This page collects shared resources and information that can be useful for PoC implementers in preparation for the eDelivery Interoperability Event organised in June 2024. More content may be published as it becomes available, so please check regularly.

In case you'd like to share content with the community, please write to us at EC-EDELIVERY-SUPPORT@ec.europa.eu and we will publish it on this page as appropriate.

1. Java library support

If you are using Java, you can take advantage of the libraries published in the eDelivery Nexus repository (download manually here) or build them from the source code available on GitHub (branch ec-interop-forum). These libraries already contain implementations of the new security standards and eDelivery 2.0 profile changes. Please note that these artefacts are intended solely for testing/demo purposes and should not be used in production. We provide them only as an interim solution until Apache accepts the contributions and releases official artefacts that support the algorithms used in eDelivery AS4 2.0.

Here are the available artefacts (not meant for production!):

  • eu.europa.ec.edelivery.apache.santuario:xmlsec:3.0.5-RC01
  • eu.europa.ec.edelivery.apache.wss4j:*:3.0.4-RC02 (See the note below about the release of a new version)
  • eu.europa.ec.edelivery.apache.cxf:*:4.0.5-RC01

For an example on how to configure apache-cxf for eDelivery AS4 - 2.0 (2024 PR draft), see WSS4JInOutWithAttachmentsTest.java.

The provided libraries were built from the latest Apache code for the following library versions:

  • org.apache.santuario:xmlsec:3.0.5-SNAPSHOT
  • org.apache.wss4j:*:3.0.4-SNAPSHOT
  • org.apache.cxf:*:4.0.5-SNAPSHOT

Please write to us at EC-EDELIVERY-SUPPORT@ec.europa.eu to:

  • notify us if you use these libraries so that we can let you know in case a new version is published or in case you can switch to the official Apache ones once they are officially released. (In case we publish new versions, they will have increasing -RCx suffixes.)
  • share your feedback
  • ask for support


Important note: New version of eu.europa.ec.edelivery.apache.wss4j:*:3.0.4-RC02

On 12 June 2024, a new version of Apache WSS4J was released: eu.europa.ec.edelivery.apache.wss4j:*:3.0.4-RC02

This updated library enhances incoming message validation for key agreement and key derivation functions. By utilizing the new library, you can configure a WSS4JInInterceptor on the receiving side to validate required algorithms, including encryption algorithms, key wrapping algorithms, agreement methods, and key derivation functions.

WSS4JInInterceptor
...
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE
        + " " + ConfigurationConstants.ENCRYPTION);
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "****");
inProperties.put(ConfigurationConstants.USER, signAlias);

// validation of incoming message
inProperties.put(ConfigurationConstants.ENC_SYM_ALGO, WSS4JConstants.AES_128_GCM);
inProperties.put(ConfigurationConstants.ENC_KEY_TRANSPORT, WSS4JConstants.KEYWRAP_AES128);
inProperties.put(ConfigurationConstants.ENC_KEY_AGREEMENT_METHOD, WSS4JConstants.AGREEMENT_METHOD_X25519);
inProperties.put(ConfigurationConstants.ENC_KEY_DERIVATION_FUNCTION, WSS4JConstants.KEYDERIVATION_HKDF);
....


2. Crypto tool

This crypto tool simulates a lightweight Access Point which can be used to generate and verify security headers (signature and encryption) of the AS4 UserMessage using the eDelivery AS4 2.0 profile.

The tool is intended for the AP software vendors to validate if the new security headers for eDelivery AS4 2.0 profile are implemented correctly.

The crypto tool can be downloaded from Nexus and you can find the source code in BitBucket. In order to use the crypto tool please follow the instructions.


  • No labels