AS4 Crypto Operations Dokumentation
Dieser Service ist eine Spring Boot-Anwendung, die AS4-Nachrichten aus RabbitMQ empfängt und verarbeitet, führt kryptografische Operationen wie Signieren, Verschlüsseln, Verifizieren und Entschlüsseln durch. Anschließend werden die verarbeiteten Nachrichten an die Ausgabe-Warteschlange weitergeleitet.
Abhängigkeiten:
- HSM
- security server
- RabbitMq
Aktuator
Dies ist der Haupt-API-Link für den Aktuator: http://localhost:8096/actuator/health
DockerEnvironmentDetails
Docker und seine zugehörigen Dateien sind im Modul as4-cryptography-environment von as4-microservices-bundle/docker-compose verfügbar.
Funktionsbeschreibung der kryptografischen Vorgänge
- Folgende APIs sind verfügbar:
-
Sign/Encrypt AS4 Workflow
Queue-Name:
input: as4.encrypt.sign.consumer output: as4.outbound.consumer dlq: as4.encrypt.sign.consumer.dlq -
Verify/Decrypt AS4 Workflow
Queue-Name:
input: as4.verify.decrypt.consumer output: as4.receipt.create.consumer dlq: as4.verify.decrypt.consumer.dlq -
Sign AS4 Receipt Workflow
Queue-Name:
input: as4.sign.consumer output: as4.send.receipt.<dynamic-queue-address>.consumer dlq: as4.sign.consumer.dlq -
Verify AS4 Receipt Workflow
Queue-Name::
input: as4.verify.consumer output: as4.receipt.parse.consumer dlq: as4.verify.consumer.dlq
Sign/Encrypt AS4 Workflow
- Consumer Queue: as4.encrypt.sign
- Input consumed by Crypto-Operations
-
Request payload example:
{ "as4Id": "1000", "fromPartyId": "9907647000008", "toPartyId": "9903111000003", "tenant": "9907647000008", "partner": "9903111000003", "direction": "OUTBOUND", "sector": "ELECTRICTY", "as4Profile": "CEF", "serviceId": "http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service", "actionId": "http://docs.oasis-open.org/ebxml-msg/as4/200902/action", "address": "b2b@b2b", "as4MessageData": "LS0tLS0tPV9QYXJ0XzFfMTgkFnRSD5JICAAANCi0tLS0tLT1fUGFydF8xXzE4OTI5ODgyOTkuMTY3NDAxNjAwNDkxNy0t" } - Producer Queue: as4.outbound.consumer
- Output produced by Crypto-Operations
-
Response payload example:
{ "as4Id":"1000", "fromPartyId":"9907647000008", "toPartyId":"9903111000003", "as4MessageData":"LS0tLS0tPV9QYXJ0XzBfNjgn0NCi0tLS0tLT1fUGFydF8wXzYwNDQyMTE3OC4xNjgwMDc5OTczMzcxLS0=", "tenant":"9907647000008", "partner":"9903111000003", "sector":"ELECTRICTY", "as4Profile":"CEF", "serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service","actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action", "signatureStatusCodes":[200], "signatureReport":{ "certificateSki":["8e98ac4ea4ad199799dfbc576754d203288663dc"], "algorithms":["http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","http://www.w3.org/2001/10/xml-exc-c14n#","http://www.w3.org/2001/10/xml-exc-c14n#"], "verifications":null }, "cryptStatusCodes":[200], "cryptReport":{ "certificateSki":["795551e3c525d6d54abe1b46662885385e1ddcf3","c9374ce5bd73c56a92f6657dc04b3be475cdf860"], "algorithms":["http://www.w3.org/2009/xmlenc11#aes128-gcm","http://www.w3.org/2001/04/xmlenc#kw-aes128","http://www.w3.org/2009/xmlenc11#ECDH-ES","http://www.w3.org/2009/xmlenc11#ConcatKDF","http://www.w3.org/2001/04/xmlenc#sha256"], "verifications":null }, "address":"b2b@b2b", "direction":"OUTBOUND"
}
Verify/Decrypt AS4 Workflow
- Consumer Queue: as4.verify.decrypt.consumer
- Input consumed by Crypto-Operations
-
Request payload example:
{ "as4Id": "1000", "delivered": "2023-03-27T09:38:53.331+00:00", "deliveredReport": "delivered", "fromPartyId": "9907647000008", "toPartyId": "9903111000003", "tenant": "9903111000003", "partner": "9907647000008", "direction": "INBOUND", "sector": "ELECTRICTY", "as4Profile": "CEF", "serviceId": "http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service", "actionId": "http://docs.oasis-open.org/ebxml-msg/as4/200902/action", "as4MessageData": "LS0tLS0tPV9QYXJ0XzBgn0NCi0tLS0tLT1fUGFydF8wXzYwNDQyMTE3OC4xNjgwMDc5OTczMzcxLS0=" } - Producer Queue: as4.receipt.create.consumer
- Output produced by Crypto-Operations
-
Response payload example:
{ "as4Id":"1000", "fromPartyId":"9907647000008", "toPartyId":"9903111000003", "as4MessageData":"LS0tLS0tgn0NCi0tLS0tLT1fUGFydF8wXzYwNDQyMTE3OC4xNjgwMDc5OTczMzcxLS0=", "tenant":"9903111000003", "partner":"9907647000008", "sector":"ELECTRICTY", "as4Profile":"CEF", "serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service", "actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action", "signatureStatusCodes":[200], "signatureReport":{ "certificateSki":["8e98ac4ea4ad199799dfbc576754d203288663dc"], "algorithms":["http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","http://www.w3.org/2001/10/xml-exc-c14n#","http://www.w3.org/2001/10/xml-exc-c14n#"], "verifications":null }, "cryptStatusCodes":[200], "cryptReport":{ "certificateSki":["c9374ce5bd73c56a92f6657dc04b3be475cdf860"], "algorithms":["http://www.w3.org/2009/xmlenc11#aes128-gcm","http://www.w3.org/2001/04/xmlenc#kw-aes128","http://www.w3.org/2009/xmlenc11#ConcatKDF","http://www.w3.org/2001/04/xmlenc#sha256"], "verifications":null }, "delivered":"2023-03-27T09:38:53.331+00:00", "deliveredReport":"delivered", "direction":"INBOUND",60J3ZUH8NJAwOUxdrl7xA66yItOgnZHpENDqr7rl+1VDRzNPrWyLdD89/kFnRSD5JICAAA=" }
Sign AS4 Receipt Workflow
- Consumer Queue: as4.sign.consumer
- Input consumed by Crypto-Operations
-
Request payload example:
{ "as4Id":"12325", "businessId":"123", "delivered":"2023-03-27T09:38:53.331+00:00", "deliveredReport":"delivered", "fromPartyId":"9907647000008", "toPartyId":"9903111000003", "tenant":"9907647000008", "partner":"9903111000003", "sector":"ELECTRICTY", "as4Profile":"CEF", "serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service", "actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action", "statusCode":"200", "as4MessageData":"LS0tLS0tPkFnRSD5JICAAANCi0tLS0tLT1fUGFydF8xXzE4OTI5ODgyOTkuMTY3NDAxNjAwNDkxNy0t" } - Producer Queue: as4.send.receipt.
.consumer - Output produced by Crypto-Operations
-
Response payload example:
{ "as4Id":"12325", "fromPartyId":"9907647000008", "toPartyId":"9903111000003"," as4MessageData":"LS0tLS0tPV9QWdFIPkkgIAAA0KLS0tLS0tPV9QYXJ0XzFfNDIzMDQ0ODc3LjE2ODAwODE1NDYyOTUtLQ==", "tenant":"9907647000008", "partner":"9903111000003", "sector":"ELECTRICTY", "as4Profile":"CEF","serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service","actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action", "signatureStatusCodes":[200], "signatureReport":{ "certificateSki":["8e98ac4ea4ad199799dfbc576754d203288663dc"], "algorithms":["http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","http://www.w3.org/2001/10/xml-exc-c14n#","http://www.w3.org/2001/10/xml-exc-c14n#"], "verifications":null }, "businessId":"123", "statusCode":"200", "delivered":"2023-03-27T09:38:53.331+00:00", "deliveredReport":"delivered" }
Verify AS4 Receipt Workflow
- Consumer Queue: as4.verify.consumer
- Input consumed by Crypto-Operations
-
Request payload example:
{ "as4Id": "12325", "businessId": "123", "delivered": "2023-03-27T09:38:53.331+00:00", "deliveredReport": "delivered", "fromPartyId": "9907647000008", "toPartyId": "9903111000003", "tenant": "9903111000003", "partner": "9907647000008", "sector": "ELECTRICTY", "as4Profile": "CEF", "serviceId": "http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service", "actionId": "http://docs.oasis-open.org/ebxml-msg/as4/200902/action", "statusCode": "200", "as4MessageData": "LS0tLS0tPV9QYXJ0XzFfNDQWdFIPkkgIAAA0KLS0tLS0tPV9QYXJ0XzFfNDIzMDQ0ODc3LjE2ODAwODE1NDYyOTUtLQ==" } - Producer Queue: as4.receipt.parse.consumer
- Output produced by Crypto-Operations
-
Response payload example:
{ "as4Id":"12325", "fromPartyId":"9907647000008", "toPartyId":"9903111000003", "as4MessageData":"LS0tLS0QWdFIPkkgIAAA0KLS0tLS0tPV9QYXJ0XzFfNDIzMDQ0ODc3LjE2ODAwODE1NDYyOTUtLQ==", "tenant":"9903111000003", "partner":"9907647000008", "sector":"ELECTRICTY", "as4Profile":"CEF", "serviceId":"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/service", "actionId":"http://docs.oasis-open.org/ebxml-msg/as4/200902/action", "signatureStatusCodes":[200], "signatureReport":{ "certificateSki":["8e98ac4ea4ad199799dfbc576754d203288663dc"], "algorithms":["http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","http://www.w3.org/2001/10/xml-exc-c14n#","http://www.w3.org/2001/10/xml-exc-c14n#"], "verifications":null }, "businessId":"123", "statusCode":"200", "delivered":"2023-03-27T09:38:53.331+00:00", "deliveredReport":"delivered" }
Multi-Tenant-Unterstützung
Die AS4 Crypto Operations wurden verbessert, um Multi-Tenant-Umgebungen zu unterstützen. Sie ermöglicht jetzt das Signieren, Überprüfen, Verschlüsseln und Entschlüsseln von AS4-Nachrichten für mehrere Mandanten.
Funktionen:
- Signieren: Der Dienst kann eine AS4-Nachricht für einen bestimmten Mandanten mit seinem zugehörigen Signatur-Zertifikat signieren.
- Überprüfung: Der Dienst kann eine AS4-Nachrichtensignatur für jeden Mandanten mit einem gemeinsamen Überprüfungszertifikat überprüfen.
- Verschlüsselung: Der Dienst kann eine AS4-Nachricht für einen bestimmten Mandanten mit einem gemeinsamen Verschlüsselungszertifikat verschlüsseln.
- Entschlüsselung: Der Dienst kann eine AS4-Nachricht für einen bestimmten Mandanten mit seinem zugehörigen Entschlüsselungszertifikat entschlüsseln.
Der Kunde kann die Multi-Tenant-Konfiguration wie folgt (in einer YML-Datei) durchführen:
-
Beispiel:
fssTenantClients: - client: client1 tenants: - 9900000000011 - 9900000000012 - client: client2 tenants: - 9900000000021 fssSharedClient: client42