direct link technical guide. - nab personal banking · 2 applying for and downloading the digital...

Direct Link Technical Guide. Important Notice: The use of the information contained in this document by you is solely at your risk. NAB is not responsible or liable for any loss or damage you suffer in connection with the installation or attempted installation of the Direct Link software.

of 68 Direct Link Technical Guide

Table of Contents

1 Introduction ............................................................................................................................................... 3

1.1 Document Purpose.............................................................................................................................. 3 1.2 About Direct Link ................................................................................................................................. 3 1.3 About the Direct Link Scripts ............................................................................................................... 3 1.4 Security ............................................................................................................................................... 3 1.5 System Requirements ......................................................................................................................... 4

1.5.1 Prerequisites ................................................................................................................................ 4 1.5.2 Network Requirements ................................................................................................................ 4 1.5.3 Certificate application and retrieval requirements........................................................................ 4

1.6 Changes Required .............................................................................................................................. 4

2 Applying for and Downloading the Digital Certificates ........................................................................ 5

2.1 Create a nabGroup.com Profile .......................................................................................................... 5 2.2 Apply for the Digital Certificate ............................................................................................................ 8 2.3 Download the Digital Certificate ........................................................................................................ 12 2.4 Export your Private Key .................................................................................................................... 13 2.5 Export and Send your Public Key to NAB ......................................................................................... 19

3 Installing the Direct Link Software ....................................................................................................... 24

3.1 Download and install prerequisites ................................................................................................... 24 3.1.1 Perl ............................................................................................................................................. 24 3.1.2 Java ............................................................................................................................................ 24 3.1.3 JCE Unlimited Strength Jurisdiction Policy files ........................................................................ 24

3.2 Download and Extract the Direct Link Scripts ................................................................................... 25 3.3 Configure the Direct Link Scripts ....................................................................................................... 26

3.3.1 Directlink.cfg............................................................................................................................... 26 3.3.2 Typemap.cfg & Setup.cfg ........................................................................................................... 27 3.3.3 Set up directories ....................................................................................................................... 27 3.3.4 Set the keystore password ......................................................................................................... 28 3.3.5 Update mailbox password & first logon ..................................................................................... 29

3.4 Test Directlink.bat file transfer (Direct Entry) .................................................................................... 31 3.5 Configure any scheduled jobs ........................................................................................................... 31

4 Renewing your Digital Certificate ......................................................................................................... 32

4.1 Apply for the Digital Certificate .......................................................................................................... 32 4.2 Download the Digital Certificate ........................................................................................................ 36 4.3 Export your Private Key .................................................................................................................... 37 4.4 Export and Send your Public Key to NAB ......................................................................................... 43 4.5 Update the Keystore password ......................................................................................................... 48

4.5.1 Password resets / forgot password ............................................................................................ 50 4.5.2 Changing your password ........................................................................................................... 52

5 Appendix A: File Type Information Matrix ........................................................................................... 54

APPENDIX B: Direct Link Reply File Behaviour ......................................................................................... 56

APPENDIX C: Strawberry Perl Configuration ............................................................................................. 57

APPENDIX D: Common Direct Link Errors ................................................................................................. 58


1 Introduction

1.1 Document Purpose This document describes the steps a client must take in order to configure and install the Direct Link scripts provided by NAB and related components in a standard Windows environment. It is intended as an aid when assisting a client installing Direct Link. This is for NAB Direct Link Release 15.1

1.2 About Direct Link NAB Direct Link is a secure file transfer channel enabling connectivity with NAB's processing and reporting capabilities. Very much designed as a straight-through-processing channel, Direct Link does not feature an end-user interface and instead is designed to work side by side with your existing financial or ERP package allowing your system to integrate directly with NAB.

1.3 About the Direct Link Scripts The NAB Direct Link scripts are an easy way to get up and running with Direct Link. This provides most of the encoding, archiving and error handling required to operate Direct Link in a client’s environment. In its simplest form the Direct Link scripts effectively provides a directory structure which is broken up into 3 categories. These are;

SEND - contains sub-folders for any service which would require you to send files to NAB such as Direct Entry, RTGS or International Funds Transfer

STATUS - contains sub-folders for any service which would require you to receive an acknowledgement of transfer such as Direct Entry, RTGS or International Funds Transfer

RECEIVE - contains sub-folders for any service which would deliver a report such as Account Information or BPAY Reporting

Alternatively the client can build their own scripts based on the Secure File eXchange (SFX) and Secure/Multipurpose Internet Mail Extensions (S/MIME) utilities provided during implementation. The latest version of the Direct Link software is available from the following location: http://www.nab.com.au/directlinksoftware

1.4 Security Direct Link security is comprised of the following elements:

Communication channel encrypted using 128 bit SSL (HTTP/S)

SSL connection establishment based on mutual authentication of digital certificates

IP address validation

User name and Password provided over an encrypted channel

S/MIME message signing and encryption using 2048bit X509 digital certificates NOTE: You are responsible for the security of your system, such as programming and configuring your

equipment to prevent unauthorised use.

http://www.nab.com.au/directlinksoftware


1.5 System Requirements Other than requiring an environment that supports Java and Perl, Direct Link has no specific hardware requirements.

1.5.1 Prerequisites

Java 6 and upwards

JCE Unlimited Strength Jurisdiction Policy files (will need to match the version of Java)

Perl 5.10+

1.5.2 Network Requirements

The communications software utility requires Internet (TCP/IP) connectivity with the NAB Direct Link channel. The client will establish a HTTPS connection via port 443 to the NAB hosts:

test-connect.nabmarkets.com

connect.nabmarkets.com You will also need to provide an IP address, IP addresses or address ranges as part of the security model. NOTE: Authenticated proxies are not supported by Direct Link

1.5.3 Certificate application and retrieval requirements

Internet Explorer 6, 7, 8 or 9

Windows XP, Vista or 7

You must retrieve/download your certificate on the same machine you applied for the certificate on.

1.6 Changes Required

Changes to several components are required in order for your environment to support the Direct Link scripts:

Perl – must be upgraded/installed to support minimum Direct Link requirements

Java - must be upgraded/installed to support minimum Direct Link requirements

Job Scheduler – jobs must be scheduled to run the Direct Link scripts at appropriate times


2 Applying for and Downloading the Digital Certificates

2.1 Create a nabGroup.com Profile You will receive an email from NAB with a link to nabGroup.com portal to create the profile that you will use to request your Direct Link digital certificate:

Step Description

1 Note the Login Name in the email – you must use this as your profile name.

2 Click the link in the email.

3 Click the Register button:

You will be presented with the User Registration screen:


4 Under Reason for Registration, check Other and enter “Direct Link” in the Other Reason box:

NOTE: The contact details must match those of the Digital Certificate: Authorised person stated on the Direct Link registration form.

5 Once complete, click Save to submit the request:


6 You will receive a confirmation on screen and via email:

NOTE: Please email [email protected] and advise them that you have created your profile

mailto:[email protected]


2.2 Apply for the Digital Certificate You will receive an email confirming your nabGroup.com registration:

You will also receive an email with more detailed Direct Link instructions:

Step Description

1 Go to https://www.wholesale.nabGroup.com/Supporting/Pages/CertificateRenew.aspx and log in using the nabGroup.com details you provided during registration and click Login.

https://www.wholesale.nabgroup.com/Supporting/Pages/CertificateRenew.aspx


2 NOTE: If your operating system is Windows Vista or newer, please ensure you review the information on the page and complete the actions specifically for Windows 7 and Vista users BEFORE clicking “Generate Certificate” On the following page, enter your Secret Answer as provided during profile registration and click Generate Certificate:

You may receive the following error:


If so, click the information bar at the top of the page and select Run ActiveX Control:

3 On the next dialog, select Run:

4 Click re-enter your Secret Answer and click Generate Certificate again:

5 Click Yes when presented with the Potential Scripting Violation dialog:

6 Once processing is complete, you will receive confirmation on the main page:


NOTE: Please email [email protected] and advise them that you have requested your digital certificate



2.3 Download the Digital Certificate Once your certificate request is approved by NAB, you will receive an email from [email protected] to download your certificate:

Step Description

1 Click on URL in email and download the certificate by clicking Save:



2.4 Export your Private Key

Step Description

1 In your browser menu select, Tools and Internet Options:

2 Select Content and click on the Certificates box:

3 At this point you should see your certificate, issued by National Australia Bank Group Level 2 CA.


4 Select the appropriate certificate and click the Export button:

5 The Certificate Export Wizard will appear, click Next:


6 Select Yes, export the private key and click Next:

7 On the Export File Format page ensure that the following are checked;

Personal Information Exchange – PKCS #12(.PFX)

Include all certificates in the certification path if possible

Enable strong protection (require IE 5.0, NT 4.0 SP4 or above) and then select Next


Please note, if you are a Windows Vista or Windows 7 user, you will see the screen below instead


8 You will be prompted to enter a password. Select and confirm your password, then click Next:

NOTE: This password is used to protect the private key and will be required for import as well as in the event of restoring the Certificate. This is known as your KEYSTORE PASSWORD and will be required in a later stage of the software configuration as part of step 3.3.4

9 Input the file name, using client.pfx as the filename, select the directlink\cert folder and click Next:


10 Select Finish to complete the export of your Private certificate:

11 You will receive a confirmation:

NOTES:

Once exported, your client.pfx file should be approximately 5KB. If it is significantly smaller, please re-export or seek NAB assistance.

Back-up the certificate to a diskette/shared network resource and store for safe keeping.


2.5 Export and Send your Public Key to NAB

Step Description





6 Select No, do not export the private key and click Next:


7 On the Export File Format page, ensure that Base-64 encoded X.509 (.CER) is checked and select Next:

8 Input the file name, using your profile name as the filename, select the directlink\cert folder and click Next:


9 Select Finish to complete the exporting of your Private certificate:

You will receive a confirmation:

Send your Public Key to [email protected]



3 Installing the Direct Link Software

3.1 Download and install prerequisites

3.1.1 Perl

Download and install Perl: http://www.activestate.com/activeperl/downloads Alternative location: http://strawberryperl.com/ NOTE: Please follow instructions issued by package provider. If you install a version of Perl from strawberryperl.com, please follow steps in Appendix ‘C’ NOTE: For unix envronments, please ensure Perl is configured/installed to allow “multi-threading”

3.1.2 Java

Oracle Java can be downloaded from the following location if required: http://www.oracle.com/technetwork/java/javase/downloads/index.html The JRE is recommended as opposed to the JDK NAB Direct Link is also compatible with IBM Java NOTE: Please follow instructions issued by package provider.

3.1.3 JCE Unlimited Strength Jurisdiction Policy files

Download the JCE Unlimited Strength Jurisdiction Policy files for your version of Java. The Oracle version can be located from the following location: http://www.oracle.com/technetwork/java/javase/downloads/index.html Extract the following files to the \lib\security\ folder of your Java installation (e.g.. C:\Program Files\Java\jre6\lib\security):

US_export_policy.jar

local_policy.jar NOTE: Overwrite existing files.

http://www.activestate.com/activeperl/downloads

http://strawberryperl.com/

http://www.oracle.com/technetwork/java/javase/downloads/index.html

http://www.oracle.com/technetwork/java/javase/downloads/index.html


3.2 Download and Extract the Direct Link Scripts

Step Description

1 Go to http://www.nab.com.au/directlinksoftware and download the latest version of the Direct Link scripts (this can be used for Unix and Windows based systems).

2 Extract the new scripts to a location of your choosing. The common location is C:\ so that the following directory structure is created:

C:\directlink C:\directlink\bin C:\directlink\cert C:\directlink\config C:\directlink\data C:\directlink\docs …… …… C:\directlink\smime

http://www.nab.com.au/directlinksoftware


3.3 Configure the Direct Link Scripts

3.3.1 Directlink.cfg

Step Description

1 Open \directlink\config\directlink.cfg in a text editor and configure the following values Server configuration

DirectLinkAddress= ServerCertificate=

Ensure that either the Test or Production security settings is enabled by commenting out the values that are unwanted, i.e. for connecting to the Direct Link TEST environment:

Proxy server If you are using a proxy to access the internet, uncomment and configure the following values.

HttpsProxyHost=proxyHost HttpsProxyPort=8484

NOTE: Authenticated proxies are not supported by Direct Link


3.3.2 Typemap.cfg & Setup.cfg

These files will be provided to you by NAB. These files must be present in the config directory to continue.

3.3.3 Set up directories

Step Description

1 Run Directlink.bat – setup Linux/Unix/Other users: Directlink.sh –setup) from a command line to set up the mailbox folders:

You should receive the following result:


3.3.4 Set the keystore password – Microsoft Windows

Step Description

1 Run Directlink.bat --setkspwd, enter your keystore password (and again to confirm) then click Change Password.

2 Run Directlink.bat –setsfxkspwd enter your keystore password (and again to confirm) then click Change Password.


3.3.5 Set the keystore password – Unix

Step Description

1 Run setpwd.sh –k -c, enter your keystore password Enter “Y” at the “Encrypt<Y>:” prompt

2 Run Sfx.sh type the newkeystorepassword and set the keystore

NOTE: The password will not be displayed as you type it

3.3.6 Update mailbox password & first logon - Windows

Step Description

1 Run Directlink.bat --preparembx You will be presented with the Prepare DirectLink mailbox dialog:


2 You can choose to set the same password for all mailboxes or set mailbox passwords individually. Password requirements

Minimum of 8 characters with a combination of letters (A-Z, a-z), numbers (0-9) and symbols (`~!@#$%^&*()-_=+[]{}\|;:'",./<>?)

At least 1 character from each group: Letters, Numbers, Symbols. Passwords are case sensitive.

If… Then…

Set password for all mailboxes

1 Leave the mailbox ID as [ALL] 2 Enter the temporary password provided by NAB 3 Enter a new password of your choosing 4 Enter a new password of your choosing (again) 5 Click Change Password

Set password for one mailbox

1 Enter the mailbox ID of your mailbox 2 Enter the temporary password provided by NAB 3 Enter a new password of your choosing 4 Enter a new password of your choosing (again) 5 Click Change Password

3 You will be prompted to overwrite; click Yes:


3.3.7 Update mailbox password & first logon – Unix

Step Description

1. Run setpwd.sh –p –c

1. Enter “ALL” as the “Mailbox ID” field 2. Enter “password” as the “Original password” value 3. Enter “Y” at the “Encrypt<Y>:” prompt and then <Enter> 4. Press <Enter> a second time

3.4 Test Directlink.bat file transfer (Direct Entry)

NOTE: You should only test file transfers in the TEST environment

Step Description

1 Copy a text file or test file into the /send/<service_subfolder> directory for your mailbox . Note: If you do not have a payment service established, our team will facilitate this initial test

2 Run Directlink.bat (Linux/Unix/Other users: Directlink.sh) and transfer the file - you should receive no errors

3 Wait 5 minutes, and then run Directlink.bat again – you should download the corresponding ACK file. Note: If you do not have a payment service established, our team will facilitate this initial test

3.5 Configure any scheduled jobs

Step Description

1 Configure your job scheduler to execute Directlink.bat on an appropriate schedule (See Appendix A: File Type Information Matrix for file timings).

2 Monitor and track for 30 minutes.


4 Renewing your Digital Certificate

4.1 Apply for the Digital Certificate Digital Certificates must be renewed every 2 years. NAB will contact you prior to the expiry to begin the renewal process You will receive an email from NAB asking you to renew your digital certificate prior to the expiry:


Step Description

1 Go to https://www.wholesale.nabGroup.com/Supporting/Pages/CertificateRenew.aspx and log in using the nabGroup.com details you provided during registration and click Login.

2 On the following page, enter your Secret Answer as provided during profile registration and click Generate Certificate: NOTE: If your operating system is Windows Vista or newer, please ensure you review the information on the page and complete the actions specifically for Windows 7 and Vista users BEFORE clicking “Generate Certificate”

https://www.wholesale.nabgroup.com/Supporting/Pages/CertificateRenew.aspx


You may receive the following error:

If so, click the information bar at the top of the page and select Run ActiveX Control:

3 On the next dialog, select Run:

4 Click re-enter your Secret Answer and click Generate Certificate again:

5 Click Yes when presented with the Potential Scripting Violation dialog:


6 Once processing is complete, you will receive confirmation on the main page:

NOTE: Please email [email protected] and advise them that you have requested your digital

certificate



4.2 Download the Digital Certificate Once your certificate request is approved, you will receive an email from [email protected] to download your certificate:

Step Description

1 Click on URL in email and download the certificate by clicking Save:



4.3 Export your Private Key

Step Description





6 Select Yes, export the private key and click Next:

7 On the Export File Format page ensure that the following are checked;

Personal Information Exchange – PKCS #12(.PFX)

Include all certificates in the certification path if possible

Enable strong protection (require IE 5.0, NT 4.0 SP4 or above) and then select Next


Please note, if you are a Windows Vista or Windows 7 user, you will see the screen below instead


8 You will be prompted to enter a password. Select and confirm your password, then click Next:

NOTE: This password is used to protect the private key and will be required for import as well as in the event of restoring the Certificate.

9 Input the file name, using client.pfx as the filename, select the directlink\cert folder and click Next:

NOTE: Do not overwrite your existing certificate until NAB has confirmed the new certificate is ready for use. If necessary, give your new certificate a different name until further advised by NAB.


10 Select Finish to complete the export of your Private certificate:

11 You will receive a confirmation:


NOTES:

Once exported, your client.pfx file should be approximately 5KB. If it is significantly smaller, please re-export or seek NAB assistance.

Back-up the certificate to a diskette/shared network resource and store for safe keeping.

4.4 Export and Send your Public Key to NAB

Step Description






6 Select No, do not export the private key and click Next:


7 On the Export File Format page, ensure that Base-64 encoded X.509 (.CER) is checked and select Next:

8 Input the file name, using your profile name as the filename, select the directlink\cert folder and click Next:


9 Select Finish to complete the exporting of your Private certificate:

You will receive a confirmation:

Send your Public Key to [email protected]

NOTE: When instructed by NAB, backup your existing client.pfx and then replace it with the new one.



4.4.1 Update the keystore password – Microsoft Windows

Step Description

3 Run Directlink.bat --setkspwd, enter your keystore password (and again to confirm) then click Change Password.

4 Run Directlink.bat –setsfxkspwd enter your keystore password (and again to confirm) then click Change Password.


4.4.2 Update the keystore password – Unix

Step Description

3 Run setpwd.sh –k -c, enter your keystore password Enter “Y” at the “Encrypt<Y>:” prompt

4 Run Sfx.sh type the newkeystorepassword and set the keystore

NOTE: The password will not be displayed as you type it


4.4.3 Password resets / forgotten password

If you have attempted to connect a mailbox with your Direct Link client software more than 3 times with an incorrect password, you will be locked from attempting to connect to that mailbox for the next 5 minutes. If you need to reset your password, call the Direct Link Support team on 1800 152 215. If your password has been reset by NAB, you will need to update your password files again. You can choose to set the same password for all mailboxes or set mailbox passwords individually. Password requirements


At least 1 character from each group: Letters, Numbers, Symbols.

Passwords are case sensitive.

If… Then…

NAB Direct Link is installed in a Microsoft Windows environment

Run Directlink.bat –preparembx You will be presented with the Parepare DirectLink mailbox dialog:

If… Then…




1 Enter the mailbox ID of your mailbox 2 Enter the temporary password provided by NAB 3 Enter a new password of your choosing


4 Enter a new password of your choosing (again) 5 Click Change Password

You will be prompted to overwrite; click Yes:

NAB Direct Link is installed in a Unix environment

If… Then…


Run setpwd.sh –p –c




1. Enter your mailbox ID in the “Mailbox ID” field 2. Enter “password” as the “Original password” value 3. Enter “Y” at the “Encrypt<Y>:” prompt and then <Enter> 4. Press <Enter> a second time


4.4.4 Changing your password

You can update your mailbox password remotely if you need to change it. You can choose to set the same password for all mailboxes or set mailbox passwords individually. Password requirements


At least 1 character from each group: Letters, Numbers, Symbols.

Passwords are case sensitive.

If… Then…

NAB Direct Link is installed in a Microsoft Windows environment

Run Directlink.bat –chgmbxpwd You will be presented with the Change Password DirectLink mailbox dialog:

If… Then…




6 Enter the mailbox ID of your mailbox 7 Enter the temporary password provided by NAB


8 Enter a new password of your choosing 9 Enter a new password of your choosing (again) 10 Click Change Password

You will be prompted to overwrite; click Yes:

NAB Direct Link is installed in a Unix environment

If… Then…





5 Appendix A: File Type Information Matrix Product File File Type Direct Link Local Folder Datatype Direction

(to/from client)

Frequency Approximate Delivery Timeframes

Recommended Schedule

Direct Entry (AUS) - Direct Credit Direct Entry file Instruction send/dc DTDC From Sent by client NA 30 mins

Direct Entry (AUS) - Direct Credit Direct Entry ACK Acknowledgment status/dc DTDCA To Per client file 0 - 15 mins of submission

30 mins

Direct Entry (AUS) – Disbursement Report – Direct Credit

Direct Entry Disbursement Report Report receive/dc DTDCR To Per client file 30-45 mins of submission

30 mins

Direct Entry (AUS) - Direct Debit Direct Entry file Instruction send/dd DTDD From Sent by client NA 30 mins

Direct Entry (AUS) - Direct Debit Direct Entry ACK Acknowledgment status/de DTDDA To Per client file 0 – 15 mins of submission

30 mins

Direct Entry (AUS) – Disbursement Report – Direct Debit

Direct Entry Disbursement Report Report Receive/dd DTDDR To Per client file 30-45 mins of submission

30 mins

Direct Entry (NZ) Direct Entry file Instruction send/nz_de DTPCB01 From Sent by client NA 30 mins

Direct Entry (NZ) Direct Entry ACK Acknowledgment status/nz_de DTGEN01A To Per client file 0 - 15 mins of submission

NAB Payments NAB Payments File Instruction send/nabpayments DTNP From Sent by client NA 30 mins

NAB Payments NAB Payments ACK File Acknowledgment status/nabpayments DTNPA To Per client file 0 - 15 mins of submission

30 mins

NAB Payments Reporting Acknowledgement Report Acknowledgment receive/nabpaymentsrpt DTNPR To Per client file TBC 30 mins

NAB Payments Reporting Disbursement Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins

NAB Payments Reporting Presented Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins

NAB Payments Reporting Unpresented Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins

NAB Payments Reporting Stop Request Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins

NAB Payments Reporting Direct Entry Acknowledgment Report Acknowledgment receive/nabpaymentsrpt DTNPR To Per client file TBC 30 mins

NAB Payments Reporting Direct Entry Disbursement Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins

International Funds Transfer IFT MT103 Instruction send/itf DTINT From Sent by client NA 30 mins

International Funds Transfer EFT ACK Acknowledgment status/itf DTINTA To Per client file 1st: 0 - 15 mins of submission

30 mins

RTGS RTGS MT103 Instruction send/rtgs DTRTGS From Sent by client NA 30 mins

RTGS RTGS ACK Acknowledgment status/rtgs DTRTGSA To Per client file 1st: 0 - 15 mins 30 mins


of submission

NAI Report (Account Information) NAI Report Report receive/acct_info DTAUACIN To Daily Varies 30 mins

DE Returns Report (Dishonour) DE Returns Report based on APCA Id

Report receive/dereturn_apca DTRET01 To Daily 00:00 - 01:00 06:30, 07:30

DE Returns Report (Dishonour) DE Returns Report based on Trace Account

Report receive/dereturn_trace DTRET02 To Daily 00:00 - 01:00 06:30, 07:30

DE Returns Report (Dishonour) DE Returns Report based on APCA ID & Trace Account

Report receive/dereturn_trace DTRET03 To Daily 00:00 - 01:00 06:30, 07:30

Merchant Reporting (EB165) EB165 File Report receive/eb165 DTEF165 To Daily 22:00 – 00:00 06:30, 07:30

BPAY Reporting BRF File Report receive/bpay_brf DTBRF To Daily 21:00 - 22:00 06:30, 07:30

BPAY Reporting BRR File Report receive/bpay_brr DTBRR To Daily 03:00 - 04:00 06:30, 07:30

BPAY Reporting BRS File Report receive/bpay_brs DTBRS To Last day of the month

21:00 - 22:00 06:30, 07:30

All Items File (AIF) Automated Billing All Items File Report receive/aif DTAIF To Daily 00:30 - 03:30 06:30, 07:30

NBFI Reporting NBFI File Report receive/nbfi DTNBFI To Daily 00:30 - 03:30 06:30, 07:30

NAB Transact - Batch Credit Card

Batch Credit Card File Instruction send/bcc DTMOTO From Sent by client NA 30 mins


Batch Credit Card RECEIVED ACK Acknowledgment status/bcc DTNEPSA To Per client file 0 - 15 mins of submission

30 mins


Batch Credit Card PROCESSED/REJECTED ACK

Acknowledgment status/bcc DTNEPSA To Per client file 15 – 30 mins of submission

30 mins


Transaction Result (DOT) File Acknowledgment receive/bcc DTMOTOR To Per client file 15 – 30 mins of submission

30 mins

NAB Transact Reporting NAB Transact Report Report receive/nabtransactrpt DTTRANR To Daily Varies 30 mins

BPAY Batch BPAY Batch file Instruction send/BpayBatch DTBPB From Sent by client NA 30 mins

BPAY Batch BPAY Batch ACK Acknowledgment status/BpayBatch DTBPBA To Per client file 0 - 15 mins of submission

30 mins

BPAY Batch BPAY Batch results file Report receive/BpayBatch DTBPBR To Per client file 0 - 15 mins of submission

30 mins


APPENDIX B: Direct Link Reply File Behaviour Depending on the product you will see different behaviour in the generation and timing of acknowledgement files and reports.

Product 1st ACK 2

nd ACK Report Notes for test environment

Direct Entry Processed or Rejected

- -

Direct Entry - Future dated

Accepted or Rejected Processed -

ITF Received or Reject Paid* or Rejected* - *files require manual NAB intervention to make them available

RTGS Processed or Reject* - *only Reject messages will be received in the test environment

NAB Payments Received - Multiple* *files require manual NAB intervention to make them available

Batch Credit Card Received Processed*or Rejected* Result file* *files can take up to 30 minutes to be made available

BPAY Batch Received - Report file* *not available in the test environment


APPENDIX C: Strawberry Perl Configuration After installing Strawberry Perl you may encounter the error below when running Direct Link

To resolve this, simply action the following:

1) Copy file job.pm from ..\perl\lib\TAP\Parser\Scheduler\

2) Create folder ‘Win32’ in ..\directlink\lib\

3) Paste job.pm into directory ..\directlink\lib\Win32

4) Edit your directlink.cfg file (located in directlink\config folder), and comment out the following line: #EnableTimeout=true (note, the # at the front of this line indicate it has been successfully commented out)


APPENDIX D: Common Direct Link Errors NOTE: For addition information when troubleshooting Direct Link errors, please execute directlink.bat/directlink.sh using the “—trace –sfxdebug” options.

Process Problem Error Action

Configuring java.lang.ExceptionInInitializerError

C:\directlink>sfx

Gateware SFX (Secure File eXchange) 2.4.2 (6.6.23 Build 1)

(c) Copyright 2002, 2003, 2004 Clear2Pay. All rights reserved

> newkeystorepassword

New Password

Repeat New Password

A critical error has occurred

'java.lang.ExceptionInInitializerError'

An error has occurred at line 1. Exit code 14.

Download and install the Unlimited Strength Java Cryptography Extension (JCE) Policy files for your version of Java.

Connecting Error 404 in SFX Error 404 in SFX Re-export the private key and ensure 'Include all certificates in the certification path if possible' and 'Enable strong protection' are ticked.

Connecting Password Error

Connection failed 'Error when logging on - 'Either the user name

or password is invalid''

Confirm the mailbox password. Refer to section on mailbox password above to set the password correctly Alternatively, Contact NAB and have them reset the mailbox password.

Connecting HTTP error response status code 401 was returned.

> Connection failed 'HTTP error response status code 401 was

returned.'

An error has occurred at line 5. Exit code 16.

[ERROR] Processing status directory [data\TEST01AU\status\de]

failed

at E:\Appl\NTIGS\directlink.prod\lib/Error.pm line 185.

This error is caused by the client connecting to NAB with different IP address to what is registered. Contact NAB to confirm or update registered IP

Connecting GatewareHttpMailboxBean:sendRequest: SocketException incurred java.net.ConnectException: Connection refused: connectat java.net.PlainSocketImpl.socketConnect(Native Method)

2008/01/16 13:08:18.857 GatewareHttpMailboxBean:logon:

customerId 'test01au'

2008/01/16 13:08:18.857 GatewareHttpMailboxBean:sendRequest:

function 'logon'

2008/01/16 13:08:18.857 GatewareHttpMailboxBean:initialiseSSL:

invoked


Protocol:'https'

Client to edit <proxyEdit <proxy server> & <port number> values in sfx.bat and sfx.sh OR update the value in directlink config file OR client to white list Direct Links URL ( connect.nabmarkets.com and test-connect.nabmarkets.com ) in order to get around the proxy issue.



Host: 'connect.nabmarkets.com, port 443


ServletPath:

'/sfx/

GatewareMailboxServlet'2008/01/16 13:08:19.420

GatewareHttpMailboxBean:sendRequest: ServletSessionID: '

'2008/01/16 13:08:19.420 GatewareHttpMailboxBean:sendRequest:

opening connection


configuring connection


getting connectionOutputStream


SocketException incurred java.net.ConnectException: Connection

refused: connectat java.net.PlainSocketImpl.socketConnect(Native

Method)

at java.net.PlainSocketImpl.doConnect(Unknown Source)

at java.net.PlainSocketImpl.connectToAddress(Unknown

Source)

at java.net.PlainSocketImpl.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at

sun.net.www.protocol.https.HttpsClient.doConnect(Unknown Source)

at sun.net.www.http.HttpClient.openServer(Unknown Source)

at sun.net.www.http.HttpClient.openServer(Unknown Source)

at sun.net.www.protocol.https.HttpsClient.<init>(Unknown

Source)

at sun.net.www.protocol.https.HttpsClient.a(Unknown

Source)


Source)


Source)

at

sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.pl

ainCo

nnect(Unknown Source)

at

sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.co

nnect

(Unknown Source)

at

sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unkn

owS

ource)at

com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOl

dImpl

.getOutputStream(Unknown Source)

at


au.com.sienna.gwhttpclient.mailbox.GatewareHttpMailboxBean.a(Unk

nown

Source)at

au.com.sienna.gwhttpclient.mailbox.GatewareHttpMailboxBean.a(Unk

nown

Sourceat

au.com.sienna.gwhttpclient.mailbox.GatewareHttpMailboxBean.logon

(Unkn

own Source)at

au.com.sienna.gwhttpclient.mailbox.GatewareHttpMailboxBean.logon

(Unkn

own Source)

at au.com.sienna.gwhttpclient.sfx.SFX.null(Unknown

Source)

at au.com.sienna.gwhttpclient.sfx.SFX.if(Unknown Source)

at au.com.sienna.gwhttpclient.sfx.SFX.main(Unknown

Source)

2008/01/16 13:08:20.796 GatewareHttpMailboxBean:sendRequest: No

responseMsg object was received, setting up unknown error

Connection failed 'Communications error on socket -

'java.net.ConnectException:Connection refused: connect''

OR



> > > > Local directory changed to

'C:\directlink\data\temp\depq6hSi'

> Connection failed 'Error when logging on -

'javax.net.ssl.SSLException: Unrecognized SSL message, plaintext

connection?''

An error has occurred at line 5. Exit code 16.2008/08/11

16:32:15 Processing status directory [data\TEST01AU\status\de]

failed at \directlink\lib/Error.pm line 185.

Connecting BadPaddingException error

C:\export\nab\Sienna\SFX\bin>sfx



> customer test01au

> password password

> open connect.nabmarkets.com

Connection failed 'Communications error on socket -

'java.net.SocketException: Default SSL context i

nit failed: failed to decrypt safe contents entry:

javax.crypto.BadPaddingException: Given final block not properly

padded''

SFX keystore password does not match client.pfx keystore password. Update password using the ketstore password section in document.


Connecting SFX transfer failed (1)

[INFO] Processing directories under 'data'

[INFO] Processing directories for mailbox TEST01AU

[INFO] Checking download acknowledgments for: de

[ERROR] SFX transfer failed (1)

Usage: java [-options] class [args...]

(to execute a class)

or java [-options] -jar jarfile [args...]

(to execute a jar file)

where options include:

-client to select the "client" VM

-server to select the "server" VM

-hotspot is a synonym for the "client" VM [deprecated]

The default VM is client.

-cp <class search path of directories and zip/jar files>

-classpath <class search path of directories and zip/jar

files>

A ; separated list of directories, JAR

archives,

and ZIP archives to search for class files.

-D<name>=<value>

set a system property

-verbose[:class|gc|jni]

enable verbose output

-version print product version and exit

-version:<value>

require the specified version to run

-showversion print product version and continue

-jre-restrict-search | -jre-no-restrict-search

include/exclude user private JREs in the

version search

-? -help print this help message

-X print help on non-standard options

-ea[:<packagename>...|:<classname>]

-enableassertions[:<packagename>...|:<classname>]

enable assertions

-da[:<packagename>...|:<classname>]

-disableassertions[:<packagename>...|:<classname>]

disable assertions

-esa | -enablesystemassertions

enable system assertions

-dsa | -disablesystemassertions

disable system assertions

-agentlib:<libname>[=<options>]

load native agent library <libname>, e.g. -

agentlib:hprof

see also, -agentlib:jdwp=help and -

agentlib:hprof=help

-agentpath:<pathname>[=<options>]

The keystore password contained illegal characters. The following are not permitted: \ / " * ? < > | & % @ ^ , - $ = [ # + ; ~ Re-export the private key and provide a new password. Update the password in directlink.cfg file and in SFX via the ‘newkeystorepassword’ command.


load native agent library by full pathname

-javaagent:<jarpath>[=<options>]

load Java programming language agent, see

java.lang.instrument

-splash:<imagepath>

show splash screen with specified image

'-cp' is not recognized as an internal or external

command,operable program or batch file.

[FATAL] Processing status directory [data\TEST01AU\status\de]

failed

at \directlink\lib/DirectLink/Sfx.pm line 658.

[ERROR] Error occured

at \directlink\lib/Error.pm line 38.

Connecting java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation


© Copyright 2002, 2003 , 2004 Clear2Pay. All rights reserved

>>>> Local directory changed to ‘F:\Direct Link

\data\temp\au_accountF4NZab’

>Connection failed ‘Communications error on socket –

‘java.net.SocketException:

java.security.NoSuchAlgorithmException: Error constructing

implementation (algorithm: Default, provider: SunJSSE, class:

com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)”An error has

occurred at line 5. Exit code 16

SFX keystore password does not match client.pfx keystore password. Update password using the ketstore password section in document.

Encoding/Decoding SMime encode failed (256)

SMime encode failed (256)

Decoder: Activating Decoder V2.1 (Large File Version)

Decoder: Verifying arguments

Decoder: Setting up security providers

Decoder: Loading client certificate

Decoder: Loading server certificate

Decoder: Initialising decoder

Decoder: Decoding file ...

java.lang.NullPointerException at

au.com.national.ntigs.security.smime.entrust.EntrustSmimeDecoder

.decodeContent(EntrustSmimeDecoder.java:75)at

au.com.national.ntigs.security.smime.client.Decoder.decode(Decod

er.java:107)at

au.com.national.ntigs.security.smime.client.Decoder.main(Decoder

.java:61

)

The private key in \directlink\certs folder is incorrect. Ensure client is using the correct private key (file size 5KB)


Encoding/Decoding An Internal Key Problem error appears whilst trying to encode a file.

C:\Program Files\Sienna\SMIME\bin>encoder cert\TEST01AU_TEST.pfx

<password> cert\test-connect.nabmarkets.com.cer test.txt

test_enc.txt

Encoder: Verifying arguments

Encoder: Loading client certificate

Encoder: Loading server certificate

Encoder: Initialising encoder

Encoder: Loading input file

Encoder: Encoding file

Encoder: Writing output file

iaik.utils.InternalErrorException: Internal Key problem.

at

iaik.cms.EncryptedContentInfoStream.setupCipher(Unknown Source)

at iaik.cms.EnvelopedDataStream.<init>(Unknown Source)

at iaik.cms.EnvelopedDataStream.<init>(Unknown Source)

at iaik.smime.SMimeEncrypted.<init>(Unknown Source)

at iaik.smime.EncryptedContent.writeTo(Unknown Source)

at iaik.smime.encrypted_content.writeTo(Unknown Source)

at

javax.activation.ObjectDataContentHandler.writeTo(DataHandler.ja

va:839)

at

javax.activation.DataHandler.writeTo(DataHandler.java:295)

at

javax.mail.internet.MimeBodyPart.writeTo(MimeBodyPart.java:1147)

at

javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1607)

at

javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1583)

at

au.com.national.ntigs.security.smime.client.Encoder.go(Encoder.j

ava:5

6) at

au.com.national.ntigs.security.smime.client.Encoder.main(Encoder

.java:91)

Encoder: Error - IOException:

javax.mail.MessagingException:iaik.utils.Internal

ErrorException: Internal Key problem., aborting



Encoding/Decoding Encryption or Decryption Error


Encoder: Activating Encoder V2.1 (Large File Version)


Encoder: Setting up security providers

Encoder: Loading client and server certificate

Encoder: Initialising encoder


Encoder: Encoding file ...

Encoder: Error - SmimeEncodingException:

com.entrust.toolkit.exceptions.PKCS7Exception: internal error,

aborting

au.com.national.ntigs.security.smime.error.SmimeEncodingExceptio

n: com.entrust.toolkit.exceptions.PKCS7Exception: internal error

atau.com.national.ntigs.security.smime.entrust.EntrustSmimeEnco

der.encodeLargeDataClientVersion(EntrustSmimeEncoder.java:92)

at

au.com.national.ntigs.security.smime.client.Encoder.encode(Encod

er.java:105)

at


.java:55)

Caused by: com.entrust.toolkit.exceptions.PKCS7Exception:

internal error

at com.entrust.toolkit.PKCS7EncodeStream.d(Unknown Source)

at com.entrust.toolkit.PKCS7EncodeStream.f(Unknown Source)

at com.entrust.toolkit.PKCS7EncodeStream.write(Unknown Source)

at

au.com.national.ntigs.security.smime.entrust.EntrustSmimeEncoder

.write

Stream(EntrustSmimeEncoder.java:171)

At

au.com.national.ntigs.security.smime.entrust.EntrustSmimeEncoder

.encode

LargeDataClientVersion(EntrustSmimeEncoder.java:81)

... 2 more

Caused by: java.lang.SecurityException: Unsupported keysize or

algorithm parameters

at javax.crypto.Cipher.init(DashoA12275)

at

iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown

Source)

at


Source)

at iaik.pkcs.pkcs7.SignedAndEnvelopedDataStream.<init>(Unknown

Source)

... 7 more

Or Decryption Error

Decoder: Verifying arguments

Decoder: Loading client certificate

Decoder: Loading server certificate



Decoder: Initialising decoder

Decoder: Loading input file

Decoder: Decoding filejava.security.AccessControlException:

access denied (java.io.FilePermission /dev/random read)

atjava.security.AccessControlContext.checkPermission(AccessContr

olContext.java:269)

at

java.lang.SecurityManager.checkRead(SecurityManager.java:888)

at java.io.FileInputStream.<init>(FileInputStream.java:100)

at java.io.FileInputStream.<init>(FileInputStream.java:66)

at com.entrust.toolkit.security.crypto.random.g.run(Unknown

Source)

at java.security.AccessController.doPrivileged(Native Method)

at com.entrust.toolkit.security.crypto.random.e.run(Unknown

Source)

at

java.lang.Thread.run(Thread.java:534)java.security.AccessControl

Exception: access denied (java.io.FilePermission /dev/urandom

read)atjava.security.AccessControlContext.checkPermission(Access

ControlContext.java:269)at

java.lang.SecurityManager.checkRead(SecurityManager.java:888)at

java.io.FileInputStream.<init>(FileInputStream.java:100)at

java.io.FileInputStream.<init>(FileInputStream.java:66)

at com.entrust.toolkit.security.crypto.random.g.run(Unknown

Source)

at java.security.AccessController.doPrivileged(Native Method)

at com.entrust.toolkit.security.crypto.random.e.run(Unknown

Source)

at java.lang.Thread.run(Thread.java:534)

Decoder: Error - SmimeDecodingException:

iaik.smime.SMimeException: Key/content decryption error: Unable

to decrypt encrypted content-encryption key: Unknown blocktype

!, aborting

OR (this was due to the client using an IBM JRE not SUN JRE as

prescribed in the guide)

2008/02/01 14:03:34 Send file

[data/TEST01AU/send/de/testfile.de] failed






Encoder: Error - NullPointerException: Cannot initialise the

S/MIME Encoder, aborting

java.lang.NullPointerException: Cannot initialise the S/MIME

Encoder

at


er.java:81)

at



.java:55)

OR



Encoder: Encoding file ...

Encoder: Error - SmimeEncodingException:

com.entrust.toolkit.exceptions.PKCS7Exception: internal error,

aborting

au.com.national.ntigs.security.smime.error.SmimeEncodingExceptio

n: com.entrust.toolkit.exceptions.PKCS7Exception: internal error



atau.com.national.ntigs.security.smime.client.Encoder.encode(En

coder.java:105)

atau.com.national.ntigs.security.smime.client.Encoder.main(Enco

der.java:55)

Caused by: com.entrust.toolkit.exceptions.PKCS7Exception:

internal error

at com.entrust.toolkit.PKCS7EncodeStream.d(Unknown Source)

at com.entrust.toolkit.PKCS7EncodeStream.f(Unknown Source)

at com.entrust.toolkit.PKCS7EncodeStream.write(Unknown Source)


der.writeStream(EntrustSmimeEncoder.java:171)



... 2 more

Caused by: java.lang.SecurityException: Unsupported keysize or

algorithm parameters at javax.crypto.Cipher.init(DashoA6275)

at


Source)

at


Source)

at iaik.pkcs.pkcs7.SignedAndEnvelopedDataStream.<init>(Unknown

Source)

Encoding/Decoding Encode error

-bash-3.00$ directlink.sh

[INFO] Creating archive directory (data/archive/20111201/)

[INFO] Processing directories under 'data'

[INFO] Processing directories for mailbox TEST01AU [INFO]

Sending file: test.txt from ‘TEST01AU’/send/de'

[INFO] Encoding file: test.txt

[ERROR] Send file [data/TEST01AU/send/de/test.txt] failed SMime

encode failed (256)






Encoder: Loading client and server certificate Exception in

thread "main" java.lang.ExceptionInInitializerError

at javax.crypto.SecretKeyFactory.a(DashoA13*..)

at javax.crypto.SecretKeyFactory.<init>(DashoA13*..)

at javax.crypto.SecretKeyFactory.getInstance(DashoA13*..)

at

com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.getPBEKey

(PKCS12KeyStore.java:545)

at

com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad

(PKCS12KeyStore.java:1271)

at java.security.KeyStore.load(KeyStore.java:1185)

at

au.com.national.ntigs.security.common.keystore.KeyStoreWrapper.<

init>

(KeyStoreWrapper.java:34)

at

au.com.national.ntigs.security.smime.client.Encoder.encode

(Encoder.java:75)

at

au.com.national.ntigs.security.smime.client.Encoder.main

(Encoder.java:55)

Caused by: java.lang.SecurityException: Cannot set up certs for

trusted CAs

at javax.crypto.SunJCE_b.<clinit>(DashoA13*..)

... 9 more

Caused by: java.security.PrivilegedActionException:

java.util.zip.ZipException: error in opening zip file

at java.security.AccessController.doPrivileged(Native

Method)

... 10 more

Caused by: java.util.zip.ZipException: error in opening zip file

at java.util.zip.ZipFile.open(Native Method)

at java.util.zip.ZipFile.<init>(ZipFile.java:127)

at java.util.jar.JarFile.<init>(JarFile.java:135)

at java.util.jar.JarFile.<init>(JarFile.java:99)

at javax.crypto.SunJCE_b.a(DashoA13*..)

at javax.crypto.SunJCE_b.i(DashoA13*..)

at javax.crypto.SunJCE_b.g(DashoA13*..)

at javax.crypto.SunJCE_b$1.run(DashoA13*..)

... 11 more

[INFO] Processing complete


Encoding/Decoding SMime encode failed (256)






Encoder: Error - KeyStoreInitialisationException: IO Exception

accessing file [cert/client.pfx], aborting

au.com.national.ntigs.security.common.keystore.KeyStoreInitialis

ationException: IO Exception accessing file [cert/client.pfx]

at


init>(KeyStoreWrapper.java:54)

at


er.java:75)

at


.java:55)

Caused by: java.io.IOException: failed to decrypt safe contents

entry: javax.crypto.BadPaddingException: Given final block not

properly padded

at

com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknow

n Source)

at java.security.KeyStore.load(Unknown Source)

at


init>(KeyStoreWrapper.java:34)

... 2 more

Caused by: javax.crypto.BadPaddingException: Given final block

not properly padded

at

com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

at

com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

at

com.sun.crypto.provider.PKCS12PBECipherCore.b(DashoA13*..)

at

com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40

.engineDoFinal(DashoA13*..)

at javax.crypto.Cipher.doFinal(DashoA13*..)

... 5 more

Keystore password in “passwd” file does not match client.pfx keystore password. refer to “keystore password” section in order to update the keystore password.

direct link technical guide. - nab personal banking · 2 applying for and downloading the digital...

Documents