SPAZIO MFTS DP v2.5.1 AS2 InstConfig

SPAZIO MFT/S AS2 Connector
for Distributed Platforms

Installation and Configuration Guide
Version 2 Release 5
EMAFTM091/06 - October 2014

SPAZIO MFT/S AS2 Connector for Distributed Platforms
Installation and Configuration Guide
Date of issue Reference number Brief description

March 2011 EMAFTM091/01 First edition
May 14th, 2012 EMAFTM091/02 Updates for Service Pack 1 - sections 2.1.1,
2.1.3, 3.2, 3.5.2, 4.2.1, 4.3, 4.4
January 21st, 2013 EMAFTM091/03 Updated sections 1.4.4, 3.4.2, 4.2.2
March 21st, 2013 EMAFTM091/04 Updated sections 1.3.2, 1.3.3, 1.4.2, 1.4.3,
3.4.2, 3.5.5, 4.2.1, 4.2.2
April 29th, 2013 EMAFTM091/05 Updated section 4.2.2
October 15th, 2014 EMAFTM091/06 Updated sections 1.2, 1.3.2, 1.4.2, 1.4.5, 2.1.1,
2.1.2, 4.2.1, 4.2.2
Added sections 1.4.7, 3.6.1
Copyright 2014 Primeur Ltd. All rights reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
translated into any other language in whole or in part, in any form or by any means, whether it be
electronic, mechanical, magnetic, optical, manual or otherwise, without prior written consent of Primeur
Ltd.
Primeur Ltd may revise this publication from time to time without notice. A new release of this manual
contains changes made to the product since the previous version.
The software product that this manual documents is the exclusive property of Primeur Ltd. The use of
this software is governed by the license agreement that accompanies the product. The following
conditions must be observed in all cases:
The product may be used only on the number of computers for which the client is licensed.
The client may make only one copy of the product, and this only for backup purposes.
The client may not reverse engineer, decompile, or disassemble the product.
The client may not loan, rent or lease neither the product, nor any of the documentation or user
manuals related to the product, whether this is for free or for a fee.
Primeur Ltd warrants that the product will perform substantially in accordance with the accompanying
product manual(s). Primeur Ltd disclaims all other warranties either expressed or implied. Primeur Ltd
and its suppliers shall not be liable for any damages whatsoever (including damages for loss of business
profits, business interruption, loss of business information or other pecuniary loss) arising out of the use
of, or inability to use, the product.
SPAZIO, SPAZIO MFT/S, SPAZIO Orchestration Suite, SPAZIO FTFI, SPAZIO Messaging & Queuing,
SPAZIO M&Q, SPAZIO File Transport, SPAZIO Data Extract, SPAZIO Legacy Interface, SPAZIO Data
Secure, SPAZIO DSSP, SPAZIO DSMQ, SPAZIO Data Compress, SPAZIO JMS and THEMA are
trademarks of Primeur Ltd. Other brands and their products are trademarks or registered trademarks of
their respective holders and should be noted as such.
Company Headquarters Local Agent

Corso Paganini 3
16125 Genova
Italy
Tel: +39 010 27811
Fax: +39 010 8684913
Web: www.primeur.com
Mail: primeur@primeur.com
About this manual
Purpose
This manual provides a brief guide to the installation and configuration of
Spazio MFT/S AS2 Connector for Distributed Platforms. It starts by
providing an overview of the various Spazio MFT/S configuration files that
must be configured to run AS2 Connector, and a description of the
parameters that they contain. The chapters that follow provide a detailed
description of the configuration and the parameters for the configuration
files.
You are recommended to use this manual as a reference during
installation/configuration.
Reader
This manual is provided for Spazio system administrators. Typically these
persons will be either experienced System Programmers or experienced
software developers.
It is assumed that the reader has a broad knowledge of computer systems.
Mainframe, UNIX, Windows and other operating system experience will help
in understanding this manual, but is not essential.
Related Publications
A comprehensive suite of manuals is provided to support the implementation
and usage of SPAZIO MFT/S.
These manuals are divided into three categories:
z/OS - manuals for the z/OS Mainframe platform
Distributed platforms - manuals for non-Mainframe platforms including
SPAZIO workstation
General - manuals for both the Mainframe and non-Mainframe platforms.
The key manuals for z/OS are:

SPAZIO MFT/S for z/OS: Installation and Configuration Guide
SPAZIO MFT/S for z/OS: System Administrators Guide
SPAZIO MFT/S for z/OS: File Transport User's Guide
SPAZIO MFT/S for z/OS: Messages and Codes
SPAZIO MFT/S for z/OS: Extended Event Manager Administrator's Guide
SPAZIO MFT/S for z/OS: Application Log Administrator's Guide
The key manuals for Distributed Platforms are:

SPAZIO MFT/S for Distributed Platforms: Installation and Configuration
Guide
SPAZIO MFT/S for Distributed Platforms: System Administrators Guide
SPAZIO MFT/S AS2 Connector for Distributed Platforms: Installation and Configuration Guide
EMAFTM091/06 i
About this manual
SPAZIO MFT/S for Distributed Platforms: File Transport User's Guide

SPAZIO MFT/S for Distributed Platforms: SPXP Transports
SPAZIO MFT/S for Distributed Platforms: SPFAB Service Container
SPAZIO MFT/S for Distributed Platforms: Management Console Guide
SPAZIO MFT/S for Distributed Platforms: Extended Event Manager
Administrator's Guide
SPAZIO MFT/S for Distributed Platforms: Messages and Codes
SPAZIO MFT/S for Distributed Platforms: Static Agenda User's Guide
SPAZIO MFT/S for Distributed Platforms: SPAZIO DMZ Gateway
The key general manuals are:

Data Secure for SPAZIO MFT/S (DSSP) Installation, Configuration and User
Guide
Data Secure for SPAZIO MFT/S Open Protocols (DSSP Open) Installation,
Configuration and User Guide
AAA Security for Spazio MFT/S (A3SP): Installation, Configuration and User's
Guide
ii EMAFTM091/06
Table of Contents
About this manual i

Purpose i
Reader i
Related Publications i
Table of Contents iii
Chapter 1 Overview and concepts 1

1.1 Introduction 1
1.2 Introduction to AS2 protocol 1
1.3 Function overview 3
1.3.1 Spazio MFT/S roles 3
1.3.2 Spazio MFT/S to AS2 use cases overview (Push Master) 4
1.3.3 AS2 to Spazio MFT/S use cases overview (Server) 5
1.4 Architectural overview 6
1.4.1 Implementation of AS2 protocol in Spazio 6
1.4.2 Understanding AS2 Connector components 6
1.4.3 Sending files with AS2 protocol 8
1.4.4 Retrieving files as AS2 server 9
1.4.5 Spazio Security and AS2 Connector 10
1.4.6 Spazio AS2 Connector DB 10
1.4.7 Implementation of the AS2 CEM protocol in Spazio 10
Chapter 2 Installation 21
2.1 Post installation tasks 21
2.1.1 Creation of working folder for Spazio MFT/S AS2 Connector 21
2.1.2 Creation of Spazio MFT/S AS2 Connector Persistency Tables in
RDBMS 22
Chapter 3 Configuration Overview 25

3.1 Configuration files 25
3.2 Persistent Data Storage 25
3.3 Enabling the SPXP AS2 transport protocol 26
3.4 Configuring SPXP AS2 Spazio Server 27
3.4.1 Enabling server behavior 27
3.4.2 Reviewing general Server settings 27
3.5 Configuring Push Masters 28
3.5.1 Enabling Push Master behavior 28
3.5.2 Creating the transport class 28
3.5.3 Defining remote nodes 29
3.5.4 Defining remote queues 29
3.5.5 Reviewing Push Master general settings 29
3.6 Security 30
3.6.1 AS2CL Command Reference 31
Chapter 4 Configuration Reference 35

4.1 Notation 35
4.2 AS2 protocol reference (spxp.as2.properties) 35
4.2.1 AS2 Connector Server Section 35
4.2.2 AS2 Connector Push Sections(AS2.Target[destination].* prefix) 39
4.3 AS2 security configuration 43
4.4 AS2 DBMS connectivity configuration 48
EMAFTM091/06 iii
Table of Contents
iv EMAFTM091/06
Chapter 1 Overview and concepts
1.1 Introduction
From version 2.3.4 onwards Spazio MFT/S supports a new Java based
runtime framework for transports and server extensions (sometimes collectively
referred to as transports) called SPXP.
SPXP is a transport container which can host several transport protocols and
transport instances.
Although SPXP has its own configuration files and paradigm, from a runtime
and functional perspective it is fully integrated with Spazio MFT/S core.
Spazio MFT/S AS2 Connectoris an optional component of the SPXP runtime
that delivers support for AS2 protocol as defined in the RFC-4130.
Knowledge of the Spazio MFT/S product and in particular of the SPXP
transport framework is a requirement for reading this manual. For further
information please refer to Spazio MFT/S documentation and in particular to
the SPAZIO MFT/S for Distributed Platforms: SPXP Transports manual.
In addition, knowledge of the AS2 protocolstandard is a requirement for
reading this book. For further information on AS2 please refer to theofficial
AS2 protocol documentation as RFC-4130 and addendum.
1.2 Introduction to AS2 protocol

Applicability Statement 2 (AS2) is a protocol developed by the IETF and
introduced in 2002 to implement secure and reliable messaging over HTTP
using SMIME. It allows data to be sent over the Internet using the HTTP/S
protocol, with guarantees in place to ensure a document is not lost.
AS2 works by providing an envelope for the data, allowing it to be sent over
an TCP/IP-based network (as Internet) using the HTTP protocol, and it can
handle any kind of document but is ideally suited to the kind of transactions
that have traditionally made up the bulk of EDI exchanges.
AS2 has been designed for both business messaging and the Internet,
meaning it works particularly well for the exchange of business documents.
Unlike traditional data oriented protocols AS2 addresses issues such as
document encryption and signatures, and offers receipts. It even allows
companies to continue to use existing internal processes, demanding changes
only to the mechanisms actually used to exchange documents with partners.
A specific feature of the AS2 protocol is that it has just one verb: SEND.
This means that in AS2 it is only possible for a client to send files, but not to
receive them, and therefore for bidirectional communication the two parties
must act alternatively as client and server depending on who is to send or
receive files.
EMAFTM091/06 1
Overview and concepts
The current AS2 specification and the AS2 community have a major focus on
interoperability, to ensure the smooth possibility for different As2 compliant
software to exchange documents without any conflicts or problems.
Many concepts are behind the global AS2 protocol, the most important are:
Message Disposition Notification (MDN)
Security
Optional profiles
MDN
The Message Disposition Notification (MDN) is the acknowledgment sent in
response to an AS2 message. If an MDN is enabled, the AS2 transmission is
not complete until the MDN has been received and verified.
The MDN provides verification of the following:
That the original message was successfully received by the receiving
party, by sending back the MessageID of the original sent message.
That the integrity of the data exchanged was verified by the receiving
partner, by sending back the MIC calculated by the receiver on the
message.
That there is a non-repudiation of receipt.
Secure transfer
AS2 offers options for security ranging from sending data over a secure
connection (HTTP/S) to package encryption (using a digital certificate to
completely encrypt the business document). A document also can be digitally
signed, letting a receiver be confident the document is valid. Even the MDN
can be encrypted and signed, as required from the sender.
Optional profiles
The optional profiles define extensions of the AS2 protocol that can be
optionally implemented by different software, following clearly defined
specifications, however, in order to guarantee interoperability between
products that support the same optional profile.
Currently the optional profiles (OPs) are:
Certificate Exchange Messaging (CEM)
Multiple Attachments (MA)
Filename Preservation
AS2 Reliability
Chunked Transfer Encoding
AS2 Restart for Very Large Messages
2 EMAFTM091/06
Spazio MFT/S AS2 Connector implements some of the optional profiles, and
in a different way for the Client and the Server parts of the connector.
For example, the Multiple Attachments profile is fully supported by the Server
(which can receive an AS2 message with multiple files sent as come
attachments and insert them in a Spazio queue) while it is not supported by
the Client part (because in Spazio each file travels as a separate message and
therefore there is no native aggregation policy).
The following is a list of optional profiles that are supported by the current
version of the Spazio AS2 connector, divided by server-side and client-side
support.

Optional Profile Master (Client) Source (Server)

Multiple Attachments (MA) No Yes
Filename Preservation (FN) Yes Yes
Filename Preservation with No Yes
Multiple Attachments (FN-MA)
Filename Preservation with No No
associated MDN (FN-MDN)
Certificate Exchange Messaging Yes Yes
(CEM)
AS2 Reliability Yes Partially
AS2 Restart Yes Yes
Chunked Transfer Encoding Yes Yes
(CTE)

1.3 Function overview
1.3.1 Spazio MFT/S roles

In SPXP terms AS2 is seen as a protocol where Spazio MFT/S can perform one
of the following two roles in a file transfer:
Push Master: Spazio MFT/S is a submitter of AS2 file transfer requests that
sends (pushes) files stored on a Spazio MFT/S remote queue to a remote
AS2 server
Server: Spazio MFT/S listens for AS2 file transfers on a local URL where
AS2 HTTP/S communication is performed.
In practice there is only one possible action in AS2: Push-based sending of a

file, where the Master is the active part (or client) of the system, while the
Server (Source from the SPXP point of view) is passive and can only receive
the file and if necessary send back an MDN depending on the behavior
requested by the client.
EMAFTM091/06 3
1.3.2 Spazio MFT/S to AS2 use cases overview (Push Master)
Optionally
saved MDN
Figure 1
Spazio MFT/S server plays the role of an AS2client and sends files to a
remote AS2 Server. Based on the configuration parameters, selected files
belonging to Spazio MFT/S remote queues will be sent to a target AS2
destination (AS2 Server) using the AS2 protocol.
Spazio MFT/S submits singleton file transfers, i.e. file transfers having just
one file member.
In addition Spazio MFT/S AS2 Connector includes a component for the
reception of asynchronous MDNs; in practice a HTTP/S server that listens on
a port defined in the configuration parameters manages the MDNs sent by
the remote AS2 servers in reply to the sending of the file by Spazio.
In this scenario one or more files are sent via AS2 to a remote recipient.
The files can embedded in the message as EDIData or as attachment of the
message itself. An ad hoc configuration parameter will tell the connector how
to manage the file.
When the file is sent, the necessary services (compression, encryption and
digital signature) are applied.
When the file is sent completely, it appears as complete from the MFT point
of view.
The MDN can be required or not, synchronous or asynchronous, and should
be in the correct format (encryption and digital signature) and through one of
the following channels: HTTP, HTTPS, SMTP.
Since when we act as client we are defining which kind of MDN we are
waiting for, we can assume as first implementation that we are not
supporting the request of a MDN via SMTP.
Main Use Cases:
Sending a file without MDN request
Sending a file with synchronous MDN request
Sending a file with asynchronous MDN request to be returned via HTTP
or HTTPS
MDNs received can be optionally saved in the Spazio MFT/S queues.
4 EMAFTM091/06
1.3.3 AS2 to Spazio MFT/S use cases overview (Server)
Figure 2
Spazio MFT/S Server with AS2 Connector correctly configured plays the role
of an AS2 server, waiting for incoming messages from any AS2 remote client
and dispatching the files into a Spazio MFT/S queue.
The target queues used in this scenario may be remote and possibly
associated with a different transport protocol, effectively enabling the
support of multi-hopped file transfers with protocol switching.
In this scenario one or more files are received via AS2 from a remote partner.
Receiving queues can be selected based on the AS2-From field belonging to
the AS2 Remote Client. Therefore we could have only one receiving queue for
an AS2 Server or multiple receiving queues, one for each client that uses the
server.
When the file is received, the necessary services (decompression, decryption
and signature verification) are applied.
In case of MDN required, the appropriate MDN must be generated and
returned to the partner.
Also in this case, the entire cycle is seen from Governance.
Main Use Cases:
Receiving a file without MDN request
Receiving a file with synchronous MDN request
Receiving a file with asynchronous MDN request to be returned via
HTTP, HTTPS or SMTP.
EMAFTM091/06 5
1.4 Architectural overview
1.4.1 Implementation of AS2 protocol in Spazio

To implement the AS2 protocol, Spazio MFT/S uses a library created by
/nSoftware, a company certified by the Drummond Group for inter-product
compatibility, precisely for the AS2 protocol.
By using this certified library Spazio MFT/S guarantees that it is
interoperable with all other AS2 protocols certified by the Drummond Group.
1.4.2 Understanding AS2 Connector components

The Spazio MFT/S AS2 Connector module consists of the following
elements:
Master Push Client
File Server
MDN Receiver
RDBMS storage
Master Push Client

The Master Push scenario of the AS2 Connector is based on a set of different
elements:
Client for sending the files and receiving the synchronous MDN
HTTP/S Server for receiving asynchronous HTTP or HTTPS MDN, called
MDN Receiver.
This module task is to extract a file from a Spazio remote queue and submit it
to a remote AS2 server.
The current implementation supports only single file sending, not the
Multiple Attach Optional Profile.
This module is based on the /nSoftware AS2 component, integrating it into
the SPXP environment.
It uses a RDBMS to store the information for the asynchronous MDN
reconciliation.
In the current release, the MDNs received in reply to the files sent can be
optionally stored in a Spazio local queue.
6 EMAFTM091/06
File Server and MDN Receiver

Both the server and the client architecture require the embedding of an HTTP
server in our product:
in the server because the whole protocol is based on the idea of an HTTP
server receiving messages
in the client because of the asynchronous MDN reception feature.
The File Server and the MDN Receiver are both HTTP/S servers, and could
be a customer requirement that both of them work on the same port. So the
system is designed to be able to:
Do not have any HTTP/S server active
Have only one HTTP/S server acting as both File Server and MDN
Receiver
Have one or more File Servers and one or more MDN Receivers active on
different ports
Have one or more File Servers and no MDN Receivers active
Have no File Servers and one or more MDN Receivers active.
If the customer requires multiple File Server and/or MDN Receiver to be

active in the single Spazio environment multiple SPXP AS2 Server will be
configured.
AS2 MDN Receiver

The standard architecture assumes that this AS2 HTTP/S Server is hosted
behind the inner DMZ firewall to ensure high security.
The AS2 MDN Receiver is optionally capable of storing received MDNs in a
Spazio local queue.
The MDN Receiver stores information about the sent messages and files, for
the Reliability implementation in a persistence structure.
AS2 File Server

AS2 File Server is an HTTP/S server listening for connections from remote
clients and processing their request.
The standard architecture assumes that AS2 HTTP/HTTPS Server will be
hosted embedded into Spazio MFT/S, possibly behind the inner DMZ
firewall.
The above assumption enables the AS2 HTTP/S Server to put the received
files directly into Spazio MFT/S queue.
As for the Master Push HTTP Server component, a Servlet container is
installed within Spazio MFT/S in order to implement all the needed HTTP/S
Server functionality.
Since both Master Push HTTP Server (MDN Receiver) and Server Transport
(File Server) could be operating on the same port, they are both part of the
same deployment.
EMAFTM091/06 7
The Embedded HTTP/S Servlet Container where AS2 File Server executes is
the same from the one used for the Master Push HTTP Server (MDN
Receiver) component, but different servlets are implementing the two
components since different behaviors are request.
The File Servers are capable of storing received files in a single default Spazio
queue, or can alternatively use multiple queues, dispatching received files
based on the field AS2-From policy.
Even the Server Transport needs to store information about the incoming
messages, for the Reliability implementation in a persistence repository.
Information about partner management is stored in this repository.
RDBMS storage
Both the Master Push and the Server components need to store long term
information on the transport, in particular the following data:
Authentication, encryption and signing certificates
Reconciliation of the files sent with return MDNs, Master Push side
Sending MDNs for files processed correctly by the back office, server side
Checking of multiple sends for the AS2 Reliability profile, through history
recording of the Message-IDs and MICs (Message Integrity Check) of the
messages already received
For this purpose the Spazio AS2 connector uses a RDBMS, saving all the data
required for implementing the necessary message traffic for AS2 Reliability in
a series of tables.
1.4.3 Sending files with AS2 protocol

Sending a Spazio file to an external server using the AS2 protocol consists of
simply inserting the file in an appropriately configured remote queue.
The file, inserted directly in the remote queue on the Queue Manager to
which it belongs or routed through a series of interconnected queues, is
handled by the AS2 connector.
The connector, according to the configuration properties of the queue and
connector, prepares the AS2 envelope with all the necessary signatures and
security and opens the connection to remote AS2 server (not necessarily
Spazio).
Using this connection, the connector sends the previously enveloped file to
the remote server and, if required by the configuration, waits for the
synchronous MDN.
If an asynchronous MDN or no MDN is requested, the connector completes
its work after saving the message data in the RDBMS tables to enable
subsequent reconciliation with the MDN when this is managed by the MDN
reception servlet.
8 EMAFTM091/06
This servlet, delegated to the reception of asynchronous MDNs listens on a

specific URL and replies to the calls of remote servers, and its job is to change
the status of transports from waiting for MDN to completed when it receives an
MDN corresponding to a transport that is still on hold.
Optionally, through configuration, it is possible to store received MDNs (sync
or async) in a Spazio local queue.
The Spazio AS2 connector doesn't support the optional Multiple Attachments
profile because it process the files that it receives on the remote queue in a
serial manner, and therefore it is not able to group multiple files and send
them as a single AS2 message (check the MA profile).
1.4.4 Retrieving files as AS2 server

When Spazio works as an AS2 server, the Spazio AS2 connector instantiates a
HTTP/S server that listens on a specific URL waiting for AS2 messages
containing files.
An AS2 server is a completely passive component which can never initiate
communications with the client.
When a message arrives it is opened, interpreted and verified, and finally the
file (or files in the case of Multiple Attachments) is inserted in the associated
Spazio queue.
Each server instance can store incoming file(s) selecting the destination queue
based on the AS2-From field of the received AS2 envelope or in the default
queue for that server.
A message is verified on the basis of the certificates available on the Server
and which correspond to the sender message, certificates that are managed in
such a way as to allow the use of multiple certificates for the same user that
have distinct application validity (and, most importantly, not corresponding
to intrinsic validity restrictions of the certificate itself) in order to guarantee a
CEM Level 1 profile.
In addition, the Server saves all the information in the RDBMS tables that is
necessary for recognizing possible multiple sends of the same message, and
discarding any messages whose MIC (Message Integrity Code) or Message-ID
is already present in the DB, thereby partially implementing the optional AS2
Reliability profile.
Depending on which request options are provided by the client through the
envelope parameters, the Server will send an appropriately configured MDN
back to the client - especially regarding asynchronous or synchronous mode -
via HTTP/S or SMTP.
EMAFTM091/06 9
1.4.5 Spazio Security and AS2 Connector

Spazio security is implemented through the DSSP system, and therefore the
AS2 connector uses and integrates with this component.
The AS2 protocol supports the following security features:
Authentication using tokens and certificates
Digital signature for files and messages
Encryption
The DSSP component provides services that implement these functions, and
the AS2 connector invokes those services with the necessary parameters,
obtained from the configuration files and in the dedicated RDBMS tables for
partner profiling.
In fact, DSSP provides a certificate storage system, but in order to determine

which particular certificate corresponds to the counterpart with which
communication is taking place, and above all which of all those belonging the
counterpart is to be used at that precise moment, the AS2 connector makes
use of a catalog of the partners and certificates that is managed in the
RDBMS.
Using accessory information stored in the tables of the RDBMS the connector
is able to identify which of the various counterpart's certificates to use, both
to verify a message containing a file arriving at the server and to validate a
MDN in reply to the send.
1.4.6 Spazio AS2 Connector DB

The Spazio Connector for AS2 uses a RDBMS for storing long term
information for the management of the MDNs and the management of the
partner profiles.
Since it is developed in Java technology, the AS2 Connector uses the JDBC
standard for accessing the data stored in a DB, and can therefore theoretically
use any RDBMS.
To simplify installation and configuration, the AS2 Connector is released with
its own embedded RDBMS, which allows the creation of a Spazio MFT/S
solution with AS2 without having to install any additional RDBMS.
1.4.7 Implementation of the AS2 CEM protocol in Spazio

The CEM protocol allows a company to automatically share a replacement
certificate with their trading partners.
Terminology
CEMRequest
The EDIINT Certificate Exchange Messaging (CEM) Request is one of two
possible CEM messages. It presents a certificate to be introduced into the
trading partner relationship along with relevant information on how it is
to be implemented.
10 EMAFTM091/06
CEMResponse
The EDIINT Certificate Exchange Messaging (CEM) Response is one of
two possible CEM messages. It is the response to the CEM Request
indicating whether or not the end entity certificate present in the CEM
Request was accepted.
Certificate States
PENDING
Upon receiving a certificate from a trading partner, the certificate is
marked as PENDING until a decision can be made to trust it or if its
validity period has not yet begun.
REJECTED
If a pending certificate is not trusted, it is considered REJECTED.
ACCEPTED
Once a pending certificate has been trusted, it is considered ACCEPTED.
An accepted certificate may be used in secure transactions.
The AS2CEM command line has been introduced to manage the CEM
request/response functionality in Spazio MFT/S.
In addition, the AS2 server is able to receive CEM messages from the
counterpart at the following URLs:
http://SpazioAs2Server:8010/receiver?type=CEMRequest
http://SpazioAs2Server:8010/receiver?type=CEMResponse
Where server name, server port and servlet name are configurable through
properties; only the sentences ?type=CEMRequest or ?type=CEMResponse are
mandatory.
Received CEM messages are notified through an e-mail to the configured
account and the details are displayed using the AS2CEM LIST command.
Because of the number of parameters required by the AS2CEM command, it
is possible to use a mixed method of function configuration, based on
command-line parameters and property file parameters.
Sent and received CEM messages are stored in the Spazio AS2 database, to
keep track of the various CEM operations.
How to send a CEMRequest

Once a new certificate is ready to be used it has to be sent to the counterpart;
this operation can be done by sending a CEMRequest with the AS2CEM
REQUEST command.
AS2CEM REQUEST
AS2CemRequest
Usage:
AS2CemRequest -flag Value
-r RequestId The RequestId of the outgoing CEMRequest
-f From The As2From identifier
-t To The As2To identifier
EMAFTM091/06 11
-R RespondDate Date limit for CEMRequest expiration, in the format YYYY-MM-DD

-p CertPath Absolute path to the certificate (one ormore delimited by ;)
-U ResponseUrl URL where the counterpart must send theCEMResponse
-u Url Counterpart URL where the CEMRequest is to be sent
-T TransportDomain AS2 Transport Domain
-N Name SpazioAS2 configuration property name
-d DatabaseUrl SpazioAS2 database URL
-D DatabaseDriver SpazioAS2 database driver
-l LogPath Logfile directory
-c ConfigFile CEMRequest configuration property filepath
AS2 jar version : 9.0.0.5365

... all done
The above parameters can be provided either by the command line or by a

specific property file (there is a CemRequest.properties.sample file in the
$SPAZIO/cfg folder).
Command-line parameters take priority over property file properties.
Description
Flag/Property name Description / Value

-r / REQUEST_ID The RequestId of the outgoing CEMRequest.
It must be a unique identifier for the same
couple of FROM - TO fields.
-f / FROM The As2From identifier.
-t / TO The As2To identifier.
-R / RESPOND_DATE Limit date for CEMRequest expiration, in the
format YYYY-MM-DD.
If omitted the default is 30 days from the
CEMRequest submit date.
-p / CERT_PATH Absolute path to the certificate (one or more
delimited by ";").
-U / RESPONSE_URL The URL where the counterpart must send
the CEMResponse.
-u / URL The counterpart URL where the current
CEMRequest is to be sent.
-T / TRANSPORT_DOMAIN The AS2 Transport Domain (see
spazio.as2.properties).
e.g. if your spazio.as2.properties contains the
following for your counterpart:
AS2Master.Target[AS2QM].TRANSPORT
_DOMAIN=TestDomain
you must use the value TestDomain.
-N / NAME The SpazioAS2 configuration property name
(see spazio.as2.properties).
e.g. if your spazio.as2.properties contains the
_DOMAIN=TestDomain
the NAME will be AS2QM.
-d / DB_URL The SpazioAS2 database URL.
12 EMAFTM091/06
Flag/Property name Description / Value

-D / DB_DRIVER The SpazioAS2 database driver.
-l / LOG_DIR The full filesystem path for operation logs.
For path separator use slash "/" instead of
backslash "\".
-c The full filesystem path for the configuration
property file.
(For path separator use slash "/" instead of
backslash "\".

The following example illustrates a sample CEMRequest sent to the

counterpart with the command:
AS2CEM REQUEST -c $SPAZIO/cfg/CemRequest.properties.sample
using values from the following property file:

REQUEST_ID=RequestId001
FROM=SpazioAS2
TO=CounterpartAS2
RESPOND_DATE=
CERT_PATH=C:/SpazioAS2/Certs/NewCertificate001.cer
RESPONSE_URL=http://SpazioAs2Server:8010/receiver?type=CEMResponse
URL=http://CounterpartAs2Server:8080/receiver?type=CEMRequest
DB_URL=jdbc:h2:tcp://localhost:9092/C:/spazio/spdata/spfab/persistent/
system/h2/as2data
DB_DRIVER=org.h2.Driver
TRANSPORT_DOMAIN=TestDomain
NAME=AS2QM
LOG_DIR=C:/Tmp
The command sends a CEMRequest named RequestId001 to CounterpartAS2 at

the URL http://CounterpartAs2Server:8080/receiver with the certificate
C:/SpazioAS2/Certs/NewCertificate001.cer.
The reply is expected at the URL
http://SpazioAs2Server:8010/receiver?type=CEMResponse.
A new folder will be created in the LOG_DIR directory with the name of
REQUEST_ID + FROM + TO, in our example:
C:/Tmp/RequestId001_SpazioAS2_CounterpartAS2
where a complete log set will be present.
How to send a CEMResponse

When receiving a CEMRequest from a counterpart the received certificates
are placed in the filesystem in the folder CEMCertDir under the root path
indicated by the property:
AS2Server.Source[ServerName].As2Path=C:/SpazioAs2
Then it is possible to reply with a CEMResponse message using the AS2CEM

RESPONSE command.
EMAFTM091/06 13
AS2CEM RESPONSE
AS2CemResponse
Usage:
AS2CemResponse -flag Value
-r RequestId The RequestId of the corresponding CEMRequest
-a CertAccept Acceptance for every certificate (one or more delimited by ;)
-T TransportDomain AS2 Transport Domain
-N Name SpazioAS2 configuration property name
-l LogPath Logfile directory
-c ConfigFile CEMResponse configuration property file path
... all done
The above parameters can be supplied either by the command line or by a

specific property file (there is a CemResponse.properties.sample file in the
Description
Flag / Property name Description / Value

-r / REQUEST_ID The RequestId of the corresponding
CEMRequest.
-a / CERT_ACCEPT YES to accept the certificate, NO or NO
reason to reject it (one or more delimited
by ";").
For a rejection reason there must be a blank
between NO and the reason string.
If the corresponding CEMRequest contains
more than one certificate, you can supply an
acceptance for each certificate (delimited by
";") or you can supply only one acceptance
valid for all the certificates.
-T / TRANSPORT_DOMAIN The AS2 Transport Domain (see
e.g.if your spazio.as2.properties contains the
S2Master.Target[AS2QM].TRANSPORT_
DOMAIN=TestDomain
you must use the value TestDomain.
14 EMAFTM091/06

-N / NAME The SpazioAS2 configuration property name
(see spazio.as2.properties).
e.g.
If your spazio.as2.properties contains the
_DOMAIN=TestDomain
the NAME will be AS2QM.
-l / LOG_DIR The full filesystem path for operation logs.
backslash "\".
property file.
backslash "\".
The following example illustrates a sample CEMResponse sent to the

counterpart with the command:
AS2CEM RESPONSE -c $SPAZIO/cfg/CemResponse.properties.sample
using the following property file values:

REQUEST_ID=CemRequest1
FROM=SpazioAS2
TO=CounterpartAS2
CERT_ACCEPT=YES;NO Bad certificate
DB_URL=jdbc:h2:tcp://localhost:9097/C:/spazio/spdata/spfab/
persistent/system/h2/as2data
TRANSPORT_DOMAIN=TestDomain
NAME=AS2QM
LOG_DIR=C:/Tmp
The command sends a CEMResponse named CemRequest1 to CounterpartAS2

at the URL specified in the native request received with the acceptance of the
first certificate and the rejection of the second, with the reason of Bad
certificate.
A new folder will be created in the LOG_DIR directory with the name
REQUEST_ID + FROM + TO, in our example:
C:/Tmp/CemRequest1_SpazioAS2_CounterpartAS2
where a complete log set will be present.
EMAFTM091/06 15
How to display CEM situation

CEM operation messages (request and response) are stored in the Spazio AS2
database.
The list or the details of these operations can be obtained by using the
AS2CEM LIST command.
AS2CEM LIST
AS2CemList
Usage:
AS2CemList -flag Value

-T PrintType The type of data to display
-r RequestId The RequestId of the corresponding CEMRequest
-c ConfigFile CEMList configuration property file path
-v Direction INGOING / OUTGOING
-s Status PENDING / ACCEPTED / REJECTED
-R CEMType REQUEST / RESPONSE
PrintType specification:
DETAIL Display data related to a specific
RequestId + From + To
LIST Display list of data related to a
specific From, To, CEMType,
Direction, Status

... all done

specific property file (there is a CemList.properties.sample file in the
Description


-T / PRINT_TYPE The display type.
Allowed values are: DETAIL or LIST.
CEMRequest.
-v / DIRECTION Specify the direction of the request/response.
Allowed values are: INGOING or OUTGOING.
16 EMAFTM091/06

-s / STATUS Specify the current status of the
request/response.
Allowed values are: PENDING, ACCEPTED or
REJECTED.
-R / CEMTYPE Specify the type of CEM request/response.
Allowed values are: REQUEST or RESPONSE.
property file.
backslash "\".

The following example illustrates a sample of CEM list with the command:
AS2CEM LIST-T LIST -c $SPAZIO/cfg/CemList.properties.sample

DB_URL=jdbc:h2:tcp://localhost:9097/C:/spazio/spdata/spfab/persistent/
system/h2/as2data
Note that some parameters are provided from the command line.
The output of the above command should be like the following:
-------------------------------------------------------------------------------------
14 RequestId_001 SpazioAS2CounterpartAS2 REQUEST OUTGOING ACCEPTED
CN=AS2 Test Sending Organization - 01 - [C:/spazio/CERT/client.new1.cer]
14 RequestId_001 SpazioAS2CounterpartAS2 REQUEST OUTGOING REJECTED
Bad certificate
CN=AS2 Test Receiving Organization - 01 - [C:/spazio/CERT/client.new2.cer]
15 CemRequest1 CounterpartAS2 SpazioAS2 REQUEST INGOING REJECTED
Bad certificates
CN=AS2 Test Sending Organization - 01 -
[C:\SpazioAs2\CEMCertDir\CemRequest1_0f1f46e3aa110c8c_695c73fb_1473a8559ba_-7ffe.cer]
15 CemRequest1 CounterpartAS2 SpazioAS2 REQUEST INGOING ACCEPTED
CN=AS2 Test Receiving Organization - 01 -
[C:\SpazioAs2\CEMCertDir\CemRequest1_0f1f46e3aa110c8c_695c73fb_1473a8559ba_-7ffd.cer]
-------------------------------------------------------------------------------------
... all done
The following example illustrates a sample of CEM detail list with the
command:
AS2CEM LIST -T DETAIL -r RequestId_001 -f SpazioAS2
-t CounterpartAS2
-c %SPAZIO%/cfg/CemList.properties.sample

DB_URL=jdbc:h2:tcp://localhost:9097/C:/spazio/spdata/
spfab/persistent/system/h2/as2data
Note that some parameters are supplied from the command line.
EMAFTM091/06 17
The output of the above command should be like the following:

CEM_ID ............ 14
REQUEST_ID ........ RequestId_001
AS2_FROM .......... SpazioAS2
AS2_TO ............ CounterpartAS2
CEM_TYPE .......... REQUEST
DIRECTION ......... OUTGOING
TRANSPORT_DOMAIN .. TestDomain
URL ............... http://CounterpartAS2:8010/receiver?type=CEMRequest
Number of attached certificates: 2
-------------------------------------------------------------------
Certificate n.1
STORE .......... C:/spazio/CERT/client.new1.cer
ISSUER ......... CN=AS2 Test Sending Organization
SUBJECT ........ CN=AS2 Test Sending Organization
USAGE .......... 15
SERIAL_NUMBER .. 01
RESPONDE_DATE .. 2014-08-14 00:00:00.0
RESPONSE_URL ... http://SpazioAS2:8010/receiver?type=CEMResponse
STATUS ......... ACCEPTED
REJECT_REASON ..
SUBMIT_DATE .... 2014-07-15 16:27:15.88
REPLY_DATE ..... 2014-07-15 16:28:02.52
-------------------------------------------------------------------
Certificate n.2
STORE .......... C:/spazio/CERT/client.new2.cer
ISSUER ......... CN=AS2 Test Receiving Organization
SUBJECT ........ CN=AS2 Test Receiving Organization
USAGE .......... 15
SERIAL_NUMBER .. 01
RESPONDE_DATE .. 2014-08-14 00:00:00.0
RESPONSE_URL ... http://SpazioAS2:8010/receiver?type=CEMResponse
STATUS ......... REJECTED
REJECT_REASON .. Bad certificate
SUBMIT_DATE .... 2014-07-15 16:27:15.88
REPLY_DATE ..... 2014-07-15 16:28:02.52
-------------------------------------------------------------------
... all done
How to remove CEM records from the database

It is possible to maintain the CEM operation database in order to remove
obsolete or incorrect records by using the AS2CEM DELETE command.

AS2CEM DELETE
AS2CemDelete
Remove the RequestId from AS2From to AS2To on database

Usage:
AS2CemDelete -flag Value
-r RequestId The RequestId of the outgoing

CEMRequest
-c ConfigFile CEMDelete configuration property
file path
... all done

specific property file (a CemDelete.properties.sample file is present in the
18 EMAFTM091/06
Description

CEMRequest.
property file.
backslash "\".

EMAFTM091/06 19
20 EMAFTM091/06
Chapter 2 Installation
2.1 Post installation tasks
2.1.1 Creation of working folder for Spazio MFT/S AS2 Connector

You need to create a series of directories where the Spazio AS2 connector will
save its data, temporary, logs and otherwise.
It is a good practice to create a base directory (from this point on indicated as
<SpazioAS2>), also inside the directory where Spazio MFT/S is installed.
This root directory can be used for master and server components or you can
distinguish them by setting some configurations in the spxp.as2.properties
configuration file.
Under this root path, on the first run, the Spazio AS2 Connector creates the
following sub-directory for the master side:
<SpazioAS2>/AS2ClientLogs
<SpazioAS2>/EncodeTempDir
<SpazioAS2>/ ClientRestartDir
and the following for the server side:

<SpazioAS2>/AS2ServerLogs
<SpazioAS2>/DecodeTempDir
<SpazioAS2>/IncomingDir
<SpazioAS2>/ServerRestartDir
<SpazioAS2>/CEMCertDir
If the root directory (<SpazioAS2> in this example) is not present (for the
master or the server side) the Spazio AS2 Connector will raise an error at the
first operation executed.
Afterwards you must insert the full path of the root directories created into
the previously mentioned configuration file spxp.as2.properties, under the
items:
AS2Server.Source.[Name].As2Path=
AS2Master.Target.[Name].As2Path=
EMAFTM091/06 21
Installation
2.1.2 Creation of Spazio MFT/S AS2 Connector Persistency Tables in

RDBMS
The AS2 protocol can be used for long term flows; this involves the
use of date storage for saving and retrieving the information for the
actual transport (signatures of partner's certificates, status of the
transports, MDNs and MessageIDs, etc.).
To simplify and streamline the installation of the Spazio MFT/S AS2

connector, it has been equipped with an optional embedded RDBMS.
This pure Java RDBMS embedded allows the installation of the AS2
connector for Spazio to be decoupled from an external RDBMS appropriately
sized, configured and above all accessible by Spazio.
The user is however given the choice whether or not to use this opportunity
for simplification or to use an existing external enterprise RDBMS.
The user, therefore, has two possible choices, in order of complexity:
embedded RDBMS managed via SPFAB (recommended)
embedded RDBMS managed directly by the AS2 connector
Depending on whether you wish to use SPFAB or not, the installation will
follow different paths from this point on.
Embedded RDBMS
To use the Embedded RDBMS, you need to create a new DB before activating
the AS2 connector.
The only difference in the installation of the two Embedded RDBMS usage
modes is where to create the new DB: in the address space managed by
SPFAB or in a separate directory.
In order to use the embedded RDBMS you just need to create a new empty
database into the relevant directory, and then configure the JDBC connection
parameters appropriately.
These parameters are included in the relevant section of the chapter on the
configuration of the protocol.
Embedded RDBMS managed by SPFAB (recommended)

When the embedded DB managed by SPFAB is used, you do not need to
configure any parameters because all the information for the connection is
obtained through SPFAB.
Embedded RDBMS managed by the AS2 connector

These parameters include one specifically for the embedded RDBMS when it
is not managed by the SPFAB but directly by the connector:
DBMS_H2_SERVER_PARAM=-tcpAllowOthers
22 EMAFTM091/06
Installation
This parameter specifies the start-up mode for the embedded server if it is
started up internally by Spazio. It is in fact possible to use an RDBMS external
to Spazio or delegate Spazio the task of starting the RDBMS server; in the
latter case the parameter DBMS_H2_SERVER_PARAM allows you to define the
parameters with which this embedded server is to be started up.
If there are no applications external to Spazio that use the same H2 embedded
RDBMS, you are advised to delegate the start-up and management of the
RDBMS server to Spazio SPFAB component.
Creation of the DB for AS2

The command used for the creation of a new database is AS2DB, to which a
file is passed as a parameter containing a series of SQL statements that create
and configure the various tables.
The following are the available parameters:
as2db -?
AS2DBCreator Usage:
Allowed options are:
-u Database URL
-d Database driver
-U Database user
-f SQL file path
-x Activate debugging (true/false)
-? Prints this help
... all done
In Database URL you must insert the full path for the creation of the DB,
which will be subsequently used in the settings paragraph.
The name of the DBMS must be as2data.
For the parameter -f SQL file path you need to supply the path of the
file Extended-DB-H2.sql which is located in the Spazio cfg directory.
DB creation in a user-defined directory, not using SPFAB

The following is an example of the creation of the database in a user defined
directory:
as2db -u "jdbc:h2:tcp://localhost/C:/as2/h2dbms/as2data"
-d org.h2.Driver -f %SPAZIO%/cfg/Extended-DB-H2.sql
The command must be run with Spazio stopped, to avoid interfere with the
H2 instance started by SPFAB.
DB creation using SPFAB

The following command, on the other hand, creates a new database in the
directory belonging to SPFAB:
as2db -u
"jdbc:h2:tcp://localhost:port/%SPAZIO%/spdata/spfab
/persistent/system/h2/as2data"
-d org.h2.Driver
-f %SPAZIO%/cfg/Extended-DB-H2.sql
EMAFTM091/06 23
Installation
This command must be run with Spazio started.

If the H2 database instance started by SPFAB is not using the default port
(9092), it is necessary to specify it in the command, after the localhost
definition (retrieve this information in the spfab.system.properties configuration
file in the Spazio cfg folder).
If the as2db command was successful, must be present in the specified folder
the file as2data.h2.db.
Upgrading from an older Spazio AS2 version (2.5.0):

The as2db command with Extended-DB-H2.sql, see above, creates a new
empty database.
If you are coming from an older Spazio AS2 version and want to keep the
current AS2 database, you must upgrade it with the following two
commands:
-d org.h2.Driver
-f %SPAZIO%/cfg/AddEtagField-DB-H2.sql
-d org.h2.Driver
-f %SPAZIO%/cfg/AddCemTable-DB-H2.sql
24 EMAFTM091/06
Chapter 3 Configuration Overview
3.1 Configuration files

Like other SPXP transports, an AS2 related configuration is performed mostly
in spxp.as2.properties (actually spxp.linename.properties, where linename is
the name of the JXP line instance associated to the protocol in spline.ini and
converted to lower case).
In the next few sections we will also discuss the role played in this context by
other Spazio MFT/S core configuration files such as spline.ini, sprnode.ini
and spsmon.ini.
3.2 Persistent Data Storage

As already mentioned, the AS2 protocol is often used for long term flows,
and this involves the use of tables in a database for storing and retrieving
information required by the transport, such as MDN, transport status,
fingerprint of the messages, etc.
The configuration for accessing the appropriate Data Storage is specified
through 3 parameters, one of which is specific to the H2 RDBMS in the case
where it is used in embedded mode (in other words, started up internally by
Spazio).
These parameters are replicated for the various sections of the configuration
file spxp.as2.properties in order to fine tune the configuration of the various
components, which could, for separation purposes, use different RDBMS or
RDBMS users.
If there is a single RDBMS, you are advised to use appropriate DEFAULT
sections to reduce the amount of duplicated parameters with the subsequent
risk of inconsistency when modifications are made.
The configuration parameters can be provided explicitly in the configuration
file or retrieved using SPFAB.
By default, if you do not specify any parameter relating to the management of
the AS2 database, it is assumed that SPFAB is being used.
This means the database used will be the one created in:
$SPAZIO/spdata/spfab/persistent/system/h2/as2data.h2.db
The parameters are the following (appropriately specified for the various
sections):
DBMS_SPFAB Flag to enable/disable the use of SpFab
as the manager of the connection
parameters (default = true).
If it is set to true, all the following
parameters will be ignored.
DBMS_DRIVER JDBC driver used for accessing the
RDBMS
DBMS_URL Parameters for accessing the specific DB
EMAFTM091/06 25
Configuration Overview
DBMS_H2_SERVER_PARAM Start-up parameters for the H2 server

embedded in Spazio MFT/S.
The following configuration illustrates the explicit default database

parameters, i.e. those used by all subsequently defined master push
transmissions:
## Database definition section for MASTER ...
AS2Master.Target[DEFAULT].DBMS_SPFAB=false
AS2Master.Target[DEFAULT].DBMS_DRIVER=org.h2.Driver
AS2Master.Target[DEFAULT].DBMS_URL=jdbc:h2:tcp:
//localhost/C:/as2/h2dbms/as2data;IFEXISTS=TRUE
AS2Master.Target[DEFAULT].DBMS_H2_SERVER_PARAM=-tcpAllowOthers
If, instead, you choose to use SPFAB with:

AS2Master.Target[DEFAULT].DBMS_SPFAB=true
all the other parameters are ignored.

The same parameters can be used in the Server section for the definition of the
database to be used.
Note that if no value is assigned to the parameter DBMS_SPFAB, the
connector will assume the value true by default, and will therefore access
the DB managed through SPFAB.
3.3 Enabling the SPXP AS2 transport protocol

By default JXP lines hosting SPXP protocol specific transport containers are
not started.
To enable an SPXP transport container you must create a new section in
spline.ini defining a new JXP type line; the actual SPXP protocol that will be
started is identified by the line prot() parameter.
A line section template for AS2 transport protocol can be found in the
shipped template named spline.ini.sample.as2. Here is an excerpt of this file:
[CommLine1]
Name= AS2
Type= JXP
Direction= A
Startup = 1
Trace = 3
TimeOut = 90
Param = prot(AS2)
MaxConv= 60
MaxInConv= 30
MaxOutConv= 30
Each line will be associated to a protocol specific JVM instance at runtime.

For more information on the spline.ini configuration file please refer to the
SPAZIO MFT/S for Distributed Platforms: Installation and Configuration Guide.
26 EMAFTM091/06
3.4 Configuring SPXP AS2 Spazio Server
3.4.1 Enabling server behavior

To enable server behavior in an SPXP AS2 Connector protocol instance, the
Direction property in the associated spline.ini section must be set to either
A or I.
3.4.2 Reviewing general Server settings

SPXP AS2 Connector general server settings are controlled by the
spxp.linename.properties section AS2Server.
This section contains several AS2Server.Source[PolicyId] subsections, each
of which identifies a policy that must be applied to all transfers terminating
on an AS2 Connector enabled node where Spazio MFT/S is installed.
Each name basically defines a separate http/https server started by Spazio,
on different ip ports.
Example of file receiving server

Here is the example of an AS2 server for receiving files and putting them in a
Spazio local queue.
The server respond at this address:
http://myipaddress:8010/receiver
The received files are stored in the default queue AS2TEST in DemoQm queue
manager.
AS2Server.Source[SERVERFILE].ServerPort=8010
AS2Server.Source[SERVERFILE].ConnectorType=HTTP
AS2Server.Source[SERVERFILE].As2Path=C:/SpazioAS2
AS2Server.Source[SERVERFILE].FileServletPath=/receiver
AS2Server.Source[SERVERFILE].QM=DemoQM
AS2Server.Source[SERVERFILE].Queue=AS2TEST
AS2Server.Source[SERVERFILE].QMUser=
AS2Server.Source[SERVERFILE].QMPassword=
AS2Server.Source[SERVERFILE].QMPasswordEncoded=
AS2Server.Source[SERVERFILE].MoveType=MOVE
AS2Server.Source[SERVERFILE].AsynchMdnBehaviour=DIRECT
AS2Server.Source[SERVERFILE].MdnServletPath=
AS2Server.Source[SERVERFILE].MdnOptions=
AS2Server.Source[SERVERFILE].MdnQueue=
AS2Server.Source[SERVERFILE].MdnMailServer=
AS2Server.Source[SERVERFILE].MdnMailFrom=
AS2Server.Source[SERVERFILE].MdnMailSubject=
AS2Server.Source[SERVERFILE].TRANSPORT_DOMAIN=TestDomain
AS2Server.Source[SERVERFILE].FlexFrom_1=
AS2Server.Source[SERVERFILE].FlexQueue_1=
EMAFTM091/06 27
Example of MDN receiving server

Here is the example of an AS2 MDN server for receiving asynchronous
MDNs and optionally putting them in a Spazio local queue.
The server responds at this address:
http://myipaddress:8011/mdn
If required (MdnSaved=YES), the MDNs received are stored as files in the

queue AS2MDN in queue manager DemoQm and will contain the value of the
field AS2-To in the CorrelationId.
AS2Server.Source[SERVERMDN].ServerPort=8011
AS2Server.Source[SERVERMDN].ConnectorType=HTTP
AS2Server.Source[SERVERMDN].As2Path=C:/SpazioAS2
AS2Server.Source[SERVERMDN].FileServletPath=
AS2Server.Source[SERVERMDN].QM=DemoQM
AS2Server.Source[SERVERMDN].Queue=
AS2Server.Source[SERVERMDN].QMUser=
AS2Server.Source[SERVERMDN].QMPassword=
AS2Server.Source[SERVERMDN].QMPasswordEncoded=
AS2Server.Source[SERVERMDN].MoveType=
AS2Server.Source[SERVERMDN].AsynchMdnBehaviour=
AS2Server.Source[SERVERMDN].MdnServletPath=/mdn
AS2Server.Source[SERVERMDN].MdnOptions=
AS2Server.Source[SERVERMDN].MdnSaved=YES
AS2Server.Source[SERVERMDN].MdnQueue=AS2MDN
AS2Server.Source[SERVERMDN].TRANSPORT_DOMAIN=TestDomain
3.5 Configuring Push Masters
3.5.1 Enabling Push Master behavior

To enable Push Master behavior in an SPXP AS2 Connector protocol instance,
the Direction property in the associated spline.ini section must be set to
either A or O.
3.5.2 Creating the transport class

The usual Spazio MFT/S transport class selection by the transport monitor
applies to SPXP Push Master transports; a new section like the one below
must be added to spsmon.ini:
[Class1]
ClassName = AS2
Description = AS2 Class
FTrAgentName = AS2P
ParallFTr = 4
FTrParam = MaxWaitFDNDelay(600)
The FTrParam = MaxWaitFDNDelay specifies how long the Transport

Monitor should wait for an MDN (File Delivery Notification in SPXP
terminology).
28 EMAFTM091/06
This value is expressed in minutes and accepts values from 0 to 43200,

corresponding to approximately one month; the default value for this
parameter is 0, which means wait forever.
No other SPXP specific configuration is required in spsmon.ini as long as it
includes this section and any remote queues reference the correct transport
class name.
3.5.3 Defining remote nodes

Once transport classes are correctly set up, to proceed with the definition of
an SPXP destination you must create a remote AS2 Connector node definition
in sprnode.ini that will in turn enable the creation of Spazio MFT/S remote
queues associated with the destination.
Remote node definitions must reference the correct line name created
previously.
Below is a remote node definition that can be used as a basis when creating a
new AS2 Connector destination:
[DirNode1]
NodeName = AS2NOD
NumQM = 1
QmName_1 = AS2QM
NumCommLines = 1
CLineName_1 = AS2
3.5.4 Defining remote queues

Remote queues can now be defined and associated to the correct
RemoteQMgr specified in sprnode.ini and the correct transport class
specified in spsmon.ini.
3.5.5 Reviewing Push Master general settings

SPXP AS2 Connector Push Master transports are transports that move files
from a Spazio MFT/S Queue Manager remote queue to a remote AS2 server
via AS2 Connector.
Each configured target is identified in spxp.linename.properties by a user
defined destination label that must match the name specified as RemoteQMgr
in the remote queue definition and associated definitions in sprnode.ini.
For example configuration keys for myDestination will be specified using
properties with the prefix AS2Master.Target[myDestination].*.
The configuration stanza associated with the destination named DEFAULT is
special: it contains the values that will be used at runtime for parameters not
specified in other user-defined destination specific stanzas.
NOTE: the DEFAULT section must not be removed from the configuration.
EMAFTM091/06 29
Example
A new AS2 Connector push master transport must be defined in order to
connect the queue TO.MYAS2SRV a remote queue defined on queue
manager DemoQM to a remote machine MYAS2SRV2 running an AS2
Server listening on the URL http://remotehost:8010/receiver.
Here is a walkthrough of the necessary configuration steps.
Create the remote queue TO.MYAS2SRV:
qcreate DemoQM TO.MYAS2SRV /qAS2QM /QANYNAME /xTranspClass(AS2)
The destination which corresponds to RemoteQMgr is AS2QM; for this

destination we will create a remote node definition in sprnode.ini:
[DirNodeX]
NodeName = MYAS2SRV
NumQM = 1
QmName_1 = AS2QM
NumCommLines = 1
CLineName_1 = AS2
The NodeNamevalue is not relevant for addressing and CLineName_1.

Similarly the RemoteQName(/QANYNAME) is not relevant for configuring
target destinations; any name can be used here.
Finally we create a new destination specific stanza in spxp.as2.properties for
destination AS2QM. The following is an example of how such a stanza might
appear:
AS2Master.Target[AS2QM].Enabled=true
AS2Master.Target[AS2QM].As2Path=C:/SpazioAS2
AS2Master.Target[AS2QM].URL=http://remotehost:8010/receiver
AS2Master.Target[AS2QM].SEND_TIMEOUT=60
AS2Master.Target[AS2QM].FROM=MyCompany
AS2Master.Target[AS2QM].TO=OtherCompany
AS2Master.Target[AS2QM].EDITYPE=text/plain
AS2Master.Target[AS2QM].MDN_SYNCHRO=synchronous
AS2Master.Target[AS2QM].MDN_TO=as2@MyCompany.com
AS2Master.Target[AS2QM].MDN_OPTIONS=signed-receipt-
... protocol=optional, pkcs7-signature; signed-receipt-
... micalg=optional, sha1, md5
AS2Master.Target[AS2QM].MDN_DELIVERY_URL=http://spazioas2:
... 8011/mdn
3.6 Security
The security configuration files used by the AS2 protocol are:
spxp.as2.properties
as2.ini
dstk.ini
30 EMAFTM091/06
Once the various Master and Source components have been defined in the
spxp.as2.properties file, the steps to configure security for the AS2 protocol
are:
optionally define default parameters in the dstk.ini file
define security rules in the as2.ini file
define the list of Master and Source components in as2.ini and to
associate them to the previously defined security rules.
For details of the various configurations and the meaning of the individual
parameters please refer to section 4.3 - AS2 Security Configuration.
3.6.1 AS2CL Command Reference

The AS2CL command is used to manage and maintain the certificate archive
for AS2 communications and performs the following operations:
Reads the certificate from the file
Calculates the hash of the certificate
Inserts a record in the AS2 Certificate Correlation table
Inserts the certificate in the DSSP
It can also:
List the archived certificate records and get detail on a specific entry
Remove certificate records
Update the validity date of a certificate record
The archived certificates are used by the Spazio AS2 connector in sign and/or
decrypt operations, between the local station and the various partners.
The main key to identify a certificate is the AS2_ID.
The command usage is:

AS2ManageCert
AS2ManageCert <certificate file><options>
AS2ManageCert <command><options>
Allowed commands:
LIST List all the Entries in the CEM DB
DETAIL Detail of an entry in the CEM DB ( -i ID )
DELETE Delete an entry in the CEM DB ( -i ID )
UPDATE Update an entry in the CEM DB ( -i ID -s
START_DATE -e END_DATE )
GET Dump an Entry in the CEM DB as if requested from
AS2 Transport (use t,f,k options)
Allowed options are:

-t CEM AS2 Transport Domain (default TD)
-f CEM AS2 Function (default MASTER)
-k CEM Key value (AS2_FROM or AS2_TO value)
-U CEM User
-i Record ID (for detail, delete and update)
-s validity start date in 'yyyy-MM-dd HH-mm-ss'
format(for update)
-e validity end date in 'yyyy-MM-dd HH-mm-ss'
format(for update)
-u DB Connection URL
-d DB Driver
EMAFTM091/06 31
-c Config File in the format of properties

DB_URL = DB JDBC Url
DB_DRIVER = DB JDBC Driver
TRANSPORT_DOMAIN = CEM AS2 Transport Domain
FUNCT = CEM AS2 Function
KEY = CEM AS2 Key
USER = CEM User
-x Activate debugging (true/false)
... all done
The first basic item of information you need is the AS2 database path.
Its generic format, using the SPFAB support, is formed as follow:
jdbc:h2:tcp:// host[:port]/PathToDatabase
where:
The host is normally the localhost.
The optional :port specification is needed only if the SPFAB H2 port
was not the standard port. This information can be found in the
spfab.system.properties in H2 Database Section (mod-h2.tcpPort).
PathToDatabase is the full path to the as2data.h2.db file.
For a database managed by SPFAB this value is:
$SPAZIO/spdata/spfab/persistent/system/h2/as2data
Description


-t / TRANSPORT_DOMAIN The AS2 Transport Domain (see
-f / FUNCT The role in which the certificate will be used.
Allowed values are: MASTER or SERVER.
-k / KEY The As2identifier of the partner to which the
certificate relates.
-U / USER The user that performs the operation
(optional).
-i The recordID for Detail, Update and Delete
operations.
-s The certificate validity start date, used in
Update operations. The accepted format is
yyyy-MM-dd HH-mm-ss.
-e The certificate validity end date, used in
Update operations. The accepted format is:
yyyy-MM-dd HH-mm-ss.
-u / DB_URL The full database connection URL, as shown
above.
32 EMAFTM091/06

-d / DB_DRIVER The database driver (usually
org.h2.driver).
-c The path to a configuration file, in the format
shown above.
-x Activate debug information.
Allowed values are: true or false.
An example is provided below to simply insert a new certificate into the

database, used for MASTER operation.
AS2CL.bat %SPAZIO%/SpazioAs2/CERT/as2test.cer
-k AS2-Prova_To -t TestDomain -f MASTER
-u "jdbc:h2:tcp://localhost/%SPAZIO%/
spdata/spfab/persistent/system/h2/as2data"
This command inserts the certificate as2test.cer to communicate with the

partner AS2-Prova_To for MASTER operations (send files).
NOTE: the -t DomainName parameter in the AS2CL command must match

the corresponding TRANSPORT_DOMAIN key in spxp.as2.properties.
The next example shows the command for listing all the certificates in the
database:
AS2CL.bat LIST
-u "jdbc:h2:tcp://localhost/%SPAZIO%/
spdata/spfab/persistent/system/h2/as2data"
The console output should look like this:

Certificate List:
- CEMCorrId[1] TrDom[TestDomain] Funct[MASTER]

Key[VmLinux] Start[0000-00-00] End[0000-00-00] : 1
Key[AS2_To] Start[0000-00-00] End[0000-00-00] : 2
- CEMCorrId[3] TrDom[TestDomain] Funct[SERVER]
Key[AS2_To] Start[0000-00-00] End[0000-00-00] : 3
Key[AS2_From] Start[0000-00-00] End[0000-00-00] : 4
Key[NARSIL181] Start[0000-00-00] End[0000-00-00] : 5
Key[MaxPcAS2] Start[0000-00-00] End[0000-00-00] : 6
Key[AS2_From] Start[2014-03-27 00-00-00]
End[2015-12-31 00-00-00] : 7
- CEMCorrId[15] TrDom[TestDomain] Funct[SERVER] Key[VmLinux] Start[2013-01-01 00-00-00]
End[2016-12-31 00-00-00] : 8
- CEMCorrId[16] TrDom[TestDomain] Funct[MASTER] Key[SP251WXPVM] Start[0000-00-00] End[0000-00-00] : 9
- CEMCorrId[18] TrDom[TestDomain] Funct[SERVER] Key[SP251WXPVM] Start[0000-00-00] End[0000-00-00] : 10
... all done
The index between square brackets is the RecordID of the record and is needed
for the detail/update/delete command, with the "-i" flag.
EMAFTM091/06 33
34 EMAFTM091/06
Chapter 4 Configuration Reference
4.1 Notation
For the sake of clarity, the rest of this book will assume that the default line
names will be adopted for protocol lines. Therefore, spxp.linename.properties
will actually be referred to as: spxp.as2.properties.
4.2 AS2 protocol reference (spxp.as2.properties)

spxp.as2.properties is the main SPXP configuration file for both server and
master components, the file is divided into stanzas with a prefix that
determines transport type and transport protocol.
The remainder of this section is divided into several subsections, one for each
main stanza type.
4.2.1 AS2 Connector Server Section
AS2Server.Source[DEFAULT].* prefix
This section describes the default common parameters used for setting Spazio
AS2 server side parameters. The following is an example:
AS2Server.Source[DEFAULT].DBMS_DRIVER=org.h2.Driver
AS2Server.Source[DEFAULT].DBMS_URL=
... jdbc:h2:tcp://localhost/C:/AS2dir/h2dbms/test
AS2Server.Source[DEFAULT].DBMS_H2_SERVER_PARAM=
... -tcpAllowOthers trace
Description
Properties Description / Value

DBMS_SPFAB Flag to enable/disable the use of SPFAB as
manager of the connection parameters.
Allowed values are: true (default) or false.
DBMS_DRIVER The JDBC driver of the database
DBMS_URL The URL to locate the database
DBMS_H2_SERVER_PARAM Embedded H2 DBMS start-up parameters.
EMAFTM091/06 35
Configuration Reference
AS2Server.Source[ServerName].* prefix
This multiple section describes the various Source instances of the protocol.
Here is an example of setting the values:
AS2Server.Source[SERVERFILE].ServerPort=8010
AS2Server.Source[SERVERFILE].ConnectorType=http
AS2Server.Source[SERVERFILE].As2Path=C:/SpazioAs2
AS2Server.Source[SERVERFILE].LogOptions=Status, Response, Errors
AS2Server.Source[SERVERFILE].FileServletPath=/receiver
AS2Server.Source[SERVERFILE].QM=SPXP
AS2Server.Source[SERVERFILE].QMUser=
AS2Server.Source[SERVERFILE].QMPassword=
AS2Server.Source[SERVERFILE].MoveType=COPY
AS2Server.Source[SERVERFILE].AsynchMdnBehaviour=DIRECT
AS2Server.Source[SERVERFILE].MdnServletPath=
AS2Server.Source[SERVERFILE].MdnMailServer=smtp.myorg.com
AS2Server.Source[SERVERFILE].MdnMailFrom=SpazioAS2@myorg.com
AS2Server.Source[SERVERFILE].MdnMailSubject= MDN from SpazioAS2
AS2Server.Source[SERVERFILE].TRANSPORT_DOMAIN=TestDomain
AS2Server.Source[SERVERFILE].OriginalFilename=false
AS2Server.Source[SERVERFILE].FlexFrom_1=
AS2Server.Source[SERVERFILE].FlexQueue_1=
AS2Server.Source[SERVERFILE].MdnSaved=
AS2Server.Source[SERVERFILE].MdnQueue=
AS2Server.Source[SERVERFILE].CEMMAIL_PROTOCOL=smtp
AS2Server.Source[SERVERFILE].CEMMAIL_SMTP_HOST_NAME=smtp.myorg.com
AS2Server.Source[SERVERFILE].CEMMAIL_SMTP_HOST_PORT=25
AS2Server.Source[SERVERFILE].CEMMAIL_AUTHENTICATION=true
AS2Server.Source[SERVERFILE].CEMMAIL_SMTP_AUTH_USER=myname
AS2Server.Source[SERVERFILE].CEMMAIL_SMTP_AUTH_PWD=mypassword
AS2Server.Source[SERVERFILE].CEMMAIL_TO=As2Admin@myorg.com
Description


ServerPort The HTTP port number where file receiving is
active.
ConnectorType Defines the type of server connector.
Allowed values are: HTTP (default), HTTPS.
As2Path The working root path for AS2.
LogOptions The information to be written to AS2 log files.
See the note for allowed values.
FileServletPath The servlet path where file receiving is active
(e.g. http://localhost:8010/receiver).
QM Name of the Queue Manager where files are
queued.
36 EMAFTM091/06

Queue Name of the default Queue where files are
queued.
QMUser User ID to insert the received files into Spazio
Queue Manager.
QMPassword User password to insert the received files into
Spazio Queue Manager.
MoveType Spazio move type flag.
Allowed values are: MOVE, COPY (default) and
LINK.
AsynchMdnBehaviour Asynchronous MDN type.
Allowed values are: DIRECT (default).
In DIRECT mode the MDN is sent immediately
after the file is received and stored in the
defined queue.
MdnServletPath The servlet path where MDN receiving is
active (e.g. http://localhost:8011/mdn).
MdnMailServer SMTP Server to send MDN by mail.
MdnMailFrom Mail account to be used as sender when
sending MDN by email.
MdnMailSubject Subject to be used when sending MDN by
email.
TRANSPORT_DOMAIN Certificates AS2 Transport Domain.
DBMS_SPFAB Flag to enable/disable the use of SPFAB as
manager of the connection parameters.
Allowed values are: true (default) or false.
DBMS_DRIVER The JDBC driver of the database.
DBMS_URL The URL to locate the database.
DBMS_H2_SERVER_PARAM Embedded H2 DBMS start-up parameters.
OriginalFilename Flag to manage the Spazio External filename.
Allowed values are: true or false (default).
If true, put the original file name in Spazio
External Filename.
If false or absent, put the AS2 name in Spazio
External Filename.
The default is false, for standard AS2 behavior.
FlexFrom_x Multiple queue association based on AS2-From
FlexQueue_x field, where x is from 1 to 99 (ascending and in
sequence).
See the note below for details.
EMAFTM091/06 37

MdnSaved Option to save MDNs as files in a Spazio
queue.
Allowed values: YES or NO (default).
MdnQueue Spazio queue where MDNs are saved (if
MdnSaved=YES).
CEMMAIL_PROTOCOL Mail server parameters and mail address for
CEMMAIL_SMTP_HOST_NAME CEMRequest and CEMResponse notifications.
CEMMAIL_SMTP_HOST_PORT
CEMMAIL_AUTHENTICATION
CEMMAIL_SMTP_AUTH_USER
CEMMAIL_SMTP_AUTH_PWD
CEMMAIL_TO
EnableAs2Restart If EnableAs2Restart is set to true, the server will
use the AS2Restart feature when receiving files
from a partner that supports this functionality.
If set to false, the server will not use the
AS2Restart.
Allowed values: true or false (default).

Note for LogOptions Server parameters

This parameter manages the information to be written to AS2 log files.
When specifying multiple values, include them in the same comma-separated
string (i.e. LogOptions=Status, Request, Payload).
Allowed values are:
Status
Contains information on applied security options and pass/fail status of
transmission.
Request
Contains the raw incoming request before processing.
Payload
Contains a log of the processed payload after transmission.
MDN
Contains the MDN receipt response to a request.
Errors
This is only written if an error is encountered and contains the error.
All
All of the above.
Note for FlexFrom and FlexQueue Server parameters

With these parameter you can configure an association between the sender
and the receiving Spazio queue, based on the AS2-From field of the AS2
transmission.
38 EMAFTM091/06
For example, with the following configuration:

...
AS2Server.Source[SERVERFILE].FlexFrom_1=FromCustXXX
AS2Server.Source[SERVERFILE].FlexQueue_1=QUEUE01
AS2Server.Source[SERVERFILE].FlexFrom_2=FromCustYYY
AS2Server.Source[SERVERFILE].FlexQueue_2=QUEUE02
In this scenario, files received from the server SERVERFILE with AS2-
FromFromCustXXX are placed in the Spazio queue QUEUE01.
Files received with AS2-FromFromCustYYY are placed in the Spazio queue
QUEUE02.
Files received with any other value in the AS2-From field are placed in the
default Spazio queue AS2TEST.
The fields FlexFrom_x and FlexQueue_x must both be present and filled
in correctly; otherwise the association will be discarded. If not present, only
the default Spazio queue for that server will be used.
Note for MDNs stored in Spazio queues

Normally, returned MDNs are evaluated (to establish the result of the
transmission) and then discarded by Spazio (they could be present in log
directories depending on the LogOptions setting).
If it is necessary to store these MDNs, the AS2 Connector allows you to do
this as described below:
For asynchronous MDNs, this is done by the server component of the AS2
Connector, by configuring the MdnSaved and the MdnQueue parameters
in the AS2 server properties section.
If enabled, all the MDNs received by that server will be stored in the
specified queue, identifying each MDN as a file with a CorrelationId
calculated using the AS2-To field.
For synchronous MDNs, this is done by the master component of the AS2
Connector, by configuring the SYNC_MDN_QUEUE and the
SYNC_MDN_QM parameters in the AS2 master properties section.
If these values are present, all MDNs returned from that connection will
be stored in the specified queue, identifying each MDN as a file with a
CorrelationId calculated using the AS2-To field.
4.2.2 AS2 Connector Push Sections(AS2.Target[destination].* prefix)

This set of properties is used to configure SPXP AS2 Connector Master Push
transports, i.e. transports that move files from a Spazio MFT/S Queue
Manager remote queue to a target AS2 compliant server.
Each configured target is identified with a user defined <destination> label
that must match the name specified as RemoteQMgr in the remote queue
definition and associated definitions in sprnode.ini.
EMAFTM091/06 39
The <destination> named DEFAULT is special: it contains the values that will
be used at runtime for parameters not specified in user-defined destination
specific sections.
To configure a new destination:
Create a remote queue definition
Create a remote node definition
Create a JXP transport line (if a suitable one is not available)
Create an AS2 transport class (if a suitable one is not available)
Create a new properties section by overriding one or more of the
properties provided in the default one.
The DEFAULT master section is shown below. It must be filled in properly if

no such target is provided.
AS2Master.Target[DEFAULT].Enabled=false
AS2Master.Target[DEFAULT].As2Path=C:/SpazioAs2
AS2Master.Target[DEFAULT].LogOptions=Status, Response, Errors
AS2Master.Target[DEFAULT].FROM=Default-AS2-From
AS2Master.Target[DEFAULT].TO=Default-AS2-To
AS2Master.Target[DEFAULT].URL=remote AS2 Server URL
AS2Master.Target[DEFAULT].TRANSPORT_DOMAIN=TestDomain
AS2Master.Target[DEFAULT].EDITYPE=EDI file type
AS2Master.Target[DEFAULT].DBMS_SPFAB=true
The specific section for an AS2 Master Target (AS2QM for example) is shown
below. It must be filled in to detail the specific configuration of the Target, as
long as it differs from DEFAULT one.
AS2Master.Target[AS2QM].Enabled=true
AS2Master.Target[AS2QM].FROM=AS2-From
AS2Master.Target[AS2QM].TO=AS2-To
AS2Master.Target[AS2QM].URL=remote AS2 Server URL
AS2Master.Target[AS2QM].TRANSPORT_DOMAIN=AS2Master
AS2Master.Target[AS2QM].EDITYPE=EDI file type
AS2Master.Target[AS2QM].DBMS_SPFAB=true
AS2Master.Target[AS2QM].SEND_TIMEOUT=send file timeout
AS2Master.Target[AS2QM].MESSAGE_SUBJECT=Subject for eMail
AS2Master.Target[AS2QM].MDN_SYNCHRO=synchronicity type
AS2Master.Target[AS2QM].MDN_TO=email address for SMTP MDN
AS2Master.Target[AS2QM].MDN_OPTIONS=MDN format required
AS2Master.Target[AS2QM].MDN_DELIVERY_URL=URL for MDN
DeliveryAS2Master.Target[AS2QM].SYNC_MDN_QUEUE=Queue Name
AS2Master.Target[AS2QM].SYNC_MDN_QM=QueueManager Name
AS2Master.Target[AS2QM].SYNC_MDN_QMUser=User Name
AS2Master.Target[AS2QM].SYNC_MDN_QMPassword=User Password
AS2Master.Target[AS2QM].SPProxy.Enabled=false
AS2Master.Target[AS2QM].SPProxy.Port=10810
40 EMAFTM091/06
Description


Enabled Switch to disable a definition in the properties
file without removing it. Allowed values are:
true or false.
As2Path The working root path for AS2.
LogOptions The information to be written to AS2 log files.
See the note for allowed values.
FROM The AS2 Identifier of the sending system
TO The AS2 Identifier of the receiving system
URL The URL of the remote AS2 server to post to
SEND_TIMEOUT Timeout in seconds for the submission of files.
A value of 0 means infinite wait.
During transmission of big files the connection
idle time could be very large; use a
SEND_TIMEOUT=0 to avoid timeout error.
EDITYPE The EDI message type to be sent, i.e.
application/xml.
MESSAGE_SUBJECT The e-mail subject of the MDN message
MDN_SYNCHRO The type transmission of the MDN. Allowed
values are: synchronous and asynchronous:
Value Description
synchronous MDN sent back in the same
HTTP/S session of the
message submission
asynchronous MDN sent via a new
HTTP/S session to a
specified URL
MDN_OPTIONS Used to indicate the options requested for the
MDN receipt.
If Request MDN is selected, defines a set of
protocol parameter as the MIC algorithm that is
preferred for use by the receiving party in
signing the returned receipt. Can be MD5 or
SHA1.
By default the connector will request a SIGNED
receipt, with a Received-Content-MIC value that
establishes digital non-repudiation.
If its preferred to receive an unsigned receipt set
MDN_Options to an empty string.
EMAFTM091/06 41

The default value is signed-receipt-
protocol=optional, pkcs7-signature;
signed-receipt-micalg=optional,
sha1, md5 .
MDN_TO The e-mail address for SMTP MDNs. If not
present the MDNs are not requested.
MDN_DELIVERY_URL The destination URL for reply, where the
asynchronous MDN should be sent.
This URL must correspond to an active Spazio
AS2 MDN receiver, defined in the Server section.
TRANSPORT_DOMAIN Certificates AS2 Transport Domain.
SYNC_MDN_QUEUE QueueManager and Queue where synchronous
SYNC_MDN_QM MNDs are to be stored.
SYNC_MDN_QMUser User and Password are required to access
SYNC_MDN_QMPassword secured Queue Managers.
If QM or QUEUE is empty, synchronous MDNs
are only evaluated and then discarded.
SPProxy.Enabled Switch to enable the Spazio DMZGateway proxy
support. Allowed values are: true or
false(default).
See the SPAZIO MFT/S for Distributed Platforms:
SPAZIO DMZ Gateway manual for further
details.
SPProxy.Port Port for Spazio DMZGateway proxy.
ChunkedEncoding Enables or Disables HTTP chunked encoding
(CTE) for transfers. If ChunkedEncoding is set to
true, the connector will use HTTP chunked
encoding when posting if possible. HTTP
chunked encoding allows large files to be sent in
chunks instead of all at once.
If set to false, the bean will not use HTTP
chunked encoding.
Allowed values are: true or false(default).
Use this option to send large files and if the
receiving server supports this mode.
ChunkSize Specifies the chunk size in bytes when using
chunked encoding.
This is only applicable when ChunkedEncoding
is true.
The default value is 16384.
SendContentTransfer If set to true force the sending of Content-
Encoding Transfer-Encoding header in the request.
Allowed values are: true or false(default).
42 EMAFTM091/06

EnableAs2Restart If EnableAs2Restart is set to true, the connector
will use the AS2Restart feature when sending a
file to a partner.
If set to false, the connector will not use the
AS2Restart.
Allowed values are: true or false.
The default value is false to maintain backward
compatibility with AS2 partners.
LocalAddress Source bind address for multihomed machine.

Note for LogOptions Master parameters

This parameter manages the information to be written to AS2 log files.
When specifying multiple values, include them in the same string (i.e.
LogOptions=Status, Request, Payload").
Allowed values are:
Status
Contains information on applied security options and pass/fail status of
transmissions.
Request
Contains the outgoing transmission, with applied security options.
Payload
Contains a log of unsecured payloads prior to transmission.
Response
For synchronous requests or asynchronous receipts verified, contains
MDN receipt, if sent.
For asynchronous requests, contains server acknowledgement.
ErrFile
A separate file with an .err extension is written when an error is
encountered.
All
All of the above.
4.3 AS2 security configuration

Security for the AS2 transport is defined and configured through two files:
Dstk.ini
As2.ini
The first dstk.ini file is generic for all the aspects of security managed
through the Spazio proprietary DSSP system and all the default values that
the AS2 connector will use unless they are specifically defined are configured
in this file.
EMAFTM091/06 43
The as2.ini file is specific for the AS2 connector and allows you to define in
detail the security parameters such as authentication token, keys and signing
certificates, encryption and compression protocols, and so on, for each Master
or Source instance.
This definition starts from the creation of two lists of Master ([CONNECT])
and Server ([ACCEPT]) components, in which a set of applicable security
rules is associated to each instance.
Then the parameters for the various security rules used in these lists are
configured.
This is followed by a series of steps necessary for loading the certificates and
tokens used by DSSP to perform authentication, encryption, signature and
any other security related operations.
dstk.ini configuration
This generic DSSP file contains a section for the general default parameters of
the AS2 protocol, values that will be used unless they have been redefined in
as2.ini:
[AS2]
; CryptoSystem to use for AS2 Security.
; Allowed values : JKS, PKCS12
CryptoSystem
; Name of Software Token to use for AS2 Security.

TokenName
; KeyID: signer's identifier within Token, key alias of the signing

; private key
KeyID=
; Quality of protection to be applied to outgoing AS2 messages.

; Allowed values : none,digitalSignature,encryption,compression
MessageQOP=
; Hashing algorithm for outgoing AS2 messages.

; Allowed values : SHA1,MD5
HashingAlgorithm=
;Encryption algorithm for outgoing AS2 messages.

; Allowed values 3DES,AES,AESCBC192,AESCBC256
EncryptionAlgorithm=
as2.ini configuration
; ===================================================
; The following section contains rows that associate
; Servers to a custom set of rules.
; ===================================================
[ACCEPT]
; The following section contains rows that associate
; AS2 Servers are identified by a <name> that is
; the name of a server stanza in spxp.as2.properties
; A set of rules is identified by a <ProtocolName>, a free section name in

; which default configuration parameters are overridden.
; A row in this section is written in the following way:

; <name>=ProtocolName
; ===================================================
; Following section contains rows that associate target
; ===================================================
44 EMAFTM091/06
[CONNECT]
; Target AS2 Server are identified by <name>, that is the name
; of a master stanza in spxp.as2.properties
; A set of rules is identified by a <ProtocolName>, a free section name

; in which default configuration parameters are overridden.
; A row in this section is written in the following way:

; <name>=ProtocolName
; ===================================================
; The following section name is defined in the
; CONNECT section and is associated to a target server.
; It allows you to override client Token, and other
; default configuration for all clients connecting to
; target AS2 server.
; ===================================================
[ProtocolName]
;
; DEFAULT: &AS2.CryptoSystem&
CryptoSystem=

;
; DEFAULT: &AS2.TokenName&
TokenName=
; KeyID: Signer's identifier within Token, key alias of the signing private key
;
; OPTIONAL, if Token contains a single private key/cert.
; Need to use the "Nome Alias" as reported from
; "c:\java\jdk1.6\bin\keytool -list -keystore ./as2sender.pfx -storetype pkcs12 -v"
; command
KeyID=
; Quality of protection to be applied to outgoing AS2 messages.

; Allowed values : none,digitalSignature,encryption,compression
;
; DEFAULT : &AS2.MessageQOP&
MessageQOP=
; Hashing algorithms for signature creation. Allowed values : SHA1,MD5

;
; DEFAULT : &AS2.HashingAlgorithm&
HashingAlgorithm=
;Encryption algorithm for outgoing AS2 messages.

; Allowed values : 3DES,AES,AESCBC192,AESCBC256
;
; DEFAULT : &AS2.EncryptionAlgorithm&
EncryptionAlgorithm=
; ===================================================
; The following section name is defined in the
; ACCEPT section and is associated to a target server.
; It allows you to override server Token, and related
; token parameters
; ===================================================
[ProtocolName]
;
; DEFAULT: &AS2.CryptoSystem&
CryptoSystem=

;
; DEFAULT: &AS2.TokenName&
TokenName=
; KeyID: Signer's identifier within Token, key alias of the signing private key
;
; DEFAULT: &AS2.KeyID&
; Need to use the "Nome Alias" as reported from
EMAFTM091/06 45
; "c:\java\jdk1.6\bin\keytool -list -keystore ./as2receiver.pfx -storetype pkcs12 -v"

; command
KeyID=
Sample configuration of Spazio (MASTER) client with digitalSignatureMDN

In the CONNECT section of as2.ini the following is added:
[CONNECT]
AS2QM=client
and as a result a new client section is created:

[client]
CryptoSystem=PKCS12
TokenName=C:\SpazioAS2\CERT\as2sender.pfx
KeyID=633452433461101480
MessageQOP=digitalSignature
HashingAlgorithm=SHA1
EncryptionAlgorithm=3DES
To view the data of the keystore as2sender.pfx you can use the keytool
command:
%SPAZIO%\bin\jre\bin\keytool -list -keystore
C:\SpazioAS2\CERT\as2sender.pfx -storetype pkcs12 v
which, after having inserted the corresponding password, responds with:

Insert the keystore password:
Keystore type: PKCS12
Keystore provider: SunJSSE
The keystore contains 1 entry
Alias name: 633452433461101480
Creation date: 21-Mar-2012
Item type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=AS2 Test Sending Organization
Issuing authority: CN=AS2 Test Sending Organization
Serial number: 1
Valid from: Thu May 01 18:55: 46 CEST 2008 to: Sun Apr 29
18:55: 46 CEST 2018
Certificate digital fingerprints:
MD5:
DF:8D:53:26:1C:5A:74:7B:6A:4E:72:81:29:51:9A:C3
SHA1:
30:92:1D:B4:78:82:47:C0:AF:90:F1:44:D2:6B:D7:AB:C2:D5:E2:A3
Signature algorithm name: SHA1withRSA
Version: 3
*******************************************
*******************************************
46 EMAFTM091/06
In spxp.as2.properties the item MDN_OPTIONS in the section

AS2Master.Target[...] was modified as described below:
AS2Master.Target[AS2QM].MDN_OPTIONS=signed-receipt-
protocol=pkcs7-signature; signed-receipt-micalg=sha1, md5
Inserting the client-security-token in the Spazio DSSP password database.

Use the dbputil command:
dbputil -a C:\SpazioAS2\CERT\as2sender.pfx -t PKCS12 -u Administrator
that responds with:

Adding a new password to 'c:\spazio/dssp/db.pwd' for:
Owner='Administrator'
Type ='PKCS12'
Name ='C:\SpazioAS2\CERT\as2sender.pfx'
Password: Reenter Password:
Command 'add' completed successfully
Make sure that you insert the full path of the certificate and the correct user.
If the certificate is not inserted correctly, the error is reported in the AS2
traces (spxp.as2.trace) with the following message:
##################### ERROR ######################
Digital signature certificate error :
.... StackTrace details ....
##################### ERROR ######################
To check the content of the database you can use the command:
dbputil l
that replies with:

Listing db 'c:\spazio/dssp/db.pwd' contents:
Pwd | Owner | Type | Name
----|----------------|------------|-----------------------------------
x | Administrator | PKCS12 | C:\SpazioAS2\CERT\as2sender.pfx
Command 'list' completed successfully
Loading partner certificates in the repository of AS2 and DSSP.

Use the command AS2CL:
AS2CL C:\SpazioAS2\CERT\as2receiver.cer -k AS2-To
-t TestDomain -f MASTER -u "jdbc:h2:tcp://localhost/C:/spazio/
spdata/spfab/persistent/system/h2/as2data;IFEXISTS=TRUE"
EMAFTM091/06 47
4.4 AS2 DBMS connectivity configuration

In the spxp.as2.properties file the parameters for accessing the RDBMS that is
used by the AS2 connector to store communication information must be
configured.
The parameters, as already seen in the previous sections, are:
DBMS_SPFAB Flag to enable/disable the use of SPFAB
as manager of the connection
parameters. Allowed values are: true
(default) or false.
DBMS_DRIVER JDBC driver used for accessing the
RDBMS.
DBMS_URL Parameters for accessing the specific DB
DBMS_H2_SERVER_PARAM Start-up parameters for the H2 server
embedded in Spazio MFT/S.
If the user chooses to use the H2 embedded RDBMS as made available by

SPFAB, the following values must be assigned (or you can also leave the
DBMS_SPFAB parameter undefined in order to accept the default true
value):
(spxp.as2.properties section).DBMS_SPFAB=true
If the user chooses to use the embedded RDBMS server without passing via
SPFAB, the following values must be assigned:
(spxp.as2.properties section).DBMS_SPFAB=false
(spxp.as2.properties section).DBMS_DRIVER=org.h2.Driver
(spxp.as2.properties section).DBMS_URL=jdbc:h2:tcp://localhost/C:
.. /as2/h2dbms/test;IFEXISTS=TRUE
(spxp.as2.properties section).DBMS_H2_SERVER_PARAM=-tcpAllowOthers
Where:
org.h2.Driver is the name of the standard H2 Driver
jdbc:h2:tcp specifies a TCP connection to the H2 server
//localhost/C:/as2/h2dbms/test;
specifies test as the name of the DB used, in
this case located on localhost (i.e. the same
machine on which Spazio is running) in the
folder C:/as2/h2dbms/ (obviously in a Windows
environment).
IFEXISTS=TRUE specifies that the DB is to be accessed only if
already exists and without recreating it if it
doesn't.
48 EMAFTM091/06

SPAZIO MFTS DP v2.5.1 AS2 InstConfig

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

SPAZIO MFTS DP v2.5.1 AS2 InstConfig

Încărcat de

Drepturi de autor:

Formate disponibile

SPAZIO MFT/S AS2 Connector

for Distributed Platforms

EMAFTM091/06 - October 2014

Date of issue Reference number Brief description

Copyright 2014 Primeur Ltd. All rights reserved.

Company Headquarters Local Agent

The key manuals for z/OS are:

SPAZIO MFT/S for z/OS: System Administrators Guide

SPAZIO MFT/S for z/OS: File Transport User's Guide

SPAZIO MFT/S for z/OS: Messages and Codes

SPAZIO MFT/S for z/OS: Extended Event Manager Administrator's Guide

SPAZIO MFT/S for z/OS: Application Log Administrator's Guide

The key manuals for Distributed Platforms are:

SPAZIO MFT/S for Distributed Platforms: File Transport User's Guide

The key general manuals are:

About this manual i

Table of Contents iii

Chapter 1 Overview and concepts 1

Chapter 3 Configuration Overview 25

Chapter 4 Configuration Reference 35

1.2 Introduction to AS2 protocol

Optional Profile Master (Client) Source (Server)

1.3 Function overview

1.3.1 Spazio MFT/S roles

In practice there is only one possible action in AS2: Push-based sending of a

1.3.2 Spazio MFT/S to AS2 use cases overview (Push Master)

MDNs received can be optionally saved in the Spazio MFT/S queues.

1.3.3 AS2 to Spazio MFT/S use cases overview (Server)

1.4 Architectural overview

1.4.1 Implementation of AS2 protocol in Spazio

1.4.2 Understanding AS2 Connector components

Master Push Client

File Server and MDN Receiver

If the customer requires multiple File Server and/or MDN Receiver to be

AS2 MDN Receiver

AS2 File Server

1.4.3 Sending files with AS2 protocol

This servlet, delegated to the reception of asynchronous MDNs listens on a

1.4.4 Retrieving files as AS2 server

1.4.5 Spazio Security and AS2 Connector

In fact, DSSP provides a certificate storage system, but in order to determine

1.4.6 Spazio AS2 Connector DB

1.4.7 Implementation of the AS2 CEM protocol in Spazio

How to send a CEMRequest

-R RespondDate Date limit for CEMRequest expiration, in the format YYYY-MM-DD

AS2 jar version : 9.0.0.5365

The above parameters can be provided either by the command line or by a

Flag/Property name Description / Value

Flag/Property name Description / Value

The following example illustrates a sample CEMRequest sent to the

using values from the following property file:

The command sends a CEMRequest named RequestId001 to CounterpartAS2 at

How to send a CEMResponse

Then it is possible to reply with a CEMResponse message using the AS2CEM

The above parameters can be supplied either by the command line or by a

Flag / Property name Description / Value

Flag / Property name Description / Value

The following example illustrates a sample CEMResponse sent to the

using the following property file values:

The command sends a CEMResponse named CemRequest1 to CounterpartAS2

How to display CEM situation

AS2CemList -flag Value

AS2 jar version : 9.0.0.5365