v4.4.2

• (Peppol) Extended Phase4PeppolReceiverConfiguration to support dynamic per-participant SMP resolution via ISMLInfo + ISMPURLProvider as an alternative to a fixed ISMPExtendedServiceMetadataProvider
  • New builder methods smlInfo(ISMLInfo) and smpURLProvider(ISMPURLProvider)
  • New method getOrCreateSMPClientForRecipient(IParticipantIdentifier) to dynamically create an SMP client per recipient
• (Peppol) Extended Phase4PeppolDefaultReceiverConfiguration with static setSMLInfo(ISMLInfo) and setSMPURLProvider(ISMPURLProvider) methods
• (ENTSOG) Added support for ENTSOG AS4 v4.0 profile (EdDSA/X25519 and ECDSA/ECDH-ES). See #296
  • New profile IDs entsog4-eddsa (primary) and entsog4-ecdsa (alternative)
  • New classes ENTSOG4PMode and ENTSOG4CompatibilityValidator for v4.0 specific PMode creation and validation
  • New sender builders Phase4ENTSOGSender.builderEdDSA() and Phase4ENTSOGSender.builderECDSA() for v4.0
  • Updated Phase4ENTSOGHttpClientSettings to prefer TLS 1.3 with fallback to TLS 1.2
  • The existing entsog profile ID and Phase4ENTSOGSender.builder() remain available for v3.6 backward compatibility

Full Changelog: phase4-parent-pom-4.4.1...phase4-parent-pom-4.4.2

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.5
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.5
• ph-oton-io/ph-oton-audit/ph-oton-security 10.2.2
• ph-masterdata/ph-tenancy 8.1.1
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.4.0
• phive 12.0.1 [Peppol only]
• phive-rules-peppol 4.2.5 [Peppol only]
• peppol-reporting-api 4.1.1 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.4.1

• Updated to peppol-commons 12.4.0
• (Peppol) This is the first version that prefers the new OpenPeppol SML URLs over the old EC SML ones for SMP lookups

Full Changelog: phase4-parent-pom-4.4.0...phase4-parent-pom-4.4.1

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.5
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.4
• ph-oton-io/ph-oton-audit/ph-oton-security 10.2.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.4.0
• phive 12.0.1 [Peppol only]
• phive-rules-peppol 4.2.3 [Peppol only]
• peppol-reporting-api 4.1.1 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.4.0

• Added support for the eDelivery AS4 2.0 specification (published December 2024 by the EC)
  • See [[Profile eDelivery2]] for further details
• New submodule phase4-profile-edelivery2 with four profile variants:
  • edelivery2-eddsa and edelivery2-eddsa-two-corner for the Common Usage Profile (EdDSA/X25519)
  • edelivery2-ecdsa and edelivery2-ecdsa-two-corner for the Alternative Elliptic Curve Profile (ECDSA/ECDH-ES)
• New submodule phase4-edelivery2-client with Phase4EDelivery2Sender providing preconfigured builders for both profile variants
• New enum ECryptoKeyAgreementMethod for key agreement methods (ECDH-ES, X25519, X448)
• New enum ECryptoKeyDerivationMethod for key derivation functions (ConcatKDF, HKDF)
• New enum ECryptoKeyWrapAlgorithm for key wrap algorithms (AES-128/192/256, TripleDES)
• Extended AS4CryptParams with key agreement, key derivation, and key wrap fields
  • Added convenience methods setEDelivery2KeyAgreementX25519() and setEDelivery2KeyAgreementECDHES()
• Extended AS4Encryptor to support key agreement-based encryption (X25519/ECDH-ES + HKDF + AES KeyWrap) as an alternative to RSA-OAEP key transport
• Successfully tested against the EC eDelivery2 AS4 Security Validator
• Removed OSGi bundle support from all submodules - packaging changed from bundle to jar. The Automatic-Module-Name manifest entry is preserved for JPMS compatibility.

What's Changed

• eDelivery2 profile by @phax in #366

Full Changelog: phase4-parent-pom-4.3.2...phase4-parent-pom-4.4.0

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.5
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.4
• ph-oton-io/ph-oton-audit/ph-oton-security 10.2.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.3.12
• phive 12.0.1 [Peppol only]
• phive-rules-peppol 4.2.3 [Peppol only]
• peppol-reporting-api 4.1.1 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.3.2

• Updated to ph-commons 12.1.4 improves certificate revocation check caching (independent of check date time)
• (Peppol) Extended the Phase4PeppolSendingReport with fields:
  • c3SmpUrl for the SMP URL as resolved from the DNS
  • c3CertSubjectC for the country code of the AP Certificate Subject determined from the SMP lookup
  • lookupError to summarize error details specific on SMP lookup
  • lookupException to summarize exception on SMP lookup - only occurs in combination with the lookupError
  • lookupDurationMillis to contain the duration of the SMP lookup in milliseconds
  • sendingError to summarize error details specific to AS4 sending
  • sendingDurationMillis to contain the duration of the AS4 sending in milliseconds
• (Peppol) The incoming message processor now correctly uses the configured receiption IIdentifierFactory from Phase4PeppolDefaultReceiverConfiguration

Full Changelog: phase4-parent-pom-4.3.1...phase4-parent-pom-4.3.2

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.4
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.3
• ph-oton-io/ph-oton-audit/ph-oton-security 10.2.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.3.12
• phive 12.0.0 [Peppol only]
• phive-rules-peppol 4.2.1 [Peppol only]
• peppol-reporting-api 4.1.0 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.3.1

• The log lines on incoming messages about the signing and decrypting certificate now also includes the certificate issuer
• The phase4-peppol-server-webapp demo application was updated to have full outbound proxy support by default
• (Peppol) Added an undocumented, temporary configuration property to disable rejecting messages on non-compliance

Full Changelog: phase4-parent-pom-4.3.0...phase4-parent-pom-4.3.1

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.3
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.3
• ph-oton-io/ph-oton-audit/ph-oton-security 10.2.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.3.11
• phive 12.0.0 [Peppol only]
• phive-rules-peppol 4.2.1 [Peppol only]
• peppol-reporting-api 4.1.0 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.3.0

• Extended the SPI method IAS4IncomingMessageProcessorSPI.processAS4ResponseMessage with a parameter AS4ErrorList. Backwards incompatible change
• (Peppol) Extended the SPI method IPhase4PeppolIncomingSBDHandlerSPI.processAS4ResponseMessage with a parameter AS4ErrorList. Backwards incompatible change
• Extended the interface method IAS4RequestHandlerErrorConsumer.onAS4ErrorMessage with an additional IAS4IncomingMessageMetadata parameter. Backwards incompatible change
• (Peppol) Receiving messages are checking for the layout of the PartyInfo/From/PartyId and PartyInfo/To/PartyId constraints

Full Changelog: phase4-parent-pom-4.2.7...phase4-parent-pom-4.3.0

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.2
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.1
• ph-oton-io/ph-oton-audit/ph-oton-security 10.1.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.3.9
• phive 11.1.1 [Peppol only]
• phive-rules-peppol 4.1.7 [Peppol only]
• peppol-reporting-api 4.1.0 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.2.7

• (Peppol) Improved the error handling on invalid originalSender and finalRecipient properties was improved. See #356 - thx @mikkelbm
• (Peppol) Improved the verification of FromPartyId and ToPartyId on the sending side, to follow the Peppol Seat-ID regular expression.

Full Changelog: phase4-parent-pom-4.2.6...phase4-parent-pom-4.2.7

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.2
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.1
• ph-oton-io/ph-oton-audit/ph-oton-security 10.1.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.3.8
• phive 11.1.1 [Peppol only]
• phive-rules-peppol 4.1.7 [Peppol only]
• peppol-reporting-api 4.1.0 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.2.6

• Added new class AS4CertificateOnlySignatureTrustValidator to verify signature verification only happens on certificates and not on public keys
• (Peppol) Introduced new class Phase4PeppolAS4Servlet that uses AS4CertificateOnlySignatureTrustValidator
• Extended IAS4IncomingMessageState with the possibility to store the signing and decrypting certificate reference type
• (Peppol) The default inbound Peppol processor added a check that both signing and decrypting certificates are provided as direct references
• (Peppol) The scheduled time to transmit reports to OpenPeppol can be customized. See #355 - thx @alvarolivie

What's Changed

• Add configurable reporting date to peppol server by @alvarolivie in #355

New Contributors

• @alvarolivie made their first contribution in #355

Full Changelog: phase4-parent-pom-4.2.5...phase4-parent-pom-4.2.6

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.2
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.1
• ph-oton-io/ph-oton-audit/ph-oton-security 10.1.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.3.8
• phive 11.1.1 [Peppol only]
• phive-rules-peppol 4.1.5 [Peppol only]
• peppol-reporting-api 4.1.0 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.2.5

• (Peppol) The verification of Peppol Participant Identifier Values became more strict to be 100% aligned with the Peppol Policy for use of Identifiers 4.4.0
• Added the possibility to set the incoming unique ID in class AS4IncomingMessageMetadata
• Made method AS4RequestHandler.getMessageMetadata() public
• Made the CRL download more resilient (via ph-commons 12.1.2 update)
• The default revocation check was changed from "only CRL" to "CRL before OCSP" (via ph-commons 12.1.2 update)

Full Changelog: phase4-parent-pom-4.2.4...phase4-parent-pom-4.2.5

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.2
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.1
• ph-oton-io/ph-oton-audit/ph-oton-security 10.1.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.3.7
• phive 11.1.1 [Peppol only]
• phive-rules-peppol 4.1.5 [Peppol only]
• peppol-reporting-api 4.1.0 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x

v4.2.4

• (Peppol) Changed the default identifier factory of Phase4PeppolDefaultReceiverConfiguration to PeppolIdentifierFactory
• (Peppol) Fixed the consistency check between AS4 originalSender and finalRecipient for case insensitivity
• (Peppol) Deprecated the possibility to disable the check that country C1 element is optional - the feature is required long time

Full Changelog: phase4-parent-pom-4.2.3...phase4-parent-pom-4.2.4

Dependencies required:

• ph-bc/ph-collection/ph-commons/ph-dao/ph-datetime/ph-jaxb/ph-json/ph-scopes/ph-security/ph-settings/ph-xml 12.1.1
• ph-xsds-xmldsig 4.1.0
• ph-http/ph-httpclient/ph-mail/ph-network/ph-servlet/ph-useragent/ph-web 11.2.1
• ph-oton-io/ph-oton-audit/ph-oton-security 10.1.2
• ph-masterdata/ph-tenancy 8.1.0
• peppol-commons/peppol-id/peppol-sbdh/peppol-smp-client 12.3.6
• phive 11.1.1 [Peppol only]
• phive-rules-peppol 4.1.3 [Peppol only]
• peppol-reporting-api 4.1.0 [Peppol only]
• ph-xhe 5.1.0 [DBNAlliance only]
• angus-activation 2.0.3
• angus-mail 2.0.5
• httpclient 5.6
• BouncyCastle 1.83
• WSS4J 4.0.1
• XMLSec 4.0.4
• Servlet API 6.0.x
• JAXB 4.0.x
• SLF4J 2.0.x