Package com.helger.phase4.peppol.servlet

Class Phase4PeppolDefaultReceiverConfiguration

java.lang.Object
com.helger.phase4.peppol.servlet.Phase4PeppolDefaultReceiverConfiguration
@NotThreadSafe public final class Phase4PeppolDefaultReceiverConfiguration extends Object
This class contains the references values against which incoming values are compared. These are the static default values that can be overridden in Phase4PeppolServletMessageProcessorSPI. Please note that this class is not thread safe, as the default values are not meant to be modified during runtime.
See Phase4PeppolReceiverConfiguration for the "per-request" version of this class.
Old name before v3: Phase4PeppolServletConfiguration
Author:
Philip Helger

  • Field Details

    • DEFAULT_RECEIVER_CHECK_ENABLED

      public static final boolean DEFAULT_RECEIVER_CHECK_ENABLED
      See Also:

    • DEFAULT_SBDH_IDENTIFIER_FACTORY

      public static final com.helger.peppolid.factory.IIdentifierFactory DEFAULT_SBDH_IDENTIFIER_FACTORY

    • DEFAULT_CHECK_SIGNING_CERTIFICATE_REVOCATION

      public static final boolean DEFAULT_CHECK_SIGNING_CERTIFICATE_REVOCATION
      See Also:

    • DEFAULT_PEPPOL_AP_CA_CHECKER

      public static final com.helger.security.certificate.TrustedCAChecker DEFAULT_PEPPOL_AP_CA_CHECKER

  • Method Details

    • isReceiverCheckEnabled

      public static boolean isReceiverCheckEnabled()
      Returns:
      true if the checks for endpoint URL and endpoint certificate are enabled, false otherwise. By default the checks are enabled.

    • setReceiverCheckEnabled

      public static void setReceiverCheckEnabled(boolean bReceiverCheckEnabled)
      Enable or disable the overall receiver checks (check if a receiver is actually registered in the configured SMP with the configured AP URL). If the check is enabled, than all values MUST be set.
      Parameters:
      bReceiverCheckEnabled - true to enable the checks, false to disable them.
      See Also:

    • getSMPClient

      public static @Nullable com.helger.smpclient.peppol.ISMPExtendedServiceMetadataProvider getSMPClient()
      Returns:
      The SMP client object that should be used for the SMP lookup. It is customizable because it depends either on the SML or a direct URL to the SMP may be provided. May be null if not yet configured.

    • setSMPClient

      public static void setSMPClient(@Nullable com.helger.smpclient.peppol.ISMPExtendedServiceMetadataProvider aSMPClient)
      Set the SMP client to use for reverse checking if the participant is registered or not. Since v4.4.2 this is an alternative to using setSMLInfo(ISMLInfo) for dynamic per-participant resolution.
      Parameters:
      aSMPClient - The SMP metadata provider to be used. May be null.
      See Also:

    • getSMLInfo

      public static @Nullable com.helger.peppol.sml.ISMLInfo getSMLInfo()
      Returns:
      The SML information for dynamic SMP client resolution per participant ID. May be null if not yet configured.
      Since:
      v4.4.2
      See Also:

    • setSMLInfo

      public static void setSMLInfo(@Nullable com.helger.peppol.sml.ISMLInfo aSMLInfo)
      Set the SML information for dynamic per-participant SMP client resolution. This is an alternative to using a fixed SMP client via setSMPClient(ISMPExtendedServiceMetadataProvider).
      Parameters:
      aSMLInfo - The SML info to use. May be null.
      Since:
      v4.4.2
      See Also:

    • getSMPURLProvider

      public static @NonNull com.helger.smpclient.url.ISMPURLProvider getSMPURLProvider()
      Returns:
      The SMP URL provider to be used for dynamic SMP client resolution. Never null. Defaults to PeppolNaptrURLProvider.INSTANCE.
      Since:
      v4.4.2

    • setSMPURLProvider

      public static void setSMPURLProvider(@NonNull com.helger.smpclient.url.ISMPURLProvider aSMPURLProvider)
      Set the SMP URL provider to be used for dynamic SMP client resolution. Only relevant if setSMLInfo(ISMLInfo) is set.
      Parameters:
      aSMPURLProvider - The SMP URL provider to use. May not be null.
      Since:
      v4.4.2

    • getSMPRevocationCheckMode

      public static @Nullable com.helger.security.revocation.ERevocationCheckMode getSMPRevocationCheckMode()
      Returns:
      The revocation check mode to apply when verifying SMP response certificates. null means "use the JVM-wide default from CertificateRevocationCheckerDefaults".
      Since:
      4.5.0

    • setSMPRevocationCheckMode

      public static void setSMPRevocationCheckMode(@Nullable com.helger.security.revocation.ERevocationCheckMode e)
      Set the revocation check mode to apply when verifying SMP response certificates.
      Parameters:
      e - The revocation check mode to use. null means "use the JVM-wide default from CertificateRevocationCheckerDefaults".
      Since:
      4.5.0

    • isSMPRevocationSoftFail

      public static boolean isSMPRevocationSoftFail()
      Returns:
      true to accept an indeterminable revocation status of an SMP response certificate (soft-fail), false to reject. Defaults to CertificateRevocationCheckerDefaults.isAllowSoftFail().
      Since:
      4.5.0

    • setSMPRevocationSoftFail

      public static void setSMPRevocationSoftFail(boolean b)
      Set whether an indeterminable revocation status of an SMP response certificate is accepted (soft-fail) or causes the certificate to be rejected.
      Parameters:
      b - true to accept on unknown revocation status (soft-fail), false to reject.
      Since:
      4.5.0

    • getAS4EndpointURL

      public static @Nullable String getAS4EndpointURL()
      Returns:
      The URL of this (my) AP to compare to against the SMP lookup result upon retrieval. Is null by default.

    • setAS4EndpointURL

      public static void setAS4EndpointURL(@Nullable String sAS4EndpointURL)
      Set the expected endpoint URL to be used for comparing against the SMP lookup result.
      Parameters:
      sAS4EndpointURL - The endpoint URL to check against. May be null.

    • getAPCertificate

      public static @Nullable X509Certificate getAPCertificate()
      Returns:
      The certificate of this (my) AP to compare to against the SMP lookup result upon retrieval. Is null by default.

    • setAPCertificate

      public static void setAPCertificate(@Nullable X509Certificate aAPCertificate)
      Set the Peppol AP certificate to be used for comparing against the SMP lookup result.
      Parameters:
      aAPCertificate - The AP certificate to be used for compatibility. May be null.

    • getSBDHIdentifierFactory

      @ChangeNextMajorRelease("Remove the \'SBDH\' from the name - it\'s used outside as well") public static @NonNull com.helger.peppolid.factory.IIdentifierFactory getSBDHIdentifierFactory()
      Returns:
      The default identifier factory used to parse SBDH data. Never null.
      Since:
      3.0.1

    • setSBDHIdentifierFactory

      @ChangeNextMajorRelease("Remove the \'SBDH\' from the name - it\'s used outside as well") public static void setSBDHIdentifierFactory(@NonNull com.helger.peppolid.factory.IIdentifierFactory a)
      Set the default identifier factory used to parse SBDH data.
      Parameters:
      a - The identifier factory to use. May not be null.
      Since:
      3.0.1

    • isPerformSBDHValueChecks

      public static boolean isPerformSBDHValueChecks()
      Returns:
      true if SBDH value checks are enabled, false if they are disabled.
      Since:
      0.12.1

    • setPerformSBDHValueChecks

      public static void setPerformSBDHValueChecks(boolean b)
      Enable or disable the SBDH value checks. By default checks are enabled.
      Parameters:
      b - true to enable the checks, false to disable them
      Since:
      0.12.1

    • isCheckSBDHForMandatoryCountryC1

      @Deprecated(forRemoval=true, since="4.2.4") public static boolean isCheckSBDHForMandatoryCountryC1()
      Deprecated, for removal: This API element is subject to removal in a future version.
      This is deprecated, because the feature is required for years, so there is no need anymore to disable this feature
      Returns:
      true if the Country C1 element in the SBDH of received messages is mandatory, and if such messages should be rejected, if that field is missing. By default it is enabled.
      Since:
      2.7.1

    • setCheckSBDHForMandatoryCountryC1

      @Deprecated(forRemoval=true, since="4.2.4") public static void setCheckSBDHForMandatoryCountryC1(boolean b)
      Deprecated, for removal: This API element is subject to removal in a future version.
      This is deprecated, because the feature is required for years, so there is no need anymore to disable this feature
      Set whether the check for the mandatory Country C1 element in SBDH of received message is mandatory or not. By default it is enabled.
      Parameters:
      b - true to check, false to disable the check.
      Since:
      2.7.1

    • isCheckSigningCertificateRevocation

      public static boolean isCheckSigningCertificateRevocation()
      Returns:
      true if the signing certificate should be checked for revocation, false if not.
      Since:
      2.7.1

    • setCheckSigningCertificateRevocation

      public static void setCheckSigningCertificateRevocation(boolean b)
      Set whether the signing certificate should be checked for revocation or not.
      Parameters:
      b - true to check, false to disable the check (not recommended).
      Since:
      2.7.1

    • getAPCAChecker

      public static @Nullable com.helger.security.certificate.TrustedCAChecker getAPCAChecker()
      Returns:
      The Peppol AP CA checker to be used. May be null (since v3.2.2).
      Since:
      3.0.3

    • setAPCAChecker

      public static void setAPCAChecker(@Nullable com.helger.security.certificate.TrustedCAChecker a)
      Set the Peppol CA checker to be used.
      Parameters:
      a - The Peppol CA checker to be used. May be null (since v3.2.2).
      Since:
      3.0.3

    • isAPRevocationSoftFail

      public static boolean isAPRevocationSoftFail()
      Returns:
      true to accept ECertificateCheckResult.REVOCATION_STATUS_UNKNOWN from the AP CA checker as valid (soft-fail), false to treat it as invalid. Defaults to CertificateRevocationCheckerDefaults.isAllowSoftFail(). Applies to the inbound signing certificate check.
      Since:
      4.5.0

    • setAPRevocationSoftFail

      public static void setAPRevocationSoftFail(boolean b)
      Set whether an undeterminable revocation status of the inbound AP signing certificate is accepted as valid (soft-fail) instead of being rejected.

      Security note: Peppol mandates revocation checks. Enabling soft-fail allows an inbound message with a potentially-revoked AP signing certificate to be accepted during a CRL/OCSP outage. Use only as a deliberate operational-continuity measure.

      Parameters:
      b - true to accept unknown revocation status, false to reject.
      Since:
      4.5.0

    • getAPCacheRevocationCheckResult

      public static @NonNull com.helger.base.state.ETriState getAPCacheRevocationCheckResult()
      Returns:
      The revocation result caching override applied during the inbound signing certificate check. ETriState.UNDEFINED (the default) means "use the JVM-wide default from CertificateRevocationCheckerDefaults".
      Since:
      4.5.0

    • setAPCacheRevocationCheckResult

      public static void setAPCacheRevocationCheckResult(@NonNull com.helger.base.state.ETriState e)
      Override the revocation result caching flag for the inbound signing certificate check.
      Parameters:
      e - ETriState.TRUE to use the global revocation cache, ETriState.FALSE to bypass it, ETriState.UNDEFINED (the default) to use the JVM-wide default from CertificateRevocationCheckerDefaults. May not be null.
      Since:
      4.5.0

    • getAPRevocationCheckMode

      public static @Nullable com.helger.security.revocation.ERevocationCheckMode getAPRevocationCheckMode()
      Returns:
      The revocation check mode override applied during the inbound signing certificate check. null (the default) means "use the JVM-wide default from CertificateRevocationCheckerDefaults".
      Since:
      4.5.0

    • setAPRevocationCheckMode

      public static void setAPRevocationCheckMode(@Nullable com.helger.security.revocation.ERevocationCheckMode e)
      Override the revocation check mode for the inbound signing certificate check.
      Parameters:
      e - The revocation check mode to use. null (the default) means "use the JVM-wide default from CertificateRevocationCheckerDefaults".
      Since:
      4.5.0

    • getAsReceiverCheckDataBuilder

      public static @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder getAsReceiverCheckDataBuilder()
      Get the statically configured data as a Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder instance. This allows for modification before building the final object.
      Returns:
      Completely filled builder. Never null.
      Since:
      3.0.0 Beta7

    • getAsReceiverCheckData

      public static @NonNull Phase4PeppolReceiverConfiguration getAsReceiverCheckData()
      Get the statically configured data as a Phase4PeppolReceiverConfiguration instance.
      Returns:
      The instance data and never null.
      Since:
      0.9.13