AS4 Crypto Operations Dokumentation

Dieser Service ist eine Spring Boot-Anwendung, die AS4-Nachrichten aus RabbitMQ empfängt und verarbeitet, führt kryptografische Operationen wie Signieren, Verschlüsseln, Verifizieren und Entschlüsseln durch. Anschließend werden die verarbeiteten Nachrichten an die Ausgabe-Warteschlange weitergeleitet.

Abhängigkeiten:

  1. HSM
  2. security server
  3. RabbitMq

Aktuator

Dies ist der Haupt-API-Link für den Aktuator: http://localhost:8096/actuator/health

DockerEnvironmentDetails

Docker und seine zugehörigen Dateien sind im Modul as4-cryptography-environment von as4-microservices-bundle/docker-compose verfügbar.

Funktionsbeschreibung der kryptografischen Vorgänge

  • Folgende APIs sind verfügbar:
  1. Sign/Encrypt AS4 Workflow

    Queue-Name:

    input: as4.encrypt.sign.consumer
    
    output: as4.outbound.consumer
    
    dlq: as4.encrypt.sign.consumer.dlq
    
  2. Verify/Decrypt AS4 Workflow

    Queue-Name:

    input: as4.verify.decrypt.consumer
    
    output: as4.receipt.create.consumer
    
    dlq: as4.verify.decrypt.consumer.dlq
    
  3. Sign AS4 Receipt Workflow

    Queue-Name:

    input: as4.sign.consumer
    
    output: as4.send.receipt.<dynamic-queue-address>.consumer
    
    dlq: as4.sign.consumer.dlq
    
  4. Verify AS4 Receipt Workflow

    Queue-Name::

    input: as4.verify.consumer
       	
    output: as4.receipt.parse.consumer
       	
    dlq: as4.verify.consumer.dlq
    

Sign/Encrypt AS4 Workflow

  • Consumer Queue: as4.encrypt.sign
  • Input consumed by Crypto-Operations
  • Request payload example:

     {
        "as4Id": "1000",
        "fromPartyId": "9907647000008",
        "toPartyId": "9903111000003",
        "tenant": "9907647000008",
        "partner": "9903111000003",
        "direction": "OUTBOUND",
        "sector": "ELECTRICTY",
        "as4Profile": "CEF",
        "serviceId": "http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service",
        "actionId": "http://docs.oasis-open.org/ebxml-msg/as4/200902/action",
        "address": "b2b@b2b",
        "as4MessageData": "LS0tLS0tPV9QYXJ0XzFfMTgkFnRSD5JICAAANCi0tLS0tLT1fUGFydF8xXzE4OTI5ODgyOTkuMTY3NDAxNjAwNDkxNy0t"
     }
    
  • Producer Queue: as4.outbound.consumer
  • Output produced by Crypto-Operations
  • Response payload example:

     {
       "as4Id":"1000",
       "fromPartyId":"9907647000008",
       "toPartyId":"9903111000003",
       "as4MessageData":"LS0tLS0tPV9QYXJ0XzBfNjgn0NCi0tLS0tLT1fUGFydF8wXzYwNDQyMTE3OC4xNjgwMDc5OTczMzcxLS0=",
       "tenant":"9907647000008",
       "partner":"9903111000003",
       "sector":"ELECTRICTY",
       "as4Profile":"CEF",
       "serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service","actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action",
       "signatureStatusCodes":[200],
       "signatureReport":{
             "certificateSki":["8e98ac4ea4ad199799dfbc576754d203288663dc"],
             "algorithms":["http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","http://www.w3.org/2001/10/xml-exc-c14n#","http://www.w3.org/2001/10/xml-exc-c14n#"],
             "verifications":null
             },
       "cryptStatusCodes":[200],
       "cryptReport":{
                 "certificateSki":["795551e3c525d6d54abe1b46662885385e1ddcf3","c9374ce5bd73c56a92f6657dc04b3be475cdf860"],
                 "algorithms":["http://www.w3.org/2009/xmlenc11#aes128-gcm","http://www.w3.org/2001/04/xmlenc#kw-aes128","http://www.w3.org/2009/xmlenc11#ECDH-ES","http://www.w3.org/2009/xmlenc11#ConcatKDF","http://www.w3.org/2001/04/xmlenc#sha256"],
                 "verifications":null
                },
       "address":"b2b@b2b",
       "direction":"OUTBOUND"
    

}

Verify/Decrypt AS4 Workflow

  • Consumer Queue: as4.verify.decrypt.consumer
  • Input consumed by Crypto-Operations
  • Request payload example:

     {
     "as4Id": "1000",
     "delivered": "2023-03-27T09:38:53.331+00:00",
     "deliveredReport": "delivered",
     "fromPartyId": "9907647000008",
     "toPartyId": "9903111000003",
     "tenant": "9903111000003",
     "partner": "9907647000008",
     "direction": "INBOUND",
     "sector": "ELECTRICTY",
     "as4Profile": "CEF",
     "serviceId": "http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service",
     "actionId": "http://docs.oasis-open.org/ebxml-msg/as4/200902/action",
     "as4MessageData": "LS0tLS0tPV9QYXJ0XzBgn0NCi0tLS0tLT1fUGFydF8wXzYwNDQyMTE3OC4xNjgwMDc5OTczMzcxLS0="
    }
    
  • Producer Queue: as4.receipt.create.consumer
  • Output produced by Crypto-Operations
  • Response payload example:

     {
       "as4Id":"1000",
       "fromPartyId":"9907647000008",
       "toPartyId":"9903111000003",
       "as4MessageData":"LS0tLS0tgn0NCi0tLS0tLT1fUGFydF8wXzYwNDQyMTE3OC4xNjgwMDc5OTczMzcxLS0=",
       "tenant":"9903111000003",
       "partner":"9907647000008",
       "sector":"ELECTRICTY",
       "as4Profile":"CEF",
       "serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service",
       "actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action",
       "signatureStatusCodes":[200],
       "signatureReport":{
       "certificateSki":["8e98ac4ea4ad199799dfbc576754d203288663dc"],
       "algorithms":["http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","http://www.w3.org/2001/10/xml-exc-c14n#","http://www.w3.org/2001/10/xml-exc-c14n#"],
       "verifications":null
       },
       "cryptStatusCodes":[200],
       "cryptReport":{
       "certificateSki":["c9374ce5bd73c56a92f6657dc04b3be475cdf860"],
       "algorithms":["http://www.w3.org/2009/xmlenc11#aes128-gcm","http://www.w3.org/2001/04/xmlenc#kw-aes128","http://www.w3.org/2009/xmlenc11#ConcatKDF","http://www.w3.org/2001/04/xmlenc#sha256"],
       "verifications":null
       },
       "delivered":"2023-03-27T09:38:53.331+00:00",
       "deliveredReport":"delivered",
       "direction":"INBOUND",60J3ZUH8NJAwOUxdrl7xA66yItOgnZHpENDqr7rl+1VDRzNPrWyLdD89/kFnRSD5JICAAA="
     } 
    

Sign AS4 Receipt Workflow

  • Consumer Queue: as4.sign.consumer
  • Input consumed by Crypto-Operations
  • Request payload example:

     {
       "as4Id":"12325",
       "businessId":"123",
       "delivered":"2023-03-27T09:38:53.331+00:00",
       "deliveredReport":"delivered",
       "fromPartyId":"9907647000008",
       "toPartyId":"9903111000003",
       "tenant":"9907647000008",
       "partner":"9903111000003",
       "sector":"ELECTRICTY",
       "as4Profile":"CEF",
       "serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service",
       "actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action",
       "statusCode":"200",
       "as4MessageData":"LS0tLS0tPkFnRSD5JICAAANCi0tLS0tLT1fUGFydF8xXzE4OTI5ODgyOTkuMTY3NDAxNjAwNDkxNy0t"
     }      
    
  • Producer Queue: as4.send.receipt..consumer
  • Output produced by Crypto-Operations
  • Response payload example:

     {
       "as4Id":"12325",
       "fromPartyId":"9907647000008",
       "toPartyId":"9903111000003","
       as4MessageData":"LS0tLS0tPV9QWdFIPkkgIAAA0KLS0tLS0tPV9QYXJ0XzFfNDIzMDQ0ODc3LjE2ODAwODE1NDYyOTUtLQ==",
       "tenant":"9907647000008",
       "partner":"9903111000003",
       "sector":"ELECTRICTY",
       "as4Profile":"CEF","serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service","actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action",
       "signatureStatusCodes":[200],
       "signatureReport":{
       "certificateSki":["8e98ac4ea4ad199799dfbc576754d203288663dc"],
       "algorithms":["http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","http://www.w3.org/2001/10/xml-exc-c14n#","http://www.w3.org/2001/10/xml-exc-c14n#"],
       "verifications":null
       },
       "businessId":"123",
       "statusCode":"200",
       "delivered":"2023-03-27T09:38:53.331+00:00",
       "deliveredReport":"delivered"
     } 
    

Verify AS4 Receipt Workflow

  • Consumer Queue: as4.verify.consumer
  • Input consumed by Crypto-Operations
  • Request payload example:

    {
       "as4Id": "12325",
       "businessId": "123",
       "delivered": "2023-03-27T09:38:53.331+00:00",
       "deliveredReport": "delivered",
       "fromPartyId": "9907647000008",
       "toPartyId": "9903111000003",
       "tenant": "9903111000003",
       "partner": "9907647000008",
       "sector": "ELECTRICTY",
       "as4Profile": "CEF",
       "serviceId": "http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service",
       "actionId": "http://docs.oasis-open.org/ebxml-msg/as4/200902/action",
       "statusCode": "200",
       "as4MessageData": "LS0tLS0tPV9QYXJ0XzFfNDQWdFIPkkgIAAA0KLS0tLS0tPV9QYXJ0XzFfNDIzMDQ0ODc3LjE2ODAwODE1NDYyOTUtLQ=="
    }
    
  • Producer Queue: as4.receipt.parse.consumer
  • Output produced by Crypto-Operations
  • Response payload example:

    {
       "as4Id":"12325",
       "fromPartyId":"9907647000008",
       "toPartyId":"9903111000003",
       "as4MessageData":"LS0tLS0QWdFIPkkgIAAA0KLS0tLS0tPV9QYXJ0XzFfNDIzMDQ0ODc3LjE2ODAwODE1NDYyOTUtLQ==",
       "tenant":"9903111000003",
       "partner":"9907647000008",
       "sector":"ELECTRICTY",
       "as4Profile":"CEF",
       "serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service",
       "actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action",
       "signatureStatusCodes":[200],
       "signatureReport":{
       "certificateSki":["8e98ac4ea4ad199799dfbc576754d203288663dc"],
       "algorithms":["http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","http://www.w3.org/2001/10/xml-exc-c14n#","http://www.w3.org/2001/10/xml-exc-c14n#"],
       "verifications":null
       },
       "businessId":"123",
       "statusCode":"200",
       "delivered":"2023-03-27T09:38:53.331+00:00",
       "deliveredReport":"delivered"
    } 
    

Multi-Tenant-Unterstützung

Die AS4 Crypto Operations wurden verbessert, um Multi-Tenant-Umgebungen zu unterstützen. Sie ermöglicht jetzt das Signieren, Überprüfen, Verschlüsseln und Entschlüsseln von AS4-Nachrichten für mehrere Mandanten.

Funktionen:

  1. Signieren: Der Dienst kann eine AS4-Nachricht für einen bestimmten Mandanten mit seinem zugehörigen Signatur-Zertifikat signieren.
  2. Überprüfung: Der Dienst kann eine AS4-Nachrichtensignatur für jeden Mandanten mit einem gemeinsamen Überprüfungszertifikat überprüfen.
  3. Verschlüsselung: Der Dienst kann eine AS4-Nachricht für einen bestimmten Mandanten mit einem gemeinsamen Verschlüsselungszertifikat verschlüsseln.
  4. Entschlüsselung: Der Dienst kann eine AS4-Nachricht für einen bestimmten Mandanten mit seinem zugehörigen Entschlüsselungszertifikat entschlüsseln.

Der Kunde kann die Multi-Tenant-Konfiguration wie folgt (in einer YML-Datei) durchführen:

  • Beispiel:

            fssTenantClients:
             - client: client1
               tenants:
                - 9900000000011
                - 9900000000012
             - client: client2
               tenants:
                - 9900000000021
            fssSharedClient: client42
    
View Me   Edit Me