This repository contains the PEPPOL Access Point, named Oxalis, which was developed by SendRegning.

The Oxalis solution is an enhancement of the PEPPOL Sample Implementation and can be used used as a complete standalone PEPPOL solution or as an API from your own code.

Out of the box it persists raw transfer statistics to a database and inbound messages to a filesystem. Persistence have been modularized so you can provide your own implementation if you need to send inbound messages to a message queue, a workflow engine, a document archive or others.

It comes with a basic command line tool for sending messages, outbound raw statistics are also persisted to the database.

Binary distributions are available at Difi.

• Support for MySQL, MS-Sql and Oracle for raw statistics (oxalis.jdbc.dialect property)
• Support for new EHF and BIS formats based on UBL (OIOUBL, NESUBL, Svefaktura etc)
• Inbound persistence stores transport metadata as JSON file
• Inbound persistence stores full payload as XML file (whole SBDH for AS2)
• Fixed potential issues communicating with "POODLE" patched servers

• Maven grouping was changed to no.difi.oxalis (was no.sendregning.ap), make sure you update local dependencies
• Overriding DocumentId, ProcessId, Sender, Receiver and endpoint URL is no longer allowed in production mode
• New configuration parameter for SQL-dialect oxalis.jdbc.dialect (see usage in oxalis-commons/src/main/resources/oxalis-global.properties)

(1) Receives messages using AS2 or START protocol and stores them in the filesystem as default.

(2) Can be incorporated into any system which needs to send PEPPOL documents.

(3) Serves as example code on how to send a business documents using the oxalis-outbound component.

• make sure Tomcat 7 is installed
• make sure Metro 2.2.1-1 is installed (in Tomcat for inbound and webservices-api.jar as endorsed lib for standalone/outbound)
• make sure MySQL 5.6 is installed (the free version is named MySQL Community Server)
• make sure that Tomcat is up and running and that manager is available with user manager/manager
• make sure that Tomcat is also up and running on SSL at localhost:443 (unless you terminate SSL in front of Tomcat)
• make sure that ''your'' keystore.jks is installed in a known directory (separate instructions for constructing the keystore)
• Create an OXALIS_HOME directory and edit the file oxalis-global.properties
• Add OXALIS_HOME environment variable to reference that directory
• Build Oxalis yourself (see below) or download the binary artifacts provided by Difi
• Deploy oxalis.war to your Tomcat webapps directory
• Send a sample invoice; modify example.sh to your liking and execute it.
• See the installation guide for more additional details.
• If you need to modify any of the source code, you are advised to read the Oxalis developer notes

• Sending failed ... Received fatal alert: handshake_failure happens when Oxalis cannot establish HTTPS connection with the remote server. Usually because destination AccessPoint has "poodle patched" their HTTPS server. Oxalis v3.1.0 contains fixes for this, so you need to upgrade. See the OxalisCommunity#197 for more info.

• Provider net.sf.saxon.TransformerFactoryImpl not found might be an XSLT implementation conflice between Oxalis and the VEFA validator. VEFA needs XSLT 2.0 and explicitly set Saxon 9 as the transformer engine to the JVM. Since Saxon 9 is not used and included with Oxalis you'll end up with that error on the Oxalis side. To get rid of the error make sure you run Oxalis and VEFA in separate Tomcats/JVM processes.

• ValidatorException: PKIX path building failed is probably because the receivers SSL certificate does not contain the correct certificate chain. The AS2 implementation needs to validate the SSL certificate chain and any intermediate certificates needs to be present. See the OxalisCommunity#173 for more info.

• Internal error occured: null when receiving might be due to a bug in some Apache Tomcat versions. The full error message logged is ERROR [eu.peppol.inbound.server.AS2Servlet] [] Internal error occured: null followed by a stack trace with java.lang.NullPointerException: null. To resolve this upgrade Tomcat to a newer version, take a look at OxalisCommunity#179 for more details.

Note that the Oxalis "head" revision on master branch is often in "flux" and should be considered a "nightly build". The official releases are tagged and may be downloaded by clicking on Tags.

• make sure Maven 3 is installed
• make sure JDK 6 is installed (the version we have tested with)
• pull the version of interest from GitHub.
• from oxalis root directory run : mvn clean install
• verify that everything is configured : mvn clean install -Pit-test (runs the integration tests)
• locate assembled artifacts in oxalis-distribution/target/oxalis-distribution-<version.number>-distro/ (after integration tests)

• At oxalis-standalone/src/main/bash you will find some shell scripts :
  • fetch-metatdata.sh is a freestanding SML + SMP lookup utility (example usage ./fetch-metadata.sh 9908:810017902)
  • keystore.sh contains example commands for constructing keystores and truststores
  • smp.sh simple SMP lookup for a given participant id (example usage ./smp.sh -p 9908:810017902 -g)

By default Oxalis publish 4 web addresss listed in the table below. The table describes their use and give some hints on how to secure those addresses. A pretty standard scenario is to use some kind load balancer and SSL offloader in front of the appserver running Oxalis. This could be open / free software like Nginx and Apache or commercial software like NetScaler and BigIP. All such front end software should be able to enforce security like the one suggested below.