[SYNAPSE-860] AS2 Support

Hi Hiranya,

Yes you are right, a builder and a formatter is the correct approach for the implementation.
Also, I think MIME content types are a initial consideration.

I read some more on AS2 specification and experimented with Mendelson and Tcpmon to understand how an actual implementation of AS2 looks like.

Sending a text file named "foo.txt" containing the word "bar", changing some parameters:

1. Without encryption or signing - http://pastebin.com/j7S9tN8V

File is sent as a plain text attachment. content type is "application/EDI-Consent"
File name is mentioned in the header "content-disposition: attachment; filename="foo.txt""

2. Only with encryption - http://pastebin.com/j7yGkVFc

One MIME attachment whose content is encrypted using the selected algorithm. File name is not encrypted. (same as above). content type is "application/pkcs7-mime"

3. Without encryption and signing - http://pastebin.com/CXAuVgwY

Looks like both signature and content are encrypted. One MIME attachment is sent. Filename is not the original (smime.p7m). content type is again "application/pkcs7-mime"

4. Only with signing - http://pastebin.com/tpJPHSDM

A MIME multipart message, containing two parts, is sent. One part is the original file as a plain text attachment. Other part is the signature. content type is "multipart/signed"

According to specs, at least following types has to be supported in an AS2 implementation.
             Content-Type: multipart/signed
             Content-Type: multipart/report
             Content-Type: message/disposition-notification
             Content-Type: application/PKCS7-signature
             Content-Type: application/PKCS7-mime
             Content-Type: application/EDI-X12

RFC-1767 defines three distinct categories as three different MIME content-types

application/EDIFACT: content that conform to the range of specifications developed by the United Nations

application/EDI-X12: conform to the range of specifications developed through the X12 standards organization

application/EDI-consent: other content that haven't standardized. two trade parties must explicitly agree on the format. (content type is set to this when sending an arbitrary file such as foo.txt)

I started writing a builder. Patch attached.
As of now it handles "Application/EDI-consent", which means unencrypted and unsigned custom content.
It simply reads the content of the MIME attachment and wraps in a SOAP Envelope.

To test:

1. Add this to axis2.xml:

"<messageBuilder contentType="application/edi-consent" class="org.apache.synapse.format.as2.AS2MessageBuilder"/>"

2. Start Synapse with following config:

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <proxy name="AS2Proxy">
        <target>
            <inSequence>
            <log level="full" />
            </inSequence>
        </target>
    </proxy>
</definitions>

3. Start mendelson and create a new partner.
4. Select "No signature" and "No encryption" under algorithms.
5. Set "http://localhost:8280/services/AS2Proxy" as the Receipt URL in Send tab.

6. Go to "File-> Send file to partner", and send a file such as a text file.

If we send a text file containing the word "foo", the message should be logged as:

"INFO LogMediator To: /services/AS2Proxy, MessageID: urn:uuid:e3fe8e73-a4c1-48f7-9572-8d6a07a65516, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><as2Message>foo</as2Message></soapenv:Body></soapenv:Envelope>"


Some points of concern:

1. Since we should handle multiple content types, I suppose we can specify same builder for those content types in axis2.xml and process them accordingly in the builder.
2. Security aspects:

Java Security APIs [1] seem to provide support for many cryptographic algorithms. JavaMail API[2] could be used to process MIME messages.

Meldonson uses Bouncy Castle Crypto APIs [3] (MIT). It provides APIs to specifically  handle S/MIME and PKCS7.
Will read more on this.

3. EDIFACT representation in SOAP (i.e. when the content-type is "application/EDIFACT")
4. Have to look in to handling MDNs.

[1] - http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html
[2] - http://www.oracle.com/technetwork/java/javamail/index.html
[3] - http://www.bouncycastle.org/java.html

Feedback is much appreciated.


Regards,
Amila

On Wed, Mar 28, 2012 at 9:51 AM, Hiranya Jayathilaka <hiranya911@...> wrote:

Great research work up front. Do you have a plan as to how this can be implemented in Synapse? Since the wire level transport is HTTP I don't think we need a new transport. It would be basically a builder/formatter pair and a set of mediators to manipulate AS2 messages. Is that the case?

Thanks,

Hiranya

On Tue, Mar 27, 2012 at 8:15 PM, Amila Manoj <amilamanoj@...> wrote:

Hi,

Here's a brief summery on AS2.
Files are encoded as attachments in a S/MIME message. This is what we call an AS2 message.
Those messages are sent using the HTTP/HTTPS, usually POST
The Messages can be signed, encrypted. This is optional according to the specs.
Also, the Messages may request a MDN. (to provide non-repudiation) This is optional too. MDN is typically not encrypted.
If there are problems receiving or interpreting the original AS2 message, a "failed" MDN may be sent back.
Both "failed" MDN and not receiving MDN (when it is requested) are considered as failures according to specs.

I tried out Mendelson. They provide a AS2 server for testing [1] and a nice user interface.
The endpoints are referred to as business partners in AS2 jargon.
Mendelson allows to configure business partners. A business partner can be a local station or a remote station.
In a local config, we need to specify private keys for encryption and signing. These are picked from a PKCS12 key-store file. The URL to receive MDN can be also configured.
In a remote business partner, notable options are sending URL, encryption and signing algorithms (can choose not to sign/encrypt) and its public keys.

I'm looking at its source to understand how they handle S/MIME messages.

Will update the thread.

On Fri, Mar 23, 2012 at 12:17 PM, Amila Manoj <amilamanoj@...> wrote:

Hi all,

As I previously mentioned in the JIRA [0], I'm interested in adding $subject for Synapse as my GSoC 2012 project.
I went through some AS2 and EDIFACT resources, including [1] [2].

To add AS2 support to Synapse, I think the task is to write a new transport (as described in Axis2 documentation).
Once the transport is complete, Synapse will be able to mediate AS2 based messages across other transports that Synapse support.

Like all other transport components of Synapse, AS2 transport should include a receiver and a sender.
These will be configurable in the axis2.xml file of Synapse.
Configuring Synapse using axis2.xml for AS2 will look like:
    <transportReceiver name="as2" class="org.apache.synapse.transport.as2.AS2TransportListener">
         ...parameters...
    </transportReceiver> 
        and similarly,
    <transportSender name="as2" class="org.apache.synapse.transport.as2.AS2TransportSender">
        ...parameters...
    </transportSender>

According to the specifications, AS2 can be used send appropriately packaged EDI, XML, or other business data, using HTTP POST.
I think the focus should be to support EDIFACT based messages.

Since Synapse uses SOAP as the common message representation, we should convert incoming messages into a SOAP representation.
However, EDIFACT messages are non-XML. Therefore we'll have to convert them into XML and wrap it within a SOAP envelope.
(Similar to what's done in FIX transport [3]). For this purpose, I think XML/EDIFACT format can be used [4]
Found this [7] library to convert EDIFACT TO XML (GPLv3), which might be useful.

Usually AS2 clients are called "Trading partners". When sending a message, they can request an acknowledgement message called MDN (Message Disposition Notification).
There are several options to send MDN, Sync, ASync, NoMDN etc. I think this is somewhat similar to axis2's MEP (message exchange patterns). (MDN vs. NoMDN for in-out vs. in-only MEPs. Sync vs. ASying for Blocking vs. Non-blocking MEPs)
   
Found 2 open source implementations of AS2 for java:
OpenAS2 (BSD) [5]
Mendelson (GPL) [6]
These days I'm trying out those implementations to get a better understanding of AS2.

I Will read on how security requirements specified in AS2 can be handled with Synapse.
Will also look into more details on how other transports in Synapse (like FIX) are written.

Any suggestions, pointers to the things I've missed are very much appreciated.

[0] - https://issues.apache.org/jira/browse/SYNAPSE-860
[1] - http://www.ietf.org/rfc/rfc4130.txt
[2] - http://www.unece.org/tradewelcome/areas-of-work/un-centre-for-trade-facilitation-and-e-business-uncefact/outputs/standards/unedifact/tradeedifactrules/part-4-edifact-rules-for-electronic-data-interchange-for-administration-commerce-and-transport/part-4-unedifact-rules-chapter-22-syntax-rules.html
[3] - http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/optional/fix/src/main/java/org/apache/synapse/transport
/fix/FIXUtils.java?view=markup
[4] - http://en.wikipedia.org/wiki/XML/EDIFACT
[5] - http://sourceforge.net/projects/openas2/
[6] - http://sourceforge.net/projects/mec-as2/
[7] - https://github.com/metormote/edifact-xml


Thanks,
Amila

--
Amila Manoj Silva
Undergraduate
Department of Computer Science and Engineering
University of Moratuwa
http://amilamanoj.blogspot.com/

[1]- http://as2.mendelson-e-c.com:8080/webas2/

--
Amila Manoj Silva
Undergraduate
Department of Computer Science and Engineering
University of Moratuwa
http://amilamanoj.blogspot.com/

--
Hiranya Jayathilaka
Associate Technical Lead;
WSO2 Inc.;  http://wso2.org
E-mail: hiranya@...;  Mobile: +94 77 633 3491
Blog: http://techfeast-hiranya.blogspot.com

--
Amila Manoj Silva
Undergraduate
Department of Computer Science and Engineering
University of Moratuwa
http://amilamanoj.blogspot.com/