Link to home
Start Free TrialLog in
Avatar of BMaadarani

asked on

Cross certificate in Lotus Notes

Hello Experts,

I think that this is a tough one, as I hope that one of you experts may have faced this before.

I have an automated procedure that goes through 1000s of email messages in a Lotus Notes database, extracts those messages into DXL files, and then saves them into a Document Management library. Given that the process is automated, it works great, until it encounters a message that require the organization from which it came from to be cross certified, in which case, one would have to go ahead, and intervene manually to allow the process to continue.

My problem is that I do not want any manual intervention, and while I developed a trap for every situation, the one with the cross certification is proving to be tough. So, if anyone had encountered this before, and or knows how to overcome the cross certification prompt from Lotus Notes, I would greatly be appreciated. I can go as far as checking to see if the email message needs the organization from which it came from to be cross certified, I can avoid interruption in the automated execution.

As usual, I appreciate your opinions, and suggestions.
Avatar of SysExpert
Flag of Israel image

You would need a list of all organizations that are already cross certified, and check against it.

I hope this helps !
Is this a background agent?  If so, where does the prompt occur?

What language are you using?

How is the prompt handled in the code?  Does it raise an exception?
The mail messages have form stored with the document, so when you open it you get cross-certification prompt because code within stored form is signed with certifier from another company.
If I described your case correctly then there are several workaround I would try

1) try set ECL completely loose (may not be acceptable from security standpoint)
2) try to resign database before reading it
3) remove stored form with your own form

hope it helps
Avatar of BMaadarani


You seem to have understood the issue quite well. First of all, the agent is in the forground and the background.

Changing the ECL is out of the question, as well, resigning the database every time I run the agent is also not an option.

This leaves with the third option, which in this case you are telling me that the form is stored within the email message. How can I tell if the form is stored within the message? Is there anything in the properties of the message that would indicate such condition?
Yes, it is interesting problem. I did a quick test - both signing and form replacement ask for cross-cetification before you can get to the next step. i am going to dig a little deeper
If I can find out that a message requires cross-certification, I can avoid it, and flag it as a message that requires manual intervention, and therefore my automated procedure will continue.

The question is how can I find out if a Lotus Notes message and/or document has its form contained within?

Can you provide a piece of code which triggers cross-certification message? I was not able to trigger it from backend agents, only when document is opened in UI


I am sorry, I did not mean to indicate that I do this through a background agent. It is in fact a forground agent that is doing so.

If you can provide me with the UI code to check on the message, I would really appreciate it.
Which is why I asked for details about the code (and was ignored).  Please post some code.
Sub Initialize
      Dim s As New notessession
      Dim db As notesdatabase
      Dim c As notesdocumentcollection
      Dim doc As notesdocument
      Dim J As Long
      Dim fname As String
      Set db = s.currentdatabase
      Set c = db.UnprocessedDocuments
      Set doc = c.GetFirstDocument
      For J = 1 To c.Count
            Set doc = c.GetNthDocument (J)
            fname = "C:\Temp\Document" & Trim(Str(J)) & ".DXL"
            Call ExportToDXL (doc, fname)
End Sub

Function ExportToDXL(doc As NotesDocument, fname As String) As Integer      
      Dim DbName$, ServerName$, NotesDocId$, msg$
      Dim ParentDb As NotesDatabase
      Dim session As New NotesSession
      Dim stream As NotesStream
      On Error Goto SomethingIsWrong
      ' First check to ensure that the folder already exists. If not, report an error...
      Set stream = session.CreateStream
      If Not stream.Open(fname) Then
            msg$ = "COR:Mail Manager - Unable to export messages into DXL formatted files. Please contact the vendor.."
            Msgbox msg$
            ExportToDXL = 1
            Exit Function
      End If
      Call stream.Truncate
  REM Export current database as DXL
      Dim exporter As NotesDXLExporter
      Set exporter = session.CreateDXLExporter
      exporter.OutputDOCTYPE = False
      Call exporter.SetInput(doc)
      Call exporter.SetOutput(stream)
      Call exporter.Process
      ExportToDXL = 0
      Exit Function
      msg$ = "COR:Mail Manager - Unable to export message into DXL formatted files in Location" & Location$ & ". Please contact the vendor.."
      Msgbox msg$
      ExportToDXL = 1
      Exit Function
End Function

NotesDocumentCollection.GetNthDocument is very inefficient.  Use GetNextDocument instead.
Sub Initialize
	Dim s As New notessession
	Dim db As notesdatabase
	Dim c As notesdocumentcollection
	Dim doc As notesdocument
	Set db = s.currentdatabase
	Set c = db.UnprocessedDocuments
	Set doc = c.GetFirstDocument
	Do Until doc Is Nothing
		Call ExportToDXL (doc, "C:\Temp\Document" & Trim(Str(J)) & ".DXL")
		Set doc = c.GetNextDocument(doc)
End Sub

Open in new window

The only thing I can think of is to use the Windows API to detect and handle the pop-ups.  This would slow your code down quite a bit since we would have to wait at least 1 second per document to see if the ECL prompt is displayed.
I was thinking along the same lines - all these DXL methods can be mapped into C API functions, call C API within the script, this usually gives you much more flexibility hanling errors etc
A C API function is OK, however waiting a second per document is definitely not an option, since the code has to handle over 45,000 documents a day.

I have to somehow figure out some sort of a call, that will indicate whether or not a form is saved within the message...

I checked and found that it does not have to be a stored form to trigger ECL and cross-certification alert. Even if a message does not have stored form but has a button, hotspot (active content) then alert is triggered
>> "I was not able to trigger it from backend agents"

Does the agent have to run to run in the fore-ground?
HI Bill,
The agent must be executed in the fore-ground...
I was not able to  trigger it from backend agents through standard manipulations - such as reading document items, getting nsfnote properties etc.  DXL is obviously different :(
Avatar of BMaadarani

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial