-
Notifications
You must be signed in to change notification settings - Fork 48
News and noteworthy
Philip Helger edited this page Oct 25, 2024
·
182 revisions
- v3.0.0 - work in progress
- v3.0.0-beta1 - 2024-10-25
- Moved classes to different packages without changing the internals. See Migrations for details
- The configuration files
private-crypto.properties
andcrypto.properties
are also deprecated. Please move the properties toapplication.properties
, environment variables or Java system properties instead. - Added verification of AS4 Receipt XMLDSig "Reference" objects against the ones sent out in the User Message. See #220 - thx @problemzebra2
- Added new interface
IAS4SignalMessageValidationResultHandler
to customize the result handling of DSig reference verification - The internal configuration object now needs to implement
IConfigWithFallback
instead of justIConfig
- Implementations of
IAS4CryptoFactory
now need to implement ´getKeyPasswordPerAliasCharArrayinstead of
getKeyPasswordPerAlias` - Created new class
AS4CryptoFactoryConfiguration
to replaceAS4CryptoFactoryProperties
as the default AS4 crypt factory - Deprecated classes
AS4CryptoFactoryProperties
andAS4CryptoProperties
in favour ofAS4CryptoFactoryConfiguration
- Added new class
AS4KeyStoreDescriptor
to describe the parameters of a key store - Added new class
AS4TrustStoreDescriptor
to describe the parameters of a trust store - The internal AS4 configuration is now based on the
IConfigWithFallback
interface - Support for a default AS4 profile inside the AS4 Profile Manager was removed in the favour of the configuration property
phase4.default.profile
(previously calledphase4.profile
) - The "as4ProfileID" field is now mandatory when using the AS4 sender builder
- The AS4 sender builder no longer overwrites the PMode Resolver if an AS4 profile is set, but makes sure a PMode resolver is present
- The
AS4DefaultPModeResolver
no longer creates a default PMode if no AS4 profile is present - Class
AbstractAS4PullRequestBuilder
can now also handle a specific PMode ID - Added class
AS4IncomingProfileSelectorConstant
- Improved default handling of inbound AS4 Profile selection to automatically use the sending Profile
- Added new EdDSA algorithms to
ECryptoAlgorithmSign
- Added new key encrypt algorithms in
ECryptoKeyEncryptionAlgorithm
- v3.0.0-beta1 - 2024-09-20
- Moved classes to different packages without changing the internals. See Migrations for details
- [BPC] Removed the profile
phase4-profile-bpc
in favour ofphase4-profile-dbnalliance
- Removed all deprecated methods marked for removal
- Added possibility to Dynamically set responder address. See #233 - thx @koes-soptim
- Added new classes
IAS4IncomingReceiverConfiguration
andAS4IncomingReceiverConfiguration
for receiver checks - [Peppol] Added a "/peppol-status" status endpoint to the demo application. See #215 - thx @RichardVanMaaren
- [EuCtp] Renamed class
EuCtpPullRequestBuilder
toAbstractEuCtpPullRequestBuilder
and made abstract. UsePhase4EuCtpSender.builderPullRequest ()
instead - [EuCtp] Renamed method
Phase4EuCtpSender.builder
tobuilderUserMessage
- Added new method
IAS4IncomingMessageState.getEffectiveDecryptedSoapDocument
- Added getters for nearly all sender builder properties
- If an AS4 Receipt does not contain non-repudiation information, it now contains the original user message wrapped, to stay XSD compliant
- The class
AS4ClientReceipt
can now also take an outside RefToMessageId. See #267 - thx @sywong2000 - The AS4 Timestamp manager is now limiting the precision to milliseconds to ensure safe XML serializability.
- Added new class
Ebms3UserMessageMarshaller
to solely serialize theUserMessage
object
- v2.8.6 - 2024-10-03
- [DBNAlliance] Fixed an exception in the sender builder, if the XHE payload was created on the outside.
- Class
AS4OutgoingAttachment
and the builder can now deal with custom properties. See #276 - thx @piotr-dajlido
- v2.8.5 - 2024-09-17
- [Peppol] Updated to phive 10.x and phive-rules 3.2.x
- v2.8.4 - 2024-09-12
- Using BouncyCastle
bcjmail
artefact instead ofbcmail
to use the Jakarta namespace correctly. See #271 - thx @problemzebra2
- Using BouncyCastle
- v2.8.3 - 2024-09-10
- Updated to ph-commons 11.1.8 making sure the
Content-Type
HTTP header only uses a single space as separator between parameters
- Updated to ph-commons 11.1.8 making sure the
- v2.8.2 - 2024-08-23
- v2.8.1 - 2024-08-13
- Updated to peppol-commons 9.5.1
- [Peppol] Improved support for determining availability status of Participants. See #248 - thx @tonytram
- [Peppol] Extended class
Phase4PeppolReceiverCheckData
to contain all settings ofPhase4PeppolServletConfiguration
. See #250 - [Peppol] Extended client builder by adding
smpClient
overload including the wildcard selection mode
- v2.8.0 - 2024-07-30
- Extended the UserMessage builder to be able to set the AgreementRef "type" value. See #243 - thx @sywong2000
- [Peppol] Updated to dnsjava 3.6.0 fixing CVE-2024-25638
- [Peppol] Updated to peppol-reporting 3.0.0
- [Peppol] Updated to Peppol eDEC Code Lists v8.9
- [EuCtp] Added new AS4 profiles for "EU CTP" supporting the exchange of messages in customs. See #39 - thx @jonrios
- [BDEW] Extended the PMode configuration for the BDEW profile. See #251 - thx @koreiffer
- [DBNAlliance] improved the DBNAlliance client to create the XHE. See #247 - thx @robinsongarciax
- v2.7.7 - 2024-05-24
- Updated to peppol-commons 9.4.0
- [DBNAlliance] Added new submodule
phase4-dbnalliance-client
. - Renamed the AS4 profile names for the EESPA module to "GENA". The AS4 profile IDs are unchanged.
- Added new
ICryptoSessionKeyProvider.INSTANCE_RANDOM_AES_256
constant - Deprecated the BPC PMode classes
- v2.7.6 - 2024-05-07
- Updated to BouncyCastle 1.78
- [BDEW] Increased the compliance of the validator to check for EMT/MAKO certificates. See #235 - thx @problemzebra2
- Extended API to support
AgreementRef/@type
attribute as well. See #238 - thx @sywong2000 - In case a reception SPI processor returned a failure without an error message, a default error message with code
EBMS:0004
is returned.
- v2.7.5 - 2024-03-29
- Updated to WSS4J 3.0.3
- Updated to xmlsec 3.0.4
- Updated to ph-commons 11.1.5
- Ensured Java 21 compatibility
- Added new class
Ebms3SignalMessageMarshaller
to easy the logging ofEbms3SignalMessage
messages - Added new configuration property
phase4.errormsg.include.stacktraces
to be able to disable stack traces in AS4 Error messages. See #225 - Started more structured logging around specific activity sections. See #219 - thx @Stefan4112
- v2.7.4 - 2024-01-29
- [Peppol] Updated to peppol-reporting 2.2.2
- [Peppol] Fixed the
ErrorDetail
value, if a participant is not serviced by an AP (Peppol AS4 profile section 4.4) - [Peppol] Moved class
Phase4PeppolHttpClientSettings
fromcom.helger.phase4.peppol
tocom.helger.phase4.profile.peppol
in modulephase4-profile-peppol
- [Peppol] Added new class
PeppolCRLDownloader
to allow the CRL download via Apache HttpClient for easier customization - Backported change from commit https://github.com/mmpaszkowski/phase4/commit/72673b63320a3f621acc4009f59e62319760d6d9
- v2.7.3 - 2024-01-23
- [Peppol] Updated to peppol-commons 9.3.0
- The
IAS4IncomingMessageMetadata
now also contains the HTTP headers of the source request - Fixed a typo in an error message. Used that to further improve the specific error messages. See #211 - thanks @problemzebra2
- [Peppol] Extended
Phase4PeppolReceiverCheckData
with the SMP wildcard lookup selection mode - [Peppol] Incoming messages can now also checked using the Wildcard lookup. Added
Phase4PeppolServletConfiguration.setWildcardSelectionMode
to configure this. See #209 - thanks @sakasaka19
- v2.7.2 - 2024-01-10
- [Peppol] Updated to peppol-commons 9.2.3
- [Peppol] The default revocation check method for Peppol was changed from
OCSP
toCRL_BEFORE_OCSP
to work around the issue mentioned at https://github.com/phax/phase4/issues/124#issuecomment-1884441835. UseCertificateRevocationChecker.setRevocationCheckMode (ERevocationCheckMode)
to change the default value in your code.
- v2.7.1 - 2024-01-09
- [Peppol] Updated to peppol-commons 9.2.2
- [Peppol] Added a signing certificate revocation check when receiving Peppol messages
- [Peppol] Via
Phase4PeppolServletConfiguration.setCheckSigningCertificateRevocation(boolean)
the signing certificate revocation check can be disabled globally - [Peppol] Via
Phase4PeppolServletConfiguration.setCheckSBDHForMandatoryCountryC1(boolean)
the check for the mandatoryCOUNTRY_C1
Peppol SBDH element can be disabled globally
- v2.7.0 - 2024-01-07
- [Peppol] Updated to peppol-commons 9.2.0
- All occurrences of
PeppolSBDHDocument
need to be changed toPeppolSBDHData
- The "Country C1" field is now always mandatory
- All occurrences of
- [DBNA] Added new AS4 profile "DBN Alliance". See #200 - thanks @ri4a
- [Peppol] Removed the date check for the mandatoriness of the "Country C1" field in the Peppol SBDH when sending out messages
- [Peppol] Fixed an invalid
@Nonnull
annotation atIPhase4PeppolCertificateCheckResultHandler
. See #206 - thanks @Florianisme - AS4 Error Messages are signed if possible, but it is still possible that unsigned error messages are returned. See #188 - thanks @problemzebra2; also affects Oxalis-AS4#205
- [Peppol] Updated to peppol-commons 9.2.0
- v2.6.0 - 2023-12-07
- [Peppol] Updated to peppol-reporting 2.2.0
- [BDEW] For the BDEW profile the ping messages are now passed into the custom SPI handler. See #175 - thanks @problemzebra2
- [Peppol] Added a new parameter to
IPhase4PeppolIncomingSBDHandlerSPI.handleIncomingSBD
to be able to provide better error messages. (backward incompatible change) See #196 - Improved the internal error handling, so that EBMS errors are propagated with more details. (backward incompatible change) See #198 - thx @arj03
- v2.5.2 - 2023-11-15
- Updated to BouncyCastle 1.77
- Updated to WSS4J 3.0.2
- [Peppol] Updated to peppol-reporting 2.1.6 containing the updated Schematron rules for EUSR and TSR
- [BDEW] Improved the BDEW PMode validator etc. See #187 and #190 - thanks @koes-soptim
- The classes
AbstractAS4IncomingDumperWithHeaders
andAbstractAS4OutgoingDumperWithHeaders
can now configure if headers should be dumped or not
- v2.5.1 - 2023-10-27
- Added a parameter to enforce the packaging in MIME messages, even if no attachment is present. See #186 - thanks @problemzebra2
- Fixed an error that if no payload is present no encryption will be performed
- v2.5.0 - 2023-10-25
- [Peppol] Updated to peppol-reporting 2.1.4 containing the updated Schematron rules for EUSR and TSR
- Added the missing call to
IAS4ProfileValidator.validateSignalMessage
- [BDEW] Fixed the ID type for BDEW participants. See #178 - thanks @problemzebra2
- [BDEW] Made the payload check for BDEW optional. See #180 - thanks @problemzebra2
- Added new SPI interface
com.helger.phase4.incoming.spi.IAS4IncomingMessageProcessingStatusSPI
to be used as a callback for incoming message processing start and end - Added a possibility to verify the TLS client certificate via the AS4 profile. See #182 - thanks @problemzebra2
- Extended the API of
IAS4SignalMessageConsumer.handleSignalMessage
withIAS4IncomingMessageMetadata
. (backward incompatible change) See #177 - thanks @sopgreg - Extended the API of
IAS4UserMessageConsumer.handleUserMessage
withIAS4IncomingMessageMetadata
for consistency. (backward incompatible change)
- v2.4.0 - 2023-09-26
- Updated to peppol-reporting 2.1.3 containing the updated Schematron rules for EUSR and TSR
- The BDEW sender client sets a the
agreementRef
value tohttps://www.bdew.de/as4/communication/agreement
by default - Added new enum
ECryptoMode
to differentiate between sign/encrypt and verify/decrypt - Added a mandatory
ECryptoMode
parameter toIAS4CryptoFactory.getCrypto(...)
- Fixed a regression introduced in v2.2.2 that affects BDEW and ENTSOG - the payload parameters are set correctly again. See #172 - thanks @problemzebra2
- v2.3.0 - 2023-09-20
- Updated to phive 9.x
- Deprecated
AS4MessageProcessorResult.createFailure(String)
in favour ofAS4MessageProcessorResult.createFailure()
. See issue #162 - thanks @sopgreg - Deprecated
AS4SignalMessageProcessorResult.createFailure(String)
in favour ofAS4SignalMessageProcessorResult.createFailure()
. See issue #162 - thanks @sopgreg - Extended the
AS4UserMessage.create
message to also include the optional MPC parameter - Peppol incoming handler denies messages that are not signed and encrypted
- Fixed the default BDEW crypting key identifier. See issue #167 - thanks @problemzebra2
- Extended the
IAS4IncomingSecurityConfiguration
interface to include the fullAS4SigningParams
andAS4CryptParams
objects. See #165 and issue #166 - thanks @sopgreg and @problemzebra2 - The method
AS4ProfileSelector.getAS4ProfileID ()
now also falls back toIAS4ProfileManager.getDefaultProfileOrNull()
- v2.2.2 - 2023-09-12
- Updated to peppol-commons 9.0.8
- The "Certificate Consumer" in the Peppol client is now also invoked, when
.checkReceiverAPCertificate(false)
is called - The class
AbstractENTSOGUserMessageBuilder
is now derived fromAbstractAS4UserMessageBuilderMIMEPayload
and yet customization of the attachment part works - The class
AbstractBDEWUserMessageBuilder
is now derived fromAbstractAS4UserMessageBuilderMIMEPayload
and yet customization of the attachment part works - Added new interface
IAS4SendingDateTimeConsumer
to determine the effective sending date and time - Made the determination of the effective sending date and time more consistent
- In the Peppol client, the country code of C1 will be checked for mandatoriness from 1.1.2024 onwards
- Added new interface
IWSSecSignatureCustomizer
to customize createdWSSecSignature
objects. Handle with care - Added support for Peppol Reporting via the
peppol-reporting-api
project as defined in https://github.com/phax/peppol-reporting
- v2.2.1 - 2023-08-20
- Updated to ph-oton 9.2.0 for reduced dependencies
- Reduced defined versions in the parent-pom and moved it to the module POMs where applicable
- v2.2.0 - 2023-08-20
- Allowing separate
IAS4CryptoFactory
configurations for signing/signature verification and encrypting/decrypting. See issue #139 - thanks @sopgreg- Most internal APIs that previously took one parameter for "cryptoFactory" now take two parameters for "cryptoFactorySign" and "cryptoFactoryCrypt"
- Removed
IAS4CryptoFactory.isAllowRSA15KeyTransportAlgorithm()
- The configuration property
org.apache.wss4j.dom.handler.RequestData.allowRSA15KeyTransportAlgorithm
is no longer supported - As an alternative the interface
IAS4DecryptParameterModifier
was introduced to allow even more fine-grained customization
- The configuration property
- Improved the unique PMode determination, by comparing all fields of Initiator and Responder. See issue #118 - thanks @sopgreg
- Removed the
Serializable
interface from objects where it is not needed - The interface
IPModeIDProvider
now relies on thePModeParty
of initiator and responder instead on the ID only - Allowed an external customization of the
WSSConfig
object created for decryption. See issue #150 - thanks @sopgreg- This and the
RequestData
object can be customized via a callback usingIAS4DecryptParameterModifier
- This and the
- Allowing separate
- v2.1.5 - 2023-08-03
- Reverted the incorrect use of the Binary Security Token value type "#X509PKIPathv1" for Peppol and others (introduced in v2.1.3). Only BDEW needs this. See Discussion #149 - thanks to @binaradarsha
- v2.1.4 - 2023-08-01
- Updated to WSS4J 3.0.1
- Updated to ph-commons 11.1
- Add a possibility to customize the
signingParams
andcryptParams
inAbstractAS4MessageBuilder
- Made the Java security Provider for encryption customizable
- Increased customizability of security configuration
- v2.1.3 - 2023-07-13
- Updated to BouncyCastle 1.75
- Improved support for the COUNTRY_C1 field in Peppol SBDH
- Added a consistency check to avoid that pre-built SBD documents are used with the plain Peppol sender builder
- The BinarySecurityToken for signed AS4 messages now uses the
ValueType
of...#X509PKIPathv1
by default - The default response timeout for Peppol client messages was changed from 5 minutes to 2 minutes to reflect SLA changes
- Added new interface
IAS4IncomingSecurityConfiguration
to customizeAS4RequestHandler
security configuration
- v2.1.2 - 2023-06-06
- Made the session key provider for AS4 encryption session keys customizable
- Made some backwards incompatible changes to the API of
BDEWPayloadParams
so that it is chainable
- v2.1.1 - 2023-05-26
- Updated to Spring Boot 3.1.0 fixing CVE-2023-20883
- Requires at least peppol-commons 9.0.6
- Added support for the COUNTRY_C1 field in Peppol SBDH
- v2.1.0 - 2023-04-30
- Requires at least ph-commons 11.0.4
- Requires at least peppol-commons 9.0.4
- Added new submodules
phase4-profile-bdew
andphase4-bdew-client
to support the German BDEW profile for the gas industry. See PR #122 - thanks to @sopgreg - Added interface
IAS4PModeAwareCryptoFactory
to make keystore / truststore decisions based on the selected PMode. See PR #121 - thanks to @sopgreg - Deprecated class
EXMLDSigDocumentType
- Avoid closing the dumping
OutputStream
more then once. See issue #120 - Fixed support for Surrogate characters for e.g. Japanese
- v2.0.0 - 2023-04-13
- Updated to xmlsec 3.0.2
- Using XML marshalling based on
GenericJAXBMarshaller
instead of separate reader/writer classes - The paths of the internal XML schemas have changed to contain
external/
- v2.0.0-RC1 - 2023-02-24
- Using Java 11 as the baseline
- Using Servlet API 5.0.0 as the baseline: JakartaEE 9, Java 11+, Apache Tomcat v10.0.x, Jetty 11.x
- Using Eclipse Angus 2.0.x
- Updated to xmlsec 3.0.1
- Updated to WSS4J 3.0.0
- Updated to ph-commons 11
- Updated to Spring Boot 3.0.x
- Removed deprecated classes and methods
- Renamed class
Phase4OutgoingAttachment
toAS4OutgoingAttachment
- Renamed class
IManagerFactory
toIAS4ManagerFactory
- Renamed class
ManagerFactoryInMemory
toAS4ManagerFactoryInMemory
- Renamed class
ManagerFactoryPersistingFileSystem
toAS4ManagerFactoryPersistingFileSystem
- Renamed class
Phase4Sender
toAS4Sender
- Renamed class
Phase4KeyStoreCallbackHandler
toAS4KeyStoreCallbackHandler
- Added new base interfaces
ICryptoAlgorithm(C14N|Crypt|Sign|SignDigest)
for future usage - Added new enum entry
ECryptoKeyIdentifierType.ISSUER_SERIAL_QUOTE_FORMAT
- Added support for new signing algorithms (
ECDSA with SHA (256|384|512)
,RSA with SHA (256|384|512) and MGF1
andRSA with SHA3 (256|384|512) and MGF1
) - Enabled the variable replacement in the default configuration properties
- v1.4.5 - 2024-01-17 [backport]
- Updated to Spring Boot 2.7.18
- Updated to xmlsec to 2.3.4
- Updated to wss4j to 2.4.2
- Updated to Log4J to 2.22.1
- [Peppol] Added a signing certificate revocation check when receiving Peppol messages
- [Peppol] Via
Phase4PeppolServletConfiguration.setCheckSigningCertificateRevocation(boolean)
the signing certificate revocation check can be disabled globally
- v1.4.4 - 2023-05-26 [backport]
- v1.4.3 - 2023-01-12
- Updated to xmlsec 2.3.2
- Added new class
Phase4PeppolClientException
for more control over error message handling
- v1.4.2 - 2022-12-27
- Updated to peppol-commons 8.8.1
- Added new submodule
phase4-eudamed-client
that offers a specific client builder for the CEF profile - Fixed an NPE in
AS4RawResponseConsumerWriteToFile
when the file could not be opened for writing - Allow RSA 1.5 Key Transport Algorithm in WSS4J
- Added another overload of
Phase4PeppolSender.Builder.payload(IHasInputStream)
to be more memory efficient - Extended API of
EAS4MessageMode
withisRequest
andisResponse
methods - Extended API of
AS4IncomingMessageMetadata
to include the request AS4 message ID, if this is for a response message
- v1.4.1 - 2022-10-21
- Updated to BouncyCastle 1.72 using the new artefact names
bc*-jdk18on
(instead of the oldbc*-jdk15on
) - Included a small change in
IAS4CryptoFactory
that allows to make the key password flexible per chosen alias - Extended the API in
AS4RawResponseConsumerWriteToFile
to have a callback that receives opened files
- Updated to BouncyCastle 1.72 using the new artefact names
- v1.4.0 - 2022-08-17
- Updated to Apache HttpClient v5.x - incompatible change
- Updated to peppol-commons 8.8.0
- Updated to ph-web 9.7.1
- Needed to make the
HttpMimeMessageEntity
constructor protected - use the staticcreate
method instead
- v1.3.10 - 2022-08-17
- Updated to peppol-commons 8.7.6 with Peppol Code Lists v8.2
- Extended API of
AbstractPeppolUserMessageBuilder
to disable the AP receiver certificate check - Extended API of
AbstractAS4MessageBuilder
to provide a customIHttpPoster
implementation - The
httpRetrySettings
of the sending builder are not correctly honoured and not overwritten by the PMode settings
- v1.3.9 - 2022-05-25
- Updated to xmlsec 2.3.1
- Updated to peppol-commons 8.7.5 with Peppol Code Lists v8.1
- Improved the ENTSOG profile to remove some checks
- v1.3.8 - 2022-05-06
- Reverted the change to try to use TLS 1.3 connections. See issue #80. Thx @Florianisme
- v1.3.7 - 2022-05-04
- Updated the callback interface of
AS4DumpReader
to be able to decrypt all attachments - The Peppol, BPC and ENTSOG profile now also try to use TLS 1.3 connections
- Added new submodule
phase4-profile-eespa
to support the EESPA AS4 profile - Deprecated class
Phase4PeppolServlet
in favour ofAS4Servlet
because they do the same thing
- Updated the callback interface of
- v1.3.6 - 2022-04-02
- Moved all the documentation into a Wiki for better structuring of information
- Added new submodule
phase4-profile-bpc
to support the BPC market pilot - Added support for a CEF two-corner profile. See issue #79. Thx @Nagendra-Naidu1629
- Increased the debug logging for the sample Peppol Server application
- The data type of
PModeReceptionAwareness.RetryIntervalMS
was changed fromint
tolong
- v1.3.5 - 2021-12-21
- Updated to Log4J 2.17.0 for security reasons (CVE-2021-45105) - see https://logging.apache.org/log4j/2.x/security.html
- v1.3.4 - 2021-12-14
- Updated to Log4J 2.16.0 for security reasons (CVE-2021-45046) - see https://www.lunasec.io/docs/blog/log4j-zero-day/
- v1.3.3 - 2021-12-10
- Updated to Log4J 2.15.0 for security reasons (CVE-2021-44228) - see https://www.lunasec.io/docs/blog/log4j-zero-day/
- Updated to WSS4J 2.4.0
- Updated to xmlsec 2.3.0
- Fixed a typo in method name of class
AbstractPeppolUserMessageBuilder
(missingp
ofendpoint
) - Fixed the interface name from
IPhase4PeppolValidatonResultHandler
toIPhase4PeppolValidationResultHandler
. See issue #68. - Updated the Maven JAXB2 plugin so that it also build with Java 17
- v1.3.2 - 2021-09-27
- Updated to ph-web 9.6.1
- Updated to phive-rules 2.1.7
- Updated to xmlsec 2.2.3 (security fix)
- Allowing to set the "RefToMessageId" in the client sender builders
- Improved the error handling of
ISOAPHeaderElementProcessor
invocations. See issue #52.
- v1.3.1 - 2021-05-21
- Updated to xmlsec 2.2.2
- Added the possibility to provide the content ID in the Peppol AS4 sender
- Changed the layout of the default, random Content-IDs to match RFC 822
- The error handling of the SPI invocations was improved
-
AS4MessageProcessorResult.createFailure
now also takes empty arguments - Extended the internal API of
AS4XServletHandler
to make calls from the outside simpler - Added a new class
AS4DumpReader
that can be helpful in reading dumped ".as4in" messages at a later point in time
- v1.3.0 - 2021-05-02
- Updated to ph-commons 10.1
- Moved the classes
AS4IncomingDumperFileBased
,AS4OutgoingDumperFileBased
andAS4RawResponseConsumerWriteToFile
from packagecom.helger.phase4.servlet.dump
to packagecom.helger.phase4.dump
. The old classes remain there, but deprecated. -
IAS4IncomingDumper.onEndRequest
is only called ifonNewRequest
returned a non-null stream - Improved logging in case of failed sending prerequisites
- Changed from
Offset(Date|Time|DateTime)
toXMLOffset(Date|Time|DateTime)
where the message exchange is affected - The JAXB implementation must now explicitly be added to an application
pom.xml
e.g. like this:
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
</dependency>
- v1.2.0 - 2021-03-28
- Added the response AS4 Message ID as parameter to
IAS4ServletMessageProcessorSPI.processAS4ResponseMessage
- Renamed class
EAS4IncomingMessageMode
toEAS4MessageMode
- Extended
IAS4OutgoingDumper
API with anEAS4MessageMode
param - Extended the
IAS4MessageState
with "ref to message ID" and "message timestamp"
- Added the response AS4 Message ID as parameter to
- v1.1.1 - 2021-03-23
- Made the AS4 message ID suffix customizable (see issue #50) using
MessageHelperMethods.setCustomMessageIDSuffix(String)
- Made the AS4 message ID suffix customizable (see issue #50) using
- v1.1.0 - 2021-03-22
- Updated to ph-commons 10
- Changed from
Local(Date|Time|DateTime)
toOffset(Date|Time|DateTime)
where the message exchange is affected
- v1.0.0 - 2021-03-10
- v1.0.0-rc1 - 2021-02-17
- Updated to peppol-commons 8.4.0
- The configuration files
private-crypto.properties
,crypto.properties
,private-as4.properties
andas4.properties
are no longer read - The configuration properties
server.debug
,server.production
,server.nostartupinfo
,server.datapath
,server.profile
,server.incoming.duplicatedisposal.minutes
andserver.address
are no longer supported - Removed all deprecated elements
- Extended the API of
ESimpleUserMessageSendResult
- Added
AbstractAS4UserMessageBuilder.sendMessageAndCheckForReceipt
overload with an exception consumer (see issue #48)
- v0.14.0 - 2021-01-27
- Changed the default directory structure of the incoming and outgoing dumper as well as the raw response consumer to have subdirectories for year, month and day of month
- Extended
Phase4OutgoingAttachment
to also have aCharset
parameter. Thanks to @pavelrotek for pointing this out. -
Phase4OutgoingAttachment
can now work onbyte[]
andFile
. - Added support for the ENTSOG AS4 profile (see issue #46). Therefore the new submodules
phase4-profile-entsog
as well asphase4-entsog-client
were added. Thanks to @pavelrotek for providing it. - Removed all elements deprecated in 0.13.x or earlier
- v0.13.2 - 2021-01-22
- Fixed an error that an empty
MessageProperties
element is created which would not be XSD compliant. Thanks to Amish Regmi for pointing this out.
- Fixed an error that an empty
- v0.13.1 - 2021-01-20
- Updated to WSS4J 2.3.1
- Updated to ph-web 9.5.2 updating the U-NAPTR lookup code for BDXL lookups
- Added new class
EbmsError
to implementIEbmsError
next toEEbmsError
- The
AS4RequestHandler
received aSoapProcessingFinalizedCallback
to be able to get notified on asynchronous processing finalization - Extended
IAS4IncomingProfileSelector
to allow to disable the AS4 profile validation of PModes - Remembering the MessageID earlier in the process, so that error messages can always use the
RefToMessageId
properly - Fine-tuned the CEF and Peppol PMode checks a bit
- v0.13.0 - 2020-12-11
- Extended exception API to that constructors with only another exception are present
- Extended the Peppol demo server to store the attachments by default, even if the payload check does not work
- Updated to peppol-commons 8.3.1 that fixes the Peppol SBDH
TypeVersion
check - The Peppol client builder no longer sets an invalid default
TypeVersion
in the SBDH - Added new interface
IAS4SenderInterrupt
to allow all sender builders to interrupt sending at a late stage - The HTTP retry settings are now assembled in the class
HttpRetrySettings
-
AbstractAS4Client
is no longer derived fromBasicHttpPoster
but instead has a customizable member that is responsible for the sending. This allows for exchanging the underlying HTTP engine. - The UserMessage builder now has a simplified
sendMessageAndCheckForReceipt
method that does all the success/error checks internally - Extended the
AS4ClientSentMessage
to also contain the HTTP response status line and the response HTTP headers - Added a new interface
IAS4IncomingProfileSelector
to make profile selection customizable - Renamed interface
IIncomingAttachmentFactory
toIAS4IncomingAttachmentFactory
- Added new abstract base class
AbstractAS4RawResponseConsumer
to customize handling of status line and http headers -
AS4RawResponseConsumerWriteToFile
now logs the status line and the response headers by default (backward incompatible change) - The default filenames created from
AS4RawResponseConsumerWriteToFile
now use the extension.as4response
instead of-response.xml
because they are no longer pure XML - Moved method
readCryptoPropertiesFromFile
fromAS4CryptoFactoryPropertiesFile
toAS4CryptoFactoryProperties
- v0.12.6 - 2020-11-25
- Updated from "ph-bdve*" to "phive*" - see https://github.com/phax/phive and https://github.com/phax/phive-rules for details
- v0.12.5 - 2020-11-25
- Updated to peppol-commons 8.3.0
- v0.12.4 - 2020-11-18
- Remembering the original compression state of incoming attachments
- Updated to ph-bdve-rules 1.0.14 including Peppol Fall 2020 release corrigendum
- v0.12.3 - 2020-11-06
- The
phase4-server-webapp
project now also stores all incoming messages to the dump path - Ensure the incoming dumper
AS4IncomingDumperFileBased
creates a unique filename by default - Allow an empty AS4 Conversation ID in a UserMessage
- Ensuring that outgoing messages can be dumped, even if retries is set to 0 (see issue #43)
- The
- v0.12.2 - 2020-10-05
- Extended the
IPhase4PeppolIncomingSBDHandlerSPI
interface to be able to reject messages on the AS4 layer - Updated to ph-bdve-rules 1.0.8
- Extended the
- v0.12.1 - 2020-09-28
- Updated to peppol-commons 8.2.4
- Made the value checks when reading Peppol SBDH documents customizable via
Phase4PeppolServletConfiguration.setPerformSBDHValueChecks
- Extended the Peppol client sender API to easily send special binary and text payload
- v0.12.0 - 2020-09-22
- Extended the
IPModeResolver
to also contain the agreementRef value (for ENTSOG) - backwards incompatible change - Added support for custom "Part properties" in
IAS4Attachment
(for ENTSOG) - The sending date and time of the AS4 message can now be configured in the client
- Made class
PMode
more static (see issue #41) -
PModeValidationException
is now a subclass ofPhase4Exception
- Added setters to some PMode related domain classes
- A default serialization of the PMode objects as JSON is available (see issue #40)
- The internal interface
IAS4MessageState
is now standalone - Made the incoming message metadata in class
AS4XServletHandler
easily customizable. - Made truststore accessible through
IAS4CryptoFactory
- Added new interface
IAS4UserMessageConsumer
- Extended API to make PullRequest sending simpler
- Moved shared fields from
AbstractAS4UserMessageBuilder
toAbstractAS4MessageBuilder
- Added new sanity builder for AS4 Pull Requests using
Phase4Sender.builderPullRequest()
- Changed
PMode IAS4ServletPullRequestProcessorSPI.processAS4UserMessage
toIPMode IAS4ServletPullRequestProcessorSPI.findPMode
- Extended the
- v0.11.1 - 2020-09-17
- Updated to Jakarta JAXB 2.3.3
- Updated to ph-sbdh 4.1.1
- Updated to peppol-commons 8.2.2
- v0.11.0 - 2020-09-08
- Extracted new enum
ECryptoKeyIdentifierType
to make the key information type customizable - Reworked the configuration so that system properties and environment variables can also be used
- The class
AS4Configuration
is now the primary source for configuration stuff - Class
AS4ServerConfiguration
was deleted - Extracted the class
AS4CryptoFactoryProperties
as the base class forAS4CryptoFactoryPropertiesFile
- Deprecated class
AS4CryptoFactoryPropertiesFile
in favour ofAS4CryptoFactoryProperties
- The file
crypto.properties
is considered deprecated. All values should be placed now inphase4.properties
. - By default the "in memory" managers are enabled. To disable this, add
phase4.manager.inmemory=false
in your configuration. - Dumping interfaces no longer implement
Serializable
- Added missing
onEndRequest
call to the outgoing dumper when sending responses
- Extracted new enum
- v0.10.6 - 2020-09-03
- The CEF client now has support for OASIS BDXR SMP v2
- The signature canonicalization method can now be customized
- Created new submodule
phase4-dynamic-discovery
that contains the shared parts used for dynamic discovery with SML and SMP -
phase4-peppol-client
andphase4-cef-client
use the classes fromphase4-dynamic-discovery
- backwards incompatible change
- v0.10.5 - 2020-08-30
- Updated to ph-commons 9.4.7
- Updated to ph-oton 8.2.6
- Updated to peppol-commons 8.1.7
- Replaced
AS4WorkerPool
withPhotonWorkerPool
- Improved validation of Peppol requirements for incoming messages, if the correct AS4 Profile "peppol" is selected
- Using Java 8 date and time classes for JAXB created classes
- v0.10.4 - 2020-07-22
- Extracted
IAS4ProfileManager
interface - Added profile manager to the
IManagerFactory
interface - Reworked the WSS4J initialization code to try to avoid the WSS-660 issue
- Extracted
- v0.10.3 - 2020-07-15
- Updated to ph-commons 9.4.6
- Added
AS4ServerInitializer.shutdownAS4Server
to gracefully unschedule all jobs - Improved customizability of the
Phase4CEFSender
to define if the@type
attribute should be emitted or not - Fixed an invalid
Content-Type
parsing issue, if an empty parameter is contained
- v0.10.2 - 2020-07-07
- Fixed an UnsupportedOperationException when AS4 HTTP Debugging was enabled AND an outgoing dumper was registered (see issue #39)
- Extended Peppol SBDH based builder to set the identifiers from the SBDH (see issue #22)
- Moved the
HttpClientFactory
setting one class up fromAbstractAS4UserMessageBuilder
toAbstractAS4MessageBuilder
- Improved the configurability of the dumpers
- v0.10.1 - 2020-06-24
- Added the possibility to provide a custom VESRegistry to the Peppol client to provide additional validation rules
- Changed the method
IAS4DuplicateManager
methodfindFirst
togetItemOfMessageID
to be implementable in different ways - Updated to WSS4J 2.3.0 and XMLSec 2.2.0
- Using
ph-xsds-xlink
andph-xsds-xml
for a shared "XLink" JAXB artefact
- v0.10.0 - 2020-06-08
- Updated to ph-bdve 6.0.0
- Merged
phase4-servlet
intophase4-lib
; therefore droppedphase4-servlet
submodule - Moved internal classes to new packages:
BasicHttpPoster
,AS4BidirectionalClientHelper
- Added a new class
Phase4Sender
that does offer sending capabilities with the builder pattern - All the client builders were unified - that creates incompatible name changes to
Phase4PeppolSender
(as insetSenderPartyID
→senderPartyID
) - Extracted
IAS4TimestampManager
to be able to provide custom timestamps
- v0.9.17 - 2020-05-27
- Changed Maven groupId to
com.helger.phase4
- Updated to ph-commons 9.4.4
- Changed Maven groupId to
- v0.9.16 - 2020-05-20
- Becoming more specific in thrown exceptions. Avoiding all "throws Exception"
- Fixed a potential concurrency error in
IPModeManager
implementations when calling "createOrUpdatePMode" - Fixed a potential concurrency error in
AS4CryptoFactoryPropertiesFile.getDefaultInstance()
- Added new class
Phase4OutgoingAttachment
for easier creation of outgoing attachments - Extended the
Phase4CEFSender
to handle multiple attachments. - Extended the
Phase4CEFSender
to allow overriding "Action" and "Service"
- v0.9.15 - 2020-05-19
- Increased customizability of
AS4XServletHandler
- Added a new submodule
phase4-cef-client
for easy sending using the CEF profile - Note: this version had a problem when deploying to Maven Central - so it's binary representation is broken
- Increased customizability of
- v0.9.14 - 2020-04-28
- Updated to WSS4J 2.2.5
- Updated to ph-commons 9.4.1
- Improved configurability of
MetaAS4Manager
- Moved callback interface
IPhase4PeppolResponseConsumer
toIAS4RawResponseConsumer
inphase4-lib
- Moved callback interface
IPhase4PeppolSignalMessageConsumer
toIAS4SignalMessageConsumer
inphase4-lib
- Moved
Phase4PeppolSender.parseSignalMessage
to classAS4IncomingHandler
inphase4-servlet
- Removed the check for the
refToMessageInError
attribute when receiving "Error SignalMessages"
- v0.9.13 - 2020-03-17
- Moved
originalSender
andfinalRecipient
tests to the CEF and Peppol profiles (see issue #33) - Added new class
AS4ProfileSelector
for more flexible profile selection - Added possibility for dumping the created SBDH in
Phase4PeppolSender.Builder
(see issue #34) - Made the setter of
Phase4PeppolServletMessageProcessorSPI
chainable - Extracted class
Phase4PeppolReceiverCheckData
to make the consistency check more flexible.
- Moved
- v0.9.12 - 2020-03-09
- Fixed potential NPE in error case (see issue #32)
- Fixed the setting of the
originalSender
and thefinalRecipient
message properties for Peppol. Thetype
attribute must contain the identifier scheme.
- v0.9.11 - 2020-03-03
- Updated to ph-web 9.1.10
- Propagating processing errors to the client (see issue #30) - thanks to https://github.com/RovoMe
- Replaced the unchecked
AS4BadRequestException
with the checkedPhase4Exception
(backwards incompatible change)
- v0.9.10 - 2020-02-16
- Fixed a stupid error in the demo code that prohibits the correct receiver check activation - see https://github.com/phax/phase4/commit/796c054d972562d31fe33597b8f7938081b8183e for the resolution
- Invoking the
AS4RequestHandler
error consumer also on asynchronous processing - Extended the error consumer interface of
AS4RequestHandler
fromConsumer
toIAS4RequestHandlerErrorConsumer
(backwards incompatible change) - Extended the message metadata class
AS4IncomingMessageMetadata
- Updated to ph-web 9.1.9
- v0.9.9 - 2020-02-09
- Removed the methods deprecated in v0.9.8
- Updated to peppol-commons 8.x
- Extended
Phase4PeppolEndpointDetailProviderSMP
API - Added new subproject
phase4-peppol-server-webapp
with a demo server for receiving messages via Peppol - Extended
IAS4IncomingDumper
API with an "end request" notifier - The asynchronous response now also uses the outgoing dumper
- Merged two methods in class
IAS4ResponseAbstraction
into one (backwards incompatible change) - Invoking the outgoing dumper also for responses sent for incoming messages
- v0.9.8 - 2020-01-29
- Added possibility to use external message ID in Peppol client
- Added new classes
AS4IncomingDumperSingleUse
andAS4OutgoingDumperSingleUse
for easier per-call dumping - Peppol client now has an additional callback to retrieve the AS4 URL where the message is send to
- No longer throwing an exception if
phase4.properties
is not available. Changed to a warning. - Added new class
AS4IncomingMessageMetadata
to hold metadata for each incoming message - The
IAS4ServletMessageProcessorSPI
API was modified to now includeIAS4IncomingMessageMetadata
(backwards incompatible change) - The
IPhase4PeppolIncomingSBDHandlerSPI
API was modified to now includeIAS4IncomingMessageMetadata
as well asPeppolSBDHDocument
,Ebms3UserMessage
andIAS4MessageState
(backwards incompatible change) - The
IAS4IncomingDumper
API was modified to now includeIAS4IncomingMessageMetadata
(backwards incompatible change) - Added the original (potentially encrypted) SOAP document into
IAS4MessageState
- Renamed type
ESOAPVersion
toESoapVersion
(backwards incompatible change) - Method names in
IAS4ClientBuildMessageCallback
changed to useSoap
instead ofSOAP
- Extended
IAS4ServletMessageProcessorSPI
with a possibility to process the response message send out - Renamed
AS4CryptoFactory
toAS4CryptoFactoryPropertiesFile
(backwards incompatible change)
- v0.9.7 - 2020-01-20
- Removed the default configuration files from
phase4-peppol-client
- Added the new submodule
phase4-peppol-servlet
with the Peppol specific receiving stuff - Extracted interface
IAS4Attachment
fromWSS4JAttachment
for read-only access - Fixed NPE when receiving an attachment without a "Content-ID"
- Removed all deprecated and unused methods from previous versions
- Extracted
IAS4CryptoFactory
interface for broader usage - Added possibility to use a preconfigured receiver AP certificate and endpoint URL for the Peppol client
- Changed
IPhase4PeppolValidatonResultHandler
to be an empty interface andPhase4PeppolValidatonResultHandler
is the default implementation - The base class of
Phase4PeppolException
changed fromException
toPhase4Exception
- Incoming messages are checked via against the values configured in class
Phase4PeppolServletConfiguration
- For security reasons the dependency to the XML pull parser "woodstox" was removed
- For security reasons the dependency to the DNS library "dnsjava" was removed
- Added the new class
AS4CryptoFactoryInMemoryKeyStore
that takes an in-memory key store and trust store (see issue #28) - Updated to peppol-commons 7.0.6 with more flexible SMP client API
-
SOAPHeaderElementProcessorRegistry
is no longer a singleton - The Peppol client can now handle Receipts that are MIME encoded
- The Peppol client now verifies the signatures of the response messages
- The Peppol client now honours the "incoming dumper" for the response messages
- Removed the default configuration files from
- v0.9.6 - 2019-12-12
- Removed the "ExceptionCallback" from
Phase4PeppolSender
- Changed the data types of "ResponseConsumer" and "SignalMsgConsumer" from
Phase4PeppolSender
to be able to throw exception (binary incompatible change) - Added the possibility to configure the keystore without the need of having the
crypto.properties
file - Extracted interface
IMPCManager
fromMPCManager
and using it internally - Extracted interface
IPModeManager
fromPModeManager
and using it internally - The method
IPModeManager.validatePMode
now throws a checkedPModeValidationException
exception (incompatible change) - Added the possibility to customize the outgoing dumper in class
Phase4PeppolSender
- Added specific
Phase4PeppolSMPException
for SMP lookup errors (incompatible change) - Extracted interface
IAS4DuplicateManager
fromAS4DuplicateManager
and using it internally - Added the possibility to send pre-build SBDH messages (see issue #22) (binary incompatible change)
- Added support for creating in-memory managers only, using the system property
phase4.manager.inmemory
- Parameter type of
IAS4IncomingDumper.onNewRequest
changed toHttpHeaderMap
(incompatible change) - Made
AS4RequestHandler
usage more flexible to not solely rely on the Servlet API - New logo thanks to Maria Petritsopoulou - http://stirringpixels.com/
- Removed the "ExceptionCallback" from
- v0.9.5 - 2019-11-27
- Enforcing the usage of
Phase4PeppolSender.builder()
by making the main sending method private - Updated to peppol-commons 7.0.4 (moved classes
PeppolCerticateChecker
andEPeppolCertificateCheckResult
there) (incompatible change) - Replaced the Peppol client "certificate consumer" type to be
IPhase4PeppolCertificateCheckResultHandler
(incompatible change)
- Enforcing the usage of
- v0.9.4 - 2019-11-20
- Updated to ph-commons 9.3.8
- Added OCSP/CLR check for Peppol certificates
- Added support for validation of outgoing Peppol messages using the default Peppol Schematrons
- Extended the Peppol client API a bit for client side validation (see issue #19)
- Outgoing messages now have the User-Agent HTTP header set (see issue #20)
- Fixed a typo in the short name of
EBMS_FAILED_DECRYPTION
(see issue #21) - Added a new
Builder
class for the Peppol AS4 client - usePhase4PeppolSender.builder()
to get started
- v0.9.3 - 2019-11-05
- Updated to peppol-commons 7.0.3
- Added new subproject
phase4-peppol-client
to easily send AS4 messages to Peppol - Fixed default initiator URL (see issue #18)
- v0.9.2 - 2019-10-07
- Fixed an invalid assumption in the Peppol PMode validator.
- v0.9.1 - 2019-09-06 - Peppol conformant
- Ignored WSS4J dependency "ehcache" to create smaller deployments
- Added new subproject
phase4-profile-peppol
for the Peppol AS4 profile - From Party ID type and To Party ID type can now be set in the client
- The service type can now be set in a PMode
- Requires ph-commons 9.3.6
- Requires ph-web 9.1.3
- This is the first version passing the Peppol Testbed v1
- v0.9.0 - 2019-08-08 - CEF conformant
- The GitHub repository was officially renamed to phase4
- All Maven artifact IDs were renamed from
ph-as4-*
tophase4-*
- The package names changes from
com.helger.as4.*
tocom.helger.phase4.*
- Updated to WSS4J 2.2.4
- Updated to ph-oton 8.2.0
- Updated to peppol-commons 7.0.0
- Updated to ph-commons 9.3.5
- The submodule
ph-as4-esens
was renamed tophase4-profile-cef
- The AS4 message handler now have a chance to access the received HTTP headers
- Renamed
ph-as4-server-webapp-test
tophase4-test
- Improved Crypto stuff configurability
- Renamed
AS4ResourceManager
toAS4ResourceHelper
- Renamed
AS4Handler
toAS4RequestHandler
- Reworked client API so that it can be used chainable
- Added retry support to clients
- Added possibility to dump incoming and outgoing requests using
AS4DumpManager
- This version passes the CEF "AS4 Basic Connectivity Tests"
- This version passes the CEF "AS4 Common Profile Test Assertions"
- This version passes the CEF "AS4 Four Corner Profile Enhancement Test Assertions"
- v0.8.2 - 2019-02-27
- Adoptions for integration into TOOP
- v0.8.1 - 2018-11-26
- The web application now uses LOG4J 2.x
- Requires at least ph-commons 9.2.0
- Added
@type
-fix from https://issues.oasis-open.org/projects/EBXMLMSG/issues/EBXMLMSG-2
- v0.8.0 - 2018-06-21
- Updated to ph-commons 9.1.2
- Updated to BouncyCastle 1.59
- Updated to WSS4J 2.2.2
- Successfully send test messages to AS4.NET and Holodeck 3.x
- v0.7.0 - 2017-07-24
- Added HTTP retry for client
- Added server duplicate message detection for incoming messages
-
MessageInfo/Timestamp
uses UTC - thanks Sander - Added two-way handling
- Fixed bug that Receipt is not signed (if desired)
- Removed
PModeConfig
in favor of redundantPMode
objects - Removed partner handling - not needed anymore
- To be on the safe side, delete all previously created
as4-*.xml
files as there were incompatible changes. - Added a second webapp - one for demo, one for testing
- v0.6.0 - 2017-01-26
- Extracted subproject
ph-as4-servlet
with only the AS4Servlet - Unified the namespaces across the sub-projects
- Requires ph-web 8.7.2 or higher
- Renamed
ph-as4-server
toph-as4-server-webapp-demo
- Extracted subproject
- v0.5.0 - 2017-01-18
- Initial release
- Has everything needs for sending and receiving using the eSENS P-Mode profiles
- Basic compatibility with Holodeck 2.1.2 is provided
- Supports signed messages
- Supports encrypted messages
- Supports compressed messages
- Targets to be easily integrateable into existing solutions
- Requires Java 8 for building and execution
My personal Coding Styleguide | It is appreciated if you star the GitHub project if you like it.