diff --git a/README.md b/README.md
index 29919666..ba465f0e 100644
--- a/README.md
+++ b/README.md
@@ -303,9 +303,12 @@ They depend on several other libraries so I suggest you are going for the Maven
# News and noteworthy
* v9.6.0 - work in progress
+ * Requiring ph-commons 11.1.10
* Deprecated methods `SMPClientReadOnly.getCompleteServiceGroup(OrNull)` and `getServiceGroupReferenceList(OrNull)` because the underlying APIs are non-standard
* Extracted methods from `ISMPServiceMetadataProvider` into `ISMPExtendedServiceMetadataProvider`
* Updated the DBNAlliance Pilot domain name
+ * Moved method `PeppolCertificateHelper.getAllTrustedCertificates` to class `PeppolKeyStoreHelper`
+ * Added new methods to support Peppol Policy for use of Identifiers 4.3.0 and deprecated the old ones
* v9.5.1 - 2024-08-11
* Make sure that wildcard lookups including a "*" in the Customization ID will always fail
* Added additional `SMPClientReadOnly.getWildcardServiceMetadataOrNull` overload
diff --git a/peppol-commons/src/main/java/com/helger/peppol/servicedomain/EPeppolServiceDomain.java b/peppol-commons/src/main/java/com/helger/peppol/servicedomain/EPeppolServiceDomain.java
new file mode 100644
index 00000000..02a5739f
--- /dev/null
+++ b/peppol-commons/src/main/java/com/helger/peppol/servicedomain/EPeppolServiceDomain.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2015-2024 Philip Helger
+ * philip[at]helger[dot]com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.helger.peppol.servicedomain;
+
+/**
+ * This enum lists all the Peppol Service Domains
+ *
+ * @author Philip Helger
+ */
+public enum EPeppolServiceDomain
+{
+ /**
+ * Managed by PoAC
+ */
+ POST_AWARD (),
+ /**
+ * Enhanced B2B for Peppol-GENA bridge
+ */
+ ENHANCED_B2B;
+}
diff --git a/peppol-commons/src/main/java/com/helger/peppol/utils/AbstractRevocationCheckBuilder.java b/peppol-commons/src/main/java/com/helger/peppol/utils/AbstractRevocationCheckBuilder.java
index 03194343..6f205290 100644
--- a/peppol-commons/src/main/java/com/helger/peppol/utils/AbstractRevocationCheckBuilder.java
+++ b/peppol-commons/src/main/java/com/helger/peppol/utils/AbstractRevocationCheckBuilder.java
@@ -157,7 +157,7 @@ public final IMPLTYPE validCAs (@Nullable final Iterable null set of all trusted certificates. Never
+ * null.
+ * @deprecated Use the method in {@link PeppolKeyStoreHelper} instead
+ */
@Nonnull
@ReturnsMutableCopy
+ @Deprecated (forRemoval = true, since = "9.6.0")
public static ICommonsSet getAllTrustedCertificates (@Nullable final KeyStore aTrustStore)
{
- final ICommonsSet aCerts = new CommonsHashSet <> ();
- if (aTrustStore != null)
- {
- try
- {
- final Enumeration aAliases = aTrustStore.aliases ();
- while (aAliases.hasMoreElements ())
- {
- final String alias = aAliases.nextElement ();
- if (aTrustStore.isCertificateEntry (alias))
- {
- final Certificate cert = aTrustStore.getCertificate (alias);
- if (cert instanceof X509Certificate)
- aCerts.add ((X509Certificate) cert);
- }
- }
- }
- catch (final KeyStoreException ex)
- {
- LOGGER.warn ("Failed to extract certificates from trust store", ex);
- }
- }
- return aCerts;
+ return PeppolKeyStoreHelper.getAllTrustedCertificates (aTrustStore);
}
}
diff --git a/peppol-commons/src/main/java/com/helger/peppol/utils/PeppolKeyStoreHelper.java b/peppol-commons/src/main/java/com/helger/peppol/utils/PeppolKeyStoreHelper.java
index ffe38c58..4ed9d806 100644
--- a/peppol-commons/src/main/java/com/helger/peppol/utils/PeppolKeyStoreHelper.java
+++ b/peppol-commons/src/main/java/com/helger/peppol/utils/PeppolKeyStoreHelper.java
@@ -18,6 +18,7 @@
import java.security.KeyStore;
import java.security.KeyStoreException;
+import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
@@ -29,11 +30,16 @@
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.annotation.PresentForCodeCoverage;
+import com.helger.commons.annotation.ReturnsMutableCopy;
+import com.helger.commons.collection.impl.CommonsHashSet;
+import com.helger.commons.collection.impl.ICommonsSet;
import com.helger.commons.text.util.TextHelper;
import com.helger.security.keystore.EKeyStoreType;
+import com.helger.security.keystore.ITrustStoreDescriptor;
import com.helger.security.keystore.KeyStoreHelper;
import com.helger.security.keystore.LoadedKey;
import com.helger.security.keystore.LoadedKeyStore;
+import com.helger.security.keystore.TrustStoreDescriptor;
/**
* Helper methods to access Java key stores of type JKS (Java KeyStore).
@@ -86,6 +92,8 @@ public static final class Config2018
private Config2018 ()
{}
+ // AP Production
+
/**
* The classpath entry referencing the global truststore with all OpenPeppol
* production entries. It works for Access Points.
@@ -99,13 +107,17 @@ private Config2018 ()
@Deprecated (forRemoval = true, since = "9.1.4")
public static final String TRUSTSTORE_PRODUCTION_CLASSPATH = TRUSTSTORE_AP_PRODUCTION_CLASSPATH;
+ public static final ITrustStoreDescriptor TRUSTSTORE_DESCRIPTOR_AP_PRODUCTION = TrustStoreDescriptor.builder ()
+ .type (TRUSTSTORE_TYPE)
+ .path (TRUSTSTORE_AP_PRODUCTION_CLASSPATH)
+ .password (TRUSTSTORE_PASSWORD)
+ .build ();
+
/**
* The full AP production truststore. Never modify.
*/
- public static final KeyStore TRUSTSTORE_AP_PRODUCTION = KeyStoreHelper.loadKeyStore (TRUSTSTORE_TYPE,
- TRUSTSTORE_AP_PRODUCTION_CLASSPATH,
- TRUSTSTORE_PASSWORD)
- .getKeyStore ();
+ public static final KeyStore TRUSTSTORE_AP_PRODUCTION = TRUSTSTORE_DESCRIPTOR_AP_PRODUCTION.loadTrustStore ()
+ .getKeyStore ();
/**
* The full AP production truststore. Never modify.
@@ -119,6 +131,34 @@ private Config2018 ()
throw new IllegalStateException ("Failed to load pre-configured production trust store");
}
+ // SMP Production
+
+ /**
+ * The classpath entry referencing the global truststore with all OpenPeppol
+ * production entries. It works for Access Points.
+ */
+ public static final String TRUSTSTORE_SMP_PRODUCTION_CLASSPATH = "truststore/2018/smp-prod-truststore.jks";
+
+ public static final ITrustStoreDescriptor TRUSTSTORE_DESCRIPTOR_SMP_PRODUCTION = TrustStoreDescriptor.builder ()
+ .type (TRUSTSTORE_TYPE)
+ .path (TRUSTSTORE_SMP_PRODUCTION_CLASSPATH)
+ .password (TRUSTSTORE_PASSWORD)
+ .build ();
+
+ /**
+ * The full SMP production truststore. Never modify.
+ */
+ public static final KeyStore TRUSTSTORE_SMP_PRODUCTION = TRUSTSTORE_DESCRIPTOR_SMP_PRODUCTION.loadTrustStore ()
+ .getKeyStore ();
+
+ static
+ {
+ if (TRUSTSTORE_SMP_PRODUCTION == null)
+ throw new IllegalStateException ("Failed to load pre-configured SMP production trust store");
+ }
+
+ // Production CA certificates
+
/** The truststore alias for the OpenPeppol production root certificate */
public static final String TRUSTSTORE_PRODUCTION_ALIAS_ROOT = "peppol root ca - g2";
@@ -140,25 +180,7 @@ private Config2018 ()
public static final X509Certificate CERTIFICATE_PRODUCTION_SMP = _resolveCert (TRUSTSTORE_AP_PRODUCTION,
TRUSTSTORE_PRODUCTION_ALIAS_SMP);
- /**
- * The classpath entry referencing the global truststore with all OpenPeppol
- * production entries. It works for Access Points.
- */
- public static final String TRUSTSTORE_SMP_PRODUCTION_CLASSPATH = "truststore/2018/smp-prod-truststore.jks";
-
- /**
- * The full SMP production truststore. Never modify.
- */
- public static final KeyStore TRUSTSTORE_SMP_PRODUCTION = KeyStoreHelper.loadKeyStore (TRUSTSTORE_TYPE,
- TRUSTSTORE_SMP_PRODUCTION_CLASSPATH,
- TRUSTSTORE_PASSWORD)
- .getKeyStore ();
-
- static
- {
- if (TRUSTSTORE_SMP_PRODUCTION == null)
- throw new IllegalStateException ("Failed to load pre-configured SMP production trust store");
- }
+ // AP Test
/**
* The classpath entry referencing the global truststore with all OpenPeppol
@@ -173,13 +195,16 @@ private Config2018 ()
@Deprecated (forRemoval = true, since = "9.1.4")
public static final String TRUSTSTORE_PILOT_CLASSPATH = TRUSTSTORE_AP_PILOT_CLASSPATH;
+ public static final ITrustStoreDescriptor TRUSTSTORE_DESCRIPTOR_AP_PILOT = TrustStoreDescriptor.builder ()
+ .type (TRUSTSTORE_TYPE)
+ .path (TRUSTSTORE_AP_PILOT_CLASSPATH)
+ .password (TRUSTSTORE_PASSWORD)
+ .build ();
+
/**
* The full AP pilot truststore. Never modify.
*/
- public static final KeyStore TRUSTSTORE_AP_PILOT = KeyStoreHelper.loadKeyStore (TRUSTSTORE_TYPE,
- TRUSTSTORE_AP_PILOT_CLASSPATH,
- TRUSTSTORE_PASSWORD)
- .getKeyStore ();
+ public static final KeyStore TRUSTSTORE_AP_PILOT = TRUSTSTORE_DESCRIPTOR_AP_PILOT.loadTrustStore ().getKeyStore ();
/**
* The full AP pilot truststore. Never modify.
@@ -193,6 +218,34 @@ private Config2018 ()
throw new IllegalStateException ("Failed to load pre-configured pilot trust store");
}
+ // SMP Test
+
+ /**
+ * The classpath entry referencing the global truststore with all OpenPeppol
+ * pilot entries for SMPs.
+ */
+ public static final String TRUSTSTORE_SMP_PILOT_CLASSPATH = "truststore/2018/smp-pilot-truststore.jks";
+
+ public static final ITrustStoreDescriptor TRUSTSTORE_DESCRIPTOR_SMP_PILOT = TrustStoreDescriptor.builder ()
+ .type (TRUSTSTORE_TYPE)
+ .path (TRUSTSTORE_SMP_PILOT_CLASSPATH)
+ .password (TRUSTSTORE_PASSWORD)
+ .build ();
+
+ /**
+ * The full SMP pilot truststore. Never modify.
+ */
+ public static final KeyStore TRUSTSTORE_SMP_PILOT = TRUSTSTORE_DESCRIPTOR_SMP_PILOT.loadTrustStore ()
+ .getKeyStore ();
+
+ static
+ {
+ if (TRUSTSTORE_SMP_PILOT == null)
+ throw new IllegalStateException ("Failed to load pre-configured SMP pilot trust store");
+ }
+
+ // Test CA certificates
+
/** The truststore alias for the OpenPeppol pilot root certificate */
public static final String TRUSTSTORE_PILOT_ALIAS_ROOT = "peppol root test ca - g2";
@@ -213,26 +266,6 @@ private Config2018 ()
/** The OpenPeppol pilot SMP certificate */
public static final X509Certificate CERTIFICATE_PILOT_SMP = _resolveCert (TRUSTSTORE_AP_PILOT,
TRUSTSTORE_PILOT_ALIAS_SMP);
-
- /**
- * The classpath entry referencing the global truststore with all OpenPeppol
- * pilot entries for SMPs.
- */
- public static final String TRUSTSTORE_SMP_PILOT_CLASSPATH = "truststore/2018/smp-pilot-truststore.jks";
-
- /**
- * The full SMP pilot truststore. Never modify.
- */
- public static final KeyStore TRUSTSTORE_SMP_PILOT = KeyStoreHelper.loadKeyStore (TRUSTSTORE_TYPE,
- TRUSTSTORE_SMP_PILOT_CLASSPATH,
- TRUSTSTORE_PASSWORD)
- .getKeyStore ();
-
- static
- {
- if (TRUSTSTORE_SMP_PILOT == null)
- throw new IllegalStateException ("Failed to load pre-configured SMP pilot trust store");
- }
}
@PresentForCodeCoverage
@@ -252,4 +285,29 @@ public static String getLoadError (@Nonnull final LoadedKey aLK)
{
return aLK == null ? null : aLK.getErrorText (TextHelper.EN);
}
+
+ /**
+ * Get all trusted certificates
+ *
+ * @param aTrustStore
+ * Trust store to iterate
+ * @return A non-null set of all trusted certificates. Never
+ * null.
+ */
+ @Nonnull
+ @ReturnsMutableCopy
+ public static ICommonsSet getAllTrustedCertificates (@Nullable final KeyStore aTrustStore)
+ {
+ final ICommonsSet aCerts = new CommonsHashSet <> ();
+ if (aTrustStore != null)
+ KeyStoreHelper.iterateKeyStore (aTrustStore, alias -> {
+ if (aTrustStore.isCertificateEntry (alias))
+ {
+ final Certificate aCert = aTrustStore.getCertificate (alias);
+ if (aCert instanceof X509Certificate)
+ aCerts.add ((X509Certificate) aCert);
+ }
+ });
+ return aCerts;
+ }
}
diff --git a/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/MainCreateTrustStoreComplete.java b/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/MainCreateTrustStoreComplete.java
index d4e6ad5b..2e0bf244 100644
--- a/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/MainCreateTrustStoreComplete.java
+++ b/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/MainCreateTrustStoreComplete.java
@@ -44,7 +44,7 @@ public static void main (final String [] args) throws Exception
{
final LoadedKeyStore aLKS = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS,
"truststore/" + sTS + "-truststore.jks",
- PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD);
+ PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD.toCharArray ());
final Enumeration aAliases = aLKS.getKeyStore ().aliases ();
while (aAliases.hasMoreElements ())
{
diff --git a/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/MainCreateTrustStoresSMP.java b/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/MainCreateTrustStoresSMP.java
index a47fc049..10b6ba33 100644
--- a/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/MainCreateTrustStoresSMP.java
+++ b/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/MainCreateTrustStoresSMP.java
@@ -46,7 +46,7 @@ public static void main (final String [] args) throws Exception
{
final LoadedKeyStore aLKS = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS,
"truststore/" + sTS + "-truststore.jks",
- PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD);
+ PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD.toCharArray ());
final Enumeration aAliases = aLKS.getKeyStore ().aliases ();
while (aAliases.hasMoreElements ())
{
diff --git a/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/RegExFuncTest.java b/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/RegExFuncTest.java
index b4b8df51..963f97e7 100644
--- a/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/RegExFuncTest.java
+++ b/peppol-commons/src/test/java/com/helger/peppol/supplementary/tools/RegExFuncTest.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright (C) 2015-2024 Philip Helger
+ * philip[at]helger[dot]com
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package com.helger.peppol.supplementary.tools;
import static org.junit.Assert.assertFalse;
diff --git a/peppol-commons/src/test/java/com/helger/peppol/utils/CRLHelperTest.java b/peppol-commons/src/test/java/com/helger/peppol/utils/CRLHelperTest.java
index 06bcf512..ccd68964 100644
--- a/peppol-commons/src/test/java/com/helger/peppol/utils/CRLHelperTest.java
+++ b/peppol-commons/src/test/java/com/helger/peppol/utils/CRLHelperTest.java
@@ -45,7 +45,10 @@ public void testGetAllDistributionPoints () throws KeyStoreException
final File fAP = new File ("src/test/resources/test-ap-2021.p12");
if (fAP.exists ())
{
- final KeyStore aKS = KeyStoreHelper.loadKeyStore (EKeyStoreType.PKCS12, fAP.getAbsolutePath (), "peppol").getKeyStore ();
+ final KeyStore aKS = KeyStoreHelper.loadKeyStore (EKeyStoreType.PKCS12,
+ fAP.getAbsolutePath (),
+ "peppol".toCharArray ())
+ .getKeyStore ();
assertNotNull (aKS);
final X509Certificate aCert = (X509Certificate) aKS.getCertificate (aKS.aliases ().nextElement ());
diff --git a/peppol-commons/src/test/java/com/helger/peppol/utils/PeppolCertificateCheckerTest.java b/peppol-commons/src/test/java/com/helger/peppol/utils/PeppolCertificateCheckerTest.java
index 58d0f772..1b4d1a83 100644
--- a/peppol-commons/src/test/java/com/helger/peppol/utils/PeppolCertificateCheckerTest.java
+++ b/peppol-commons/src/test/java/com/helger/peppol/utils/PeppolCertificateCheckerTest.java
@@ -81,7 +81,9 @@ public void testRealAPCert () throws Exception
{
LOGGER.info ("Checking the local AP test certificate");
- final KeyStore aKS = KeyStoreHelper.loadKeyStore (EKeyStoreType.PKCS12, fAP.getAbsolutePath (), "peppol")
+ final KeyStore aKS = KeyStoreHelper.loadKeyStore (EKeyStoreType.PKCS12,
+ fAP.getAbsolutePath (),
+ "peppol".toCharArray ())
.getKeyStore ();
assertNotNull (aKS);
@@ -135,7 +137,9 @@ public void testRealSMPCert () throws Exception
{
LOGGER.info ("Checking the local SMP test certificate");
- final KeyStore aKS = KeyStoreHelper.loadKeyStore (EKeyStoreType.PKCS12, fSMP.getAbsolutePath (), "peppol")
+ final KeyStore aKS = KeyStoreHelper.loadKeyStore (EKeyStoreType.PKCS12,
+ fSMP.getAbsolutePath (),
+ "peppol".toCharArray ())
.getKeyStore ();
assertNotNull (aKS);
diff --git a/peppol-commons/src/test/java/com/helger/peppol/utils/PeppolKeyStoreHelperTest.java b/peppol-commons/src/test/java/com/helger/peppol/utils/PeppolKeyStoreHelperTest.java
index c2e5f2d4..bf60dc52 100644
--- a/peppol-commons/src/test/java/com/helger/peppol/utils/PeppolKeyStoreHelperTest.java
+++ b/peppol-commons/src/test/java/com/helger/peppol/utils/PeppolKeyStoreHelperTest.java
@@ -24,8 +24,6 @@
import org.junit.Test;
-import com.helger.security.keystore.KeyStoreHelper;
-
/**
* Test class for class {@link PeppolKeyStoreHelper}.
*
@@ -49,9 +47,7 @@ public void testConstants ()
public void testLoadTrustStore2018ProductionAP () throws Exception
{
// Load trust store
- final KeyStore aTrustStore = KeyStoreHelper.loadKeyStoreDirect (PeppolKeyStoreHelper.TRUSTSTORE_TYPE,
- PeppolKeyStoreHelper.Config2018.TRUSTSTORE_AP_PRODUCTION_CLASSPATH,
- PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD);
+ final KeyStore aTrustStore = PeppolKeyStoreHelper.Config2018.TRUSTSTORE_AP_PRODUCTION;
assertNotNull (aTrustStore);
// Ensure all name entries are contained
@@ -81,9 +77,7 @@ public void testLoadTrustStore2018ProductionAP () throws Exception
public void testLoadTrustStore2018ProductionSMP () throws Exception
{
// Load trust store
- final KeyStore aTrustStore = KeyStoreHelper.loadKeyStoreDirect (PeppolKeyStoreHelper.TRUSTSTORE_TYPE,
- PeppolKeyStoreHelper.Config2018.TRUSTSTORE_SMP_PRODUCTION_CLASSPATH,
- PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD);
+ final KeyStore aTrustStore = PeppolKeyStoreHelper.Config2018.TRUSTSTORE_SMP_PRODUCTION;
assertNotNull (aTrustStore);
// Ensure all name entries are contained
@@ -113,9 +107,7 @@ public void testLoadTrustStore2018ProductionSMP () throws Exception
public void testLoadTrustStore2018PilotAP () throws Exception
{
// Load trust store
- final KeyStore aTrustStore = KeyStoreHelper.loadKeyStoreDirect (PeppolKeyStoreHelper.TRUSTSTORE_TYPE,
- PeppolKeyStoreHelper.Config2018.TRUSTSTORE_AP_PILOT_CLASSPATH,
- PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD);
+ final KeyStore aTrustStore = PeppolKeyStoreHelper.Config2018.TRUSTSTORE_AP_PILOT;
assertNotNull (aTrustStore);
// Ensure all name entries are contained
@@ -136,7 +128,8 @@ public void testLoadTrustStore2018PilotAP () throws Exception
final String sIssuerName = aCertSMP.getIssuerX500Principal ().getName ();
assertEquals ("CN=PEPPOL Root TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE", sIssuerName);
final String sSubjectName = aCertSMP.getSubjectX500Principal ().getName ();
- assertEquals ("CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE", sSubjectName);
+ assertEquals ("CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE",
+ sSubjectName);
aCertSMP.verify (PeppolKeyStoreHelper.Config2018.CERTIFICATE_PILOT_ROOT.getPublicKey ());
}
}
@@ -145,9 +138,7 @@ public void testLoadTrustStore2018PilotAP () throws Exception
public void testLoadTrustStore2018PilotSMP () throws Exception
{
// Load trust store
- final KeyStore aTrustStore = KeyStoreHelper.loadKeyStoreDirect (PeppolKeyStoreHelper.TRUSTSTORE_TYPE,
- PeppolKeyStoreHelper.Config2018.TRUSTSTORE_SMP_PILOT_CLASSPATH,
- PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD);
+ final KeyStore aTrustStore = PeppolKeyStoreHelper.Config2018.TRUSTSTORE_SMP_PILOT;
assertNotNull (aTrustStore);
// Ensure all name entries are contained
@@ -168,7 +159,8 @@ public void testLoadTrustStore2018PilotSMP () throws Exception
final String sIssuerName = aCertSMP.getIssuerX500Principal ().getName ();
assertEquals ("CN=PEPPOL Root TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE", sIssuerName);
final String sSubjectName = aCertSMP.getSubjectX500Principal ().getName ();
- assertEquals ("CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE", sSubjectName);
+ assertEquals ("CN=PEPPOL SERVICE METADATA PUBLISHER TEST CA - G2,OU=FOR TEST ONLY,O=OpenPEPPOL AISBL,C=BE",
+ sSubjectName);
aCertSMP.verify (PeppolKeyStoreHelper.Config2018.CERTIFICATE_PILOT_ROOT.getPublicKey ());
}
}
diff --git a/peppol-id/src/main/java/com/helger/peppolid/factory/IDocumentTypeIdentifierFactory.java b/peppol-id/src/main/java/com/helger/peppolid/factory/IDocumentTypeIdentifierFactory.java
index 66e3473d..af31f84c 100644
--- a/peppol-id/src/main/java/com/helger/peppolid/factory/IDocumentTypeIdentifierFactory.java
+++ b/peppol-id/src/main/java/com/helger/peppolid/factory/IDocumentTypeIdentifierFactory.java
@@ -40,7 +40,8 @@ default boolean isDocumentTypeIdentifierSchemeMandatory ()
/**
* @return The default document type identifier scheme to be used for this
- * identifier type. May be null.
+ * identifier type, independent of the value. May be
+ * null.
*/
@Nullable
default String getDefaultDocumentTypeIdentifierScheme ()
@@ -48,6 +49,21 @@ default String getDefaultDocumentTypeIdentifierScheme ()
return null;
}
+ /**
+ * @param sValue
+ * The Document type identifier value for which a scheme should be
+ * deduced.
+ * @return The default document type identifier scheme to be used for this
+ * identifier type, but specific to the provided value. May be
+ * null.
+ * @since 9.6.0
+ */
+ @Nullable
+ default String getDefaultDocumentTypeIdentifierScheme (@Nullable final String sValue)
+ {
+ return null;
+ }
+
/**
* @param sScheme
* The identifier scheme in use. May be null or empty if
diff --git a/peppol-id/src/main/java/com/helger/peppolid/factory/PeppolIdentifierFactory.java b/peppol-id/src/main/java/com/helger/peppolid/factory/PeppolIdentifierFactory.java
index 70cd33d8..5cca1c99 100644
--- a/peppol-id/src/main/java/com/helger/peppolid/factory/PeppolIdentifierFactory.java
+++ b/peppol-id/src/main/java/com/helger/peppolid/factory/PeppolIdentifierFactory.java
@@ -63,14 +63,35 @@ public boolean isDocumentTypeIdentifierSchemeMandatory ()
return true;
}
+ /**
+ * This method is deprecated for this class. Always use
+ * {@link #getDefaultDocumentTypeIdentifierScheme(String)} instead.
+ */
@Nonnull
@Override
+ @Deprecated
public String getDefaultDocumentTypeIdentifierScheme ()
{
// For backwards compatibility reason
return PeppolIdentifierHelper.DOCUMENT_TYPE_SCHEME_BUSDOX_DOCID_QNS;
}
+ @Nullable
+ public String getDefaultDocumentTypeIdentifierScheme (@Nullable final String sValue)
+ {
+ if (StringHelper.hasNoText (sValue))
+ return null;
+
+ // Current PINT determination - the best we have
+ if (sValue.contains ("##urn:peppol:pint:"))
+ {
+ // This scheme is only used for PINT atm
+ return PeppolIdentifierHelper.DOCUMENT_TYPE_SCHEME_PEPPOL_DOCTYPE_WILDCARD;
+ }
+ // This is the default
+ return PeppolIdentifierHelper.DOCUMENT_TYPE_SCHEME_BUSDOX_DOCID_QNS;
+ }
+
@Override
public boolean isDocumentTypeIdentifierSchemeValid (@Nullable final String sScheme)
{
@@ -172,7 +193,7 @@ public boolean isDocumentTypeIdentifierValueValid (@Nullable final String sSchem
@Override
public PeppolDocumentTypeIdentifier createDocumentTypeIdentifierWithDefaultScheme (@Nullable final String sValue)
{
- return createDocumentTypeIdentifier (getDefaultDocumentTypeIdentifierScheme (), sValue);
+ return createDocumentTypeIdentifier (getDefaultDocumentTypeIdentifierScheme (sValue), sValue);
}
@Nullable
diff --git a/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/AbstractSMLClientTestCase.java b/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/AbstractSMLClientTestCase.java
index 4148ad52..afb55eb3 100644
--- a/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/AbstractSMLClientTestCase.java
+++ b/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/AbstractSMLClientTestCase.java
@@ -41,7 +41,7 @@ public abstract class AbstractSMLClientTestCase
public static final ISMLInfo SML_INFO = ESML.DIGIT_TEST;
protected static final EKeyStoreType KEYSTORE_TYPE = EKeyStoreType.JKS;
protected static final String KEYSTORE_PATH = MockSMLClientConfig.getKeyStorePath ();
- protected static final String KEYSTORE_PASSWORD = MockSMLClientConfig.getKeyStorePassword ();
+ protected static final char [] KEYSTORE_PASSWORD = MockSMLClientConfig.getKeyStorePassword ();
@Nullable
public static final SSLSocketFactory createConfiguredSSLSocketFactory (@Nonnull final ISMLInfo aSMLInfo,
@@ -55,11 +55,13 @@ public static final SSLSocketFactory createConfiguredSSLSocketFactory (@Nonnull
// Key manager
final KeyManagerFactory aKeyManagerFactory = KeyManagerFactory.getInstance ("SunX509");
- aKeyManagerFactory.init (aKeyStore, KEYSTORE_PASSWORD.toCharArray ());
+ aKeyManagerFactory.init (aKeyStore, KEYSTORE_PASSWORD);
// Assign key manager and empty trust manager to SSL context
final SSLContext aSSLCtx = SSLContext.getInstance ("TLS");
- aSSLCtx.init (aKeyManagerFactory.getKeyManagers (), new TrustManager [] { new TrustManagerTrustAll (bDebug) }, null);
+ aSSLCtx.init (aKeyManagerFactory.getKeyManagers (),
+ new TrustManager [] { new TrustManagerTrustAll (bDebug) },
+ null);
return aSSLCtx.getSocketFactory ();
}
}
diff --git a/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/MockSMLClientConfig.java b/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/MockSMLClientConfig.java
index 5ffb57fb..6bd5a829 100644
--- a/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/MockSMLClientConfig.java
+++ b/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/MockSMLClientConfig.java
@@ -54,8 +54,8 @@ public static String getKeyStorePath ()
}
@Nullable
- public static String getKeyStorePassword ()
+ public static char [] getKeyStorePassword ()
{
- return TEST_CONFIG.getAsString ("keystore.password");
+ return TEST_CONFIG.getAsCharArray ("keystore.password");
}
}
diff --git a/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/client/SSLConnectFuncTest.java b/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/client/SSLConnectFuncTest.java
index 42895e3e..e3af2988 100644
--- a/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/client/SSLConnectFuncTest.java
+++ b/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/client/SSLConnectFuncTest.java
@@ -56,10 +56,10 @@ public void testConnect () throws Exception
// Load the client certificate
final KeyStore aKeyStore = KeyStoreHelper.loadKeyStoreDirect (KEYSTORE_TYPE, KEYSTORE_PATH, KEYSTORE_PASSWORD);
final KeyManagerFactory aKMF = KeyManagerFactory.getInstance ("SunX509");
- aKMF.init (aKeyStore, KEYSTORE_PASSWORD.toCharArray ());
+ aKMF.init (aKeyStore, KEYSTORE_PASSWORD);
// Trust all
- final TrustManager [] aTrustMgrs = new TrustManager [] { new TrustManagerTrustAll (false) };
+ final TrustManager [] aTrustMgrs = { new TrustManagerTrustAll (false) };
// SSL context
final SSLContext aSSLContext = SSLContext.getInstance ("TLS");
diff --git a/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/supplementary/tools/MainForArunFromBasware.java b/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/supplementary/tools/MainForArunFromBasware.java
index 00387a4e..9ac3b537 100644
--- a/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/supplementary/tools/MainForArunFromBasware.java
+++ b/peppol-sml-client/src/test/java/com/helger/peppol/smlclient/supplementary/tools/MainForArunFromBasware.java
@@ -57,7 +57,7 @@ public static void main (final String [] args) throws Exception
// Keystore path and password
final EKeyStoreType eKeyStoreType = EKeyStoreType.JKS;
final String sKeystorePath = "keystore/smp.pilot.jks";
- final String sKeystorePassword = "peppol";
+ final char [] aKeystorePassword = "peppol".toCharArray ();
// Participant to be created
final String sServiceGroupID = "0088:5798000000001";
// Create (true) or delete (false) participant?
@@ -83,15 +83,17 @@ public static void main (final String [] args) throws Exception
if (aSMLInfo.isClientCertificateRequired ())
{
// Main key storage
- final KeyStore aKeyStore = KeyStoreHelper.loadKeyStoreDirect (eKeyStoreType, sKeystorePath, sKeystorePassword);
+ final KeyStore aKeyStore = KeyStoreHelper.loadKeyStoreDirect (eKeyStoreType, sKeystorePath, aKeystorePassword);
// Key manager
final KeyManagerFactory aKeyManagerFactory = KeyManagerFactory.getInstance ("SunX509");
- aKeyManagerFactory.init (aKeyStore, sKeystorePassword.toCharArray ());
+ aKeyManagerFactory.init (aKeyStore, aKeystorePassword);
// Assign key manager and empty trust manager to SSL context
final SSLContext aSSLCtx = SSLContext.getInstance ("TLS");
- aSSLCtx.init (aKeyManagerFactory.getKeyManagers (), new TrustManager [] { new TrustManagerTrustAll (false) }, null);
+ aSSLCtx.init (aKeyManagerFactory.getKeyManagers (),
+ new TrustManager [] { new TrustManagerTrustAll (false) },
+ null);
aParticipantClient.setSSLSocketFactory (aSSLCtx.getSocketFactory ());
}
diff --git a/peppol-smp-client/src/main/java/com/helger/smpclient/config/SMPClientConfiguration.java b/peppol-smp-client/src/main/java/com/helger/smpclient/config/SMPClientConfiguration.java
index bb5ee577..3f39e230 100644
--- a/peppol-smp-client/src/main/java/com/helger/smpclient/config/SMPClientConfiguration.java
+++ b/peppol-smp-client/src/main/java/com/helger/smpclient/config/SMPClientConfiguration.java
@@ -216,8 +216,10 @@ public static String getTrustStorePath ()
* the key truststore.password. If none is present
* {@link PeppolKeyStoreHelper#TRUSTSTORE_PASSWORD} is returned as a
* default.
+ * @deprecated Use {@link #getTrustStorePasswordCharArray()} instead
*/
@Nonnull
+ @Deprecated (forRemoval = true, since = "9.6.0")
public static String getTrustStorePassword ()
{
String ret = getConfig ().getAsStringOrFallback ("smpclient.truststore.password", "truststore.password");
@@ -226,6 +228,21 @@ public static String getTrustStorePassword ()
return ret;
}
+ /**
+ * @return The truststore password as specified in the configuration file by
+ * the key truststore.password. If none is present
+ * {@link PeppolKeyStoreHelper#TRUSTSTORE_PASSWORD} is returned as a
+ * default.
+ */
+ @Nonnull
+ public static char [] getTrustStorePasswordCharArray ()
+ {
+ char [] ret = getConfig ().getAsCharArrayOrFallback ("smpclient.truststore.password", "truststore.password");
+ if (ret == null)
+ ret = PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD.toCharArray ();
+ return ret;
+ }
+
/**
* Try to load the configured trust store.
*
@@ -237,7 +254,9 @@ public static KeyStore loadTrustStore ()
{
try
{
- return KeyStoreHelper.loadKeyStoreDirect (getTrustStoreType (), getTrustStorePath (), getTrustStorePassword ());
+ return KeyStoreHelper.loadKeyStoreDirect (getTrustStoreType (),
+ getTrustStorePath (),
+ getTrustStorePasswordCharArray ());
}
catch (final Exception ex)
{
diff --git a/peppol-smp-client/src/main/java/com/helger/smpclient/peppol/ISMPExtendedServiceMetadataProvider.java b/peppol-smp-client/src/main/java/com/helger/smpclient/peppol/ISMPExtendedServiceMetadataProvider.java
index 1a8b4b48..9bc91c2c 100644
--- a/peppol-smp-client/src/main/java/com/helger/smpclient/peppol/ISMPExtendedServiceMetadataProvider.java
+++ b/peppol-smp-client/src/main/java/com/helger/smpclient/peppol/ISMPExtendedServiceMetadataProvider.java
@@ -451,7 +451,7 @@ default X509Certificate getEndpointCertificateAt (@Nonnull final IParticipantIde
* @since 9.6.0
* @see #getServiceMetadataOrNull(IParticipantIdentifier,
* IDocumentTypeIdentifier)
- * @see #getServiceGroupOrNull(IParticipantIdentifier)
+ * @see ISMPServiceGroupProvider#getServiceGroupOrNull(IParticipantIdentifier)
*/
@Nullable
SignedServiceMetadataType getSchemeSpecificServiceMetadataOrNull (@Nonnull IParticipantIdentifier aServiceGroupID,
diff --git a/peppol-smp-client/src/main/java/com/helger/smpclient/peppol/PeppolWildcardSelector.java b/peppol-smp-client/src/main/java/com/helger/smpclient/peppol/PeppolWildcardSelector.java
index deb59d63..a4a894dc 100644
--- a/peppol-smp-client/src/main/java/com/helger/smpclient/peppol/PeppolWildcardSelector.java
+++ b/peppol-smp-client/src/main/java/com/helger/smpclient/peppol/PeppolWildcardSelector.java
@@ -57,7 +57,9 @@
public class PeppolWildcardSelector
{
/**
- * Defines the different selection modes
+ * Defines the different selection modes.
+ * This was valid for Policy for use of Identifiers 4.2.0. This is no longer
+ * valid with PFUOI 4.3.0 from May 15th 2025
*
* @author Philip Helger
*/
diff --git a/peppol-smp-client/src/test/java/com/helger/smpclient/bdxr1/BDXRClientReadOnlyTest.java b/peppol-smp-client/src/test/java/com/helger/smpclient/bdxr1/BDXRClientReadOnlyTest.java
index 8fe8e65a..c5ab1881 100644
--- a/peppol-smp-client/src/test/java/com/helger/smpclient/bdxr1/BDXRClientReadOnlyTest.java
+++ b/peppol-smp-client/src/test/java/com/helger/smpclient/bdxr1/BDXRClientReadOnlyTest.java
@@ -77,7 +77,9 @@ public void testGetBDXRHostURI_Peppol_WithBDXR () throws SMPClientException, SMP
{
// This instance has a BOM inside
final IParticipantIdentifier aPI = PeppolIdentifierFactory.INSTANCE.createParticipantIdentifierWithDefaultScheme ("9917:5504033150");
- final BDXRClientReadOnly aBDXRClient = new BDXRClientReadOnly (PeppolURLProvider.INSTANCE, aPI, ESML.DIGIT_PRODUCTION);
+ final BDXRClientReadOnly aBDXRClient = new BDXRClientReadOnly (PeppolURLProvider.INSTANCE,
+ aPI,
+ ESML.DIGIT_PRODUCTION);
assertEquals ("http://B-2f67a0710cbc13c11ac8c0d64186ac5e.iso6523-actorid-upis.edelivery.tech.ec.europa.eu/",
aBDXRClient.getSMPHostURI ());
@@ -157,7 +159,9 @@ public void testReadDE4A () throws Exception
final IDocumentTypeIdentifier aDocTypeID = SimpleIdentifierFactory.INSTANCE.createDocumentTypeIdentifier ("urn:de4a-eu:CanonicalEvidenceType",
"CompanyRegistration");
- final KeyStore aTS = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "truststores/de4a-truststore-test-smp-pw-de4a.jks", "de4a");
+ final KeyStore aTS = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS,
+ "truststores/de4a-truststore-test-smp-pw-de4a.jks",
+ "de4a".toCharArray ());
assertNotNull (aTS);
// TOOP SML
diff --git a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/PeppolWildcardSelectorTest.java b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/PeppolWildcardSelectorTest.java
index e3ecea22..fcac55ac 100644
--- a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/PeppolWildcardSelectorTest.java
+++ b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/PeppolWildcardSelectorTest.java
@@ -42,6 +42,7 @@
public final class PeppolWildcardSelectorTest
{
@Test
+ @Deprecated
public void testEmptyAll ()
{
final MutableInt aCount = new MutableInt (0);
@@ -64,6 +65,7 @@ public void testEmptyAll ()
}
@Test
+ @Deprecated
public void testMatchingModesAll ()
{
final PeppolIdentifierFactory aIF = PeppolIdentifierFactory.INSTANCE;
diff --git a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/SMPClientReadOnlyTest.java b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/SMPClientReadOnlyTest.java
index 00d45eac..9aebe8e8 100644
--- a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/SMPClientReadOnlyTest.java
+++ b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/SMPClientReadOnlyTest.java
@@ -146,7 +146,9 @@ public void testInvalidTrustStore () throws SMPDNSResolutionException,
ESML.DIGIT_TEST).setSecureValidation (false);
// Set old trust store
{
- final KeyStore aTS = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "truststore-outdated.jks", "peppol");
+ final KeyStore aTS = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS,
+ "truststore-outdated.jks",
+ "peppol".toCharArray ());
assertNotNull (aTS);
aSMPClient.setTrustStore (aTS);
}
@@ -272,6 +274,7 @@ public void testActivationDate ()
}
@Test
+ @Deprecated
public void testGetWildcardServiceMetadataOrNull_PFUOI420 () throws Exception
{
final PeppolIdentifierFactory aIF = PeppolIdentifierFactory.INSTANCE;
diff --git a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/SMPClientTest.java b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/SMPClientTest.java
index c9307546..5df38393 100644
--- a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/SMPClientTest.java
+++ b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/SMPClientTest.java
@@ -111,6 +111,7 @@ public void testGetServiceMetadataNotExistsOnExistingSMP () throws SMPClientExce
}
@Test
+ @Deprecated
public void testGetServiceGroupReferenceList () throws SMPClientException
{
final SMPClient aSMPClient = new SMPClient (SMP_URI);
diff --git a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/functest/MainSMPServiceGroupCompleteList.java b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/functest/MainSMPServiceGroupCompleteList.java
index 11084d69..0a6e9b3a 100644
--- a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/functest/MainSMPServiceGroupCompleteList.java
+++ b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/functest/MainSMPServiceGroupCompleteList.java
@@ -31,6 +31,7 @@
/**
* @author Philip Helger
*/
+@Deprecated
public final class MainSMPServiceGroupCompleteList
{
private static final Logger LOGGER = LoggerFactory.getLogger (MainSMPServiceGroupCompleteList.class);
diff --git a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/functest/MainSMPServiceGroupReferenceList.java b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/functest/MainSMPServiceGroupReferenceList.java
index b9f14aa3..6b683b01 100644
--- a/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/functest/MainSMPServiceGroupReferenceList.java
+++ b/peppol-smp-client/src/test/java/com/helger/smpclient/peppol/functest/MainSMPServiceGroupReferenceList.java
@@ -30,6 +30,7 @@
/**
* @author Philip Helger
*/
+@Deprecated
public final class MainSMPServiceGroupReferenceList
{
private static final Logger LOGGER = LoggerFactory.getLogger (MainSMPServiceGroupReferenceList.class);
diff --git a/pom.xml b/pom.xml
index 038ff780..483665f8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -88,7 +88,7 @@
com.helger.commons
ph-commons-parent-pom
- 11.1.8
+ 11.1.10
pom
import