MessageHandler ist supported on these platforms
MessageHandler has only been tested mit Java 8. The following versions are supported:
Note: the Unlimited Strength Jurisdiction Policy Files must be provided in the Java installation. These files are included by default in distributions since Java 8 update 151.
MessageHandler works perfectly under the 64bit edition of Windows. However, we recommend using it with the 32bit version of the Java runtime. In order to use the MessageHandler product with a 64bit Java runtime, the supplied Service Wrapper (wrapper.dll) must be replaced with a 64bit version. Please note, that the 64bit version of the Service Wrapper is a commercial product of Tanuki Software, which we cannot redistribute for free.
To diagnose the problem, inspect the file c:\Program Files (x86)\Open eGov MessageHandler\log\message-handler.log
, while the MSI Installer still displays this error dialog:
Note, that MessageHandler refuses to install, if you specify directories in the installations wizard,
which do not exist!
Inspect the installation logfile and search for error messages like
MSI (c) (7C:54) [14:32:12:501]: Note: 1: 1314 2: /Program Files/Sedexclient/interface MSI (c) (7C:54) [14:32:15:251]: Product: Open eGov MessageHandler -- Error 1314. The specified path '/Program Files/Sedexclient/interface' is unavailable. |
Alternatively: Execute the MSI installation from the command line. This way the installation process produces a logfile, which may (on may not) contain valuable information.
msiexec /i "C:\MessageHandler.msi" /L*V "C:\MessageHandler_Installer.log" |
Do not remove the service or installed files manually! This will break the process of uninstalling the software and thus will lead to the impossibility to reinstall and/or update MessageHandler.
However if you are in the situation that neither uninstalling nor installing works please run the appropriate Microsoft Fix-it to return to a working state.
Download Microsoft Fix-it from support.microsoft.com or download it from Open eGov Wiki.
The local service account has to be used, if the server is a member in a Windows domain. Using a domain with local adminstrator rights will not work.
Under Windows we recommend using absolute path names including either drive name or UNC paths. For MessageHandler prior to version 3.1.2 we recommend using slashes as path separators:
C:/sedex/inbox d:/data/messagehandler/inbox //fileserver.some.domain.ch/sedex/outbox |
Suppose you configured an inbox located on a mounted remoted directory such as
<outbox dirPath="O:/application_a/interface/outbox" msgType="10301"> |
If MessageHandler complains on startup with a message like
Directory: O:\application_a\interface\outbox either not exist or is not a directory |
then first check, if the user account under which the MessageHandler service is run has access to the configured directory. If you can list the directory (using dir O:\application_a\interface\outbox
), then it is probable that the Java runtime has problems with the drive letter mapping. Try using the UNC path instead:
<outbox dirPath="//fileserver.some.domain.ch/interface/outbox" msgType="10301"> |
Generell empfehlen wir, pro Maschine nur eine sedex Client und MessageHandler Instanz zu installieren.
Wenn Sie auf einer einzigen Windows Maschine mehrere Instanzen des MessageHandlers betreiben wollen, gehen Sie wie folgt vor:
wrapper.ntservice.name
, wrapper.ntservice.displayname
, wrapper.ntservice.description
in der Datei conf/wrapper.conf
jeder Instanz entsprechend Ihren Bedürfnissen an./config/messageHandler/webserviceInterface/@port
in der Datei conf/config.xml
). Jede Instanz braucht einen eigenen Port, sonst kann der Messagehandler den Webservice nicht starten.If you installed MH using the MSI installer, be aware, that the installer always performs a completely new installation. It is not conceive to perform an upgrade! So back-up your MH configuration before installing the new version.
To upgrade:
The MH configuration file config.xml lists all the directories and files to back up. The XML elements referencing the directories to back up are:
If starting MessageHandler for the first time after a fresh installation, you will notice the following error message in the file
[ERROR] WrapperListener_start_runner DbLogService Table not found in statement [DELETE FROM status WHERE (received_date IS NULL AND DATEDIFF('dd', sent_date, CURRENT_TIMESTAMP) > ?) OR DATEDIFF('dd', received_date, CURRENT_TIMESTAMP) > ?] Query: DELETE FROM status WHERE (received_date IS NULL AND DATEDIFF('dd', sent_date, CURRENT_TIMESTAMP) > ?) OR DATEDIFF('dd', received_date, CURRENT_TIMESTAMP) > ? Parameters: [2, 2] |
This error message can be ignored, as a automatic cleanup job of MessageHandler tries to cleanup a database table, which has not yet been created.
A known bug in MH prior to version 3.4.0 (on Windows only!) corrupts the status database. If you encounter a log entry complaining about an java.sql.SQLException
in wrapper.log
or message-handler.log
upon startup of MH such as
INFO | jvm 1 | 2019/05/22 09:38:19 | Exception in thread "Thread-2" java.lang.IllegalStateException: log service cannot be started: java.sql.SQLException: Table already exists: STATUS in statement [CREATE CACHED TABLE status] Query: CREATE CACHED TABLE status (participant_id VARCHAR(255) NOT NULL, filename VARCHAR(255) NOT NULL, message_id VARCHAR(255), sent_date DATETIME, received_date DATETIME, status TINYINT NOT NULL, source TINYINT NOT NULL, UNIQUE (participant_id, filename)) Parameters: [] INFO | jvm 1 | 2019/05/22 09:38:19 | at ch.admin.suis.msghandler.common.MessageHandler.startLogService(MessageHandler.java:180) INFO | jvm 1 | 2019/05/22 09:38:19 | at ch.admin.suis.msghandler.common.MessageHandler.run(MessageHandler.java:165) INFO | jvm 1 | 2019/05/22 09:38:19 | at java.lang.Thread.run(Thread.java:748) STATUS | wrapper | 2019/05/22 09:38:21 | <-- Wrapper Stopped |
or
Caused by: java.sql.SQLException: Violation of unique index SYS_IDX_47: duplicate value(s) for column(s) in statement [UPDATE status SET status = ?, received_date = ? WHERE message_id = ?] Query: UPDATE status SET status = ?, received_date = ? WHERE message_id = ? Parameters: [2, 2019-11-25 08:37:31.217, fa3d12fa-d16c-4d54-af45-27ea311cafb9] |
the following instructions get MH going again:
<workingDir dirPath="..."/>
in the config.xml file.dataHoldTimeInDays
in the element <statusDatabase>.
A value of 2 is usually enough.be aware of the fact, that with this you remove the status database. If your application checks the status of messages using the MH REST interface, you will loose the state information of not already delivered messages! In this case you must probably change the state of these messages manually in your applications database.
To start the Java application as a native Windows service the Tanuki Wrapper is used. This executable is signed and the corresponding certificate must be trusted by the operating system. If this isn’t the case the following statements are logged into wrapper.log
/WARN | wrapper | 2018/04/23 10:49:13 | A signature was found in "C:\BKS\open-egov-msghandler_8-LU-32\bin\wrapper.exe", but checksum failed: (Errorcode: 0x800b010a) A certificate chain could not be built to a trusted root authority. (0x800b010a)/ /WARN | wrapper | 2018/04/23 10:49:13 | Signer Certificate:/ /WARN | wrapper | 2018/04/23 10:49:13 | Serial Number: / /WARN | wrapper | 2018/04/23 10:49:13 | 00 90 4d 8f d1 f3 86 8a ad 5f 17 e8 93 41 c3 08 f2 / /WARN | wrapper | 2018/04/23 10:49:13 | Issuer Name: COMODO RSA Code Signing CA/ /WARN | wrapper | 2018/04/23 10:49:13 | Subject Name: Tanuki Software Ltd./ /WARN | wrapper | 2018/04/23 10:49:13 | TimeStamp Certificate:/ /WARN | wrapper | 2018/04/23 10:49:13 | Serial Number: / /WARN | wrapper | 2018/04/23 10:49:13 | 16 88 f0 39 25 5e 63 8e 69 14 39 07 e6 33 0b / /WARN | wrapper | 2018/04/23 10:49:13 | Issuer Name: UTN-USERFirst-Object/ /WARN | wrapper | 2018/04/23 10:49:13 | Subject Name: COMODO SHA-1 Time Stamping Signer/ /WARN | wrapper | 2018/04/23 10:49:13 | Date of TimeStamp : 2017/09/25 12:55:53The error is not directly related to the Wrapper's signature, therefore continue.../ |
Please follow the instructions on https://wrapper.tanukisoftware.com/doc/german/troubleshooting.html#9 to solve this issue.
When you try to configure a signing outbox for a nativeApp and the startup of MessageHandler fails with an error message (found in log file log\message-handler.log
) like
Caused by: java.io.FileNotFoundException: .....\${ADAPTER_HOME}\certificate\prod-bit\......p12
... 8 more
then do the following:
..\adapter\conf\certificateConfiguration.xml
) ${ADAPTER_HOME}
with the path of your sedex installation directoryWhen you try to configure a signing outbox for a nativeApp and the startup of MessageHandler fails with an error message (found in log file log\message-handler.log
) like
org.apache.commons.configuration.ConfigurationException: Unable to validate sedex certificate config. ex: Content is not allowed in prolog. at ch.admin.suis.msghandler.util.XMLValidator.validateSedexCertificateConfig(XMLValidator.java:62) at ch.admin.suis.msghandler.config.SedexCertConfigFactory.<init>(SedexCertConfigFactory.java:57) at ch.admin.suis.msghandler.config.SigningOutboxSedexCfg.refresh(SigningOutboxSedexCfg.java:67) at ch.admin.suis.msghandler.config.SigningOutboxSedexCfg.<init>(SigningOutboxSedexCfg.java:56) at ch.admin.suis.msghandler.config.ClientConfigurationFactory.init(ClientConfigurationFactory.java:247) at ch.admin.suis.msghandler.config.ClientConfigurationFactory.<init>(ClientConfigurationFactory.java:106) at ch.admin.suis.msghandler.common.MessageHandlerService.start(MessageHandlerService.java:95) at org.tanukisoftware.wrapper.WrapperManager$11.run(WrapperManager.java:4042) Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog. |
in this case there is most probaly a UTF-8 BOM (byte order mark) at the very beginning of the certificate configuration file of your sedex client (usually ..\adapter\conf\certificateConfiguration.xml
). Use a text editor like Notepad++ (on Windows) to convert the file to a UTF-8 file without the BOM (or use a binary editor and remove the 3 first bytes EF BB BF).
Wenn der MessageHandler die Files aus der sedex inbox nicht verarbeitet, dann liegt das typischerweise an fehlenden Berechtigungen.
Wenn Sie unter Windows in der Datei suis-message-handler.log
eine Meldung dieser Art sehen:
java.lang.IllegalArgumentException: IRGEND_EIN_DIRECTORY is not a directory |
dann müssen Sie überprüfen, ob der User, als der der MessageHandler Service (Dienst) läuft, überhaupt die Berechtigung hat, das Directory zu lesen und zu schreiben. Wenn sie den Message Handler unter Windows durch Ausführen von InstallMessage-handler-NT.bat
als Service/Dienst installiert haben, dann präsentieren sich anschliessend die Eigenschaften des Dienstes wie folgt:
Sie müssen hier den User eintragen, der die Berechtigung hat, das Directory zu lesen und zu schreiben.
MessageHandler determines the sedex ID of the recipient by inspecting the names of the files. A Groovy script is responsible to fumble the sedex ID out of the filenames. The Groovy script has to be configured in the file config.xml
in the participantIdResolver
tag.
The script which has to be referred there, is something like this
/** * Leitet aus einem übergebenen Filenamen die sedex ID des Empfängers * ab. * Dieser Resolver funktioniert für * - eSchKG Meldungen * sedex ID wird aus dem Filenamen extrahiert. * * @param filename the name of the file to be sent including path * @return the resolved Sedex-ID or an empty string * * Igor Metz, 2011-10-20 */ def String resolve(String filename) { // Wenn das File in der eSchKG Outbox liegt, geht es an den im Filenamen // bezeichneten Empfänger def matcher = (filename =~ /^.*\/([1-9]-[0-9A-Z]+-[0-9]+)_.*/) if (matcher.matches()) { return matcher.group(1) } // Wenn alle Stricke reissen: leer zurückgeben return '' } |
This warning can safely be ignored. MessageHandler produces this warning when it has to process a larger batch of eSchKG/e-LP/e-LEF messages and the Sedex adapter already sent out some of the produces Sedex messages while MessageHandler is still processing the batch. The MessageHandler is then surprised by missing envelopes.
If MessageHandler fails to sign PDF files and logs a FATAL error like this in message-handler.log
2016-03-01 13:38:30.881 [FATAL] DefaultQuartzScheduler_Worker-6 SenderSessionImpl Not able to sign PDFs. Ex when signing: Cannot open certificate. Is the password correct?, Signing Outbox: signingoutbox ch.admin.suis.msghandler.signer.SignerException: Ex when signing: Cannot open certificate. Is the password correct?, Signing Outbox: signingoutbox at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:159) at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:96) at ch.admin.suis.msghandler.sender.SenderSessionImpl.handleSigning(SenderSessionImpl.java:282) at ch.admin.suis.msghandler.sender.SenderSessionImpl.createMessages(SenderSessionImpl.java:108) at ch.admin.suis.msghandler.sender.Sender.execute(Sender.java:63) at ch.admin.suis.msghandler.sender.SenderJob.execute(SenderJob.java:73) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529) Caused by: ch.admin.suis.batchsigner.BatchException: Cannot open certificate. Is the password correct? at ch.admin.suis.batchsigner.BatchRunnerBuilder.getPKCS12Keystore(BatchRunnerBuilder.java:567) at ch.admin.suis.batchsigner.BatchRunnerBuilder.buildPdfSigner(BatchRunnerBuilder.java:434) at ch.admin.suis.batchsigner.BatchRunnerBuilder.buildMinimal(BatchRunnerBuilder.java:211) at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:143) ... 7 more Caused by: java.io.IOException: exception decrypting data - java.security.InvalidKeyException: Illegal key size at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.cryptData(Unknown Source) at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(Unknown Source) at ch.admin.suis.security.tools.keystore.SignerKeystorePKCS12.<init>(SignerKeystorePKCS12.java:103) at ch.admin.suis.batchsigner.BatchRunnerBuilder.getPKCS12Keystore(BatchRunnerBuilder.java:563) ... 10 more |
Reason: your Java installation does not have the Unlimited Strength Jurisdiction Policy Files installed.
Although MessageHandler uses the log4j software library, MessageHandler is not affected by the vulnerability. The reason is that MessageHandler uses an older version of log4j, which is not vulnerable.
Please note that the sedex client, with which MessageHandler work together, is also not vulnerable in versions > 5.0.