Technically integrated into the application, the Bolero Terminal is an enhancement to the application. The Application creates and draws on banking messages; the Bolero Terminal facilitates the exchange of messages using the Bolero CMP, including the handling of the Bolero protocol.
The following components are specific to the Bolero Terminal:
Type | Element | Description |
---|---|---|
Module | SRVBOI/SRVBTI | Service for incoming Bolero messages (in SWITSK) |
Module | SRVBOL | Service for outgoing Bolero messages (in MGRTSK) |
Module | EMLMOD | Module to handle Email messages, in particular multipart MIME messages with Bolero-specific types of data |
Module | SYSTDT | Interface to the Shared Library “tdtool” |
Module | BOLMODT | Help module for the Bolero Terminal “Common Functions” |
Module | BOLMODU | Help module for Bolero generally “Utility Functions” (is also used in business transactions) |
Module | BOISAX | Module for the Sax parser for business messages |
Module | BOISAXM | Module for the Sax parser for SMSG / FMSG messages |
Shared Library | tdtool | Shared Library that provides the required cryptography and encode/decode functions |
Configuration File | mgrtsk.ini, Section [SRVBOL] | Configuration of outgoing messages (also used for acknowledgments sent by SRVBOI) |
Configuration File | switsk.ini, Section [SRVBOI] | Configuration of incoming messages |
Configuration File | emlmod.ini, Section [System] | Configuration of the Email interface (delimiter, trace, switching off encryption) |
As with the configuration files, certificates required are stored as flat files in the “ini” partition.
The Bolero Terminal is installed as an element of the application (either during the initial installation or through a patch).
The Bolero Terminal sends S/MIME messages to this central address.
In the application, the address is stored in bolero.ini, Section [Terminal], Entry 'BolEml=' and is maintained in the “Bolero's Email Address for Bolero Terminal” field on the Bolero tab in the Task Manager.
The address is read in “SRVBOL.init” and “SRVBOL.init” with BOLMODT\BolBolEml = GetIniStr (“bolero.ini”, “Terminal”, “BolEml”).
The following addresses can be used:
The Bolero public key for “Messaging” is required from the Bolero Terminal
Bolero supplies the public key in a PEM certificate either as a download or per Email. The certificate is then stored in a file in the .ini directory from where it is used by the Bolero Terminal. The file name is determined by <Email address> plus the extension '_cert.pem' - thus, for example:'ini/messaging@test.boleroserve.net_cert.pem'.
Another public key (the key that is used once the current certificate has expired) can be saved with the extension '_alt_cert.pem'.
The certificate is stored as a legible, base-64 encoded text and appears as follows:
—–BEGIN CERTIFICATE—–
MIIDqDCCAxGgAwIBAgIEN941xzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJHQjEiMCAGA1UE
ChMZQm9sZXJvIEludGVybmF0aW9uYWwgTHRkLjAeFw0wODExMDYwOTAxMzNaFw0wOTExMDYwOTMx
MzNaMFExCzAJBgNVBAYTAkdCMSIwIAYDVQQKExlCb2xlcm8gSW50ZXJuYXRpb25hbCBMdGQuMR4w
HAYDVQQDExVjbXAgbWVzc2FnaW5nIDE3IHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AOOgHPRyEpCxiDp9vasSQTiy3aPzxalfGSIz7ESbIKwZ5cP7Q2doa44jpFouwuka0hUCW2MCySHf
rRlYZC2QNp2eJyBLyIbHvL/Vy+aSvS97XpONe316kOymcRCLtDslf8UqdI1IVO5p5f7IItW3a6QV
maD0eJzk6ffzS4Q3M+SBAgMBAAGjggGrMIIBpzCBrgYDVR0gBIGmMIGjMIGgBgYrfIgEBQEwgZUw
MwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cuYm9sZXJvLm5ldC9sZWdhbC9jZXJ0L3AxLmh0bTBeBggr
BgEFBQcCAjBSGlBUaGlzIENlcnRpZmljYXRlIGlzIG9ubHkgZm9yIHRlc3RpbmcgdGhlIEJvbGVy
byBTeXN0ZW0gYW5kIGlzIHdob2xseSB1bnJlbGlhYmxlLjALBgNVHQ8EBAMCBLAwKwYDVR0QBCQw
IoAPMjAwODExMDYwOTMxMzNagQ8yMDA5MDcxOTIxMzEzM1owVAYDVR0fBE0wSzBJoEegRaRDMEEx
CzAJBgNVBAYTAkdCMSIwIAYDVQQKExlCb2xlcm8gSW50ZXJuYXRpb25hbCBMdGQuMQ4wDAYDVQQD
EwVDUkw2MzAfBgNVHSMEGDAWgBSge8TZzP9Oo88+xgr6X9o4rjegezAdBgNVHQ4EFgQU+PaE/TGQ
WORxoKHOomF+D8ehFaUwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNC4wAwIEsDANBgkq
hkiG9w0BAQUFAAOBgQChnv/vMWM5X9zFGYbUVCMOBMUXDYSu0ldEpuVOK0ibr5IU+VoZeLVderzC
FIAOmUiFQo7o/gIkci0vApW+bInaBGnvoRS6YwGrtyeG22Ge+vXj3vO3kLJUWZMjt23BqacboSnZ
baJ7mUFrIv4qXpY94VWzDobdAM6dFr4kG9iXDw==
—–END CERTIFICATE—–
An Email address is required for each Bolero RID. The Bolero CMP sends messages to this address in S/MIME format for the related RID.
The RID and the related Email address are stored in the BOLRID and BOLEML field of the ETA table. The RID and the Email address are entered, together with static data transactions for the entity addresses, on the “Entity” and “Entity Group Details” panels.
In the application, the values are stored in bolero.ini, Section [Terminal], Entry 'BolEml=' and are maintained in the 'Bolero's Email Address for Bolero Terminal' field on the Bolero tab in the Task Manager.
The values are read in “SRVBOL.init” and “SRVBOL.init” with BOLMODT\BolBolEml = GetIniStr( “bolero.ini”, “Terminal”, “BolEml” ).
The Bolero private key for 'Messaging' is required from the Bolero Terminal
(The public key to private key is required by Bolero for relevant symmetric functions.)
A key pair is required for each RID. The key is generated using the Bolero Web Interface within Microsoft's Internet Explorer's keystores in line with the following description (for the test system):
On https://interactive.test.boleroserve.net/index.asp
Go To the SA functionality at the top
You will now be in the create certificate screen
1- Choose appropriate CAPI PROVIDER
2- Make sure the Key is “exportable”
3- Insert common name (e.g Messaging)
4- Click on Generate Cert Request
5- Make a note of the Certificate ID
6- Click on Submit
7- Install or download
You will now need to assign functionality to this certificate
1- Go to “Assign Function Certificate” on the screen
2- Choose the rid you want (in this case dosgmbhtest)
3- Choose the “Messaging” role to update
4- Choose the “Certificate ID” of the newly created certificate
5- Click on submit
6- Click on submit again to confirm
7- Repeat the same process with “Messaging Security admin” & “Monitoring roles”
Before the private key can be used by the Bolero Terminal, a certificate with this private key has to be exported as described below, and transported to the system on which the Bolero Terminal operates. This description applies to Internet Explorer 6, but should also work for other versions.
The certificate file generated (in binary format) has to be made available in the ini partition of the Bolero Terminal under the name of the Email address with the extension '.pfx'.
The password entered in the export process above to access the private key is stored in the BOLPWD field in the ETA table together with the RID and the related Email address. The password is entered with static data transactions for entity addresses on the “Entity Group Details” panel.
The following can be configured on the configuration panel for outgoing Bolero messages:
Field | Description | |
---|---|---|
Path Name | SRVBOL creates single files (e.g. PDF files for attachments) in this directory (or entity-specific sub-directory). | |
Separate Directory per Entity | If the box is checked, a sub-directory is used with the name of the entity. | |
Envelopes | Files to be created to facilitate communication with the Bolero CMP: |
|
No Envelope | Only the actually Bolero message is generated. No SMSG is generated. Attachments are not taken into account. | |
FMSG | Only used for tests without drawing on CMP; an FMSG is generated (FMSG is the message that is normally the result of an SMSG sent to the CMP that is then sent to the recipient) | |
SMSG | This is used to send the Bolero message and attachments via the Bolero Gateway or proprietary gateways. An SMSG is generated. | |
Bolero Terminal | This generates an SMSG and an S/MIME encoded Email based on this that contains the SMSG, the business document and any attachments created for dispatch to the Bolero CMP | |
Timeout | This is used to set the tag's 'TimeOut' attribute <DeliveryAttr> for the FMSG (The option Notification=“Yes” is always set) | |
Path Name | In this directory (or entity-specific sub-directory) SRVBOL generates an SMSG (or FMSG) (When using the Bolero Gateway, the SMSG and the document/attachments have to be located in two different directories , e.g. bolout/bolmsgout) |
|
Extension | This is the extension of generated SMSG/FMSG files (not relevant for the Bolero Terminal as the SMSG is not stored in the file system) | |
Send Technical Messages Formatted | If checked, technical messages (such as SWIFT messages, for example) are prepared for print if they are to be send as an attachment. | |
Text To Be Inserted Into Header | ||
Boleros Email Addresse für Bolero Terminal | The Bolero Terminal sends S/MIME messages to this central address. | |
Method of Dispatch | Only for the Bolero Terminal: This determines how an Email is to be transfered to the Email system. |
|
Pickup Directory | The Email is created in this directory (an absolute path or in the 'tmp' partition) in RFC 822 format. The Email system has to be configured in such a manner that files can be automatically sent from the directory. | |
Unix sendmail | The Email is created in the tmp partition and, after launching sendmail -t, is transfered to the Email system. | |
Customer specific | Another procedure. Needs to be implemented as a rule - 'SendMailStreamCus' - and available globally. | |
Delimiter | Only for Bolero Terminal: Vertical spacing for the generated Email file (in accordance with CMP requirements CRLF is always used with the x-Bolero envelope). |
|
Pickup Directory | Only for Bolero Terminal: this identifies the 'Pickup Directory' | |
Job Execution / Job | Not for Bolero Terminal: Any job/script that might need to be triggered after generating the SMSG. |
The following can be configured on the configuration panel for incoming Bolero messages:
Field | Description | |
---|---|---|
Triggered by | Document | No xMSG available; processing is triggered by the business document itself |
FMSG | Triggered by the receipt of FMSG and business documents via the Bolero Gateway or a proprietary gateway | |
SMSG | This is used for test without drawing on the CMP; an SMSG is anticipated as a trigger | |
Email (Bolero Terminal) | This processes S/MIME Email that contain the FMSG, business documents and any attachments | |
RIDs / BICs | Only used when 'Document' (without FMSG/SMSG) is used in 'Triggered by' field: If RIDs appear in the document they are handled as the recipient (OWN bank) | |
Print Type | The incoming message (xmSG or document) can be printed in its 'raw' format; the following fields specify how and where. Attachments are not printed. | |
Path Name | Location for incoming files (depending on the trigger, these can be Emails, xMSGs or Bolero documents) | |
File Extension | Extension of the triggering documents - can be empty. | |
Documents in | If the incoming message is triggered by FMSG/SMSG (Bolero Gateway), attachment/business documents reference in the FMSG/SMSG are expected to be found in this directory. |
UACKs are generated and sent only when 'Bolero Terminal' has been selected. UACK messages are sent directly from SRVSWI. Settings for this are transfered from SRVBOL in the MGRTSK. In this case, the output for this needs to be configured first.
The following additional entries in the section [System] for emlmod.ini can be used for debugging and can be configured using any suitable editor or by using the XEMLMD test transaktion:
TRCFLG | When the flag is not empty: - temporary files generated during encoding/decoding are not deleted, but remain available for reporting/statistical purposes - entries are made in the EMLMOD\TRCSTM stream for decoding steps. After decoding, EMLMOD\TRCSTM is available for reporting/statistical purposes in a dump/manually generated dump. |
ENCFLG | Generated messages are only encrypted when this flag is empty (or is not available) or is marked as 'Y'. Encryption should really not be switched off in live operations. It only makes sense to switch off encryption for environments where encryption has been supressed, or for debugging purposes (it would still be possible to analyze generated messages, even if the recipient's private key is not available) |
The bank's own Email system needs to be configured in such as manner that an Email addressed to a recipient appears in the transport format (as specified in RFC 822, or RFC 2045 to RFC 2049) in the Bolero Terminal's incoming directory (see below).
Outgoing messages from the Bolero Terminal to the Bolero CMP are generated in S/MIME format.
The SRVBOL configuration panel allows the bank to configure not only where the file is to be saved, but also what vertical spacing is to be used and how it is to be transferred to the - system (launching sendmail, storing in the pickup directory of the Email system or another installation-specific interface). In any event, an RFC 822 message from the Bolero Terminal has to be transfered to the recipient's Email system is such a way that the message can be routed to the recipient indicated (Email address of the Bolero CMP).