Skip to content

Releases: phax/phase4

phase4 3.0.2

21 Jan 22:51
Compare
Choose a tag to compare
  • Updated to BouncyCastle 1.80
  • Updated to Apache HttpClient 5.4
  • The default value for the configuration property phase4.errormsg.include.stacktraces was changed to false for security reasons
  • Enumeration EEbmsErrorSeverity now implements IHasID<String>
  • Deprecated ICryptoSessionKeyProvider.INSTANCE_RANDOM_AES_128_GCM and INSTANCE_RANDOM_AES_256_GCM in favour of the versions without GCM - see#294 - thx @beth-soptim

What's Changed

  • Fix: Removed "duplicated" ICryptoSessionKeyProvider instances for AES keys by @beth-soptim in #294

Full Changelog: phase4-parent-pom-3.0.1...phase4-parent-pom-3.0.2

phase4 3.0.1

05 Dec 23:50
Compare
Choose a tag to compare
  • Updated to ph-commons 11.1.11
  • Configuration properties can now use default values. See #291 - thx @piotr-dajlido
  • Added getter and setter for IAS4SignalMessageValidationResultHandler to AbstractAS4PullRequestBuilder and AbstractAS4UserMessageBuilder. See #220 - thx @problemzebra2
  • Added a check on message reception that the encryption and signature algorithms from the PMode are actually used
  • Added new default ICryptoSessionKeyProvider instances for AES-128-GCM and AES-256-GCM. See #289 - thx @piotr-dajlido
  • Added class Phase4RuntimeException
  • Return values of AS4KeyStoreDescriptor.createFromConfig may now be nullable
  • The constructors of class AS4CryptoFactoryConfiguration now throw a Phase4RuntimeException if there is a keystore misconfiguration
  • [Peppol] Added possibility to customize the Identifier Factory to be used for SBDH parsing via Phase4PeppolDefaultReceiverConfiguration.setSBDHIdentifierFactory and Phase4PeppolReceiverConfigurationBuilder.sbdhIdentifierFactory. The default is SimpleIdentifierFactory for backwards compatibility.
  • [BDEW] Added possibility to define BDEWApplicationReference. see #292 - thx @beth-soptim

What's Changed

Full Changelog: phase4-parent-pom-3.0.0...phase4-parent-pom-3.0.1

phase4 2.9.0

28 Nov 10:29
Compare
Choose a tag to compare
  • Updated to BouncyCastle 1.79.0
  • Updated to WSS4J 3.0.4
  • Updated to xmlsec 3.0.5
  • Updated to ph-commons 11.1.10
  • [Peppol] Updated to peppol-commons 9.6.0
  • Removed the special change V3 annotation, as V3 is out now
  • Added new methods IAS4IncomingMessageState.getCryptoFactorySign() and getCryptoFactoryCrypt()

Full Changelog: phase4-parent-pom-2.8.6...phase4-parent-pom-2.9.0

phase4 3.0.0

17 Nov 22:18
Compare
Choose a tag to compare

This is the list of the collective changes for the 3.0.0 releases as already shown in the pre-releases. The changes are grouped by activities.

  • Updates
    • Updated to WSS4J 3.0.4
    • Updated to xmlsec 3.0.5
    • Updated to BouncyCastle 1.79.0
    • Updated to ph-commons 11.1.10
    • Updated to peppol-commons 9.6.0
  • Removals
    • Removed all deprecated methods marked for removal
    • Removed the phase4-spring-boot-demo submodule in favour of https://github.com/phax/phase4-peppol-standalone
    • [BPC] Removed the profile phase4-profile-bpc submodule in favour of phase4-profile-dbnalliance
  • Backward incompatible changes
    • Moved classes to different packages without changing the internal working. See Migrations for all details
    • The configuration files private-crypto.properties and crypto.properties are also deprecated. Please move the properties to application.properties, environment variables or Java system properties instead.
    • Implementations of IAS4CryptoFactory now need to implement ´getKeyPasswordPerAliasCharArrayinstead ofgetKeyPasswordPerAlias`
    • Created new class AS4CryptoFactoryConfiguration to replace AS4CryptoFactoryProperties as the default AS4 crypt factory. See [[Migrations]] for all details
    • Deprecated classes AS4CryptoFactoryProperties and AS4CryptoProperties in favour of AS4CryptoFactoryConfiguration
    • Support for a default AS4 profile inside the AS4 Profile Manager was removed in the favour of the configuration property phase4.default.profile (previously called phase4.profile)
    • The "as4ProfileID" field is now mandatory when using the AS4 sender builder. Defaults are provided.
    • [EuCtp] Renamed class EuCtpPullRequestBuilder to AbstractEuCtpPullRequestBuilder and made abstract. Use Phase4EuCtpSender.builderPullRequest () instead
    • [EuCtp] Renamed method Phase4EuCtpSender.builder to builderUserMessage
    • The AS4 Timestamp manager is now limiting the precision to milliseconds to ensure safe XML serializability.
  • Improvements
    • Included received HTTP headers in IAS4IncomingMessageMetadata JSON representation
    • Added new class AS4KeyStoreDescriptor to describe the parameters of a key store
    • Added new class AS4TrustStoreDescriptor to describe the parameters of a trust store
    • [Peppol] Added new class Phase4PeppolReceiverConfigurationBuilder to build Phase4PeppolReceiverConfiguration objects
    • [Peppol] Made the AP certificate checker in the Peppol sender builder customizable
    • Added new methods IAS4IncomingMessageState.getCryptoFactorySign() and getCryptoFactoryCrypt()
    • Added new method IAS4IncomingMessageState.getEffectiveDecryptedSoapDocument
    • Added verification of AS4 Receipt XMLDSig "Reference" objects against the ones sent out in the User Message. See #220 - thx @problemzebra2
    • Added new interface IAS4SignalMessageValidationResultHandler to customize the result handling of DSig reference verification
    • The internal configuration object now needs to implement IConfigWithFallback instead of just IConfig
    • The internal AS4 configuration is now based on the IConfigWithFallback interface
    • The AS4 sender builder no longer overwrites the PMode Resolver if an AS4 profile is set, but makes sure a PMode resolver is present
    • The AS4DefaultPModeResolver no longer creates a default PMode if no AS4 profile is present
    • Class AbstractAS4PullRequestBuilder can now also handle a specific PMode ID
    • Added class AS4IncomingProfileSelectorConstant
    • Improved default handling of inbound AS4 Profile selection to automatically use the sending Profile
    • Added new EdDSA algorithms to ECryptoAlgorithmSign
    • Added new key encrypt algorithms in ECryptoKeyEncryptionAlgorithm
    • Added possibility to dynamically set responder address. See #233 - thx @koes-soptim
    • Added new classes IAS4IncomingReceiverConfiguration and AS4IncomingReceiverConfiguration for receiver checks
    • [Peppol] Added a "/peppol-status" status endpoint to the demo application. See #215 - thx @RichardVanMaaren
    • Added getters for nearly all sender builder properties
    • If an AS4 Receipt does not contain non-repudiation information, it now contains the original user message wrapped, to stay XSD compliant
    • The class AS4ClientReceipt can now also take an outside RefToMessageId. See #267 - thx @sywong2000
    • Added new class Ebms3UserMessageMarshaller to solely serialize the UserMessage object

It is recommended to run phase4 with Java 21 or later for best performance.

What's Changed

  • Sywong2000 patch fix missing ref to message id non repudiation receipt by @sywong2000 in #267
  • Fixes for EuCtp profile and Receipt testing by @jonrios in #275

Full Changelog: phase4-parent-pom-2.8.6...phase4-parent-pom-3.0.0

phase4 3.0.0 Release Candidate 1

11 Nov 06:19
Compare
Choose a tag to compare
Pre-release
  • Updated to xmlsec 3.0.5
  • Updated to ph-commons 11.1.10
  • Updated to peppol-commons 9.6.0
  • Removed the phase4-spring-boot-demo submodule in favour of https://github.com/phax/phase4-peppol-standalone
  • Added new class Phase4PeppolReceiverConfigurationBuilder to build Phase4PeppolReceiverConfiguration objects
  • Removed the overload Phase4PeppolDefaultReceiverConfiguration.getAsReceiverCheckData(X509Certificate) created in beta6 in favour of the builder
  • Removed the interfaces IAS4TrustStoreDescriptor and IAS4KeyStoreDescriptor (added in beta2) in favour of ITrustStoreDescriptor and IKeyStoreAndKeyDescriptor from ph-commons
  • The classes AS4KeyStoreDescriptor and AS4TrustStoreDescriptor (added in beta2) are only shells to provide phase4 specific setup
  • Made the AP certificate checker in the Peppol sender builder customizable

Full Changelog: phase4-parent-pom-3.0.0-beta6...phase4-parent-pom-3.0.0-rc1

phase4 3.0.0 Beta 6

05 Nov 11:49
Compare
Choose a tag to compare
phase4 3.0.0 Beta 6 Pre-release
Pre-release
  • Added new overload of Phase4PeppolDefaultReceiverConfiguration.getAsReceiverCheckData(X509Certificate)
  • Added new methods IAS4IncomingMessageState.getCryptoFactorySign() and getCryptoFactoryCrypt()

Full Changelog: phase4-parent-pom-3.0.0-beta5...phase4-parent-pom-3.0.0-beta6

phase4 3.0.0 Beta5

04 Nov 13:59
Compare
Choose a tag to compare
phase4 3.0.0 Beta5 Pre-release
Pre-release
  • Redeployment of beta4 because of a wrong tag in pom.xml

Full Changelog: phase4-parent-pom-3.0.0-beta2...phase4-parent-pom-3.0.0-beta5

Dependencies required:

phase4 3.0.0 Beta4

31 Oct 10:40
Compare
Choose a tag to compare
phase4 3.0.0 Beta4 Pre-release
Pre-release
  • Redeployment of beta3 because of issues with the transfer to Maven Central

Full Changelog: phase4-parent-pom-3.0.0-beta2...phase4-parent-pom-3.0.0-beta4

Dependencies required:

phase4 3.0.0 Beta3

30 Oct 19:07
Compare
Choose a tag to compare
phase4 3.0.0 Beta3 Pre-release
Pre-release
  • Updated to BouncyCastle 1.79.0
  • Fixed an exception when using AS4Configuration and the default configuration properties were missing.

Full Changelog: phase4-parent-pom-3.0.0-beta2...phase4-parent-pom-3.0.0-beta3

Dependencies required:

phase4 3.0.0 Beta2

25 Oct 09:23
Compare
Choose a tag to compare
phase4 3.0.0 Beta2 Pre-release
Pre-release
  • Moved classes to different packages without changing the internals. See [[Migrations]] for details
  • The configuration files private-crypto.properties and crypto.properties are also deprecated. Please move the properties to application.properties, environment variables or Java system properties instead.
  • Added verification of AS4 Receipt XMLDSig "Reference" objects against the ones sent out in the User Message. See #220 - thx @problemzebra2
  • Added new interface IAS4SignalMessageValidationResultHandler to customize the result handling of DSig reference verification
  • The internal configuration object now needs to implement IConfigWithFallback instead of just IConfig
  • Implementations of IAS4CryptoFactory now need to implement ´getKeyPasswordPerAliasCharArrayinstead ofgetKeyPasswordPerAlias`
  • Created new class AS4CryptoFactoryConfiguration to replace AS4CryptoFactoryProperties as the default AS4 crypt factory
  • Deprecated classes AS4CryptoFactoryProperties and AS4CryptoProperties in favour of AS4CryptoFactoryConfiguration
  • Added new class AS4KeyStoreDescriptor to describe the parameters of a key store
  • Added new class AS4TrustStoreDescriptor to describe the parameters of a trust store
  • The internal AS4 configuration is now based on the IConfigWithFallback interface
  • Support for a default AS4 profile inside the AS4 Profile Manager was removed in the favour of the configuration property phase4.default.profile (previously called phase4.profile)
  • The "as4ProfileID" field is now mandatory when using the AS4 sender builder
  • The AS4 sender builder no longer overwrites the PMode Resolver if an AS4 profile is set, but makes sure a PMode resolver is present
  • The AS4DefaultPModeResolver no longer creates a default PMode if no AS4 profile is present
  • Class AbstractAS4PullRequestBuilder can now also handle a specific PMode ID
  • Added class AS4IncomingProfileSelectorConstant
  • Improved default handling of inbound AS4 Profile selection to automatically use the sending Profile
  • Added new EdDSA algorithms to ECryptoAlgorithmSign
  • Added new key encrypt algorithms in ECryptoKeyEncryptionAlgorithm

What's Changed

  • Fixes for EuCtp profile and Receipt testing by @jonrios in #275

Full Changelog: phase4-parent-pom-3.0.0-beta1...phase4-parent-pom-3.0.0-beta2

Dependencies required: