Merge pull request #17 from OpenAS2/dev

Final version 2.0.0 release

Author: pete-gilchrist

.classpath

@@ -4,13 +4,13 @@
 	<classpathentry kind="src" path="Server/src"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="lib" path="Remote/lib/servlet.jar"/>
-	<classpathentry kind="lib" path="Server/lib/bcmail-jdk15on-152.jar"/>
-	<classpathentry kind="lib" path="Server/lib/bcpg-jdk15on-152.jar"/>
-	<classpathentry kind="lib" path="Server/lib/bcpkix-jdk15on-152.jar"/>
-	<classpathentry kind="lib" path="Server/lib/bcprov-jdk15on-152.jar"/>
 	<classpathentry kind="lib" path="Server/lib/commons-lang3-3.4.jar"/>
 	<classpathentry kind="lib" path="Server/lib/commons-logging-1.2.jar"/>
 	<classpathentry kind="lib" path="Server/lib/dom4j-1.6.1.jar"/>
 	<classpathentry kind="lib" path="Server/lib/javax.mail.jar"/>
+	<classpathentry kind="lib" path="Server/lib/bcmail-jdk15on-154.jar"/>
+	<classpathentry kind="lib" path="Server/lib/bcpg-jdk15on-154.jar"/>
+	<classpathentry kind="lib" path="Server/lib/bcpkix-jdk15on-154.jar"/>
+	<classpathentry kind="lib" path="Server/lib/bcprov-jdk15on-154.jar"/>
 	<classpathentry kind="output" path="classes"/>
 </classpath>

RELEASE-NOTES.txt

@@ -1,23 +1,31 @@
               OpenAS2 Server
-              Version 1.3.6
+              Version 2.0.0
               RELEASE NOTES
 
-The OpenAS2 project is pleased to announce the release of OpenAS2 1.3.6
+The OpenAS2 project is pleased to announce the release of OpenAS2 2.0.0
 
-The release download file is: OpenAS2Server-1.3.6.zip
+The release download file is: OpenAS2Server-2.0.0.zip
 The zip file contains a PDF document providing information on installing and using the application.
 
-UPGRADE Instructions:
- 1. As of version 1.3.6, a new "errordir" parameter is required on the processor element to specify where files that fail resend attempts are stored.
-    It defaults to a sub-directory named "error" off the directory pointed to by the "pendingMDN" parameter. 
-
-This release is an enhancement and bugfix release:
-  1. Fix handling creating a unique file name for storing message info for ASYNC MDN
-  2. Rationalise the handling of received MDN so that there is a common handler for Async and Sync MDN
-  3. Fix moving pending messages that fail after retries to the error folder.
-  4. Enhance logging to pass MEssage object to log manager to facilitate finer grained and more targeted logging
+This release is an enhancement and bug fix release that includes compatibility testing with other AS2 systems:
+  1. Add support for custom HTTP headers
+  		- configurable static headers as name/value pairs in the partnership
+  		- configurable dynamic headers with header values set from parsing the name of the file to be sent
+  2. Fix generator encoding for compression, encryption and signing
+  3. Support configurable control of canonicalization when signing
+  4. Support overriding digest "sha-1" algorithm name in signing to use "old" name without dash ("sha1")
+  5. Support AES128, AES192, AES256 ciphers
+  6. Support disabling the CMS algorithm protection OID for older AS2 systems that do not support it
+  7. Added "Troubleshooting.." section to documentation
 
+Upgrade Notes:
+  1. Canonicalization may affect existing working partnerships in prior versions of OpenAS2 if using a content transfer encoding other than "binary".
+     If the partnership stops working then add the following attribute to the partnership:
+  		        <attribute name="prevent_canonicalization_for_mic" value="true"/>
+  
 Java 1.5 or later is required.
+NOTE FOR JAVA 1.5: Prior to java 1.6, the Javabeans Activation Framework is NOT included in the standard Java install. Download the 1.1.1 version and extract from the zip file from this web page: http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jaf-1.1.1-fcs-oth-JPR
+The activation.jar must be placed into the “lib” folder of the OpenAS2 server install and added to the class path in the shell or batch file as appropriate.
 
 
 Historical list of changes: see the changes.txt file in the release package

Remote/src/org/openas2/remote/CommandLine.java

@@ -16,7 +16,7 @@
  * a test program but usable with the SocketCommandProcessor which in turns passes to 
  * command off to the OpenAS2Server.
  * 
- * uses SSL_DH_anon_WITH_RC4_128_MD5 cipher for the secure socket layer; 
+ * uses TLS_DH_anon_WITH_AES_256_CBC_SHA cipher for the secure socket layer; 
  * 
  */
 public class CommandLine {
@@ -27,13 +27,13 @@ public static void main(String args[]) {
 			String host, port, name, pwd;
 			if (args.length == 0) {
 				host = "localhost";
-				port = "4321";
+				port = "14322";
 				name = "userID";
 				pwd = "pWd"; 
 
 			} else 
 			if (args.length != 4) {
-				System.out.println("format: java org.openas2.remote.CommandLine ipaddresss portnumber userid password command");
+				System.out.println("format: java org.openas2.remote.CommandLine ipaddresss portnumber userid password");
 				return;
 			} else {
 				host = args[0];
@@ -43,14 +43,24 @@ public static void main(String args[]) {
 			}
 			int iport = Integer.parseInt(port);
 			while (true) {
+				System.out.print("Enter command: ");
 				String icmd = br.readLine().trim();
+				System.out.print("");
 				if (icmd.length() < 1) {
 					System.out.println("adios");
 					return;
 				}
 				s = (SSLSocket) SSLSocketFactory.getDefault().createSocket(InetAddress.getByName(host), iport);
-				final String[] enabledCipherSuites = { "SSL_DH_anon_WITH_RC4_128_MD5" };
-				s.setEnabledCipherSuites(enabledCipherSuites);
+				String cipherSuites = System.getProperty("CmdProcessorSocketCipher", "TLS_DH_anon_WITH_AES_256_CBC_SHA");
+				final String[] enabledCipherSuites = { cipherSuites };
+				try
+				{
+					s.setEnabledCipherSuites(enabledCipherSuites);
+				} catch (IllegalArgumentException e)
+				{
+					e.printStackTrace();
+					System.out.println("Cipher is not supported. Try using the command line switch -DCmdProcessorSocketCipher=<some cipher suite> to use one supported by your version of java security.");
+				}
 				String cmd = "<command id=\"" + name + 
 					"\" password=\"" + pwd + "\">" + 
 					icmd + "</command>";

Remote/src/org/openas2/remote/OpenAS2Servlet.java

@@ -408,8 +408,16 @@ public static String xmlNormalize(String in) {
 	public String remoteCommandCall(String command) throws UnknownHostException, IOException
 	{
 	SSLSocket s = (SSLSocket) SSLSocketFactory.getDefault().createSocket(InetAddress.getByName(commandHostID), commandPort);
-	final String[] enabledCipherSuites = { "SSL_DH_anon_WITH_RC4_128_MD5" };
-	s.setEnabledCipherSuites(enabledCipherSuites);
+	String cipherSuites = System.getProperty("CmdProcessorSocketCipher", "TLS_DH_anon_WITH_AES_256_CBC_SHA");
+	final String[] enabledCipherSuites = { cipherSuites };
+	try
+	{
+		s.setEnabledCipherSuites(enabledCipherSuites);
+	} catch (IllegalArgumentException e)
+	{
+		e.printStackTrace();
+		System.out.println("Cipher is not supported. Try using the command line switch -DCmdProcessorSocketCipher=<some cipher suite> to use one supported by your version of java security.");
+	}
 	String cmd = "<command id=\"" + commandUserID + 	"\" password=\"" + commandPWD + "\">" + 		command + "</command>\n";
 	s.getOutputStream().write(cmd.getBytes());
 	s.getOutputStream().flush();

Server/bin/start-openas2.bat

@@ -1,6 +1,11 @@
 @echo off
 rem Purpose:  runs the OpenAS2 application
 
+rem Uncomment any of the following for enhanced debug
+rem set EXTRA_PARMS=%EXTRA_PARMS% -Dmaillogger.debug.enabled=true
+rem set EXTRA_PARMS=%EXTRA_PARMS% -DlogRxdMsgMimeBodyParts=true
+rem set EXTRA_PARMS=%EXTRA_PARMS% -DlogRxdMdnMimeBodyParts=true
+
 rem Setup the Java Virtual Machine
 if not "%JAVA%" == "" goto :Check_JAVA_END
     if not "%JAVA_HOME%" == "" goto :TryJDKEnd
@@ -53,7 +58,7 @@ if not "%JAVA%" == "" goto :Check_JAVA_END
 rem    
 rem remove -Dorg.apache.commons.logging.Log=org.openas2.logging.Log if using another logging package
 rem
-"%JAVA%" -Xms32m -Xmx384m  -Dorg.apache.commons.logging.Log=org.openas2.logging.Log  -cp .;../lib/javax.mail.jar;../lib/bcpkix-jdk15on-152.jar;../lib/bcprov-jdk15on-152.jar;../lib/bcmail-jdk15on-152.jar;../lib/bcprov-jdk15on-152;../lib/commons-logging-1.2.jar;../lib/openas2-server.jar org.openas2.app.OpenAS2Server ../config/config.xml
+"%JAVA%" "%EXTRA_PARMS% -Xms32m -Xmx384m  -Dorg.apache.commons.logging.Log=org.openas2.logging.Log  -cp .;../lib/javax.mail.jar;../lib/bcpkix-jdk15on-154.jar;../lib/bcprov-jdk15on-154.jar;../lib/bcmail-jdk15on-154.jar;../lib/commons-logging-1.2.jar;../lib/openas2-server.jar org.openas2.app.OpenAS2Server ../config/config.xml
 
 :warn
 :END

Server/bin/start-openas2.sh

@@ -4,6 +4,11 @@ x=`basename $0`
 
 keyStorePwd=$1
 PWD_OVERRIDE=""
+# Uncomment any of the following for enhanced debug
+#EXTRA_PARMS="$EXTRA_PARMS -Dmaillogger.debug.enabled=true"
+#EXTRA_PARMS="$EXTRA_PARMS -DlogRxdMsgMimeBodyParts=true"
+#EXTRA_PARMS="$EXTRA_PARMS -DlogRxdMdnMimeBodyParts=true"
+
 if [  ! -z $keyStorePwd ]; then
   PWD_OVERRIDE="-Dorg.openas2.cert.Password=$keyStorePwd"
 fi
@@ -30,4 +35,4 @@ JAVA_EXE=$JAVA_HOME/bin/java
 #    
 # remove -Dorg.apache.commons.logging.Log=org.openas2.logging.Log if using another logging package    
 #
-$JAVA_EXE ${PWD_OVERRIDE} -Xms32m -Xmx384m -Dorg.apache.commons.logging.Log=org.openas2.logging.Log  -cp .:../lib/javax.mail.jar:../lib/bcpkix-jdk15on-152.jar:../lib/bcprov-jdk15on-152.jar:../lib/bcmail-jdk15on-152.jar:../lib/bcprov-jdk15on-152:../lib/commons-logging-1.2.jar:../lib/openas2-server.jar org.openas2.app.OpenAS2Server ../config/config.xml
+$JAVA_EXE ${PWD_OVERRIDE} -Xms32m -Xmx384m -Dorg.apache.commons.logging.Log=org.openas2.logging.Log  -cp .:../lib/javax.mail.jar:../lib/bcpkix-jdk15on-154.jar:../lib/bcprov-jdk15on-154.jar:../lib/bcmail-jdk15on-154.jar:../lib/commons-logging-1.2.jar:../lib/openas2-server.jar org.openas2.app.OpenAS2Server ../config/config.xml

Server/build.xml

@@ -35,6 +35,7 @@
 				<tokenfilter>
 					<replaceregex replace="\1"
 						pattern="^.*String VERSION\s*=\s* &quot;(.*)&quot;;.*$" />
+			        <deletecharacters chars=" " />
 				</tokenfilter>
 				<striplinebreaks />
 			</filterchain>

Server/config/config.xml

@@ -13,9 +13,13 @@
 		<!-- Remove this comment to enable emailing of exceptions
 		<logger classname="org.openas2.logging.EmailLogger"
 			show="terminated"
+			javax.mail.properties.file="%home%/java.mail.properties"
 			from="openas2"
 			to="your email address"
 			smtpserver="your smtp server"
+			smtpauth="true"
+			smtpuser="mySmtpUserId"
+			smtppwd="mySmtpPwd"
 			subject="$exception.name$: $exception.message$"
 			bodytemplate="%home%/emailtemplate.txt"/>
 		-->
@@ -75,13 +79,13 @@
 			mimetype="application/EDI-X12"/>
 
 		<module classname="org.openas2.processor.storage.MDNFileModule"
-			filename="%home%/../data/$mdn.msg.sender.as2_id$-$mdn.msg.receiver.as2_id$/mdn/$date.yyyy-MM-DD$/$mdn.msg.content-disposition.filename$-$mdn.msg.headers.message-id$"			
+			filename="%home%/../data/$mdn.msg.sender.as2_id$-$mdn.msg.receiver.as2_id$/mdn/$date.yyyy-MM-dd$/$mdn.msg.content-disposition.filename$-$mdn.msg.headers.message-id$"			
 			protocol="as2"
 			tempdir="%home%/../data/temp"/>
 
 		<module classname="org.openas2.processor.storage.MessageFileModule"
 			filename="%home%/../data/$msg.sender.as2_id$-$msg.receiver.as2_id$/inbox/$msg.content-disposition.filename$-$msg.headers.message-id$"
-			header="%home%/../data/$msg.sender.as2_id$-$msg.receiver.as2_id$/msgheaders/$date.yyyy-MM-DD$/$msg.content-disposition.filename$-$msg.headers.message-id$"		
+			header="%home%/../data/$msg.sender.as2_id$-$msg.receiver.as2_id$/msgheaders/$date.yyyy-MM-dd$/$msg.content-disposition.filename$-$msg.headers.message-id$"		
 			protocol="as2"
 			tempdir="%home%/../data/temp"/>		
 

Server/config/partnerships.xml

@@ -12,30 +12,52 @@
 		<sender name="OpenAS2A"/>
 		<receiver name="OpenAS2B"/>
 		<attribute name="protocol" value="as2"/>
-		<attribute name="content_transfer_encoding" value="binary"/>
+		<attribute name="content_transfer_encoding" value="8bit"/>
 		<attribute name="compression_type" value="ZLIB"/>
 		<attribute name="subject" value="From OpenAS2A to OpenAS2B"/>
 		<attribute name="as2_url" value="http://localhost:10080"/>
 		<attribute name="as2_mdn_to" value="[email protected]"/>
 		<!--  <attribute name="as2_receipt_option" value="http://localhost:10080"/>   ...for async MDN-->
-		<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA1"/>
+		<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256"/>
 		<attribute name="encrypt" value="3DES"/>
-		<attribute name="sign" value="MD5"/>
+		<attribute name="sign" value="SHA1"/>
 		<attribute name="resend_max_retries" value="3"/>
+		<attribute name="prevent_canonicalization_for_mic" value="false"/>
+		<attribute name="no_set_transfer_encoding_for_signing" value="false"/>
+		<attribute name="no_set_transfer_encoding_for_encryption" value="false"/>
+		<attribute name="rename_digest_to_old_name" value="false"/>
+		<attribute name="remove_cms_algorithm_protection_attrib" value="false"/>
 	</partnership>
 
 	<partnership name="OpenAS2B-to-OpenAS2A">
 		<sender name="OpenAS2B"/>
 		<receiver name="OpenAS2A"/>
 		<attribute name="protocol" value="as2"/>
-		<attribute name="content_transfer_encoding" value="binary"/>
+		<attribute name="content_transfer_encoding" value="8bit"/>
 		<attribute name="subject" value="From OpenAS2B to OpenAS2A"/>
 		<attribute name="as2_url" value="http://localhost:10080"/>
 		<attribute name="as2_mdn_to" value="[email protected]"/>
 		<!--  <attribute name="as2_receipt_option" value="http://localhost:10080"/>   ...for async MDN-->
-		<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA1"/>
+		<attribute name="as2_mdn_options" value="signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, SHA256"/>
 		<attribute name="encrypt" value="3DES"/>
-		<attribute name="sign" value="SHA1"/>
+		<attribute name="sign" value="SHA256"/>
+		<attribute name="prevent_canonicalization_for_mic" value="false"/>
+		<attribute name="remove_cms_algorithm_protection_attrib" value="false"/>
+		<!--
+		Example for adding static custom headers to Mime body part and additionally add to HTTP
+		<attribute name="custom_mime_headers" value="X-CustomHeader: shift-shape ; X-CustomShape: oblong"/>
+		<attribute name="add_custom_mime_headers_to_http" value="true"/>
+		-->	
+		<!--
+		Example for adding dynamic custom headers to Mime body part using delimiters where filename is of form XXX-YYY-ZZZ or XXX_YYY-ZZZ etc
+        <attribute name="custom_mime_header_names_from_filename" value="header.X-CustomRouteId,header.X-CustomCenter, junk.extraStuff"/>
+        <attribute name="custom_mime_header_name_delimiters_in_filename" value="-_"/>
+
+		Example for adding dynamic custom headers to Mime body part where filename is of form XXX-YYY.msg 
+        <attribute name="custom_mime_header_names_from_filename" value="X-CustomRouteId,X-CustomCenter"/>
+        <attribute name="custom_mime_header_names_regex_on_filename" value="([^-]*)-([^.]*).msg"/>
+		-->
 	</partnership>
+
 </partnerships>