Connector iteration 2 installation and configuration guide
First of all, latest release version is available at GitHub of WP5.
Before deploying there are 2 files that need to be configured.
application.properties and phase4.properties from iteration 1 are now merged into application.properties file.
application.properties
General
global.debug = false
(boolean) - enable development debug functionalityglobal.production = false
(boolean) - enable production mode (performance optimizations, less checks)global.instancename = de4a-connector-global
(string) - this is only used as the log prefix if the tracker is usedhttp.tls.trustall = true
(boolean) - use this to disable the hostname and trusted certificate check for SSL/TLS connections. Defaults tofalse
. Usingtrue
just for testing purposes, not recomended for production.http.proxy.enabled
(boolean) - is an HTTP proxy needed? Defaults tofalse
. [OBSOLETE on IT2 ?]http.proxy.address
(string) - the URL of the proxy server (including the scheme) (e.g.http://proxy.local
) [OBSOLETE on IT2 ?]http.proxy.port
(int) - the port to access the HTTP proxy server (e.g.8080
) [OBSOLETE on IT2 ?]http.proxy.non-proxy
(string) - a list of hosts that should not be proxied. Use the pipe character as the separator for multiple entries (as inlocalhost|127.0.0.1
). [OBSOLETE on IT2 ?]http.connection-timeout
(int) - the HTTP connection timeout in milliseconds [OBSOLETE on IT2 ?]http.read-timeout
(int) - the HTTP read/socket timeout in milliseconds [OBSOLETE on IT2 ?]de4a.tracker.enabled
(boolean) - enable or disable the remote tracker. Defaults tofalse
. [OBSOLETE on IT2 ?]de4a.tracker.viahttp
(boolean) -true
if the tracker should use http for transmission,false
if it should use TCP. The default is TCP (akafalse
). When using an HTTP proxy, this should be set totrue
, as most HTTP proxies don't let plain TCP traffic through. [OBSOLETE on IT2 ?]de4a.tracker.url
(string) (deprecated since 0.2.3) - the URL where the tracker is collecting data elements [OBSOLETE on IT2 ?]de4a.tracker.url.tcp
(string) (since 0.2.3) - the TCP URL where the tracker is collecting data elements [OBSOLETE on IT2 ?]de4a.tracker.url.http
(string) (since 0.2.3) - the HTTP/HTTPS URL where the tracker is collecting data elements [OBSOLETE on IT2 ?]de4a.tracker.topic
(string) - the tracker topic (left pane) [OBSOLETE on IT2 ?]de4a.ial.url
(string) (since 0.2.4) - the HTTP/HTTPS URL where the IAL is waiting for queries [OBSOLETE on IT2 ?]de4a.me.implementation
(string) - the AS4 Gateway to use. Must be set. Currently supported values are: [OBSOLETE on IT2 ?]phase4
for using phase4 - requires the subprojectdcng-phase4
on the class pathholodeck
for using Holodeck - requires the subprojectdcng-holodeck
on the class path
de4a.me.incoming.url
(string) - the external URL to which incoming, validated documents, received via AS4, should be forwarded to. [OBSOLETE on IT2 ?]de4a.webapp.status.enabled
(boolean) -true
if the/status
API is enabled and may return details,false
if not. Defaults totrue
. [OBSOLETE on IT2 ?]de4a.webapp.data.path
(string) - The storage path for file etc. inside the Connector . [OBSOLETE on IT2 ?]de4a.smp.http.useglobalsettings = true
(boolean) -true
to use the global configuration items orfalse
to use the custom ones from "smp client configuration". Defaults totrue
.de4a.smp.usedns = true
(boolean) - use the SML system to dynamically discover partner systems? This should only befalse
for testing purposes. In production this should always betrue
.de4a.smp.static.endpointurl
(string) - the absolute URL of the AS4 endpoint URL. This is only evaluated ifde4a.smp.usedns
isfalse
. [OBSOLETE on IT2 ?]de4a.smp.static.certificate
(string) - the PEM encoded X509 certificate of the AS4 gateway. This is only evaluated ifde4a.smp.usedns
isfalse
. [OBSOLETE on IT2 ?]de4a.smp.static.smpurl
(string) - the absolute URL of the SMP to use. This is only evaluated ifde4a.smp.usedns
isfalse
. [OBSOLETE on IT2 ?]de4a.smp.sml.id
(string) - the ID of a predefined SML configuration to be used. This can effectively bedigitprod
(CEF SML) ordigittest
(CEF SMK). The recommended value for this property isdigittest
. This is the preferred way to specify the SML. This is only evaluated ifde4a.smp.usedns
istrue
. [OBSOLETE on IT2 ?]de4a.smp.sml.name = SML DE4A
(string) - internal name of the SML. Defaults toDE4A SML
. This is only evaluated ifde4a.smp.usedns
istrue
and ifde4a.smp.sml.id
is not valid. Caution: don't use it, except you know what you are doingde4a.smp.sml.dnszone = de4a.edelivery.tech.ec.europa.eu.
(string) - the DNS zone of the SML. This is only evaluated ifde4a.smp.usedns
istrue
and ifde4a.smp.sml.id
is not valid. Caution: don't use it, except you know what you are doingde4a.smp.sml.serviceurl =
https://edelivery.tech.ec.europa.eu/edelivery-sml (string) - the management service URL of the SML. This is only evaluated ifde4a.smp.usedns
istrue
and ifde4a.smp.sml.id
is not valid. Caution: don't use it, except you know what you are doingde4a.smp.sml.clientcert = true
(boolean) - is a client certificate need when talking to this SML. This is only evaluated ifde4a.smp.usedns
istrue
and ifde4a.smp.sml.id
is not valid. Caution: don't use it, except you know what you are doing
Additionally the configuration items of the SMP client should be configured. The complete description can be found at https://github.com/phax/peppol-commons#configuration - the main items are:smpclient.truststore.type = jks
(string): the type of key store to be used (eitherJKS
,PKCS12
orBCFKS
- case insensitive). Defaults toJKS
.smpclient.truststore.path = truststore/de4a-truststore-smp-v3-pw-de4a.jks
(string): the location of the trust store (of the specified type) to be used.smpclient.truststore.password = ****
(string): the password to access the trust store.
Kafka Logging
To enable Kafka logging, ‘de4a.kafka.enabled’ must be set to true.
# Kafka settings
de4a.kafka.enabled = true
de4a.kafka.url = de4a.simplegob.com:9092
Phase4 specific
Similar to phase4.properties file from iteration 1
phase4.datapath = temp/phase4
(string) - The base path where phase4 should store data to. This property is only used ifde4a.webapp.data.path
is not used (which only has effect indcng-webapp-*
).phase4.debug.http = true
(boolean) -true
if AS4 HTTP debugging should be enabled. Recommended to befalse
. Switch the debug level of the used SLF4J Logger to "debug" for a more verbose output. This configuration item is only evaluated once on startup.phase4.debug.incoming = true
(boolean) -true
to debug log certain details of incoming AS4 messages. This configuration item is evaluated for each incoming message.phase4.dump.incoming.path = temp/phase4
(string) - The absolute path on disk where incoming messages should be dumped to. If the value of this property isnull
or an empty String no dumping happens. This configuration item only evaluated once on startup.phase4.dump.outgoing.path = temp/phase4
(string) - The absolute path on disk where outgoing messages should be dumped to. If the value of this property isnull
or an empty String no dumping happens. This configuration item only evaluated once on startup.phase4.send.fromparty.id
(string) - TheFrom/PartyId
value for receiving party id. This value must be set and should be the CN part of the sender's X.509 AS4 certificate. [OBSOLETE on IT2 ?]phase4.send.fromparty.id.type
(string) - TheFrom/PartyId/@type
for sending party id. Defaults toignore-me
because it must be set but we don't care. [OBSOLETE on IT2 ?]phase4.send.toparty.id.type
(string) - TheTo/PartyId/@type
for receiving party id. Defaults toignore-me
because it must be set but we don't care. [OBSOLETE on IT2 ?]
# AS4 keystore for signing/decrypting
phase4.keystore.type = JKS
(string) - the type of the keystore (either JKS, PKCS12 or BCFKS - case insensitive) - defaults to JKS.
phase4.keystore.path = /path/to/jks_file/as4_keystore.jks
(string) - the path to the keystore (can be classpath relative or an absolute file)phase4.keystore.password = **********
(string) - the password to access the keystorephase4.keystore.key-alias =
phase4.keystore.key-password =
phase4.truststore.type
(string) - the type of the truststore (eitherJKS
,PKCS12
orBCFKS
- case insensitive) - defaults toJKS
.phase4.truststore.path
(string) - the path to the truststore (can be classpath relative or an absolute file)phase4.truststore.password
(string) - the password to access the truststore
de-do.json
This file is replacing old import.sql fron iteration 1. It is intended to let the Connector know both Data Owner and Data Evaluator endpoints addresses.
- When the Connector is acting as a Data Requestor (Data Evaluator side), it will be needed to address DE endpoints.
- When the Connector is acting as a Data Transferor (Data Owner side), it will be needed to address DO endpoints.
Data Requestor
The info configured under dataEvaluators is used by the Connector-DR to know the endpoints where the responses must be sent in each case.
- dataEvaluators.redirect is used by the Connector-DR to receive the redirectUserType response to redirect the user to the Data Owner to accept/reject the evidence (USI Pattern).
- dataEvaluators.response is used by the Connector-DR when the evidence is accepted by the user and must be redirected to the Data Evaluator (USI/IM Patterns).
- dataEvaluators.response and dataEvaluators.subscription_resp will be used by the subscription/notification pattern (Still under development).
Data Transferor
The info configured under DataOwners is used by the Connector-DT in order to know the endpoitns to the respective data owner (or mock do)
As you can see in the image, each endpoint corresponds to the url based on the pattern.