[clug] ato business portal

[Jim Watson]

The ATO Business Portal bp.ato.gov.au is a very useful tool for lodging
Business Activity Statements, requesting refunds from the ATO etc.

It can be run from linux using the instructions from Bojan Smojver (see
attached) which he agreed I can post here.

ATO only provides download installers for MS-Windows and Mac. In the
attached Bojan explains how to unpack the required java archives from the
Mac dmg download and how to run it.

It is now working nicely for me with mozilla 1.7.3 and blackdown j2sdk1.4.2

thanks

jim
-------------- next part --------------
Business Portal Interoperability

This web site provided by ATO is used by businesses to submit Business Activity
Statements (GST, PAYG), Superannuation and other data directly to the taxation
office. It features a few Java bits that need to be installed before it'll
work. This has mostly to do with digital certificates.

You can register for an ATO digital certificate online at
http://www.ato.gov.au/onlineservices

Linux is NOT supported, you can verify that here:

    * http://www.ato.gov.au/help/bp/content.asp?doc=/content/help/bp/32902.htm

Installation instructions

The installation was performed on Fedora Core 2 and 3, running Galeon
1.3.17/1.3.18 with Mozilla 1.7.3 (Firefox works too) and with Sun's JRE
1.4.2_05/1.4.2_06 (JDK should work just as well). Please report other
successful combinations, but generally speaking any Linux distro capable of
running a modern JRE/JDK combo and SSL/TLS capable browser such as Mozilla,
Firefox etc. should work.

Please note that your JRE/JDK proxy (if you use one) settings need to be
correct in order for the installation to work. Run ControlPanel from bin
directory of your JRE/JDK to verify and/or set those up.

I was unable to get CSI to work with JDK 1.5.0. It is OK to use 1.4.2_05 and
1.4.2_06 though.

Step 1: Install CSI

The installation of CSI has to be performed now from the Mac OS X image file.
So, once you get to the CSI web site, click "Installation Instructions" on the
menu, then on "Macintosh" near the bottom of the page. This should open Mac
specific page. Click on "Macintosh installation", then on "Download CSI - Mac".
This will get CSIInstall.dmg file. This file is a disk image, similar to ISO
images.

Start a shell and become root. You can do that by running 'su -'. You'll be
asked for the password, of course, unless you have something funky going on
with PAM or maybe sudo.

The reason for becoming root is writing to the JRE/JDK installation directory,
which is normally owned by root. If you have a different installation, this may
not be necessary. In any event, CSI installation requires put csi.jar,
local_policy.jar and US_export_policy.jar files into lib/ext directory of your
JRE/JDK. Also, you may have problems mounting things if you aren't root.

Once you have the image file, mount it like this:

    mount -t hfsplus -o loop CSIinstall.dmg /mnt

Obviously, use whichever directory you like, /mnt is just an example. Next copy
the follwing files into lib/ext subdirectory of your JRE/JDK:

    local_policy.jar
    US_export_policy.jar
    csi.jar

You can find those files here (inside the mounted directory):

    ./CsiInstaller.pkg/Contents/Resources/jarFiles/csi.jar
    ./CsiInstaller.pkg/Contents/Resources/policyFiles/local_policy.jar
    ./CsiInstaller.pkg/Contents/Resources/policyFiles/US_export_policy.jar

If you have local_policy.jar and US_export_policy.jar files in the lib/ext
directory, back them up before you overwrite them with new files. According to
ATO instructions, these files get modifed by the installation process, but
because we can't run that (it's a PPC Mac binary), we have to replace the files
with the fresh ones.

THE BELOW PART OF THE INSTALLATION IS NOW INVALID, DUE TO THE CHANGES ON CSI
WEB SITE THAT ONLY PROVIDES WINDOWS AND MAC VERSION OF INSTALLATION FILES.
DON'T USE THIS PART OF THE PROCEDURE, IT IS HERE FOR HISTORICAL REFERENCE ONLY!

Run your browser as root. The browser has to be Java enabled (1.4.2_05 from Sun
works OK). Go to http://csi.business.gov.au/. Click on Install CSI. Click Next
and then Next again. You'll be told about the requirements for running CSI on
Apple Mac (OS X). Ignore that. At this point a Java applet will start in your
browser. The first time I did that, my browser hung (my guess: bug(s) in OJI
and/or Java plugin). Closing the browser and repeating the procedure fixed
that. At that point a warning message about the expired ATO certificate will
pop up (certificate expired 17/07/2004). Click on Always to accept that
certificate anyway and forever. Click Start Installation. A question about
downloading of CSI will be asked, choose OK. When presented with a licence
agreement, choose "I agree" and then Next. Confirm the location (default:
/usr/local/CSI), click Next. Confirm version (2.7.4) and location and click
Install. You will get a message "Successfully Installed". Click Done and you'll
be returned to the browser window.

Back in the shell, go to /usr/local/CSI. Edit *CSI* files. Change all
occurences of "javaw.exe" to "java". Save each file (there are three of them).
You may want to verify that the full path to your JRE/JDK java binary is
correct.

THE ABOVE PART OF THE INSTALLATION IS NOW INVALID, DUE TO THE CHANGES ON CSI
WEB SITE THAT ONLY PROVIDES WINDOWS AND MAC VERSION OF INSTALLATION FILES.
DON'T USE THIS PART OF THE PROCEDURE, IT IS HERE FOR HISTORICAL REFERENCE ONLY!

Step 2: Import Certificates

As regular user (the one you use for your day-to-day work), run:

    /usr/local/java/j2re1.4.2_05/bin/java au.gov.bafcsi.clapi.crypto.CsiManager

Obviously, the path to your java binary will be different, take that into
account. Also, do not be tempted to run this with GCJ's version of Java - it
won't work (for now ;-).

Click OK to the hint (tick it off if you like). Go to "CSI Store" tab. Click on
"Add" button. Pick the ECI certificate file (the original one ATO gave you to
use with the ECI application - I didn't have much luck with the one exported
out of ECI). Alternatively (if you never used ECI before), point to some other
certificate file that ATO provided. Those files are known as p12 files. Enter
the password, then when asked to set the new password, enter whichever one you
want to set up as new, twice. This will be the password for this set of
certificates from now on. The program will show two imported certificates.

Go to "Default Certificates" tab. Pick "Default Certificate" radio button.
Click "Change" button on both the authentication and non-repudiation
certificates. Pick the certificates, click "Select". Then click "Apply" and
"Exit".

CSI stores all configuration as well as certificate store in ~/.csi directory.
You can find logs in the logs (surprise!) subdirectory of this directory as
well.

Step 3: Login to Business Portal

Start you browser as the same user (i.e. the one used to import the certs). Go
to http://bp.ato.gov.au/. Click "Continue". This will open a new window. Click
"Login" in that new window. A Java window will pop up with the title "Signing
terms and conditions". Click "Sign" button. Enter your certificate password in
the box provided. You should be logged in into the BP! Don't forget to click
"Logout" when you leave.

The above setup was done from scratch on my third workstation, so I now have
three boxes that can login into the BP using the same set of credentials (i.e.
certs).

Practical Notes

I have submitted my BAS for Jul/Sep period of 2004 through the BP and running
on the above platform. No issues at all. I have also left feedback with the ATO
to publish Linux installation instructions and mention that it does work on it.
We'll see what happens. Hopefully, we can get it on the supported list one
day... (BS, 28/10/2004)

ATO changed CSI web site on 03/11/2004. Since then, one needs to download Mac
installation image and copy the files directly into the JRE/JDK directories
(see above). I did that on Fedora Core 3 with JRE 1.4.2_06. Both Galeon 1.3.18
(with Mozilla 1.7.3) and Firefox worked OK as browsers.

References:

    * https://bp.ato.gov.au/ : Business Portal home page.
    * http://csi.business.gov.au/: CSI (Common-use Signing Interface).