/
Explicit FTPS Reception - “Parameters” -> “Source”

Explicit FTPS Reception - “Parameters” -> “Source”

Owned by Roberto Clemente Velilla (Deactivated)
Last updated: jun 29, 2023 by Carlos Prieto
8 min read

In this section, the parameters to set the files to be deposited in the server and the connection and transfer data of the FTPS server are defined.



File Access Parameters”

These parameters must be defined to set the location and name of the file that the channel must create in the FTPS server. The adapter supports “variable substitution” for the directory and file names. It means that if a variable named “var1” is defined (in the “variable substitution” section of the channel, explained later), it can be used to form the file name or the target directory name by putting %var1% in the text.



Target directory: Defines the path where the channel will create the target file. Supports the use of "variable substitution".

Create Target Directory: If this flag is selected, the channel will create the target directory if it does not exist.

File Name: Target file name. Supports the use of "variable substitution".



During message processing, the following options can be done:

  • Create a file with the XML Signature of the message file. The check “sign file” must be activated to indicate to the adapter that the file with the XML Sginature of the message content should be created.

  • Create a file with the checksum of the message content. The check “checksum file” must be activated to indicate to the adapter that the file with the checksum of the message content should be created.

  • Create an empty “done” file, in the target, to indicate the completion of the creation of the file associated to the message. The check “put done file” must be activated to indicate to the adapter that the done file should be created when the transfer of the message to the target file is ended.



Sign file: Indicates that for the file associated to the PI message, another file must be created with the XML Signature of the message content. The following parameters can be defined to create the sign file:

  • Signature file name schema: Indicates the schema that the name of the sign file to be created must follow. Special characters supported are.

  •  

    • %f: Message file name.

    • %fwoe: Message file name, without extension.

    • Signature Certificate KeyStore: Name of the VIEW of SAP Keystore of J2ee where the X.509 certificate to be used for the digital signature is stored.

  •  

    • Signature Certificate Name: Name of the X.509 certificate, of SAP Keystore of J2ee, to be used for the digital signature.

    • Signature PrivateKey KeyStore: Name of the VIEW of SAP Keystore of J2ee where the private key to be used for the digital signature is stored.

    • Signature PrivateKey Name: Name of the private key, of SAP Keystore of J2ee, to be used for the digital signature.

    • Signature Algorithm: Indicates the signature algorithm. Supported algorithms are:

      • DSA

      • ECDSA SHA1

      • RSA

      • RSA MD5

      • RSA RIPEMD160

      • RSA – SHA1

      • RSA – SHA256

      • RSA – SHA384

      • RSA – SHA512



  • Digest Algorithm: Indicates the digest algorithm to be used in the XML signature. Supported algorithm are:

  •  

    • MD5

    • RIPEMD160

    • SHA1

    • SHA256

    • SHA384

    • SHA512



  • Canonical Algorithm: Indicates the canonical algorithm to be used in the XML signature. Supported algorithms are:

    • Exclusive c14n with comments

    • Exclusive c14n without comments

    • Inclusive c14n with comments

    • Inclusive c14n without comments





Checksum file: Indicates that for the file associated to the PI message, another file must be created with the checksum of the message content. The following parameters must be defined to create the checksum:

  • Checksum file name schema: Indicates the schema that the name of the checksum file to be created must follow. Special characters supported are:

    • %f: Message file name.

    • %fwoe: Message file name, without extension.



  • Checksum Algorithm: Indicates the algorithm to create the checksum. Supported algorithms are:

    • MD5

    • RIPEMD160

    • SHA1

    • SHA256

    • SHA384

    • SHA512



Put done file: Indicates that an empty file indicating a successful completion of the transfer will be created when the creation of the file associated to the PI message is finished. Parameters to be defined are:

  • Done file name schema: Indicates the schema that the name of the done file to be created must follow. Special characters supported are:

  •  

    • %f: Message file name.

    • %fwoe: Message file name, without extension.





FTPS Connection Parameters”

Parameter list, to be report in the channel, to configure the server access and the file transfer.



The following configurable options can be defined:

  • FTPS server data (machine and port). The default port for the Explicit FTPS connection is the port 21.

  • “Timeout” for the connections, meaning the inactivity time of these connections.

  • “Data Connection” refers to the connection mode with the FTPS server, meaning if the connection is established by the adapter (Active mode) or by the FTPS server (Passive mode).

  • “Connection Security” refers to if only the process of connection establishment (control) or also the file transfer (data) is secured.

  • Proxy data, if the FTPS server connects through it. The proxy types supported by the adapter are HTTP, SOCKS4 and SOCKS5. Basic authentication data (user/password) for these proxies can be defined.

  • Check the trust with the FTPS server. If this option is activated, the adapter checks if the FTPS server certificate is in the store of trust certificates of SAP NW PI. If it is activated and the certificate of the server or one of its CAs are not in the keys store of SAP NW PI, the connection process will be canceled. On the contrary, if it is there or the check is disabled by configuration, the connection process will continue.

  • Authentication data against the FTPS server. The adapter supports basic authentication (user/password) or authentication by certificate. To use an authentication mechanism by certificate, this certificate must be stored in the file system of SAP NW PI. The certificate must have a PEM format and must contain an X.509 certificate with its corresponding private key (it must be a RSA or DSA key). This file can be protected by “passphrase”. The file content would look like:



-----BEGIN xxx PRIVATE KEY-----

... client's private key ...

-----END xxx PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

... client's certificate ...

-----END CERTIFICATE-----



  • Enabling/disabling specific actions of certain FTPS servers.

    • Disable Wait On Close

    • Disable SSL Closure

    • Disable Session Resumption

    • Connection mode used by the adapter. It defines by configuration if the FTPS connections for the channel are permanently set (there is always an open connection for the channel and all files are transfer through this connection) or they are individually set for each file transfer (a connection is opened for each file transfer).



    • Transfer mode of the files. The transfer mode can be binary or ASCII.

    • Activate the throttling to control the network bandwidth in file transfers. If the files to be transferred by the channel can cause congestion of the network or for security in environments with limited bandwidth networks, the bandwidth to be used by the channel can be limited by activating this option and defining the bandwidth limit.

    • Activate the information compression. There are FTPS servers that allow to receive compressed files to be transferred, which are compressed using the algorithm zlib. If the server connected to the channel has this option enabled, the FTPS adapter allows to activate the option in the channel so the contents of the files could be sent compressed.





The parameters to define these functional aspects are:



Server: Name or IP address of the FTPS server.

Port: Port for the Explicit FTPS connection (21 by default).

Data Connection: Defines if the connection with the FTPS server is started by the client, meaning the adapter, (active mode) or by the FTPS server (pasive mode).

  • Passive Mode

  • Active Mode

Timeout (secs): Number of seconds that an established connection can remain inactive before closing. By default, the adapter sets a timeout of 1 minute.

View Proxy: If this flag is activated, the connection against the FTPS server will be done through a proxy. Therefore, it shows the parameters to configure this connection. If the flag is not activated, the connection against the FTPS server will be direct.

Proxy Type: Allow to define the proxy type against it is connected. Supported proxy types are:

  • HTTP

  • SOCKS v.4

  • SOCKS v.5

Proxy Host: Name or IP address of the proxy.

Proxy Port: Proxy port.

View Proxy User Authentication: If this flag is activated, “Proxy User” and “Proxy Password” fields are obligatory. If this flag is not activated, the connection with the proxy will be done without authentication.

Proxy User: Proxy connection user.

Proxy Password: Password of the user above for the proxy connection.

Activate Server Certificate Validation: If this flag is activated, the adapter will verify that the certificate send by the server to set the secure connection by SSL is in the store of trusted sites of SAP NW PI. In this way, if this option is activated the FTPS server certificate or the certificate of the root CA which issued that certificate in J2EE Keystore of SAP NW PI, in the TrustedCAs view, must be defined.

Connection Security: There are the following options:

  • FTPS (FTP over SSL/TLS) for Control Connection: Transport security is only used for the connection process, but not for the file transfer.

  • FTPS (FTP over SSL/TLS) for Control and Data Connection: Transport security is used for the connection process and file transfer.

Use X.509 Certificate for Client Authentication: There are FTPS servers that require authentication of the user certificate connecting. If this flag is actived, the adapter will send the information of the certificate defined in the appropriate fields (explained later).

User Name: FTPS user name.

Password: FTPS user password.



Parameters for “use X.509 Certificate for Client Authentication”:

X.509 Certificate File Directory: Directory of the SAP NW PI server where the file with the X.509 certificate in PEM format with the user private key is.

X.509 Certificate File Name: Name of the file with the certificate and user private key.

X.509 Certificate Passphrase: Password for the private key of the certificate, if it is encoded.



Disable Wait On Close: If this flag is activated, the adapter wait for the “SSL closure ack” in the “control channel” and the “data channel” is stopped. This flag could be useful when the FTP connection is closed.

Disable SSL Closure: If this flag is activated, the standard “SSL Closure” is disabled forcing the SSL connections of the control and data channels to be closed in a non-standard way. This flag can be useful if the server is paused after a data transfer or when the FTP connection is closed.

Disable Session Resumption: If this flag is activated, the Session Resumption is disabled. Session Resumption is a feature of SSL/TLS, which accelerates the establishment of secure connections caching certain cryptographic parameters during the first connection, wich can be used in later connections. This function can be specially useful for those channels that open a new connection for each file transfer. Occasionally, it can cause problems when secure connections for data channels are established, so this flag is useful for disabling this option and forcing a complete exchange of cryptographic data for each file transfer.

Connect Mode: Represents how to connect to the FTPS server. Possible modes are:

  • Permanently: (By default) A permanent connection is established with the channel. All transfers will use this connection.

  • Per File Transfer Mode: A new connection is established for each file transfer.

Transfer Mode: File transfer mode. Possible values are:

  • Binary: (By default) Binary transfer.

  • Text: ASCII mode transfer.

Use Throttling: If this flag is activated, the bandwidth will be limited according to the value defined in the “Bandwidth to Limit (Kbps)” parameter.

Bandwidth to Limit (Kbps): Bandwidth limit to be used in data transfer. It is measured in Kbps (kilobits per second) and it is an obligatory field if throttling was activated.

Use Data Compression (with zlib alg.): If this flag is activated, the transferred content will be compressed in the adapter using the zlib compression algorithm.

Avvale 2024