-
Notifications
You must be signed in to change notification settings - Fork 49
Profile BDEW
The BDEW AS4 profile is independent from CEF and Peppol.
Underlying specification can be obtained from the Bundesnetzagentur in Germany.
See https://www.bundesnetzagentur.de/DE/Beschlusskammern/1_GZ/BK6-GZ/2021/BK6-21-282/Mitteilung02/AS4%20Profil.pdf?__blob=publicationFile&v=1 for the official AS4 profile description.
The BDEW profile was kindly contributed by Gregor Scholtysik
Note: the BDEW profile is NOT fully supported out-of-the box by phase4. It just provides all the interfaces that makes it possible to perform a BDEW compliant message exchange. Especially all the code related to the Key Exchange is currently not supported by the underlying WSS4J library, but all the hooks are present to implement it yourself.
According to #105 relevant documents (by BDEW/BSI/Root-CA/BNetzA) are (at least):
- TR-03109-1, Anforderungen an die Interoperabilität der Kommunikationseinheit eines intelligenten Messsystems
- TR-03109-4, Smart Metering PKI – Public Key Infrastructure für Smart Meter Gateways.
- TR-03116-3, Kryptographische Vorgaben für Projekte der Bundesregierung, Teil 3: Intelligente Messsysteme.
- SM-PKI-CP: Certificate Policy der Smart Metering PKI
- KLC-SR: Key Lifecycle Security Requirements
- TR-02102-1, Kryptographische Verfahren: Empfehlungen und Schlüssellängen.
- TR-03116-4, Kryptographische Vorgaben für Projekte der Bundesregierung, Teil 4: Kommunikationsverfahren in Anwendungen.
- Regelungen zum Übertragungsweg für AS4 2.0
- BDEW AS4-Profil: AS4-Nutzungsprofil zum Datenaustausch für regulierte Prozesse in der Energiewirtschaft
- BNetzA BK6-21-282
- BNetzA BK6-18-032
- BNetzA BK7-16-142
This submodule comes with one profile:
- ID
bdew
(since v2.1.0) - "BDEW"
phase4 profile:
<dependency>
<groupId>com.helger.phase4</groupId>
<artifactId>phase4-profile-bdew</artifactId>
<version>x.y.z</version>
</dependency>
phase4 client:
<dependency>
<groupId>com.helger.phase4</groupId>
<artifactId>phase4-bdew-client</artifactId>
<version>x.y.z</version>
</dependency>
- I've seen a live implementation with Java 11
- If you have issues with the TLS certificates, make sure to use the BouncyCastle's TLS implementation
- If you run into issue
fatal(2) handshake_failure(40)
make sure, you set the TLS named groups correctly, e.g. like this:
private static final String JDK_TLS_NAMED_GROUPS = "jdk.tls.namedGroups";
private static final String BRAINPOOL_SECP = "brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp256r1, secp384r1";
System.setProperty(JDK_TLS_NAMED_GROUPS, BRAINPOOL_SECP);
My personal Coding Styleguide | It is appreciated if you star the GitHub project if you like it.