PR for sample code ver. 1.0 (#1)

.gitignore

@@ -8,3 +8,6 @@ dependency-reduced-pom.xml
 buildNumber.properties
 .mvn/timing.properties
 .idea
+*.iml
+# Do not add:
+run.sh

.travis.yml

@@ -10,3 +10,5 @@ jdk:
 
 script:
   - mvn --version
+  # Skip unit test in CI
+  - mvn clean install -Dmaven.test.skip=true

README.md

@@ -1,5 +1,184 @@
 # EMCS B2B Sample Web Service Client written in Java
 
-[![Build Status](https://travis-ci.com/skat/emcs-b2b-sample-ws-client-java.svg?token=pXpLRS1qCgHe3KVdbFyA&branch=master)](https://travis-ci.com/skat/emcs-b2b-sample-ws-client-java)
+[![Build Status](https://travis-ci.com/skat/emcs-b2b-ws-sample-client-java.svg?token=pXpLRS1qCgHe3KVdbFyA&branch=master)](https://travis-ci.com/skat/emcs-b2b-ws-sample-client-java)
 
 Sample client for the EMCS B2B Web Service Gateway developed in Java and using open source libraries.
+
+**IMPORTANT NOTICE**: SKAT does not provide any kind of support for the code in this repository.
+This Java-client is just one example of how a B2B web service can be accessed. The client must not be 
+perceived as a piece of production code but more as an example one can take inspiration from and can use
+to quickly get started to test whether your company can implement a successful call to one of the B2B web 
+service using the company's digital signature. SKAT can not be held responsible if a company uses this client
+or parts of it in their own systems. 
+
+**VIGTIG MEDDELELSE**: SKAT yder ikke support på kildekoden i nærværende kodebibliotek.
+Denne Java-klient er kun et eksempel på hvordan B2B webservicene kan tilgås. Klienten skal således ikke 
+opfattes som et stykke produktionskode men mere som en eksempel man kan lade sig inspirere af og kan bruge 
+til hurtigt at komme i gang og få afprøvet om ens virksomhed kan gennemføre et succesfuldt kald til en af 
+B2B webservicene ved at bruge virksomhedens digitale signatur. SKAT kan ikke stå til ansvar hvis en virksomhed
+anvender klienten eller dele af denne i deres egne systemer. 
+
+## About the client
+
+The sample client in is implemented based on the [Apache CXF](http://cxf.apache.org/) framework,
+the Spring Framework, and Java 8. See `pom.xml` file in this repo for details regarding 
+the current versions of the mentioned frameworks in use.
+
+The client currently implements calls to the service **OIOLedsageDocumentOpret** and the main entry
+point into the source code of implementation is the class:
+
+[OIOLedsageDocumentOpretClient.java](src/main/java/dk/skat/emcs/b2b/sample/OIOLedsageDocumentOpretClient.java)
+
+This class constructs the request, invokes a Apache CXF generated client, and parses the response
+by printing out relevant values to the log.
+
+## Fulfillment of WS Policy of EMCS Web Services
+
+The fulfillment of policies required to invoke EMCS B2B Web Services is configured in the file:
+
+[emcs-policy.xml](src/main/resources/emcs-policy.xml)
+
+Fulfillment of WS Policy requirements is achieved using CXF's in and out interceptor framework and 
+the `emcs-policy.xml` file details which parts are to be signed and encrypted, and how to present 
+certificate for authentication on the server side. This configuration file also demonstrates how
+secure transport (https) is enabled client side.
+
+## Run client
+
+The sample client must be configured with two required parameters that are necessary for the client to run and
+call the test environment of EMCS B2B Web Service Gateway. The two parameters can be obtained by contacting 
+SKAT Help Desk.
+
+The full list of parameters:
+
+* **dk.skat.emcs.b2b.sample.P12_PASSPHRASE** (REQUIRED): Passphrase to the certificate used for authentication, signing (request), and encryption (response).
+* **dk.skat.emcs.b2b.sample.OIOLedsageDocumentOpret.ENDPOINT** (REQUIRED):The endpoint of the service being invoked.
+* **dk.skat.emcs.b2b.sample.TXID_PREFIX** (OPTIONAL): This parameter sets a custom prefix to the generated transaction id and is very useful when asking SKAT Help Desk to trace a particular request.
+
+The client is then invoked as part of the **test phase** of the Maven build process that is run using the following
+command line:
+
+```sh
+$ mvn clean install \
+  -Ddk.skat.emcs.b2b.sample.P12_PASSPHRASE=<CHANGE_THIS> \
+  -Ddk.skat.emcs.b2b.sample.OIOLedsageDocumentOpret.ENDPOINT=<CHANGE_THIS>
+  -Ddk.skat.emcs.b2b.sample.TXID_PREFIX=ACME_01_
+```
+
+The following is partial output of build and exhibits the request and response written
+to the log:
+
+**Request**:
+```
+Apr 12, 2017 11:07:23 AM dk.skat.emcs.b2b.sample.OIOLedsageDocumentOpretClient invoke
+INFO: 
+*******************************************************************
+** HovedOplysninger
+**** Transaction Id: ACME_01_f57b8c74-31eb-482c-a481-966531930aea
+**** Transaction Time: 2017-04-12T11:07:22.035+02:00
+** VirksomhedIdentifikationStruktur
+**** AfgiftOperatoerPunktAfgiftIdentifikator: DK82065873300
+**** VirksomhedSENummerIdentifikator: 30808460
+*******************************************************************
+```
+
+**Response**:
+```
+Apr 12, 2017 11:07:27 AM dk.skat.emcs.b2b.sample.OIOLedsageDocumentOpretClient invoke
+INFO: 
+*******************************************************************
+** HovedOplysningerSvar
+**** Transaction Id: ACME_01_f57b8c74-31eb-482c-a481-966531930aea
+**** Transaction Time: 2017-04-12T11:07:22.035+02:00
+**** Service Identification: FS2_OIOLedsageDokumentOpret
+**** Error
+****** Error Code: 494
+****** Error Text: Message identifier has been already used
+*******************************************************************
+```
+
+In this particular output we see that the `ie815.xml` file has been sent in already.
+
+### Modifying the IE815 file to produce an ARC Id
+
+First ensure that the the following fields in the `ie815.xml` file are unique:
+
+* MessageIdentifier
+* LocalReferenceNumber
+
+Then run the client again and the EMCS System will produce an ARC Identifier.
+
+**Sample response**:
+```
+*******************************************************************
+** HovedOplysningerSvar
+**** Transaction Id: ACME_01_42166d20-65b5-4983-b7a2-9faec07abc54
+**** Transaction Time: 2017-04-24T13:43:52.146+02:00
+**** Service Identification: FS2_OIOLedsageDokumentOpret
+Ledsagedokument Valideret Dato: 2017-04-24Z
+Ledsagedokument ARC Identifikator: 17DKK1KHPMQH2W23ABI62
+*******************************************************************
+```
+
+## Advanced Configuration
+
+### Testing Expired and Revoked Certificates
+
+The client keystore includes three certificates:
+
+1. VOCES_gyldig.p12 with alias = `valid`.
+2. VOCES_spaerret.p12 with alias = `revoked`.
+3. VOCES_udloebet.p12 with alias = `expired`.
+
+By default the client is configured to run with certificate with alias `valid`.
+
+In order to complete a test with any of the other certificates the following files must be
+changed:
+
+* File: **src/main/resources/etc/Client_Sign.properties**
+
+Change as described in the file itself:
+
+```
+# SKAT: Options =
+# - valid (default)
+# - revoked
+# - expired
+org.apache.ws.security.crypto.merlin.keystore.alias=revoked
+```
+
+File: **src/main/resources/emcs-policy.xml**
+
+Change as described in the file itself:
+
+```
+<!-- SKAT: Options =
+     - valid
+     - expired
+     - revoked
+-->
+<entry key="signatureUser" value="valid"/>
+```
+
+### Installing other OCESII Certificates in the client keystore
+
+The keystore `src/main/resources/keystore/client-keystore.jks` is already prepared with the
+necessary test certificate that is authorized to access the test environment. However, in the
+event that another test certificate has been issued this may be installed as follows:
+
+```
+$ export P12_PASSPHRASE=CHANGE_ME
+$ export P12_CURRENT_ALIAS=CHANGE_ME
+$ keytool -delete -alias valid -keystore src/main/resources/keystore/client-keystore.jks -storepass storepassword
+$ keytool -changealias -keystore target/VOCES_yours.p12 -storepass $P12_PASSPHRASE -alias $P12_CURRENT_ALIAS -destalias "valid"
+$ keytool -v -importkeystore -srckeystore target/VOCES_yours.p12 -srcstoretype PKCS12 -destkeystore src/main/resources/keystore/client-keystore.jks -deststoretype JKS -deststorepass storepassword -srcstorepass $P12_PASSPHRASE
+```
+
+Where `P12_PASSPHRASE` and `P12_CURRENT_ALIAS` are passphrase and alias of the OCESII certificate,
+respectively. The three keytool command removes the pre configured certificate, changes the the alias
+of the new certificate, and finally imports it into the keystore.
+
+## References
+
+* [Apache CXF](http://cxf.apache.org/)
+* [Apache CXF Samples](https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples)

build-client-keystore.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+CLIENT_KEYSTORE=src/main/resources/keystore/client-keystore.jks
+
+P12_PASSPHRASE=$1
+
+echo "Provided p12 passphrase: $P12_PASSPHRASE"
+
+echo "Before import ..."
+keytool -list -keystore $CLIENT_KEYSTORE -storepass storepassword
+
+echo "Importing ..."
+
+# Build target for processing p12 files before import
+mkdir -p target
+cp -r p12/*.p12 target
+
+# Import valid test certificate: VOCES_gyldig.p12
+# -----------------------------------------------
+# Change alias (not required by client)
+keytool -changealias -keystore target/VOCES_gyldig.p12 -storepass $P12_PASSPHRASE -alias "nets danid a/s - tu voces gyldig" -destalias "valid"
+keytool -v -importkeystore -srckeystore target/VOCES_gyldig.p12 -srcstoretype PKCS12 -destkeystore $CLIENT_KEYSTORE -deststoretype JKS -deststorepass storepassword -srcstorepass $P12_PASSPHRASE
+
+# Import revoked test certificate: VOCES_spaerret.p12
+# --------------------------------------------------
+# Change alias (required by client)
+keytool -changealias -keystore target/VOCES_spaerret.p12 -storepass $P12_PASSPHRASE -alias "nets danid a/s - tu voces spærret" -destalias "revoked"
+keytool -v -importkeystore -srckeystore target/VOCES_spaerret.p12 -srcstoretype PKCS12 -destkeystore $CLIENT_KEYSTORE -deststoretype JKS -deststorepass storepassword -srcstorepass $P12_PASSPHRASE
+
+# Import expired test certificate: VOCES_udloebet.p12
+# --------------------------------------------------
+# Change alias (required by client)
+keytool -changealias -keystore target/VOCES_udloebet.p12 -storepass $P12_PASSPHRASE -alias "nets danid a/s - udløbet premexp1d1h" -destalias "expired"
+keytool -v -importkeystore -srckeystore target/VOCES_udloebet.p12 -srcstoretype PKCS12 -destkeystore $CLIENT_KEYSTORE -deststoretype JKS -deststorepass storepassword -srcstorepass $P12_PASSPHRASE
+
+echo "After import ..."
+keytool -list -keystore $CLIENT_KEYSTORE -storepass storepassword
+
+### Reverse imports
+### NOT ACTIVE
+# keytool -delete -alias valid -keystore src/main/resources/keystore/client-keystore.jks -storepass storepassword
+# keytool -delete -alias revoked -keystore src/main/resources/keystore/client-keystore.jks -storepass storepassword
+# keytool -delete -alias expired -keystore src/main/resources/keystore/client-keystore.jks -storepass storepassword
+

build-client-truststore.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+CLIENT_TUSTSTORE=src/main/resources/keystore/client-truststore.jks
+
+echo "Before import ..."
+keytool -list -keystore $CLIENT_TUSTSTORE -storepass storepassword
+
+echo "Importing ..."
+
+keytool -noprompt -import -alias skatserver -file pem/emcs-test-system.pem -keystore $CLIENT_TUSTSTORE -storepass storepassword
+
+# Import SSL cert for secure transport (https://..)
+# The full cert. chain is viewable with openssl command: openssl s_client -connect host:port -showcerts
+#
+keytool -noprompt -import -alias ssl_chain_0 -file pem/ssl-chain-0.pem -keystore $CLIENT_TUSTSTORE -storepass storepassword
+# Level 0 is sufficient for completeness we import the full chain (level 1,2,3)...
+keytool -noprompt -import -alias ssl_chain_1 -file pem/ssl-chain-1.pem -keystore $CLIENT_TUSTSTORE -storepass storepassword
+keytool -noprompt -import -alias ssl_chain_2 -file pem/ssl-chain-2.pem -keystore $CLIENT_TUSTSTORE -storepass storepassword
+keytool -noprompt -import -alias ssl_chain_3 -file pem/ssl-chain-3.pem -keystore $CLIENT_TUSTSTORE -storepass storepassword
+
+echo "After import ..."
+keytool -list -keystore $CLIENT_TUSTSTORE -storepass storepassword
+
+### Reverse imports
+### NOT ACTIVE
+# keytool -delete -alias skatserver -keystore src/main/resources/keystore/client-truststore.jks -storepass storepassword
+# keytool -delete -alias ssl_chain_0 -keystore src/main/resources/keystore/client-truststore.jks -storepass storepassword
+# keytool -delete -alias ssl_chain_1 -keystore src/main/resources/keystore/client-truststore.jks -storepass storepassword
+# keytool -delete -alias ssl_chain_2 -keystore src/main/resources/keystore/client-truststore.jks -storepass storepassword
+# keytool -delete -alias ssl_chain_3 -keystore src/main/resources/keystore/client-truststore.jks -storepass storepassword

ie815.xml

@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ie:IE815 xmlns:ie="urn:publicid:-:EC:DGTAXUD:EMCS:PHASE3:IE815:V1.76">
+    <ie:Header xmlns:tms="urn:publicid:-:EC:DGTAXUD:EMCS:PHASE3:TMS:V1.76">
+        <tms:MessageSender>NDEA.DK</tms:MessageSender>
+        <tms:MessageRecipient>NDEA.DK</tms:MessageRecipient>
+        <tms:DateOfPreparation>2011-10-26</tms:DateOfPreparation>
+        <tms:TimeOfPreparation>11:23:00.803</tms:TimeOfPreparation>
+        <tms:MessageIdentifier>9e1e74a5-aaae-41d6-8280-c3892246e694</tms:MessageIdentifier>
+    </ie:Header>
+    <ns26:Body xmlns:ns26="urn:publicid:-:EC:DGTAXUD:EMCS:PHASE3:IE815:V1.76">
+        <ns26:SubmittedDraftOfEAD>
+            <ns26:Attributes>
+                <ns26:SubmissionMessageType>1</ns26:SubmissionMessageType>
+                <!-- IMPORTANT: We ONLY set this to 1 to allows us to resend
+                 the same document with DateOfDispatch date in the past -->
+                <ns26:DeferredSubmissionFlag>1</ns26:DeferredSubmissionFlag>
+            </ns26:Attributes>
+            <ns26:ConsigneeTrader language="da">
+                <ns26:Traderid>DK99025875300</ns26:Traderid>
+                <ns26:TraderName>SEED selskab 1 test 2</ns26:TraderName>
+                <ns26:StreetName>Kirkegade</ns26:StreetName>
+                <ns26:StreetNumber>1</ns26:StreetNumber>
+                <ns26:Postcode>6840</ns26:Postcode>
+                <ns26:City>Oksbøl</ns26:City>
+            </ns26:ConsigneeTrader>
+            <ns26:ConsignorTrader language="da">
+                <ns26:TraderExciseNumber>DK82065873300</ns26:TraderExciseNumber>
+                <ns26:TraderName>Test af KS-1, testsitnr. 3.1.3.22</ns26:TraderName>
+                <ns26:StreetName>Borupvej</ns26:StreetName>
+                <ns26:StreetNumber>1</ns26:StreetNumber>
+                <ns26:Postcode>3320</ns26:Postcode>
+                <ns26:City>Skævinge</ns26:City>
+            </ns26:ConsignorTrader>
+            <ns26:PlaceOfDispatchTrader language="da">
+                <ns26:ReferenceOfTaxWarehouse>DK82065873309</ns26:ReferenceOfTaxWarehouse>
+                <ns26:TraderName>Test af KS-1, testsitnr. 3.1.3.22</ns26:TraderName>
+                <ns26:StreetName>Borupvej</ns26:StreetName>
+                <ns26:StreetNumber>9</ns26:StreetNumber>
+                <ns26:Postcode>3320</ns26:Postcode>
+                <ns26:City>Skævinge</ns26:City>
+            </ns26:PlaceOfDispatchTrader>
+            <ns26:DeliveryPlaceTrader language="da">
+                <ns26:Traderid>DK99025875499</ns26:Traderid>
+                <ns26:TraderName>SEED selskab 1 test 2</ns26:TraderName>
+                <ns26:StreetName>Statshavnen</ns26:StreetName>
+                <ns26:StreetNumber>6</ns26:StreetNumber>
+                <ns26:Postcode>3000</ns26:Postcode>
+                <ns26:City>Helsingør</ns26:City>
+            </ns26:DeliveryPlaceTrader>
+            <ns26:CompetentAuthorityDispatchOffice>
+                <ns26:ReferenceNumber>DK008047</ns26:ReferenceNumber>
+            </ns26:CompetentAuthorityDispatchOffice>
+            <ns26:FirstTransporterTrader language="da">
+                <ns26:TraderName>TC10</ns26:TraderName>
+                <ns26:StreetName>Lufthavnsvej</ns26:StreetName>
+                <ns26:StreetNumber>8</ns26:StreetNumber>
+                <ns26:Postcode>2800</ns26:Postcode>
+                <ns26:City>Roskilde</ns26:City>
+            </ns26:FirstTransporterTrader>
+            <ns26:HeaderEad>
+                <ns26:DestinationTypeCode>1</ns26:DestinationTypeCode>
+                <ns26:JourneyTime>H06</ns26:JourneyTime>
+                <ns26:TransportArrangement>1</ns26:TransportArrangement>
+            </ns26:HeaderEad>
+            <ns26:TransportMode>
+                <ns26:TransportModeCode>4</ns26:TransportModeCode>
+            </ns26:TransportMode>
+            <ns26:MovementGuarantee>
+                <ns26:GuarantorTypeCode>1</ns26:GuarantorTypeCode>
+            </ns26:MovementGuarantee>
+            <ns26:BodyEad>
+                <ns26:BodyRecordUniqueReference>1</ns26:BodyRecordUniqueReference>
+                <ns26:ExciseProductCode>W200</ns26:ExciseProductCode>
+                <ns26:CnCode>22042122</ns26:CnCode>
+                <ns26:Quantity>100</ns26:Quantity>
+                <ns26:GrossWeight>100</ns26:GrossWeight>
+                <ns26:NetWeight>99</ns26:NetWeight>
+                <ns26:AlcoholicStrength>12</ns26:AlcoholicStrength>
+                <ns26:FiscalMark language="da">Nix</ns26:FiscalMark>
+                <ns26:FiscalMarkUsedFlag>1</ns26:FiscalMarkUsedFlag>
+                <ns26:DesignationOfOrigin language="da">Tjo</ns26:DesignationOfOrigin>
+                <ns26:SizeOfProducer>4000000</ns26:SizeOfProducer>
+                <ns26:CommercialDescription language="da">Nix</ns26:CommercialDescription>
+                <ns26:BrandNameOfProducts language="da">BB</ns26:BrandNameOfProducts>
+                <ns26:Package>
+                    <ns26:KindOfPackages>BJ</ns26:KindOfPackages>
+                    <ns26:NumberOfPackages>10</ns26:NumberOfPackages>
+                </ns26:Package>
+                <ns26:WineProduct>
+                    <ns26:WineProductCategory>2</ns26:WineProductCategory>
+                    <ns26:WineGrowingZoneCode>1</ns26:WineGrowingZoneCode>
+                    <ns26:OtherInformation language="da">jajaja</ns26:OtherInformation>
+                </ns26:WineProduct>
+            </ns26:BodyEad>
+            <ns26:EadDraft>
+                <ns26:LocalReferenceNumber>1562594</ns26:LocalReferenceNumber>
+                <ns26:InvoiceNumber>INV026594</ns26:InvoiceNumber>
+                <ns26:InvoiceDate>2011-10-18</ns26:InvoiceDate>
+                <ns26:OriginTypeCode>1</ns26:OriginTypeCode>
+                <ns26:DateOfDispatch>2011-10-26</ns26:DateOfDispatch>
+                <ns26:TimeOfDispatch>02:00:00.814</ns26:TimeOfDispatch>
+            </ns26:EadDraft>
+            <ns26:TransportDetails>
+                <ns26:TransportUnitCode>1</ns26:TransportUnitCode>
+                <ns26:IdentityOfTransportUnits>299</ns26:IdentityOfTransportUnits>
+            </ns26:TransportDetails>
+        </ns26:SubmittedDraftOfEAD>
+    </ns26:Body>
+</ie:IE815>