diff --git a/phase4-dynamic-discovery/src/main/java/com/helger/phase4/dynamicdiscovery/AS4EndpointDetailProviderPeppol.java b/phase4-dynamic-discovery/src/main/java/com/helger/phase4/dynamicdiscovery/AS4EndpointDetailProviderPeppol.java
index 87c99ed3e..1d7d8dd9c 100644
--- a/phase4-dynamic-discovery/src/main/java/com/helger/phase4/dynamicdiscovery/AS4EndpointDetailProviderPeppol.java
+++ b/phase4-dynamic-discovery/src/main/java/com/helger/phase4/dynamicdiscovery/AS4EndpointDetailProviderPeppol.java
@@ -45,6 +45,7 @@
import com.helger.smpclient.peppol.ISMPServiceMetadataProvider;
import com.helger.smpclient.peppol.PeppolWildcardSelector;
import com.helger.smpclient.peppol.PeppolWildcardSelector.EMode;
+import com.helger.smpclient.peppol.Pfuoi420;
import com.helger.smpclient.peppol.SMPClientReadOnly;
import com.helger.xsds.peppol.smp1.EndpointType;
import com.helger.xsds.peppol.smp1.ServiceGroupType;
@@ -175,6 +176,7 @@ public final EndpointType getEndpoint ()
@Nullable
@OverrideOnDemand
+ @Pfuoi420
protected SignedServiceMetadataType resolvedBusdoxServiceMetadata (@Nonnull final IParticipantIdentifier aReceiverID,
@Nonnull final IDocumentTypeIdentifier aDocTypeID) throws SMPClientException
{
@@ -183,9 +185,9 @@ protected SignedServiceMetadataType resolvedBusdoxServiceMetadata (@Nonnull fina
return m_aServiceMetadataProvider.getServiceMetadata (aReceiverID, aDocTypeID);
}
- @SuppressWarnings ("removal")
@Nullable
@OverrideOnDemand
+ @Pfuoi420
protected SignedServiceMetadataType resolvedWildcardServiceMetadata (@Nonnull final IParticipantIdentifier aReceiverID,
@Nonnull final IDocumentTypeIdentifier aDocTypeID) throws SMPClientException
{
diff --git a/phase4-peppol-client/src/main/java/com/helger/phase4/peppol/Phase4PeppolSender.java b/phase4-peppol-client/src/main/java/com/helger/phase4/peppol/Phase4PeppolSender.java
index f85e7e950..8436ffb28 100644
--- a/phase4-peppol-client/src/main/java/com/helger/phase4/peppol/Phase4PeppolSender.java
+++ b/phase4-peppol-client/src/main/java/com/helger/phase4/peppol/Phase4PeppolSender.java
@@ -57,9 +57,9 @@
import com.helger.peppol.sbdh.spec12.BinaryContentType;
import com.helger.peppol.sbdh.spec12.TextContentType;
import com.helger.peppol.sbdh.write.PeppolSBDHDocumentWriter;
-import com.helger.peppol.utils.CertificateRevocationChecker;
import com.helger.peppol.utils.EPeppolCertificateCheckResult;
import com.helger.peppol.utils.ERevocationCheckMode;
+import com.helger.peppol.utils.PeppolCAChecker;
import com.helger.peppol.utils.PeppolCertificateChecker;
import com.helger.peppol.utils.PeppolCertificateHelper;
import com.helger.peppolid.IDocumentTypeIdentifier;
@@ -274,6 +274,9 @@ private static void _validatePayload (@Nonnull final Element aPayloadElement,
/**
* Check if the provided certificate is a valid Peppol AP certificate.
*
+ * @param aCAChecker
+ * The Peppol CA checker to be used to verify the Peppol AP
+ * certificate. May not be null.
* @param aReceiverCert
* The determined receiver AP certificate to check. Never
* null.
@@ -292,7 +295,8 @@ private static void _validatePayload (@Nonnull final Element aPayloadElement,
* @throws Phase4PeppolException
* in case of error
*/
- private static void _checkReceiverAPCert (@Nullable final X509Certificate aReceiverCert,
+ private static void _checkReceiverAPCert (@Nonnull final PeppolCAChecker aCAChecker,
+ @Nullable final X509Certificate aReceiverCert,
@Nullable final IPhase4PeppolCertificateCheckResultHandler aCertificateConsumer,
@Nonnull final ETriState eCacheOSCResult,
@Nullable final ERevocationCheckMode eCheckMode) throws Phase4PeppolException
@@ -301,10 +305,10 @@ private static void _checkReceiverAPCert (@Nullable final X509Certificate aRecei
LOGGER.debug ("Using the following receiver AP certificate from the SMP: " + aReceiverCert);
final OffsetDateTime aNow = MetaAS4Manager.getTimestampMgr ().getCurrentDateTime ();
- final EPeppolCertificateCheckResult eCertCheckResult = PeppolCertificateChecker.checkPeppolAPCertificate (aReceiverCert,
- aNow,
- eCacheOSCResult,
- eCheckMode);
+ final EPeppolCertificateCheckResult eCertCheckResult = aCAChecker.checkCertificate (aReceiverCert,
+ aNow,
+ eCacheOSCResult,
+ eCheckMode);
// Interested in the certificate?
if (aCertificateConsumer != null)
@@ -377,10 +381,12 @@ public abstract static class AbstractPeppolUserMessageBuilder m_aAPEndpointURLConsumer;
private boolean m_bCheckReceiverAPCertificate;
+ protected PeppolCAChecker m_aCAChecker;
// Status var
private OffsetDateTime m_aEffectiveSendingDT;
@@ -405,7 +411,10 @@ public AbstractPeppolUserMessageBuilder ()
toRole (CAS4.DEFAULT_RESPONDER_URL);
payloadMimeType (CMimeType.APPLICATION_XML);
compressPayload (DEFAULT_COMPRESS_PAYLOAD);
+
checkReceiverAPCertificate (DEFAULT_CHECK_RECEIVER_AP_CERTIFICATE);
+ // This value is set for backwards compatibility reasons
+ peppolAP_CAChecker (PeppolCertificateChecker.peppolAllAP ());
}
catch (final Exception ex)
{
@@ -748,6 +757,28 @@ public final IMPLTYPE checkReceiverAPCertificate (final boolean bCheckReceiverAP
return thisAsT ();
}
+ /**
+ * Set a custom Peppol AP certificate CA checker. This is e.g. needed when a
+ * non-standard AP certificate (as for Peppol France PoC or Peppol eB2B) is
+ * needed. This CA checker checks the certificate provided by the endpoint
+ * detail provider (see below). This checker is only used, if
+ * {@link #checkReceiverAPCertificate(boolean)} was called with
+ * true.
+ *
+ * @param aCAChecker
+ * The Certificate CA checker to be used. May not be
+ * null.
+ * @return this for chaining
+ * @since 3.0.0-rc1
+ */
+ @Nonnull
+ public final IMPLTYPE peppolAP_CAChecker (@Nonnull final PeppolCAChecker aCAChecker)
+ {
+ ValueEnforcer.notNull (aCAChecker, "CAChecker");
+ m_aCAChecker = aCAChecker;
+ return thisAsT ();
+ }
+
/**
* The effective sending date time of the message. That is set only if
* message sending takes place.
@@ -805,9 +836,9 @@ protected ESuccess finishFields () throws Phase4Exception
final X509Certificate aReceiverCert = m_aEndpointDetailProvider.getReceiverAPCertificate ();
if (m_bCheckReceiverAPCertificate)
{
- // CHeck if the received certificate is a valid Peppol AP certificate
+ // Check if the received certificate is a valid Peppol AP certificate
// Throws Phase4PeppolException in case of error
- _checkReceiverAPCert (aReceiverCert, m_aCertificateConsumer, ETriState.UNDEFINED, null);
+ _checkReceiverAPCert (m_aCAChecker, aReceiverCert, m_aCertificateConsumer, ETriState.UNDEFINED, null);
}
else
{
diff --git a/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolDefaultReceiverConfiguration.java b/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolDefaultReceiverConfiguration.java
index 7cd6d2a45..2cb732fe0 100644
--- a/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolDefaultReceiverConfiguration.java
+++ b/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolDefaultReceiverConfiguration.java
@@ -26,7 +26,6 @@
import org.slf4j.LoggerFactory;
import com.helger.commons.ValueEnforcer;
-import com.helger.commons.annotation.DevelopersNote;
import com.helger.commons.string.StringHelper;
import com.helger.peppol.sbdh.read.PeppolSBDHDocumentReader;
import com.helger.phase4.CAS4;
@@ -34,6 +33,7 @@
import com.helger.smpclient.peppol.ISMPExtendedServiceMetadataProvider;
import com.helger.smpclient.peppol.PeppolWildcardSelector;
import com.helger.smpclient.peppol.PeppolWildcardSelector.EMode;
+import com.helger.smpclient.peppol.Pfuoi420;
/**
* This class contains the references values against which incoming values are
@@ -51,8 +51,7 @@
public final class Phase4PeppolDefaultReceiverConfiguration
{
public static final boolean DEFAULT_RECEIVER_CHECK_ENABLED = true;
- @Deprecated (forRemoval = true, since = "3.0.0")
- @DevelopersNote ("This was valid for Policy for use of Identifiers 4.2.0. This is no longer valid with PFUOI 4.3.0 from May 15th 2025")
+ @Pfuoi420
public static final EMode DEFAULT_WILDCARD_SELECTION_MODE = EMode.WILDCARD_ONLY;
public static final boolean DEFAULT_CHECK_SIGNING_CERTIFICATE_REVOCATION = true;
@@ -60,8 +59,7 @@ public final class Phase4PeppolDefaultReceiverConfiguration
private static boolean s_bReceiverCheckEnabled = DEFAULT_RECEIVER_CHECK_ENABLED;
private static ISMPExtendedServiceMetadataProvider s_aSMPClient;
- @Deprecated (forRemoval = true, since = "3.0.0")
- @DevelopersNote ("This was valid for Policy for use of Identifiers 4.2.0. This is no longer valid with PFUOI 4.3.0 from May 15th 2025")
+ @Pfuoi420
private static PeppolWildcardSelector.EMode s_eWildcardSelectionMode = DEFAULT_WILDCARD_SELECTION_MODE;
private static String s_sAS4EndpointURL;
private static X509Certificate s_aAPCertificate;
@@ -132,8 +130,7 @@ public static void setSMPClient (@Nullable final ISMPExtendedServiceMetadataProv
* @since 2.7.3
*/
@Nonnull
- @Deprecated (forRemoval = true, since = "3.0.0")
- @DevelopersNote ("This was valid for Policy for use of Identifiers 4.2.0. This is no longer valid with PFUOI 4.3.0 from May 15th 2025")
+ @Pfuoi420
public static PeppolWildcardSelector.EMode getWildcardSelectionMode ()
{
return s_eWildcardSelectionMode;
@@ -148,8 +145,7 @@ public static PeppolWildcardSelector.EMode getWildcardSelectionMode ()
* null.
* @since 2.7.3
*/
- @Deprecated (forRemoval = true, since = "3.0.0")
- @DevelopersNote ("This was valid for Policy for use of Identifiers 4.2.0. This is no longer valid with PFUOI 4.3.0 from May 15th 2025")
+ @Pfuoi420
public static void setWildcardSelectionMode (@Nonnull final PeppolWildcardSelector.EMode eWildcardSelectionMode)
{
ValueEnforcer.notNull (eWildcardSelectionMode, "WildcardSlectionMode");
@@ -299,7 +295,6 @@ public static void setCheckSigningCertificateRevocation (final boolean b)
* @return Completely filled builder. Never null.
* @since 3.0.0 Beta7
*/
- @SuppressWarnings ("removal")
@Nonnull
public static Phase4PeppolReceiverConfigurationBuilder getAsReceiverCheckDataBuilder ()
{
diff --git a/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolReceiverConfiguration.java b/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolReceiverConfiguration.java
index da73cde06..e07b4904f 100644
--- a/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolReceiverConfiguration.java
+++ b/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolReceiverConfiguration.java
@@ -23,12 +23,12 @@
import javax.annotation.concurrent.Immutable;
import com.helger.commons.ValueEnforcer;
-import com.helger.commons.annotation.DevelopersNote;
import com.helger.commons.builder.IBuilder;
import com.helger.commons.string.StringHelper;
import com.helger.commons.string.ToStringGenerator;
import com.helger.smpclient.peppol.ISMPExtendedServiceMetadataProvider;
import com.helger.smpclient.peppol.PeppolWildcardSelector;
+import com.helger.smpclient.peppol.Pfuoi420;
/**
* This class contains the "per-request" data of
@@ -43,8 +43,7 @@ public final class Phase4PeppolReceiverConfiguration
{
private final boolean m_bReceiverCheckEnabled;
private final ISMPExtendedServiceMetadataProvider m_aSMPClient;
- @Deprecated (forRemoval = true, since = "3.0.0")
- @DevelopersNote ("This was valid for Policy for use of Identifiers 4.2.0. This is no longer valid with PFUOI 4.3.0 from May 15th 2025")
+ @Pfuoi420
private final PeppolWildcardSelector.EMode m_eWildcardSelectionMode;
private final String m_sAS4EndpointURL;
private final X509Certificate m_aAPCertificate;
@@ -80,7 +79,6 @@ public final class Phase4PeppolReceiverConfiguration
* performed.
* @since 2.8.1
*/
- @SuppressWarnings ("deprecation")
public Phase4PeppolReceiverConfiguration (final boolean bReceiverCheckEnabled,
@Nullable final ISMPExtendedServiceMetadataProvider aSMPClient,
@Nonnull final PeppolWildcardSelector.EMode eWildcardSelectionMode,
@@ -130,8 +128,7 @@ public ISMPExtendedServiceMetadataProvider getSMPClient ()
* @since 2.7.3
*/
@Nonnull
- @Deprecated (forRemoval = true, since = "3.0.0")
- @DevelopersNote ("This was valid for Policy for use of Identifiers 4.2.0. This is no longer valid with PFUOI 4.3.0 from May 15th 2025")
+ @Pfuoi420
public PeppolWildcardSelector.EMode getWildcardSelectionMode ()
{
return m_eWildcardSelectionMode;
@@ -225,8 +222,7 @@ public static class Phase4PeppolReceiverConfigurationBuilder implements IBuilder
{
private boolean m_bReceiverCheckEnabled;
private ISMPExtendedServiceMetadataProvider m_aSMPClient;
- @Deprecated (forRemoval = true, since = "3.0.0")
- @DevelopersNote ("This was valid for Policy for use of Identifiers 4.2.0. This is no longer valid with PFUOI 4.3.0 from May 15th 2025")
+ @Pfuoi420
private PeppolWildcardSelector.EMode m_eWildcardSelectionMode;
private String m_sAS4EndpointURL;
private X509Certificate m_aAPCertificate;
@@ -264,8 +260,7 @@ public Phase4PeppolReceiverConfigurationBuilder serviceMetadataProvider (@Nullab
}
@Nonnull
- @Deprecated (forRemoval = true, since = "3.0.0")
- @DevelopersNote ("This was valid for Policy for use of Identifiers 4.2.0. This is no longer valid with PFUOI 4.3.0 from May 15th 2025")
+ @Pfuoi420
public Phase4PeppolReceiverConfigurationBuilder wildcardSelectionMode (@Nullable final PeppolWildcardSelector.EMode e)
{
m_eWildcardSelectionMode = e;
diff --git a/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolServletMessageProcessorSPI.java b/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolServletMessageProcessorSPI.java
index 2c16f7a0c..a0273b0f1 100644
--- a/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolServletMessageProcessorSPI.java
+++ b/phase4-peppol-servlet/src/main/java/com/helger/phase4/peppol/servlet/Phase4PeppolServletMessageProcessorSPI.java
@@ -88,6 +88,7 @@
import com.helger.security.certificate.CertificateHelper;
import com.helger.smpclient.peppol.ISMPExtendedServiceMetadataProvider;
import com.helger.smpclient.peppol.PeppolWildcardSelector;
+import com.helger.smpclient.peppol.Pfuoi420;
import com.helger.smpclient.peppol.SMPClientReadOnly;
import com.helger.xml.serialize.write.XMLWriter;
import com.helger.xsds.peppol.smp1.EndpointType;
@@ -269,7 +270,6 @@ public final Phase4PeppolServletMessageProcessorSPI setReceiverCheckData (@Nulla
return this;
}
- @SuppressWarnings ({ "deprecation", "removal" })
@Nullable
private EndpointType _getReceiverEndpoint (@Nonnull final String sLogPrefix,
@Nonnull final ISMPExtendedServiceMetadataProvider aSMPClient,
@@ -305,6 +305,7 @@ private EndpointType _getReceiverEndpoint (@Nonnull final String sLogPrefix,
if (bWildcard)
{
// Wildcard lookup
+ @Pfuoi420
final SignedServiceMetadataType aSSM = aSMPClient.getWildcardServiceMetadataOrNull (aRecipientID,
aDocTypeID,
eWildcardSelectionMode);
diff --git a/phase4-profile-peppol/src/main/java/com/helger/phase4/profile/peppol/PeppolCRLDownloader.java b/phase4-profile-peppol/src/main/java/com/helger/phase4/profile/peppol/PeppolCRLDownloader.java
index 3bc41ac1d..4a0f81799 100644
--- a/phase4-profile-peppol/src/main/java/com/helger/phase4/profile/peppol/PeppolCRLDownloader.java
+++ b/phase4-profile-peppol/src/main/java/com/helger/phase4/profile/peppol/PeppolCRLDownloader.java
@@ -26,7 +26,7 @@
import com.helger.httpclient.HttpClientSettings;
import com.helger.peppol.utils.CRLCache;
import com.helger.peppol.utils.CRLDownloader;
-import com.helger.peppol.utils.CertificateRevocationChecker;
+import com.helger.peppol.utils.CertificateRevocationCheckerDefaults;
/**
* The Peppol specific CRL downloader using the {@link HttpClientUrlDownloader}
@@ -82,7 +82,7 @@ public static void setAsDefaultCRLCache (@Nonnull final HttpClientSettings aHCS)
ValueEnforcer.notNull (aHCS, "HttpClientSettings");
LOGGER.info ("Installing the PeppolCRLDownloader as the default CRL cache using HttpClientSettings " + aHCS);
- CertificateRevocationChecker.setDefaultCRLCache (new CRLCache (new PeppolCRLDownloader (aHCS),
- CRLCache.DEFAULT_CACHING_DURATION));
+ CertificateRevocationCheckerDefaults.setDefaultCRLCache (new CRLCache (new PeppolCRLDownloader (aHCS),
+ CRLCache.DEFAULT_CACHING_DURATION));
}
}
diff --git a/pom.xml b/pom.xml
index 984c1463a..294efbef3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,7 +77,7 @@
1.79
2.24.1
3.0.0
- 9.6.0-SNAPSHOT
+ 9.6.0
3.0.2
11.1.10
9.0.3