts as a top-level “parent” component that supplies all default parameter properties to the components under it, including the TP.These components include Action Groups and Transaction Profiles.
42 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring eXchange Partner Manager: Overview
Business Actions You define Business Actions within the B2B Host, as constructed in Enterprise Designer. Business Actions are already a part of the B2B Host in ePM when you begin configuration. The Business Action is the message type, either inbound or outbound, for example, 270 FromPartner.
Action Groups Under the B2B Host tab, you are allowed to create Action Groups. They function as “child” components that inherit default parameter properties from their “parent” B2B Host. An Action Group can contain one or more transactions called Transaction Profiles. By associating one or more Action Groups with a TP,you define the TP’s general operation.
Note – You cannot create an Action Group or Transaction Profile under the Trading Partner tab, only under the B2B Host tab.
Transaction Profiles Each Transaction Profile enables a specific messaging function and is associated withaB2B Host. For example, you are allowed to create Transaction Profiles at the B2B Host level (under the B2B Host Configuration tab in ePM), whose parameter values are inherited at the TPlevel (under the Trading Partner Configuration tab in ePM).
In terms of usage, for example, you might want to place all of your Transaction Profiles for purchase order requests and responses in one Action Group and give it a name that represents its function.
A Transaction Profile consists of a Business Protocol Action Group or Delivery Protocol Action Group, and a Transport. Therefore, a given Transaction Profile inherits parameter defaults and overrides from its “parent” Action Group components.
At the TP level, a B2B Host Transaction Profile may be used as a part of the configuration ofa TP component, that is, one of the TP’s Transaction Profiles. In these cases, the TP is said to “inherit” the configuration values (defaults and overrides) from the B2B Host Transaction Profile it is using.
Defaults and Overrides ePM allows you to override the default parameter properties at any component level except the top-level B2B Host. Overrides inherit from “parent” to “child” components. Default overrides cascade from B2B Hosts to TPs by way of Action Groups. You can also configure specific overrides for individual TPs.
Chapter 4 • Configuring AS2 PM 43 Configuring eXchange Partner Manager: Overview
Note – For information on Lookup parameters and how they operate in ePM, including how they are inherited and overridden, see the eXchange Integrator User’s Guide.
The current TP configuration inherits the current B2B Host configuration. Additionally, ePM allows you to override any inherited parameter values at this level or at any lower level in the TP, if necessary. See Figure 4–1.
For example, a TP’s Action Group overrides are inherited from the current B2B Host’s Action Groups.
Because Transaction Profiles are assigned to TPs (by way of Action Groups), any inherited parameter defaults and overrides may be additionally overridden at this level. This feature allows you to effectively “customize” a Transaction Profile for a specific TP.
Inheritance and Override Hierarchy
Figure 4–1 illustrates this ePM hierarchy of default override inheritance. Keep in mind that parameter categories only inherit from the same categories, for example, B2B Host Action Group Business Protocols from TP Action Group Business Protocols, and so on.
44 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring eXchange Partner Manager: Overview
FIGURE 4–1 ePM Override Inheritance Hierarchy Diagram It is recommended that you set your necessary configurations at the “highest” level possible, according to the hierarchy shown in Figure 4–1. For example at the B2B Host Business Protocol level or at the TP Business Protocol level. See the sample scenario ePM configuration for an example of these recommended configuration practices.
Chapter 4 • Configuring AS2 PM 45 Configuring B2B Hosts andTPs in ePM
Note – For more information parameter override inheritance in ePM, see the eXchange Integrator User’s Guide.
Configuring B2B Hosts andTPs in ePM Before you can use a TP,you must configure its associated parameters specifically for eXchange, AS2 PM, and your B2B operation, using ePM. Figure 4–2 shows an example of the ePM window as it first appears, with the B2B Host Configuration tab opened.
FIGURE 4–2 ePM Window The ePM window has the following major divisions:
■ ePM Explorer: Left pane ■ ePM Canvas: Right pane
Tabs in the ePM Canvas You configure your AS2 PM Projects under the following tabs inePM:
■ B2B Host Configuration ■ Trading Partner Configuration
Figure 4–2 shows these tabs in the ePM window. Under B2B Host Configuration in ePM Explorer, double-click the Repository name to open the Host Explorer tree. This tree graphic displays icons that allow you to configure properties of the B2B Host.
46 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring AS2 PM ePM Parameters
The following icons offer you sets of properties, according to the icon names, as listed inthe Host Explorer tree in ePM Explorer:
■ Business Protocols ■ Delivery Protocols ■ Transports ■ Transaction Profiles ■ Private keys ■ Contacts ■ Schedules
Configuration parameters for your AS2 PM Projects are located under the Business Protocols, Delivery Protocols, and Transports categories of properties. See “Categories of Configurable Properties” on page 42 for a description of these categories.
ParameterTypes
Each set of ePM parameters contains the following parameter types:
■ General eXchange parameters common to all PMs, for example, Transports ■ AS2 PM-specific parameters provided only by this PM ■ For Delivery Protocols, additional security-related parameters
Additional Information
This book contains a sample implementation scenario with specific ePM settings configured. Refer to this sample scenario for explanatory ePM implementation examples.
The rest of this chapter explains the available parameters specific to AS2 PM and security properties configuration, as well as how to set them.
Configuring AS2 PM ePM Parameters
This section lists the AS2 PM-specific parameter values in ePM and explains how to configure them.
Screen examples of how these parameters look in ePM appear under the following procedures:
■ “To Configure the Atlanta TP Parameters” on page 109 ■ “To Configure the Berlin TP Parameters” on page 117
Chapter 4 • Configuring AS2 PM 47 Configuring AS2 PM ePM Parameters
ToPartner and FromPartner Messaging Model
The following list explains the outbound and inbound messaging model used for Environments and TPs during ePM configuration:
■ When you are configuring ePM for a component related to the current TP’s Environment, you must take the viewpoint of that Environment. For example, Company A is the current TP with its own Environment. You are configuring a component related to Company A’s Environment envA. Therefore, in terms of the companies, ToPartner means from Company A (outbound from envA) and FromPartner, to Company A (inbound to envA). ■ Following the same model, when you are configuring ePM for a component related toa different TP’s Environment, you must take the viewpoint of that Environment. For example, Company B is a TP with an Environment outside of Company B. You are configuring a component related to Company B’s Environment envB. Therefore, in termsof the companies, ToPartner means from Company B (outbound from envB) and FromPartner, to Company B (inbound to envB). ■ Therefore, if TPs in the previous examples are named as follows: ■ tpB is Company A’s TP. ■ tpA is Company B’s TP. The following relationship holds true: ■ tpA is the TP for envB. ■ tpB is the TP for envA.
AS2 PM-Specific and Security ParameterTypes Configuring AS2 PM-specific and security parameters is described under:
■ “Message Attribute Definition Parameters” on page 49 ■ “Transport Attribute Definition Parameters” on page 57 ■ “Cryptography Settings” on page 58 ■ “Handler Type Settings” on page 60
For additional information on how to configure ePM parameters, see “Configuring AS2 PM ePM Parameters” on page 47, as well as the eXchange Integrator User’s Guide. The rest of this chapter explains the AS2 PM-specific and security parameters available in ePM.
Note – When ePM displays the parameters explained in this chapter, additional parameters appear, which are generic to eXchange. This chapter does not cover these parameters. See the eXchange Integrator User’s Guide for details on these additional settings.
48 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring AS2 PM ePM Parameters
Message Attribute Definition Parameters
This section explains how to configure Message Attribute Definition (MAD) ePM parameters for the current Transaction Profile. Find these parameters displayed in ePM in the ePM Canvas (right ePM window). This section explains these parameters in the order they appear in ePM. If text in parentheses after a description reads “optional,”it is not necessary for you to set this parameter.
■ “AS2_FROM” on page 49 ■ “AS2_HOST” on page 50 ■ “AS2_HTTP_FROM” on page 50 ■ “AS2_SUBJECT” on page 50 ■ “AS2_TO” on page 51 ■ “AS2_VERSION” on page 51 ■ “AS2_COMPRESSED_BEFORE_SIGNED” on page 51 ■ “AS2_MDN_SIGNATURE_REQ” on page 52 ■ “AS2_MDN_RESPONSE_TYPE” on page 52 ■ “AS2_MAX_RETRY_COUNT” on page 52 ■ “AS2_MDN_DELIVERY_URL”on page 53 ■ “AS2_MIC_DIGEST_ALGORITHM” on page 54 ■ “AS2_POSITIVE_MDN_DISPOSITION” on page 53 ■ “DISPOSITION_NOTIFICATION_TO” on page 53 ■ “AS2_MIC_ALGORITHM” on page 54 ■ “AS2_MIC_DIGEST_ALGORITHM” on page 54 ■ “AS2_PAYLOAD_TYPE” on page 55 ■ “AS2_REPORTING_UA”on page 55 ■ “AS2_RESEND_REQ” on page 55 ■ “AS2_MDN_REQ” on page 56 ■ “AS2_RETRY_TIMEOUT” on page 56 ■ “AS2 Signed Option” on page 56 ■ “AS2 Signed MIC Algorithm” on page 57
AS2_FROM
Description Allows you to enter the name of the FromPartner Delivery Transaction Profile, which the sending TP is using (required). The attribute name is AS2From.
RequiredValues A valid string indicating the name of the appropriate ToPartner Delivery Protocol
Chapter 4 • Configuring AS2 PM 49 Configuring AS2 PM ePM Parameters
Default None
AS2_HOST
Description Allows you to enter the name of the sender TP's host (required). The attribute name is AS2Host.
RequiredValues A valid string indicating the sender TP's host name
Default None
AS2_HTTP_FROM
Description Allows you to enter the name of the Transport, which the sending TP is using (required). The attribute name is AS2HTTPFrom.
RequiredValues A valid string indicating the name of the appropriate Transport
Default None
AS2_SUBJECT
Description Allows you to enter the AS2 subject of the sending TP's messages (required). The attribute name is AS2Subject.
RequiredValues A valid string indicating the AS2 subject of the sending TP's messages
50 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring AS2 PM ePM Parameters
Default None
AS2_TO
Description Allows you to enter the name of the ToPartner Delivery Transaction Profile, which the sending TP is using (required). The attribute name is AS2To.
RequiredValues A valid string indicating the name of the appropriate ToPartner Delivery Protocol
Default None
AS2_VERSION
Description Allows you to enter the current version of AS2 in use (required). The attribute name is AS2Version.
RequiredValues 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, or 1.9
Default None
AS2_COMPRESSED_BEFORE_SIGNED
Description Allows you to specify whether the TP must do a compression operation any outbound message is sent (required). If you set this parameter to true, compression is done before signing. The attribute name is CompressB4Signing.
RequiredValues true or false
Chapter 4 • Configuring AS2 PM 51 Configuring AS2 PM ePM Parameters
Default false
AS2_MDN_SIGNATURE_REQ
Description Allows you to specify whether the sending TP requires a signed MDN (required). The attribute name is IsSignedMDNRequired.
RequiredValues true or false
Default false
AS2_MDN_RESPONSE_TYPE
Description Allows you to specify whether the sending TP requires a synchronous or asynchronous MDN (required). The attribute name is IsSyncMDNRequired.
RequiredValues SYNC or ASYNC
Default ASYNC
AS2_MAX_RETRY_COUNT
Description If AS2_RESEND_REQ is set to true, allows you to specify the maximum number of times the system is to retry sending a message before timing out. You can choose to use this parameter or AS2_MAX_RETRY_TIMEOUT, which sets the time-out in terms of time. If you use AS2_MAX_RETRY_COUNT, allow AS2_MAX_RETRY_TIMEOUT to retain its default setting, false (optional).
52 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring AS2 PM ePM Parameters
RequiredValues true or false
Default false
AS2_MDN_DELIVERY_URL
Description Allows you to enter the destination URL where you want the MDN delivered.
RequiredValues A valid URL representing the specified MDN destination URL.
Default None
AS2_POSITIVE_MDN_DISPOSITION
Description Allows you to enter the name of the message that the TP sends with the MDN, for example, Positive Disposition Message (required). The attribute name is MDNDispositionMessage.
RequiredValues The appropriate valid string that represents the message name
Default None
DISPOSITION_NOTIFICATION_TO
Description Allows you to enter the email address where you want the system to send a notification of the MDN's disposition.
Chapter 4 • Configuring AS2 PM 53 Configuring AS2 PM ePM Parameters
Note – The DISPOSITION_NOTIFICATION_TO email address can be any one you select.
RequiredValues A valid email address where an MDN disposition message can be sent.
Default None
AS2_MIC_ALGORITHM
Description Allows you to enter the name of the algorithm used to check the message integrity (required). The parameter calculates the MIC value of the payload, inbound and outbound, allowing correct message correlations. The attribute name is MICAlgorithm.
RequiredValues sha1
Default sha1
AS2_MIC_DIGEST_ALGORITHM
Description Allows you to enter the name of the algorithm used to calculate the digest value in signing (required). The attribute name is MICDigestAlgorithm.
RequiredValues sha1 or MD5
Default sha1
54 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring AS2 PM ePM Parameters
AS2_PAYLOAD_TYPE
Description Allows you to identify the payload type, that is, what type of message the TP is sending (required). The attribute name is PayloadType.
RequiredValues X12, EDIFACT, EDI-X12, XML, or Others
Default X12
AS2_REPORTING_UA
Description Allows you to enter a value representing the reporting user for the message disposition notification (MDN) (required). The attribute name is ReportingUA.
RequiredValues The appropriate valid string that represents the MDN's reporting user.
Default None
AS2_RESEND_REQ
Description Allows you to specify whether you want to require the system to resend messages (required).
RequiredValues true or false
Default false
Chapter 4 • Configuring AS2 PM 55 Configuring AS2 PM ePM Parameters
AS2_MDN_REQ
Description Allows you to enter a value that is used to identify whether the sender TP requires an MDN (required). The attribute name is RequireMDN.
RequiredValues true or false
Default false
AS2_RETRY_TIMEOUT
Description If AS2_RESEND_REQ is set to true, allows you to specify the maximum amount of time the system is to wait while retrying to send a message, before timing out, in milliseconds. You can choose to use this parameter or AS2_MAX_RETRY_COUNT, which sets the time-out in terms of the number of retries. If you use AS2_MAX_RETRY_TIMEOUT, allow AS2_MAX_RETRY_COUNT to retain its default setting, false (optional).
RequiredValues true or false
Default false
AS2 Signed Option
Description Allows you specify a special type of certificate signing you require (optional).
RequiredValues A valid certificate signature type.
Default None
56 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring AS2 PM ePM Parameters
AS2 Signed MIC Algorithm
Description Allows you to specify a MIC algorithm for certificate signing (optional).
RequiredValues A valid MIC algorithm.
Default None
Transport Attribute Definition Parameters This section explains how to configure Transport Attribute Definition (TAD) ePM parameters for the current Transaction Profile. Find these parameters displayed in ePM in the ePM Canvas (right ePM window). This section explains these parameters in the order they appear in ePM. If text in parentheses after a description reads “optional,”it is not necessary for you to set this parameter.
■ “End URL”on page 57 ■ “HTTPHeader Value” on page 58 ■ “HTTPHeader Name” on page 58
End URL
Description Allows you to enter the servlet's URL, that is, where the TP must post the message (required). The attribute name is EndURL.
Entries for End URL use the syntax shown in the following example: http://localhost:18001/dp1_servlet_AS2HttpServlet/AS2HttpServlet
RequiredValues A valid string indicating the servlet's URL
Default None
Chapter 4 • Configuring AS2 PM 57 Configuring AS2 PM ePM Parameters
HTTPHeaderValue
Description Allows you to enter the value of the current HTTP header (optional). The attribute name is HTTPHeader_Value.
RequiredValues A valid string indicating the value
Default None
HTTPHeader Name
Description Allows you to enter the name of the current HTTP header (optional). The attribute name is HTTPHeader_Name.
RequiredValues A valid string indicating the name
Default None
Cryptography Settings These parameters allow you to enter values for settings that control the current Transaction Profile's general cryptographic features. ■ “Business Protocol Signing Key” on page 58 ■ “Delivery Protocol Signing Key” on page 59 ■ “Business Protocol Encryption Certificate” on page 59 ■ “Delivery Protocol Encryption Certificate” on page 59 ■ “Encryption Protocol” on page 60
Business Protocol Signing Key
Description Allows you to specify the name of the business protocol signing key (optional).
58 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring AS2 PM ePM Parameters
RequiredValues Name of the signing key.
Default None
Delivery Protocol Signing Key
Description Allows you to specify the name of the delivery protocol signing key (optional).
RequiredValues Name of the signing key.
Default None
Business Protocol Encryption Certificate
Description Allows you to specify the name of the protocol encryption certificate (optional).
RequiredValues Name of the certificate.
Default None
Delivery Protocol Encryption Certificate
Description Allows you to specify the name of the protocol encryption certificate (optional).
RequiredValues The name of the certificate.
Chapter 4 • Configuring AS2 PM 59 Configuring AS2 PM ePM Parameters
Default None
Encryption Protocol
Description Allows you to specify the name of the encryption protocol (optional).
RequiredValues The name of the protocol.
Default None
HandlerType Settings These parameters allow you to enter values for settings that control the current Transaction Profile's encryption, signing, and compression handlers.
■ “Decryption Handler” on page 60 ■ “Signature Validation Handler” on page 61 ■ “Decompression Handler” on page 61
Decryption Handler
Description Allows you to choose the location of the appropriate decryption handler, from the pull-down menu.
RequiredValues A valid decryption handler location.
Default None
60 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Configuring AS2 PM ePM Parameters
SignatureValidation Handler
Description Allows you to choose the location of the appropriate signature validation handler, from the pull-down menu.
RequiredValues A valid signature validation handler location.
Default None
Decompression Handler
Description Allows you to choose the location of the appropriate decompression handler, from the pull-down menu.
RequiredValues A valid decompression handler location.
Default None
Chapter 4 • Configuring AS2 PM 61 62 CHAPTER5 5 Quick Start for AS2 PM
AS2 PM comes with a sample implementation scenario that includes Projects, B2B Hosts, TPs, and data files. This chapter provides basic overview and “quick-start” procedures. Usethis chapter as a AS2 PM setup overview and/or a quick way to get started, using the sample scenario.
This chapter covers the following topics:
■ “Using the Quick Start Procedures” on page 63 ■ “Atlanta and Berlin: Sample Business Scenario” on page 65 ■ “Constructing the Environments: Summary” on page 69 ■ “Using Deployment Profiles” on page 70 ■ “Importing Files for ePM” on page 72 ■ “Running the Sample Scenario” on page 73
Using the Quick Start Procedures This chapter provides an overview of the AS2 PM sample implementation scenario and basic procedures that describe how to import the necessary files, then efficiently set up, run,and monitor the business scenario. The remainder of this section explains the purpose and content of this chapter in greater detail.
Quick Start,Tutorial, or Both? The AS2 PM product includes a complete sample scenario, included in the AS2_Manager_UG.sar file, that allows you to see the end results without having to go through all the design steps.
If you import and set up this sample scenario, as described in this chapter, you can see run-time results quickly without having to read detailed instructions.
63 Using the Quick Start Procedures
The information in Chapter 6, “AS2 PM Sample Scenario Tutorial,” on the other hand, provides a detailed hands-on guide to creating all the sample components, including some procedures that are not specific to AS2 PM. This chapter gives detailed, instructional procedures andmore specific examples.
Table 5–1 compares the purposes and tasks of the two approaches.
TABLE 5–1 Comparing Quick Start and Tutorial
Approach Purpose Tasks
Quick Start This “load and go” method provides the Import the sample Projects, create the quickest route to seeing AS2 PM in action Deployment Profiles and build/deploy the with eXchange. Projects, view initial results, run the sample scenario, experiment with passing and monitoring message data.
Tutorial This “up-close and detailed” method Create the necessary Environments and provides complete steps for creating, Projects, add and configure all components to configuring, and monitoring the working be used (for example, OTDs, AS2 PM AS2 PM sample scenario provided in components, BPs, and Connectivity Maps), Enterprise Designer. build/deploy the Projects, view initial results, experiment with passing and monitoring message data.
If you use both the quick-start and tutorial approaches, do the procedures contained in this chapter first. In this way, you can use this chapter as a general guide and reference to gain essential background knowledge, before you begin working with the tutorial in Chapter 6, “AS2 PM Sample Scenario Tutorial.”
Overview of Basic Setup Steps
The following sections in this chapter describe the basic steps, after installation, for setting up, running, and monitoring the sample scenario provided in this chapter:
■ “Beginning Operations” on page 67 ■ “Constructing the Environments: Summary” on page 69 ■ “Using Deployment Profiles” on page 70 ■ “Importing Files for ePM” on page 72
It is recommended that you do the setup operations described in the previous list, in the order given. For more extensive information on how to use eXchange, see the eXchange Integrator User’s Guide.
64 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Atlanta and Berlin: Sample Business Scenario
Atlanta and Berlin: Sample Business Scenario
The sample AS2 PM implementation scenario demonstrates inbound and outbound message processing between the following parties:
■ Atlanta Company ■ Berlin Company
In the sample scenario, each company has an eXchange installation, and the two companies trade data. The scenario also demonstrates AS2 in conjunction with SME/KS to illustrate cryptographic features.
Sample Scenario Business Description
This sample scenario and its Projects demonstrate the configuration of eXchange to support AS2. The scenario involves the AS2 PM and two TPs, an Atlanta company and a Berlin company. The current viewpoint is assumed to be Atlanta. The resulting B2B solution functions as follows: 1. In Atlanta, the data payload is read from a local (internal) file. 2. The payload message is wrapped in anAS2 envelope and sent to the Berlin TP. 3. Berlin replies with an acknowledgement message (an MDN).
You can change the sample’s scenario to reverse the companies’ sender and receiver roles, if you want (see Chapter 6, “AS2 PM Sample Scenario Tutorial,” for more details). See “Using Message Tracking” on page 124 for details on this feature.
Figure 5–1 shows a diagram of the AS2 PM sample scenario’s basic operation.
Chapter 5 • Quick Start for AS2 PM 65 Atlanta and Berlin: Sample Business Scenario
FIGURE 5–1 Sample Scenario Diagram For a more detailed diagram, see Figure 6–1.
Sample Scenario Project Folders
The sample scenario is installed with the AS2 PM product and contains Projects, available upon first use of Enterprise Designer. Enterprise Designer’s Project Explorer makes these components available.
The sample scenario is contained in the following Project folders under eXchange, in Project Explorer:
■ B2BHosts ■ Deployment ■ ePMImport ■ Error ■ GUI ■ Samples > AS2
For a list of files used by these Projects, see “Exporting Sample Files” on page 68.
You must create the Environments to be used by the sample scenario. See the eGate Integrator User's Guide for details on how to create and set up Environments in eGate. This chapter provides a summary of this operation under “Constructing the Environments: Summary” on page 69.
66 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Beginning Operations
Note – For more detailed information on creating the Environments to be used by the sample scenario, see “Constructing the Environments” on page 85.
Beginning Operations This section explains basic information you need to begin using the sample implementation scenario.
Note – See the eXchange User’s Guide for more information on the subject matter covered by this section.
Before Starting Enterprise Designer Before you start using Enterprise Designer, ensure you have completed the following tasks:
■ Make sure you have completed all necessary phases of the product installation. ■ Make sure your LDAP and Oracle systems are installed, configured, and operating correctly. ■ Your Repository must be running. ■ You must have two Logical Host domains installed and running, one for Atlanta (dmnA) and one for Berlin (dmnB). ■ Using Enterprise Manager (port 15000), you must add two Integration Servers for the domains, dmnA on 18000 for Atlanta and dmnB on 28000 for Berlin (Host Name: localhost, User Name: Administrator, Password: STC). ■ Also for dmnA, add a user with the following parameters: ■ username: userA ■ password: userA ■ Group List: PartnerManager, MessageTracking ■ For dmnB, add a user with the following parameters: ■ username: userB ■ password: userB ■ Group List: PartnerManager, MessageTracking
Note – If your Repository already has a Project at the root level whose name is identical to any of the Projects you are importing, you must delete or rename such Projects before you start.
Chapter 5 • Quick Start for AS2 PM 67 Beginning Operations
After you have completed the tasks in the previous list, you must then log in to Enterprise Designer.
Exporting Sample Files Files are supplied with the sample scenario, which support the general operation of the sample. These files are for the transport of data and ePM operation. You must export these filesusing Project Explorer in Enterprise Designer.
Note – For a list of the sample scenario’s Projects, see “Sample Scenario Project Folders” on page 66.
These files are: ■ Data ■ ePM
Exporting Data Files The data files are:
■ For Atlanta under eXchange > Samples > AS2 > RecvFromInt > Files: ■ InputAS2.xml.~in ■ X12-Payload.edi.
It is recommended that you set up an export folder structure to contain these files, for example:
C:\temp\eXchange\Sample\AS2\Data\Atlanta
Exporting ePM Files The ePM export files are located in Project Explorer under eXchange, as follows:
■ ePMImport > AS2 > Hosts > envA_AS2.exp and envB_AS2.exp ■ ePMImport > AS2 > SecurityKeys > CompanyA-Cert.der and CompanyA-Key.p12 ■ ePMImport > AS2 > TP_Profiles > envA_AS2_TP_Berlin.exp and envB_AS2_TP_Atlanta.exp
The Atlanta ePM file are:
■ envA_AS2.exp: For the B2B Host. ■ CompanyA-Key.p12: For SME/KS (used by B2B Host). ■ envA_AS2_TP_Berlin.exp: For the Berlin TP.
The Berlin ePM files are:
68 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Constructing the Environments: Summary
■ envB_AS2.exp: For the B2B Host. ■ CompanyA-Cert.der For SME/KS (used by TP). ■ envB_AS2_TP_Atlanta.exp: For the Atlanta TP.
It is recommended that you set up an export folder structure to contain these files, for example:
C:\temp\eXchange\Sample\AS2\TP_Profiles or B2B Hosts or SecurityKeys
Editing the Sample XML File An .xml data file is supplied with the sample scenario, for Atlanta, which reference path locations enclosed between the XML tags:
The file you need to edit is:
■ For Atlanta: InputAS2.xml.~in
The previous section lists the locations of where to find these files, if you have not already exported them. If you need information on exactly how to edit these files, see “Editing the Sample Data XML File” on page 83.
If you have already run the sample and you want to experiment with other differences from the sample (such as using a payload data file with a different file name, or using a TP with a different name), be sure these differences are also reflected in these files, as necessary.
Constructing the Environments: Summary This section contains Enterprise Designer procedures for constructing the required Environments for the sample scenario. Make sure that properties you configure under these procedures match your system’s configuration, including system configurations you must check before you start (see “Beginning Operations” on page 67).
BeforeYou Begin
■ Make sure you have completed all the operations, as explained under “Before Starting Enterprise Designer” on page 67.
You must create these two Environments:
■ For Atlanta: envA ■ For Berlin: envB
Chapter 5 • Quick Start for AS2 PM 69 Using Deployment Profiles
Creating External Systems Create, construct, and if necessary, configure the following external systems for envA and envB: ■ esOracle ■ esBLF ■ esHTTP ■ esHTTPserver ■ esFileA (for Atlanta) and esFileB (for Berlin) ■ esLDAP ■ esB2BService ■ esKeystore
Configuring External Systems Using their Properties dialog boxes, configure the following external systems for envA, as necessary for your setup: ■ Oracle ■ LDAP
Make sure to configure the File eWays, as necessary for your system: ■ esFileA ■ esFileB
Using their Properties dialog boxes, configure the following additional components, as necessary for your setup: ■ B2B Configuration Service ■ JMS settings ■ Sun SeeBeyond Integration Server ■ Keystore
For additional information on these and additional necessary setup operations, see “Setting up the Environments” on page 86.
Using Deployment Profiles This section describes how to build and deploy the Projects’ Deployment Profiles in the AS2 PM sample scenario. Building a Deployment Profile creates the application .ear file for the Project. After creating this file, you must deploy it for all Deployment Profiles except the B2B Host.
For more information on these operations, see “Constructing the Projects and Their Deployment Profiles” on page 95.
70 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Using Deployment Profiles
Locating the Projects On the Project Explorer tree, you may open the sample scenario’s Project folders to display their components.
Note – Make sure you have all of the Projects, as listed under “Sample Scenario Project Folders” on page 66.
Deploying the Deployment Profiles This section provides a procedure that describes how to construct and deploy the sample scenario’s Project Deployment Profiles.
▼ To Construct and Deploy the Deployment Profiles This procedure explains generally how to construct and deploy the Deployment Profiles for the sample scenario.
1 Open the Project you want to work with, using Project Explorer.
2 Create and name one or more Deployment Profiles for each Project. See Table 6–1 for a list of the Projects and Deployment Profiles you must create for the sample scenario, including the their names and a general description of each.
3 Automap and deploy each Deployment Profile, except that you do not deploy the Deployment Profiles for the Host Project.
Note – Make sure the B2B Host's build operation creates two instances of the eXchange Service for each TP (Atlanta and Berlin), an instance for the Deployment Profile and one for the Environment.
4 Note carefully the message you receive after each deployment operation to verify that the current Project has been successfully deployed.
5 Make sure you click Save All after you are finished with each individual operation.
Chapter 5 • Quick Start for AS2 PM 71 Importing Files for ePM
Importing Files for ePM
This section describes ePM procedures for importing the sample scenario files supplied for the B2B Hosts, TPs, and security keys.
Note – For a general description of the outbound and inbound messaging ToPartner and FromPartner model used by ePM, see “ToPartner and FromPartner Messaging Model” on page 48.
If you need more detailed procedures for any of the operations described under this section, see “Importing and Configuring Components in ePM” on page 100.
Note – If you want, you can create the B2B Hosts and TPs from scratch, using the sample scenario B2B Hosts and TPs as models. For more details, see the eXchange Integrator User’s Guide.
Running the ePM Interface
The eXchange Integrator User's Guide contains detailed information on how to run the ePM user interface.
Note – “Running ePM” on page 101 provides a summary of this operation.
Importing B2B Hosts
Your next step is importing the following B2B Host files:
■ envA_AS2.exp: For Atlanta ■ envB_AS2.exp: For Berlin.
Importing Security Files
Next, you must import the following security certificate and key files for the Atlanta B2B Host:
■ CompanyA-Cert.der ■ CompanyA-Key.p12
72 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Running the Sample Scenario
ImportingTrading Partners
Next, you must import the following TPs for the B2B Hosts:
■ envA_AS2_TP_Berlin.exp: For the Berlin TP (envA for Atlanta) ■ envB_AS2_TP_Atlanta.exp: For the Atlanta TP (envB for Berlin)
Running the Sample Scenario
This section explains how to run the sample scenario and transport data between the two TPs in the scenario, Atlanta and Berlin.
▼ ToTransport Data Between theTPs This procedure explains how initiate and verify the transport of data between the two TPs. The eXchange Message Tracking feature allows you to verify the success of the data transport operation.
Note – See the eXchange Integrator User's Guide for details on using the File Export, ePM, and Message Tracking features.
1 Make sure you have used the Enterprise Designer Project Explorer to export the data files to a location accessible to eGate and eXchange. For more information, see “Exporting Sample Files” on page 68.
2 Make sure that ePM is running.
3 Locate the folder on the machine running the domains, where you have stored the data to be transported, for example: C:\temp\eXchange\Sample\AS2\Data
4 To start the message transport operation, rename the .xml.~in data file. In the AS2\Data\Atlanta\ folder, rename InputAS2.xml.~in to InputAS2.xml.in. This file points to the payload data file X12_Payload.edi.
5 Check MessageTracking and make sure you view the transported messages, in theView Message pane, on the Message tab.
Chapter 5 • Quick Start for AS2 PM 73 Running the Sample Scenario
6 Verify that you are able to view the previous messages in MessageTracking by clicking Open next to“Original Message”and“ACK Message.” Make sure you have exchanged several messages before using Message Tracking. If you are able to view any outbound message from Atlanta (Original Message) and MDNs from Berlin (ACK Message), the sample scenario is running correctly and the data transport operation is successful.
Monitoring Messages The Message Tracking feature and its user interface allow you to monitor ongoing message transport activity.
Note – See “Using Message Tracking” on page 124 for information on how to access and this tool and use it with the sample scenario. Figure 6–17 shows an illustration of the Message Tracking user interface.
74 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 CHAPTER6 6 AS2 PM Sample ScenarioTutorial
This chapter provides a basic AS2 PM tutorial, explaining how to create and implement a sample scenario, as well as how you can use eXchange to achieve B2B solutions using the AS2 PM protocol.
This chapter covers the following topics: ■ “Using This Tutorial” on page 75 ■ “Preconfiguration for Atlanta and Berlin Environments” on page78 ■ “Editing the Sample Data XML File” on page 83 ■ “Constructing the Environments” on page 85 ■ “Constructing the Projects and Their Deployment Profiles” on page 95 ■ “Importing and Configuring Components in ePM” on page 100
UsingThisTutorial This chapter provides a tutorial for the AS2 PM sample implementation scenario and detailed procedures that describe how to construct, run, and monitor the sample, which employs the Atlanta and Berlin Companies described in Chapter 5, “Quick Start for AS2 PM.”
Quick Start andTutorial Approaches See “Using the Quick Start Procedures” on page 63 for detailed instructions on how to use the quick-start and tutorial approaches to implementing the sample scenario. In summary, the instructions are: ■ You can use Chapter 5, “Quick Start for AS2 PM,” for a quick, general overview of the basic setup steps needed to import, set up, run, and monitor the sample AS2 PM eXchange Projects. ■ You can use this chapter as a step-by-step, more detailed tutorial approach to the same sample implementation.
75 UsingThisTutorial
Note – Many of the procedures in this chapter must be done for both the Atlanta and Berlin companies. Unless otherwise stated, procedures are given once, with dual branching where procedures for the two Environments differ. It is recommended that you use agiven procedure to create the Atlanta component (for example, the Environment) first, then use the procedures again for Berlin, with the appropriate substitutions.
Introduction to the Sample Scenario
To implement the sample scenario, you need to set up the sample Projects, their Environments, and components using the eGate Enterprise Designer with eInsight and eXchange. See the major heading overviews in Chapter 5, “Quick Start for AS2 PM,” for a general summary explanation of how to implement the sampleAS2 PM scenario.
“Atlanta and Berlin: Sample Business Scenario” on page 65 contains a description of the sample scenario and how it operates, including the eXchange solutions provided for the business problems contained in the sample.
For more information solving business problems using eXchange with eInsight and eGate, including additional details on implementation, see the eXchange Integrator User’s Guide, eInsight Business Process Manager User’s Guide, and eGate Integrator User’s Guide.
Operational Diagram
Figure 6–1 shows an operational diagram of the sample scenario.
76 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 UsingThisTutorial
FIGURE 6–1 Sample Scenario Operation Server Configurations
The sample assumes you use default configurations for all servers, where possible, and thatyou make any changes in Enterprise Designer, where needed, for example:
■ Oracle: You must create a new outbound Oracle external system instance for each Environment and configure it for your system, even if you imported the sample Environments. Sample parameters are for reference only. Any Oracle database used by eXchange must be accessible to eGate, and you must know its Oracle SID, user name, and password. Create and configure the eXchange database using the Oracle510.zip file. For more information see the Oracle eWay Adapter User’s Guide, for eWay settings and Integration Server configuration
Chapter 6 • AS2 PM Sample ScenarioTutorial 77 Preconfiguration for Atlanta and Berlin Environments
■ LDAP: You must create a new outbound LDAP external system instance for each Environment and configure it for your system, even if you imported the sample Environments. Sample parameters are for reference only. Any LDAP application used by eXchange must be accessible to eGate. For more information see the LDAP eWay Adapter User’s Guide, for eWay settings and Integration Server configuration ■ HTTPS: For information on how to configure your HTTP server or client to use SSL, seethe HTTP(S) eWay Adapter User’s Guide, for eWay settings and Integration Server configuration.
Preconfiguration for Atlanta and Berlin Environments
This section explains the preconfiguration operations you must perform for the Atlanta and Berlin Environments.
Creating and Starting the Domains
This section explains how to create and start the Logical Host domains for the Atlanta and Berlin Environments.
Note – See the eGate Integrator User’s Guide for more information on eGate Logical Hosts, domains, and the Domain Manager feature.
▼ To Create the Atlanta Domain
● Create a new domain (under the \logicalhost directory, that is, the current Logical Host) by running the following script: C:\ ... logicalhost\createdomain --dname dmnA This script creates the domain name dmnA and retains the default ports 1800x.
▼ To Start the Atlanta Domain
● With the Repository running, start (if not already started) the newly created domain as follows: C:\ ... logicalhost\start_dmnA.bat
Note – Starting the first domain can require approximately 7 minutes.
78 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Preconfiguration for Atlanta and Berlin Environments
▼ To Create the Berlin Domain
● Create another new domain by running the following script: C:\ ... logicalhost\createdomain --dname dmnB --startingport 28000 This script creates the domain name dmnB and designates the default ports 2800x.
▼ To Start the Berlin Domain
● With the Repository running, start (if not already started) the newly created domain as follows: C:\ ... logicalhost\start_dmnB.bat Use the eGate Domain Manager interface to make sure the new domains are started and running.
Adding a New User to ePM and MessageTracking
You must add two new ePM users via the eGate Integration Server Security Gateway, one for Atlanta and one for Berlin. Doing this operation means using the set of procedures in this section twice, with appropriate changes.
▼ To Add a New User to the ePM and MessageTracking Groups
1 With the Repository running, start a new browser session and point it at the following URL: http://localhost:18000 For Berlin, use:
http://localhost:28000
2 Log in to Integration Server Security Gateway using the user name and password: Administrator and STC.
3 In the Integration Server Administration window, click the User Management tab. See Figure 6–2.
Chapter 6 • AS2 PM Sample ScenarioTutorial 79 Preconfiguration for Atlanta and Berlin Environments
FIGURE 6–2 Integration Server Administration Window
4 In the User Management tab, click Add New User and supply the required values, for example:
■ User Name: userA (Atlanta), userB (Berlin) ■ Password: userA (Atlanta), userB (Berlin) ■ Confirm Password: userA (Atlanta), userB (Berlin) ■ Group List: PartnerManager,MessageTracking This step provides the following user privileges:
■ The PartnerManager role allows the specified user to log in to and use ePM. ■ The MessageTracking role allows the specified user to use the Message Tracking Web client. In this example, both roles are granted to a newly created user named userA. If you prefer, you can set up several users that have one privilege or the other, or both. Or, instead of creating new users, you can confer PartnerManager and/or MessageTracking privileges upon an existing user, such as Administrator.
5 When you are finished, click Submit.
6 Log out of Integration Server Administration and close the window.
80 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Preconfiguration for Atlanta and Berlin Environments
7 Repeat these procedures for Berlin, using the appropriate changes.
Adding the Application Server Instances
You must add two new instances of the Application Server using the eGate Enterprise Manager, one for Atlanta and one for Berlin. Doing this operation means using the set of procedures in this section twice, with appropriate changes.
▼ To AddTwo New Application Server Instances
1 With the Repository running, install Enterprise Manager by running the following script: C:\ ... \emanager\install.bat
2 In the Installation wizard, follow the prompts and accept the license agreement and default port (15000).
3 After the installation is complete, start Enterprise Manager server by running the following script: C:\ ... \emanager\startserver.bat
4 Start a new browser session and point it at the following URL: http://localhost:15000
5 Log in to Enterprise Manager using the user name and password: Administrator and STC.
6 Click J2EE then, in the Manage Servers tab, add a new Application Server for Atlanta using the following settings:
■ Server Type: Sun SeeBeyond Integration Server ■ Host Name: localhost ■ Administration Port: 18000 ■ User Name: Administrator ■ Password: STC For an example of the window, see Figure 6–3.
Chapter 6 • AS2 PM Sample ScenarioTutorial 81 Preconfiguration for Atlanta and Berlin Environments
FIGURE 6–3 Enterprise Manager Window
7 Click Connect to Server.
8 Use these same procedures to add another Application Server instance for Berlin, entering 28000 for the HTTP Administration Port.
9 Save your changes and exit the window.
Initializing and Running Enterprise Designer This section describes operations it is recommended that you perform upon, and directly after, initializing and running Enterprise Designer.
Note – Using Enterprise Designer, you must make sure to increase the eDesigner_heap_size property to 1024. For more information, see the eXchange Integrator User’s Guide.
▼ To Initialize and Run Enterprise Designer
1 With the Repository running, start Enterprise Designer by running the following script: C:\ ... \edesigner\bin\runed.bat
2 In the installation wizard, accept the license agreement.
3 Log in to Enterprise Designer using the user name and password: Administrator and STC.
82 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Editing the Sample Data XML File
4 On theTools menu, click Update Center.
5 In the Update Center wizard, follow the steps to check for updates, and to add all available updates and new modules.
6 When you are done, restart Enterprise Designer (referred to as IDE in the user interface).
Note – For more information, see the eGate Integrator User’s Guide.
Final Result You have now finished preparing eGate, Integration Server Security Gateway, and Enterprise Manager to run the sample scenario.
Editing the Sample Data XML File An .xml data file is supplied with the sample scenario, which reference a path location forthe payload data file. You must first export this file using Enterprise Designer’s Project Explorer. Then, edit the file to reflect the path location where you actually export the sample scenariofiles.
Note – For a list of the sample scenario’s files, see “Exporting Sample Files” on page 68.
▼ To Export the Sample Data Files
1 Locate the export file for the Atlanta sample data in Enterprise Designer’s Project Explorer under eXchange > Samples > AS2 > RecvFromInt > Files This file is InputAS2.xml.~in.
2 Export this file to a folder on your C drive. It is recommended that you set up a folder structure to contain these files, under C:\temp, for example: C:\temp\eXchange\Sample\AS2\Data\Atlanta
▼ To Edit the Atlanta Data File You must make sure that the InputAS2.xml.~in data file is updated to reflect the appropriate Atlanta data path location. Use a text editor to do this operation.
1 Make sure you have exported the sample data file.
Chapter 6 • AS2 PM Sample ScenarioTutorial 83 Editing the Sample Data XML File
2 Use the Enterprise Designer’s Export feature to export the sample data files to a specified location, for example: cd C:\temp\eXchange\Sample\AS2\Data\Atlanta
3 Change directories to the subdirectory of the location where you exported the sample data files.
4 Use a text editor open the following file: InputAS2.xml.~in You see text that resembles the following code:
■
5 If necessary, under 129 Index ePM, brief overview (Continued) J hierarchy of inheritance and overrides, 44 Java CAPS README file, 17 parameters and properties, 42 ePM, using Action Groups and Transaction Profiles, 106 configuration, general operation, 107 K exporting ePM files, 101 Keystore, 39 getting started, 100 Keystore, new, 40 importing B2B Hosts, 103, 106 importing TPs, 103 Interchange Envelope parameters, 108 L running ePM, 101 LDAP,configuring, 78 using configuration parameters, 108 ePM files, importing, brief overview, 72 ePM parameters, see "parameters, ePM", 100 exporting sample files, 68 M external systems, configuring, brief overview, 70 Message Attribute Definition (MAD) parameters, ePM, 49 message structure, AS2, 12 F Message Tracking, using accessing Message Tracking, 124 Format, IETF RFC 2311, 25 before beginning, 124 Message Tracking window, 125 messages, configuring eGate for large, 18 G Messaging Service, 15 gzip, 29 MIME, 24-25 introduction, 24-25 MIME message body format, 25 H handler type settings parameters, ePM, 60 N new Keystore, 40 non-ASCII, 24 I importing ePM files, brief overview, 72 installation after, 19 O before, 17 operation summary intended audience, 7 ePM Internet Engineering Task Force, 25 cryptographic features, 19 Oracle eWay, configuring, 77 130 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007 Index P setting up sample Environments (Continued) parameters, ePM, 47 B2B Configurator Service, creating and PKCS#7, 29, 30 configuring, 90, 91 private key, 26 creating basic components, 86 Project, see "setting up sample Projects",95 File eWays, creating and configuring, 91 public certificate, 26 final result, 94 LDAP system, creating and configuring, 90 Oracle system, creating and configuring, 88 when finished, 93 Q setting up sample Projects quick start or tutorial?, 63 B2B Host, 95 quick start procedures, using, 63 deploying additional Deployment Profiles, 99 deploying Deployment Profiles, 98 eXchange Deployment Project, 97 summary list, 99 R setup steps, basic overview, 64 README file, 18 SME RSA Data Security, 25 introduction, 23-24 running the sample scenario, 73 updating policy .jar files for, 65 SMTP (email), 25 solving business problems, references, 76 structure of an AS2 message, 12 S Sun Java Composite Application Platform Suite (Java S/MIME, 25, 29 CAPS), 7 sample data files, editing, 69 sample files, exporting, 68 sample scenario, operational diagram, 76 T sample scenario implementations, introduction, 76 sample scenario overview TP,Environments, 48 TP configuration, overview, 41 before you start, 67 Transport Attribute Definition (TAD) parameters, business description, 65 ePM, 57 getting started, 67 Truststore, 39 introduction, 65 tutorial, using, 75 Projects, 66 screen captures, 8 Secure Messaging Extension, introduction, 23-24 Secure Messaging Extension (SME), updating policy .jar U files for, 65 US-ASCII, 24 server configurations, 77 using Environment Explorer, 85 setting up Environments, creating basic components, 86 setting up sample Environments additional external systems, creating and X configuring, 92 X.509, 30 131 Index X.509 standard, 25 132 Sun B2B Suite AS2 Protocol Manager User's Guide • December 2007