The following section describes what the Pull Send Agent is and what its responsibility is:
Agent Responsibility
The Pull Send Agent is responsible for sending AS4Messages.
This agent doesn't take the initiative to start sending messages. Instead, the Pull Send Agent waits until he receives a PullRequest signal message.
When the Pull Send Agent receives a PullRequest, the agent responds by sending the 'to-be-sent' AS4Message. If there are no UserMessages available for the received PullRequest, the agent responds with an Error message that contains a warning which indicates that there are no messages available.
Message Flow
The Pull Send Agent is configured with a HTTP receiver. The agent is idle until it receives a PullRequest signalmessage.
Upon receival of a PullRequest signalmessage, the Pull Send Agent inspects the information that is contained in the received PullRequest. The Pull Send Agent will lookup the UserMessages in the datastore that are waiting to be sent via Pulling and whose Message Partition Channel (MPC) matches the MPC that is present in the PullRequest message. The oldest of those messages is sent by the Pull Send Agent by writing it to the HTTP response stream of the HTTP request on which the PullRequest was received.
The selected UserMessage will only be sent by the Pull Send Agent if the receiving MSH (the MSH that has sent the PullRequest) is allowed to receive messages for the requested MPC.
If the PullRequest is signed, the Pull Send Agent will inspect the Authorization Map for an entry that matches the requested MPC and a certificate thumbprint that matches the thumbprint of the certificate that was used to sign the PullRequest. If the Authorization Map states that this combination is allowed, the selected UserMessage will be sent, otherwise the agent will respond with an Error saying that the receiver is not authorized to receive UserMessages for this MPC.
If the PullRequest is not signed then:
- The PullRequest will be authorized if the Authorization Map is empty.
- The PullRequest will not be authorized if there are entries configured in the Authorization Map.
Authorization Map
The Authorization Map is a file that's located at .\config\Security\pull_authorizationmap.xml.
This file contains authorization entries that define whether or not a receiver is allowed to receive messages for a specified MPC.
The receiver is identified by the thumbprint of the certificate that he uses to sign the PullRequest messages.
The file has the following structure:
<?xml version="1.0" encoding="utf-8"?>
<PullRequestAuthorizationMap>
<AuthorizationEntry mpc="my-pullrequest-mpc" certificatethumprint="my-certificate-thumbprint" allowed="true" />
</PullRequestAuthorizationMap>