IDS-Messaging-Services 7.0.0

Organizational Note (major change):

The IDSA repository of the IDS-Messaging-Services is maintained by sovity GmbH as of this release. This changes the naming of the internal package structure and, most importantly, the repository in which the artifacts are published.

The new repository can be included in projects as follows. As of version 7.0.0, the releases are published here:

<repository>
    <id>sovity-public</id>
    <url>https://pkgs.dev.azure.com/sovity/5bec6cbd-c80a-47ac-86ce-1deb26cee853/_packaging/artifact/maven/v1</url>
</repository>

Minor Change: Logging of incoming and outgoing messages

It is as of now possible to log incoming messages (header, not payload), send requests and received responses to send requests. Following new optional application.properties settings are provided to enable or disable logging:

• messaging.log.incoming=true/false Logs all incoming messages at info level (incoming requests + incoming responses to self-send requests). Default if not set is false = turned off.
• messaging.log.outgoing=true/false Logs all outgoing messages at info level (outgoing requests + outgoing responses to incoming requests). Default if not set is false = turned off.

Patch Change: Fixes

• ReferingConnector validation (PR 526)

Patch Change: Other

• Added log-codes for event severity Info (PR 537)
• Changed name and id of eis-ids-public repository in pom.
• Added negative leeway for expiration of cached DAT (PR 527)

Patch Change: Dependency Maintenance

• Upgrade: maven-dependency-plugin 3.2.0 -> 3.3.0 (PR 446)
• Upgrade: maven-compiler-plugin 3.10.0 -> 3.10.1 (PR 445)
• Upgrade: com.puppycrawl.tools:checkstyle 9.3 -> 10.2 (PR 442, PR 520)
• Upgrade: org.springframework:spring-webmvc 5.3.15 -> 5.3.20 (PR 438, PR 453, PR 512, PR 453)
• Upgrade: org.springframework:spring-core 5.3.15 -> 5.3.20 (PR 438, PR 453, PR 512, PR 453)
• Upgrade: org.springframework:spring-web 5.3.15 -> 5.3.20 (PR 438, PR 453, PR 512, PR 453)
• Upgrade: org.springframework:spring-test 5.3.15 -> 5.3.20 (PR 438, PR 453, PR 512, PR 453)
• Upgrade: org.springframework:spring-tx 5.3.15 -> 5.3.20 (PR 438, PR 453, PR 512, PR 453)
• Upgrade: org.springframework.boot:spring-boot-starter-test 2.6.3 -> 2.7.0 (PR 440, PR 512, PR 453, PR 531)
• Upgrade: org.springframework.boot:spring-boot-starter 2.6.3 -> 2.7.0 (PR 441, PR 512, PR 453, PR 531)
• Upgrade: org.json:json 20211205 -> 20220320 (PR 454)
• Upgrade: org.bitbucket.b_c:jose4j 0.7.10 -> 0.7.12 (PR 455, PR 517)
• Upgrade: maven-surefire-plugin 2.19.1 -> 2.22.2 (PR 515)
• Upgrade: org.junit.platform:junit-platform-surefire-provider 1.0.3 -> 1.3.2 (PR 515)
• Upgrade: org.apache.jena:jena-core 4.4.0 -> 4.5.0 (PR 520)
• Upgrade: org.projectlombok:lombok 1.18.22 -> 1.18.24 (PR 520)
• Upgrade: org.apache.maven.plugins:maven-javadoc-plugin 3.3.2 -> 3.4.0 (PR 520)
• Upgrade: com.fasterxml.jackson.core:jackson-databind 2.9.10.8 -> 2.13.3 (PR 516)
• Add: com.fasterxml.jackson.core:jackson-annotations 2.13.3 (PR 516)
• Remove: deprecated junit-platform-surefire-provider and use built-in support in surefire >= 2.22.0 instead (PR 525)

IDS-Messaging-Services 6.1.0

Version [6.1.0] 2022-02-17

Minor Change: New ConnectorFingerprintProvider

• The static call ConnectorFingerprintProvider.fingerprint can be used to retrieve the aki/ski connector fingerprint from now on. This fingerprint is determined at the start of the connector based on its certificate. With each reload of the keystoremanager and thus potential change of the connector certificate, the entry is regenerated. If no valid connector certificate with the required aki/ski information is available, the Optional<String> fingerprint will be empty. (PR 431)

Patch Change: Infomodel compatibility RejectionMessage refactoring

• If the modelVersion of an inbound message is not compatible with the inbound model versions list in the connector configuration and validation is active, the version of the received message as well as the list of supported versions will now be included in the RejectionMessage. Example: Infomodel version of incoming Message not in supported inbound model version list! [incoming=(4.2.3), supported=([4.2.0, 4.2.1, 4.2.2])] (PR 432)

Patch Change: Dependency Maintenance

• Upgrade: org.apache.jena:jena-core 4.3.2 -> 4.4.0 (PR 426)
• Upgrade: org.apache.maven.plugins:maven-javadoc-plugin 3.3.1 -> 3.3.2 (PR 428)
• Upgrade: maven-compiler-plugin 3.9.0 -> 3.10.0 (PR 429)
• Upgrade: org.bitbucket.b_c:jose4j 0.7.9 -> 0.7.10 (PR 430)

IDS-Messaging-Services 6.0.1

Version [6.0.1] 2022-01-31

Patch Change: Dependency Maintenance

• Upgrade: com.puppycrawl.tools:checkstyle 9.2.1 -> 9.3 (PR 425)
• Upgrade: org.springframework.boot:spring-boot-starter-test 2.6.2 -> 2.6.3 (PR 423)
• Upgrade: org.springframework.boot:spring-boot-starter 2.6.2 -> 2.6.3 (PR 423)
• Upgrade: transitive com.fasterxml.jackson.core:jackson-databind to v2.9.10.8

IDS-Messaging-Services 6.0.0

Version [6.0.0] 2022-01-19

Major Change: dat issuer and public key kid are read from the received token

• Until now, the two application.properties variables daps.key.url and daps.key.url.kid were used to determine the issuer-url and the key-id (kid) under which the public key of the issuer of the DAT of a received message can be requested. This information is now dynamically read directly from the DAT received (header:kid, payload:iss), which are mandatory fields for a DAT. As a result, the two settings variables mentioned above are omitted. Due to the consequential changes, there are now major changes when using the getClaims method of the DapsValidator, since this method is no longer static and no longer needs to be passed the public key as a parameter. (Issue 418)

Patch Change: Fixes

• When retrieving data from APIs outside the IDS context reusing the HTTP client of the Messaging-Services, there could be a problem with GZIP compressed API responses. An additional response interceptor has been added to handle all GZIP compressed responses, regardless of the details of the original request send. (Issue 399)

Patch Change: Infomodel Maintenance

• Update combination of used artifacts: java (v4.2.7), serializer (v4.2.8), interaction (v4.2.7) (PR 402)

Patch Change: Dependency Maintenance

• Upgrade: org.springframework.boot:spring-boot-starter-test 2.6.1 -> 2.6.2 (PR 410)
• Upgrade: org.springframework.boot:spring-boot-starter 2.6.1 -> 2.6.2 (PR 410)
• Upgrade: org.springframework:spring-webmvc 5.3.13 -> 5.3.15 (PR 400, PR 417)
• Upgrade: org.springframework:spring-core 5.3.13 -> 5.3.15 (PR 400, PR 417)
• Upgrade: org.springframework:spring-web 5.3.13 -> 5.3.15 (PR 400, PR 417)
• Upgrade: org.springframework:spring-test 5.3.13 -> 5.3.15 (PR 400, PR 417)
• Upgrade: org.springframework:spring-tx 5.3.13 -> 5.3.15 (PR 400, PR 417)
• Upgrade: org.apache.jena:jena-core 4.3.0 -> 4.3.2 (PR 393, PR 410)
• Upgrade: com.puppycrawl.tools:checkstyle 9.2 -> 9.2.1 (PR 410)
• Upgrade: maven-compiler-plugin 3.8.1 -> 3.9.0 (PR 411)

IDS-Messaging-Services 5.3.0

Version [5.3.0] 2021-12-13

Minor Change: New application.properties flags

• daps.jwt.signature.algorithm=RSA256/ECDSA256, to be able to choose between RSA 256 and ECDSA 256 as signature signing algorithm for the JWTs to the DAPS for the DAT request. Default if not set is RSA256 (using RSA as signing algorithm). (Issue 376)

Patch Change: Infomodel Maintenance

• Used Dependency Version: 4.2.8 (PR 391)
• Used Artifacts: java, infomodel-serializer, interaction

Patch Change: Dependency Maintenance

• Upgrade: org.springframework.boot:spring-boot-starter-test 2.6.0 -> 2.6.1 (PR 385, PR 373)
• Upgrade: org.springframework.boot:spring-boot-starter 2.6.0 -> 2.6.1 (PR 385, PR 373)
• Upgrade: org.junit.jupiter:junit-jupiter-engine 5.8.1 -> 5.8.2 (PR 382)
• Upgrade: org.junit.jupiter:junit-jupiter-api 5.8.1 -> 5.8.2 (PR 382)
• Upgrade: org.junit.jupiter:junit-jupiter 5.8.1 -> 5.8.2 (PR 382)
• Upgrade: com.puppycrawl.tools:checkstyle 9.1 -> 9.2 (PR 381)
• Upgrade: org.bouncycastle:bcprov-jdk15on 1.69 -> 1.70 (PR 388)
• Upgrade: org.bouncycastle:bcmail-jdk15o 1.69 -> 1.70 (PR 388)
• Upgrade: org.json:json 20210307 -> 20211205 (PR 389)
• Upgrade: org.apache.jena:jena-core 4.2.0 -> 4.3.0 (PR 390)

IDS-Messaging-Services 5.2.0

Version [5.2.0] 2021-11-24

Minor Change: New application.properties flags

• daps.enable.log.jwt=true/false, to enable DAPS response logging including the JWT. Default if not set is false (logging not enabled). (PR 353)
• daps.enable.cache.dat=true/false, enables or disables caching of DAPS DAT. Default if not set is true (caching enabled). (PR 354)
• daps.time.offset.seconds=<INTEGER>, to freely configure a possible time difference between the system of the connector and the DAPS. The entered interger value is subtracted from the current time in the form of seconds and the isa and nbf are set in the JWT from the connector to the DAPS with the adjusted time. Default if not set is 10 (current time minus 10 seconds). (PR 354)

Patch Change: Enhancements

• If the validation of the SecurityProfile is performed and is not successful, the reason is now also output in the logs. Possible reasons: no security profile given in DAT; registered security profile at DAPS does not match given security profile in message. (PR 352)
• When a DAPS DAT is received, the expiry time is cached directly when the DAT is received instead of being read from the claims for each message to be sent. Prevents an error-log-message from the JWT parser. (Issue 351)
• When using a cached DAPS DAT for sending a message, the expiration date is now logged at info-level, e.g. Using cached DAPS DAT. [expiration=(Thu Nov 11 13:08:13 CET 2021)] (PR 354)

Patch Change: Infomodel Maintenance

• Used Dependency Version: 4.2.7 (PR 350)
• Used Artifacts: java, infomodel-serializer, interaction
• Note: There can be major changes depending on the setup, identified by us could be following:
  • Configmodel: value of ids:hasDefaultEndpoint @id needs to be different from values of ids:curator @id and ids:maintainer @id, was allowed before (e.g. for testing).
  • Serializer: tokenvalue of DynamicAttributeToken must not contain an empty string anymore (e.g. for testing or also in incoming requests), otherwise the serializer throws an IOException during deserializing -> The following mandatory field(s) of DynamicAttributeToken are not filled or invalid: ids:tokenValue. [...]. This change has no impact on the functionality of the TEST_DEPLOYMENT: if no DAT can be fetched, we use a dummy value as tokenvalue and thus no empty string. However, if, for whatever reason, requests are received with an empty tokenvalue in TEST_DEPLOYMENT, the serializer will now throw an IOException.

Patch Change: Dependency Maintenance

• Upgrade: org.springframework.boot:spring-boot-starter-test 2.5.6 -> 2.6.0 (PR 363, PR 373)
• Upgrade: org.springframework.boot:spring-boot-starter 2.5.6 -> 2.6.0 (PR 363, PR 373)
• Upgrade: org.springframework:spring-webmvc 5.3.12 -> 5.3.13 (PR 360)
• Upgrade: org.springframework:spring-core 5.3.12 -> 5.3.13 (PR 360)
• Upgrade: org.springframework:spring-web 5.3.12 -> 5.3.13 (PR 360)
• Upgrade: org.springframework:spring-test 5.3.12 -> 5.3.13 (PR 360)
• Upgrade: org.springframework:spring-tx 5.3.12 -> 5.3.13 (PR 360)
• Upgrade: com.puppycrawl.tools:checkstyle 9.0.1 -> 9.1 (PR 347)
• Upgrade: com.squareup.okhttp3:mockwebserver 4.9.2 -> 4.9.3 (PR 371)
• Upgrade: com.squareup.okhttp3:okhttp 4.9.2 -> 4.9.3 (PR 372)

IDS-Messaging-Services 5.1.1

Version [5.1.1] 2021-10-26

Patch Change: Enhancements

• If the request for the DAPS DAT fails, the response body is additionally logged if present. (PR 342)

Patch Change: Infomodel Maintenance

• Used Dependency Version: 4.2.6 (PR 343)
• Used Artifacts: java, infomodel-serializer, interaction

Patch Change: Dependency Maintenance

• Upgrade: org.springframework.boot:spring-boot-starter-test 2.5.5 -> 2.5.6 (PR 341)
• Upgrade: org.springframework.boot:spring-boot-starter 2.5.5 -> 2.5.6 (PR 341)
• Upgrade: org.springframework:spring-webmvc 5.3.11 -> 5.3.12 (PR 341)
• Upgrade: org.springframework:spring-core 5.3.11 -> 5.3.12 (PR 341)
• Upgrade: org.springframework:spring-test 5.3.11 -> 5.3.12 (PR 341)
• Upgrade: org.springframework:spring-web 5.3.11 -> 5.3.12 (PR 341)
• Upgrade: org.springframework:spring-tx 5.3.11 -> 5.3.12 (PR 341)

IDS-Messaging-Services 5.1.0

Version [5.1.0] 2021-10-20

Minor Change: Validation referringConnector vs ids:issuerConnector

• New application.properties flag referred.check=true/false, to enable comparison between DAT claims referringConnector and ids:issuerConnector in message-header for the validation of incoming messages. Can only be used in PRODUCTIVE_DEPLOYMENT. Default if not set is false (not enabled). (PR 329)
• Automatically sends RejectionMessage on incoming messages if validation not passed. Example of text included in RejectionMessage: ids:issuerConnector in message-header (https://w3id.org/idsa/autogen/baseConnector/691b3a17-1e09-4a5a-9d9a-5627772222e9) does not match referringConnector in body of DAT claims (http://isst_ids_framework_demo_connector.demo)!

Patch Change: Enhancement Log-Codes

• Log-codes now exist for different log-levels. They allow easy search for the code location that produced the log. No log-code will be printed for log-info level. (PR 332)
• Syntax: IMS-XY-L-1234 shortened to IMSXYL1234. Will e.g. log as [code=(IMSCOE0001)].
  • IMS = IDS-Messaging-Services
  • XY = Subsystem Module (CO Core, AP AppStore, BR Broker, CL ClearingHouse, ME Messaging, PA Paris, VO Vocol)
  • L = Event Severity (E Error, W Warn, D Debug)
  • 1234 = Error number

Patch Change: Infomodel Maintenance

• Used Dependency Version: 4.2.5 (PR 330)
• Used Artifacts: java, infomodel-serializer, interaction

Patch Change: Dependency Maintenance

• Upgrade: org.springframework:spring-core 5.3.10 -> 5.3.11 (PR 326)
• Upgrade: org.springframework:spring-tx 5.3.10 -> 5.3.11 (PR 326)
• Upgrade: org.springframework:spring-webmvc 5.3.10 -> 5.3.11 (PR 326)
• Upgrade: org.springframework:spring-web 5.3.10 -> 5.3.11 (PR 326)
• Upgrade: org.springframework:spring-test 5.3.10 -> 5.3.11 (PR 326)
• Upgrade: org.springframework.boot:spring-boot-starter-test 2.5.4 -> 2.5.5 (PR 314)
• Upgrade: org.springframework.boot:spring-boot-starter 2.5.4 -> 2.5.5 (PR 314)
• Upgrade: org.junit.jupiter:junit-jupiter-engine 5.8.0 -> 5.8.1 (PR 311)
• Upgrade: org.junit.jupiter:junit-jupiter-api 5.8.0 -> 5.8.1 (PR 311)
• Upgrade: org.junit.jupiter:junit-jupiter 5.8.0 -> 5.8.1 (PR 311)
• Upgrade: com.squareup.okhttp3:okhttp 4.9.1 -> 4.9.2 (PR 317)
• Upgrade: com.squareup.okhttp3:mockwebserver 4.9.1 -> 4.9.2 (PR 318)
• Upgrade: com.puppycrawl.tools:checkstyle 9.0 -> 9.0.1 (PR 319)
• Upgrade: org.projectlombok:lombok 1.18.20 -> 1.18.22 (PR 320)

IDS-Messaging-Services 5.0.1

Version [5.0.1] 2021-09-21

Patch Change: Dependency Maintenance

• Upgrade: org.springframework:spring-webmvc 5.3.9 -> 5.3.10 (PR 300)
• Upgrade: org.springframework:spring-test 5.3.9 -> 5.3.10 (PR 299)
• Upgrade: org.springframework:spring-core 5.3.9 -> 5.3.10 (PR 297)
• Upgrade: org.springframework:spring-web 5.3.9 -> 5.3.10 (PR 301)
• Upgrade: org.springframework:spring-tx 5.3.9 -> 5.3.10 (PR 298)
• Replace: de.fraunhofer.iais.eis.ids:interaction org.apache.jena:jena-core 4.1.0 -> 4.2.0 (PR 303)

IDS-Messaging-Services 5.0.0

Version [5.0.0] 2021-09-14

Major Change: ClearingHouse Module - New Endpoint

• The ClearingHouse has a new endpoint, which allows the registration of a freely selectable PID that has not been assigned, whereby the PID access-authorized Connectors (Owners) must be specified as with their IDs in the body. As a result the previous existing functionality of the ClearingHouse module to log a message at the ClearingHouse, where the Messaging-Services randomly generated the PID, was removed (ClearingHouseService sendLogToClearingHouse). The new method is the ClearingHouseService.registerPidAtClearingHouse, which expects as parameters the desired PID and the IDs of the Connectors, which should all be set as Owners for the PID (can also be exactly 1 Connector-Id). (Issue 259)

Patch Change: Enhancements

• For incoming responses to sent requests, an IOException is now no longer thrown for response codes outside 200-299. These responses may also be valid IDS-messages, for example a RejectionMessage with the status BAD_REQUEST. (Issue 277)
• If the connector's proxy configuration contains an incorrect empty hostname or proxy, a warning message is now logged and an attempt is made to send the message without this proxy instead of throwing an IllegalArgumentException. (Issue 285)
• Due to an incorrect or missing connector configuration it could happen that the location of the KeyStore is null. This is now handled in the form of a KeyStoreManagerInitializationException and log message at KeyStoreManager init. (Issue 290)
• Outgoing messages can now be logged in loglevel:debug (requires loglevel-config:debug for IDS-Messaging-Services e.g.: <Loggername="de.fraunhofer.ids.messaging" level="debug"/>) . (Issue 284)
• Other minor enhancements to existing Javadoc.

Patch Change: Infomodel Maintenance

• Used Dependency Version: 4.2.3 (Issue 288)
• Used Artifacts: java, infomodel-serializer, interaction

Patch Change: Dependency Maintenance

• Upgrade: com.puppycrawl.tools:checkstyle 8.45.1 -> 9.0 (PR 275)
• Upgrade: org.apache.maven.plugins:maven-javadoc-plugin 3.3.0 -> 3.3.1 (PR 281)
• Upgrade: org.junit.jupiter:junit-jupiter 5.7.2 -> 5.8.0 (PR 295)
• Upgrade: org.junit.jupiter:junit-jupiter-api 5.7.2 -> 5.8.0 (PR 295)
• Upgrade: org.junit.jupiter:junit-jupiter-engine 5.7.2 -> 5.8.0 (PR 295)