mendelson opensource AS4 1.0 b25 released

Profile picture for user service

Hello all,

we have released a new version of the mendelson AS4 community edition. These are the release notes:

Modifications and changes:

*On the input side, the file names of the payloads are now retained. If a file of this name already exists in the inbox directory,
this file will be extended by a unique character string.
*You can now search in the server log using a dialog found in the user interface.
Since the log data is independent of the database, the logs are retained until the log directories of the respective date are deleted
at certain points in time. For the search purpose the structure of the log files was changed
*In the file dialog for incoming and outgoing files you can choose an XML view in the tree view now - also for the SOAP part. This should help
giving a better overview of the data structure
*The configuration check now includes a check for the mendelson test keys - configuration problems will be displayed if they are used to
encrypt data or as an SSL/TLS key
*The status bar in all client components has been updated
*The fingerprint in SHA-256 has been added to the certificate info
*Conversion of the directory polling process to nonblocking IO (NIO) - this should be be more resource-saving
*Storing incoming messages was set to nonblocking IO (NIO) - this should be more resource-saving
*System events have been introduced which are stored independent of the database in the file system. These release the System Activity Log off and
let the client search them. The new notification system accesses these system events directly and notifies the user in a separate process.
Previous mail flooding is prevented. Since incorrect transactions are also considered system events, the they can be tracked for as long as
you like via this mechanism. The system events can be searched by free text search.
*The SMTP connection to the mail server for notification supports now TLS 1.2 and TLS 1.3
*The format of the server log has been changed - it now works for conversion id and message number. Thus, the transaction log will not be lost
as long as the directories of the log are available.
*Support of TLS 1.3 for data transmission
*The test keys key1 and key2 have been replaced in the initial configuration by the new test keys key3 and key4, which have been delivered as
additional keys in all versions since one year. key1 and key2 will expire 08/2019.
*Java 11 is now system requirement
*There is a new dialog to create a partner
*The values "KeyTransportEncryptionAlg" and "Mask Generation Function" are adjustable per partner. The background is that ENTSOG wishes to switch the
underlaying algorithms to SHA-2
*An ENTSOG v2.4 profile was necessary and has been added because of ENTSOG incompatibilities between their versions

Fixes:

*There was a change in both the underlying JVM Crypto and the BC Crypto API - certificates with incorrect structure were rejected.
The error message was "invalid info structure in RSA public key". This is now ignored - although the certificate structure remains incorrect
*The HTTP Client Authentication did not work

3rd party software updates:

*Update from wss4j 2.1.8 to wss4j 2.2.1 (Web Service Security For Java)
*Update to Bouncycastle v160 (Crypto API)
*Update to HSQLDB 2.41 (database system)
*Update from axiom 1.2.20 to 1.2.21 (XML generation API, the previous version did not support Java 11)
*Update xmlsec 2.0.7 to 2.0.8 (XML security API)
*Update of jetty 9.2.9 to 9.2.25 (integrated webserver)
*Update to HTTPClient 4.5.6 (httpcomponents-client-4.5.6)
*Update of commons IO 2.5 to commons IO 2.6 (IO lib)

Please download your copy at http://mendelson-e-c.com/as4

---
Thank you all for your feedback and your help

Your mendelson dev team

Forum
AS4

Comments

Permalink

Hi Team,

After upgrading to the newest version of AS4. I got below issue:

[3:19:37 PM] [Order processor] Error during message generation: [java.lang.Exception]: The certificate with the SHA-1 fingerprint "FA:1B:02:DC:FC:CB:14:D8:C7:02:A2:45:D4:9A:63:41:C7:9B:C7:BE" does not exist. ([Security Generation] mendelsonAS4, create signature)
[3:19:37 PM] [Order processor] A problem occured during outbound order processing: [The certificate with the SHA-1 fingerprint "FA:1B:02:DC:FC:CB:14:D8:C7:02:A2:45:D4:9A:63:41:C7:9B:C7:BE" does not exist. ([Security Generation] mendelsonAS4, create signature)]

I imported keypair from my .jks keystore file and used it to encrypt/sign the test payload.
I did not face the issue with previous release.

Could you please help?

Best Regards,

Steven Nguyen

Profile picture for user service
Permalink

Steven,

all certificates are identified by their fingerprint. Means you have to check your partner config which certificate you have assigned and if it exists.

Regards