search

Stedi-Demos / bootstrap-archived

A workflow for receiving and sending EDI documents that you can adjust to build your own EDI system.
Apache License 2.0
7 stars 7 forks source link

[enhancement] templatize AS2 provisioning #148

Open ZackKanter opened 1 year ago

ZackKanter commented 1 year ago

Rough outline of how AS2 provisioning could work:

export PARTNERSHIP=this-is-me_another-merch
export YOUR_AS2_ID=A1234567890
export PARTNER_AS2_ID=B4567890123
export PARTNER_AS2_SERVER_URL=https://as2-server.com
export PARTNER_ENCRYPTION_ALGORITM=AES256_CBC
export PARTNER_MDN_RESPONSE=SYNC
export MY_PARTNER_SIGNING_PUBLIC_KEY=<partner_public_signing_key_filename.pem>
export MY_PARTNER_ENCRYPTION_PUBLIC_KEY=<partner_public_encryption_key_filename.pem>

# create local certs

openssl req -x509 -newkey rsa:4096 -keyout ${LOCAL_PROFILE}_private.pem \
    -out ${LOCAL_PROFILE}-public.pem -sha256 -days 365 -nodes

# import local certs

stedi as2 import-certificate --name ${LOCAL_PROFILE}_signing \
    --description "${LOCAL_PROFILE}_signing" \
    --usage SIGNING \
    --private-key file://${LOCAL_PROFILE}_private.pem \
    --certificate file://${LOCAL_PROFILE}_public.pem

stedi as2 import-certificate --name ${LOCAL_PROFILE}_encryption \
    --description "${LOCAL_PROFILE}_signing" \
    --usage ENCRYPTION \
    --private-key file://${LOCAL_PROFILE}_private.pem \
    --certificate file://${LOCAL_PROFILE}_public.pem

stedi as2 import-certificate \
    --name ${PARTNERSHIP}_signing \
    --usage SIGNING \
    --description "${PARTNERSHIP}_signing" \
    --certificate file://${MY_PARTNER_SIGNING_PUBLIC_KEY}

stedi as2 import-certificate \
    --name ${PARTNERSHIP}-encryption \
    --usage ENCRYPTION \
    --description "${PARTNERSHIP}_encryption" \
    --certificate file://${MY_PARTNER_ENCRYPTION_PUBLIC_KEY}

stedi as2 create-profile \
    --name ${LOCAL_PROFILE} \
    --profile-type LOCAL \
    --as2-id ${YOUR_AS2_ID} \
    --certificate-ids <SIGNING_CERT_ID>,<ENCRYPTION_CERT_ID> # ID is different from name, so this must be retreived using `stedi as2 describe-certificate --name <CERTIFICATE_NAME>`

stedi as2 create-profile \
    --name ${PARTNER_PROFILE} \
    --profile-type PARTNER \
    --as2-id ${PARTNER_AS2_ID} \
    --certificate-ids <SIGNING_CERT_ID>,<ENCRYPTION_CERT_ID> # ID is different from name, so this must be retreived using `stedi as2 describe-certificate --name <CERTIFICATE_NAME>`

stedi as2 list-profiles

# describe each profile to get ID

stedi as2 describe-profile --name 

stedi as2 create-connector \
    --name ${PARTNERSHIP} \
    --url ${PARTNER_AS2_SERVER_URL} \
    --local-profile-id ${LOCAL_PROFILE_ID} \
    --partner-profile-id ${PARTNER_PROFILE_ID} \
    --encryption-algorithm ${PARTNER_ENCRYPTION_ALGORITM} \
    --mdn-response {$PARTNER_MDN_RESPONSE} \

# server only required if receiving AS2 messages

stedi as2 create-server --name bootstrap

stedi as2 describe-server --name bootstrap

stedi as2 create-agreement \
    --name ${PARTNERSHIP} \
    --base-directory "/as2-inbound-${STEDI_ACCOUNT_ID}/${PARTNERSHIP}" \
    --description "${PARTNERSHIP}" \
    --local-profile-id ${LOCAL_PROFILE_ID} \
    --partner-profile-id ${PARTNER_PROFILE_ID} \
    --server-id ${AS2_SERVER_ID} \
    --status ACTIVE