MEC AS2 seems to stop working on the message after saying:
AS2 message is encrypted.
First off I am using b25 due to the fact that I was unable to get b27 working, and my timeline is limited. If you believe this is fixed in b27, I will persue that route, but I diddn't see anything in the changelog to lead me to believe that.
The Log Entries are as follows for the message (removing AS2 mailbox names):
[Apr 17, 2009 10:04:48 AM] 200904171104022394BC3D@MailboxNameRemoved: Incoming transmission is a AS2 message, raw message size: 1.00 KB.
[Apr 17, 2009 10:04:48 AM] 200904171104022394BC3D@MailboxNameRemoved: AS2 message is encrypted.
the log ends there.
The header is as follows:
disposition-notification-options = signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha1
as2-to = ToMailboxNameRemoved
subject = EDIINTDATA Batch [#1710674]
host = as2.tomailboxnameremoved.com:8080
content-length = 1356
content-disposition = inline; filename="smime.p7m"
date = Fri, 17 Apr 2009 16:04:48 GMT
as2-version = 1.1
user-agent = iSoft Commerce Suite Server
message-id = <200904171104022394BC3D@MailboxNameRemoved>
disposition-notification-to = Fnr8SkV7
from = Fnr8SkV7
as2-from = MailboxNameRemoved
content-type = application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
The web interface monitor reports the following:
Message id: 20090417110400B4E87FB0@MailboxNameRemoved
Sender host:
Sender system: iSoft Commerce Suite Server
Original filename: --
MDN: SYNC
Signature: Unknown
Encryption: Unknown
Log:
[4/17/09 10:04:46 AM]
20090417110400B4E87FB0@MailboxNameRemoved: Incoming transmission is a AS2
message, raw message size: 1.00 KB.
[4/17/09 10:04:46 AM]
20090417110400B4E87FB0@MailboxNameRemoved: AS2 message is encrypted.
My Partner settings are as follows:
AS2 id: MailboxNameRemoved
Digital Signature algorithm: SHA-1
Message Encryption Algorithm: 3DES
Payload subject: AS2 Message
Payload content type: application/EDI-X12
Compress Outbound Messages: Unchecked
Request SYNC MDN
Shell Command on Receipt
( /opt/as2mec/hooks/partnerrecv ${filename} )
No HTTP Authentication
The Partner provided the following as a sample set of options:
Payload Type: Signed Detached Encrypted
MIME Type: Application
MIME Sub Type: EDI-X12
Compress Data: default
Exchange Certificate: X Partner Cert
Signing Certificate: X Partner Cert
Encryption Algorithm: Triple DES 168 CBC with PKCS5 padding
Signing Algorithm: SHA1
Receipt Signature Type: SHA1
Receipt Timeout: 300
Retry Interval (sec): 300
Delivery Mode: Synchronous
Receipt To Address: None provided
We have two local stations:
mycompany (the one provided by default for testing, which does seem to work)
and
the MyCompany (which is the one this was sent to)
guaging by the Local Station and Partner in the log view of the GUI. That was identified correctly.
The working environment is CentOS 5.2 x86_64 Linux.
[as2@nebula ~]$ java -version
java version "1.6.0_0"
IcedTea6 1.3.1 (6b12-Fedora-EPEL-5) Runtime Environment (build 1.6.0_0-b12)
OpenJDK 64-Bit Server VM (build 1.6.0_0-b12, mixed mode)
[as2@nebula ~]$
I had previously tried Sun Java 5 and 6 and OpenJDK seemed to work the best.
The server uses a newly compiled jar based on the 25 dir in CVS, with just a small change to allow the server to start without the GUI. (actually added it as a command line parameter) Once I get everything working, I will be sending in the patch for your perusal. =)
I hope I diddn't overwhelm you with information. =) If you have any ideas of what's going on, please let me know =).
Thanks,
Will
After a bunch of testing it appears that there are problems if the GUI is not present. I successfully transfered the AS2 file onto my desktop (which had the server running with the GUI).
Thanks,
Will
Will,
is there any hint in the log file found in the log directory?
Regards
Heller
Looking at the console.err.log file I created. I found the following.
INFO: 20090417170955A834EDC5@non-EDI_0078742000008: AS2 message is encrypted.
java.security.KeyStoreException: Uninitialized keystore
at java.security.KeyStore.getKey(KeyStore.java:777)
at de.mendelson.comm.as2.cert.CertificateManager.getPrivateKey(CertificateManager.java:79)
at de.mendelson.comm.as2.message.AS2MessagePacker.signMDN(AS2MessagePacker.java:454)
at de.mendelson.comm.as2.message.AS2MessagePacker.createMDN(AS2MessagePacker.java:153)
at de.mendelson.comm.as2.message.AS2MessagePacker.createMDNError(AS2MessagePacker.java:91)
at de.mendelson.comm.as2.server.AS2ServerRemoteImpl.computeServerSite(AS2ServerRemoteImpl.java:307)
at de.mendelson.comm.as2.server.AS2ServerRemoteImpl.execute(AS2ServerRemoteImpl.java:97)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322)
at sun.rmi.transport.Transport$1.run(Transport.java:177)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:173)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:553)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:808)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:667)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
Apr 17, 2009 6:10:15 PM de.mendelson.comm.as2.server.AS2ServerRemoteImpl computeServerSite
SEVERE: AS2ServerRemoteImpl: Uninitialized keystore
Looks like the keystore file password is kept per login in ~/.java/.userPrefs/de/mendelson/comm/as2/prefs.xml
When I uploaded to the server (that doesn't have a GUI) I didn't send that file along. Causing the server to not really know what the password to it's certificates.p12 is.
Will,
the is the file where the prefs are kept if you are using the java.util.Preferences API on linux OS. The server settings for the keystore pass/path are stored using this API in mendelson opensource AS2.
Regards
Heller
Got a new error "java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider BC" (full trace at bottom)
At this point I receive the message fully and decrypt it, but the partner does not recognize the MDN as valid.
The only error for each message is:
java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.26 for provider BC
at sun.security.jca.GetInstance.getService(GetInstance.java:87)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Signature.getInstance(Signature.java:341)
at de.mendelson.util.security.BCCryptoHelper.convertOIDToAlgorithmName(BCCryptoHelper.java:422)
at de.mendelson.comm.as2.message.AS2MessageParser.computeReceivedContentMIC(AS2MessageParser.java:278)
at de.mendelson.comm.as2.message.AS2MessageParser.createMessageFromRequest(AS2MessageParser.java:191)
at de.mendelson.comm.as2.server.AS2ServerRemoteImpl.newMessageArrived(AS2ServerRemoteImpl.java:129)
at de.mendelson.comm.as2.server.AS2ServerRemoteImpl.computeServerSite(AS2ServerRemoteImpl.java:304)
at de.mendelson.comm.as2.server.AS2ServerRemoteImpl.execute(AS2ServerRemoteImpl.java:97)
at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322)
at sun.rmi.transport.Transport$1.run(Transport.java:177)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:173)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:553)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:808)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:667)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
Ideas?
will,
this is SHA-1. Have you modified anything in the installation?
Regards
Heller
The JVM is stock from CentOS (dags and atomic's repos added)
The AS2 Server Install was customized in the following ways:
To my knowledge, none of these should interfere with algorithm's, MIBs or SHA-1 table.
I've got a massive set of patches which I plan to send in. So that you may re-use the changes as you feel fit in your products.
Let me know if any other information would be useful.
Thanks,
Will
Will,
I am sorry, if you have made a lot of modifications it is hard to help you out.
Regards
Heller
I'll see about recreating the problem on a stock configuration.