Easier configuration and upgrade (#309)

* Minor changes to messaging for MDN disposition errors. * Use find_java to look for JAVA_HOME * Remove double square brackets for Ubuntu dash compat * Handle cleanup error better. * Cater for unusable or questionable file names * Fix formatting failures * Handle EOF exception gracefully for unreadable pending info files * Refresh the partnership variables just before processing document. * Use find_java for identifying Java * Use the java executable instead of javac as it is not always installed. Use bash shell explicitly to cater for Ubuntu mapping sh to dash * Simplify reconstituting the mime body part. Provide backwards compat for now. * Extract more values to properties in preparation for automated upgrades. * Sample properties file for property driven custom configuration. * Upgrade notes * Updated documentation for 3.4.1 * Add the reject_unsigned_meesages attribute as an example. * New version and updated libraries to latest.
OpenAS2 · Dec 4, 2022 · dcca5a0 · dcca5a0
1 parent a1670be
commit dcca5a0
Show file tree

Hide file tree

Showing 19 changed files with 200 additions and 108 deletions.
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,22 +1,23 @@
 #              OpenAS2 Server
-#              Version 3.4.0
+#              Version 3.4.1
 #              RELEASE NOTES
 -----
-The OpenAS2 project is pleased to announce the release of OpenAS2 3.4.0
+The OpenAS2 project is pleased to announce the release of OpenAS2 3.4.1
 
-The release download file is: OpenAS2Server-3.4.0.zip
+The release download file is: OpenAS2Server-3.4.1.zip
 
 The zip file contains a PDF document (OpenAS2HowTo.pdf) providing information on installing and using the application.
 ## NOTE: Testing covers Java 8 to 17. The application should work for older versions down to Java 7 but they are not tested as part of the CI/CD pipeline.
 
-Version 3.4.0 - 2022-10-04
+Version 3.4.1 - 2022-12-04
 This is an enhancement and minor bugfix release:
        **IMPORTANT NOTE**: Please review upgrade notes below if you are upgrading
 
-  1. Support for splitting line based files into multiple file. This is useful for very large files where encryption consumes too much memory.
-  2. Support other databases than H2 for the WebUI commands.
-  3. Catch exceptions in the strm command processor to avoid crashing the command processor.
-  4. Pre-enhance AS2 properties before adding system properties to cater for $ in system properties
+  1. Fix message attributes not being available to partnership config (eg attributes.filename)
+  2. Add defensie coding for highly questionnable file names sent by partner containing an asterisk such as ".*"
+  3. Further enhancements to the confog.xml extracting key values to properties to facilitate auto upgrades.
+  4. Enhance helper scripts to support non-prompting execution allowing invocation from other scripts.
+  5. Disable the WebUI module by default as it only runs with Java 11 and above.
 
 
 ##Upgrade Notes

diff --git a/Remote/pom.xml b/Remote/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>net.sf.openas2</groupId>
         <artifactId>OpenAS2</artifactId>
-        <version>3.4.0</version>
+        <version>3.4.1</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

diff --git a/Server/pom.xml b/Server/pom.xml
@@ -7,7 +7,7 @@
         <!-- DO NOT CHANGE THIS "groupId" WITHOUT CHANGING XMLSession.getManifestAttributes.MANIFEST_VENDOR_ID_ATTRIB -->
         <groupId>net.sf.openas2</groupId>
         <artifactId>OpenAS2</artifactId>
-        <version>3.4.0</version>
+        <version>3.4.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

diff --git a/Server/src/bin/find_java b/Server/src/bin/find_java
@@ -1,6 +1,4 @@
-#!/bin/sh
-# ----------------------------------------------------------------------------
-#!/bin/sh
+#!/bin/bash
 # OS specific support.  $var _must_ be set to either true or false.
 darwin=false;
 case "`uname`" in
@@ -46,7 +44,7 @@ if [ -z "$JAVA_HOME" ] ; then
 fi
 
 if [ -z "$JAVA_HOME" ]; then
-  javaExecutable="`which javac`"
+  javaExecutable="`which java`"
   if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
     # readlink(1) is not available as standard on Solaris 10.
     readLink=`which readlink`

diff --git a/Server/src/bin/gen_p12_key_par.sh b/Server/src/bin/gen_p12_key_par.sh
@@ -1,6 +1,7 @@
-#!/bin/sh
+#!/bin/bash
 
 x=`basename $0`
+
 if test $# -ne 4; then
   echo "Generate a certificate to a PKCS12 key store."
   echo "You must supply a target key store without the extension (extension will be added as .p12) and an alias for generated certificate."
@@ -44,17 +45,8 @@ if [ -n "$CERT_START_DATE" ]; then
 fi
 
 if [ -z $JAVA_HOME ]; then
-  OS=$(uname -s)  echo "Looking for JAVA_HOME on OS: ${OS}..."
-  if [[ "${OS}" == *Darwin* ]]; then
-    # Mac OS X platform
-    JAVA_HOME=$(/usr/libexec/java_home)
-  elif [[ "${OS}" == *Linux* ]]; then
-    # Linux platform
-    JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
-  elif [[ "${OS}" == *MINGW* ]]; then
-    # Windows NT platform
-    echo "Windows not supported by this script"
-  fi
+  baseDir=`dirname $0`
+  . ${baseDir}/find_java
 fi
 if [ -z $JAVA_HOME ]; then
   echo "ERROR: Cannot find JAVA_HOME"

diff --git a/Server/src/bin/import_alias_from_keystore.sh b/Server/src/bin/import_alias_from_keystore.sh
@@ -29,18 +29,8 @@ tgtAlias=$4
 action=$5
 
 if [ -z $JAVA_HOME ]; then
-  OS=$(uname -s)
-
-  if [[ "${OS}" == *Darwin* ]]; then
-    # Mac OS X platform
-    JAVA_HOME=$(/usr/libexec/java_home)
-  elif [[ "${OS}" == *Linux* ]]; then
-    # Linux platform
-    JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
-  elif [[ "${OS}" == *MINGW* ]]; then
-    # Windows NT platform
-    echo "Windows not supported by this script"
-  fi
+  baseDir=`dirname $0`
+  . ${baseDir}/find_java
 fi
 
 if [ -z $JAVA_HOME ]; then

diff --git a/Server/src/bin/import_public_cert.sh b/Server/src/bin/import_public_cert.sh
@@ -27,18 +27,8 @@ certAlias=$3
 action=$4
 
 if [ -z $JAVA_HOME ]; then
-  OS=$(uname -s)
-
-  if [[ "${OS}" == *Darwin* ]]; then
-    # Mac OS X platform
-    JAVA_HOME=$(/usr/libexec/java_home)
-  elif [[ "${OS}" == *Linux* ]]; then
-    # Linux platform
-    JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
-  elif [[ "${OS}" == *MINGW* ]]; then
-    # Windows NT platform
-    echo "Windows not supported by this script"
-  fi
+  baseDir=`dirname $0`
+  . ${baseDir}/find_java
 fi
 
 if [ -z $JAVA_HOME ]; then

diff --git a/Server/src/config/config.xml b/Server/src/config/config.xml
@@ -11,13 +11,18 @@
                email.logger.enabled="false"
                console.command.processor.enabled="true"
                socket.command.processor.enabled="false"
-               restapi.command.processor.enabled="true"
+               restapi.command.processor.enabled="false"
                module.AS2SenderModule.enabled="true"
+               module.AS2SenderModule.readtimeout="60000"
                module.MDNSenderModule.enabled="true"
                module.DbTrackingModule.enabled="true"
                module.MDNFileModule.enabled="true"
+               module.MDNFileModule.filename="$properties.storageBaseDir$/$mdn.msg.sender.as2_id$-$mdn.msg.receiver.as2_id$/mdn/$date.yyyy-MM-dd$/$mdn.msg.headers.message-id$"
                module.MessageFileModule.enabled="true"
+               module.MessageFileModule.filename="$properties.storageBaseDir$/$msg.sender.as2_id$-$msg.receiver.as2_id$/inbox/$msg.headers.message-id$"
+               module.MessageFileModule.header="$properties.storageBaseDir$/$msg.sender.as2_id$-$msg.receiver.as2_id$/msgheaders/$date.yyyy-MM-dd$/$msg.headers.message-id$"
                module.DirectoryResenderModule.enabled="true"
+               module.DirectoryResenderModule.resenddelay="60"
                module.AS2ReceiverModule.http.enabled="true"
                module.AS2ReceiverModule.http.port="10080"
                module.AS2MDNReceiverModule.http.enabled="true"
@@ -27,6 +32,7 @@
                module.AS2MDNReceiverModule.https.enabled="false"
                module.AS2MDNReceiverModule.https.port="10444"
                module.HealthCheckModule.enabled="false"
+               module.HealthCheckModule.port="10099"
                async_mdn_receiver_port="$properties.module.AS2MDNReceiverModule.http.port$"
                as2_async_mdn_url="http://localhost:$properties.async_mdn_receiver_port$"
                as2_keystore="%home%/as2_certs.p12"
@@ -114,7 +120,8 @@
               pendingMDNinfo="$properties.storageBaseDir$/pendinginfoMDN3"
               resend_max_retries="5">
       <module enabled="$properties.module.AS2SenderModule.enabled$"
-              classname="org.openas2.processor.sender.AS2SenderModule"/>
+              classname="org.openas2.processor.sender.AS2SenderModule"
+              readtimeout="$properties.module.AS2SenderModule.readtimeout$" />
       <module enabled="$properties.module.MDNSenderModule.enabled$"
               classname="org.openas2.processor.sender.MDNSenderModule"/>
       <!-- This directory polling module will parse the filename to get a sender, receiver and name of file to send to partner.
@@ -162,13 +169,13 @@
               tcp_server_password="$properties.msg_tracking.tcp_server_password$"/>
       <module enabled="$properties.module.MDNFileModule.enabled$"
               classname="org.openas2.processor.storage.MDNFileModule"
-              filename="$properties.storageBaseDir$/$mdn.msg.sender.as2_id$-$mdn.msg.receiver.as2_id$/mdn/$date.yyyy-MM-dd$/$mdn.msg.headers.message-id$"
+              filename="$properties.module.MDNFileModule.filename$"
               protocol="as2"
               tempdir="$properties.storageBaseDir$/temp"/>
       <module enabled="$properties.module.MessageFileModule.enabled$"
               classname="org.openas2.processor.storage.MessageFileModule"
-              filename="$properties.storageBaseDir$/$msg.sender.as2_id$-$msg.receiver.as2_id$/inbox/$msg.headers.message-id$"
-              header="$properties.storageBaseDir$/$msg.sender.as2_id$-$msg.receiver.as2_id$/msgheaders/$date.yyyy-MM-dd$/$msg.headers.message-id$"
+              filename="$properties.module.MessageFileModule.filename$"
+              header="$properties.module.MessageFileModule.header$"
               protocol="as2"
               tempdir="$properties.storageBaseDir$/temp"/>
       <module enabled="$properties.module.AS2ReceiverModule.http.enabled$"
@@ -199,10 +206,10 @@
               classname="org.openas2.processor.resender.DirectoryResenderModule"
               resenddir="$properties.storageBaseDir$/resend"
               errordir="$properties.storageBaseDir$/resend/error"
-              resenddelay="60"/>
+              resenddelay="$properties.module.DirectoryResenderModule.resenddelay$"/>
       <module enabled="$properties.module.HealthCheckModule.enabled$"
               classname="org.openas2.processor.receiver.HealthCheckModule"
-              port="10099"/>
+              port="$properties.module.HealthCheckModule.port$"/>
    </processor>
    <!-- The pollerConfigBase provides the base config for the partnership directory pollers. It must be placed at the top of the file -->
    <pollerConfigBase classname="org.openas2.processor.receiver.AS2DirectoryPollingModule"

diff --git a/Server/src/config/openas2.properties.sample b/Server/src/config/openas2.properties.sample
@@ -0,0 +1,81 @@
+storageBaseDir=/opt/MyCompanyAS2/data
+as2_keystore=$properties.storageBaseDir$/as2_certs.p12
+partnership_file=$properties.storageBaseDir$/partnerships.xml
+as2_keystore_password=032scali
+log_date_format=yyyy-MM-dd HH:mm:ss.SSS
+sql_timestamp_format=yyyy-MM-dd HH:mm:ss.SSS
+as2_message_id_format=$date.ddMMyyyyHHmmssZ$-$rand.UUID$
+as2_receive_message_filename_fallback=$rand.shortUUID$
+log_invalid_http_request=false
+# Logging to the console where the server is started. NOT to be used for production deployments.
+console.logger.enabled=false
+# enable logging to a file on a file system
+file.logger.enabled=true
+# set the location and file name format for logging
+file.logger.filename=$properties.storageBaseDir$/logs/log-$date.yyyyMMdd$.txt
+socket.logger.enabled=false
+email.logger.enabled=false
+# The command processor that works within the command line console after startup. NOT to be used for production deployments.
+console.command.processor.enabled=false
+# The command processor that works via a socket connection. Not very secure so ensure it is in a private network if used.
+socket.command.processor.enabled=false
+# The command processor that works via a HTTP requests.
+restapi.command.processor.enabled=false
+# Manage the AS2 Sender module - if not sending files to partners it can be turned off
+module.AS2SenderModule.enabled=true
+# Time for the HTTP handler to wait for a response from the partner
+module.AS2SenderModule.readtimeout=3000000
+# Manage the MDN Sender module - if not receiving files from partners it can be turned off
+module.MDNSenderModule.enabled=true
+# Module for tracking inbound and outbound messages in a database in addition to normal logging.
+module.DbTrackingModule.enabled=true
+# Module to store received and sent MDN's. Can be switched off if you do not need to keep a record of MDN's
+module.MDNFileModule.enabled=true
+# Module to store received AS2 messages. Unless you plug in another handler for received files, this module is required to be enabled.
+module.MessageFileModule.enabled=true
+module.MessageFileModule.filename=$properties.storageBaseDir$/$msg.sender.as2_id$-$msg.receiver.as2_id$/inbox/$msg.content-disposition.filename$-$msg.headers.message-id$
+# Handles resending AS2 messages if there are any failures in sending the AS2 message include failure to receive an MDN
+module.DirectoryResenderModule.enabled=true
+# How long in seconds before the resender module attempts to resend a failed tranmission of an AS2 message
+module.DirectoryResenderModule.resenddelay=60
+# The HTTP receiver of AS2 messages. Only required if you are receiving AS2 messages. Can be switched off if you only send AS2 messages to other partners
+module.AS2ReceiverModule.http.enabled=true
+# The port on which the HTTP receiver will listen on if it is enabled
+module.AS2ReceiverModule.http.port=5080
+# The HTTP receiver of AS2 messages. Only required if you are receiving ASYNC MDN's. Can be switched off if you do not use ASYNC MDN mode.
+module.AS2MDNReceiverModule.http.enabled=true
+# The port on which the HTTP MDN receiver will listen on if it is enabled
+module.AS2MDNReceiverModule.http.port=5081
+# The HTTPS receiver of AS2 messages. Only required if you are receiving AS2 messages. Can be switched off if you only send AS2 messages to other partners
+module.AS2ReceiverModule.https.enabled=false
+# The port on which the HTTPS receiver will listen on if it is enabled
+module.AS2ReceiverModule.https.port=443
+# The HTTPS receiver of AS2 messages. Only required if you are receiving ASYNC MDN's. Can be switched off if you do not use ASYNC MDN mode.
+module.AS2MDNReceiverModule.https.enabled=false
+# The port on which the HTTPS MDN receiver will listen on if it is enabled
+module.AS2MDNReceiverModule.https.port=10444
+# Supports a healthcheck API to monitor the OpenAS2 server
+module.HealthCheckModule.enabled=false
+# What port can the healthcheck module run on
+module.HealthCheckModule.port="10099"
+# The ASYNC URL that will be used if you tunr on ASYN mode MDN for a partner. Can be overridden explicitly in the partnership definition
+#as2_async_mdn_url=https://myas2.mycomany.com:$properties.module.AS2MDNReceiverModule.https.port$
+# The keystore for SSL certificates if SSL is enabled
+ssl_keystore=$properties.storageBaseDir$/ssl_certs.jks
+# The SSL certificates keystore password
+ssl_keystore_password=Fantini0101
+# The location of the DB tracking database if using the H@ database which is the default in OpenAS2
+msg_tracking.db_directory=$properties.storageBaseDir$/DB
+msg_tracking.use_embedded_db=true
+msg_tracking.force_load_jdbc_driver=false
+msg_tracking.db_user=sa
+msg_tracking.db_pwd=OpenAS2
+msg_tracking.db_name=openas2
+msg_tracking.table_name=msg_metadata
+msg_tracking.jdbc_driver=org.h2.Driver
+msg_tracking.jdbc_connect_string=jdbc:h2:$component.db_directory$/$component.db_name$
+msg_tracking.sql_escape_character='
+msg_tracking.tcp_server_start=true
+msg_tracking.tcp_server_port=10092
+msg_tracking.tcp_server_password=openas2
+reject_unsigned_messages=true
diff --git a/Server/src/config/partnerships.xml b/Server/src/config/partnerships.xml
@@ -36,6 +36,7 @@
               Example below uses a property from the config.xml to facilitate centralised management of the URL
             <attribute name="as2_receipt_option" value="$properties.as2_async_mdn_url$"/> 
          -->
+
         <attribute name="encrypt" value="3DES"/>
         <attribute name="sign" value="SHA256"/>
         <attribute name="resend_max_retries" value="3"/>
@@ -71,6 +72,7 @@
         <sender name="PartnerA"/>
         <receiver name="MyCompany"/>
         <attribute name="store_received_file_to" value="$properties.storageBaseDir$/inbox/$msg.receiver.as2_id$/inbox/$msg.sender.as2_id$-$rand.12345$-$msg.content-disposition.filename$"/>
+        <attribute name="reject_unsigned_messages" value="true"/>
     </partnership>
 
     <partnership name="MyCompany-to-PartnerB">
@@ -99,6 +101,7 @@
     <partnership name="PartnerB-to-MyCompany">
         <sender name="PartnerB"/>
         <receiver name="MyCompany"/>
+        <attribute name="reject_unsigned_messages" value="true"/>
     </partnership>
 
 

diff --git a/Server/src/main/java/org/openas2/message/BaseMessage.java b/Server/src/main/java/org/openas2/message/BaseMessage.java
@@ -496,12 +496,15 @@ public String extractPayloadFilename() throws ParseException {
         if (tmpFilename == null || tmpFilename.length() < 1) {
             return null;
         }
+        if (tmpFilename.indexOf("*") >= 0) {
+            LogFactory.getLog(BaseMessage.class.getSimpleName()).warn("The 'filename' in disposition contains an asterisk. Setting to null.");
+            return null;
+        }
         try {
           tmpFilename = IOUtil.getSafeFilename(tmpFilename);          
         } catch (OpenAS2Exception oae) {
-          ParseException pe = new ParseException("Unable to extract a usable filename");
-          pe.initCause(oae);
-          throw pe;
+            LogFactory.getLog(BaseMessage.class.getSimpleName()).warn("Unable to extract a usable filename from: " + tmpFilename);
+            return null;
         }
         return tmpFilename;
     }