direct link technical guide. - nab personal banking · 2 applying for and downloading the digital...
TRANSCRIPT
Direct Link Technical Guide. Important Notice: The use of the information contained in this document by you is solely at your risk. NAB is not responsible or liable for any loss or damage you suffer in connection with the installation or attempted installation of the Direct Link software.
Page 2 of 68 Direct Link Technical Guide
Table of Contents
1 Introduction ............................................................................................................................................... 3
1.1 Document Purpose.............................................................................................................................. 3 1.2 About Direct Link ................................................................................................................................. 3 1.3 About the Direct Link Scripts ............................................................................................................... 3 1.4 Security ............................................................................................................................................... 3 1.5 System Requirements ......................................................................................................................... 4
1.5.1 Prerequisites ................................................................................................................................ 4 1.5.2 Network Requirements ................................................................................................................ 4 1.5.3 Certificate application and retrieval requirements........................................................................ 4
1.6 Changes Required .............................................................................................................................. 4
2 Applying for and Downloading the Digital Certificates ........................................................................ 5
2.1 Create a nabGroup.com Profile .......................................................................................................... 5 2.2 Apply for the Digital Certificate ............................................................................................................ 8 2.3 Download the Digital Certificate ........................................................................................................ 12 2.4 Export your Private Key .................................................................................................................... 13 2.5 Export and Send your Public Key to NAB ......................................................................................... 19
3 Installing the Direct Link Software ....................................................................................................... 24
3.1 Download and install prerequisites ................................................................................................... 24 3.1.1 Perl ............................................................................................................................................. 24 3.1.2 Java ............................................................................................................................................ 24 3.1.3 JCE Unlimited Strength Jurisdiction Policy files ........................................................................ 24
3.2 Download and Extract the Direct Link Scripts ................................................................................... 25 3.3 Configure the Direct Link Scripts ....................................................................................................... 26
3.3.1 Directlink.cfg............................................................................................................................... 26 3.3.2 Typemap.cfg & Setup.cfg ........................................................................................................... 27 3.3.3 Set up directories ....................................................................................................................... 27 3.3.4 Set the keystore password ......................................................................................................... 28 3.3.5 Update mailbox password & first logon ..................................................................................... 29
3.4 Test Directlink.bat file transfer (Direct Entry) .................................................................................... 31 3.5 Configure any scheduled jobs ........................................................................................................... 31
4 Renewing your Digital Certificate ......................................................................................................... 32
4.1 Apply for the Digital Certificate .......................................................................................................... 32 4.2 Download the Digital Certificate ........................................................................................................ 36 4.3 Export your Private Key .................................................................................................................... 37 4.4 Export and Send your Public Key to NAB ......................................................................................... 43 4.5 Update the Keystore password ......................................................................................................... 48
4.5.1 Password resets / forgot password ............................................................................................ 50 4.5.2 Changing your password ........................................................................................................... 52
5 Appendix A: File Type Information Matrix ........................................................................................... 54
APPENDIX B: Direct Link Reply File Behaviour ......................................................................................... 56
APPENDIX C: Strawberry Perl Configuration ............................................................................................. 57
APPENDIX D: Common Direct Link Errors ................................................................................................. 58
Page 3 of 68 Direct Link Technical Guide
1 Introduction
1.1 Document Purpose This document describes the steps a client must take in order to configure and install the Direct Link scripts provided by NAB and related components in a standard Windows environment. It is intended as an aid when assisting a client installing Direct Link. This is for NAB Direct Link Release 15.1
1.2 About Direct Link NAB Direct Link is a secure file transfer channel enabling connectivity with NAB's processing and reporting capabilities. Very much designed as a straight-through-processing channel, Direct Link does not feature an end-user interface and instead is designed to work side by side with your existing financial or ERP package allowing your system to integrate directly with NAB.
1.3 About the Direct Link Scripts The NAB Direct Link scripts are an easy way to get up and running with Direct Link. This provides most of the encoding, archiving and error handling required to operate Direct Link in a client’s environment. In its simplest form the Direct Link scripts effectively provides a directory structure which is broken up into 3 categories. These are;
SEND - contains sub-folders for any service which would require you to send files to NAB such as Direct Entry, RTGS or International Funds Transfer
STATUS - contains sub-folders for any service which would require you to receive an acknowledgement of transfer such as Direct Entry, RTGS or International Funds Transfer
RECEIVE - contains sub-folders for any service which would deliver a report such as Account Information or BPAY Reporting
Alternatively the client can build their own scripts based on the Secure File eXchange (SFX) and Secure/Multipurpose Internet Mail Extensions (S/MIME) utilities provided during implementation. The latest version of the Direct Link software is available from the following location: http://www.nab.com.au/directlinksoftware
1.4 Security Direct Link security is comprised of the following elements:
Communication channel encrypted using 128 bit SSL (HTTP/S)
SSL connection establishment based on mutual authentication of digital certificates
IP address validation
User name and Password provided over an encrypted channel
S/MIME message signing and encryption using 2048bit X509 digital certificates NOTE: You are responsible for the security of your system, such as programming and configuring your
equipment to prevent unauthorised use.
Page 4 of 68 Direct Link Technical Guide
1.5 System Requirements Other than requiring an environment that supports Java and Perl, Direct Link has no specific hardware requirements.
1.5.1 Prerequisites
Java 6 and upwards
JCE Unlimited Strength Jurisdiction Policy files (will need to match the version of Java)
Perl 5.10+
1.5.2 Network Requirements
The communications software utility requires Internet (TCP/IP) connectivity with the NAB Direct Link channel. The client will establish a HTTPS connection via port 443 to the NAB hosts:
test-connect.nabmarkets.com
connect.nabmarkets.com You will also need to provide an IP address, IP addresses or address ranges as part of the security model. NOTE: Authenticated proxies are not supported by Direct Link
1.5.3 Certificate application and retrieval requirements
Internet Explorer 6, 7, 8 or 9
Windows XP, Vista or 7
You must retrieve/download your certificate on the same machine you applied for the certificate on.
1.6 Changes Required
Changes to several components are required in order for your environment to support the Direct Link scripts:
Perl – must be upgraded/installed to support minimum Direct Link requirements
Java - must be upgraded/installed to support minimum Direct Link requirements
Job Scheduler – jobs must be scheduled to run the Direct Link scripts at appropriate times
Page 5 of 68 Direct Link Technical Guide
2 Applying for and Downloading the Digital Certificates
2.1 Create a nabGroup.com Profile You will receive an email from NAB with a link to nabGroup.com portal to create the profile that you will use to request your Direct Link digital certificate:
Step Description
1 Note the Login Name in the email – you must use this as your profile name.
2 Click the link in the email.
3 Click the Register button:
You will be presented with the User Registration screen:
Page 6 of 68 Direct Link Technical Guide
4 Under Reason for Registration, check Other and enter “Direct Link” in the Other Reason box:
NOTE: The contact details must match those of the Digital Certificate: Authorised person stated on the Direct Link registration form.
5 Once complete, click Save to submit the request:
Page 7 of 68 Direct Link Technical Guide
6 You will receive a confirmation on screen and via email:
NOTE: Please email [email protected] and advise them that you have created your profile
Page 8 of 68 Direct Link Technical Guide
2.2 Apply for the Digital Certificate You will receive an email confirming your nabGroup.com registration:
You will also receive an email with more detailed Direct Link instructions:
Step Description
1 Go to https://www.wholesale.nabGroup.com/Supporting/Pages/CertificateRenew.aspx and log in using the nabGroup.com details you provided during registration and click Login.
Page 9 of 68 Direct Link Technical Guide
2 NOTE: If your operating system is Windows Vista or newer, please ensure you review the information on the page and complete the actions specifically for Windows 7 and Vista users BEFORE clicking “Generate Certificate” On the following page, enter your Secret Answer as provided during profile registration and click Generate Certificate:
You may receive the following error:
Page 10 of 68 Direct Link Technical Guide
If so, click the information bar at the top of the page and select Run ActiveX Control:
3 On the next dialog, select Run:
4 Click re-enter your Secret Answer and click Generate Certificate again:
5 Click Yes when presented with the Potential Scripting Violation dialog:
6 Once processing is complete, you will receive confirmation on the main page:
Page 11 of 68 Direct Link Technical Guide
NOTE: Please email [email protected] and advise them that you have requested your digital certificate
Page 12 of 68 Direct Link Technical Guide
2.3 Download the Digital Certificate Once your certificate request is approved by NAB, you will receive an email from [email protected] to download your certificate:
Step Description
1 Click on URL in email and download the certificate by clicking Save:
Page 13 of 68 Direct Link Technical Guide
2.4 Export your Private Key
Step Description
1 In your browser menu select, Tools and Internet Options:
2 Select Content and click on the Certificates box:
3 At this point you should see your certificate, issued by National Australia Bank Group Level 2 CA.
Page 14 of 68 Direct Link Technical Guide
4 Select the appropriate certificate and click the Export button:
5 The Certificate Export Wizard will appear, click Next:
Page 15 of 68 Direct Link Technical Guide
6 Select Yes, export the private key and click Next:
7 On the Export File Format page ensure that the following are checked;
Personal Information Exchange – PKCS #12(.PFX)
Include all certificates in the certification path if possible
Enable strong protection (require IE 5.0, NT 4.0 SP4 or above) and then select Next
Page 16 of 68 Direct Link Technical Guide
Please note, if you are a Windows Vista or Windows 7 user, you will see the screen below instead
Page 17 of 68 Direct Link Technical Guide
8 You will be prompted to enter a password. Select and confirm your password, then click Next:
NOTE: This password is used to protect the private key and will be required for import as well as in the event of restoring the Certificate. This is known as your KEYSTORE PASSWORD and will be required in a later stage of the software configuration as part of step 3.3.4
9 Input the file name, using client.pfx as the filename, select the directlink\cert folder and click Next:
Page 18 of 68 Direct Link Technical Guide
10 Select Finish to complete the export of your Private certificate:
11 You will receive a confirmation:
NOTES:
Once exported, your client.pfx file should be approximately 5KB. If it is significantly smaller, please re-export or seek NAB assistance.
Back-up the certificate to a diskette/shared network resource and store for safe keeping.
Page 19 of 68 Direct Link Technical Guide
2.5 Export and Send your Public Key to NAB
Step Description
1 In your browser menu select, Tools and Internet Options:
2 Select Content and click on the Certificates box:
3 At this point you should see your certificate, issued by National Australia Bank Group Level 2 CA.
Page 20 of 68 Direct Link Technical Guide
4 Select the appropriate certificate and click the Export button:
5 The Certificate Export Wizard will appear, click Next:
Page 21 of 68 Direct Link Technical Guide
6 Select No, do not export the private key and click Next:
Page 22 of 68 Direct Link Technical Guide
7 On the Export File Format page, ensure that Base-64 encoded X.509 (.CER) is checked and select Next:
8 Input the file name, using your profile name as the filename, select the directlink\cert folder and click Next:
Page 23 of 68 Direct Link Technical Guide
9 Select Finish to complete the exporting of your Private certificate:
You will receive a confirmation:
Send your Public Key to [email protected]
Page 24 of 68 Direct Link Technical Guide
3 Installing the Direct Link Software
3.1 Download and install prerequisites
3.1.1 Perl
Download and install Perl: http://www.activestate.com/activeperl/downloads Alternative location: http://strawberryperl.com/ NOTE: Please follow instructions issued by package provider. If you install a version of Perl from strawberryperl.com, please follow steps in Appendix ‘C’ NOTE: For unix envronments, please ensure Perl is configured/installed to allow “multi-threading”
3.1.2 Java
Oracle Java can be downloaded from the following location if required: http://www.oracle.com/technetwork/java/javase/downloads/index.html The JRE is recommended as opposed to the JDK NAB Direct Link is also compatible with IBM Java NOTE: Please follow instructions issued by package provider.
3.1.3 JCE Unlimited Strength Jurisdiction Policy files
Download the JCE Unlimited Strength Jurisdiction Policy files for your version of Java. The Oracle version can be located from the following location: http://www.oracle.com/technetwork/java/javase/downloads/index.html Extract the following files to the \lib\security\ folder of your Java installation (e.g.. C:\Program Files\Java\jre6\lib\security):
US_export_policy.jar
local_policy.jar NOTE: Overwrite existing files.
Page 25 of 68 Direct Link Technical Guide
3.2 Download and Extract the Direct Link Scripts
Step Description
1 Go to http://www.nab.com.au/directlinksoftware and download the latest version of the Direct Link scripts (this can be used for Unix and Windows based systems).
2 Extract the new scripts to a location of your choosing. The common location is C:\ so that the following directory structure is created:
C:\directlink C:\directlink\bin C:\directlink\cert C:\directlink\config C:\directlink\data C:\directlink\docs …… …… C:\directlink\smime
Page 26 of 68 Direct Link Technical Guide
3.3 Configure the Direct Link Scripts
3.3.1 Directlink.cfg
Step Description
1 Open \directlink\config\directlink.cfg in a text editor and configure the following values Server configuration
DirectLinkAddress= ServerCertificate=
Ensure that either the Test or Production security settings is enabled by commenting out the values that are unwanted, i.e. for connecting to the Direct Link TEST environment:
Proxy server If you are using a proxy to access the internet, uncomment and configure the following values.
HttpsProxyHost=proxyHost HttpsProxyPort=8484
NOTE: Authenticated proxies are not supported by Direct Link
Page 27 of 68 Direct Link Technical Guide
3.3.2 Typemap.cfg & Setup.cfg
These files will be provided to you by NAB. These files must be present in the config directory to continue.
3.3.3 Set up directories
Step Description
1 Run Directlink.bat – setup Linux/Unix/Other users: Directlink.sh –setup) from a command line to set up the mailbox folders:
You should receive the following result:
Page 28 of 68 Direct Link Technical Guide
3.3.4 Set the keystore password – Microsoft Windows
Step Description
1 Run Directlink.bat --setkspwd, enter your keystore password (and again to confirm) then click Change Password.
2 Run Directlink.bat –setsfxkspwd enter your keystore password (and again to confirm) then click Change Password.
Page 29 of 68 Direct Link Technical Guide
3.3.5 Set the keystore password – Unix
Step Description
1 Run setpwd.sh –k -c, enter your keystore password Enter “Y” at the “Encrypt<Y>:” prompt
2 Run Sfx.sh type the newkeystorepassword and set the keystore
NOTE: The password will not be displayed as you type it
3.3.6 Update mailbox password & first logon - Windows
Step Description
1 Run Directlink.bat --preparembx You will be presented with the Prepare DirectLink mailbox dialog:
Page 30 of 68 Direct Link Technical Guide
2 You can choose to set the same password for all mailboxes or set mailbox passwords individually. Password requirements
Minimum of 8 characters with a combination of letters (A-Z, a-z), numbers (0-9) and symbols (`~!@#$%^&*()-_=+[]{}\|;:'",./<>?)
At least 1 character from each group: Letters, Numbers, Symbols. Passwords are case sensitive.
If… Then…
Set password for all mailboxes
1 Leave the mailbox ID as [ALL] 2 Enter the temporary password provided by NAB 3 Enter a new password of your choosing 4 Enter a new password of your choosing (again) 5 Click Change Password
Set password for one mailbox
1 Enter the mailbox ID of your mailbox 2 Enter the temporary password provided by NAB 3 Enter a new password of your choosing 4 Enter a new password of your choosing (again) 5 Click Change Password
3 You will be prompted to overwrite; click Yes:
Page 31 of 68 Direct Link Technical Guide
3.3.7 Update mailbox password & first logon – Unix
Step Description
1. Run setpwd.sh –p –c
1. Enter “ALL” as the “Mailbox ID” field 2. Enter “password” as the “Original password” value 3. Enter “Y” at the “Encrypt<Y>:” prompt and then <Enter> 4. Press <Enter> a second time
3.4 Test Directlink.bat file transfer (Direct Entry)
NOTE: You should only test file transfers in the TEST environment
Step Description
1 Copy a text file or test file into the /send/<service_subfolder> directory for your mailbox . Note: If you do not have a payment service established, our team will facilitate this initial test
2 Run Directlink.bat (Linux/Unix/Other users: Directlink.sh) and transfer the file - you should receive no errors
3 Wait 5 minutes, and then run Directlink.bat again – you should download the corresponding ACK file. Note: If you do not have a payment service established, our team will facilitate this initial test
3.5 Configure any scheduled jobs
Step Description
1 Configure your job scheduler to execute Directlink.bat on an appropriate schedule (See Appendix A: File Type Information Matrix for file timings).
2 Monitor and track for 30 minutes.
Page 32 of 68 Direct Link Technical Guide
4 Renewing your Digital Certificate
4.1 Apply for the Digital Certificate Digital Certificates must be renewed every 2 years. NAB will contact you prior to the expiry to begin the renewal process You will receive an email from NAB asking you to renew your digital certificate prior to the expiry:
Page 33 of 68 Direct Link Technical Guide
Step Description
1 Go to https://www.wholesale.nabGroup.com/Supporting/Pages/CertificateRenew.aspx and log in using the nabGroup.com details you provided during registration and click Login.
2 On the following page, enter your Secret Answer as provided during profile registration and click Generate Certificate: NOTE: If your operating system is Windows Vista or newer, please ensure you review the information on the page and complete the actions specifically for Windows 7 and Vista users BEFORE clicking “Generate Certificate”
Page 34 of 68 Direct Link Technical Guide
You may receive the following error:
If so, click the information bar at the top of the page and select Run ActiveX Control:
3 On the next dialog, select Run:
4 Click re-enter your Secret Answer and click Generate Certificate again:
5 Click Yes when presented with the Potential Scripting Violation dialog:
Page 35 of 68 Direct Link Technical Guide
6 Once processing is complete, you will receive confirmation on the main page:
NOTE: Please email [email protected] and advise them that you have requested your digital
certificate
Page 36 of 68 Direct Link Technical Guide
4.2 Download the Digital Certificate Once your certificate request is approved, you will receive an email from [email protected] to download your certificate:
Step Description
1 Click on URL in email and download the certificate by clicking Save:
Page 37 of 68 Direct Link Technical Guide
4.3 Export your Private Key
Step Description
1 In your browser menu select, Tools and Internet Options:
2 Select Content and click on the Certificates box:
3 At this point you should see your certificate, issued by National Australia Bank Group Level 2 CA.
Page 38 of 68 Direct Link Technical Guide
4 Select the appropriate certificate and click the Export button:
5 The Certificate Export Wizard will appear, click Next:
Page 39 of 68 Direct Link Technical Guide
6 Select Yes, export the private key and click Next:
7 On the Export File Format page ensure that the following are checked;
Personal Information Exchange – PKCS #12(.PFX)
Include all certificates in the certification path if possible
Enable strong protection (require IE 5.0, NT 4.0 SP4 or above) and then select Next
Page 40 of 68 Direct Link Technical Guide
Please note, if you are a Windows Vista or Windows 7 user, you will see the screen below instead
Page 41 of 68 Direct Link Technical Guide
8 You will be prompted to enter a password. Select and confirm your password, then click Next:
NOTE: This password is used to protect the private key and will be required for import as well as in the event of restoring the Certificate.
9 Input the file name, using client.pfx as the filename, select the directlink\cert folder and click Next:
NOTE: Do not overwrite your existing certificate until NAB has confirmed the new certificate is ready for use. If necessary, give your new certificate a different name until further advised by NAB.
Page 42 of 68 Direct Link Technical Guide
10 Select Finish to complete the export of your Private certificate:
11 You will receive a confirmation:
Page 43 of 68 Direct Link Technical Guide
NOTES:
Once exported, your client.pfx file should be approximately 5KB. If it is significantly smaller, please re-export or seek NAB assistance.
Back-up the certificate to a diskette/shared network resource and store for safe keeping.
4.4 Export and Send your Public Key to NAB
Step Description
1 In your browser menu select, Tools and Internet Options:
2 Select Content and click on the Certificates box:
Page 44 of 68 Direct Link Technical Guide
3 At this point you should see your certificate, issued by National Australia Bank Group Level 2 CA.
Page 45 of 68 Direct Link Technical Guide
4 Select the appropriate certificate and click the Export button:
5 The Certificate Export Wizard will appear, click Next:
6 Select No, do not export the private key and click Next:
Page 46 of 68 Direct Link Technical Guide
7 On the Export File Format page, ensure that Base-64 encoded X.509 (.CER) is checked and select Next:
8 Input the file name, using your profile name as the filename, select the directlink\cert folder and click Next:
Page 47 of 68 Direct Link Technical Guide
9 Select Finish to complete the exporting of your Private certificate:
You will receive a confirmation:
Send your Public Key to [email protected]
NOTE: When instructed by NAB, backup your existing client.pfx and then replace it with the new one.
Page 48 of 68 Direct Link Technical Guide
4.4.1 Update the keystore password – Microsoft Windows
Step Description
3 Run Directlink.bat --setkspwd, enter your keystore password (and again to confirm) then click Change Password.
4 Run Directlink.bat –setsfxkspwd enter your keystore password (and again to confirm) then click Change Password.
Page 49 of 68 Direct Link Technical Guide
4.4.2 Update the keystore password – Unix
Step Description
3 Run setpwd.sh –k -c, enter your keystore password Enter “Y” at the “Encrypt<Y>:” prompt
4 Run Sfx.sh type the newkeystorepassword and set the keystore
NOTE: The password will not be displayed as you type it
Page 50 of 68 Direct Link Technical Guide
4.4.3 Password resets / forgotten password
If you have attempted to connect a mailbox with your Direct Link client software more than 3 times with an incorrect password, you will be locked from attempting to connect to that mailbox for the next 5 minutes. If you need to reset your password, call the Direct Link Support team on 1800 152 215. If your password has been reset by NAB, you will need to update your password files again. You can choose to set the same password for all mailboxes or set mailbox passwords individually. Password requirements
Minimum of 8 characters with a combination of letters (A-Z, a-z), numbers (0-9) and symbols (`~!@#$%^&*()-_=+[]{}\|;:'",./<>?)
At least 1 character from each group: Letters, Numbers, Symbols.
Passwords are case sensitive.
If… Then…
NAB Direct Link is installed in a Microsoft Windows environment
Run Directlink.bat –preparembx You will be presented with the Parepare DirectLink mailbox dialog:
If… Then…
Set password for all mailboxes
1 Leave the mailbox ID as [ALL] 2 Enter the temporary password provided by NAB 3 Enter a new password of your choosing 4 Enter a new password of your choosing (again) 5 Click Change Password
Set password for one mailbox
1 Enter the mailbox ID of your mailbox 2 Enter the temporary password provided by NAB 3 Enter a new password of your choosing
Page 51 of 68 Direct Link Technical Guide
4 Enter a new password of your choosing (again) 5 Click Change Password
You will be prompted to overwrite; click Yes:
NAB Direct Link is installed in a Unix environment
If… Then…
Set password for all mailboxes
Run setpwd.sh –p –c
1. Enter “ALL” as the “Mailbox ID” field 2. Enter “password” as the “Original password” value 3. Enter “Y” at the “Encrypt<Y>:” prompt and then <Enter> 4. Press <Enter> a second time
Set password for one mailbox
Run setpwd.sh –p –c
1. Enter your mailbox ID in the “Mailbox ID” field 2. Enter “password” as the “Original password” value 3. Enter “Y” at the “Encrypt<Y>:” prompt and then <Enter> 4. Press <Enter> a second time
Page 52 of 68 Direct Link Technical Guide
4.4.4 Changing your password
You can update your mailbox password remotely if you need to change it. You can choose to set the same password for all mailboxes or set mailbox passwords individually. Password requirements
Minimum of 8 characters with a combination of letters (A-Z, a-z), numbers (0-9) and symbols (`~!@#$%^&*()-_=+[]{}\|;:'",./<>?)
At least 1 character from each group: Letters, Numbers, Symbols.
Passwords are case sensitive.
If… Then…
NAB Direct Link is installed in a Microsoft Windows environment
Run Directlink.bat –chgmbxpwd You will be presented with the Change Password DirectLink mailbox dialog:
If… Then…
Set password for all mailboxes
6 Leave the mailbox ID as [ALL] 7 Enter the temporary password provided by NAB 8 Enter a new password of your choosing 9 Enter a new password of your choosing (again) 10 Click Change Password
Set password for one mailbox
6 Enter the mailbox ID of your mailbox 7 Enter the temporary password provided by NAB
Page 53 of 68 Direct Link Technical Guide
8 Enter a new password of your choosing 9 Enter a new password of your choosing (again) 10 Click Change Password
You will be prompted to overwrite; click Yes:
NAB Direct Link is installed in a Unix environment
If… Then…
Set password for all mailboxes
Run setpwd.sh –p –c
5. Enter “ALL” as the “Mailbox ID” field 6. Enter “password” as the “Original password” value 7. Enter “Y” at the “Encrypt<Y>:” prompt and then <Enter> 8. Press <Enter> a second time
Page 54 of 68 Direct Link Technical Guide
5 Appendix A: File Type Information Matrix Product File File Type Direct Link Local Folder Datatype Direction
(to/from client)
Frequency Approximate Delivery Timeframes
Recommended Schedule
Direct Entry (AUS) - Direct Credit Direct Entry file Instruction send/dc DTDC From Sent by client NA 30 mins
Direct Entry (AUS) - Direct Credit Direct Entry ACK Acknowledgment status/dc DTDCA To Per client file 0 - 15 mins of submission
30 mins
Direct Entry (AUS) – Disbursement Report – Direct Credit
Direct Entry Disbursement Report Report receive/dc DTDCR To Per client file 30-45 mins of submission
30 mins
Direct Entry (AUS) - Direct Debit Direct Entry file Instruction send/dd DTDD From Sent by client NA 30 mins
Direct Entry (AUS) - Direct Debit Direct Entry ACK Acknowledgment status/de DTDDA To Per client file 0 – 15 mins of submission
30 mins
Direct Entry (AUS) – Disbursement Report – Direct Debit
Direct Entry Disbursement Report Report Receive/dd DTDDR To Per client file 30-45 mins of submission
30 mins
Direct Entry (NZ) Direct Entry file Instruction send/nz_de DTPCB01 From Sent by client NA 30 mins
Direct Entry (NZ) Direct Entry ACK Acknowledgment status/nz_de DTGEN01A To Per client file 0 - 15 mins of submission
NAB Payments NAB Payments File Instruction send/nabpayments DTNP From Sent by client NA 30 mins
NAB Payments NAB Payments ACK File Acknowledgment status/nabpayments DTNPA To Per client file 0 - 15 mins of submission
30 mins
NAB Payments Reporting Acknowledgement Report Acknowledgment receive/nabpaymentsrpt DTNPR To Per client file TBC 30 mins
NAB Payments Reporting Disbursement Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins
NAB Payments Reporting Presented Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins
NAB Payments Reporting Unpresented Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins
NAB Payments Reporting Stop Request Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins
NAB Payments Reporting Direct Entry Acknowledgment Report Acknowledgment receive/nabpaymentsrpt DTNPR To Per client file TBC 30 mins
NAB Payments Reporting Direct Entry Disbursement Report Report receive/nabpaymentsrpt DTNPR To Daily Varies 30 mins
International Funds Transfer IFT MT103 Instruction send/itf DTINT From Sent by client NA 30 mins
International Funds Transfer EFT ACK Acknowledgment status/itf DTINTA To Per client file 1st: 0 - 15 mins of submission
30 mins
RTGS RTGS MT103 Instruction send/rtgs DTRTGS From Sent by client NA 30 mins
RTGS RTGS ACK Acknowledgment status/rtgs DTRTGSA To Per client file 1st: 0 - 15 mins 30 mins
Page 55 of 68 Direct Link Technical Guide
of submission
NAI Report (Account Information) NAI Report Report receive/acct_info DTAUACIN To Daily Varies 30 mins
DE Returns Report (Dishonour) DE Returns Report based on APCA Id
Report receive/dereturn_apca DTRET01 To Daily 00:00 - 01:00 06:30, 07:30
DE Returns Report (Dishonour) DE Returns Report based on Trace Account
Report receive/dereturn_trace DTRET02 To Daily 00:00 - 01:00 06:30, 07:30
DE Returns Report (Dishonour) DE Returns Report based on APCA ID & Trace Account
Report receive/dereturn_trace DTRET03 To Daily 00:00 - 01:00 06:30, 07:30
Merchant Reporting (EB165) EB165 File Report receive/eb165 DTEF165 To Daily 22:00 – 00:00 06:30, 07:30
BPAY Reporting BRF File Report receive/bpay_brf DTBRF To Daily 21:00 - 22:00 06:30, 07:30
BPAY Reporting BRR File Report receive/bpay_brr DTBRR To Daily 03:00 - 04:00 06:30, 07:30
BPAY Reporting BRS File Report receive/bpay_brs DTBRS To Last day of the month
21:00 - 22:00 06:30, 07:30
All Items File (AIF) Automated Billing All Items File Report receive/aif DTAIF To Daily 00:30 - 03:30 06:30, 07:30
NBFI Reporting NBFI File Report receive/nbfi DTNBFI To Daily 00:30 - 03:30 06:30, 07:30
NAB Transact - Batch Credit Card
Batch Credit Card File Instruction send/bcc DTMOTO From Sent by client NA 30 mins
NAB Transact - Batch Credit Card
Batch Credit Card RECEIVED ACK Acknowledgment status/bcc DTNEPSA To Per client file 0 - 15 mins of submission
30 mins
NAB Transact - Batch Credit Card
Batch Credit Card PROCESSED/REJECTED ACK
Acknowledgment status/bcc DTNEPSA To Per client file 15 – 30 mins of submission
30 mins
NAB Transact - Batch Credit Card
Transaction Result (DOT) File Acknowledgment receive/bcc DTMOTOR To Per client file 15 – 30 mins of submission
30 mins
NAB Transact Reporting NAB Transact Report Report receive/nabtransactrpt DTTRANR To Daily Varies 30 mins
BPAY Batch BPAY Batch file Instruction send/BpayBatch DTBPB From Sent by client NA 30 mins
BPAY Batch BPAY Batch ACK Acknowledgment status/BpayBatch DTBPBA To Per client file 0 - 15 mins of submission
30 mins
BPAY Batch BPAY Batch results file Report receive/BpayBatch DTBPBR To Per client file 0 - 15 mins of submission
30 mins
Page 56 of 68 Direct Link Technical Guide
APPENDIX B: Direct Link Reply File Behaviour Depending on the product you will see different behaviour in the generation and timing of acknowledgement files and reports.
Product 1st ACK 2
nd ACK Report Notes for test environment
Direct Entry Processed or Rejected
- -
Direct Entry - Future dated
Accepted or Rejected Processed -
ITF Received or Reject Paid* or Rejected* - *files require manual NAB intervention to make them available
RTGS Processed or Reject* - *only Reject messages will be received in the test environment
NAB Payments Received - Multiple* *files require manual NAB intervention to make them available
Batch Credit Card Received Processed*or Rejected* Result file* *files can take up to 30 minutes to be made available
BPAY Batch Received - Report file* *not available in the test environment
Page 57 of 68 Direct Link Technical Guide
APPENDIX C: Strawberry Perl Configuration After installing Strawberry Perl you may encounter the error below when running Direct Link
To resolve this, simply action the following:
1) Copy file job.pm from ..\perl\lib\TAP\Parser\Scheduler\
2) Create folder ‘Win32’ in ..\directlink\lib\
3) Paste job.pm into directory ..\directlink\lib\Win32
4) Edit your directlink.cfg file (located in directlink\config folder), and comment out the following line: #EnableTimeout=true (note, the # at the front of this line indicate it has been successfully commented out)
Page 58 of 68 Direct Link Technical Guide
APPENDIX D: Common Direct Link Errors NOTE: For addition information when troubleshooting Direct Link errors, please execute directlink.bat/directlink.sh using the “—trace –sfxdebug” options.
Process Problem Error Action
Configuring java.lang.ExceptionInInitializerError
C:\directlink>sfx
Gateware SFX (Secure File eXchange) 2.4.2 (6.6.23 Build 1)
(c) Copyright 2002, 2003, 2004 Clear2Pay. All rights reserved
> newkeystorepassword
New Password
Repeat New Password
A critical error has occurred
'java.lang.ExceptionInInitializerError'
An error has occurred at line 1. Exit code 14.
Download and install the Unlimited Strength Java Cryptography Extension (JCE) Policy files for your version of Java.
Connecting Error 404 in SFX Error 404 in SFX Re-export the private key and ensure 'Include all certificates in the certification path if possible' and 'Enable strong protection' are ticked.
Connecting Password Error
Connection failed 'Error when logging on - 'Either the user name
or password is invalid''
Confirm the mailbox password. Refer to section on mailbox password above to set the password correctly Alternatively, Contact NAB and have them reset the mailbox password.
Connecting HTTP error response status code 401 was returned.
> Connection failed 'HTTP error response status code 401 was
returned.'
An error has occurred at line 5. Exit code 16.
[ERROR] Processing status directory [data\TEST01AU\status\de]
failed
at E:\Appl\NTIGS\directlink.prod\lib/Error.pm line 185.
This error is caused by the client connecting to NAB with different IP address to what is registered. Contact NAB to confirm or update registered IP
Connecting GatewareHttpMailboxBean:sendRequest: SocketException incurred java.net.ConnectException: Connection refused: connectat java.net.PlainSocketImpl.socketConnect(Native Method)
2008/01/16 13:08:18.857 GatewareHttpMailboxBean:logon:
customerId 'test01au'
2008/01/16 13:08:18.857 GatewareHttpMailboxBean:sendRequest:
function 'logon'
2008/01/16 13:08:18.857 GatewareHttpMailboxBean:initialiseSSL:
invoked
2008/01/16 13:08:19.420 GatewareHttpMailboxBean:sendRequest:
Protocol:'https'
Client to edit <proxyEdit <proxy server> & <port number> values in sfx.bat and sfx.sh OR update the value in directlink config file OR client to white list Direct Links URL ( connect.nabmarkets.com and test-connect.nabmarkets.com ) in order to get around the proxy issue.
Page 59 of 68 Direct Link Technical Guide
2008/01/16 13:08:19.420 GatewareHttpMailboxBean:sendRequest:
Host: 'connect.nabmarkets.com, port 443
2008/01/16 13:08:19.420 GatewareHttpMailboxBean:sendRequest:
ServletPath:
'/sfx/
GatewareMailboxServlet'2008/01/16 13:08:19.420
GatewareHttpMailboxBean:sendRequest: ServletSessionID: '
'2008/01/16 13:08:19.420 GatewareHttpMailboxBean:sendRequest:
opening connection
2008/01/16 13:08:19.748 GatewareHttpMailboxBean:sendRequest:
configuring connection
2008/01/16 13:08:19.748 GatewareHttpMailboxBean:sendRequest:
getting connectionOutputStream
2008/01/16 13:08:20.780 GatewareHttpMailboxBean:sendRequest:
SocketException incurred java.net.ConnectException: Connection
refused: connectat java.net.PlainSocketImpl.socketConnect(Native
Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown
Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at
sun.net.www.protocol.https.HttpsClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.a(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.a(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.a(Unknown
Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.pl
ainCo
nnect(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.co
nnect
(Unknown Source)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unkn
owS
ource)at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOl
dImpl
.getOutputStream(Unknown Source)
at
Page 60 of 68 Direct Link Technical Guide
au.com.sienna.gwhttpclient.mailbox.GatewareHttpMailboxBean.a(Unk
nown
Source)at
au.com.sienna.gwhttpclient.mailbox.GatewareHttpMailboxBean.a(Unk
nown
Sourceat
au.com.sienna.gwhttpclient.mailbox.GatewareHttpMailboxBean.logon
(Unkn
own Source)at
au.com.sienna.gwhttpclient.mailbox.GatewareHttpMailboxBean.logon
(Unkn
own Source)
at au.com.sienna.gwhttpclient.sfx.SFX.null(Unknown
Source)
at au.com.sienna.gwhttpclient.sfx.SFX.if(Unknown Source)
at au.com.sienna.gwhttpclient.sfx.SFX.main(Unknown
Source)
2008/01/16 13:08:20.796 GatewareHttpMailboxBean:sendRequest: No
responseMsg object was received, setting up unknown error
Connection failed 'Communications error on socket -
'java.net.ConnectException:Connection refused: connect''
OR
Gateware SFX (Secure File eXchange) 2.4.0 (6.6.4 Build 8)
(c) Copyright 2002, 2003, 2004 Clear2Pay. All rights reserved
> > > > Local directory changed to
'C:\directlink\data\temp\depq6hSi'
> Connection failed 'Error when logging on -
'javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?''
An error has occurred at line 5. Exit code 16.2008/08/11
16:32:15 Processing status directory [data\TEST01AU\status\de]
failed at \directlink\lib/Error.pm line 185.
Connecting BadPaddingException error
C:\export\nab\Sienna\SFX\bin>sfx
Gateware SFX (Secure File eXchange) 2.4.0 (6.6.4 Build 8)
(c) Copyright 2002, 2003, 2004 Clear2Pay. All rights reserved
> customer test01au
> password password
> open connect.nabmarkets.com
Connection failed 'Communications error on socket -
'java.net.SocketException: Default SSL context i
nit failed: failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: Given final block not properly
padded''
SFX keystore password does not match client.pfx keystore password. Update password using the ketstore password section in document.
Page 61 of 68 Direct Link Technical Guide
Connecting SFX transfer failed (1)
[INFO] Processing directories under 'data'
[INFO] Processing directories for mailbox TEST01AU
[INFO] Checking download acknowledgments for: de
[ERROR] SFX transfer failed (1)
Usage: java [-options] class [args...]
(to execute a class)
or java [-options] -jar jarfile [args...]
(to execute a jar file)
where options include:
-client to select the "client" VM
-server to select the "server" VM
-hotspot is a synonym for the "client" VM [deprecated]
The default VM is client.
-cp <class search path of directories and zip/jar files>
-classpath <class search path of directories and zip/jar
files>
A ; separated list of directories, JAR
archives,
and ZIP archives to search for class files.
-D<name>=<value>
set a system property
-verbose[:class|gc|jni]
enable verbose output
-version print product version and exit
-version:<value>
require the specified version to run
-showversion print product version and continue
-jre-restrict-search | -jre-no-restrict-search
include/exclude user private JREs in the
version search
-? -help print this help message
-X print help on non-standard options
-ea[:<packagename>...|:<classname>]
-enableassertions[:<packagename>...|:<classname>]
enable assertions
-da[:<packagename>...|:<classname>]
-disableassertions[:<packagename>...|:<classname>]
disable assertions
-esa | -enablesystemassertions
enable system assertions
-dsa | -disablesystemassertions
disable system assertions
-agentlib:<libname>[=<options>]
load native agent library <libname>, e.g. -
agentlib:hprof
see also, -agentlib:jdwp=help and -
agentlib:hprof=help
-agentpath:<pathname>[=<options>]
The keystore password contained illegal characters. The following are not permitted: \ / " * ? < > | & % @ ^ , - $ = [ # + ; ~ Re-export the private key and provide a new password. Update the password in directlink.cfg file and in SFX via the ‘newkeystorepassword’ command.
Page 62 of 68 Direct Link Technical Guide
load native agent library by full pathname
-javaagent:<jarpath>[=<options>]
load Java programming language agent, see
java.lang.instrument
-splash:<imagepath>
show splash screen with specified image
'-cp' is not recognized as an internal or external
command,operable program or batch file.
[FATAL] Processing status directory [data\TEST01AU\status\de]
failed
at \directlink\lib/DirectLink/Sfx.pm line 658.
[ERROR] Error occured
at \directlink\lib/Error.pm line 38.
Connecting java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation
Gateware SFX (Secure File eXchange) 2.4.0 (6.6.4 Build 8)
© Copyright 2002, 2003 , 2004 Clear2Pay. All rights reserved
>>>> Local directory changed to ‘F:\Direct Link
\data\temp\au_accountF4NZab’
>Connection failed ‘Communications error on socket –
‘java.net.SocketException:
java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class:
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)”An error has
occurred at line 5. Exit code 16
SFX keystore password does not match client.pfx keystore password. Update password using the ketstore password section in document.
Encoding/Decoding SMime encode failed (256)
SMime encode failed (256)
Decoder: Activating Decoder V2.1 (Large File Version)
Decoder: Verifying arguments
Decoder: Setting up security providers
Decoder: Loading client certificate
Decoder: Loading server certificate
Decoder: Initialising decoder
Decoder: Decoding file ...
java.lang.NullPointerException at
au.com.national.ntigs.security.smime.entrust.EntrustSmimeDecoder
.decodeContent(EntrustSmimeDecoder.java:75)at
au.com.national.ntigs.security.smime.client.Decoder.decode(Decod
er.java:107)at
au.com.national.ntigs.security.smime.client.Decoder.main(Decoder
.java:61
)
The private key in \directlink\certs folder is incorrect. Ensure client is using the correct private key (file size 5KB)
Page 63 of 68 Direct Link Technical Guide
Encoding/Decoding An Internal Key Problem error appears whilst trying to encode a file.
C:\Program Files\Sienna\SMIME\bin>encoder cert\TEST01AU_TEST.pfx
<password> cert\test-connect.nabmarkets.com.cer test.txt
test_enc.txt
Encoder: Verifying arguments
Encoder: Loading client certificate
Encoder: Loading server certificate
Encoder: Initialising encoder
Encoder: Loading input file
Encoder: Encoding file
Encoder: Writing output file
iaik.utils.InternalErrorException: Internal Key problem.
at
iaik.cms.EncryptedContentInfoStream.setupCipher(Unknown Source)
at iaik.cms.EnvelopedDataStream.<init>(Unknown Source)
at iaik.cms.EnvelopedDataStream.<init>(Unknown Source)
at iaik.smime.SMimeEncrypted.<init>(Unknown Source)
at iaik.smime.EncryptedContent.writeTo(Unknown Source)
at iaik.smime.encrypted_content.writeTo(Unknown Source)
at
javax.activation.ObjectDataContentHandler.writeTo(DataHandler.ja
va:839)
at
javax.activation.DataHandler.writeTo(DataHandler.java:295)
at
javax.mail.internet.MimeBodyPart.writeTo(MimeBodyPart.java:1147)
at
javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1607)
at
javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1583)
at
au.com.national.ntigs.security.smime.client.Encoder.go(Encoder.j
ava:5
6) at
au.com.national.ntigs.security.smime.client.Encoder.main(Encoder
.java:91)
Encoder: Error - IOException:
javax.mail.MessagingException:iaik.utils.Internal
ErrorException: Internal Key problem., aborting
Download and install the Unlimited Strength Java Cryptography Extension (JCE) Policy files for your version of Java.
Page 64 of 68 Direct Link Technical Guide
Encoding/Decoding Encryption or Decryption Error
SMime encode failed (256)
Encoder: Activating Encoder V2.1 (Large File Version)
Encoder: Verifying arguments
Encoder: Setting up security providers
Encoder: Loading client and server certificate
Encoder: Initialising encoder
Encoder: Loading input file
Encoder: Encoding file ...
Encoder: Error - SmimeEncodingException:
com.entrust.toolkit.exceptions.PKCS7Exception: internal error,
aborting
au.com.national.ntigs.security.smime.error.SmimeEncodingExceptio
n: com.entrust.toolkit.exceptions.PKCS7Exception: internal error
atau.com.national.ntigs.security.smime.entrust.EntrustSmimeEnco
der.encodeLargeDataClientVersion(EntrustSmimeEncoder.java:92)
at
au.com.national.ntigs.security.smime.client.Encoder.encode(Encod
er.java:105)
at
au.com.national.ntigs.security.smime.client.Encoder.main(Encoder
.java:55)
Caused by: com.entrust.toolkit.exceptions.PKCS7Exception:
internal error
at com.entrust.toolkit.PKCS7EncodeStream.d(Unknown Source)
at com.entrust.toolkit.PKCS7EncodeStream.f(Unknown Source)
at com.entrust.toolkit.PKCS7EncodeStream.write(Unknown Source)
at
au.com.national.ntigs.security.smime.entrust.EntrustSmimeEncoder
.write
Stream(EntrustSmimeEncoder.java:171)
At
au.com.national.ntigs.security.smime.entrust.EntrustSmimeEncoder
.encode
LargeDataClientVersion(EntrustSmimeEncoder.java:81)
... 2 more
Caused by: java.lang.SecurityException: Unsupported keysize or
algorithm parameters
at javax.crypto.Cipher.init(DashoA12275)
at
iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
Source)
at
iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
Source)
at iaik.pkcs.pkcs7.SignedAndEnvelopedDataStream.<init>(Unknown
Source)
... 7 more
Or Decryption Error
Decoder: Verifying arguments
Decoder: Loading client certificate
Decoder: Loading server certificate
Download and install the Unlimited Strength Java Cryptography Extension (JCE) Policy files for your version of Java.
Page 65 of 68 Direct Link Technical Guide
Decoder: Initialising decoder
Decoder: Loading input file
Decoder: Decoding filejava.security.AccessControlException:
access denied (java.io.FilePermission /dev/random read)
atjava.security.AccessControlContext.checkPermission(AccessContr
olContext.java:269)
at
java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.FileInputStream.<init>(FileInputStream.java:100)
at java.io.FileInputStream.<init>(FileInputStream.java:66)
at com.entrust.toolkit.security.crypto.random.g.run(Unknown
Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.entrust.toolkit.security.crypto.random.e.run(Unknown
Source)
at
java.lang.Thread.run(Thread.java:534)java.security.AccessControl
Exception: access denied (java.io.FilePermission /dev/urandom
read)atjava.security.AccessControlContext.checkPermission(Access
ControlContext.java:269)at
java.lang.SecurityManager.checkRead(SecurityManager.java:888)at
java.io.FileInputStream.<init>(FileInputStream.java:100)at
java.io.FileInputStream.<init>(FileInputStream.java:66)
at com.entrust.toolkit.security.crypto.random.g.run(Unknown
Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.entrust.toolkit.security.crypto.random.e.run(Unknown
Source)
at java.lang.Thread.run(Thread.java:534)
Decoder: Error - SmimeDecodingException:
iaik.smime.SMimeException: Key/content decryption error: Unable
to decrypt encrypted content-encryption key: Unknown blocktype
!, aborting
OR (this was due to the client using an IBM JRE not SUN JRE as
prescribed in the guide)
2008/02/01 14:03:34 Send file
[data/TEST01AU/send/de/testfile.de] failed
SMime encode failed (256)
Encoder: Activating Encoder V2.1 (Large File Version)
Encoder: Verifying arguments
Encoder: Setting up security providers
Encoder: Loading client and server certificate
Encoder: Error - NullPointerException: Cannot initialise the
S/MIME Encoder, aborting
java.lang.NullPointerException: Cannot initialise the S/MIME
Encoder
at
au.com.national.ntigs.security.smime.client.Encoder.encode(Encod
er.java:81)
at
au.com.national.ntigs.security.smime.client.Encoder.main(Encoder
Page 66 of 68 Direct Link Technical Guide
.java:55)
OR
SMime encode failed (256)
Encoder: Loading input file
Encoder: Encoding file ...
Encoder: Error - SmimeEncodingException:
com.entrust.toolkit.exceptions.PKCS7Exception: internal error,
aborting
au.com.national.ntigs.security.smime.error.SmimeEncodingExceptio
n: com.entrust.toolkit.exceptions.PKCS7Exception: internal error
atau.com.national.ntigs.security.smime.entrust.EntrustSmimeEnco
der.encodeLargeDataClientVersion(EntrustSmimeEncoder.java:92)
atau.com.national.ntigs.security.smime.client.Encoder.encode(En
coder.java:105)
atau.com.national.ntigs.security.smime.client.Encoder.main(Enco
der.java:55)
Caused by: com.entrust.toolkit.exceptions.PKCS7Exception:
internal error
at com.entrust.toolkit.PKCS7EncodeStream.d(Unknown Source)
at com.entrust.toolkit.PKCS7EncodeStream.f(Unknown Source)
at com.entrust.toolkit.PKCS7EncodeStream.write(Unknown Source)
atau.com.national.ntigs.security.smime.entrust.EntrustSmimeEnco
der.writeStream(EntrustSmimeEncoder.java:171)
atau.com.national.ntigs.security.smime.entrust.EntrustSmimeEnco
der.encodeLargeDataClientVersion(EntrustSmimeEncoder.java:81)
... 2 more
Caused by: java.lang.SecurityException: Unsupported keysize or
algorithm parameters at javax.crypto.Cipher.init(DashoA6275)
at
iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
Source)
at
iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown
Source)
at iaik.pkcs.pkcs7.SignedAndEnvelopedDataStream.<init>(Unknown
Source)
Encoding/Decoding Encode error
-bash-3.00$ directlink.sh
[INFO] Creating archive directory (data/archive/20111201/)
[INFO] Processing directories under 'data'
[INFO] Processing directories for mailbox TEST01AU [INFO]
Sending file: test.txt from ‘TEST01AU’/send/de'
[INFO] Encoding file: test.txt
[ERROR] Send file [data/TEST01AU/send/de/test.txt] failed SMime
encode failed (256)
Encoder: Activating Encoder V2.1 (Large File Version)
Encoder: Verifying arguments
Encoder: Setting up security providers
Download and install the Unlimited Strength Java Cryptography Extension (JCE) Policy files for your version of Java.
Page 67 of 68 Direct Link Technical Guide
Encoder: Loading client and server certificate Exception in
thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.SecretKeyFactory.a(DashoA13*..)
at javax.crypto.SecretKeyFactory.<init>(DashoA13*..)
at javax.crypto.SecretKeyFactory.getInstance(DashoA13*..)
at
com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.getPBEKey
(PKCS12KeyStore.java:545)
at
com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad
(PKCS12KeyStore.java:1271)
at java.security.KeyStore.load(KeyStore.java:1185)
at
au.com.national.ntigs.security.common.keystore.KeyStoreWrapper.<
init>
(KeyStoreWrapper.java:34)
at
au.com.national.ntigs.security.smime.client.Encoder.encode
(Encoder.java:75)
at
au.com.national.ntigs.security.smime.client.Encoder.main
(Encoder.java:55)
Caused by: java.lang.SecurityException: Cannot set up certs for
trusted CAs
at javax.crypto.SunJCE_b.<clinit>(DashoA13*..)
... 9 more
Caused by: java.security.PrivilegedActionException:
java.util.zip.ZipException: error in opening zip file
at java.security.AccessController.doPrivileged(Native
Method)
... 10 more
Caused by: java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:127)
at java.util.jar.JarFile.<init>(JarFile.java:135)
at java.util.jar.JarFile.<init>(JarFile.java:99)
at javax.crypto.SunJCE_b.a(DashoA13*..)
at javax.crypto.SunJCE_b.i(DashoA13*..)
at javax.crypto.SunJCE_b.g(DashoA13*..)
at javax.crypto.SunJCE_b$1.run(DashoA13*..)
... 11 more
[INFO] Processing complete
Page 68 of 68 Direct Link Technical Guide
Encoding/Decoding SMime encode failed (256)
SMime encode failed (256)
Encoder: Activating Encoder V2.1 (Large File Version)
Encoder: Verifying arguments
Encoder: Setting up security providers
Encoder: Loading client and server certificate
Encoder: Error - KeyStoreInitialisationException: IO Exception
accessing file [cert/client.pfx], aborting
au.com.national.ntigs.security.common.keystore.KeyStoreInitialis
ationException: IO Exception accessing file [cert/client.pfx]
at
au.com.national.ntigs.security.common.keystore.KeyStoreWrapper.<
init>(KeyStoreWrapper.java:54)
at
au.com.national.ntigs.security.smime.client.Encoder.encode(Encod
er.java:75)
at
au.com.national.ntigs.security.smime.client.Encoder.main(Encoder
.java:55)
Caused by: java.io.IOException: failed to decrypt safe contents
entry: javax.crypto.BadPaddingException: Given final block not
properly padded
at
com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknow
n Source)
at java.security.KeyStore.load(Unknown Source)
at
au.com.national.ntigs.security.common.keystore.KeyStoreWrapper.<
init>(KeyStoreWrapper.java:34)
... 2 more
Caused by: javax.crypto.BadPaddingException: Given final block
not properly padded
at
com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at
com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at
com.sun.crypto.provider.PKCS12PBECipherCore.b(DashoA13*..)
at
com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40
.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
... 5 more
Keystore password in “passwd” file does not match client.pfx keystore password. refer to “keystore password” section in order to update the keystore password.