openas2 / openas2app Goto Github PK

Hi,
I couldn't build this project:

When I try Maven build it shows me:

[INFO] Scanning for projects...
[ERROR] [ERROR] Some problems were encountered while processing the POMs:
[FATAL] Non-resolvable parent POM for org.openas2:openas2-server:2.2.1: Failure to find org.openas2:OpenAS2:pom:2.2.0 in https://repo.maven.apache.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced and 'parent.relativePath' points at wrong local POM @ line 3, column 10
@
[ERROR] The build could not read 1 project -> [Help 1]
[ERROR]
[ERROR] The project org.openas2:openas2-server:2.2.1 (C:\ClientStaff\Oban\OpenAS2Server-2.2.1\pom.xml) has 1 error
[ERROR] Non-resolvable parent POM for org.openas2:openas2-server:2.2.1: Failure to find org.openas2:OpenAS2:pom:2.2.0 in https://repo.maven.apache.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced and 'parent.relativePath' points at wrong local POM @ line 3, column 10 -> [Help 2]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException
[ERROR] [Help 2] http://cwiki.apache.org/confluence/display/MAVEN/UnresolvableModelException

Instead, it seems to use db_pwd. As a consequence, installing on Fedora and starting the server lets the world connect to 9092 and issue DB commands - even create files named ../anydir/anyname.mv.db as openas2 user.

One solution for me as a packager is to create the database at first startup (no existing db) with the password in config.xml - and exiting with an error if it is the factory password.

Provide ability to have the validity of the configured certificates checked periodically.
The check should have a warning feature that can send an email or other notification to facilitate early exchange a new certificate with the AS2 partner before the validity expires.

Implementation:

1. if the certificate is still valid for 30 days, an info/warning will be displayed in the log.
2. if the certificate has expired, an error will be displayed in the log.
3. provide an email mechanism to notify when certicate is expiring or has expired
4. enabled and configurable in config.xml

Possibly incorporate issue #98 into this development.

Hi All,

For consistency reasons I would like to propose to format code without any changes in terms of functionality or behavior.

What do you think?

Any ideas, suggestions, comments are welcome.

@uhurusurfa @igwtech

Getting issues sending messages on version 2.10 with error: org.openas2.cert.KeyNotFoundException: Certificate: []
certificate is in the keystore and matches the alias in the partnerships x509_alias.

Inbound messages are fine, just outbound.

2019-11-05 13:54:41.935 FINE DirectoryPollingModule: processing /home/simon/edi_store/as2/mcrcode/outbox/test.2
2019-11-05 13:54:42.177 FINE MessageBuilderModule: File assigned to message: test.2 [<OPENAS2-05112019135441+0000-42273dd1-a0e7-4798-ada7-ee9dec8b7e1c@mcrcode.as2.prd_edihub.online.as2.prd>]
2019-11-05 13:54:42.178 FINE AS2SenderModule: message sender invoked [<OPENAS2-05112019135441+0000-42273dd1-a0e7-4798-ada7-ee9dec8b7e1c@mcrcode.as2.prd_edihub.online.as2.prd>]
2019-11-05 13:54:42.296 ERROR AS2SenderModule: Certificate: [
[
Version: V3
Subject: C=None, ST=None, L=None, OU=None, O=None, CN=Simon Inman
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 4096 bits
modulus: 681828796248977367929906591617239887194163734716679855681949540394842788987835714053100898928158590299117747736354875182080760844904300292280696320438532182923908084002405157630245480438179055509496936106576072026758011775044017634639371728481167899157228055179279274542490941424988315319123605053307511587624291056777592254375160193740696166501206650075714081492944651181813520732227315299784558230318764215615858228931240232702026706990988287172837881622765693323630559046761549912109233948765493687707860900367997168966162150307790732898837342237093954490538820624221276300709402034197834476104614985233706286342200019703541502477018347340826194232781949312024806322582954326499845873605856770232794586291316074749262700336601865357798158620983615396499858406450358024601802914179527230647923229970737868426746815623025769205710681828688690513887086019468867539808305257325287894843387502917599376644660845203503019631027104997395092573411614084236932983130405358892831389285248416605572609638580449422534422729589532872128490280080353098047478167781148152332740716179240753183658191194310964018137600741063615015117416663095564356874482862456403111281146771395454151756091163307331256534476951328411334509797202112810724306926081
public exponent: 65537
Validity: [From: Sun Oct 06 10:45:28 UTC 2019,
To: Fri Nov 02 10:45:28 UTC 2029]
Issuer: C=None, ST=None, L=None, OU=None, O=None, CN=Simon Inman
SerialNumber: [ 016e3b2b 5dc3]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
anyExtendedKeyUsage
]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
Key_CertSign
Crl_Sign
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C6 95 6A E4 48 9C CB D9 47 D4 CA B3 0B A9 89 F4 ..j.H...G.......
0010: F4 A3 E4 97 ....
]
]

]
Algorithm: [SHA256withRSA]
Signature:
0000: 47 A3 CA EE EC 10 68 17 B1 77 B2 C4 14 0B 27 62 G.....h..w....'b
0010: 08 8B E6 32 4D 65 BF 70 4F C8 57 73 AD 67 90 E4 ...2Me.pO.Ws.g..
0020: F2 FF 72 22 1B CE 22 32 41 6D 6E C7 9A D0 96 D7 ..r".."2Amn.....
0030: 17 68 76 28 8A E8 4C 32 96 60 BD F7 5B 2D 4A F0 .hv(..L2...[-J. 0040: 2B 09 0C 9A 56 A0 9C 1A 3D 94 56 90 E8 9C AF B1 +...V...=.V..... 0050: 99 8E B4 2E 5A 4B 49 78 AA 72 CB 73 91 77 E3 91 ....ZKIx.r.s.w.. 0060: 6C 6A 00 91 DB B8 CB 22 49 CE A2 80 6A 5E 45 52 lj....."I...j^ER 0070: 6E 67 DF F8 C7 77 3E 0D B1 0F 23 D4 CD 5A 09 10 ng...w>...#..Z.. 0080: 99 AE B4 A6 16 63 7C 27 2D 3C 6A 0B E3 A2 A8 F8 .....c.'-<j..... 0090: 24 8C 79 E8 59 BA 46 10 E8 DC 70 37 94 44 92 50 $.y.Y.F...p7.D.P 00A0: 51 C4 61 42 40 B3 7C BA F6 68 B6 32 EF 47 E6 7F [email protected].. 00B0: C5 86 CB D2 10 F7 BE 27 C8 3B 57 53 DB D1 44 28 .......'.;WS..D( 00C0: 34 6B 27 0B 91 08 2D 70 9E C8 A3 C3 E3 A0 7C 7B 4k'...-p........ 00D0: 16 4E 45 AE 20 FA 6D 5B C6 67 90 9F EF C5 CE BC .NE. .m[.g...... 00E0: 82 A8 86 63 A3 6E C9 17 0C 2F 3E B1 FD 51 60 0B ...c.n.../>..Q.
00F0: DA A9 BE E0 90 1B C9 A1 2B BD 19 84 BF 41 D7 7D ........+....A..
0100: 58 8C E6 57 99 E2 97 A4 86 AD 56 AA 30 D0 EC 3A X..W......V.0..:
0110: 82 9B C1 09 CF 6E FE 4B CA D0 44 65 8A CA 0A F7 .....n.K..De....
0120: AD 1A 6A 30 72 0A 5B BA 9D 34 53 86 97 8B 33 63 ..j0r.[..4S...3c
0130: 29 DA AA EE AF AB 33 85 33 5C 41 71 AD A1 55 47 ).....3.3\Aq..UG
0140: C7 71 13 E5 25 C9 B8 C5 F4 26 11 D2 71 DF A0 44 .q..%....&..q..D
0150: C7 80 26 08 2F 9B A8 93 0E FD 4E CA 48 5B B3 95 ..&./.....N.H[..
0160: 3D F5 AA 70 6A F8 7C 4B 6B 93 D1 F3 5F 41 0C ED =..pj..Kk...A..
0170: 35 DF 2A 8E 39 B5 D1 A7 F5 22 38 F5 2B C2 9D CD 5.*.9...."8.+...
0180: BC 0E C5 46 37 39 30 E5 67 50 80 26 5F D3 FB A3 ...F790.gP.&...
0190: 40 58 0B 2E EE 93 2A 66 D3 86 77 06 A7 5B 49 3F @x....f..w..[I?
01A0: C6 44 17 20 AA 77 08 25 4F 31 D0 B3 76 E0 4D 14 .D. .w.%O1..v.M.
01B0: 4A 68 9E D6 6F 6D CE 40 4E 22 2E 2A 85 2C 83 FA Jh..om.@n"..,..
01C0: D0 6A 50 BA 71 36 73 6E 31 43 FC 61 21 82 9B 8A .jP.q6sn1C.a!...
01D0: F6 65 46 9E 36 5E 28 5B 47 39 B8 39 8B B0 15 D6 .eF.6^([G9.9....
01E0: 02 D0 83 08 85 41 19 41 68 20 C3 E7 52 BD 7E ED .....A.Ah ..R...
01F0: 37 06 F3 A3 57 57 24 01 02 3A E6 1C B2 9F 00 40 7...WW$..:.....@

], Alias: -- key null from getKey(mcrcode) call [<OPENAS2-05112019135441+0000-42273dd1-a0e7-4798-ada7-ee9dec8b7e1c@mcrcode.as2.prd_edihub.online.as2.prd>]
org.openas2.cert.KeyNotFoundException: Certificate: [
[
Version: V3
Subject: C=None, ST=None, L=None, OU=None, O=None, CN=Simon Inman
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 4096 bits
modulus: 681828796248977367929906591617239887194163734716679855681949540394842788987835714053100898928158590299117747736354875182080760844904300292280696320438532182923908084002405157630245480438179055509496936106576072026758011775044017634639371728481167899157228055179279274542490941424988315319123605053307511587624291056777592254375160193740696166501206650075714081492944651181813520732227315299784558230318764215615858228931240232702026706990988287172837881622765693323630559046761549912109233948765493687707860900367997168966162150307790732898837342237093954490538820624221276300709402034197834476104614985233706286342200019703541502477018347340826194232781949312024806322582954326499845873605856770232794586291316074749262700336601865357798158620983615396499858406450358024601802914179527230647923229970737868426746815623025769205710681828688690513887086019468867539808305257325287894843387502917599376644660845203503019631027104997395092573411614084236932983130405358892831389285248416605572609638580449422534422729589532872128490280080353098047478167781148152332740716179240753183658191194310964018137600741063615015117416663095564356874482862456403111281146771395454151756091163307331256534476951328411334509797202112810724306926081
public exponent: 65537
Validity: [From: Sun Oct 06 10:45:28 UTC 2019,
To: Fri Nov 02 10:45:28 UTC 2029]
Issuer: C=None, ST=None, L=None, OU=None, O=None, CN=Simon Inman
SerialNumber: [ 016e3b2b 5dc3]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
anyExtendedKeyUsage
]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
Key_CertSign
Crl_Sign
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C6 95 6A E4 48 9C CB D9 47 D4 CA B3 0B A9 89 F4 ..j.H...G.......
0010: F4 A3 E4 97 ....
]
]

]
Algorithm: [SHA256withRSA]
Signature:
0000: 47 A3 CA EE EC 10 68 17 B1 77 B2 C4 14 0B 27 62 G.....h..w....'b
0010: 08 8B E6 32 4D 65 BF 70 4F C8 57 73 AD 67 90 E4 ...2Me.pO.Ws.g..
0020: F2 FF 72 22 1B CE 22 32 41 6D 6E C7 9A D0 96 D7 ..r".."2Amn.....
0030: 17 68 76 28 8A E8 4C 32 96 60 BD F7 5B 2D 4A F0 .hv(..L2...[-J. 0040: 2B 09 0C 9A 56 A0 9C 1A 3D 94 56 90 E8 9C AF B1 +...V...=.V..... 0050: 99 8E B4 2E 5A 4B 49 78 AA 72 CB 73 91 77 E3 91 ....ZKIx.r.s.w.. 0060: 6C 6A 00 91 DB B8 CB 22 49 CE A2 80 6A 5E 45 52 lj....."I...j^ER 0070: 6E 67 DF F8 C7 77 3E 0D B1 0F 23 D4 CD 5A 09 10 ng...w>...#..Z.. 0080: 99 AE B4 A6 16 63 7C 27 2D 3C 6A 0B E3 A2 A8 F8 .....c.'-<j..... 0090: 24 8C 79 E8 59 BA 46 10 E8 DC 70 37 94 44 92 50 $.y.Y.F...p7.D.P 00A0: 51 C4 61 42 40 B3 7C BA F6 68 B6 32 EF 47 E6 7F [email protected].. 00B0: C5 86 CB D2 10 F7 BE 27 C8 3B 57 53 DB D1 44 28 .......'.;WS..D( 00C0: 34 6B 27 0B 91 08 2D 70 9E C8 A3 C3 E3 A0 7C 7B 4k'...-p........ 00D0: 16 4E 45 AE 20 FA 6D 5B C6 67 90 9F EF C5 CE BC .NE. .m[.g...... 00E0: 82 A8 86 63 A3 6E C9 17 0C 2F 3E B1 FD 51 60 0B ...c.n.../>..Q.
00F0: DA A9 BE E0 90 1B C9 A1 2B BD 19 84 BF 41 D7 7D ........+....A..
0100: 58 8C E6 57 99 E2 97 A4 86 AD 56 AA 30 D0 EC 3A X..W......V.0..:
0110: 82 9B C1 09 CF 6E FE 4B CA D0 44 65 8A CA 0A F7 .....n.K..De....
0120: AD 1A 6A 30 72 0A 5B BA 9D 34 53 86 97 8B 33 63 ..j0r.[..4S...3c
0130: 29 DA AA EE AF AB 33 85 33 5C 41 71 AD A1 55 47 ).....3.3\Aq..UG
0140: C7 71 13 E5 25 C9 B8 C5 F4 26 11 D2 71 DF A0 44 .q..%....&..q..D
0150: C7 80 26 08 2F 9B A8 93 0E FD 4E CA 48 5B B3 95 ..&./.....N.H[..
0160: 3D F5 AA 70 6A F8 7C 4B 6B 93 D1 F3 5F 41 0C ED =..pj..Kk...A..
0170: 35 DF 2A 8E 39 B5 D1 A7 F5 22 38 F5 2B C2 9D CD 5.*.9...."8.+...
0180: BC 0E C5 46 37 39 30 E5 67 50 80 26 5F D3 FB A3 ...F790.gP.&...
0190: 40 58 0B 2E EE 93 2A 66 D3 86 77 06 A7 5B 49 3F @x....f..w..[I?
01A0: C6 44 17 20 AA 77 08 25 4F 31 D0 B3 76 E0 4D 14 .D. .w.%O1..v.M.
01B0: 4A 68 9E D6 6F 6D CE 40 4E 22 2E 2A 85 2C 83 FA Jh..om.@n"..,..
01C0: D0 6A 50 BA 71 36 73 6E 31 43 FC 61 21 82 9B 8A .jP.q6sn1C.a!...
01D0: F6 65 46 9E 36 5E 28 5B 47 39 B8 39 8B B0 15 D6 .eF.6^([G9.9....
01E0: 02 D0 83 08 85 41 19 41 68 20 C3 E7 52 BD 7E ED .....A.Ah ..R...
01F0: 37 06 F3 A3 57 57 24 01 02 3A E6 1C B2 9F 00 40 7...WW$..:.....@

], Alias: -- key null from getKey(mcrcode) call
at org.openas2.cert.PKCS12CertificateFactory.getPrivateKey(PKCS12CertificateFactory.java:187)
at org.openas2.cert.PKCS12CertificateFactory.getPrivateKey(PKCS12CertificateFactory.java:199)
at org.openas2.processor.sender.AS2SenderModule.secure(AS2SenderModule.java:350)
at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:89)
at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
at org.openas2.processor.receiver.MessageBuilderModule.processDocument(MessageBuilderModule.java:182)
at org.openas2.processor.receiver.DirectoryPollingModule.processFile(DirectoryPollingModule.java:196)
at org.openas2.processor.receiver.DirectoryPollingModule.updateTracking(DirectoryPollingModule.java:170)
at org.openas2.processor.receiver.DirectoryPollingModule.poll(DirectoryPollingModule.java:81)
at org.openas2.processor.receiver.PollingModule$PollTask.run(PollingModule.java:62)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)

2019-11-05 13:54:42.492 ERROR OpenAS2Exception: Error occurred:: null
Sources: {}
org.openas2.processor.ProcessorException: null
at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:70)
at org.openas2.processor.receiver.MessageBuilderModule.processDocument(MessageBuilderModule.java:182)
at org.openas2.processor.receiver.DirectoryPollingModule.processFile(DirectoryPollingModule.java:196)
at org.openas2.processor.receiver.DirectoryPollingModule.updateTracking(DirectoryPollingModule.java:170)
at org.openas2.processor.receiver.DirectoryPollingModule.poll(DirectoryPollingModule.java:81)
at org.openas2.processor.receiver.PollingModule$PollTask.run(PollingModule.java:62)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)

2019-11-05 13:54:42.493 ERROR MessageBuilderModule: Fatal error sending message: null
org.openas2.OpenAS2Exception: Error setting up message for sending.
at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:101)
at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
at org.openas2.processor.receiver.MessageBuilderModule.processDocument(MessageBuilderModule.java:182)
at org.openas2.processor.receiver.DirectoryPollingModule.processFile(DirectoryPollingModule.java:196)
at org.openas2.processor.receiver.DirectoryPollingModule.updateTracking(DirectoryPollingModule.java:170)
at org.openas2.processor.receiver.DirectoryPollingModule.poll(DirectoryPollingModule.java:81)
at org.openas2.processor.receiver.PollingModule$PollTask.run(PollingModule.java:62)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: org.openas2.cert.KeyNotFoundException: Certificate: [
[
Version: V3
Subject: C=None, ST=None, L=None, OU=None, O=None, CN=Simon Inman
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 4096 bits
modulus: 681828796248977367929906591617239887194163734716679855681949540394842788987835714053100898928158590299117747736354875182080760844904300292280696320438532182923908084002405157630245480438179055509496936106576072026758011775044017634639371728481167899157228055179279274542490941424988315319123605053307511587624291056777592254375160193740696166501206650075714081492944651181813520732227315299784558230318764215615858228931240232702026706990988287172837881622765693323630559046761549912109233948765493687707860900367997168966162150307790732898837342237093954490538820624221276300709402034197834476104614985233706286342200019703541502477018347340826194232781949312024806322582954326499845873605856770232794586291316074749262700336601865357798158620983615396499858406450358024601802914179527230647923229970737868426746815623025769205710681828688690513887086019468867539808305257325287894843387502917599376644660845203503019631027104997395092573411614084236932983130405358892831389285248416605572609638580449422534422729589532872128490280080353098047478167781148152332740716179240753183658191194310964018137600741063615015117416663095564356874482862456403111281146771395454151756091163307331256534476951328411334509797202112810724306926081
public exponent: 65537
Validity: [From: Sun Oct 06 10:45:28 UTC 2019,
To: Fri Nov 02 10:45:28 UTC 2029]
Issuer: C=None, ST=None, L=None, OU=None, O=None, CN=Simon Inman
SerialNumber: [ 016e3b2b 5dc3]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
anyExtendedKeyUsage
]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
Key_CertSign
Crl_Sign
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C6 95 6A E4 48 9C CB D9 47 D4 CA B3 0B A9 89 F4 ..j.H...G.......
0010: F4 A3 E4 97 ....
]
]

]
Algorithm: [SHA256withRSA]
Signature:
0000: 47 A3 CA EE EC 10 68 17 B1 77 B2 C4 14 0B 27 62 G.....h..w....'b
0010: 08 8B E6 32 4D 65 BF 70 4F C8 57 73 AD 67 90 E4 ...2Me.pO.Ws.g..
0020: F2 FF 72 22 1B CE 22 32 41 6D 6E C7 9A D0 96 D7 ..r".."2Amn.....
0030: 17 68 76 28 8A E8 4C 32 96 60 BD F7 5B 2D 4A F0 .hv(..L2...[-J. 0040: 2B 09 0C 9A 56 A0 9C 1A 3D 94 56 90 E8 9C AF B1 +...V...=.V..... 0050: 99 8E B4 2E 5A 4B 49 78 AA 72 CB 73 91 77 E3 91 ....ZKIx.r.s.w.. 0060: 6C 6A 00 91 DB B8 CB 22 49 CE A2 80 6A 5E 45 52 lj....."I...j^ER 0070: 6E 67 DF F8 C7 77 3E 0D B1 0F 23 D4 CD 5A 09 10 ng...w>...#..Z.. 0080: 99 AE B4 A6 16 63 7C 27 2D 3C 6A 0B E3 A2 A8 F8 .....c.'-<j..... 0090: 24 8C 79 E8 59 BA 46 10 E8 DC 70 37 94 44 92 50 $.y.Y.F...p7.D.P 00A0: 51 C4 61 42 40 B3 7C BA F6 68 B6 32 EF 47 E6 7F [email protected].. 00B0: C5 86 CB D2 10 F7 BE 27 C8 3B 57 53 DB D1 44 28 .......'.;WS..D( 00C0: 34 6B 27 0B 91 08 2D 70 9E C8 A3 C3 E3 A0 7C 7B 4k'...-p........ 00D0: 16 4E 45 AE 20 FA 6D 5B C6 67 90 9F EF C5 CE BC .NE. .m[.g...... 00E0: 82 A8 86 63 A3 6E C9 17 0C 2F 3E B1 FD 51 60 0B ...c.n.../>..Q.
00F0: DA A9 BE E0 90 1B C9 A1 2B BD 19 84 BF 41 D7 7D ........+....A..
0100: 58 8C E6 57 99 E2 97 A4 86 AD 56 AA 30 D0 EC 3A X..W......V.0..:
0110: 82 9B C1 09 CF 6E FE 4B CA D0 44 65 8A CA 0A F7 .....n.K..De....
0120: AD 1A 6A 30 72 0A 5B BA 9D 34 53 86 97 8B 33 63 ..j0r.[..4S...3c
0130: 29 DA AA EE AF AB 33 85 33 5C 41 71 AD A1 55 47 ).....3.3\Aq..UG
0140: C7 71 13 E5 25 C9 B8 C5 F4 26 11 D2 71 DF A0 44 .q..%....&..q..D
0150: C7 80 26 08 2F 9B A8 93 0E FD 4E CA 48 5B B3 95 ..&./.....N.H[..
0160: 3D F5 AA 70 6A F8 7C 4B 6B 93 D1 F3 5F 41 0C ED =..pj..Kk...A..
0170: 35 DF 2A 8E 39 B5 D1 A7 F5 22 38 F5 2B C2 9D CD 5.*.9...."8.+...
0180: BC 0E C5 46 37 39 30 E5 67 50 80 26 5F D3 FB A3 ...F790.gP.&...
0190: 40 58 0B 2E EE 93 2A 66 D3 86 77 06 A7 5B 49 3F @x....f..w..[I?
01A0: C6 44 17 20 AA 77 08 25 4F 31 D0 B3 76 E0 4D 14 .D. .w.%O1..v.M.
01B0: 4A 68 9E D6 6F 6D CE 40 4E 22 2E 2A 85 2C 83 FA Jh..om.@n"..,..
01C0: D0 6A 50 BA 71 36 73 6E 31 43 FC 61 21 82 9B 8A .jP.q6sn1C.a!...
01D0: F6 65 46 9E 36 5E 28 5B 47 39 B8 39 8B B0 15 D6 .eF.6^([G9.9....
01E0: 02 D0 83 08 85 41 19 41 68 20 C3 E7 52 BD 7E ED .....A.Ah ..R...
01F0: 37 06 F3 A3 57 57 24 01 02 3A E6 1C B2 9F 00 40 7...WW$..:.....@

], Alias: -- key null from getKey(mcrcode) call
at org.openas2.cert.PKCS12CertificateFactory.getPrivateKey(PKCS12CertificateFactory.java:187)
at org.openas2.cert.PKCS12CertificateFactory.getPrivateKey(PKCS12CertificateFactory.java:199)
at org.openas2.processor.sender.AS2SenderModule.secure(AS2SenderModule.java:350)
at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:89)
... 8 more
[<OPENAS2-05112019135441+0000-42273dd1-a0e7-4798-ada7-ee9dec8b7e1c@mcrcode.as2.prd_edihub.online.as2.prd>]
org.openas2.processor.ProcessorException: null
org.openas2.OpenAS2Exception: Error setting up message for sending.
at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:101)
at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
at org.openas2.processor.receiver.MessageBuilderModule.processDocument(MessageBuilderModule.java:182)
at org.openas2.processor.receiver.DirectoryPollingModule.processFile(DirectoryPollingModule.java:196)
at org.openas2.processor.receiver.DirectoryPollingModule.updateTracking(DirectoryPollingModule.java:170)
at org.openas2.processor.receiver.DirectoryPollingModule.poll(DirectoryPollingModule.java:81)
at org.openas2.processor.receiver.PollingModule$PollTask.run(PollingModule.java:62)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: org.openas2.cert.KeyNotFoundException: Certificate: [
[
Version: V3
Subject: C=None, ST=None, L=None, OU=None, O=None, CN=Simon Inman
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 4096 bits
modulus: 681828796248977367929906591617239887194163734716679855681949540394842788987835714053100898928158590299117747736354875182080760844904300292280696320438532182923908084002405157630245480438179055509496936106576072026758011775044017634639371728481167899157228055179279274542490941424988315319123605053307511587624291056777592254375160193740696166501206650075714081492944651181813520732227315299784558230318764215615858228931240232702026706990988287172837881622765693323630559046761549912109233948765493687707860900367997168966162150307790732898837342237093954490538820624221276300709402034197834476104614985233706286342200019703541502477018347340826194232781949312024806322582954326499845873605856770232794586291316074749262700336601865357798158620983615396499858406450358024601802914179527230647923229970737868426746815623025769205710681828688690513887086019468867539808305257325287894843387502917599376644660845203503019631027104997395092573411614084236932983130405358892831389285248416605572609638580449422534422729589532872128490280080353098047478167781148152332740716179240753183658191194310964018137600741063615015117416663095564356874482862456403111281146771395454151756091163307331256534476951328411334509797202112810724306926081
public exponent: 65537
Validity: [From: Sun Oct 06 10:45:28 UTC 2019,
To: Fri Nov 02 10:45:28 UTC 2029]
Issuer: C=None, ST=None, L=None, OU=None, O=None, CN=Simon Inman
SerialNumber: [ 016e3b2b 5dc3]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
anyExtendedKeyUsage
]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
Key_CertSign
Crl_Sign
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C6 95 6A E4 48 9C CB D9 47 D4 CA B3 0B A9 89 F4 ..j.H...G.......
0010: F4 A3 E4 97 ....
]
]

]
Algorithm: [SHA256withRSA]
Signature:
0000: 47 A3 CA EE EC 10 68 17 B1 77 B2 C4 14 0B 27 62 G.....h..w....'b
0010: 08 8B E6 32 4D 65 BF 70 4F C8 57 73 AD 67 90 E4 ...2Me.pO.Ws.g..
0020: F2 FF 72 22 1B CE 22 32 41 6D 6E C7 9A D0 96 D7 ..r".."2Amn.....
0030: 17 68 76 28 8A E8 4C 32 96 60 BD F7 5B 2D 4A F0 .hv(..L2...[-J. 0040: 2B 09 0C 9A 56 A0 9C 1A 3D 94 56 90 E8 9C AF B1 +...V...=.V..... 0050: 99 8E B4 2E 5A 4B 49 78 AA 72 CB 73 91 77 E3 91 ....ZKIx.r.s.w.. 0060: 6C 6A 00 91 DB B8 CB 22 49 CE A2 80 6A 5E 45 52 lj....."I...j^ER 0070: 6E 67 DF F8 C7 77 3E 0D B1 0F 23 D4 CD 5A 09 10 ng...w>...#..Z.. 0080: 99 AE B4 A6 16 63 7C 27 2D 3C 6A 0B E3 A2 A8 F8 .....c.'-<j..... 0090: 24 8C 79 E8 59 BA 46 10 E8 DC 70 37 94 44 92 50 $.y.Y.F...p7.D.P 00A0: 51 C4 61 42 40 B3 7C BA F6 68 B6 32 EF 47 E6 7F [email protected].. 00B0: C5 86 CB D2 10 F7 BE 27 C8 3B 57 53 DB D1 44 28 .......'.;WS..D( 00C0: 34 6B 27 0B 91 08 2D 70 9E C8 A3 C3 E3 A0 7C 7B 4k'...-p........ 00D0: 16 4E 45 AE 20 FA 6D 5B C6 67 90 9F EF C5 CE BC .NE. .m[.g...... 00E0: 82 A8 86 63 A3 6E C9 17 0C 2F 3E B1 FD 51 60 0B ...c.n.../>..Q.
00F0: DA A9 BE E0 90 1B C9 A1 2B BD 19 84 BF 41 D7 7D ........+....A..
0100: 58 8C E6 57 99 E2 97 A4 86 AD 56 AA 30 D0 EC 3A X..W......V.0..:
0110: 82 9B C1 09 CF 6E FE 4B CA D0 44 65 8A CA 0A F7 .....n.K..De....
0120: AD 1A 6A 30 72 0A 5B BA 9D 34 53 86 97 8B 33 63 ..j0r.[..4S...3c
0130: 29 DA AA EE AF AB 33 85 33 5C 41 71 AD A1 55 47 ).....3.3\Aq..UG
0140: C7 71 13 E5 25 C9 B8 C5 F4 26 11 D2 71 DF A0 44 .q..%....&..q..D
0150: C7 80 26 08 2F 9B A8 93 0E FD 4E CA 48 5B B3 95 ..&./.....N.H[..
0160: 3D F5 AA 70 6A F8 7C 4B 6B 93 D1 F3 5F 41 0C ED =..pj..Kk...A..
0170: 35 DF 2A 8E 39 B5 D1 A7 F5 22 38 F5 2B C2 9D CD 5.*.9...."8.+...
0180: BC 0E C5 46 37 39 30 E5 67 50 80 26 5F D3 FB A3 ...F790.gP.&...
0190: 40 58 0B 2E EE 93 2A 66 D3 86 77 06 A7 5B 49 3F @x....f..w..[I?
01A0: C6 44 17 20 AA 77 08 25 4F 31 D0 B3 76 E0 4D 14 .D. .w.%O1..v.M.
01B0: 4A 68 9E D6 6F 6D CE 40 4E 22 2E 2A 85 2C 83 FA Jh..om.@n"..,..
01C0: D0 6A 50 BA 71 36 73 6E 31 43 FC 61 21 82 9B 8A .jP.q6sn1C.a!...
01D0: F6 65 46 9E 36 5E 28 5B 47 39 B8 39 8B B0 15 D6 .eF.6^([G9.9....
01E0: 02 D0 83 08 85 41 19 41 68 20 C3 E7 52 BD 7E ED .....A.Ah ..R...
01F0: 37 06 F3 A3 57 57 24 01 02 3A E6 1C B2 9F 00 40 7...WW$..:.....@

], Alias: -- key null from getKey(mcrcode) call
at org.openas2.cert.PKCS12CertificateFactory.getPrivateKey(PKCS12CertificateFactory.java:187)
at org.openas2.cert.PKCS12CertificateFactory.getPrivateKey(PKCS12CertificateFactory.java:199)
at org.openas2.processor.sender.AS2SenderModule.secure(AS2SenderModule.java:350)
at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:89)
... 8 more

    at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:70)
    at org.openas2.processor.receiver.MessageBuilderModule.processDocument(MessageBuilderModule.java:182)
    at org.openas2.processor.receiver.DirectoryPollingModule.processFile(DirectoryPollingModule.java:196)
    at org.openas2.processor.receiver.DirectoryPollingModule.updateTracking(DirectoryPollingModule.java:170)
    at org.openas2.processor.receiver.DirectoryPollingModule.poll(DirectoryPollingModule.java:81)
    at org.openas2.processor.receiver.PollingModule$PollTask.run(PollingModule.java:62)
    at java.util.TimerThread.mainLoop(Timer.java:555)
    at java.util.TimerThread.run(Timer.java:505)

2019-11-05 13:54:42.513 FINE AS2Util: moved /home/simon/OpenAS2/bin/../config/../data/pendingMDN3/OPENAS2-05112019135441+0000-42273dd1-a0e7-4798-ada7-ee9dec8b7e1c@mcrcode.as2.prd_edihub.online.as2.prd to /home/simon/edi_store/as2/mcrcode/outbox/error/OPENAS2-05112019135441+0000-42273dd1-a0e7-4798-ada7-ee9dec8b7e1c@mcrcode.as2.prd_edihub.online.as2.prd [<OPENAS2-05112019135441+0000-42273dd1-a0e7-4798-ada7-ee9dec8b7e1c@mcrcode.as2.prd_edihub.online.as2.prd>]

This software supports as2 1.2 version?I received as2 version 1.2 can not be resolved.

Did not identify incoming message is AS2 message or MDN(Async MDN mode)

Hi,

I was wondering if it's possible to override the app.title? I tried adding app_title and app.title to the <Properties> element in my config.xml, but it seems to be fully ignored.

Can it be that it is because the key includes a .?

Hi Christopher,

I’m trying to build an RPM for version 2.6.4 with an automatic fetching of the Git sources. I use the following in my spec file:

Version: 2.6.4
Source0: https://github.com/OpenAS2/%{project_name}/archive/v%{version}/%{name}-%{version}.tar.gz

But the pom.xml file is still having 2.6.3 as the OpenAS2 version, and it makes the RPM build fail. I think that you forgot to tag the files as v2.6.4.
See: v2.6.4...master

Could you fix it please?

TIA,

Davy

PS: BTW, I wonder why bcpg is not on par with other bc libs (1.54 vs 1.59)…

The variable name is sendCert but the method takes Partnership.PTYPE_RECEIVER. Should it take Partnership.PTYPE_SENDER?

Hi,

Is it possible to have 2 partnerships for partners A and B, but with different Subjects? Also, is it possible to receive messages with different Subjects in separate folders?

Hi Chris,

When using an external database server like MySQL, it would be interesting to be able to customize the name of the message tracking table (for example, to fit a naming policy). I propose to add a new config parameter as an XML attribute named “db_table”. That’s something Luc has already implemented in his fork.

Hi Christopher,

I’ve just built a new RPM for CentOS 7 with the latest version of OpenAS2 (2.6.4), but the variable $properties.storageBaseDir$ inside the config.xml file is not interpreted. A wrong directory is created with the name of the variable, i.e. “$properties.storageBaseDir$”, so I have to use full path instead.

Regards,

Davy

How to use one open AS2 for multiple Partners multiple Certificates

This is a new error with release 2.3.1. The root cause is a small typo in the config/config.xml file.

I'm struggling with sudden certificate issues and I've come across a thing I don't understand.

The as2_certs.p12 keystore - according to the extension and also to what the documentation claims - is meant to be in the PKCS#12 format. But it's not.

keytool -list -keystore as2_certs.p12
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

openas2a, 27.7.2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 2D:4B:42:05:56:80:9B:5D:0E:63:4D:4A:23:3D:9A:39:C3:8D:51:21
openas2b, 27.7.2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 1E:16:65:9B:7A:F2:59:EA:B7:B7:4F:E5:EB:D3:CF:89:3A:0F:89:CA

Warning:
<openas2a> uses the MD5withRSA signature algorithm which is considered a security risk.

All my attempts to convert it to the PKCS#12 format end up losing all trusted certificates which renders the keystore useless.

There are diff artifacts in config.xml as distributed in 2.9.4. It is not a valid xml file.

file "EmbeddedDBHandler.java" line 41 nearby:

if ("true".equalsIgnoreCase(getParameter(PARAM_TCP_SERVER_START, "true")))

should be

if ("true".equalsIgnoreCase(params.get(PARAM_TCP_SERVER_START)))


Hi,

I would like to request a feature.
I would very much like to store raw incoming and outgoing messages. By raw I mean the exact form that was received before any decryption or signature validation and exact form that was sent to other party, after all encryption and signatures were applied.
I need to store both messages and MDNs.

If any disputable situation arises, signed and encrypted messages and delivery notifications would be much more reliable proof than just plain messages. Even if we have MDN of sent message, we do not have the message itself, just the content.

It would be best to also have command line tools that could re-validate the received messages and validate that the received successful mdn matches the sent message.

What do you think about this? Or maybe it is possible right now, and I am just missing something?

Best regards,
Szymon Wilkołazki

Please reopen #57, or move discussion here. It should not be necessary for OpenAS2 to store the raw messages ("documents"), as the business system will/should do so. OpenAS2 stores the MDN text, which includes the MIC of the document - but does not store the MDN signature.

Storing the raw MDN is one way to do that. However, each pkcs7 sig includes the signing cert - which is the same most of the time - and the signature can be detached. So the MDN could be parsed into the MDN text (currently stored), a reference to the signing cert, and the detached signature.

The ultimate goal, is that given e.g. a raw EDI invoice from the business system, some tool can recompute the MIC, use the MIC as a key to lookup the MDN with attached or detached signing cert and signature, and verify the signature. Then print out all four components.

Hi,
We consider to use as2-lib and I have a few questions:
What AS2 version does the library supports (1.1, 1.2)?
Does is supports any of the AS2 profiles (http://www.filetransferglossary.com/as2-optional-profiles)?
Was it tested by the Drummond Group certification tests?

Thank you for your help,
Ziv Harpaz, BMC.

Receiving files seems to work ok. Sending log from 2.3.1:

2018-09-25 15:40:17.223 FINE AS2SenderModule: Connecting to: http://edi2.xxxxx.com:60080/ [OPENAS2-25092018154017-0400-67dedc4c-f99e-482d-a58d-3a6e4ffebe03@editorialunilit_SAN_2475979_PROD_074240599]
2018-09-25 15:40:17.310 FINE AS2SenderModule: transferred 2910 bytes in 0.33 seconds at 86.118 KBps [OPENAS2-25092018154017-0400-67dedc4c-f99e-482d-a58d-3a6e4ffebe03@editorialunilit_SAN_2475979_PROD_074240599]
2018-09-25 15:40:17.469 FINE AS2Util: received MDN [automatic-action/MDN-sent-automatically; processed] [OPENAS2-25092018154017-0400-67dedc4c-f99e-482d-a58d-3a6e4ffebe03@editorialunilit_SAN_2475979_PROD_074240599]
2018-09-25 15:40:17.739 FINE AS2Util: Message sent and MDN received successfully. [OPENAS2-25092018154017-0400-67dedc4c-f99e-482d-a58d-3a6e4ffebe03@editorialunilit_SAN_2475979_PROD_074240599]
2018-09-25 15:40:17.739 FINE AS2Util: deleted /var/lib/openas2/config/../data/pendingMDN3/OPENAS2-25092018154017-0400-67dedc4c-f99e-482d-a58d-3a6e4ffebe03@editorialunilit_SAN_2475979_PROD_074240599 [OPENAS2-25092018154017-0400-67dedc4c-f99e-482d-a58d-3a6e4ffebe03@editorialunilit_SAN_2475979_PROD_074240599]

Sending log after upgrade to 2.6.1:

2018-09-26 13:32:18.550 FINE AS2SenderModule: Connecting to: http://edi2.xxxxx.com:60080/ [<OPENAS2-26092018132852-0400-b7485b05-841c-4b47-98c6-814af9a6b91c@editorialunilit_SAN_2475979_PROD_074240599>]
2018-09-26 13:32:19.011 FINE AS2SenderModule: Message sent and response received in 347 millisecondsms [<OPENAS2-26092018132852-0400-b7485b05-841c-4b47-98c6-814af9a6b91c@editorialunilit_SAN_2475979_PROD_074240599>]
2018-09-26 13:32:19.104 FINE AS2Util: received MDN [automatic-action/MDN-sent-automatically; processed/error: decryption-failed] [<OPENAS2-26092018132852-0400-b7485b05-841c-4b47-98c6-814af9a6b91c@editorialunilit_SAN_2475979_PROD_074240599>]
2018-09-26 13:32:19.106 WARNING AS2Util: Disposition exception on MDN. Disposition: automatic-action/MDN-sent-automatically; processed/error: decryption-failed [<OPENAS2-26092018132852-0400-b7485b05-841c-4b47-98c6-814af9a6b91c@editorialunilit_SAN_2475979_PROD_074240599>]
org.openas2.DispositionException: automatic-action/mdn-sent-automatically; processed/error:decryption-failed
	at org.openas2.util.DispositionType.validate(DispositionType.java:107)
	at org.openas2.util.AS2Util.checkMDN(AS2Util.java:187)
	at org.openas2.util.AS2Util.processMDN(AS2Util.java:504)
	at org.openas2.processor.sender.AS2SenderModule.processResponse(AS2SenderModule.java:243)
	at org.openas2.processor.sender.AS2SenderModule.sendMessage(AS2SenderModule.java:216)
	at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:131)
	at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
	at org.openas2.processor.resender.DirectoryResenderModule.processFile(DirectoryResenderModule.java:186)
	at org.openas2.processor.resender.DirectoryResenderModule.resend(DirectoryResenderModule.java:106)
	at org.openas2.processor.resender.BaseResenderModule$PollTask.run(BaseResenderModule.java:34)
	at java.util.TimerThread.mainLoop(Timer.java:555)
	at java.util.TimerThread.run(Timer.java:505)
2018-09-26 13:32:19.109 ERROR AS2Util: Disposition exception processing MDN ... [<OPENAS2-26092018132852-0400-b7485b05-841c-4b47-98c6-814af9a6b91c@editorialunilit_SAN_2475979_PROD_074240599>]
org.openas2.DispositionException: automatic-action/mdn-sent-automatically; processed/error:decryption-failed
	at org.openas2.util.DispositionType.validate(DispositionType.java:107)
	at org.openas2.util.AS2Util.checkMDN(AS2Util.java:187)
	at org.openas2.util.AS2Util.processMDN(AS2Util.java:504)
	at org.openas2.processor.sender.AS2SenderModule.processResponse(AS2SenderModule.java:243)
	at org.openas2.processor.sender.AS2SenderModule.sendMessage(AS2SenderModule.java:216)
	at org.openas2.processor.sender.AS2SenderModule.handle(AS2SenderModule.java:131)
	at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
	at org.openas2.processor.resender.DirectoryResenderModule.processFile(DirectoryResenderModule.java:186)
	at org.openas2.processor.resender.DirectoryResenderModule.resend(DirectoryResenderModule.java:106)
	at org.openas2.processor.resender.BaseResenderModule$PollTask.run(BaseResenderModule.java:34)
	at java.util.TimerThread.mainLoop(Timer.java:555)
	at java.util.TimerThread.run(Timer.java:505)
2018-09-26 13:32:19.133 FINE AS2Util: Renamed pending info file : OPENAS2-26092018132852-0400-b7485b05-841c-4b47-98c6-814af9a6b91c@editorialunilit_SAN_2475979_PROD_074240599 :::: New name: OPENAS2-26092018133219-0400-9c431a42-164e-4dae-9ee2-93a775bd140d@editorialunilit_SAN_2475979_PROD_074240599 [<OPENAS2-26092018133219-0400-9c431a42-164e-4dae-9ee2-93a775bd140d@editorialunilit_SAN_2475979_PROD_074240599>]
2018-09-26 13:32:19.137 FINE DirectoryResenderModule: message put in resend queue [<OPENAS2-26092018133219-0400-9c431a42-164e-4dae-9ee2-93a775bd140d@editorialunilit_SAN_2475979_PROD_074240599>]

Trying out this project for a potential solution. Was wondering how exactly to interact with the HealthModule? I have started a barebones server and am making an HTTP GET request to http://localhost:10099.

I'm seeing errors in the logs as such:

java.io.IOException: Invalid HTTP Request: Token Count - 0::: String length - 0 ::: String -
	at org.openas2.util.HTTPUtil.readRequest(HTTPUtil.java:413)
	at org.openas2.util.HTTPUtil.readHTTP(HTTPUtil.java:270)
	at org.openas2.processor.receiver.HealthCheckHandler.handle(HealthCheckHandler.java:44)
	at org.openas2.processor.receiver.NetModule$ConnectionThread.run(NetModule.java:201)

So I feel like I'm missing something. Couldn't find anything in the How To document on what type of request to construct. Any pointers would be appreciated!

As the Fedora packager, I have to port openas2 to java11 for Fedora 33. A major problem is that certain standard APIs have been dropped, e.g. javax.mail. There is an independent jakarta.mail that is supposed to be compatible after changing imports. There are some other APIs used by openas2 that seem to have been dropped as well.

I can patch the source if it doesn't get too messy, but how will the openas2 project handle this?

Hi! Are you planning to do this? Latest version in Central is v2.4.1.

http://search.maven.org/#search|ga|1|openas2

Many thanks!

Many servers now ship with all anonymous SSL ciphers disabled.
Provide the ability to use standard ciohers in the remote control app to connect to server.

I discovered that the partnership option

<attribute name="rename_digest_to_old_name" value="true"/>

solved a communication problem with a partner (Seeburger, older version).

It would have saved me a lot of time if this option was mentioned in the manual at either chapter 13 "Troubleshooting OpenAS2" or chapter 14 "Partner AS2 Compatibility Settings".

This is a new feature not a bug.
I would like to create a new handler for both inbound and outbound messages:

• outbound messages would be retrieved from RabbitMQ/AMQP instead of file system (or any other messaging system);
• inbound messages will be sent to a dedicated queue in RabbitMQ/AMPQ instead of file system (or any other messaging system).
  There will be two queues created, one for inbound, another for outbound. The MQ message will contain sender and receiver (eg AS2 identifier) at the header level.
  I would need in config.xml to be able to specify the implementation handler for both inbound and outbound message.
  I am willing to work on it once I get the workspace setup.

For various reasons (IP sharing, HTTPS offloading…), a reverse proxy could be used in front of an OpenAS2 server. In that case, OpenAS2 is wrongly considering that any remote server initializing an incoming connection is the proxy identified by its private IP address.
It would be useful that OpenAS2 considers the special HTTP headers added by the proxy (X-Forwarded-For and X-Real-IP) containing the real originator’s IP address.

This would avoid the following issues:

• information about the incoming connection IP addresses in logs are not very relevant;
• the stored message header is also containing the proxy’s IP address as source_ip instead of the AS2 partner’s IP address;
• the MDN sent back to the remote server is containing a message with the proxy’s private IP address as the authenticated originator :-(.

Cheers,

Davy

Hello,

I just installed openas2 and did some tests on files with sizes of 10-20 MB, this works fine, the files are perfectly send over.

I then tried with a 630 MB file and this doesn't work. I simply put the file in the send folder and it doesn't disappear (I checked, the owner/rights are correct).

So, what I do have, is a file of the same size in the folder pendingMDN3.

All I have in the logs is this :
05/18/17 18:23:18 DirectoryPollingModule: processing /usr/local/apps/as2/bin/../config/../data/topartner/DE_FAFSECFMFI_20170516xxxxxxxxx_0001_16.xml

I checked in the documentation if there is something to change to allow big files, but nothing points to a size limitation.

OpenAS2 is started with the following arguments :

EXTRA_PARMS="-Xms128m -Xmx2048m -Dorg.apache.commons.logging.Log=org.openas2.logging.Log"

So I guess 2048 MB should be enough for a 630 MB file.

Any idea what I should do to make this work ?

Hi,

Where can I add the logic to transform the file from another framework such as Smooks.

Thanks

Hi,

I have an AS2 partner using a server sofware identified by the following User-Agent:
EDI Integrator Component - www.nsoftware.com
I can send him AS2 messages without any problems, but when he send (actually, I send from his Web configuration portal) a test message to my OpenAS2 server, the MDN received by the partner triggers the following exception:
Sending document failed. Sending exception. No MIME-boundary found.( )

I tried to tweak the parameters (content_transfer_encoding, compression_mode, prevent_cononicalization_for_mic, etc.), but it’s still failing with the same exception on the partner’s server.

Any hint would be welcome.

Regards,

Davy

Hello,

The MSG_STATE_RECEIVE_EXCEPTION label string is “Processing exception occurred receiving message. Resend queued.”. I wonder if it makes sense to put an incoming message in resend queue…
I guess it’s an error.

BTW, there are typos in:

• MSG_STATE_MDN_SEND_START label string “Message recieved. MDN sending started.” (recieved →received);
• MSG_STATE_MSG_RXD_MDN_SENT_OK label string "Message received and MDN sent succesfully.” (succesfully → successfully).

I tried to upgrade from v2.4.3 to v2.5.0 and my OpenAS2 instance stopped communicating with our Mendelson AS2, the latter showing this in logs:

[10:37:40 AM] Data has arrived that could not be processed because it contains errors. The defined content transfer encoding "base64" is unknown.
[10:37:40 AM] LogAccessDB.log: integrity constraint violation: foreign key no parent; SYS_FK_10110 table: MESSAGELOG
[10:37:40 AM] UNKNOWN: Generating outbound MDN, setting message id to "mendAS2-1536741460814-3798@unknown_unknown".
[10:37:40 AM] mendAS2-1536741460814-3798@unknown_unknown: Outbound MDN created for AS2 message "UNKNOWN", state set to [processed/error: unexpected-processing-error].
[10:37:40 AM] LogAccessDB.log: integrity constraint violation: foreign key no parent; SYS_FK_10110 table: MESSAGELOG
[10:37:40 AM] UNKNOWN: Outbound MDN details: BASE64Decoder: Error in encoded stream: needed at least 2 valid base64 characters, but only got 0 before padding character (=), the 10 most recent characters were: "&\249\147\241h\214\21x\133="
[10:37:40 AM] LogAccessDB.log: integrity constraint violation: foreign key no parent; SYS_FK_10110 table: MESSAGELOG
[10:37:40 AM] AS2ServerProcessing: [java.lang.RuntimeException] Unexpected MDN received: No related message exists for inbound MDN "UNKNOWN"

As I've discovered later, a new header, Content-Transfer-Encoding, has appeared in the outgoing messages. The problem is that this header is set to base64, no matter the partnership settings, while the body is kept binary even if I set the content_transfer_encoding partnership attribute to base64.

Capturing the loopback communication during tests reveals that this issue is present even in the latest version (v2.6.1):

v2.4.1 HTTP request
v2.6.1 HTTP request

This issue is just for the documentation in case old/bad certificates are used. One question at the end though.

We tried using existing old certificates with keys and could import them via the "cert import" command.
This worked fine, however, on restart, we got the exception:

Exception in thread "main" org.openas2.WrappedException: Error creating component: org.openas2.cert.PKCS12CertificateFactory
at org.openas2.util.XMLUtil.getComponent(XMLUtil.java:80)
...
Caused by: java.lang.IllegalArgumentException: invalid info structure in RSA public key
at org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey.populateFromPublicKeyInfo(BCRSAPublicKey.java:71)
...

Also, we tried importing the certificates with keys in the existing default "as2_certs.p12" keystore using the "Portecle" tool (mentioned in the manual) but that failed immediatly with the message "could not load keystore".

The problems go away when the BouncyCastle option "org.bouncycastle.asn1.allow_unsafe_integer" is used. E.g. start Portecle with:

start "portecle" /B C:\java\jdk8\bin\javaw -Dorg.bouncycastle.asn1.allow_unsafe_integer=true -jar portecle.jar

The documentation/manual should probably mention this problem and BouncyCastle option since the error messages are not really helpful.

I am not sure if using these old/bad certificates with keys is going to give problems down the line, e.g. in bad signatures / MDNs. Apparenlty there is a bad number in there and that might corrupt/fail to verify generated signatures / MDNs?

In OpenAS2HowTo.pdf, the section entitled 7. Partner Configuration, there is a note that says "It is necessary to have 2 elements even if data transfer is unidirectional."
Is this meant to imply that even if I am only receiving transfers from other entities, I still need to configure two partnerships to define the relationship? A configuration example follows:

<partner name="MyCompany" as2_id="MyCompany_OID" x509_alias="mycompany" email="[email protected]"/>

<partner name="PartnerA" as2_id="PartnerA_OID" x509_alias="partnera" email="[email protected]"/>

<partnership name="PartnerA-to-MyCompany">
    <sender name="PartnerA"/>
    <receiver name="MyCompany"/>
</partnership>

<!-- Is this needed if my intent is only to receive from PartnerA? -->
<partnership name="MyCompany-to-PartnerA">
    <sender name="MyCompany"/>
    <receiver name="PartnerA"/>
</partnership>

Use the partnership configuration to define directory polling modules dedicated to a particular partner. This will allow auto refresh of the partner setup without having to restart the application.

Currently I am trying out OpenAs2App/WebUI. However I am getting an error during the requesting to the api. The following logs are shown in the console:

application/json

2019-12-02 13:37:38.024 FINE AuthenticationRequestFilter: Username: userID
2019-12-02 13:37:38.024 FINE AuthenticationRequestFilter: password: ***
2019-12-02 13:37:38.025 FINE RestCommandProcessor: API Request: GET /api/
2019-12-02 13:37:38.027 FINE RestCommandProcessor: API Response: 200{Content-Type=[application/json]}
Dec 02, 2019 1:37:38 PM org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor aroundWriteTo
SEVERE: MessageBodyWriter not found for media type=application/json, type=class org.openas2.cmd.CommandResult, genericType=class org.openas2.cmd.CommandResult.
2019-12-02 13:37:38.030 FINE RestCommandProcessor: API Response: 500{}

application/vnd.sun.wadl+xml

2019-12-02 13:19:39.355 FINE RestCommandProcessor: API Response: 401{Content-Type=[application/vnd.sun.wadl+xml]}
Dec 02, 2019 1:19:39 PM org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor aroundWriteTo
SEVERE: MessageBodyWriter not found for media type=application/vnd.sun.wadl+xml, type=class org.openas2.cmd.CommandResult, genericType=class org.openas2.cmd.CommandResult.
2019-12-02 13:19:39.359 FINE RestCommandProcessor: API Response: 500{}

The project has not been altered at all by me. I am no Java developer at all. I also tried a pre build version available on sourceforge. I can see the jersey-media-json-jackson has been added to the dependency (which was suggested by stakcoverflow).

Any idea, ever seen this before?

Github is more community friendly nowadays. And publish the jars to maven would make the project more available to developers.

Hi @uhurusurfa,

Have you even tried to run OpenAS2 with OpenJDK in a docker container?

Regards,
Nick

Hi,

Currently, we have an error with a partner (solved for the moment, by removing some configuration on their side), and I would like to know why. Here are the stack trace provided by OpenAS2:

org.openas2.DispositionException: automatic-action/MDN-sent-automatically; processed/Error:unexpected-processing-error
	at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(Unknown Source)
	at org.openas2.processor.receiver.AS2ReceiverHandler.handle(Unknown Source)
	at org.openas2.processor.receiver.NetModule$ConnectionThread.run(Unknown Source)
Caused by: java.security.NoSuchAlgorithmException: Unsupported or invalid algorithm: pkcs7-signature
	at org.openas2.lib.helper.BCCryptoHelper.convertAlgorithm(Unknown Source)
	at org.openas2.lib.helper.BCCryptoHelper.calculateMIC(Unknown Source)
	... 3 more

org.openas2.WrappedException: Error sending MDN
	at org.openas2.processor.receiver.AS2ReceiverHandler.processMDN(Unknown Source)
	at org.openas2.processor.receiver.AS2ReceiverHandler.handle(Unknown Source)
	at org.openas2.processor.receiver.NetModule$ConnectionThread.run(Unknown Source)
Caused by: java.lang.IllegalArgumentException: Unknown signature type requested: PKCS7-SIGNATUREWITHRSA
	at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.generate(Unknown Source)
	at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.find(Unknown Source)
	at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.<init>(Unknown Source)
	at org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder$NamedHelper.createContentSigner(Unknown Source)
	at org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder.build(Unknown Source)
	at org.openas2.lib.helper.BCCryptoHelper.sign(Unknown Source)
	at org.openas2.util.AS2Util.createMDNData(Unknown Source)
	at org.openas2.util.AS2Util.createMDN(Unknown Source)
	... 3 more

Does this means they're using an unsupported signature ? Do you know if this will be implemented in some future releases ?
For information, we're running OpenAS2 in version 2.0.0, so maybe this is already supported, and we just need to upgrade, but I didn't find anything related to this signature type.

Thanks for the time.

Hello everyone,

I use OpenAS2 for three years, I added several elements to the project in particular database storage in several tables: partner, partnership, as2_message(not with DbTrackingModule) and message_status.
I have not had time to set up database polling yet.

Since I saw that you have recovered the project and you have made nice evolutions :), I’ve tried to merge the sources on https://github.com/lucguinchard/OpenAs2App
I saw that you have also set up the traking for the AS2 messages in a database table. I thought that your method for messages is better, so I deleted mine.

My goal is to make my impovements available to the community.

Change Log:

1. Better JCE error handling (Java Cryptography Extension)
2. Invalid code in OpenAS2Exception
3. Add a DBFactory class to manage the database (partner and partnership)
4. Adding a database configuration tag for partner & partnership in config.xml
   Sample :

<dbconfig url="jdbc:mysql://127.0.0.1/openas2?characterEncoding=UTF-8" user="openas2" password="openas2"/>
<partnerships classname="org.openas2.partner.DBPartnershipFactory" dbconfig="as2_dbA"/>

5. Modifying the BasePartnershipFactory class to take into account partners and parnerships outside config.xml
6. Added a DBPartnershipFactory class to search for parnerships and partners in a database.
7. Added Unit tests to test the configuration with the database (environments + createDefaultTable.sql)
8. Support reverse proxies.
9. Cleaning and reformatting the code
10. Take into account a filenameformat in AS2DirectoryPollingModule, to overload the filename.
11. Documentation odt:
    1. Add sample configuration for using Mysql database
    2. Added attribute description : sendfilename and filenameformat

For information, I work with @DevDef

Thanks,
Luc

An AS2 partner of ours sends (retries) async MDNs after a 5 minute time-out. This gives rise to errors since OpenAS2 removes "pending MDNs" after 5 minutes.

If retries after 5 minutes is a common case (I'm not sure), I think it would be better to set the default value of the related property as2_mdn_response_max_wait_seconds to 16 minutes so the other party gets 3 attempts without causing errors on the OpenAS2 side.

We are using OpenAS2 behind a load balancer. It works well, but unfortunately, the client IP is always the IP of our load balancer. It would be very useful is if, in addition to log the client IP, OpenAS2 would also log X-Forwarded-For which would allow us to see the actual IP of the client.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For

Since the app provides tha ability to change the file name to be sent to the partner from what it was when the file was picked up from disk by the directory polling module, add a field to log the original inbound file name to the DB tracking module.

Hi, After trying and evaluating OpenAS2 we think its lacking a good User Interface to manage its configuration. I was able to sell my boss into OpenAS2 as an alternative to our Windows Only, Closed source Integration server and our company is willing to invest in developing one after seeing a quick-and-dirty prototype I created in PHP.
Checkout my fork for details.

I would like to see if we can collaborate with the project since we have access to real production environments with multiple Corporations and Trading Partners in the US and Canada (like Amazon, Walmart, HEB, BestBuy, The Buckle, Google Stores, Canadian Tire, etc).

Currently directoryies only work with variables deofined at application startup.
Provide the ability to use dates and possibly message based dynamic variables.

Orginated from this dioscussion: https://sourceforge.net/p/openas2/discussion/265568/thread/fc2ab5979c/?limit=25

I have tried using your given example, to set a dynamic subject but it gives me null.

<attribute name="attribute_names_from_filename" value="X-attribute1,Y-attribute2"/>
 			<attribute name="attribute_names_regex_on_filename" value="([^-]*)-([^.]*).txt"/>
 			<attribute name="subject" value="Target product: $attributes.X-attribute1$ Sequence Count:
$attributes.Y-attribute2$"/>

filename: abc-23.txt
I have tried using regex = "([^.])-([^.]).txt"
same output attribute value in subject is null.