Topics: |
The Non-Block AS2 (NAS2) adapter is a new nonblocking AS2 with improved performance, connection management, and various other security features.
The NAS2 adapter provides extensive flexibility by exposing an array of configurable parameters for the security providers, Message Disposition Notification (MDN) handling, CRL checking, and so on. The following sections describe some of the features that have been added as part of the improvement to the NAS2 adapter.
You can configure multiple security providers and use them as named providers as part of the NAS2 configuration. For more information on configuring security providers, see the iWay Service Manager User’s Guide.
You can configure multiple KeyStore providers which can be used as keystores or truststores by the NAS2 adapter.
You can configure multiple SSL Context providers and refer to one of them by name in the NAS2 adapter. This simplifies the SSL configuration by grouping all SSL parameters in one place. The SSL Context Provider simplifies the SSL configuration further by referring, by name, to previously configured keystore and certstore providers.
This provider can be configured to point to a file system directory where peer certificates and CRLs are stored in files. You can configure multiple Directory Certstore providers and refer to them in the NAS2 adapter. CertStores are used to complete certificate chains and to retrieve CRLs during certificate verification.
Can be configured to point to an LDAP system which can be used as a named certstore provider in the NAS2 configuration.
Topics: |
How to: |
Reference: |
A listener is a component that is responsible for receiving inbound messages through an assigned listener protocol. After a listener is created, it must be added to an inlet configuration. An inlet will become part of the final channel configuration that will consist of an inlet, route, and an outlet. For more information on configuring channels, see the iWay Service Manager User's Guide.
Before using NAS2 you must first download and extract the jar files to the proper directory.
You can download the files at: http://java.sun.com/javase/downloads/index.jsp
Once the files are downloaded, extract them to \jre\lib\security. You will have to override the jars that are currently there.
Once this is done, you are able to use NAS2.
To configure a NAS2 listener:
On Windows, you can start iWay Service Manager by clicking Start, selecting Programs, iWay 7.0 Service Manager, and then Start Service Manager for the configuration you are currently using.
For more information on starting and stopping iWay Service Manager, see the iWay Service Manager User's Guide.
http://host:port/ism
where:
Is the host machine on which iWay Service Manager is installed.
Is the port on which iWay Service Manager is listening. The default port is 9999.
On Windows, alternatively, you can click Start, select Programs, iWay 7.0 Service Manager, and then click Console.
A login dialog box opens.
The iWay Service Manager Administration Console opens.
The Listeners pane opens.
The table that is provided lists all the previously configured listeners and a brief description for each.
The Select listener type pane opens.
The configuration parameters for the NAS2 listener opens.
Note: The parameters prefixed with an asterisk (*) in the listener configuration pane are required.
For more information, see NAS2 Listener Configuration Parameters.
The following table lists and describes parameters for the NAS2 listener.
Parameter |
Description |
---|---|
General Properties |
|
Authentication Scheme |
The scheme to apply when authenticating HTTP requests. |
Authentication Realm |
If authentication is required, then the name of the configured Realm provider is used. |
Request Header Namespace |
The special register namespace to which HTTP headers from the incoming requests are saved. The Default Namespace option creates HDR type special registers without a namespace prefix. |
Response Header Namespace |
The special register namespace from which HTTP headers for the outgoing response are taken. The Default Namespace option sends HDR type registers with no namespace prefix. If None is selected, then no special registers are sent as HTTP headers. |
Response Main Part Header Namespace |
The special register namespace from which MIME headers for the outgoing response are taken. Provide a prefix to control the response Main BodyPart headers in the presence of attachments. Selecting none means that no special registers are sent as MIME headers. |
Excluded Headers |
A comma delimited list (case insensitive) of headers that should are not sent with the response, even if they are found in the response header namespace. |
HTTP Response Code |
An HTTP status code to send when there is no MDN response. This parameter will be evaluated and you can prefix run time functions with a backtick to defer its evaluation until emit time. The usual successful status code is 204, but you can use this parameter to return an HTTP error instead. |
Use Safestore? |
If set to true, the listener persists incoming messages after handling any protocol-related packaging. Messages are removed from the safestore upon completion of processing or on error if the HTTP response has not yet been returned to the client. Messages remaining in the safestore are processed at listener startup. |
Maximum Request Entity Size |
When a request is received that is larger than the maximum, the listener will return a 413 HTTP status code and close the connection. Leave this field blank or set a value of zero to have no maximum size limit. The default value is 256KB. |
Compress Response |
If set to true, the response is compressed with gzip or deflate compression when the client indicates that it can accept compressed transfer encoding. |
IP Properties |
|
Port |
The TCP port for receipt of HTTP requests. |
Local bind address |
The local bind address for multi-homed hosts. This parameter value is usually not specified. |
Persistence |
If set to true, the connection is maintained when the client requests to do so. Otherwise, the connection is closed. |
Maximum Connections |
This parameter defines the maximum number of simultaneous connections that are allowed. When this threshold is reached, new connections are not accepted until the current connections are closed and the total number of connections is below the limit. Leave this field blank (default) or set a value of zero to have no maximum limit of connections. |
Persistence Timeout value in Minutes |
The maximum length of time that a connection can persist with no activity. |
Set Response NoDelay |
If set to true, it disables the Nagle Algorithm on the response. This will result in a faster line turnaround at the expense of an increased number of packets. |
Reuse Address |
If set to true, when a connection is closed, it immediately makes the address available, bypassing TCP defaults. |
Allowable Clients |
If supplied, then only messages from this list of fully qualified host names and/or IP addresses are accepted. Accepts comma-separated list or use the FILE() function. |
Secure Connection (SSL) |
|
Secure Connection |
If set to true, a connection over HTTPS is made. |
SSL Context Provider |
The named iWay Security provider for SSL Context. |
S/MIME |
|
S/MIME Keystore Provider |
The name of an iWay KeyStore provider used to decrypt incoming messages and sign receipts. |
S/MIME Truststore Provider |
The name of an iWay KeyStore provider containing the S/MIME certificate authorities. |
S/MIME Certificate Store Providers |
The Comma-separated list of Keystore, Directory Certstore or LDAP providers for the certificate stores used to complete signer certificate chains when the signed message contains fewer certificates than needed. |
S/MIME JCE Cryptography Provider |
The JCE provider for S/MIME cryptography services. |
S/MIME PKIX JCE Provider |
The JCE provider for S/MIME PKIX services. |
S/MIME Decryption Key Alias |
The private key alias used to decrypt incoming messages. |
S/MIME Decryption Key Password |
The password for the Description Private key. If left blank, then the password for accessing the keystore is used. |
Enforce KeyUsage Extension |
If set to true, verify certificates used for signing allow the digital signature KeyUsage extension, and certificates used for encryption allow the keyEncipherment KeyUsage extension. |
Enable Certificate Revocation |
If set to true, use the CRLs from the CertStores to check whether the certificate signer has been revoked. |
Unrecognized Certs Location |
The directory to store unrecognized certificates found in S/MIME messages. |
Payload Header Namespace |
The special register namespace to which any headers on the extracted body part are stored as HDR registers. If no value is supplied, then the body part headers are saved in the default namespace. |
Keep Message Flat |
If set to true, the body of the message will be kept as an array of bytes. |
MDN (Receipt) |
|
Delayed MDN |
If set to true, MDN is delayed until after the request is processed. If specified as delayed, then the MDN must be sent from the process that handles this message. Failure to do so will result in an HTTP204. |
MDN Header Namespace |
A special register namespace from which MIME headers for the multipart/report entity is taken. This namespace is different than the Response Header Namespace when the MDN is wrapped by an external signature. The default value is mdnhdr. |
MDN Field Namespace |
A special register namespace where special registers are used to override or add MDN field values. The default value is mdn. |
MDN Reporting User Agent |
The value of the Reporting-UA field in the MDN. The default value is AS2 Server. |
SMTP Host |
The host name of the SMTP server. Used for asynchronous MDN through email. |
SMTP User |
The user name to access SMTP server. |
SMTP Password |
The password to access SMTP server. |
From |
The email address used in the From field of the receipt message. |
HTTP Client Provider |
The HTTP Client provider that manages outgoing connections for asynchronous MSNs. |
HTTP Version for Asynchronous MDN |
The HTTP Version used to send asynchronous MDNs over HTTP or HTTPS. |
Compress Asynchronous MDN |
If set to true, asynchronous MDNs over HTTP or HTTPS are compressed using one of the following encoding options:
The content-encoding header is set accordingly. |
MDN S/MIME Keystore Provider |
The provider for the keystore used to sign receipts. Defaults to the value assigned to the S/MIME Keystore Provider. |
MDN S/MIME JCE Cryptography provider |
The JCE Provider for MDN S/MIME cryptography service. Defaults to the value assigned to the S/MIME JCE Provider. |
MDN S/MIME Signature Key Alias |
The private key alias used to sign receipts. |
MDN S/MIME Signature Key password |
The password for signature private key. Defaults to password for accessing the keystore. |
Include Certificate Chain |
Determines how much of the signer certificate chain is included in a signed receipt. Options include:
|
Other |
|
Optimize Favoring |
The selection of memory is useful for large input documents. |
Multithreading |
The number of documents that can be processed in parallel. |
Execution Time Limit |
The time limit for document execution (in seconds) before it is terminated. |
Default Java File Encoding |
The default encoding if incoming message is not self-declaring. |
Agent Precedence |
The changes in order by which iSM selects agents. This is normally set to Document overrides listener. |
Always reply to listener default |
If set to true, the default reply definition is used in addition to defined replies. |
Error Documents treated normally |
If set to true, error documents are processed by any configured pre-emitters. |
Listener is Transaction Manager |
If set to true, agents run within a local transaction managed by the listener. |
Record in Activity Log(s) |
If set to true, activity on this channel will be recorded in the activity logs. If set to false, the activity will not be recorded. |
The following table lists and describes the special registers for the NAS2 listener.
Special Register |
Level |
Description |
---|---|---|
... |
Header |
Each header value from the message. |
action |
Document |
The action field of the post. |
as2from |
Document |
The AS2-From header. |
as2to |
Document |
The AS2-To header. |
asxDocType |
Document |
The payload for an AS2 request or MDN for a receipt. |
dispositionFileName |
Header |
The FileName parameter extracted from the Content-Disposition header. |
ip |
System |
The IP of the sending system. |
iwayconfig |
System |
The current active configuration name. |
mdnDisposition |
Document |
The field extracted from the received MDN. |
mdnFinalRecipient |
Document |
The field extracted from the received MDN. |
mdnOriginalMessageId |
Document |
The field extracted from the received MDN. |
mdnOriginalRecipient |
Document |
The field extracted from the received MDN. |
mdnReceivedContentMIC |
Document |
The field extracted from the received MDN. |
mdnReportingUA |
Document |
The field extracted from the received MDN. |
mdnRequested |
Document |
If set to true, a receipt is requested. If set to false, no receipt is requested. |
mdnSent |
Document |
If set to true, the MDN was already sent. If it is set to false, the MDN was not sent. |
msgsize |
Document |
The physical length of the message payload. |
name |
System |
The assigned name of the master (listener). |
protocol |
System |
The protocol on which the message was received. |
requestType |
Header |
The type of HTTP request (GET, POST, or HEAD). |
smime_compressed |
Document |
If set to true the S/MIME message is compressed. If set to false, the message is not compressed. |
smime_encrypted |
Document |
If set to true the S/MIME message is encrypted. If set to false, the message is not encrypted. |
smime_error |
Document |
The error message that can be used when sending an MDN. |
smime_error_diag |
Document |
The error diagnostic message that can be used when sending an MDN. |
smime_mic |
Document |
The message Identification Code extracted from the S/MIME message |
smime_signed |
Document |
The unsigned, embedded or external depending on the S/MIME packaging that was used. |
smime_signer |
Document |
The Distinguished Name from the Signer certificate. |
smime_signer_cn |
Document |
Common Name (CN) extracted from the Signer certificate. |
smime_signing_time |
Document |
Signing time extracted from the S/MIME signed attributes. |
source |
Document |
The host name of the sending system. |
url |
Header |
The full URL of the HTTP request (GET, POST, or HEAD). |
tid |
Document |
Unique transaction ID. |
Topics: |
How to: |
Reference: |
You can configure outbound processing of AS2 messages as a service that can be used within a process flow, which will become part of the route configuration or directly as a service assigned to a route. In this case, a business process can continue after an AS2 message has been sent out to the client. The following section describes how to configure an AS2 nonblocking emit service. For more information on configuring outlets and routes, see the iWay Service Manager User's Guide.
To configure an AS2 nonblocking emit service:
The Services pane opens.
The table that is provided lists all the previously configured services and a brief description for each.
The Select Service type pane opens.
The configuration parameters pane for the AS2 nonblocking emit service opens.
For more information, see AS2 Nonblocking Emit Service Configuration Parameters.
The name and description pane opens.
The following table lists and describes parameters for the AS2 nonblocking emit service.
Parameter |
Description |
---|---|
Configuration Parameters |
|
Destination |
The URL that is used to post this information. |
HTTP Client Provider |
The HTTP client Provider that is used to manage connections for this emitter. |
AS2-From |
A textual value identifying the sender of data exchange. |
AS2-To |
A textual value identifying the receiver of data exchange. |
Subject |
Sets the Subject header. |
Request Receipt |
Tells the emitter to send a request for receipt in the form of a Message Disposition Notification (MDN). |
Asynchronous Receipt URL |
If an asynchronous receipt is requested, you must specify the URL to which the receipt should be sent. Supported values are in the form:
|
Receipt Destination |
The directory to which synchronous MDNs are stored. Specific file names are optional. Use an asterisk (*) in file name to be replaced by timestamp, # by sequential counter. |
Content-Type |
Specifies the content-type of data that is sent. Select from the drop-down list or provide your own. |
Message ID |
Set this to control the emitted message ID. Usually this is left blank to let the system generate a unique ID meeting the requirements of RFC 822. Use this only to override the default. This is not recommended. |
Content Disposition |
The file name to put in the Content-Disposition header value. |
User ID |
The user ID for Basic Authentication challenges. |
Password |
The password for Basic Authentication challenges. |
Domain |
The domain for NTLM authentication challenges. Note that to use NTLM, you must enable connection persistence. |
Request Header Namespace |
The special register namespace from which HTTP headers for the outgoing request will be taken.
|
Request Main Part Header Namespace |
The special register namespace from which MIME headers for the outgoing request are taken. Provide a prefix to control the request Main BodyPart headers in the presence of attachments. Selecting none means that no special registers will be sent as MIME headers. |
Response Header Namespace |
The special register namespace to which HTTP headers for the incoming response are saved.
|
MDN Header Namespace |
The special register namespace into which MIME headers of the multipart/report entity will be saved. This namespace is ignored if the MDN is unsigned since all headers will be in the Response Header Namespace. |
MDN Field Namespace |
The special register namespace into which MDN fields are saved. |
Excluded Headers |
A comma delimited list (case-insensitive) of headers that should not be sent with the request, even if they are found in the request header namespace. |
Ask for Compressed Response |
If set to true, the requests will set the Accept-Encoding header to indicate that the client can accept a compressed response, as described in RFC-2616. If the response has a compressed content encoding, the client will automatically inflate. |
Compress Request |
If set to true, the request entities will be compressed using the selected encoding and the content-encoding header are set accordingly. |
Replace Connection? |
If set to false, the connection will not be returned to the connection pool immediately. The identifier connection will be stored in the httpclient-key special register and the connection can be handled by the HTTP Client Manager agent. |
Maximum HTTP Client Manager Delay |
The maximum time the HTTP Client Manager can take to deal with a particular connection before it is automatically aborted. The format is [xxh][xxm]xx[s]. The default is 60 seconds. |
Maximum Request Size |
The maximum size, after compression, of a request entity that is sent with this emitter. 0 means no maximum and blank will default to 256KB. |
Maximum Response Size |
The maximum size of a response entity that is received by this emitter. 0 means no maximum and blank will default to 256KB. |
Try Expect/Continue Handshake? |
If checked, the client will send the HTTP Expect: 100-continue header and await HTTP 100 response before sending request body. |
S/MIME |
|
Packaging |
Tells the emitter how the document should be packaged for transmission. Select from the drop-down list:
|
Compression |
Determines when message compression should be applied. Select from the drop-down list:
|
S/MIME Keystore Provider |
The provider for the Keystore used to sign and encrypt messages. |
S/MIME Truststore Provider |
The provider for the Keystore containing the S/MIME Certificate Authorities. |
S/MIME Certificate Store Providers |
A Comma-separated list of Keystore, Directory CertStore, or LDAP providers for the certificate stores, used to complete signer certificate chains when the signed message contains fewer certificates than needed. |
S/MIME JCE Cryptography Provider |
The JCE Provider for S/MIME Cryptography services. |
S/MIME Verification JCE Crypto Provider |
The JCE Provider for S/MIME verification cryptography services. Normally left blank. Defaults to S/MIME JCE Provider. |
S/MIME PKIX JCE Provider |
The JCE Provider for S/MIME PKIX services. If left blank, the default JCE provider for PKIX will be used. |
Recipient Public Key Alias |
The alias for the recipient public key entry used for encryption. |
Signature Key Alias |
The alias for the private key entry used for signing. |
Signature Key password |
The password to access the signature private key. If left blank, the password used to access the Keystore will be used. |
Digest Algorithm |
The algorithm used for signing. |
Encryption Algorithm |
The algorithm used for encrypting. |
Include Certificate Chain |
Determines how much of the signer certificate chain is included in the message. Select from the drop down:
|
Enforce KeyUsage Extension |
If on, verify certificates used for signing allow the digital Signature KeyUsage extension, and certificates used for encryption allow the key Encipherment KeyUsage extension. |
Enable Certificate Revocation |
If set to true, this uses the CRLs from the CertStores to check whether the certificate signer has been revoked. |
Unrecognized Certs Location |
The directory to store unrecognized certificates found in S/MIME messages. |
TCP |
|
Persistence |
If checked, ask the server to maintain the connection. |
Response Timeout value in seconds |
The seconds to wait for response before signaling error. |
When you connect the NAS2EmitAgent object to an End object using the OnCustom build relation in a process flow, the available line edges are provided in the Line Configuration dialog box.
The following table lists and describes the available line edges for the NAS2EmitAgent object.
Line Edge |
Description |
---|---|
OnError |
Error |
OnSuccess |
Success |
OnFailure |
Failure |
fail_connect |
fail_connect |
fail_info |
fail_info |
fail_redirection |
fail_redirection |
fail_client |
fail_client |
fail_server |
fail_server |
fail_operation |
fail_operation |
fail_parse |
fail_parse |
fail_unsigned |
fail_unsigned |
Topics: |
The S/MIME packer service and corresponding S/MIME un-packer service are two new services that are available in the NAS2 adapter configuration. These services allow you to securely exchange information using the S/MIME format through any protocol. Using these services enable you to receive a payload from any source and package it into an S/MIME message that can be sent through any supported protocol. On the receiving side, you can use the S/MIME un-packer service to validate and verify the received message and unpack it.
Note: Since an unencrypted S/MIME packaged message is the same as a MIME message, the S/MIME packer and un-packer services can process MIME and S/MIME message formats. As a result, when you use the S/MIME packer service and select Un-encrypted from the Packaging drop-down list during configuration, a MIME message is generated. Similarly, the S/MIME un-packer service can process a MIME message since it is identical to the un-encrypted S/MIME message. In addition, the un-encrypted packaging for the message indicates that the message will not be signed and will always produce a document using MIME format as a result.
The S/MIME packer service allows you to send a packaged S/MIME message to any type of listener. The listener that receives the packaged S/MIME message must be able to unpack and process this package. Since an S/MIME packaged message can not be parsed by the listener and also represents a flat document, you must disable parsing for the listener. Using the iWay Service Manager Administration Console, the Accepts non-XML (flat) only parameter for the listener receiving the message must be set to true to disable parsing, as shown in the following image.
These services can be used as a stand alone service within a route configuration or as part of a process flow for more complex configuration. This process simulates the message exchange via NAS2 HTTP based adapter, but allows you to separate the protocol part of the adapter from the message processing part. As a result, you can exchange messages via any supporting protocol, such as file, email, and so on.
How to: |
Reference: |
The S/MIME packer service is configured with a special register message namespace that saves the message headers generated by the packaging process. This namespace will contain the headers for the message that will be required by the un-packer service on the receiving side to correctly unpack the S/MIME package. The S/MIME packer outputs a bytes-type XDDocument with any message headers stored in the specified message namespace. When a signed packaging is requested, for example, the output will consist of a bytes-type document that starts with the first message boundary. As with the AS2 emit service, another namespace can also be specified for payload headers.
To configure a S/MIME packer service:
The Services pane opens.
The table that is provided lists all the previously configured services and a brief description for each.
The Select Service type pane opens.
The configuration parameters pane for the S/MIME packer service opens.
For more information, see S/MIME Packer Service Configuration Parameters.
You are returned to the Select Service type pane.
The following table lists and describes parameters for the S/MIME packer service.
Parameter |
Description |
---|---|
Configuration Parameters |
|
Packaging |
Tells the emitter how the document should be packaged for transmission. Available options include:
|
Compression |
Determines when message compression should be applied. Available options include:
|
S/MIME Keystore Provider |
The provider for the Keystore used to sign and encrypt messages. |
S/MIME JCE Cryptography Provider |
The JCE Provider for S/MIME Cryptography services. |
Recipient Public Key Alias |
The alias for the recipient public key entry used for encryption. |
Signature Key Alias |
The alias for the private key entry used for signing. |
Signature Key password |
The password to access the signature private key. If left blank, the password used to access the Keystore are used. |
Digest Algorithm |
The algorithm used for signing. |
Encryption Algorithm |
The algorithm used for encrypting. |
Include Certificate Chain |
Determines how much of the signer certificate chain is included in the message. Select from the drop-down list:
|
Enforce KeyUsage Extension |
If on, verify certificates used for signing allow the digital Signature KeyUsage extension, and certificates used for encryption allow the key Encipherment KeyUsage extension. |
Main |
|
Message ID |
Set this to control the emitted message ID. Usually this is left blank to let the system generate a unique ID meeting the requirements of RFC 822. Use this only to override the default. This is not recommended. |
Content-Type |
Specifies the content-type of data to be send. Select from drop down or provider your own. |
Content Disposition |
The file name to put in the Content-Disposition header value. |
Header Management |
|
Payload Header Namespace |
The special register namespace from which additional MIME headers for the payload are taken. If not supplied, no MIME headers are added beyond the content headers generated by the packaging process. |
Message Header Namespace |
The special register namespace to which message headers generated by the S/MIME packaging process are stored. If not supplied, message headers are saved in the default namespace. |
When you connect the SMIMEPackerAgent object to an End object using the OnCustom build relation in a process flow, the available line edges are provided in the Line Configuration dialog box.
The following table lists and describes the available line edges for the SMIMEPackerAgent object.
Line Edge |
Description |
---|---|
OnError |
Error |
OnSuccess |
Success |
OnFailure |
Failure |
fail_smime |
fail_smime |
How to: |
Reference: |
The S/MIME un-packer service expects input in the same form, which is a MIME document without message headers. This service is configured with a register message namespace where it can find the message headers, which are added back to the document before unpacking. This message namespace must match the message namespace configured for the S/MIME packer service. Output of the S/MIME un-packer service depends on the content-type of the input. Also, considering that the S/MIME package is a flat document, the listener that will accept the S/MIME message must be configured to accept flat documents.
To configure a S/MIME un-packer service:
The Services pane opens.
The table that is provided lists all the previously configured services and a brief description for each.
The Select Service type pane opens.
The configuration parameters pane for the S/MIME un-packer service opens.
For more information, see S/MIME Un-Packer Service Configuration Parameters.
The name and description pane opens.
The following table lists and describes parameters for the S/MIME un-packer service.
Parameter |
Description |
---|---|
Configuration Parameters |
|
S/MIME Keystore Provider |
The named iWay Security provider used to decrypt incoming messages and sign receipts. |
S/MIME Truststore Provider |
The named iWay Security provider containing the S/MIME certificate authorities. |
S/MIME Certificate Store Provider |
The comma-separated list of Keystore, Directory Certstore or LDAP providers for the certificate stores used to complete signer certificate chains when the signed message contains fewer certificates than needed. |
S/MIME JCE Cryptography Provider |
The JCE provider for S/MIME cryptography services. |
S/MIME PKIX JCE Provider |
The JCE provider for S/MIME PKIX services. |
S/MIME Decryption Key Alias |
The private key alias used to decrypt incoming messages. |
S/MIME Decryption Key Password |
The password for decrypting a private key. If left blank, the password for accessing the keystore is used. |
Enforce KeyUsage Extension |
If set to true, then verify the certificates used for signing allow the digital signature KeyUsage extension, and certificates used for encryption allow the keyEncipherment and KeyUsage extension. |
Enable Certificate Revocation |
If set to true, use the CRLs from the CertStore to check whether the certificate of the signer has been revoked. |
Unrecognized Cert Location |
The directory to store unrecognized certificates found in S/MIME messages. |
Signature Required |
If set to true, incoming documents will require a valid signature. |
Error Return |
This determines which document is returned when an error occurs. |
Keep Message Flat |
If set to true, use the body of the message as an array of bytes. |
Header Management |
|
Message Header Namespace |
The special register namespace to which message headers generated by the S/MIME packaging process are stored. If it is not supplied, message headers are saved in the default namespace. |
Payload Header Namespace |
The special register namespace from which additional MIME headers for the payload are taken. If it is not supplied, no MIME headers are added beyond the content headers generated by the packaging process. |
When you connect the SMIMEUnpackerAgent object to an End object using the OnCustom build relation in a process flow, the available line edges are provided in the Line Configuration dialog box.
The following table lists and describes the available line edges for the SMIMEUnpackerAgent object.
Line Edge |
Description |
---|---|
OnError |
Error |
OnSuccess |
Success |
OnFailure |
Failure |
fail_operation |
fail_operation |
fail_unsigned |
fail_unsigned |
fail_smime |
fail_smime |
Topics: |
The MDNSendNow service is a new service that is available in the NAS2 adapter configuration.
Topics: |
The following MDN elements are associated and described in this section:
You can override the Comment to augment the human part with additional text. Custom HTTP headers are special registers of type HDR in the Response Header namespace. Extension fields in the machine readable part are special registers of any type in the MDN field namespace, but the name must start with X- or x-.
AS2-From |
reqns.AS2-To |
AS2-To |
reqns.AS-From |
AS2-Version |
'1.1' |
Message-ID |
uniquely generated |
MessageID |
reqns.AS2-To |
From |
reqns.From |
To |
reqns.To |
Sent on |
reqns.Date |
Subject |
reqns.Subject |
Status |
tail of Disposition |
Error |
mdnns.Error if present |
Warning |
mdnns.Warning if present |
Failure |
mdnns.Failture if present |
Comment |
mdnns.Comment or else default message |
Reporting-UA |
Reporting User Agent parameter |
Original-Recipient |
reqns.To |
Final-Recipient |
reqns.To |
Original-Message-ID |
reqns.Message-ID |
Received-Content-MIC |
calculated MIC if available |
Disposition |
mdnns.Disposition or else based on Error, Warning, or Failure |
Error |
mdnns.Error if present |
Warning |
mdnns.Warning if present |
Failure |
mdnns.Failure if present |
X-?? |
mdnns.X-?? if present |
The MDN is formed as described in this section. Specific parameters have been modified to eliminate any limitations on field content. Fields that cannot be set based upon agent parameters can be set as described in the tables above. Currently, the use of specific special registers simplifies configuration and does not impose any functional limitations.
Status now contains the tail of the Disposition. This is the Disposition-Modifier, if present, otherwise it is the Disposition-Type. As a result, Status now contains the value that used to be in the Error field.
Error field now contains the value that used to be in Detailed Error.
Detailed Error no longer exists.
There is no namespace to augment the Human Readable Part. The value of the Comment field can be overridden to add extra text. This is not a limitation, since the human readable part is unstructured.
How to: |
The Disposition can be overridden as one value by assigning it to the Disposition register. The format is:
disp-mode; disp-type[/disp-modifier[:dispdesc]]
If the Disposition register is absent, but the Disposition-Modifier register is assigned, the Disposition will be computed as follows:
The disposition mode is an automatic-action/MDN-sent-automatically.
The disposition modifier is specified by the register.
The disposition type is computed based on the first few characters of the disposition modifier.
If the disposition modifier starts with a failure, the disposition type is failed, otherwise it is processed. Notice that it is possible to specify the Disposition description as the tail of the Disposition-Modifier value.
The following diagram illustrates the sender process and the resulting receiver process.
To configure an MDNSendNow service:
The Services pane opens.
The table that is provided lists all the previously configured services and a brief description for each.
The Select Service type pane opens.