Feedback

Fibre passed statement of accuracy August 2019 data

Clean fibre-passed address August 2019 data

Raw fibre-passed address August 2019 data

Fibre Ordering

Chorus Portal Customer List

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Web services
  5. Chorus Portal Customer List
Back

Chorus Portal Customer List

The following table provides a list of the Chorus customers.

The Chorus system name column lists the values required in the existingProviderName field if you are transferring or replacing another customers product.

Fibre Ordering

Our Emulation Environment - EMMA

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Our Emulation Environment - EMMA
Back

Our Emulation Environment - EMMA

Fibre Ordering

Generate a Self-Signed Certificate

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Generate a Self-Signed Certificate
Back

The steps below describe how to install OpenSSL and generate a self-signed certificate.

Install OpenSSL

Use the following steps to install OpenSSL on your local machine.

Step Action
1 Download openssl-0.9.8h-1-setup from http://downloads.sourceforge.net/gnuwin32/openssl-0.9.8h-1-setup.exe.
2

Navigate to your download folder, double-click openssl-0.9.8h-1-setup.exe.

Result: the Welcome to the OpenSSL Setup Wizard is displayed.
3

Click Next.

Result: the Licence Agreement screen is displayed.
4

Click Next.

Result: the Select Desination Location screen is displayed.
5

The default install folder is: C:\Program Files (x86)\GnuWin32

Click Next.

Result: the Select Components screen is displayed.
6

Select Compact installation.

Click Next.

Result: the Select Start Menu Folder is displayed.
7

Click Next.

Result: the Select Additional Tasks screen is displayed.
8

Click Next.

Result: the Ready to Install screen is displayed.
9

Click Install.

Result: OpenSSL is installed.

Add OpenSSL Environment Variables

Step Action
1

Follow the menu Start > Control Panel > System

Click Advance system settings

Result: the System Properties screen is displayed.
2 Click Advanced tab
3

Click Environment Vairables

Result: the Environment Variables screen is displayed.
4

Under System variables

Select the Path variable
Click Edit


Add the Path to the OPENSSL bin directory, e.g.:

Field What to enter
Variable value: C:\Program Files (x86)\GnuWin32\bin

Click OK
5

Under System variables

Select New
Add a variable for the openssl.cnf file, e.g.:

Field What to enter
Variable name: OPENSSL_CONF
Variable value: C:\Program Files (x86)\GnuWin32\share\openssl.cnf

Click OK

Click OK to close the System Properties screen.

Generate the Certificate

Use the following steps to generate your certificate and private key.

Step Action
1

Open a command prompt.

Change directory to where you would like to save the certificate.
2

Note: the following command uses "key.pem" as the Private Key name, "certificate.pem" as the Certificate name and creates a certificate for one year. You may choose your own values.

Run the command openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -keyout key.pem -out certificate.pem

Result: the following message is displayed.

Loading 'screen' into random state - done Generating a 2048 bit RSA private key .........+++ ...................................................+++ writing new private key to 'secret.pem'
Enter PEM pass phrase:
3
Question What to enter
Enter PEM pass phrase: Enter a password to be associated with your Private Key.
Note: it's recommended that you use different passwords for test and Production.
Verifying - Enter PEM pass phase: Retype the password.

Result: the following message is displayed.

----- You are about to be asked to enter information that will be incorporated into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank For some fields there will be a default value,
If you enter '.', the field will be left blank. 
4
Question Cardinality Example value
Country Name (2 letter code) [AU]: Optional  NZ
State or Province Name (full name) [Some-State]: Optional  WLG
Locality Name (eg, city) []: Optional  Wellington
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Optional  Test RSP Ltd
Organizational Unit Name (eg, section) []: Mandatory Support
Common Name (eg, YOUR name) []: Mandatory Test RSP
Email Address []: Optional  Tester@TestRSP.co.nz

Result: the certificate and private key are created in the current directory.

Verify the Certificate

Use the following steps to verify that your certificate has been created successfully.

Action

Open a command prompt.

Change to the directory where you generated the certificate.

Note: the following command uses "certificate.pem" as the Certificate name.

Run the command
openssl x509 -in certificate.pem -text -noout

Result: the certificate details are displayed. The following output was generated by a certificate created using the example values listed in step 4 above. The extensions are created as a default by OpenSSL 0.9.8h and are not mandatory. 

Certificate:

Data:
Version: 3 (0x2)
Serial Number:
ca:73:2f:16:17:58:8e:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=NZ, ST=WLG, L=Wellington, O=Test RSP Ltd, OU=Support, CN=Test
RSP/emailAddress=Tester@TestRSP.co.nz
Validity
Not Before: Sep 16 01:55:06 2015 GMT
Not After : Sep 15 01:55:06 2016 GMT
Subject: C=NZ, ST=WLG, L=Wellington, O=Test RSP Ltd, OU=Support, CN=Test
RSP/emailAddress=Tester@TestRSP.co.nz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:e9:4b:e7:ba:fc:27:ea:83:0a:af:63:cf:d8:fa:
b6:9d:16:20:5e:9b:2c:c2:84:c8:87:98:e7:18:3a:
45:5a:a5:e3:e6:64:2a:c2:cb:17:f9:5b:3b:21:79:
48:f2:c9:19:02:9f:23:c1:46:15:63:5b:1e:55:ce:
db:de:1a:8e:94:0a:64:39:38:c0:9d:3e:7b:65:59:
af:2d:51:75:90:43:3e:19:2a:d0:6c:0a:0d:d1:1b:
d5:24:07:0c:35:b3:51:15:bf:45:8b:70:30:fe:87:
e7:a7:a6:af:d3:38:17:31:97:80:b2:26:49:78:b4:
0c:58:9d:ce:ee:f0:e6:54:d2:76:54:9d:57:56:d9:
5f:d5:bf:3b:a5:73:cc:7c:75:23:ef:07:8f:80:5a:
8b:1a:cc:b0:56:35:59:c4:4f:f2:c2:bd:85:12:5f:
1a:0e:df:08:ba:24:62:9c:f4:e3:53:04:03:36:18:
17:2d:06:7f:33:37:d0:ee:6a:b5:b7:34:0f:77:42:
83:93:95:e8:68:88:f0:f2:32:6b:51:9e:15:74:f8:
10:5b:f3:a3:6d:d6:35:a0:91:e0:23:96:40:fb:d8:
40:18:db:6e:07:2e:cb:ca:06:a8:f2:9f:9b:6c:9f:
b9:47:d3:2f:2f:27:02:a2:ff:1e:97:0c:57:a1:1e:
b6:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:48:2D:69:DA:7A:EC:13:3E:F4:0E:B4:BD:77:2A:BF:28:45:31:99
X509v3 Authority Key Identifier:
keyid:54:48:2D:69:DA:7A:EC:13:3E:F4:0E:B4:BD:77:2A:BF:28:45:31:9
9
DirName:/C=NZ/ST=WLG/L=Wellington/O=Test RSP Ltd/OU=Support/CN=T
est RSP/emailAddress=Tester@TestRSP.co.nz
serial:CA:73:2F:16:17:58:8E:BD

X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0c:8f:bd:f7:eb:5a:0e:46:a1:31:6a:ef:20:a9:b1:e7:7b:9c:
4b:20:e2:63:ea:57:8a:91:40:b3:bc:c0:28:dc:01:83:e1:bb:
31:c7:91:ed:ef:d8:e2:c6:2a:dd:63:59:34:ff:5c:ba:cd:64:
11:a2:68:29:21:aa:28:b2:da:c5:59:e6:4e:7b:49:22:bf:b5:
db:97:21:e7:a0:37:9f:b9:8c:50:37:58:34:15:ec:8e:f8:16:
c1:3b:5b:15:b1:a9:fe:89:8f:73:76:33:dc:e9:65:b5:12:ec:
4c:45:7f:f3:28:fd:ac:91:aa:b6:1b:d0:4f:74:91:2c:0f:5e:
d2:b6:de:81:2e:2e:5a:dd:cd:df:49:2a:62:15:ef:9f:6d:c1:
6a:b3:31:61:8e:bf:6c:5c:43:e9:e9:05:dd:9c:88:77:f3:b4:
d4:56:27:2a:5c:e4:b0:2b:d7:14:b5:65:dd:0c:58:fd:b0:f5:
ba:ae:fb:87:19:c4:d1:4e:1e:43:cd:5e:0c:83:29:4f:22:22:
dd:f7:2f:a4:f4:f4:48:21:16:59:d2:da:09:ed:5b:ce:78:a3:
ca:08:8f:95:2c:29:ce:87:2a:e5:6b:c6:a6:63:85:ce:ef:01:
63:c6:d1:50:d2:44:1c:fb:51:48:97:60:1b:36:6e:61:82:1a:
7e:4b:c2:35

Where to Next?

Send the certificate to your Implementation Manager for uploading into the Chorus B2B.

Fibre Ordering

Security Setup Information

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Security Setup Information
Back

Network Security

To enable messages to be exchanged between our network and yours, the external firewalls on both networks have to be configured to allow incoming and outgoing messages between our B2B gateways.

You need to provide us with all the static public IP address(es) and port number(s), which you will use to initiate and receive messages, and the URL endpoints of your B2B, so that we can allow them on our network.

Our public IP addresses, port, and URL endpoints, which you need to allow, are shown in the following tables.

Public IP Address Range Port Environment
  • 103.27.216.56
  • 103.27.216.57
  • 103.27.216.58
  • 103.27.216.59
  • 103.27.216.60
  • 103.27.216.61
  • 103.27.216.62
 443 Emulation & Production
URL End Point   Environment
https://emma-b2b-ws.chorus.co.nz/b2b   Emulation
https://b2b-ws.chorus.co.nz/b2b   Production

Transport Layer Security

We use X.509/TLS 1.2 to encrypt the message over HTTP (HTTPS), to set this up in your B2B you need to access our certificates from our URL endpoints. This needs to be done for both emulation and production.

We will retrieve your TLS certificates from your URL endpoints.

Web Services Security

The web services validate the SOAP header elements to ensure that messages are signed using security encryption (WS-Security) and that the message diagnostic header elements (MDH) identify the sender. 

Message encryption works as follows:

  • Messages you send to us must be signed using your X.509 private key. We will use your public key certificate to verify them.
  • Messages we send to you will be signed using our X.509 private key. You will use our public key certificate to verify them.

To set this up we will send you our public key certificates for both production and emulation. And you need to send us your public key certificates.

The certificates must meet x509 standards and we request that you provide them in the PEM file format. You may use Certificate Authority (CA) issued, or self-signed certificates. If you use:

  • CA Issued certificates, you need to provide us with the chain certificates (root and intermediate) in addition to your owner certificate.
  • Self-signed certificates, and require help generating them, see Generate Self Signed Certificates. This page provides instructions for creating the certificates and the mandatory fields. 

To securely deliver your public key certificates to us, we recommend they are exchanged on physical media like a USB flash drive or by email in a password protected zip file.

The Web Services Security - Message Diagnostic Header page describes the values required in the MDH elements.

Validate Security Setup

To validate the messaging is secure and encrypted, submit a request to one of our web services (e.g. Query Location) and you should receive a response back from us.

Fibre Ordering

Business and Transport Retry Settings

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Business and Transport Retry Settings
Back

This process describes our transport retry strategy to provide you with context for your design.

 

 

Network Failure Retry Strategy

Our design allows for messages to be resent automatically during an HTTP network failure. The following diagram provides an overview of the HTTP Application layer retry process

Retry Function

The retry function is set to:

  • Delay = 10000 ms
  • Max delivery attempts = 3.

If your system responds with a 5xx error rather than an acknowledgement we will only attempt to deliver the message once during each retry scenario. “Note that the retry time, in this case, can be less than 15 minutes if we receive another trigger into our datastore (a response to a request from you).

If your system is unresponsive and provides no response we will time out waiting for your response after 10 seconds and we will attempt to deliver the message 3 times during each retry scenario. The first message that is successfully acknowledged changes the status of your endpoint to available and we will attempt to retry the remaining messages.

Unsent messages are persisted using a data store, this guarantees that they are saved even if a server is restarted.

If you send an acknowledgement with 'LFC001' in the soap error code field we will remove the message from the queue (either response to sequential).

Sequential Queue

CreateOrderResponse, AmendOrderNotification, InformOrderNotification, CreateOrderNotification are the messages on Sequential Queue.

If the Max delivery attempt count is exhausted, the message will be placed at the head of the queue. The maximum time will be a 15-minute delay before the message delivery retry is restarted. Whether the maximum delay occurs will depend on what the failure was that caused the delivery attempts to fail – see above for details.

This cycle continues until the message is delivered. It ensures that messages are sent in the sequence they are generated. 

Response Queue

QueryPlaceResponse, QueryProductOfferInformationResponse, QuerySiteInformationResponse, QueryOrderFeasibilityResponse, QueryAppointmentResponse, ReserveAppointmentResponse, QueryOrderResponse, AmendOrderResponse, CancelOrderResponse are the messages on Response Queue. 

This queue is for messages where the most recent is considered the most important when the timer retries it will attempt any new messages first before retrying the message that did not receive a valid acknowledgement.

The following order is observed when we place messages on to the Response queue: 

  1. State of message i..e, received is sent before an error
  2. Priority level where 1 is lowest and 9 is highest
  3. Timestamp where latest or fresher messages first

e.g., A received state priority 1 message should be selected prior to an errored state priority 2 message, where 2 has a higher priority than 1. 

Any QueryPlaceResponse, QueryProductOfferInformationResponse, QuerySiteInformationResponse, QueryOrderFeasibilityResponse, QueryAppointmentResponse, ReserveAppointmentResponse, QueryOrderResponse message that fails to be acknowledged after 3 sets of retries will be marked as failed and not retried again.

This queue has 5 concurrent threads per RSP, so messages can be sent in parallel as the order of message delivery is not critical.

Where all attempts are failing the queue is marked as down and will only make reattempts of the message [refer above] until a successful acknowledgement – it will then resume normal processing of messages.

Customer Retry Strategy

The customer retry strategy is provided to give insight into resending of messages automatically in the case of a network failure on our side. The following diagram provides an overview of a customer HTTP Application layer retry process.

This is an indicative representation of a retry process at the transport level. The way you implement your retry process will not affect us and is solely your responsibility. We recommend that you consult your HTTP library implementations for the default behaviour to understand its configuration capabilities for use when communicating over HTTP.

processb2b

Fibre Ordering

Security

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Security
Back

Our implementation uses established security protocols to ensure the integrity and confidentiality of the B2B messages.

This section provides you with the configuration unique to our implementation, and the steps you need to perform to intergate with our security.

Security is setup across the following three layers:

Security Implementation Checklist

Our checklist helps to ensure security implementation is made simple.  To improve our customer experience please provide any feedback on our checklist to our Customer Implementation Manager or Service Delivery Manager.

Your Checks Our Checks

1.  Pre-requisites

You have read our web services security information.
  • We have provided you with our web services security information.

2.  Network Security

  • If required, ensure your firewall is configured to allow the message to and from our network.
  • Run a CURL query to ensure firewall changes have been successful.
  • Configure our firewall to allow messages to and from your network.
  • Where required, support the testing to ensure the changes were successful.

3.  Transport Layer Security

  • Provide our Customer Implementation Manager with the HTTPS end points of your emulation and production environments.
  • Install our TLS Security Certificates for our emulation and production environments. This should be handled automatically as part of your implementation.
  • Configure your HTTPS end points in our emulation and production environments.
  • Install your transport security certificates for the emulation and production environments.

4.  Web Services Security

  • Provide our Customer Implementation Manager with your Public Key Certificates for your emulation and production environments.
  • Install our Public Key Certificates into your emulation and production environments.
  • Provide you with the Public Key Certificates for our emulation and production environments.
  • Install your Public Key Certificates into our emulation and production environments. 
     
  • Provide you with the value for your Message Diagnostic fromPartyId element.

 5. Validate Security Setup

Submit a message to validate end to end security has been successfully implemented.
  • If required, facilitate end-to-end security validation to ensure it has been successfully implemented.

Fibre Ordering

Architecture overview

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Architecture overview
Back

The Business 2 Business (B2B) interface provides a service to allow for the orchestration of B2B message transmission between business partners. This facility caters for the sending and receiving of B2B orders through automated validation and security verification system.

Industry standards

Our B2B Web Services have been built towards industry standards defined by New Zealand's Telecommunications Carrier Forum (TCF), see Background section below for links to the TCF documentation.

Technology standards

Our B2B Web Services uses well established industry standards. The technologies and their current supported versions are described in the following table.

Capability Technology Supported version
Security Transport Layer Security TLS 1.1 and TLS1.2
Security Digital Certificates X.509 SHA256
Transport Hypertext Transport Protocol 1.1
Payload Simple Object Access Protocol 1.1

Environments

Our B2B Web Services infrastructure will consist of two environments as described in the following table. Each environment is configured separately from one another.

Environment Description B2B End Point

Certification  & Development

Emulation Application (EMMA)

A development sandpit/emulator environment for you to perform your own B2B Gateway evaluation, component and integration testing.

We also use this environment for certification.

https://emma-b2b-ws.chorus.co.nz/b2b

Emulation (EMMA)
Production The production environment including integration with production business support systems.

https://b2b-ws.chorus.co.nz

Production

Supporting Files

> WSDL and XSD

The WSDL file Chorus-WSDL_version_21.8 replaced by Chorus-WSDL_R23.8 in February 2023.

Customers using B2B and EMMA will need to load the new version of WSDL and XSD.

Download our available WSDL zipfile from here:

Chorus-WSDL_R23.8

> Chorus EMMA Portal Extract

The Chorus EMMA Portal Extract contains the full list of addresses stored in EMMA Portal, in CSV format.

Please see further information described under our emulation environment section.

> Chorus Product Catalogue EMMA extract

The EMMA product catalogue contains both the EMMA product offer ID and the product specifications and characteristic of all on boarded products and CSEs. 

Please ask your Implementation Manager for your latest EMMA product catalogue file.

Also see further information described under our emulation environment section.

Products

The following table describes the products currently supported by our B2B Web Services.

Product Family Product
Fibre
  • NGA Evolve
  • NGA Business
  • NGA Education
Basic Copper Products not currently available via B2B Web Services
Enhanced Copper Products not currently available via B2B Web Services
Field Services Products not currently available via B2B Web Services
Value Add & Network Services Products not currently available via B2B Web Services
Infrastructure Products not currently available via B2B Web Services

Web service specifications

The basis of our B2B operations is an asynchronous model.  The transport pattern is Request – Acknowledgement (Synchronous) and Response – Acknowledgment (Synchronous).

When you submit a request to a web service (1) we will provide a synchronous acknowledgement of your request (2) at the transport layer.  We will then respond to the message in your request asynchronously. 

When we initiate the response to your request (3) we expect a synchronous acknowledgement from your business at the transport layer (4). 

The following diagram provides a visual aid of our asynchronous model. 

Synchronous versus Asynchronous

sync

Background

TCF Ultra-Fast Broadband BSS/OSS Web Service Design Specification

The following documents and links provide a reference to the industry standards we utilised in the development of our B2B Web Services infrastructure. The documents include the standards and / or the proof of concept for:

  • Function points
  • On- and off-boarding
  • WS-I
  • Business Process
  • Management
  • Interoperability
  • Metadata
  • Reliability
  • Security
  • Transactions
  • Resources
  • Messaging
  • XML
Document Link

New Zealand Telecommunications Forum (TCF) Ultra-Fast Broadband BSS/OSS Web Service Design Specification

This document covers the design of the Web Services Transport layer to be used for B2B transactions between Local Fibre Companies and you for UFB products. It specifies the minimum set of standards that we have implemented.

 Refer to the TCF website for documentation 
New Zealand Telecommunications Forum (TCF) Ultra-Fast Broadband BSS/OSS Business Interaction WSDL files Refer to the TCF website for documentation 
New Zealand Telecommunications Forum (TCF) BIF XML schemas Refer to the TCF website for documentation 
New Zealand Telecommunications Forum (TCF) BIF XML samples Refer to the TCF website for documentation 
Touchpoint Data Specifications Touchpoint Data Specifications
Subscribe to