diff --git a/README.md b/README.md index 355550f..7fa37f1 100644 --- a/README.md +++ b/README.md @@ -25,13 +25,16 @@ The Validator is just an engine and does not know anything about XML documents a Validation rules and details are defined in [validation scenarios](docs/configurations.md) which are used to fully configure the validation process. All configurations are self-contained modules which are deployed and developed on their own. -### Third party validation configurations +### Example validation configurations -Here are two public third party validation configurations available which might serve as examples: +Here are some public validation configurations: -* Validation Configuration for [XRechnung](http://www.xoev.de/de/xrechnung): +* Validation Configuration for [XRechnung](https://xeinkauf.de/xrechnung/): * Source code is available on [GitHub](https://github.com/itplr-kosit/validator-configuration-xrechnung) * [Releases](https://github.com/itplr-kosit/validator-configuration-xrechnung/releases) can also be downloaded +* Validation Configuration for [Peppol BIS Billing](docs.peppol.eu/poacc/billing/3.0/): + * Source code is available on [GitHub](https://github.com/itplr-kosit/validator-configuration-bis) + * [Releases](https://github.com/itplr-kosit/validator-configuration-bis/releases) can also be downloaded * Validation Configuration for [XGewerbeanzeige](https://xgewerbeanzeige.de/) * Source code is available on [GitHub](https://github.com/itplr-kosit/validator-configuration-xgewerbeanzeige) * [Releases](https://github.com/itplr-kosit/validator-configuration-xgewerbeanzeige/releases) can also be downloaded @@ -42,7 +45,7 @@ The Validator can be used in three different ways: * as standalone application running from the CLI * as library embedded within a custom application -* as a daemon providing a http interface +* as a daemon providing an http interface ### Standalone Command Line Interface (CLI) @@ -51,18 +54,18 @@ The Validator can be used in three different ways: The general way using the CLI is: ```shell -java -jar validator--standalone.jar -s -r +java -jar validator--standalone.jar -s [-r ] [OPTIONS] [FILE] [FILE] [FILE] ... ``` The help option displays further CLI options to customize the process: ```shell -java -jar validator--standalone.jar --help +java -jar validator--standalone.jar --help ``` -A concrete example with a specific validator configuration can be found on -[GitHub](https://github.com/itplr-kosit/validator-configuration-xrechnung) +A concrete example with a specific Validator configuration can be found on +[validator-configuration-bis](https://github.com/itplr-kosit/validator-configuration-bis) The [CLI documentation](./docs/cli.md) shows further configuration options. diff --git a/docs/api.md b/docs/api.md index caa93fe..5e03c85 100644 --- a/docs/api.md +++ b/docs/api.md @@ -92,25 +92,26 @@ public class StandardExample { ``` The `Result` interface has convenience methods to retrieve details about XSD validation errors and Schematron messages and other processing results. See -[Result.java](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/Result.java) for details. +[Result.java](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/Result.java) for details. + Initializing all XML artifacts and XSLT-executables is expensive. The `Check` instance is *threadsafe* and keeps all artifacts. Therefore, we recommend the re-use of a `Check` instance. -Beside the validator's configuration the only input are instances of [Input](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/Input.java) -which can be created by various methods of the [InputFactory](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/InputFactory.java). -The [InputFactory](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/InputFactory.java) +Beside the validator's configuration the only input are instances of [Input](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/Input.java) +which can be created by various methods of the [InputFactory](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/InputFactory.java). +The [InputFactory](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/InputFactory.java) calculates a hash sum for each Input which is also written to the Report. _SHA-256_ from the JDK is the default algorithm. -It can be changed using other `read`-methods of [InputFactory](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/InputFactory.java). +It can be changed using other `read`-methods of [InputFactory](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/InputFactory.java). -The main interface [Check.java](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/Check.java) -allows using a batch interface (processing list of [Inputs](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/Input.java)). +The main interface [Check.java](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/Check.java) +allows using a batch interface (processing list of [Inputs](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/Input.java)). However, there is no parallel processing implemented at the moment. ## Accept Recommendation and Accept Match -A tri-state object [AcceptRecommendation](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/AcceptRecommendation.java) -can be retrieved from the [Result](https://github.com/itplr-kosit/validator/blob/master/src/main/java/de/kosit/validationtool/api/Result.java) using `getAcceptRecommendation()`. +A tri-state object [AcceptRecommendation](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/AcceptRecommendation.java) +can be retrieved from the [Result](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/api/Result.java) using `getAcceptRecommendation()`. The three defined states are: @@ -195,15 +196,15 @@ When using XML related technologies you are supposed to handle certain security * allows loading/resolving only from a configured local content repository (a specific folder) * tries to prevent known XML security issues (see [OWASP XML_Security_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/XML_Security_Cheat_Sheet.html)) -However, you can configure certain aspects related to resolving and security yourself. The validator uses a single interface for accessing or creating the necessary XML API objects like `SchemaFactory`, `Validator`,`URIResolver` or `Processor`: [ResolvingConfigurationStrategy.java](https://github.com/itplr-kosit/validator/tree/master/src/main/java/de/kosit/validationtool/api/ResolvingConfigurationStrategy.java) +However, you can configure certain aspects related to resolving and security yourself. The validator uses a single interface for accessing or creating the necessary XML API objects like `SchemaFactory`, `Validator`,`URIResolver` or `Processor`: [ResolvingConfigurationStrategy.java](https://github.com/itplr-kosit/validator/tree/main/src/main/java/de/kosit/validationtool/api/ResolvingConfigurationStrategy.java) There are 3 implementations available out of the box: -1. [StrictRelativeResolvingStrategy.java](https://github.com/itplr-kosit/validator/tree/master/src/main/java/de/kosit/validationtool/impl/xml/StrictRelativeResolvingStrategy.java) +1. [StrictRelativeResolvingStrategy.java](https://github.com/itplr-kosit/validator/tree/main/src/main/java/de/kosit/validationtool/impl/xml/StrictRelativeResolvingStrategy.java) which is the **default**, prevents known XML attacks and only allows loading from a specific local repository location -1. [StrictLocalResolvingStrategy.java](https://github.com/itplr-kosit/validator/tree/master/src/main/java/de/kosit/validationtool/impl/xml/StrictLocalResolvingStrategy.java) +1. [StrictLocalResolvingStrategy.java](https://github.com/itplr-kosit/validator/tree/main/src/main/java/de/kosit/validationtool/impl/xml/StrictLocalResolvingStrategy.java) which opens the first strategy to load resources from local locations -1. [RemoteResolvingStrategy.java](https://github.com/itplr-kosit/validator/tree/master/src/main/java/de/kosit/validationtool/impl/xml/RemoteResolvingStrategy.java) +1. [RemoteResolvingStrategy.java](https://github.com/itplr-kosit/validator/tree/main/src/main/java/de/kosit/validationtool/impl/xml/RemoteResolvingStrategy.java) which further opens the second to load resources also from remote locations via http and https You can configure usage of one of these implementations using the `ResolvingMode` via @@ -222,6 +223,6 @@ final Configuration config = Configuration.load(URI.create("myscenarios.xml")) --- -:warning: **Attention:** If you decide to implement a custom strategy you need to handle XML security risks on your own. Please make sure, that you prevent XXE and other kind of attacks. Consider using [BaseResolvingStrategy.java](https://github.com/itplr-kosit/validator/tree/master/src/main/java/de/kosit/validationtool/impl/xml/BaseResolvingStrategy.java) and the protected methods within to disable certain features. +:warning: **Attention:** If you decide to implement a custom strategy you need to handle XML security risks on your own. Please make sure, that you prevent XXE and other kind of attacks. Consider using [BaseResolvingStrategy.java](https://github.com/itplr-kosit/validator/blob/main/src/main/java/de/kosit/validationtool/impl/xml/BaseResolvingStrategy.java) and the protected methods within to disable certain features. ---