Add AS2 CEM feature

[uhurusurfa]

Add support for the AS21.2 spec by adding Certificate Exchange Management functionality.

NOTE: Please leave a comment on this if you think you would like to use this functionality.

[akasparas]

I have very little experience with AS2 servers: implemented it in two organizations with two distinct partners. In my experience...

One partner advertises CEM support. But they use certs with very long expire time and this functionality will hardly be used with them.

Another partner does not advertise CEM support and change certificates every year. That process does not always go smoothly and they sometimes send messages signed/encrypted with old certificates past agreed change moment.

It would be easier to work with second partner if OpenAS2 would support option to configure more than one certificate with partner, allow to configure date-time intervals when each certificate is preferred, and at the same time accept messages signed/encrypted with slightly dated certificates.

Support for multiple certificates would be necessary for full CEM support anyway. So, this could be an intermediate feature whitch would help certificate rotation immediately before full CEM is in place or with partners without CEM.

[uhurusurfa]

There is already support for certificate switchover where OpenAS2 will use the configured certificate to try process inbound messages and then try an optional configured fallback certificate.

Look in the documentation section 8.4.5 - Overlapping Old And New Certificates When Changing

[akasparas]

Thanks for the pointer! This feature solves my problems. I just have to find a moment to upgrade from v2.14, where this feature not yet present.