iWay Service Manager > e-Business Protocol Adapters > Non-Blocking AS2 Adapter

Non-Blocking AS2 Adapter

Topics:

iWay Providers
Features
Configuring NAS2 Listeners
Configuring Emit Services
Configuring S/MIME Packer and Un-Packer Services
Configuring MDNSendNow Services

The Non-Block AS2 (NAS2) adapter is a new nonblocking AS2 with improved performance, connection management, and various other security features.

The NAS2 adapter provides extensive flexibility by exposing an array of configurable parameters for the security providers, Message Disposition Notification (MDN) handling, CRL checking, and so on. The following sections describe some of the features that have been added as part of the improvement to the NAS2 adapter.

iWay Providers

You can configure multiple security providers and use them as named providers as part of the NAS2 configuration. For more information on configuring security providers, see the iWay Service Manager User’s Guide.

KeyStore Provider
You can configure multiple KeyStore providers which can be used as keystores or truststores by the NAS2 adapter.
SSL Context Provider
You can configure multiple SSL Context providers and refer to one of them by name in the NAS2 adapter. This simplifies the SSL configuration by grouping all SSL parameters in one place. The SSL Context Provider simplifies the SSL configuration further by referring, by name, to previously configured keystore and certstore providers.
Directory CertStore Provider
This provider can be configured to point to a file system directory where peer certificates and CRLs are stored in files. You can configure multiple Directory Certstore providers and refer to them in the NAS2 adapter. CertStores are used to complete certificate chains and to retrieve CRLs during certificate verification.
Directory Provider
Can be configured to point to an LDAP system which can be used as a named certstore provider in the NAS2 configuration.

Features

LDAP Certificate Support. Retrieval of partner certificates from the LDAP system as part of the certificate store configuration to complete the signature chain validation.
Signer Certificate Chain. Option to not include the signer certificate when sending an AS2 message or replying with an MDN. This allows the user to minimize the message size for enhanced performance.
Certificate Revocation List Checking Option. Allows the configuration of NAS2 to validate if the message being processed is signed using a revoked certificate. If the option for CRL checking is selected, it will require a configured certificate store on the NAS2 component which can point either to a list of named keystore providers, directory CertStore providers, and directory Providers (LDAP) where the revoked certificates are located.
Key Alias Selection. On the S/MIME and SSL components, new parameters are exposed, which allow the user to specify the key alias with the keystore/truststore. This allows the user to pick which key to use for various security operations, such as signatures, decryptions, and so on.
Persistent Connection Support. The NAS2 adapter supports persistent connections, which allows improved connection handling and management.
Ordering of Signature and Compression. A new feature to allow the selection of compression and signature ordering is available. Now you can configure if the message should be signed and then compressed or compressed then signed.
Delayed MDN. The NAS2 adapter also supports the new feature which is not typical to the standard AS2 processing, but allows a great degree of flexibility when it comes to MDN processing. When a message is received on the NAS2 listener, a user may configure the MDN to be delayed until the business processing of the message is completed. If the Delayed MDN option is selected, it is the responsibility of the user to invoke the corresponding MDN send service as part of the business processing that will send the MDN as requested by the originator of the message.
Safe Store for Messages. The Safe Store option on the NAS2 component will safe store the message before performing any further processing to the message. This will prevent any message loss. After the message has been processed, it will be removed from the safe store. In the event that the system goes down, all the messages in the safe store are processed after the system is back on line.
Large File Limit. The NAS2 adapter contains various internal improvements to handle large file sizes. A new option has been exposed on the NAS2 inbound processing that allows the user to limit the message size accepted by the NAS2 adapter.

Configuring NAS2 Listeners

Topics:

Prerequisites

How to:

Configure a NAS2 Listener

Reference:

NAS2 Listener Configuration Parameters
Special Registers for the NAS2 Listener

A listener is a component that is responsible for receiving inbound messages through an assigned listener protocol. After a listener is created, it must be added to an inlet configuration. An inlet will become part of the final channel configuration that will consist of an inlet, route, and an outlet. For more information on configuring channels, see the iWay Service Manager User's Guide.

Prerequisites

Before using NAS2 you must first download and extract the jar files to the proper directory.

You can download the files at: http://java.sun.com/javase/downloads/index.jsp

Once the files are downloaded, extract them to \jre\lib\security. You will have to override the jars that are currently there.

Once this is done, you are able to use NAS2.

Procedure: How to Configure a NAS2 Listener

To configure a NAS2 listener:

Ensure that iWay Service Manager is running.

On Windows, you can start iWay Service Manager by clicking Start, selecting Programs, iWay 7.0 Service Manager, and then Start Service Manager for the configuration you are currently using.

For more information on starting and stopping iWay Service Manager, see the iWay Service Manager User's Guide.
Open a browser window and point to the following URL:
```
http://host:port/ism
```
where:

host

Is the host machine on which iWay Service Manager is installed.

port

Is the port on which iWay Service Manager is listening. The default port is 9999.

On Windows, alternatively, you can click Start, select Programs, iWay 7.0 Service Manager, and then click Console.

A login dialog box opens.
Type a user name and password for the configuration you are using, and click OK.

The iWay Service Manager Administration Console opens.
Click Registry in the top pane, and then click Listeners in the left pane.

The Listeners pane opens.

The table that is provided lists all the previously configured listeners and a brief description for each.
Click Add.

The Select listener type pane opens.
Select NAS2 from the Type drop-down list and click Next.

The configuration parameters for the NAS2 listener opens.

Note: The parameters prefixed with an asterisk (*) in the listener configuration pane are required.
Provide the appropriate values for the NAS2 listener parameters.

For more information, see NAS2 Listener Configuration Parameters.
Click Next.
You are returned to the Select listener type pane.
Enter a name for the NAS2 listener and description (optional).
Click Finish.
You can now use this listener as part of your channel configuration where the business logic is applied to the received messages.

Reference: NAS2 Listener Configuration Parameters

The following table lists and describes parameters for the NAS2 listener.

Parameter	Description
General Properties
Authentication Scheme	The scheme to apply when authenticating HTTP requests.
Authentication Realm	If authentication is required, then the name of the configured Realm provider is used.
Request Header Namespace	The special register namespace to which HTTP headers from the incoming requests are saved. The Default Namespace option creates HDR type special registers without a namespace prefix.
Response Header Namespace	The special register namespace from which HTTP headers for the outgoing response are taken. The Default Namespace option sends HDR type registers with no namespace prefix. If None is selected, then no special registers are sent as HTTP headers.
Response Main Part Header Namespace	The special register namespace from which MIME headers for the outgoing response are taken. Provide a prefix to control the response Main BodyPart headers in the presence of attachments. Selecting none means that no special registers are sent as MIME headers.
Excluded Headers	A comma delimited list (case insensitive) of headers that should are not sent with the response, even if they are found in the response header namespace.
HTTP Response Code	An HTTP status code to send when there is no MDN response. This parameter will be evaluated and you can prefix run time functions with a backtick to defer its evaluation until emit time. The usual successful status code is 204, but you can use this parameter to return an HTTP error instead.
Use Safestore?	If set to true, the listener persists incoming messages after handling any protocol-related packaging. Messages are removed from the safestore upon completion of processing or on error if the HTTP response has not yet been returned to the client. Messages remaining in the safestore are processed at listener startup.
Maximum Request Entity Size	When a request is received that is larger than the maximum, the listener will return a 413 HTTP status code and close the connection. Leave this field blank or set a value of zero to have no maximum size limit. The default value is 256KB.
Compress Response	If set to true, the response is compressed with gzip or deflate compression when the client indicates that it can accept compressed transfer encoding.
IP Properties
Port	The TCP port for receipt of HTTP requests.
Local bind address	The local bind address for multi-homed hosts. This parameter value is usually not specified.
Persistence	If set to true, the connection is maintained when the client requests to do so. Otherwise, the connection is closed.
Maximum Connections	This parameter defines the maximum number of simultaneous connections that are allowed. When this threshold is reached, new connections are not accepted until the current connections are closed and the total number of connections is below the limit. Leave this field blank (default) or set a value of zero to have no maximum limit of connections.
Persistence Timeout value in Minutes	The maximum length of time that a connection can persist with no activity.
Set Response NoDelay	If set to true, it disables the Nagle Algorithm on the response. This will result in a faster line turnaround at the expense of an increased number of packets.
Reuse Address	If set to true, when a connection is closed, it immediately makes the address available, bypassing TCP defaults.
Allowable Clients	If supplied, then only messages from this list of fully qualified host names and/or IP addresses are accepted. Accepts comma-separated list or use the FILE() function.
Secure Connection (SSL)
Secure Connection	If set to true, a connection over HTTPS is made.
SSL Context Provider	The named iWay Security provider for SSL Context.
S/MIME
S/MIME Keystore Provider	The name of an iWay KeyStore provider used to decrypt incoming messages and sign receipts.
S/MIME Truststore Provider	The name of an iWay KeyStore provider containing the S/MIME certificate authorities.
S/MIME Certificate Store Providers	The Comma-separated list of Keystore, Directory Certstore or LDAP providers for the certificate stores used to complete signer certificate chains when the signed message contains fewer certificates than needed.
S/MIME JCE Cryptography Provider	The JCE provider for S/MIME cryptography services.
S/MIME PKIX JCE Provider	The JCE provider for S/MIME PKIX services.
S/MIME Decryption Key Alias	The private key alias used to decrypt incoming messages.
S/MIME Decryption Key Password	The password for the Description Private key. If left blank, then the password for accessing the keystore is used.
Enforce KeyUsage Extension	If set to true, verify certificates used for signing allow the digital signature KeyUsage extension, and certificates used for encryption allow the keyEncipherment KeyUsage extension.
Enable Certificate Revocation	If set to true, use the CRLs from the CertStores to check whether the certificate signer has been revoked.
Unrecognized Certs Location	The directory to store unrecognized certificates found in S/MIME messages.
Payload Header Namespace	The special register namespace to which any headers on the extracted body part are stored as HDR registers. If no value is supplied, then the body part headers are saved in the default namespace.
Keep Message Flat	If set to true, the body of the message will be kept as an array of bytes.
MDN (Receipt)
Delayed MDN	If set to true, MDN is delayed until after the request is processed. If specified as delayed, then the MDN must be sent from the process that handles this message. Failure to do so will result in an HTTP204.
MDN Header Namespace	A special register namespace from which MIME headers for the multipart/report entity is taken. This namespace is different than the Response Header Namespace when the MDN is wrapped by an external signature. The default value is mdnhdr.
MDN Field Namespace	A special register namespace where special registers are used to override or add MDN field values. The default value is mdn.
MDN Reporting User Agent	The value of the Reporting-UA field in the MDN. The default value is AS2 Server.
SMTP Host	The host name of the SMTP server. Used for asynchronous MDN through email.
SMTP User	The user name to access SMTP server.
SMTP Password	The password to access SMTP server.
From	The email address used in the From field of the receipt message.
HTTP Client Provider	The HTTP Client provider that manages outgoing connections for asynchronous MSNs.
HTTP Version for Asynchronous MDN	The HTTP Version used to send asynchronous MDNs over HTTP or HTTPS.
Compress Asynchronous MDN	If set to true, asynchronous MDNs over HTTP or HTTPS are compressed using one of the following encoding options: deflate {deflate} gzip {gzip} none {none} The content-encoding header is set accordingly.
MDN S/MIME Keystore Provider	The provider for the keystore used to sign receipts. Defaults to the value assigned to the S/MIME Keystore Provider.
MDN S/MIME JCE Cryptography provider	The JCE Provider for MDN S/MIME cryptography service. Defaults to the value assigned to the S/MIME JCE Provider.
MDN S/MIME Signature Key Alias	The private key alias used to sign receipts.
MDN S/MIME Signature Key password	The password for signature private key. Defaults to password for accessing the keystore.
Include Certificate Chain	Determines how much of the signer certificate chain is included in a signed receipt. Options include: Complete Certificate Chain Signer Certificate only No Certificates
Other
Optimize Favoring	The selection of memory is useful for large input documents.
Multithreading	The number of documents that can be processed in parallel.
Execution Time Limit	The time limit for document execution (in seconds) before it is terminated.
Default Java File Encoding	The default encoding if incoming message is not self-declaring.
Agent Precedence	The changes in order by which iSM selects agents. This is normally set to Document overrides listener.
Always reply to listener default	If set to true, the default reply definition is used in addition to defined replies.
Error Documents treated normally	If set to true, error documents are processed by any configured pre-emitters.
Listener is Transaction Manager	If set to true, agents run within a local transaction managed by the listener.
Record in Activity Log(s)	If set to true, activity on this channel will be recorded in the activity logs. If set to false, the activity will not be recorded.

Reference: Special Registers for the NAS2 Listener

The following table lists and describes the special registers for the NAS2 listener.

Special Register	Level	Description
...	Header	Each header value from the message.
action	Document	The action field of the post.
as2from	Document	The AS2-From header.
as2to	Document	The AS2-To header.
asxDocType	Document	The payload for an AS2 request or MDN for a receipt.
dispositionFileName	Header	The FileName parameter extracted from the Content-Disposition header.
ip	System	The IP of the sending system.
iwayconfig	System	The current active configuration name.
mdnDisposition	Document	The field extracted from the received MDN.
mdnFinalRecipient	Document	The field extracted from the received MDN.
mdnOriginalMessageId	Document	The field extracted from the received MDN.
mdnOriginalRecipient	Document	The field extracted from the received MDN.
mdnReceivedContentMIC	Document	The field extracted from the received MDN.
mdnReportingUA	Document	The field extracted from the received MDN.
mdnRequested	Document	If set to true, a receipt is requested. If set to false, no receipt is requested.
mdnSent	Document	If set to true, the MDN was already sent. If it is set to false, the MDN was not sent.
msgsize	Document	The physical length of the message payload.
name	System	The assigned name of the master (listener).
protocol	System	The protocol on which the message was received.
requestType	Header	The type of HTTP request (GET, POST, or HEAD).
smime_compressed	Document	If set to true the S/MIME message is compressed. If set to false, the message is not compressed.
smime_encrypted	Document	If set to true the S/MIME message is encrypted. If set to false, the message is not encrypted.
smime_error	Document	The error message that can be used when sending an MDN.
smime_error_diag	Document	The error diagnostic message that can be used when sending an MDN.
smime_mic	Document	The message Identification Code extracted from the S/MIME message
smime_signed	Document	The unsigned, embedded or external depending on the S/MIME packaging that was used.
smime_signer	Document	The Distinguished Name from the Signer certificate.
smime_signer_cn	Document	Common Name (CN) extracted from the Signer certificate.
smime_signing_time	Document	Signing time extracted from the S/MIME signed attributes.
source	Document	The host name of the sending system.
url	Header	The full URL of the HTTP request (GET, POST, or HEAD).
tid	Document	Unique transaction ID.

Configuring Emit Services

Topics:

Available Response Edges for NAS2Emit Agent

How to:

Configure an AS2 Nonblocking Emit Service

Reference:

AS2 Nonblocking Emit Service Configuration Parameters

You can configure outbound processing of AS2 messages as a service that can be used within a process flow, which will become part of the route configuration or directly as a service assigned to a route. In this case, a business process can continue after an AS2 message has been sent out to the client. The following section describes how to configure an AS2 nonblocking emit service. For more information on configuring outlets and routes, see the iWay Service Manager User's Guide.

Procedure: How to Configure an AS2 Nonblocking Emit Service

To configure an AS2 nonblocking emit service:

Click Registry in the top pane, and then click Services in the left pane.

The Services pane opens.

The table that is provided lists all the previously configured services and a brief description for each.
Click Add.

The Select Service type pane opens.
Select AS2 Nonblocking Emit from the Type drop-down list.
Click Next.

The configuration parameters pane for the AS2 nonblocking emit service opens.
Provide the appropriate values for the AS2 nonblocking emit service parameters.

For more information, see AS2 Nonblocking Emit Service Configuration Parameters.
Click Next.

The name and description pane opens.
Enter a name for the service and description (optional).
Click Finish.

Reference: AS2 Nonblocking Emit Service Configuration Parameters

The following table lists and describes parameters for the AS2 nonblocking emit service.

Parameter	Description
Configuration Parameters
Destination	The URL that is used to post this information.
HTTP Client Provider	The HTTP client Provider that is used to manage connections for this emitter.
AS2-From	A textual value identifying the sender of data exchange.
AS2-To	A textual value identifying the receiver of data exchange.
Subject	Sets the Subject header.
Request Receipt	Tells the emitter to send a request for receipt in the form of a Message Disposition Notification (MDN).
Asynchronous Receipt URL	If an asynchronous receipt is requested, you must specify the URL to which the receipt should be sent. Supported values are in the form: mailto:user@host- for asynchronous receipt by email http://host[:port]/- for asynchronous receipt by HTTP https://host[:port]/- for asynchronous receipt by HTTPS
Receipt Destination	The directory to which synchronous MDNs are stored. Specific file names are optional. Use an asterisk (*) in file name to be replaced by timestamp, # by sequential counter.
Content-Type	Specifies the content-type of data that is sent. Select from the drop-down list or provide your own.
Message ID	Set this to control the emitted message ID. Usually this is left blank to let the system generate a unique ID meeting the requirements of RFC 822. Use this only to override the default. This is not recommended.
Content Disposition	The file name to put in the Content-Disposition header value.
User ID	The user ID for Basic Authentication challenges.
Password	The password for Basic Authentication challenges.
Domain	The domain for NTLM authentication challenges. Note that to use NTLM, you must enable connection persistence.
Request Header Namespace	The special register namespace from which HTTP headers for the outgoing request will be taken. Default Namespace to send HDR type registers Supply a namespace prefix here to indicate which headers to send None means that no special registers will be sent as HTTP headers.
Request Main Part Header Namespace	The special register namespace from which MIME headers for the outgoing request are taken. Provide a prefix to control the request Main BodyPart headers in the presence of attachments. Selecting none means that no special registers will be sent as MIME headers.
Response Header Namespace	The special register namespace to which HTTP headers for the incoming response are saved. Default Namespace to create special registers with no namespace Supply a namespace prefix here to indicate header namespace
MDN Header Namespace	The special register namespace into which MIME headers of the multipart/report entity will be saved. This namespace is ignored if the MDN is unsigned since all headers will be in the Response Header Namespace.
MDN Field Namespace	The special register namespace into which MDN fields are saved.
Excluded Headers	A comma delimited list (case-insensitive) of headers that should not be sent with the request, even if they are found in the request header namespace.
Ask for Compressed Response	If set to true, the requests will set the Accept-Encoding header to indicate that the client can accept a compressed response, as described in RFC-2616. If the response has a compressed content encoding, the client will automatically inflate.
Compress Request	If set to true, the request entities will be compressed using the selected encoding and the content-encoding header are set accordingly.
Replace Connection?	If set to false, the connection will not be returned to the connection pool immediately. The identifier connection will be stored in the httpclient-key special register and the connection can be handled by the HTTP Client Manager agent.
Maximum HTTP Client Manager Delay	The maximum time the HTTP Client Manager can take to deal with a particular connection before it is automatically aborted. The format is [xxh][xxm]xx[s]. The default is 60 seconds.
Maximum Request Size	The maximum size, after compression, of a request entity that is sent with this emitter. 0 means no maximum and blank will default to 256KB.
Maximum Response Size	The maximum size of a response entity that is received by this emitter. 0 means no maximum and blank will default to 256KB.
Try Expect/Continue Handshake?	If checked, the client will send the HTTP Expect: 100-continue header and await HTTP 100 response before sending request body.
S/MIME
Packaging	Tells the emitter how the document should be packaged for transmission. Select from the drop-down list: Encrypted Signed Signed and Encrypted Un-encrypted
Compression	Determines when message compression should be applied. Select from the drop-down list: Compress After Signature Compress Before Signature No Compression
S/MIME Keystore Provider	The provider for the Keystore used to sign and encrypt messages.
S/MIME Truststore Provider	The provider for the Keystore containing the S/MIME Certificate Authorities.
S/MIME Certificate Store Providers	A Comma-separated list of Keystore, Directory CertStore, or LDAP providers for the certificate stores, used to complete signer certificate chains when the signed message contains fewer certificates than needed.
S/MIME JCE Cryptography Provider	The JCE Provider for S/MIME Cryptography services.
S/MIME Verification JCE Crypto Provider	The JCE Provider for S/MIME verification cryptography services. Normally left blank. Defaults to S/MIME JCE Provider.
S/MIME PKIX JCE Provider	The JCE Provider for S/MIME PKIX services. If left blank, the default JCE provider for PKIX will be used.
Recipient Public Key Alias	The alias for the recipient public key entry used for encryption.
Signature Key Alias	The alias for the private key entry used for signing.
Signature Key password	The password to access the signature private key. If left blank, the password used to access the Keystore will be used.
Digest Algorithm	The algorithm used for signing.
Encryption Algorithm	The algorithm used for encrypting.
Include Certificate Chain	Determines how much of the signer certificate chain is included in the message. Select from the drop down: Complete Certificate Chain No Certificate Signer Certificate only
Enforce KeyUsage Extension	If on, verify certificates used for signing allow the digital Signature KeyUsage extension, and certificates used for encryption allow the key Encipherment KeyUsage extension.
Enable Certificate Revocation	If set to true, this uses the CRLs from the CertStores to check whether the certificate signer has been revoked.
Unrecognized Certs Location	The directory to store unrecognized certificates found in S/MIME messages.
TCP
Persistence	If checked, ask the server to maintain the connection.
Response Timeout value in seconds	The seconds to wait for response before signaling error.

Available Response Edges for NAS2Emit Agent

When you connect the NAS2EmitAgent object to an End object using the OnCustom build relation in a process flow, the available line edges are provided in the Line Configuration dialog box.

The following table lists and describes the available line edges for the NAS2EmitAgent object.

Line Edge	Description
OnError	Error
OnSuccess	Success
OnFailure	Failure
fail_connect	fail_connect
fail_info	fail_info
fail_redirection	fail_redirection
fail_client	fail_client
fail_server	fail_server
fail_operation	fail_operation
fail_parse	fail_parse
fail_unsigned	fail_unsigned

Configuring S/MIME Packer and Un-Packer Services

Topics:

S/MIME Packer Service
Available Response Edges for SMIMEPackerAgent
S/MIME Un-Packer Service
Available Response Edges for SMIMEUnpackerAgent

The S/MIME packer service and corresponding S/MIME un-packer service are two new services that are available in the NAS2 adapter configuration. These services allow you to securely exchange information using the S/MIME format through any protocol. Using these services enable you to receive a payload from any source and package it into an S/MIME message that can be sent through any supported protocol. On the receiving side, you can use the S/MIME un-packer service to validate and verify the received message and unpack it.

Note: Since an unencrypted S/MIME packaged message is the same as a MIME message, the S/MIME packer and un-packer services can process MIME and S/MIME message formats. As a result, when you use the S/MIME packer service and select Un-encrypted from the Packaging drop-down list during configuration, a MIME message is generated. Similarly, the S/MIME un-packer service can process a MIME message since it is identical to the un-encrypted S/MIME message. In addition, the un-encrypted packaging for the message indicates that the message will not be signed and will always produce a document using MIME format as a result.

The S/MIME packer service allows you to send a packaged S/MIME message to any type of listener. The listener that receives the packaged S/MIME message must be able to unpack and process this package. Since an S/MIME packaged message can not be parsed by the listener and also represents a flat document, you must disable parsing for the listener. Using the iWay Service Manager Administration Console, the Accepts non-XML (flat) only parameter for the listener receiving the message must be set to true to disable parsing, as shown in the following image.

These services can be used as a stand alone service within a route configuration or as part of a process flow for more complex configuration. This process simulates the message exchange via NAS2 HTTP based adapter, but allows you to separate the protocol part of the adapter from the message processing part. As a result, you can exchange messages via any supporting protocol, such as file, email, and so on.

S/MIME Packer Service

How to:

Configure a S/MIME Packer Service

Reference:

S/MIME Packer Service Configuration Parameters

The S/MIME packer service is configured with a special register message namespace that saves the message headers generated by the packaging process. This namespace will contain the headers for the message that will be required by the un-packer service on the receiving side to correctly unpack the S/MIME package. The S/MIME packer outputs a bytes-type XDDocument with any message headers stored in the specified message namespace. When a signed packaging is requested, for example, the output will consist of a bytes-type document that starts with the first message boundary. As with the AS2 emit service, another namespace can also be specified for payload headers.

Procedure: How to Configure a S/MIME Packer Service

To configure a S/MIME packer service:

Click Registry in the top pane, and then click Services in the left pane.

The Services pane opens.

The table that is provided lists all the previously configured services and a brief description for each.
Click Add.

The Select Service type pane opens.
Select SMIME Packer Agent from the Type drop-down list.
Click Next.

The configuration parameters pane for the S/MIME packer service opens.
Provide the appropriate values for the S/MIME packer service parameters.

For more information, see S/MIME Packer Service Configuration Parameters.
Click Next.

You are returned to the Select Service type pane.
Enter a name for the service and description (optional).
Click Finish.

Reference: S/MIME Packer Service Configuration Parameters

The following table lists and describes parameters for the S/MIME packer service.

Parameter	Description
Configuration Parameters
Packaging	Tells the emitter how the document should be packaged for transmission. Available options include: Encrypted Signed Signed and Encrypted Un-encrypted
Compression	Determines when message compression should be applied. Available options include: Compress After Signature Compress Before Signature No Compression
S/MIME Keystore Provider	The provider for the Keystore used to sign and encrypt messages.
S/MIME JCE Cryptography Provider	The JCE Provider for S/MIME Cryptography services.
Recipient Public Key Alias	The alias for the recipient public key entry used for encryption.
Signature Key Alias	The alias for the private key entry used for signing.
Signature Key password	The password to access the signature private key. If left blank, the password used to access the Keystore are used.
Digest Algorithm	The algorithm used for signing.
Encryption Algorithm	The algorithm used for encrypting.
Include Certificate Chain	Determines how much of the signer certificate chain is included in the message. Select from the drop-down list: Complete Certificate Chain No Certificate Signer Certificate only
Enforce KeyUsage Extension	If on, verify certificates used for signing allow the digital Signature KeyUsage extension, and certificates used for encryption allow the key Encipherment KeyUsage extension.
Main
Message ID	Set this to control the emitted message ID. Usually this is left blank to let the system generate a unique ID meeting the requirements of RFC 822. Use this only to override the default. This is not recommended.
Content-Type	Specifies the content-type of data to be send. Select from drop down or provider your own.
Content Disposition	The file name to put in the Content-Disposition header value.
Header Management
Payload Header Namespace	The special register namespace from which additional MIME headers for the payload are taken. If not supplied, no MIME headers are added beyond the content headers generated by the packaging process.
Message Header Namespace	The special register namespace to which message headers generated by the S/MIME packaging process are stored. If not supplied, message headers are saved in the default namespace.

Available Response Edges for SMIMEPackerAgent

When you connect the SMIMEPackerAgent object to an End object using the OnCustom build relation in a process flow, the available line edges are provided in the Line Configuration dialog box.

The following table lists and describes the available line edges for the SMIMEPackerAgent object.

Line Edge	Description
OnError	Error
OnSuccess	Success
OnFailure	Failure
fail_smime	fail_smime

S/MIME Un-Packer Service

How to:

Configure a S/MIME Un-Packer Service

Reference:

S/MIME Un-Packer Service Configuration Parameters

The S/MIME un-packer service expects input in the same form, which is a MIME document without message headers. This service is configured with a register message namespace where it can find the message headers, which are added back to the document before unpacking. This message namespace must match the message namespace configured for the S/MIME packer service. Output of the S/MIME un-packer service depends on the content-type of the input. Also, considering that the S/MIME package is a flat document, the listener that will accept the S/MIME message must be configured to accept flat documents.

Procedure: How to Configure a S/MIME Un-Packer Service

To configure a S/MIME un-packer service:

Click Registry in the top pane, and then click Services in the left pane.

The Services pane opens.

The table that is provided lists all the previously configured services and a brief description for each.
Click Add.

The Select Service type pane opens.
Select SMIME Unpacker Agent from the Type drop-down list.
Click Next.

The configuration parameters pane for the S/MIME un-packer service opens.
Provide the appropriate values for the S/MIME un-packer service parameters.

For more information, see S/MIME Un-Packer Service Configuration Parameters.
Click Next.

The name and description pane opens.
Enter a name for the service and description (optional).
Click Finish.

Reference: S/MIME Un-Packer Service Configuration Parameters

The following table lists and describes parameters for the S/MIME un-packer service.

Parameter	Description
Configuration Parameters
S/MIME Keystore Provider	The named iWay Security provider used to decrypt incoming messages and sign receipts.
S/MIME Truststore Provider	The named iWay Security provider containing the S/MIME certificate authorities.
S/MIME Certificate Store Provider	The comma-separated list of Keystore, Directory Certstore or LDAP providers for the certificate stores used to complete signer certificate chains when the signed message contains fewer certificates than needed.
S/MIME JCE Cryptography Provider	The JCE provider for S/MIME cryptography services.
S/MIME PKIX JCE Provider	The JCE provider for S/MIME PKIX services.
S/MIME Decryption Key Alias	The private key alias used to decrypt incoming messages.
S/MIME Decryption Key Password	The password for decrypting a private key. If left blank, the password for accessing the keystore is used.
Enforce KeyUsage Extension	If set to true, then verify the certificates used for signing allow the digital signature KeyUsage extension, and certificates used for encryption allow the keyEncipherment and KeyUsage extension.
Enable Certificate Revocation	If set to true, use the CRLs from the CertStore to check whether the certificate of the signer has been revoked.
Unrecognized Cert Location	The directory to store unrecognized certificates found in S/MIME messages.
Signature Required	If set to true, incoming documents will require a valid signature.
Error Return	This determines which document is returned when an error occurs.
Keep Message Flat	If set to true, use the body of the message as an array of bytes.
Header Management
Message Header Namespace	The special register namespace to which message headers generated by the S/MIME packaging process are stored. If it is not supplied, message headers are saved in the default namespace.
Payload Header Namespace	The special register namespace from which additional MIME headers for the payload are taken. If it is not supplied, no MIME headers are added beyond the content headers generated by the packaging process.

Available Response Edges for SMIMEUnpackerAgent

When you connect the SMIMEUnpackerAgent object to an End object using the OnCustom build relation in a process flow, the available line edges are provided in the Line Configuration dialog box.

The following table lists and describes the available line edges for the SMIMEUnpackerAgent object.

Line Edge	Description
OnError	Error
OnSuccess	Success
OnFailure	Failure
fail_operation	fail_operation
fail_unsigned	fail_unsigned
fail_smime	fail_smime

Configuring MDNSendNow Services

Topics:

Overview

The MDNSendNow service is a new service that is available in the NAS2 adapter configuration.

Overview

Topics:

HTTP Header Fields
Human Part Fields
Machine Part Fields
MDN Human Readable Part
Machine Readable Part

The following MDN elements are associated and described in this section:

Reqns. The Request Header namespace.
Respns. The Response Header namespace.
Mdnns. The MDN Field namespace.

You can override the Comment to augment the human part with additional text. Custom HTTP headers are special registers of type HDR in the Response Header namespace. Extension fields in the machine readable part are special registers of any type in the MDN field namespace, but the name must start with X- or x-.

HTTP Header Fields

AS2-From	reqns.AS2-To
AS2-To	reqns.AS-From
AS2-Version	'1.1'
Message-ID	uniquely generated

Human Part Fields

MessageID	reqns.AS2-To
From	reqns.From
To	reqns.To
Sent on	reqns.Date
Subject	reqns.Subject
Status	tail of Disposition
Error	mdnns.Error if present
Warning	mdnns.Warning if present
Failure	mdnns.Failture if present
Comment	mdnns.Comment or else default message

Machine Part Fields

Reporting-UA	Reporting User Agent parameter
Original-Recipient	reqns.To
Final-Recipient	reqns.To
Original-Message-ID	reqns.Message-ID
Received-Content-MIC	calculated MIC if available
Disposition	mdnns.Disposition or else based on Error, Warning, or Failure
Error	mdnns.Error if present
Warning	mdnns.Warning if present
Failure	mdnns.Failure if present
X-??	mdnns.X-?? if present

The MDN is formed as described in this section. Specific parameters have been modified to eliminate any limitations on field content. Fields that cannot be set based upon agent parameters can be set as described in the tables above. Currently, the use of specific special registers simplifies configuration and does not impose any functional limitations.

MDN Human Readable Part

Status now contains the tail of the Disposition. This is the Disposition-Modifier, if present, otherwise it is the Disposition-Type. As a result, Status now contains the value that used to be in the Error field.
Error field now contains the value that used to be in Detailed Error.
Detailed Error no longer exists.
There is no namespace to augment the Human Readable Part. The value of the Comment field can be overridden to add extra text. This is not a limitation, since the human readable part is unstructured.

Machine Readable Part

How to:

Configure an MDNSendNow Service

Reporting-UA is configurable as a listener parameter.
The Disposition can be overridden as one value by assigning it to the Disposition register. The format is:
```
disp-mode; disp-type[/disp-modifier[:dispdesc]]
```
If the Disposition register is absent, but the Disposition-Modifier register is assigned, the Disposition will be computed as follows:
1. The disposition mode is an automatic-action/MDN-sent-automatically.
2. The disposition modifier is specified by the register.
3. The disposition type is computed based on the first few characters of the disposition modifier.
  
  If the disposition modifier starts with a failure, the disposition type is failed, otherwise it is processed. Notice that it is possible to specify the Disposition description as the tail of the Disposition-Modifier value.
If the Disposition and Disposition-Modifier registers are absent, the Disposition is computed as follows:
1. The disposition mode is an automatic-action/ MDN-sent-automatically.
2. If the Error is assigned, the disposition modifier is processed/error.
3. If the Warning register is assigned, the modifier is processed/warning.
4. If the Failure register is assigned, the modifier is failed.
5. If Error, Warning, and Failure are absent, the modifier is processed.
The MDN Field namespace contains more than extension fields. To be recognized as an extension field, a special register in the MDN Field namespace must have a name that starts with X- or x-.

The following diagram illustrates the sender process and the resulting receiver process.

Procedure: How to Configure an MDNSendNow Service

To configure an MDNSendNow service:

Click Registry in the top pane, and then click Services in the left pane.

The Services pane opens.

The table that is provided lists all the previously configured services and a brief description for each.
Click Add.

The Select Service type pane opens.
Select AS2 Nonblocking Send MDN from the Type drop-down list.
Click Next.
Provide a name for the service and description (optional).
Click Finish.