Difficult to make Hermes send an acknowledgement

204 views
Skip to first unread message

sigbj

unread,
Jan 2, 2012, 12:46:39 PM1/2/12
to Hermes 2.0 Discussion List
Difficult to make Hermes send an acknowledgement for received AppRec
message over smtp/pop3.

Hermes is successful in sending a xml-MSG, set up as a SOAP with
CPA,Action,Service and Roles, and a payload as signed, gzipped and
encrypted attachment. The receiver sends an ACK to the sender, and the
MSG from the sender is decrypted,uncompressed,verified and processed.
The receiver then sends an AppRec encrypted with senders cert as
answer for the processed senders MSG. Both messages enter the mailbox,
and upon hermes-start is taken into the mysql-database, but is not
sent to inbox. Therefore it cannot be fetched through GUI or by the
scripts in hermes2/samples/ebms-history or -envelope.
Sender is using Hermes2, receiver is not using Hermes2.
MSH is run async.

From the log it seems as enthough the CPA and partnership is
established and the cert is in its place in /home/hermes2/plugins/
hk.hku.cecid.ebms/security/, hermes cannot find the partnership and
the certificate in question displayed on the receivers ACK.

A similar test done as loopback to my own machine through the same
smtp with my own certs works in that Hermes is answering with positiv
ack.

I can not understand the mechanisms behind the error in the first
place. - Here is a log running on the problem. I have added comments
behind doubleslashes trying to explain what I for the most part think
is happening:

//START SENDING THE BKM MESSAGE
2011-12-20 12:57:33 [main ] <DEBUG> <cecid.ebms.spa> <Component
'System Logger' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:33 [main ] <DEBUG> <cecid.ebms.spa> <Component
'System Properties' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:33 [main ] <DEBUG> <cecid.ebms.spa> <Component
'System Messages' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:34 [main ] <DEBUG> <cecid.ebms.spa> <DAO
descriptor 'hk/hku/cecid/ebms/spa/conf/ebms.mysql.dao.xml' loaded
successfully>
2011-12-20 12:57:34 [main ] <DEBUG> <cecid.ebms.spa> <Component
'System DAO Factory' in module 'Ebms Plugin' initialized
successfully.>
2011-12-20 12:57:36 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Key Store Manager for Digital Signature' in module 'Ebms Plugin'
initialized successfully.>
2011-12-20 12:57:36 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Key Store Manager for Decryption (ebMS over SMTP)' in module 'Ebms
Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Outbox Collector' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Inbox Collector' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Mail Collector' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:57:36 [main ] <DEBUG> <cecid.ebms.spa> <Resuming
active monitor in module (Ebms Plugin). Current active threads: 0>
2011-12-20 12:57:36 [main ] <DEBUG> <cecid.ebms.spa> <Resuming
active monitor in module (Ebms Plugin). Current active threads: 0>
2011-12-20 12:57:36 [main ] <DEBUG> <cecid.ebms.spa> <Resuming
active monitor in module (Ebms Plugin). Current active threads: 0>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <Message
service handler started>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <Smtp
Server Setting: >

//NO SUPPORT FOR AUTH LOGIN ON THE SMTP SERVER; POP3 IS USED INSTEAD
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Host: pop3.mimer.no>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Protocol: pop3>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Port: 25>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
From Mail Address: sigb...@mimer.no>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Username: sigb...@mimer.no>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Password: ********>
2011-12-20 12:57:36 [Thread-3 ] <INFO > <cecid.ebms.spa> <Mail
Collector started - Host: pop3.mimer.no>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <Pop
Server Setting: >
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Host: pop3.mimer.no>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Protocol: pop3>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Port: 110>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Folder: INBOX>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Username: sigb...@mimer.no>
2011-12-20 12:57:36 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Password: ********>
2011-12-20 12:57:45 [-Processor25] <INFO > <cecid.ebms.spa> <Outbound
payload received - cpaId: 981789261_889640782_011, service:
BehandlerKrav, serviceType:string, action: OppgjorsMelding, convId:
be957f48-65b0-4d82-96de-3cce5dfa41ad, fromPartyId: 981789261,
fromPartyType: ENH, toPartyId: 889640782, toPartyType: ENH,
refToMessageId: null>
2011-12-20 12:57:45 [-Processor25] <INFO > <cecid.ebms.spa>
<Genereating message id: 20111220-1...@127.0.0.2>
2011-12-20 12:57:46 [-Processor25] <INFO > <cecid.ebms.spa> <Store
outgoing message: 20111220-1...@127.0.0.2>
2011-12-20 12:57:46 [-Processor25] <INFO > <cecid.ebms.spa> <Outbound
payload processed - cpaId: 981789261_889640782_011, service:
BehandlerKrav, action: OppgjorsMelding, convId:
be957f48-65b0-4d82-96de-3cce5dfa41ad, fromPartyId: 981789261,
fromPartyType: ENH, toPartyId: 889640782, toPartyType: ENH,
refToMessageId: null>
2011-12-20 12:57:47 [Thread-43 ] <INFO > <cecid.ebms.spa> <Sign the
message: 20111220-1...@127.0.0.2>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<setEnvelope, using algorithm: rsa-sha1>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<addDocument URI: cid:Payload-0, contentType: application/octet-
stream>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<start signing>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<got private key from keystore>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<created DocumentResolver>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<created Transform>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<added main document (envelope)>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<added 1 attachment documents>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<got the certificate chain from keystore>
2011-12-20 12:57:48 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<added the certificate chain to signature>
2011-12-20 12:57:51 [Thread-43 ] <DEBUG> <pkg.pki.ApacheXMLDSigner>
<message signed>
2011-12-20 12:57:51 [Thread-43 ] <INFO > <cecid.ebms.spa> <Send
message 20111220-1...@127.0.0.2 to motta...@test-es.nav.no>

//STOP HERMES
2011-12-20 12:58:07 [main ] <DEBUG> <cecid.ebms.spa> <Message
service handler stopped>
2011-12-20 12:58:07 [main ] <DEBUG> <cecid.ebms.spa>
<Suspending active monitor in module (Ebms Plugin). Current active
threads: 0>
2011-12-20 12:58:07 [main ] <DEBUG> <cecid.ebms.spa>
<Suspending active monitor in module (Ebms Plugin). Current active
threads: 0>
2011-12-20 12:58:07 [main ] <DEBUG> <cecid.ebms.spa>
<Suspending active monitor in module (Ebms Plugin). Current active
threads: 0>

//START HERMES TO GET THE ACK AND APPREC
2011-12-20 12:58:51 [main ] <DEBUG> <cecid.ebms.spa> <Component
'System Logger' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:51 [main ] <DEBUG> <cecid.ebms.spa> <Component
'System Properties' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:51 [main ] <DEBUG> <cecid.ebms.spa> <Component
'System Messages' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:52 [main ] <DEBUG> <cecid.ebms.spa> <DAO
descriptor 'hk/hku/cecid/ebms/spa/conf/ebms.mysql.dao.xml' loaded
successfully>
2011-12-20 12:58:52 [main ] <DEBUG> <cecid.ebms.spa> <Component
'System DAO Factory' in module 'Ebms Plugin' initialized
successfully.>
2011-12-20 12:58:53 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Key Store Manager for Digital Signature' in module 'Ebms Plugin'
initialized successfully.>
2011-12-20 12:58:53 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Key Store Manager for Decryption (ebMS over SMTP)' in module 'Ebms
Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Outbox Collector' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Inbox Collector' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <DEBUG> <cecid.ebms.spa> <Component
'Mail Collector' in module 'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <INFO > <cecid.ebms.spa> <Module
'Ebms Plugin' initialized successfully.>
2011-12-20 12:58:53 [main ] <DEBUG> <cecid.ebms.spa> <Resuming
active monitor in module (Ebms Plugin). Current active threads: 0>
2011-12-20 12:58:53 [main ] <DEBUG> <cecid.ebms.spa> <Resuming
active monitor in module (Ebms Plugin). Current active threads: 0>
2011-12-20 12:58:53 [main ] <DEBUG> <cecid.ebms.spa> <Resuming
active monitor in module (Ebms Plugin). Current active threads: 0>
2011-12-20 12:58:53 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <Message
service handler started>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <Smtp
Server Setting: >
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Host: pop3.mimer.no>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Protocol: pop3>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Port: 25>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
From Mail Address: sigb...@mimer.no>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Username: sigb...@mimer.no>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Smtp
Password: ********>
2011-12-20 12:58:54 [Thread-3 ] <INFO > <cecid.ebms.spa> <Mail
Collector started - Host: pop3.mimer.no>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <Pop
Server Setting: >
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Host: pop3.mimer.no>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Protocol: pop3>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Port: 110>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Folder: INBOX>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Username: sigb...@mimer.no>
2011-12-20 12:58:54 [Thread-3 ] <DEBUG> <cecid.ebms.spa> <- Pop
Password: ********>
2011-12-20 12:58:55 [Thread-3 ] <INFO > <cecid.ebms.spa> <Found 2
message(s) in mail box>
2011-12-20 12:58:57 [Thread-1 ] <INFO > <cecid.ebms.spa> <Recover
outbox message sending thread 1/1>
2011-12-20 12:58:57 [Thread-4 ] <INFO > <cecid.ebms.spa> <1
message(s) has been marked re-sending.>
2011-12-20 12:59:00 [Thread-11 ] <INFO > <cecid.ebms.spa> <Sign the
message: 20111220-1...@127.0.0.2>
//HERMES RECEIVES THE ACKNOWLEDGMENT
2011-12-20 12:59:00 [Thread-12 ] <INFO > <cecid.ebms.spa> <Received
an ebxml message from mail box>

//CANNOT FIND PARTNERSHIP
2011-12-20 12:59:01 [Thread-12 ] <ERROR> <cecid.ebms.spa>
<Unauthorized message, no partnership is found>

//RESENDING BECAUSE ACK IS NOT RECOGNISED
2011-12-20 12:59:02 [Thread-4 ] <INFO > <cecid.ebms.spa> <1
message(s) has been marked re-sending.>
2011-12-20 12:59:02 [Thread-13 ] <INFO > <cecid.ebms.spa> <Sign the
message: 20111220-1...@127.0.0.2>
2011-12-20 12:59:02 [Thread-12 ] <INFO > <cecid.ebms.spa> <Store
outgoing message: 20111220-1...@127.0.0.2>

//HERMES RECEIVES THE APPREC
2011-12-20 12:59:03 [Thread-14 ] <INFO > <cecid.ebms.spa> <Received
an ebxml message from mail box>
2011-12-20 12:59:03 [Thread-14 ] <INFO > <cecid.ebms.spa> <Incoming
ebxml message received: 20111220-1...@ebxml.xenos.com>
2011-12-20 12:59:03 [Thread-14 ] <ERROR> <cecid.ebms.spa> <Please
upload the certificate>
2011-12-20 12:59:03 [Thread-14 ] <ERROR> <cecid.ebms.spa> <Error in
finding the certificate>
java.lang.RuntimeException: Please upload the certificate
at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.findSenderCert(InboundMessageProcessor.java:
1513)
at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.checkSignature(InboundMessageProcessor.java:
1564)
at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.processIncomingMessage(InboundMessageProcessor.java:
127)
at
hk.hku.cecid.ebms.spa.handler.MessageServiceHandler.processInboundMessage(MessageServiceHandler.java:
276)
at hk.hku.cecid.ebms.spa.task.MailTask.execute(MailTask.java:
119)
at
hk.hku.cecid.piazza.commons.module.ActiveThread.run(ActiveThread.java:
90)
at java.lang.Thread.run(Thread.java:679)
2011-12-20 12:59:03 [Thread-14 ] <ERROR> <cecid.ebms.spa> <Error in
verifying signature>
hk.hku.cecid.ebms.spa.handler.MessageServiceHandlerException: Error in
finding the certificate
by java.lang.RuntimeException: Please upload the certificate
at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.findSenderCert(InboundMessageProcessor.java:
1518)
at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.checkSignature(InboundMessageProcessor.java:
1564)
at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.processIncomingMessage(InboundMessageProcessor.java:
127)
at
hk.hku.cecid.ebms.spa.handler.MessageServiceHandler.processInboundMessage(MessageServiceHandler.java:
276)
at hk.hku.cecid.ebms.spa.task.MailTask.execute(MailTask.java:
119)
at
hk.hku.cecid.piazza.commons.module.ActiveThread.run(ActiveThread.java:
90)
at java.lang.Thread.run(Thread.java:679)
Caused by: java.lang.RuntimeException: Please upload the certificate
at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.findSenderCert(InboundMessageProcessor.java:
1513)
... 6 more
2011-12-20 12:59:03 [Thread-14 ] <INFO > <cecid.ebms.spa> <Store the
incoming message: 20111220-1...@ebxml.xenos.com>

//HERMES SEEMINGLY SENDING AN ACKNOWLEDGEMENT RESP FOR THE APPREC
2011-12-20 12:59:03 [Thread-14 ] <INFO > <cecid.ebms.spa> <Sending
async reply message: 20111220-1...@127.0.0.2>
2011-12-20 12:59:04 [Thread-14 ] <INFO > <cecid.ebms.spa> <Store
outgoing message: 20111220-1...@127.0.0.2>
2011-12-20 12:59:04 [Thread-1 ] <ERROR> <cecid.ebms.spa>
<Partnership not found: (CPA ID: 981789261_889640782_011, Service:
BehandlerKrav , Action: Svarmelding)>
2011-12-20 12:59:04 [Thread-1 ] <ERROR> <cecid.ebms.spa> <Message
Validation Exception: 20111220-1...@127.0.0.2>
hk.hku.cecid.ebms.spa.task.MessageValidationException: Partnership
channel not found
at
hk.hku.cecid.ebms.spa.task.AgreementHandler.findPartnership(AgreementHandler.java:
191)
at
hk.hku.cecid.ebms.spa.task.AgreementHandler.<init>(AgreementHandler.java:
75)
at
hk.hku.cecid.ebms.spa.task.OutboxTask.<init>(OutboxTask.java:157)
at
hk.hku.cecid.ebms.spa.task.OutboxCollector.getTaskList(OutboxCollector.java:
68)
at
hk.hku.cecid.piazza.commons.module.ActiveTaskModule.execute(ActiveTaskModule.java:
137)
at
hk.hku.cecid.piazza.commons.module.ActiveModule.run(ActiveModule.java:
213)
at java.lang.Thread.run(Thread.java:679)

Torsten Kirschner

unread,
Jan 3, 2012, 7:06:49 AM1/3/12
to cecid-...@googlegroups.com
Hi,

regarding the unrecognized ebMS ACK, it's difficult to say without seing a copy of the entire ACK message in order to see the PartnerId, Service, Role, Action values, and your corresponding partnership records from your Hermes tables.
Other than that, ebMS uses certain defined values for Service and Action for ACKs sent on their own, cf ebMS 6.3.2.7. However, I cannot remember that these needed to be configured in the partnership table, but rather that they're hardcoded in the soure. If you or someone made changes to the source in order to support the Role element, then these may have broken this logic. Hard to say.

Regarding the AppRec receipt error: risking to state the obvious, but there are two certificates for each partner involved. NAV will sign messages with a different certificate than the one you encrypt to. Make sure you have both certificates at the right places in Hermes (partnership table?).

best regards
T

On Mon, Jan 2, 2012 at 6:46 PM, sigbj <sigb...@operamail.com> wrote:
Difficult to make Hermes send an acknowledgement for received AppRec
message over smtp/pop3.

[...]
//HERMES RECEIVES THE ACKNOWLEDGMENT

//CANNOT FIND PARTNERSHIP
2011-12-20 12:59:01 [Thread-12   ] <ERROR> <cecid.ebms.spa>
<Unauthorized message, no partnership is found>

[...]


//HERMES RECEIVES THE APPREC
2011-12-20 12:59:03 [Thread-14   ] <INFO > <cecid.ebms.spa> <Received
an ebxml message from mail box>
2011-12-20 12:59:03 [Thread-14   ] <INFO > <cecid.ebms.spa> <Incoming
ebxml message received: 20111220-1...@ebxml.xenos.com>
2011-12-20 12:59:03 [Thread-14   ] <ERROR> <cecid.ebms.spa> <Please
upload the certificate>
2011-12-20 12:59:03 [Thread-14   ] <ERROR> <cecid.ebms.spa> <Error in
finding the certificate>
java.lang.RuntimeException: Please upload the certificate
       at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.findSenderCert(InboundMessageProcessor.java:
1513)
       at
hk.hku.cecid.ebms.spa.handler.InboundMessageProcessor.checkSignature(InboundMessageProcessor.java:
1564)
       [...]

--
You received this message because you are subscribed to the Google Groups "Hermes 2.0 Discussion List" group.
To post to this group, send email to cecid-...@googlegroups.com.
To unsubscribe from this group, send email to cecid-hermes...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/cecid-hermes2?hl=en.


sigbj

unread,
Jan 4, 2012, 4:01:39 PM1/4/12
to Hermes 2.0 Discussion List
In the following I will give excerpts from the files in question.
Complete file would take too much space, I think. - Following the
ConversationId, MessageId and RefToMessage it should become clear that
they belong to each other.

-THE ACK-
What is to be noted is that Hermes is not returning or constructing an
Ack with the Role-elements. This might be the cause for my problem. At
the bottom I try to go into what has been done during the sorcecode
changes I had to make to achieve the <Role/>.

*Senders SOAP that has Payload (BKM.xml):

<eb:From>
<eb:PartyId eb:type="ENH">981789261</eb:PartyId>
<eb:Role>Behandler</eb:Role>
</eb:From>
<eb:To>
<eb:PartyId eb:type="ENH">889640782</eb:PartyId>
<eb:Role>KontrollUtbetaler</eb:Role>
</eb:To>
<eb:CPAId>981789261_889640782_011</eb:CPAId>
<eb:ConversationId>be957f48-65b0-4d82-96de-3cce5dfa41ad</
eb:ConversationId>
<eb:Service eb:type="string">BehandlerKrav</eb:Service>
<eb:Action>OppgjorsMelding</eb:Action>
<eb:MessageData>
<eb:MessageId>20111220-1...@127.0.0.2</eb:MessageId>
<eb:Timestamp>2011-12-20T12:57:45.752+01:00</eb:Timestamp>

*Receivers Soap Acknowledgement:

<eb:From>
<eb:PartyId eb:type="ENH">889640782</eb:PartyId>
<eb:Role>KontrollUtbetaler</eb:Role>
</eb:From>
<eb:To>
<eb:PartyId eb:type="ENH">981789261</eb:PartyId>
<eb:Role>Behandler</eb:Role>
</eb:To>
<eb:CPAId>981789261_889640782_011</eb:CPAId>
<eb:ConversationId>be957f48-65b0-4d82-96de-3cce5dfa41ad</
eb:ConversationId>
<eb:Service>urn:oasis:names:tc:ebxml-msg:service</eb:Service>
<eb:Action>Acknowledgment</eb:Action>
<eb:MessageData>
<eb:MessageId>20111220-1...@ebxml.xenos.com</eb:MessageId>
<eb:Timestamp>2011-12-20T11:57:57Z</eb:Timestamp>
</eb:MessageData>
</eb:MessageHeader>
<eb:Acknowledgment SOAP:actor="urn:oasis:names:tc:ebxml-
msg:actor:toPartyMSH" SOAP:mustUnderstand="1" eb:version="2.0">
<eb:Timestamp>2011-12-20T12:57:45Z</eb:Timestamp>
<eb:RefToMessageId>20111220-1...@127.0.0.2</
eb:RefToMessageId>

*Receivers Soap and AppRec(here decrypted;FNR &cet starred out):

<eb:From>
<eb:PartyId eb:type="ENH">889640782</eb:PartyId>
<eb:Role>KontrollUtbetaler</eb:Role>
</eb:From>
<eb:To>
<eb:PartyId eb:type="ENH">981789261</eb:PartyId>
<eb:Role>Behandler</eb:Role>
</eb:To>
<eb:CPAId>981789261_889640782_011</eb:CPAId>
<eb:ConversationId>be957f48-65b0-4d82-96de-3cce5dfa41ad</
eb:ConversationId>
<eb:Service eb:type="string">BehandlerKrav</eb:Service>
<eb:Action>Svarmelding</eb:Action>
<eb:MessageData>
<eb:MessageId>20111220-1...@ebxml.xenos.com</eb:MessageId>
<eb:Timestamp>2011-12-20T11:58:06Z</eb:Timestamp>
<eb:RefToMessageId>20111220-1...@127.0.0.2</
eb:RefToMessageId>
........................
<?xml version="1.0" encoding="ISO-8859-1"?>
<AppRec xmlns="http://www.kith.no/xmlstds/apprec/2004-11-21"
xmlns:xsd="http://www.w3.org/2001/XMLSchema.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.kith.no/xmlstds/apprec/2004-11-21
AppRec-v1-2004-11-21.xsd">
<MsgType V="APPREC"/>
<MIGversion>1.0 2004-11-21</MIGversion>
<GenDate>2011-12-20T12:58:05.972</GenDate>
<Id>1112201257sigb66167.1</Id>
<Sender>
<HCP>
<Inst>
<Name>Helseøkonomiforvaltningen HELFO</Name>
<Id>986965610</Id>
<TypeId V="ENH"/>
<Dept>
<Name>Kontrollsystem</Name>
</Dept>
</Inst>
</HCP>
</Sender>
<Receiver>
<HCP>
<Inst>
<Name>Ki**************** *. *******</Name>
<Id>***********</Id>
<TypeId DN="" V="FNR"/>
<AdditionalId>
<Id>981789261</Id>
<Type DN="" V="ENH"/>
</AdditionalId>
</Inst>
</HCP>
</Receiver>
<Status DN="OK" V="1"/>
<OriginalMsgId>
<MsgType DN="" V="KOM"/>
<IssueDate>2011-10-01T12:00:16</IssueDate>
<Id>653a31b7-653b-465b-a423-bc95039fe790</Id>
</OriginalMsgId>
</AppRec>

*Senders Hermes probably trying to send ACK for the AppRec(Note no
<Role/>):

<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-
ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://
www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://
schemas.xmlsoap.org/soap/envelope/ http://www.oasis-open.org/committees/ebxml-msg/schema/envelope.xsd">
<SOAP-ENV:Header xsi:schemaLocation="http://www.oasis-open.org/
committees/ebxml-msg/schema/msg-header-2_0.xsd
http://www.oasis-open.org/committees/ebxml-msg/schema/msg-header-2_0.xsd">
<eb:MessageHeader xmlns:eb="http://www.oasis-open.org/committees/
ebxml-msg/schema/msg-header-2_0.xsd" SOAP-ENV:mustUnderstand="1"
eb:version="2.0">
<eb:From>
<eb:PartyId eb:type="ENH">981789261</eb:PartyId>
</eb:From>
<eb:To>
<eb:PartyId eb:type="ENH">889640782</eb:PartyId>
</eb:To>
<eb:CPAId>981789261_889640782_011</eb:CPAId>
<eb:ConversationId>be957f48-65b0-4d82-96de-3cce5dfa41ad</
eb:ConversationId>
<eb:Service>urn:oasis:names:tc:ebxml-msg:service</eb:Service>
<eb:Action>MessageError</eb:Action>
<eb:MessageData>
<eb:MessageId>20111220-1...@127.0.0.2</eb:MessageId>
<eb:Timestamp>2011-12-20T12:59:03.957+01:00</eb:Timestamp>
<eb:RefToMessageId>20111220-1...@ebxml.xenos.com</
eb:RefToMessageId>
</eb:MessageData>
</eb:MessageHeader>
<eb:ErrorList xmlns:eb="http://www.oasis-open.org/committees/ebxml-
msg/schema/msg-header-2_0.xsd" SOAP-ENV:mustUnderstand="1"
eb:highestSeverity="Error" eb:version="2.0">
<eb:Error eb:errorCode="SecurityFailure" eb:severity="Error">
<eb:Description xml:lang="en-US">Security Checks Failed</
eb:Description>
</eb:Error>
</eb:ErrorList>
</SOAP-ENV:Header>
<SOAP-ENV:Body xsi:schemaLocation="http://www.oasis-open.org/
committees/ebxml-msg/schema/msg-header-2_0.xsd
http://www.oasis-open.org/committees/ebxml-msg/schema/msg-header-2_0.xsd"/>
</SOAP-
ENV:Envelope>

-SOURCE CODE CHANGES-
To get the From/ToRole sourcecode/recompile had to be done:
A simple way was this by Jonathan Kool, and it worked:
https://groups.google.com/group/cecid-hermes2/browse_thread/thread/37107800f559c248
24 Feb 2011, 11:21

A better way was this by Borge Nese, and I went for this one:
same thread
20 Mrz 2011, 11:47
Nese claimed that this would restore the Role for ACK, but I think I
lack a few files to recode and compile, uncertain of which ones.

The files changed are these and they had to be copied from the ant/
dist directories to where they belonged. I only copied the files that
I was sure were changed by the compilation (Mär 2011), checksumming
all of them to be sure. But it could be that I have missed something
here. But afterwards definition changes of the Role-elements in the
ebms-request.xml proved that it worked.

/home/hermes2/sample/lib
Nov 2010 slf4j-log4j12-1.4.3.jar
Nov 2010 slf4j-api-1.4.3.jar
Nov 2010 dom4j-1.6.1.jar
Nov 2010 commons-logging-1.1.jar
Nov 2010 activation-1.1.1.jar
Nov 2010 Tidy.jar
Nov 2010 saaj-impl-1.3.2.jar
Nov 2010 saaj-api-1.3.jar
Nov 2010 piazza-commons-ext.jar
Nov 2010 mailapi-1.4.1.jar
Nov 2010 log4j-1.2.15.jar
Nov 2010 junit-4.4.jar
Nov 2010 jaxen-1.1-beta-6.jar
Nov 2010 commons-httpclient-3.1.jar
Nov 2010 commons-fileupload-1.2.jar
Nov 2010 commons-codec-1.3.jar
Mär 2011 piazza-commons.jar
Mär 2011 corvus-ws-util.jar

/home/hermes2/plugins/hk.hku.cecid.ebms
Mär 2011 ebms-pkg.jar
Mär 2011 corvus-ebms-core.jar


-APPREC-
The certs in question:
/home/hermes2/plugins/hk.hku.cecid.ebms/security/
corvus.p12
t4N24_K-cer.pem
t4N25_V-cer.pem

The NonRepud for Verification of receivers Soap
http://community.cecid.hku.hk/index.php/product/article/reference_of_ebms_2_0_partnership_configuration/#signing-required
is the Test4NAV25 and that is uploaded in the Hermes GUI. It is there
in the security directory as shown. Upon uploading "changes are saved"
etc.

I hope this may clearify the situation.

Sincerely,
S.

On 3 Jan., 13:06, Torsten Kirschner <torsten.kirsch...@gmail.com>
wrote:
> Hi,
>
> regarding the unrecognized ebMS ACK, it's difficult to say without seing a
> copy of the entire ACK message in order to see the PartnerId, Service,
> Role, Action values, and your corresponding partnership records from your
> Hermes tables.
> Other than that, ebMS uses certain defined values for Service and Action
> for ACKs sent on their own, cf ebMS 6.3.2.7. However, I cannot remember
> that these needed to be configured in the partnership table, but rather
> that they're hardcoded in the soure. If you or someone made changes to the
> source in order to support the Role element, then these may have broken
> this logic. Hard to say.
>
> Regarding the AppRec receipt error: risking to state the obvious, but there
> are two certificates for each partner involved. NAV will sign messages with
> a different certificate than the one you encrypt to. Make sure you have
> both certificates at the right places in Hermes (partnership table?).
>
> best regards
> T
>
> On Mon, Jan 2, 2012 at 6:46 PM, sigbj <sigbj...@operamail.com> wrote:
> > Difficult to make Hermes send an acknowledgement for received AppRec
> > message over smtp/pop3.
>
> > [...]
> > //HERMES RECEIVES THE ACKNOWLEDGMENT
> > //CANNOT FIND PARTNERSHIP
> > 2011-12-20 12:59:01 [Thread-12   ] <ERROR> <cecid.ebms.spa>
> > <Unauthorized message, no partnership is found>
>
> > [...]
>
> > //HERMES RECEIVES THE APPREC
> > 2011-12-20 12:59:03 [Thread-14   ] <INFO > <cecid.ebms.spa> <Received
> > an ebxml message from mail box>
> > 2011-12-20 12:59:03 [Thread-14   ] <INFO > <cecid.ebms.spa> <Incoming
> > ebxml message received: 20111220-125806-05...@ebxml.xenos.com>

sigbj

unread,
Feb 21, 2012, 7:23:59 AM2/21/12
to Hermes 2.0 Discussion List
I have the CPA-ID in the partnership ok, but will the action-part
disturb Hermes here ?

2011-08-26 16:36:14 [Thread-1 ] <ERROR> <cecid.ebms.spa>
<Partnership not found: (CPA ID: 981789261_889640782_011, Service:
BehandlerKrav , Action: Svarmelding)>
2011-08-26 16:36:14 [Thread-1 ] <ERROR> <cecid.ebms.spa> <Message
Validation Exception: 20110826-1...@127.0.0.2>
hk.hku.cecid.ebms.spa.task.MessageValidationException: Partnership
channel not found
at
hk.hku.cecid.ebms.spa.task.AgreementHandler.findPartnership(AgreementHandler.java:
191)
at
hk.hku.cecid.ebms.spa.task.AgreementHandler.<init>(AgreementHandler.java:
75)
at
hk.hku.cecid.ebms.spa.task.OutboxTask.<init>(OutboxTask.java:157)
at
hk.hku.cecid.ebms.spa.task.OutboxCollector.getTaskList(OutboxCollector.java:
68)
at
hk.hku.cecid.piazza.commons.module.ActiveTaskModule.execute(ActiveTaskModule.java:
137)
at
hk.hku.cecid.piazza.commons.module.ActiveModule.run(ActiveModule.java:
213)
at java.lang.Thread.run(Thread.java:679)


>   <eb:MessageId>20111220-125745-72...@127.0.0.2</eb:MessageId>
>   <eb:Timestamp>2011-12-20T12:57:45.752+01:00</eb:Timestamp>
>
> *Receivers Soap Acknowledgement:
>
>   <eb:From>
>   <eb:PartyId eb:type="ENH">889640782</eb:PartyId>
>   <eb:Role>KontrollUtbetaler</eb:Role>
>   </eb:From>
>   <eb:To>
>   <eb:PartyId eb:type="ENH">981789261</eb:PartyId>
>   <eb:Role>Behandler</eb:Role>
>   </eb:To>
>   <eb:CPAId>981789261_889640782_011</eb:CPAId>
>   <eb:ConversationId>be957f48-65b0-4d82-96de-3cce5dfa41ad</
> eb:ConversationId>
>   <eb:Service>urn:oasis:names:tc:ebxml-msg:service</eb:Service>
>   <eb:Action>Acknowledgment</eb:Action>
>   <eb:MessageData>
>   <eb:MessageId>20111220-125757-63...@ebxml.xenos.com</eb:MessageId>
>   <eb:Timestamp>2011-12-20T11:57:57Z</eb:Timestamp>
>   </eb:MessageData>
>   </eb:MessageHeader>
>   <eb:Acknowledgment SOAP:actor="urn:oasis:names:tc:ebxml-
> msg:actor:toPartyMSH" SOAP:mustUnderstand="1" eb:version="2.0">
>   <eb:Timestamp>2011-12-20T12:57:45Z</eb:Timestamp>
>   <eb:RefToMessageId>20111220-125745-72...@127.0.0.2</
> eb:RefToMessageId>
>
> *Receivers Soap and AppRec(here decrypted;FNR &cet starred out):
>
>   <eb:From>
>   <eb:PartyId eb:type="ENH">889640782</eb:PartyId>
>   <eb:Role>KontrollUtbetaler</eb:Role>
>   </eb:From>
>   <eb:To>
>   <eb:PartyId eb:type="ENH">981789261</eb:PartyId>
>   <eb:Role>Behandler</eb:Role>
>   </eb:To>
>   <eb:CPAId>981789261_889640782_011</eb:CPAId>
>   <eb:ConversationId>be957f48-65b0-4d82-96de-3cce5dfa41ad</
> eb:ConversationId>
>   <eb:Service eb:type="string">BehandlerKrav</eb:Service>
>   <eb:Action>Svarmelding</eb:Action>
>   <eb:MessageData>
>   <eb:MessageId>20111220-125806-05...@ebxml.xenos.com</eb:MessageId>
>   <eb:Timestamp>2011-12-20T11:58:06Z</eb:Timestamp>
>   <eb:RefToMessageId>20111220-125745-72...@127.0.0.2</
> schemas.xmlsoap.org/soap/envelope/http://www.oasis-open.org/committees/ebxml-msg/schema/envelope.xsd">
> <SOAP-ENV:Header xsi:schemaLocation="http://www.oasis-open.org/
> committees/ebxml-msg/schema/msg-header-2_0.xsdhttp://www.oasis-open.org/committees/ebxml-msg/schema/msg-header-2_0.xsd">
>  <eb:MessageHeader xmlns:eb="http://www.oasis-open.org/committees/
> ebxml-msg/schema/msg-header-2_0.xsd" SOAP-ENV:mustUnderstand="1"
> eb:version="2.0">
>   <eb:From>
>     <eb:PartyId eb:type="ENH">981789261</eb:PartyId>
>   </eb:From>
>   <eb:To>
>     <eb:PartyId eb:type="ENH">889640782</eb:PartyId>
>   </eb:To>
>   <eb:CPAId>981789261_889640782_011</eb:CPAId>
>   <eb:ConversationId>be957f48-65b0-4d82-96de-3cce5dfa41ad</
> eb:ConversationId>
>   <eb:Service>urn:oasis:names:tc:ebxml-msg:service</eb:Service>
>   <eb:Action>MessageError</eb:Action>
>   <eb:MessageData>
>     <eb:MessageId>20111220-125903-95...@127.0.0.2</eb:MessageId>
>     <eb:Timestamp>2011-12-20T12:59:03.957+01:00</eb:Timestamp>
>     <eb:RefToMessageId>20111220-125806-05...@ebxml.xenos.com</
> eb:RefToMessageId>
>   </eb:MessageData>
>  </eb:MessageHeader>
>  <eb:ErrorList xmlns:eb="http://www.oasis-open.org/committees/ebxml-
> msg/schema/msg-header-2_0.xsd" SOAP-ENV:mustUnderstand="1"
> eb:highestSeverity="Error" eb:version="2.0">
>   <eb:Error eb:errorCode="SecurityFailure" eb:severity="Error">
>    <eb:Description xml:lang="en-US">Security Checks Failed</
> eb:Description>
>   </eb:Error>
>  </eb:ErrorList>
> </SOAP-ENV:Header>
> <SOAP-ENV:Body xsi:schemaLocation="http://www.oasis-open.org/
> committees/ebxml-msg/schema/msg-header-2_0.xsdhttp://www.oasis-open.org/committees/ebxml-msg/schema/msg-header-2_0.xsd"/>
> </SOAP-
> ENV:Envelope>
>
> -SOURCE CODE CHANGES-
> To get the From/ToRole sourcecode/recompile had to be done:
> A simple way was this by Jonathan Kool, and it worked:https://groups.google.com/group/cecid-hermes2/browse_thread/thread/37...
> The NonRepud for Verification of receivers Soaphttp://community.cecid.hku.hk/index.php/product/article/reference_of_...
> ...
>
> Erfahren Sie mehr »
Reply all
Reply to author
Forward
0 new messages