From 84bdbba4334c105dc79c4e24350e2af0dd9f28a6 Mon Sep 17 00:00:00 2001 From: parerworker Date: Mon, 29 Jan 2024 12:58:39 +0100 Subject: [PATCH 1/4] [skip ci] Update project to latest tag verifica-firma-eidas-1.15.0 --- CHANGELOG.md | 6 + CONTAINER-SCAN-REPORT.md | 4 +- RELEASE-NOTES.md | 5 +- pom.xml | 49 +- pom.xml.github | 668 ++++++++++++++++++ .../core/bean/SignedDocumentValidatorExt.java | 108 --- .../core/helper/ReportRenderingHelper.java | 4 +- .../CustomRemoteDocumentValidationImpl.java | 8 +- .../validator/CMSDocumentValidatorExt.java | 81 --- .../eidas/validator/CMSNotEtfiValidator.java | 46 -- .../validator/CMSNotEtfiValidatorUtil.java | 67 -- .../CMSDocumentValidatorExtFactory.java | 49 -- .../factory/CMSNotEtfiValidatorFactory.java | 54 -- .../parer/eidas/web/config/DSSBeanConfig.java | 7 +- .../config/security/BaseSecurityConfig.java | 33 +- .../config/security/StrictSecurityConfig.java | 21 +- .../eng/parer/eidas/web/rest/AppInfosWs.java | 26 +- .../eidas/web/view/ValidationController.java | 1 + .../verifica-firma-eidas-template.yml | 47 +- ...ig.dss.validation.DocumentValidatorFactory | 2 - .../resources/ValidationMessages.properties | 21 - src/main/resources/application.yaml | 5 +- src/main/resources/policy/README.md | 7 + .../resources/policy/custom_constraint.xml | 568 +++++++++++++++ .../CustomRemoteDocumentValidationTest.java | 30 + 25 files changed, 1385 insertions(+), 532 deletions(-) create mode 100644 pom.xml.github delete mode 100644 src/main/java/it/eng/parer/eidas/core/bean/SignedDocumentValidatorExt.java delete mode 100644 src/main/java/it/eng/parer/eidas/validator/CMSDocumentValidatorExt.java delete mode 100644 src/main/java/it/eng/parer/eidas/validator/CMSNotEtfiValidator.java delete mode 100644 src/main/java/it/eng/parer/eidas/validator/CMSNotEtfiValidatorUtil.java delete mode 100644 src/main/java/it/eng/parer/eidas/validator/factory/CMSDocumentValidatorExtFactory.java delete mode 100644 src/main/java/it/eng/parer/eidas/validator/factory/CMSNotEtfiValidatorFactory.java delete mode 100644 src/main/resources/META-INF/services/eu.europa.esig.dss.validation.DocumentValidatorFactory delete mode 100644 src/main/resources/ValidationMessages.properties create mode 100644 src/main/resources/policy/README.md create mode 100644 src/main/resources/policy/custom_constraint.xml diff --git a/CHANGELOG.md b/CHANGELOG.md index c3d5f3a..611736f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,10 @@ +## 1.15.0 (29-01-2024) + +### Novità: 2 +- [#31006](https://parermine.regione.emilia-romagna.it/issues/31006) Introduzione PARER custom policy constraint.xml +- [#30988](https://parermine.regione.emilia-romagna.it/issues/30988) Aggiornamento libreria DSS 5.13 + ## 1.14.0 (05-12-2023) ### Novità: 1 diff --git a/CONTAINER-SCAN-REPORT.md b/CONTAINER-SCAN-REPORT.md index b3f4b71..dc16c7d 100644 --- a/CONTAINER-SCAN-REPORT.md +++ b/CONTAINER-SCAN-REPORT.md @@ -1,7 +1,7 @@ ## Container scan evidence CVE Image name: registry.ente.regione.emr.it/parer/okd/verifica-firma-eidas:sast -
Run date: Tue Dec 5 14:02:28 CET 2023 -
Produced by: Job +
Run date: Mon Jan 29 12:20:03 CET 2024 +
Produced by: Job
CVE founded: 0 | CVE | Description | Severity | Solution | |:---:|:---|:---:|:---| diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index e8fcde8..41a36dd 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,4 +1 @@ -## 1.14.0 (05-12-2023) - -### Novità: 1 -- [#30720](https://parermine.regione.emilia-romagna.it/issues/30720) Eliminazione delle logiche custom per estrarre informazioni dal report Eidas +## 1.15.0 (29-01-2024) diff --git a/pom.xml b/pom.xml index 72eac49..bc60870 100644 --- a/pom.xml +++ b/pom.xml @@ -2,10 +2,11 @@ 4.0.0 verifica-firma-eidas - 1.14.1-SNAPSHOT + 1.15.0 ${packaging.type} Verifica Firma EIDAS Progetto per effettuare firme e validazioni con librerie DSS (EIDAS) + https://nexus.ente.regione.emr.it/repository/parer-site/verifica-firma-eidas/${project.version}/ it.eng.parer @@ -21,8 +22,8 @@ false - 5.12.1 - 3.0.9 + 5.13 + 3.1.7 2.1.0 7.2 2.8.0 @@ -38,29 +39,22 @@ 6.4.0 2.7 - 1.8.0 + 1.9.0 it.eng.parer.eidas.web.VerificaFirmaEidasApplication - scm:git:https://github.com/RegioneER/parer-verifica-firma-eidas.git - HEAD + scm:git:git@gitlab.ente.regione.emr.it:parer/okd/verifica-firma-eidas.git + verifica-firma-eidas-1.15.0 - - github - https://maven.pkg.github.com/RegioneER/parer-verifica-firma-eidas - + + site + dav:https://nexus.ente.regione.emr.it/repository/parer-site/verifica-firma-eidas/${project.version} + - - - github - https://maven.pkg.github.com/RegioneER/parer-framework-parerpom - - - @@ -490,6 +484,27 @@ report + + + jacoco-check + + check + + + + + BUNDLE + + + LINE + COVEREDRATIO + 0.35 + + + + + + diff --git a/pom.xml.github b/pom.xml.github new file mode 100644 index 0000000..72eac49 --- /dev/null +++ b/pom.xml.github @@ -0,0 +1,668 @@ + + + 4.0.0 + verifica-firma-eidas + 1.14.1-SNAPSHOT + ${packaging.type} + Verifica Firma EIDAS + Progetto per effettuare firme e validazioni con librerie DSS (EIDAS) + + + it.eng.parer + parer-pom + 4.2.0 + + + + UTF-8 + UTF-8 + + true + + false + + 5.12.1 + 3.0.9 + 2.1.0 + 7.2 + 2.8.0 + 4.0.0 + 5.2.2 + 2.3.1 + 4.6.1 + 1.16.0 + 3.6.4 + 1.13.2 + 11.5.0 + 0.0.5 + 6.4.0 + 2.7 + + 1.8.0 + it.eng.parer.eidas.web.VerificaFirmaEidasApplication + + + + scm:git:https://github.com/RegioneER/parer-verifica-firma-eidas.git + HEAD + + + + + github + https://maven.pkg.github.com/RegioneER/parer-verifica-firma-eidas + + + + + + github + https://maven.pkg.github.com/RegioneER/parer-framework-parerpom + + + + + + + + eu.europa.ec.joinup.sd-dss + sd-dss + ${dss.version} + pom + import + + + it.eng.parer + verificafirma-eidas-beans + ${verificafirma-eidas-beans.version} + + + org.springframework.boot + spring-boot-dependencies + ${springboot.version} + pom + import + + + + org.springdoc + springdoc-openapi-starter-webmvc-ui + ${springdoc-openapi-starter-webmvc-ui.version} + + + org.apache.tika + tika-core + ${tika.version} + + + org.apache.tika + tika-parsers-standard-package + ${tika.version} + + + org.bouncycastle + bcprov-jdk18on + + + org.bouncycastle + bcmail-jdk18on + + + + + net.logstash.logback + logstash-logback-encoder + ${logstash-logback-encoder.version} + + + + jakarta.xml.bind + jakarta.xml.bind-api + ${jakarta.xml.bind-api.version} + + + org.apache.httpcomponents.core5 + httpcore5 + ${httpcore5.version} + + + + + + + + + + eu.europa.ec.joinup.sd-dss + dss-document + + + eu.europa.ec.joinup.sd-dss + dss-cades + + + eu.europa.ec.joinup.sd-dss + dss-xades + + + eu.europa.ec.joinup.sd-dss + dss-utils-apache-commons + + + eu.europa.ec.joinup.sd-dss + dss-pades + + + eu.europa.ec.joinup.sd-dss + dss-pades-pdfbox + + + commons-logging + commons-logging + + + + + eu.europa.ec.joinup.sd-dss + dss-crl-parser-x509crl + + + eu.europa.ec.joinup.sd-dss + dss-token + compile + + + eu.europa.ec.joinup.sd-dss + dss-service + + + eu.europa.ec.joinup.sd-dss + dss-model + + + eu.europa.ec.joinup.sd-dss + dss-validation-dto + + + eu.europa.ec.joinup.sd-dss + dss-signature-rest + + + commons-logging + commons-logging + + + + + + eu.europa.ec.joinup.sd-dss + dss-validation-rest + compile + + + eu.europa.ec.joinup.sd-dss + dss-server-signing-rest + compile + + + eu.europa.ec.joinup.sd-dss + dss-tsl-validation + + + eu.europa.ec.joinup.sd-dss + dss-validation-soap + compile + + + + eu.europa.ec.joinup.sd-dss + dss-spi + + + eu.europa.ec.joinup.sd-dss + dss-crl-parser-stream + + + + it.eng.parer + verificafirma-eidas-beans + + + + + + org.springframework.boot + spring-boot-starter-actuator + + + org.springframework.boot + spring-boot-starter-data-jpa + + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-validation + + + org.springframework.boot + spring-boot-starter-security + + + org.thymeleaf.extras + thymeleaf-extras-springsecurity6 + + + org.springframework.ws + spring-ws-core + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + org.springframework.boot + spring-boot-starter-webflux + + + + org.springdoc + springdoc-openapi-starter-webmvc-ui + + + + com.fasterxml.jackson.module + jackson-module-jaxb-annotations + + + + net.logstash.logback + logstash-logback-encoder + + + + + + com.h2database + h2 + + + com.oracle.database.jdbc + ojdbc11 + + + + org.apache.taglibs + taglibs-standard-jstlel + ${taglibs-standard-jstlel.version} + + + org.apache.tika + tika-core + + + org.apache.tika + tika-parsers-standard-package + + + xerces + xercesImpl + + + xml-apis + xml-apis + + + org.bouncycastle + bcmail-jdk15on + + + org.bouncycastle + bcprov-jdk15on + + + org.apache.pdfbox + pdfbox + + + commons-logging + commons-logging + + + + + javax.xml.bind + jaxb-api + ${jaxb-api.version} + + + + + + + com.google.code.findbugs + annotations + 3.0.1 + provided + + + + org.webjars + bootstrap + ${bootstrap.version} + + + + org.webjars.npm + popper.js + ${popper.js.version} + + + org.webjars + jquery + ${jquery.version} + + + org.webjars + jquery-ui + ${jquery-ui.version} + + + + org.webjars + highlightjs + ${highlightjs.version} + + + org.webjars.npm + highlightjs-badgejs + ${highlightjs-badgejs.version} + + + org.webjars + font-awesome + ${font-awesome.version} + + + org.apache.xmlgraphics + fop + ${fop.version} + + + commons-logging + commons-logging + + + xalan + xalan + + + org.apache.pdfbox + fontbox + + + xml-apis + xml-apis + + + + + + org.springframework.boot + spring-boot-starter-test + test + + + org.junit.vintage + junit-vintage-engine + + + com.vaadin.external.google + android-json + + + + + + org.junit.platform + junit-platform-suite + test + + + org.junit.platform + junit-platform-suite-api + test + + + org.junit.platform + junit-platform-engine + test + + + org.junit.platform + junit-platform-commons + test + + + org.junit.platform + junit-platform-launcher + test + + + + + + + + + + org.springframework.boot + spring-boot-maven-plugin + ${springboot.version} + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + 17 + + + + org.jacoco + jacoco-maven-plugin + + + + prepare-agent + + + + + report + test + + report + + + + + + + pl.project13.maven + git-commit-id-plugin + + true + false + false + + + + get-the-git-infos + + revision + + + + validate-the-git-infos + + validateRevision + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + repackage + build-info + + + + ${start-class} + + + ${java.version} + UTF-8 + UTF-8 + Verifica Firma EIDAS + ${dss.version} + + + + + + + org.apache.maven.plugins + maven-jar-plugin + + + + true + true + + + + + + org.apache.maven.plugins + maven-surefire-plugin + + false + + + + + org.apache.maven.plugins + maven-javadoc-plugin + + none + + + + + + + + jar + + true + + + jar + + + + fatjar + + jar + + + ${project.artifactId} + + + src/main/resources + + application-oracle.yaml + + + + + + + org.apache.maven.plugins + maven-assembly-plugin + 3.3.0 + + + package + + single + + + false + eidas + + src/standalone/assembly.xml + + + + + + + + + + + war + + war + + + + + ${basedir}/../profiles/war + + **/*.yaml + + + + src/main/resources + + application-oracle.yaml + + + + + + + + + suite + + false + + + + + org.apache.maven.plugins + maven-surefire-plugin + + it.eng.parer.eidas.client.IntegrationTestSuite + + + + + + + + + diff --git a/src/main/java/it/eng/parer/eidas/core/bean/SignedDocumentValidatorExt.java b/src/main/java/it/eng/parer/eidas/core/bean/SignedDocumentValidatorExt.java deleted file mode 100644 index 7f108d9..0000000 --- a/src/main/java/it/eng/parer/eidas/core/bean/SignedDocumentValidatorExt.java +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Engineering Ingegneria Informatica S.p.A. - * - * Copyright (C) 2023 Regione Emilia-Romagna - *

- * This program is free software: you can redistribute it and/or modify it under the terms of - * the GNU Affero General Public License as published by the Free Software Foundation, - * either version 3 of the License, or (at your option) any later version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; - * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU Affero General Public License for more details. - *

- * You should have received a copy of the GNU Affero General Public License along with this program. - * If not, see . - */ - -package it.eng.parer.eidas.core.bean; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.Objects; -import java.util.ServiceLoader; -import java.util.stream.Collectors; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import eu.europa.esig.dss.cades.validation.CMSDocumentValidator; -import eu.europa.esig.dss.cades.validation.CMSDocumentValidatorFactory; -import eu.europa.esig.dss.model.DSSDocument; -import eu.europa.esig.dss.model.DSSException; -import eu.europa.esig.dss.validation.DocumentValidatorFactory; -import eu.europa.esig.dss.validation.SignedDocumentValidator; - -/** - * @deprecated - * - * Custom signed document validator che sostituisce lo standard {@link SignedDocumentValidator} in quanto a - * partire dalla versione 5.6 delle librerie DSS sono stati introdotti i meccanismi standard di Java dei - * "services" per la creazione delle factory di validazione. Introducendone una custom questa non veniva - * correttamente reperita secondo l'ordine necessario e, per tale modifico, è stata creata una sua - * sostituta. A partire dalla 5.8 non risulta più necessaria una logica custom in quanto sia i file TSD che - * TSR non sono supportati (come vuole la logica del chiamante). - * - * @author sinatti_s - * - */ -@Deprecated(since = "1.4.0", forRemoval = true) -public class SignedDocumentValidatorExt { - - private static final Logger LOG = LoggerFactory.getLogger(SignedDocumentValidatorExt.class); - - private SignedDocumentValidatorExt() { - throw new IllegalStateException("SignedDocumentValidatorExt class"); - } - - /** - * Extend method from {@link SignedDocumentValidator#fromDocument(DSSDocument)} Aggiunta logica di ordinamento dei - * verificaFirma loader a partire da quelli interni si eclude inoltre il validator {@link CMSDocumentValidator} in - * quanto deve essere esclusa la validazione dei .tsr - * - * @param dssDocument - * documento DSS, sia esso un inMemory sia con path assoluto - * - * @return ritorna l'oggetto {@link SignedDocumentValidator} con la lista corretta di validatory (factory) da - * utilizzare (standard e custom) - * - **/ - public static SignedDocumentValidator fromDocument(final DSSDocument dssDocument) { - Objects.requireNonNull(dssDocument, "DSSDocument is null"); - ServiceLoader serviceLoaders = ServiceLoader.load(DocumentValidatorFactory.class); - // as list - List serviceLoadersAsList = new ArrayList<>(); - // add each element of iterator to the List - serviceLoaders.iterator().forEachRemaining(serviceLoadersAsList::add); - // lambda filter / rule : skip if DocumentValidatorFactory is instanceof - // CMSDocumentValidatorFactory - /** - * nota: CMSDocumentValidatorFactory non inclusa, viene utilizzata al suo posto - * {@link CMSDocumentValidatorExtFactory} - */ - serviceLoadersAsList = serviceLoadersAsList.stream().filter(c -> !(c instanceof CMSDocumentValidatorFactory)) - .collect(Collectors.toList()); - // sort list by class name (inverted) - Collections.sort(serviceLoadersAsList, - (c1, c2) -> c2.getClass().getPackage().getName().compareTo(c1.getClass().getPackage().getName())); - - for (DocumentValidatorFactory factory : serviceLoadersAsList) { - try { - if (factory.isSupported(dssDocument)) { - return factory.create(dssDocument); - } - } catch (Exception e) { - /** - * Nel metodo orignale {@link SignedDocumentValidator#fromDocument(DSSDocument)} questa loggata viene - * classificata come ERROR ma in questo caso viene trasformato in WARNING per evitare dell'inutile - * "rumore" sui log, dovuto semplicemente al fatto che per quel formato documento non si è riusciti ad - * instanziare la factory evidentemente perché non possibile. - */ - LOG.debug(String.format("Unable to create a DocumentValidator with the factory '%s'", - factory.getClass().getSimpleName()), e); - } - } - throw new DSSException("Document format not recognized/handled"); - } -} diff --git a/src/main/java/it/eng/parer/eidas/core/helper/ReportRenderingHelper.java b/src/main/java/it/eng/parer/eidas/core/helper/ReportRenderingHelper.java index b28e6f5..dbf6f29 100644 --- a/src/main/java/it/eng/parer/eidas/core/helper/ReportRenderingHelper.java +++ b/src/main/java/it/eng/parer/eidas/core/helper/ReportRenderingHelper.java @@ -50,12 +50,12 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; -import eu.europa.esig.dss.DSSXmlErrorListener; -import eu.europa.esig.dss.DomUtils; import eu.europa.esig.dss.detailedreport.jaxb.XmlDetailedReport; import eu.europa.esig.dss.diagnostic.jaxb.XmlDiagnosticData; import eu.europa.esig.dss.simplereport.jaxb.XmlSimpleReport; import eu.europa.esig.dss.utils.Utils; +import eu.europa.esig.dss.xml.utils.DSSXmlErrorListener; +import eu.europa.esig.dss.xml.utils.DomUtils; import it.eng.parer.eidas.web.bean.VerificaFirmaResultBean; import jakarta.annotation.PostConstruct; diff --git a/src/main/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationImpl.java b/src/main/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationImpl.java index 1837a88..11fbd23 100644 --- a/src/main/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationImpl.java +++ b/src/main/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationImpl.java @@ -371,6 +371,11 @@ private ValidationPolicy compileValidationPolicy(EidasDataToValidateMetadata dat validationPolicyJaxb.getTimestampConstraints().getBasicSignatureConstraints() .getReferenceDataIntact().getLevel(), Level.IGNORE); + + validationPolicyJaxb.getCryptographic().getAlgoExpirationDate().setLevel(Level.IGNORE); + log.atDebug().log( + "Validation policy: cryptographic/getAlgoExpirationDate constraint original level {}, to level {}", + validationPolicyJaxb.getCryptographic().getAlgoExpirationDate().getLevel(), Level.IGNORE); } if (controlloCatenaTrustIgnorato) { @@ -626,7 +631,8 @@ private SignedDocumentValidator buildValidator(DSSDocument signedDocument, signedDocValidator.setTokenExtractionStrategy(TokenExtractionStrategy.fromParameters( dataToValidateMetadata.isIncludeCertificateRevocationValues(), dataToValidateMetadata.isIncludeTimestampTokenValues(), - dataToValidateMetadata.isIncludeCertificateTokenValues())); + dataToValidateMetadata.isIncludeCertificateTokenValues(), + dataToValidateMetadata.isIncludEvidenceRecordValues())); signedDocValidator.setIncludeSemantics(dataToValidateMetadata.isIncludeSemanticTokenValues()); // signedDocValidator.setCertificateVerifier(verifier); diff --git a/src/main/java/it/eng/parer/eidas/validator/CMSDocumentValidatorExt.java b/src/main/java/it/eng/parer/eidas/validator/CMSDocumentValidatorExt.java deleted file mode 100644 index 5ad4d54..0000000 --- a/src/main/java/it/eng/parer/eidas/validator/CMSDocumentValidatorExt.java +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Engineering Ingegneria Informatica S.p.A. - * - * Copyright (C) 2023 Regione Emilia-Romagna - *

- * This program is free software: you can redistribute it and/or modify it under the terms of - * the GNU Affero General Public License as published by the Free Software Foundation, - * either version 3 of the License, or (at your option) any later version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; - * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU Affero General Public License for more details. - *

- * You should have received a copy of the GNU Affero General Public License along with this program. - * If not, see . - */ - -package it.eng.parer.eidas.validator; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.tsp.TSPException; -import org.bouncycastle.tsp.TimeStampToken; - -import eu.europa.esig.dss.cades.validation.CMSDocumentValidator; -import eu.europa.esig.dss.model.DSSDocument; - -/** - * Questo Custom Validator è pensato per gestire gestire i formati definiti su CMSDocumentValidator con il caso - * particolare dei file TSD non supportati su EIDAS - * - */ -public class CMSDocumentValidatorExt extends CMSDocumentValidator { - - public CMSDocumentValidatorExt(CMSSignedData cmsSignedData) { - super(cmsSignedData); - } - - /** - * Default constructor - * - * @param document - * documento DSS, sia esso un inMemory sia con path assoluto - * - */ - public CMSDocumentValidatorExt(final DSSDocument document) { - super(document);// default contructor - } - - /* - * (non-Javadoc) - * - * @see eu.europa.esig.dss.cades.validation.CMSDocumentValidator#isSupported(eu. europa.esig.dss.DSSDocument) - */ - @Override - public boolean isSupported(DSSDocument dssDocument) { - return super.isSupported(dssDocument) && !isTSR(dssDocument); - } - - /** - * Eidas non supporta file TSR TOFIX: verificare che la metodologia di riconoscimento del TSR sia corretta o meno - * - * @param dssDocument - * documento DSS, sia esso un inMemory sia con path assoluto - * - * @return boolean - */ - private boolean isTSR(DSSDocument dssDocument) { - try (InputStream inputStream = dssDocument.openStream()) { - this.cmsSignedData = new CMSSignedData(inputStream); - TimeStampToken resp = new TimeStampToken(this.cmsSignedData); - return resp.getTimeStampInfo() != null; - } catch (IOException | CMSException | TSPException e) { - return false; - } - } - -} diff --git a/src/main/java/it/eng/parer/eidas/validator/CMSNotEtfiValidator.java b/src/main/java/it/eng/parer/eidas/validator/CMSNotEtfiValidator.java deleted file mode 100644 index 6091706..0000000 --- a/src/main/java/it/eng/parer/eidas/validator/CMSNotEtfiValidator.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Engineering Ingegneria Informatica S.p.A. - * - * Copyright (C) 2023 Regione Emilia-Romagna - *

- * This program is free software: you can redistribute it and/or modify it under the terms of - * the GNU Affero General Public License as published by the Free Software Foundation, - * either version 3 of the License, or (at your option) any later version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; - * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU Affero General Public License for more details. - *

- * You should have received a copy of the GNU Affero General Public License along with this program. - * If not, see . - */ - -package it.eng.parer.eidas.validator; - -import org.bouncycastle.cms.CMSSignedData; - -import eu.europa.esig.dss.cades.validation.CMSDocumentValidator; -import eu.europa.esig.dss.model.DSSDocument; - -/** - * Custom validator per la gestione degli armored ascii - * - * @author Sinatti_S - * - */ -public class CMSNotEtfiValidator extends CMSDocumentValidator { - - /** - * New costructor passing both CMSSignedData and DSSDocument - * - * @param cmsSignedData - * oggetto contenente la rappresentazione del documento firmato - * @param document - * documento DSS, sia esso un inMemory sia con path assoluto - */ - public CMSNotEtfiValidator(CMSSignedData cmsSignedData, final DSSDocument document) { - super(cmsSignedData); - super.document = document; - } - -} diff --git a/src/main/java/it/eng/parer/eidas/validator/CMSNotEtfiValidatorUtil.java b/src/main/java/it/eng/parer/eidas/validator/CMSNotEtfiValidatorUtil.java deleted file mode 100644 index ae3c444..0000000 --- a/src/main/java/it/eng/parer/eidas/validator/CMSNotEtfiValidatorUtil.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Engineering Ingegneria Informatica S.p.A. - * - * Copyright (C) 2023 Regione Emilia-Romagna - *

- * This program is free software: you can redistribute it and/or modify it under the terms of - * the GNU Affero General Public License as published by the Free Software Foundation, - * either version 3 of the License, or (at your option) any later version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; - * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU Affero General Public License for more details. - *

- * You should have received a copy of the GNU Affero General Public License along with this program. - * If not, see . - */ - -package it.eng.parer.eidas.validator; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.Reader; - -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemReader; - -import eu.europa.esig.dss.model.DSSDocument; -import eu.europa.esig.dss.model.DSSException; -import eu.europa.esig.dss.spi.DSSUtils; - -public class CMSNotEtfiValidatorUtil { - - private static final String BEGIN = "-----BEGIN "; - - private CMSNotEtfiValidatorUtil() { - throw new IllegalStateException("Utility class"); - } - - public static CMSSignedData toCMSSignedDataAsciiArmor(final DSSDocument document) { - try (InputStream inputStream = document.openStream()) { - Reader reader = new InputStreamReader(inputStream); - // - PemReader pr = new PemReader(reader); - PemObject pem = pr.readPemObject(); - // - pr.close(); - reader.close(); - - return new CMSSignedData(new ByteArrayInputStream(pem.getContent())); - } catch (NullPointerException | IOException | CMSException e) { - throw new DSSException("Not a valid CAdES (ascii armor) file", e); - } - } - - public static boolean isAsciiArmor(final DSSDocument dssDocument) { - int headerLength = 22; - byte[] preamble = new byte[headerLength]; - DSSUtils.readAvailableBytes(dssDocument, preamble); - String preambleString = new String(preamble); - return preambleString.startsWith(BEGIN); - } - -} diff --git a/src/main/java/it/eng/parer/eidas/validator/factory/CMSDocumentValidatorExtFactory.java b/src/main/java/it/eng/parer/eidas/validator/factory/CMSDocumentValidatorExtFactory.java deleted file mode 100644 index cc3aefa..0000000 --- a/src/main/java/it/eng/parer/eidas/validator/factory/CMSDocumentValidatorExtFactory.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Engineering Ingegneria Informatica S.p.A. - * - * Copyright (C) 2023 Regione Emilia-Romagna - *

- * This program is free software: you can redistribute it and/or modify it under the terms of - * the GNU Affero General Public License as published by the Free Software Foundation, - * either version 3 of the License, or (at your option) any later version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; - * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU Affero General Public License for more details. - *

- * You should have received a copy of the GNU Affero General Public License along with this program. - * If not, see . - */ - -package it.eng.parer.eidas.validator.factory; - -import eu.europa.esig.dss.cades.validation.CMSDocumentValidatorFactory; -import eu.europa.esig.dss.model.DSSDocument; -import eu.europa.esig.dss.validation.DocumentValidatorFactory; -import eu.europa.esig.dss.validation.SignedDocumentValidator; -import it.eng.parer.eidas.validator.CMSDocumentValidatorExt; - -/** - * @deprecated - * - * Custom validator che sostituisce lo standard {@link CMSDocumentValidatorFactory} in quanto si applica la - * stessa logica di validazione ma non accettando file .tsr - * - * @author sinatti_s - * - */ -@Deprecated(since = "1.4.0", forRemoval = true) -public class CMSDocumentValidatorExtFactory implements DocumentValidatorFactory { - - @Override - public boolean isSupported(DSSDocument document) { - CMSDocumentValidatorExt validator = new CMSDocumentValidatorExt(document); - return validator.isSupported(document); - } - - @Override - public SignedDocumentValidator create(DSSDocument document) { - return new CMSDocumentValidatorExt(document); - } - -} diff --git a/src/main/java/it/eng/parer/eidas/validator/factory/CMSNotEtfiValidatorFactory.java b/src/main/java/it/eng/parer/eidas/validator/factory/CMSNotEtfiValidatorFactory.java deleted file mode 100644 index 5b446a4..0000000 --- a/src/main/java/it/eng/parer/eidas/validator/factory/CMSNotEtfiValidatorFactory.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Engineering Ingegneria Informatica S.p.A. - * - * Copyright (C) 2023 Regione Emilia-Romagna - *

- * This program is free software: you can redistribute it and/or modify it under the terms of - * the GNU Affero General Public License as published by the Free Software Foundation, - * either version 3 of the License, or (at your option) any later version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; - * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU Affero General Public License for more details. - *

- * You should have received a copy of the GNU Affero General Public License along with this program. - * If not, see . - */ - -package it.eng.parer.eidas.validator.factory; - -import eu.europa.esig.dss.model.DSSDocument; -import eu.europa.esig.dss.validation.DocumentValidatorFactory; -import eu.europa.esig.dss.validation.SignedDocumentValidator; -import it.eng.parer.eidas.validator.CMSNotEtfiValidator; -import it.eng.parer.eidas.validator.CMSNotEtfiValidatorUtil; - -/** - * @deprecated - * - * Custom validator per la gestione degli armored ascii. Non utilizzato in quanto esiste una logica interna - * per cui i file riconosciuti come ascii armor vengono "sbustati" e passati al validatore previsto su - * librerie DSS. Implementazione realizzata con perfomance migliori (così come utilizzo di risorse, rispetto - * la modalità prevista da librerie di Bouncy) - * - */ -@Deprecated -public class CMSNotEtfiValidatorFactory implements DocumentValidatorFactory { - - /** - * A differenza del comportamento standard delle factory dove, si utilizza l'implementazione del metodo isSupported - * del validator stesso, in questo caso non è possibile in quanto, essendo figlio di CMSDocumentValidator non si ha - * accesso al costruttore vuoto. Ai fine dell'ottimizzazione, per evitare l'accesso allo stream di byte del file al - * fine di creare l'oggetto CMSSignedData (vedi {@link #create(DSSDocument)}, si utilizza una classe esterna. - */ - @Override - public boolean isSupported(DSSDocument document) { - return CMSNotEtfiValidatorUtil.isAsciiArmor(document); - } - - @Override - public SignedDocumentValidator create(DSSDocument document) { - return new CMSNotEtfiValidator(CMSNotEtfiValidatorUtil.toCMSSignedDataAsciiArmor(document), document); - } - -} diff --git a/src/main/java/it/eng/parer/eidas/web/config/DSSBeanConfig.java b/src/main/java/it/eng/parer/eidas/web/config/DSSBeanConfig.java index 5ac8e0d..ab48aa5 100644 --- a/src/main/java/it/eng/parer/eidas/web/config/DSSBeanConfig.java +++ b/src/main/java/it/eng/parer/eidas/web/config/DSSBeanConfig.java @@ -59,8 +59,8 @@ import eu.europa.esig.dss.spi.client.jdbc.JdbcCacheConnector; import eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource; import eu.europa.esig.dss.spi.x509.KeyStoreCertificateSource; +import eu.europa.esig.dss.spi.x509.aia.AIASource; import eu.europa.esig.dss.spi.x509.aia.DefaultAIASource; -import eu.europa.esig.dss.spi.x509.aia.OnlineAIASource; import eu.europa.esig.dss.spi.x509.tsp.TSPSource; import eu.europa.esig.dss.token.KeyStoreSignatureTokenConnection; import eu.europa.esig.dss.tsl.function.OfficialJournalSchemeInformationURI; @@ -392,7 +392,8 @@ public TrustedListsCertificateSource trustedListSource() { @Bean public KeyStoreCertificateSource ojContentKeyStore() { try { - return new KeyStoreCertificateSource(ResourceUtils.getURL(ksFilename).openStream(), ksType, ksPassword); + return new KeyStoreCertificateSource(ResourceUtils.getURL(ksFilename).openStream(), ksType, + ksPassword.toCharArray()); } catch (IOException e) { throw new DSSException("Unable to load the file " + ksFilename, e); } @@ -485,7 +486,7 @@ public JdbcCacheAIASource cachedAIASource() { } @Bean - public OnlineAIASource onlineAIASource() { + public AIASource onlineAIASource() { return new DefaultAIASource(dataLoader()); } diff --git a/src/main/java/it/eng/parer/eidas/web/config/security/BaseSecurityConfig.java b/src/main/java/it/eng/parer/eidas/web/config/security/BaseSecurityConfig.java index fe94997..a56ccab 100644 --- a/src/main/java/it/eng/parer/eidas/web/config/security/BaseSecurityConfig.java +++ b/src/main/java/it/eng/parer/eidas/web/config/security/BaseSecurityConfig.java @@ -24,6 +24,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -41,24 +42,26 @@ public class BaseSecurityConfig { @Bean protected SecurityFilterChain configure(HttpSecurity http) throws Exception { - - http.csrf().disable() // disable csrf - .authorizeHttpRequests() // rule on single path - .requestMatchers(new AntPathRequestMatcher(URL_ADMIN_BASE + RESOURCE_INFOS)).authenticated().and() - .httpBasic() // basic auth - .and() // solo admin - .authorizeHttpRequests().requestMatchers(new AntPathRequestMatcher(URL_ADMIN_BASE + "/**")) - .hasRole(ROLE_ADMIN).requestMatchers(new AntPathRequestMatcher("/actuator/shutdown")) - .hasRole(ROLE_ADMIN).and() // permit all - .authorizeHttpRequests().anyRequest().permitAll().and() // form login - .formLogin().defaultSuccessUrl(URL_ADMIN_BASE) // url predefinita - .permitAll().and() // logout form - .logout().deleteCookies("JSESSIONID").logoutSuccessUrl("/").permitAll(); // enable - + // + http.csrf(csrf -> csrf.disable()) // disable csrf + .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests + .requestMatchers(new AntPathRequestMatcher(URL_ADMIN_BASE + RESOURCE_INFOS)).authenticated()) // basic + // auth + .httpBasic(Customizer.withDefaults()) + .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests + .requestMatchers(new AntPathRequestMatcher(URL_ADMIN_BASE + "/**")).hasRole(ROLE_ADMIN)) // only + // admin + .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests + .requestMatchers(new AntPathRequestMatcher("/actuator/shutdown")).hasRole(ROLE_ADMIN)) // only + // admin + .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests.anyRequest().permitAll()) // permit + // all + .formLogin(formLogin -> formLogin.defaultSuccessUrl(URL_ADMIN_BASE).permitAll()) // login + .logout(logout -> logout.deleteCookies("JSESSIONID").logoutSuccessUrl("/").permitAll()); // logout /* * h2 console https://springframework.guru/using-the-h2-database-console-in-spring-boot- with-spring-security/ */ - http.headers().frameOptions().disable(); + http.headers(headers -> headers.frameOptions(frame -> frame.disable())); return http.build(); } diff --git a/src/main/java/it/eng/parer/eidas/web/config/security/StrictSecurityConfig.java b/src/main/java/it/eng/parer/eidas/web/config/security/StrictSecurityConfig.java index 4f3eb9f..86d139f 100644 --- a/src/main/java/it/eng/parer/eidas/web/config/security/StrictSecurityConfig.java +++ b/src/main/java/it/eng/parer/eidas/web/config/security/StrictSecurityConfig.java @@ -23,6 +23,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -42,19 +43,21 @@ public class StrictSecurityConfig { @Bean protected SecurityFilterChain configure(HttpSecurity http) throws Exception { - http.csrf().disable() // disable csrf - .authorizeHttpRequests() // rule on single path - .requestMatchers(new AntPathRequestMatcher(URL_ADMIN_BASE + RESOURCE_INFOS)).authenticated().and() - .httpBasic() // basic auth - .and().authorizeHttpRequests().requestMatchers(new AntPathRequestMatcher(URL_ADMIN_BASE + "/**")) - .denyAll() // deny admin - .and() // permit all - .authorizeHttpRequests().anyRequest().permitAll(); + // + http.csrf(csrf -> csrf.disable()) // disable csrf + .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests + .requestMatchers(new AntPathRequestMatcher(URL_ADMIN_BASE + RESOURCE_INFOS)).authenticated()) // basic + // auth + .httpBasic(Customizer.withDefaults()) + .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests + .requestMatchers(new AntPathRequestMatcher(URL_ADMIN_BASE + "/**")).denyAll()) // deny all + .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests.anyRequest().permitAll()); // permit + // all /* * h2 console https://springframework.guru/using-the-h2-database-console-in-spring-boot- with-spring-security/ */ - http.headers().frameOptions().disable(); + http.headers(headers -> headers.frameOptions(frame -> frame.disable())); return http.build(); } diff --git a/src/main/java/it/eng/parer/eidas/web/rest/AppInfosWs.java b/src/main/java/it/eng/parer/eidas/web/rest/AppInfosWs.java index 6442ae9..1a8a1e8 100644 --- a/src/main/java/it/eng/parer/eidas/web/rest/AppInfosWs.java +++ b/src/main/java/it/eng/parer/eidas/web/rest/AppInfosWs.java @@ -30,7 +30,6 @@ import java.util.Map; import java.util.Properties; import java.util.TreeMap; -import java.util.stream.Collectors; import java.util.stream.StreamSupport; import org.springframework.beans.factory.annotation.Autowired; @@ -72,9 +71,13 @@ public class AppInfosWs { Environment env; // default : all - @Value("${parer.eidas.admin-ui.propstoskip:}") + @Value("${parer.eidas.admin-ui.env.propstoskip:}") String propsToSkip; + // default : all + @Value("${parer.eidas.admin-ui.env.roottoskip:}") + String rootToSkip; + @SuppressWarnings({ "rawtypes", "unchecked" }) @Operation(summary = "Info", method = "Informazioni applicativo") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Informazioni applicativo", content = { @@ -93,7 +96,9 @@ public ResponseEntity>> infos(HttpServletRequest .filter(propName -> propName.startsWith(ENV_FILTER_GIT)) .forEach(propName -> gitprops.setProperty(propName, getProperty(propName))); - infos.put(ENV_FILTER_GIT, new TreeMap<>((Map) gitprops)); + if (!ENV_FILTER_GIT.matches(rootToSkip)) { + infos.put(ENV_FILTER_GIT, new TreeMap<>((Map) gitprops)); + } // dss Properties dssprops = new Properties(); @@ -103,7 +108,9 @@ public ResponseEntity>> infos(HttpServletRequest .filter(propName -> propName.startsWith(ENV_FILTER_DSS)) .forEach(propName -> dssprops.setProperty(propName, getProperty(propName))); - infos.put(ENV_FILTER_DSS, new TreeMap<>((Map) dssprops)); + if (!ENV_FILTER_DSS.matches(rootToSkip)) { + infos.put(ENV_FILTER_DSS, new TreeMap<>((Map) dssprops)); + } // spring Properties springprops = new Properties(); @@ -113,18 +120,21 @@ public ResponseEntity>> infos(HttpServletRequest .filter(propName -> propName.startsWith(ENV_FILTER_SPRING)) .forEach(propName -> springprops.setProperty(propName, getProperty(propName))); - infos.put(ENV_FILTER_SPRING, new TreeMap<>((Map) springprops)); + if (!ENV_FILTER_SPRING.matches(rootToSkip)) { + infos.put(ENV_FILTER_SPRING, new TreeMap<>((Map) springprops)); + } // others - List allcurrkeys = infos.values().stream().map(Map::keySet).flatMap(Collection::stream) - .collect(Collectors.toList()); + List allcurrkeys = infos.values().stream().map(Map::keySet).flatMap(Collection::stream).toList(); Properties othersprops = new Properties(); StreamSupport.stream(propSrcs.spliterator(), false).filter(MapPropertySource.class::isInstance) .map(ps -> ((EnumerablePropertySource) ps).getPropertyNames()).flatMap(Arrays:: stream) .filter(propName -> !propName.matches(propsToSkip)).filter(propName -> !allcurrkeys.contains(propName)) .forEach(propName -> othersprops.setProperty(propName, getProperty(propName))); - infos.put(ENV_FILTER_OTHERS, new TreeMap<>((Map) othersprops)); + if (!ENV_FILTER_OTHERS.matches(rootToSkip)) { + infos.put(ENV_FILTER_OTHERS, new TreeMap<>((Map) othersprops)); + } return ResponseEntity.ok().lastModified(LocalDateTime.now().atZone(ZoneId.systemDefault())).eTag(ETAG) .body(infos); diff --git a/src/main/java/it/eng/parer/eidas/web/view/ValidationController.java b/src/main/java/it/eng/parer/eidas/web/view/ValidationController.java index 295749b..1762750 100644 --- a/src/main/java/it/eng/parer/eidas/web/view/ValidationController.java +++ b/src/main/java/it/eng/parer/eidas/web/view/ValidationController.java @@ -244,6 +244,7 @@ private static EidasDataToValidateMetadata convert(VerificaFirmaBean verificaFir dataToValidate.setIncludeCertificateRevocationValues(verificaFirmaBean.isIncludiRaw()); dataToValidate.setIncludeCertificateTokenValues(verificaFirmaBean.isIncludiRaw()); dataToValidate.setIncludeTimestampTokenValues(verificaFirmaBean.isIncludiRaw()); + dataToValidate.setIncludEvidenceRecordValues(verificaFirmaBean.isIncludiRaw()); Date dataRiferimento = new Date(); LocalDate dataRiferimentoForm = verificaFirmaBean.getDataRiferimento(); diff --git a/src/main/openshift/verifica-firma-eidas-template.yml b/src/main/openshift/verifica-firma-eidas-template.yml index d035c34..3c21811 100644 --- a/src/main/openshift/verifica-firma-eidas-template.yml +++ b/src/main/openshift/verifica-firma-eidas-template.yml @@ -27,14 +27,6 @@ objects: database-url: ${DB_URL} database-password: ${DB_PASSWORD} database-user: ${DB_USER} - keystore-pwd: ${KEYSTORE_PASSWORD} - type: Opaque -- apiVersion: v1 - kind: Secret - metadata: - name: parerapps-keystore - data: - keystore.jks: MIIKAQIBAzCCCboGCSqGSIb3DQEHAaCCCasEggmnMIIJozCCBW8GCSqGSIb3DQEHAaCCBWAEggVcMIIFWDCCBVQGCyqGSIb3DQEMCgECoIIE+zCCBPcwKQYKKoZIhvcNAQwBAzAbBBQO3IKjO5AqQbqIiWpuv4YwgpvWIQIDAMNQBIIEyOuh11YvU/+NZ87MI86Mc/tMbRZDsXmubYM2oPYYK60Y0YmVs6tZImWXyBJsoP2Eke1MbpkjVBK63AgaajUDEkVkEKKKO1/TAKi3fBcRMiBWVZqH+pZrAhA0ZJI3tl8MMUFhkcxJ42GomsTQMN4Hy7TH+2F/w9rko9q5iPdsNfUFe6dz15KPXkYHmbd121od6uuIizIroECpprIKPd9rGoF2XbC44Hbb6bmFHBcXB7RFh+Eo8Rfgi2L3IBAl2UYbgLWtErM/zRXtt6vTzcmopz3T0tFvZOgADyme7fMUd5Pi86pI6dOQ1XPO8vq1+DQ04DbVXloqWrqojeErmxGR+Fqmml4MHIm3gmikjsyaM+flAxYRpU7EG9NEyG1xX9e0+CPlZyMzSCCH/QndYNB5LdHjVbDdo/Z2NOcx17DjqgGqC0Sfh6O6MHw1H4wt45Iiq9RsfLnhRLPH2n2FdKbjB1N3FJ0MB8HgsBvjPq1sJK1LbGsRWhfvfdQjrqytw+GmHyEI9qDm+vDxpBpDpDfbdzpUDkKHqO5bueEajR7CPE0ed0k7uRTJiB554H9oWy1VkUiGcvRyZ+4GUEltgMoNA/9PE+W4WRGPwpzGo4yZHk16PXIPcWwkOzv4ompMCXx5KHMOSvQhhrT0S33O74f5Yesb/RNh3a/MncokrRJFursVSzUA2IvKMjJOoB8m9Wr8MxU+e+6kF1vj0/AxnXHUwysfWrkE+MdJbdqtGABG168A3iBG7UEVSXg42NlPw3l8VAh+d7DP1GIcYk9rkSLKNQyrs0h8JHCcLQFZDyDe0j1Ac+4bh/uXuUhLmkfOnyJUxpf87oMegafjNc9rQ8nfN9F4qSO570m8CA4HmBvf+Uohjc8VSduHeMgrzZRJbRxEKVw2fswGbD+3cAHJhkGAkWaezCCrvVMzVuBt4siIRv4XGARakBMIvuoFlAhFsdPXFnSC8lbtTuoCWu8TvnUDQ+FXegSWx7ZicK5I74CbrOpvL6d6nNIetluL2LxkChMWldOpVoFi0eLxacL6nRPWT6iutOLQZHHV3evRWqD8d2kJ+6vpkkHvsBXz8fvFJZCSSw+VkIaZjNoSEhNEV4xixgT8w40P1mwliQ7X0q32KE6ZTNL7Ygud0oaX08/vO89I17xRHMzSgiWjbmE/TqCqVIevkI3XILmPYcS5Sl1B1b1f6HyHiR2waNnodQeF2QggcTP+HML1x1bCCg7gnU+vcbMhWwLAOdZPsODhafBIHaFO/slyZPUsy2Aw5Ap/ySkq+g/QPTVeLRHpVNGuHjfwZwbB3UUK8jg501kGLmFUlOhVIzjeQhXnQ7ipLgYMN1dz9JfS3YiJx10ZPe6VxnNgCdoXzitoV+JNgYPXOcA27bCB+9sl5IhnO74Tdag+O3cAg6FU/SgjmCpmGgyjduKXDibFM8I+F7/JjvjVlVfKZPEhZPunkSkKmBm9QkK4kjlfjB2BHs8tUc91nPw8KXYNwcPLd1r1BEP07+pP305UdAliggJ5wKuss63f7DAGxkknNMzJbzWZNv8r0afXJXMdrOe/9mouIMJeJJyp0FekEcJZFP4Gt3Wk3iGiPx717HoKaJ+d2x5XkQ4oXaVfylUhjCgE94aawJ1LgzFGMCEGCSqGSIb3DQEJFDEUHhIAcABhAHIAZQByAGEAcABwAHMwIQYJKoZIhvcNAQkVMRQEElRpbWUgMTU3MTA2MDM4NDI3NTCCBCwGCSqGSIb3DQEHBqCCBB0wggQZAgEAMIIEEgYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQU3IyXM1SvXgAp1xfRkH0XkupTuhkCAwDDUICCA9j1d+4p613tCiGVmX2tha6mpf4kVh3G0VmzrVnpinzxX/VOoYYNaH1tiwSO6lizAnrcN14az0bK+ewEExS7yztybqzlVHhRCNocOE7RUPigf9gJ4m636SUXt1unMrAVV9wuvOWiM9z+u/CFhPYqmRBkGwvJRmqWnYICbY2km4ppCWqKN95xTYtT8LaOmsqcIqERlUPx5QF89mERhYxQLbBtHNdWb0jEfZrrtu/4/RUEe4vN98SSY68vEnpQb6HoY30ZPjNtAHw/qV30eNQGlZE8ykTK/iJCo3KpOk7cjq0+iRxrqQ2rUIEjH3TYG9Tc451bAbFQx7SH++s4xlNaBHhPTKAUXZxB2VZ60AcWkLo3N5oHIlfL3Y1SFDp7mjxlr8KX0DLV3Z5Y+Bzvu00BOYocn0anR3mtzn2mHUP0OI34PdQ/yfbEcAP1MRtuRl66LcwaDLoi0z72zfVwawc+0Vi1iDFq2Fh+fnkVo6WZ8bEZi0MVZ4UXBOuYRmkKAULAdT56nITQvF2cTTN90EvhLD9im15hll6GBgRnny6HNFB4D7Igd4GJwb+wFTcZigmvP6kRt9E+V2iqI+XrNVhxlwj4J1HBNwpcpHc2TlyPI/eCgIA8uRslNW9NWF01fyYVs3FjmeWl/mL/llGihQsIns/O93gx2cMkof8Lmh59B4s/h8p1w3Z4ce1EOaoZnHE548MN+pkDZS4oBgBVuo+VIjG/2zrwsRdeosWFWmTeCU7lGdRvWGgUK51Te+NOVJUK8u8d24minU81pRwky6XeClZT4iVp2yGI4RlZ96V3x30kU9L4Kwnrx7skiORuK6ITPhmpz8iT2SeLBCYDRoS0SgsUm4mqpfFUc5g1yscdU6K6VEgj3An3kqni1D+g1P75MxuI6cp1jkW8PSYWOhdVEHVFjxWQfi6/PzLPzbr4Z7qNE+2EouyL6C5dz98TXQQC6qhMRvOO9hhY0VP6AE3T/78L7GiSD5h9YFBGu4mPOkWmVnKcJvfJaljCepCoyPkSvrh/FNyDTmvTJbsUkCJ4SFZwffmXQiEyGG6tWdr5+6QCg14FvuJpODhv/1KjQAFKq+RDqnGG2syhSen4dw1ZWL1PRKNoAWw4zPDGWh0IeBzCaBLzvuzqCmPg8re51F1ahAx65fsAz7E9C1fRG0Arp0Hic9gAlZ9Le9gjGtwFrLnVlWST5ii/2n3G3D5zOey6YZPNZzjZVgFPBuf2GStNkLISIN3ohFHZ4Jy6i1bCM0Ns0AFuAPWmzHPk3yjL4k6k8RTMi8Dnf5DLt2JJqInwtT+6vlxFIb8Qts0wPjAhMAkGBSsOAwIaBQAEFDBkjPpyxwCkrFDg/yfqPDggG6qMBBQS7Jwuxo8kMuX1diGU7YNhA7gb+wIDAYag type: Opaque - apiVersion: v1 kind: Secret @@ -48,7 +40,7 @@ objects: data: application-${PROFILE}.yaml: |- server: - port: 8443 + port: 8080 tomcat: accesslog: enabled: false @@ -60,12 +52,6 @@ objects: #accept-count: 200 #threads: # max: 300 - ssl: - key-store-type: JKS - key-store: file:/etc/verificafirma-eidas/keystore/keystore.jks - key-store-password: ${KEYSTORE_PWD} - key-alias: parerapps - require-ssl: true spring: #profiles: #active: prod @@ -165,10 +151,10 @@ objects: name: verificafirma-eidas spec: ports: - - name: https - port: 443 + - name: http + port: 8080 protocol: TCP - targetPort: 8443 + targetPort: 8080 selector: app: verificafirma-eidas sessionAffinity: None @@ -181,11 +167,9 @@ objects: name: verificafirma-eidas spec: port: - targetPort: https + targetPort: http tls: - destinationCACertificate: "-----BEGIN CERTIFICATE-----\r\nMIIDVzCCAj+gAwIBAgIELzXGJTANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJJ\r\nVDELMAkGA1UECBMCQk8xEDAOBgNVBAcTB0JvbG9nbmExDDAKBgNVBAoTA0VORzEM\r\nMAoGA1UECxMDRU5HMRIwEAYDVQQDEwlPS0QgUEFSRVIwHhcNMTkxMDE0MTMzOTQ0\r\nWhcNMjkxMDExMTMzOTQ0WjBcMQswCQYDVQQGEwJJVDELMAkGA1UECBMCQk8xEDAO\r\nBgNVBAcTB0JvbG9nbmExDDAKBgNVBAoTA0VORzEMMAoGA1UECxMDRU5HMRIwEAYD\r\nVQQDEwlPS0QgUEFSRVIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu\r\n31ClOuEFN41tY+Gmxkq2PZ9Up/xCMQsa0DeD0GSML9GqcPtzGtgCu0UA2qq/HUiY\r\n2jpdr7JLX9DKl41ziFUdciV88shWzC43q9lkFVWn5uRbZ230X7Aafs7UXBndJFfR\r\nvakz2JY7LzJY5F07SQR47L2BblN+IBAs+0ZCCCnm/qcC5K2HsAjVp90dJr7JiPpK\r\nJ4rnBM4HPG5LrntJ4sZKngVfCzOwYzDj/7B6J81//PIdj2/WwXPilm1qmcFEolSN\r\n2TKnUk2+1/jlvjoACAW0/05K3uMBxTWIbH6kjarqnhw3YmYQQAPgLPre+6uZdBke\r\naeZEJgBWyVKoqU9SqxZHAgMBAAGjITAfMB0GA1UdDgQWBBSlrADZgGDWoKdg/rHh\r\n05PHSD0WvDANBgkqhkiG9w0BAQsFAAOCAQEAgCvibvYBjN2aiXWxR7uVNk/oTAvP\r\nRwEVQRW0LneTD3PAgaYDhHG6cm8Mbp1TLPKE5MsJzek5pd8LLudOtP3QW5GdUc48\r\nAshVXyNX6mQRDQvCBCU8qC64HBglXn1KwJwVSgxoY29SvZlfuUYoLvEyaSyyKy0w\r\nDq4wlvgq/AYjyPyh+3LecrPpffZEchoyKDBh4iTPjFpZyMHT+iudCxIJ2WtTOONi\r\n2qbpKwzN1b7rRZOiifVoSNMYqeZ5CiVY50uleeZ3ozMxvsjOyXn+UbgCPsCB42ZQ\r\n++i4xbVK6dBnYXLHgkD1PKt/+eCig6Hx3Ns4v9CWR9OOGzfJoa9BqQBOAA==\r\n-----END - CERTIFICATE-----\r\n" - termination: reencrypt + termination: edge to: kind: Service name: verificafirma-eidas @@ -198,7 +182,6 @@ objects: app: verificafirma-eidas group: it.eng.parer registry: ${REGISTRY} - tagimage: ${IMGTAG} gl_log_application: eidas gl_tags: ${AMBIENTE} name: verificafirma-eidas @@ -224,7 +207,6 @@ objects: app: verificafirma-eidas group: it.eng.parer registry: ${REGISTRY} - tagimage: ${IMGTAG} gl_log_application: eidas gl_tags: ${AMBIENTE} spec: @@ -249,11 +231,6 @@ objects: secretKeyRef: name: verificafirma-eidas-secrets key: admin-password - - name: KEYSTORE_PWD - valueFrom: - secretKeyRef: - name: verificafirma-eidas-secrets - key: keystore-pwd - name: DB_URL valueFrom: secretKeyRef: @@ -330,9 +307,6 @@ objects: - mountPath: /etc/verificafirma-eidas/config name: verificafirma-eidas-config readOnly: true - - mountPath: /etc/verificafirma-eidas/keystore - name: parerapps-keystore - readOnly: true dnsPolicy: ClusterFirst imagePullSecrets: - name: gitlab-registry-token @@ -345,10 +319,6 @@ objects: defaultMode: 420 name: verificafirma-eidas-config name: verificafirma-eidas-config - - name: parerapps-keystore - secret: - defaultMode: 420 - secretName: parerapps-keystore test: false triggers: - type: ConfigChange @@ -389,11 +359,6 @@ parameters: from: '[a-zA-Z0-9]{8}' generate: expression name: DB_PASSWORD -- description: Keystore password. - displayName: Keystore password - required: true - name: KEYSTORE_PASSWORD - value: parerapps - description: Nome profilo springboot displayName: Nome profilo springboot name: PROFILE diff --git a/src/main/resources/META-INF/services/eu.europa.esig.dss.validation.DocumentValidatorFactory b/src/main/resources/META-INF/services/eu.europa.esig.dss.validation.DocumentValidatorFactory deleted file mode 100644 index e5d921f..0000000 --- a/src/main/resources/META-INF/services/eu.europa.esig.dss.validation.DocumentValidatorFactory +++ /dev/null @@ -1,2 +0,0 @@ -###it.eng.parer.eidas.validator.factory.CMSDocumentValidatorExtFactory -###it.eng.parer.eidas.validator.factory.CMSNotEtfiValidatorFactory \ No newline at end of file diff --git a/src/main/resources/ValidationMessages.properties b/src/main/resources/ValidationMessages.properties deleted file mode 100644 index 5ba98bd..0000000 --- a/src/main/resources/ValidationMessages.properties +++ /dev/null @@ -1,21 +0,0 @@ -error.signed.file.mandatory = Signed file is mandatory -error.original.file.empty = Original files are empty -error.signature.form.mandatory = Signature format is mandatory -error.signature.packaging.mandatory = Packaging is mandatory -error.signature.level.mandatory = Level is mandatory -error.to.sign.file.mandatory = File to sign is mandatory -error.to.sign.digest.mandatory = Digest to sign is mandatory -error.to.sign.files.mandatory = File(s) to sign is mandatory -error.digest.algo.mandatory = Digest algorithm is mandatory -error.token.type.mandatory = Token type is mandatory -error.file.mandatory = File is mandatory -error.password.mandatory = Password is mandatory -error.path.mandatory = Path is mandatory -error.signature.underlying.form.mandatory = Underlying format is mandatory -error.certificate.invalid = Certificate is not provided or invalid -error.nexu.not.found = Nexu must be running -error.container.type.mandatory = ASiC container type is mandatory -error.diagnostic.file.mandatory = Diagnostic file is mandatory -error.digest.base64 = Digest to sign must be a valid Base64 format -error.original.files.mandatory = Original file(s) is/are mandatory -error.document.name.mandatory = Document name is mandatory \ No newline at end of file diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 6bb677b..aa1d238 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -87,7 +87,7 @@ cron: default: validation: - policy: "policy/constraint.xml" + policy: "policy/custom_constraint.xml" proxy: http: @@ -118,7 +118,8 @@ parer: eidas: admin-ui: enabled: true - propstoskip: .*H2_USER.*|.*H2_PWD.*|.*ADMIN_USER.*|.*ADMIN_PWD.*|.*user.*|.*password.*|.*email.* + env: + propstoskip: .*H2_USER.*|.*H2_PWD.*|.*ADMIN_USER.*|.*ADMIN_PWD.*|.*user.*|.*password.*|.*email.* validation-ui: enabled: true diff --git a/src/main/resources/policy/README.md b/src/main/resources/policy/README.md new file mode 100644 index 0000000..7f2a889 --- /dev/null +++ b/src/main/resources/policy/README.md @@ -0,0 +1,7 @@ +# Custom constraint policy rules + +Il file [custom_constraint.xml](custom_constraint.xml) è ricavato dal file [constraint.xml](https://github.com/esig/dss/blob/5.13/dss-policy-jaxb/src/main/resources/policy/constraint.xml) alla versione **5.13** delle librerie DSS. + +## Nota bene + +Tale file dovrà essere revisionato ad ogni aggiornamento di versione delle librerie DSS (https://github.com/esig/dss). \ No newline at end of file diff --git a/src/main/resources/policy/custom_constraint.xml b/src/main/resources/policy/custom_constraint.xml new file mode 100644 index 0000000..ad01b75 --- /dev/null +++ b/src/main/resources/policy/custom_constraint.xml @@ -0,0 +1,568 @@ + + Validates electronic signatures and indicates whether they are Advanced electronic Signatures (AdES), AdES supported by a Qualified Certificate (AdES/QC) or a + Qualified electronic Signature (QES). All certificates and their related chains supporting the signatures are validated against the EU Member State Trusted Lists (this includes + signer's certificate and certificates used to validate certificate validity status services - CRLs, OCSP, and time-stamps). + + + + ASiC-S + ASiC-E + + + + + + + + + application/vnd.etsi.asic-s+zip + application/vnd.etsi.asic-e+zip + + + + + + + + + + + + + + + + + + ANY_POLICY + NO_POLICY + + + + + * + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + nonRepudiation + + + + + 2.5.29.15 + 2.5.29.32 + 2.5.29.17 + 2.5.29.19 + 2.5.29.30 + 2.5.29.36 + 2.5.29.37 + 2.5.29.31 + 2.5.29.54 + 1.3.6.1.5.5.7.1.3 + + + + 1.3.6.1.5.5.7.48.1.5 + + + + + + + + + + + + + + + + + + + + + + + + + + keyCertSign + + + + + 2.5.29.15 + 2.5.29.32 + 2.5.29.17 + 2.5.29.19 + 2.5.29.30 + 2.5.29.36 + 2.5.29.37 + 2.5.29.31 + 2.5.29.54 + 1.3.6.1.5.5.7.1.3 + + + + 1.3.6.1.5.5.7.48.1.5 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + nonRepudiation + + + + + 2.5.29.15 + 2.5.29.32 + 2.5.29.17 + 2.5.29.19 + 2.5.29.30 + 2.5.29.36 + 2.5.29.37 + 2.5.29.31 + 2.5.29.54 + 1.3.6.1.5.5.7.1.3 + + + + 1.3.6.1.5.5.7.48.1.5 + + + + + + + + + + + + + + + + + + + + + + + + keyCertSign + + + + + 2.5.29.15 + 2.5.29.32 + 2.5.29.17 + 2.5.29.19 + 2.5.29.30 + 2.5.29.36 + 2.5.29.37 + 2.5.29.31 + 2.5.29.54 + 1.3.6.1.5.5.7.1.3 + + + + 1.3.6.1.5.5.7.48.1.5 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + timeStamping + + + + + 2.5.29.15 + 2.5.29.32 + 2.5.29.17 + 2.5.29.19 + 2.5.29.30 + 2.5.29.36 + 2.5.29.37 + 2.5.29.31 + 2.5.29.54 + 1.3.6.1.5.5.7.1.3 + + + + 1.3.6.1.5.5.7.48.1.5 + + + + + + + + + + + + + + + + + + keyCertSign + + + + + 2.5.29.15 + 2.5.29.32 + 2.5.29.17 + 2.5.29.19 + 2.5.29.30 + 2.5.29.36 + 2.5.29.37 + 2.5.29.31 + 2.5.29.54 + 1.3.6.1.5.5.7.1.3 + + + + 1.3.6.1.5.5.7.48.1.5 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 2.5.29.15 + 2.5.29.32 + 2.5.29.17 + 2.5.29.19 + 2.5.29.30 + 2.5.29.36 + 2.5.29.37 + 2.5.29.31 + 2.5.29.54 + 1.3.6.1.5.5.7.1.3 + 1.3.6.1.5.5.7.48.1.5 + + + + + + + + + + + + + + + + + + keyCertSign + + + + + 2.5.29.15 + 2.5.29.32 + 2.5.29.17 + 2.5.29.19 + 2.5.29.30 + 2.5.29.36 + 2.5.29.37 + 2.5.29.31 + 2.5.29.54 + 1.3.6.1.5.5.7.1.3 + + + + 1.3.6.1.5.5.7.48.1.5 + + + + + + + + + + + + + + + + + + + RSA + DSA + ECDSA + PLAIN-ECDSA + + + + DSA + RSA + ECDSA + PLAIN-ECDSA + + + + + MD5 + SHA1 + SHA224 + SHA256 + SHA384 + SHA512 + + SHA3-256 + SHA3-384 + SHA3-512 + RIPEMD160 + WHIRLPOOL + + + + + MD5 + SHA1 + SHA224 + SHA256 + SHA384 + SHA512 + + SHA3-256 + SHA3-384 + SHA3-512 + RIPEMD160 + WHIRLPOOL + + + DSA + DSA + DSA + RSA + RSA + RSA + RSA + ECDSA + ECDSA + ECDSA + ECDSA + ECDSA + ECDSA + PLAIN-ECDSA + PLAIN-ECDSA + PLAIN-ECDSA + PLAIN-ECDSA + PLAIN-ECDSA + PLAIN-ECDSA + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/test/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationTest.java b/src/test/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationTest.java index 8b75ce8..9fc2bf5 100644 --- a/src/test/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationTest.java +++ b/src/test/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationTest.java @@ -23,6 +23,9 @@ import java.io.IOException; import java.io.InputStream; import java.net.URISyntaxException; +import java.time.LocalDate; +import java.time.ZoneId; +import java.util.Date; import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; @@ -129,11 +132,38 @@ void testMimeTypeOffice() throws IOException, URISyntaxException { } + @Test + void testCADESTWithDisableAllPolicy() throws Exception { + + // data + InputStream fileWithSignature = ResourceUtils.getURL("classpath:CADES/CADEST.pdf.p7m").openStream(); + // DataToValidateDTO Mock + EidasDataToValidateMetadata dto = VerificaFirmaDocMockUtil.createMockDto(fileWithSignature); + // set reference + dto.setDataDiRiferimento(Date.from(LocalDate.of(2017, 1, 17).atStartOfDay(ZoneId.systemDefault()).toInstant())); + // set policy + dto.setControlloCrittograficoIgnorato(true); + dto.setControlloCatenaTrustIgnorato(true); + dto.setControlloCertificatoIgnorato(true); + dto.setControlloRevocaIgnorato(true); + + EidasWSReportsDTOTree result = service.validateSignature(dto, null); + validateSignaturesCount(result, 1); + validateChildrenCount(result, 1); + // total_passed + validateSignaturesValidate(result, 1); + } + private void validateSignaturesCount(EidasWSReportsDTOTree result, int countSigns) { assertNotNull(result.getReport()); assertEquals(countSigns, result.getReport().getSimpleReport().getSignaturesCount()); } + private void validateSignaturesValidate(EidasWSReportsDTOTree result, int validSigns) { + assertNotNull(result.getReport()); + assertEquals(validSigns, result.getReport().getSimpleReport().getValidSignaturesCount()); + } + private void validateChildrenCount(EidasWSReportsDTOTree result, int countChilds) { assertEquals(countChilds, result.getChildren().size()); } From bfafc7e5f1963529c53e71b884d4254643c91008 Mon Sep 17 00:00:00 2001 From: Stefano Sinatti Date: Tue, 9 Apr 2024 11:47:15 +0200 Subject: [PATCH 2/4] Fix pom.xml --- pom.xml | 22 +- pom.xml.github | 668 ------------------------------------------------- 2 files changed, 14 insertions(+), 676 deletions(-) delete mode 100644 pom.xml.github diff --git a/pom.xml b/pom.xml index bc60870..bc732bb 100644 --- a/pom.xml +++ b/pom.xml @@ -2,11 +2,10 @@ 4.0.0 verifica-firma-eidas - 1.15.0 + 1.15.0-SNAPSHOT ${packaging.type} Verifica Firma EIDAS Progetto per effettuare firme e validazioni con librerie DSS (EIDAS) - https://nexus.ente.regione.emr.it/repository/parer-site/verifica-firma-eidas/${project.version}/ it.eng.parer @@ -44,17 +43,24 @@ - scm:git:git@gitlab.ente.regione.emr.it:parer/okd/verifica-firma-eidas.git - verifica-firma-eidas-1.15.0 + scm:git:https://github.com/RegioneER/parer-verifica-firma-eidas.git + HEAD - - site - dav:https://nexus.ente.regione.emr.it/repository/parer-site/verifica-firma-eidas/${project.version} - + + github + https://maven.pkg.github.com/RegioneER/parer-verifica-firma-eidas + + + + github + https://maven.pkg.github.com/RegioneER/parer-framework-parerpom + + + diff --git a/pom.xml.github b/pom.xml.github deleted file mode 100644 index 72eac49..0000000 --- a/pom.xml.github +++ /dev/null @@ -1,668 +0,0 @@ - - - 4.0.0 - verifica-firma-eidas - 1.14.1-SNAPSHOT - ${packaging.type} - Verifica Firma EIDAS - Progetto per effettuare firme e validazioni con librerie DSS (EIDAS) - - - it.eng.parer - parer-pom - 4.2.0 - - - - UTF-8 - UTF-8 - - true - - false - - 5.12.1 - 3.0.9 - 2.1.0 - 7.2 - 2.8.0 - 4.0.0 - 5.2.2 - 2.3.1 - 4.6.1 - 1.16.0 - 3.6.4 - 1.13.2 - 11.5.0 - 0.0.5 - 6.4.0 - 2.7 - - 1.8.0 - it.eng.parer.eidas.web.VerificaFirmaEidasApplication - - - - scm:git:https://github.com/RegioneER/parer-verifica-firma-eidas.git - HEAD - - - - - github - https://maven.pkg.github.com/RegioneER/parer-verifica-firma-eidas - - - - - - github - https://maven.pkg.github.com/RegioneER/parer-framework-parerpom - - - - - - - - eu.europa.ec.joinup.sd-dss - sd-dss - ${dss.version} - pom - import - - - it.eng.parer - verificafirma-eidas-beans - ${verificafirma-eidas-beans.version} - - - org.springframework.boot - spring-boot-dependencies - ${springboot.version} - pom - import - - - - org.springdoc - springdoc-openapi-starter-webmvc-ui - ${springdoc-openapi-starter-webmvc-ui.version} - - - org.apache.tika - tika-core - ${tika.version} - - - org.apache.tika - tika-parsers-standard-package - ${tika.version} - - - org.bouncycastle - bcprov-jdk18on - - - org.bouncycastle - bcmail-jdk18on - - - - - net.logstash.logback - logstash-logback-encoder - ${logstash-logback-encoder.version} - - - - jakarta.xml.bind - jakarta.xml.bind-api - ${jakarta.xml.bind-api.version} - - - org.apache.httpcomponents.core5 - httpcore5 - ${httpcore5.version} - - - - - - - - - - eu.europa.ec.joinup.sd-dss - dss-document - - - eu.europa.ec.joinup.sd-dss - dss-cades - - - eu.europa.ec.joinup.sd-dss - dss-xades - - - eu.europa.ec.joinup.sd-dss - dss-utils-apache-commons - - - eu.europa.ec.joinup.sd-dss - dss-pades - - - eu.europa.ec.joinup.sd-dss - dss-pades-pdfbox - - - commons-logging - commons-logging - - - - - eu.europa.ec.joinup.sd-dss - dss-crl-parser-x509crl - - - eu.europa.ec.joinup.sd-dss - dss-token - compile - - - eu.europa.ec.joinup.sd-dss - dss-service - - - eu.europa.ec.joinup.sd-dss - dss-model - - - eu.europa.ec.joinup.sd-dss - dss-validation-dto - - - eu.europa.ec.joinup.sd-dss - dss-signature-rest - - - commons-logging - commons-logging - - - - - - eu.europa.ec.joinup.sd-dss - dss-validation-rest - compile - - - eu.europa.ec.joinup.sd-dss - dss-server-signing-rest - compile - - - eu.europa.ec.joinup.sd-dss - dss-tsl-validation - - - eu.europa.ec.joinup.sd-dss - dss-validation-soap - compile - - - - eu.europa.ec.joinup.sd-dss - dss-spi - - - eu.europa.ec.joinup.sd-dss - dss-crl-parser-stream - - - - it.eng.parer - verificafirma-eidas-beans - - - - - - org.springframework.boot - spring-boot-starter-actuator - - - org.springframework.boot - spring-boot-starter-data-jpa - - - - org.springframework.boot - spring-boot-starter-web - - - org.springframework.boot - spring-boot-starter-validation - - - org.springframework.boot - spring-boot-starter-security - - - org.thymeleaf.extras - thymeleaf-extras-springsecurity6 - - - org.springframework.ws - spring-ws-core - - - org.springframework.boot - spring-boot-starter-thymeleaf - - - org.springframework.boot - spring-boot-starter-webflux - - - - org.springdoc - springdoc-openapi-starter-webmvc-ui - - - - com.fasterxml.jackson.module - jackson-module-jaxb-annotations - - - - net.logstash.logback - logstash-logback-encoder - - - - - - com.h2database - h2 - - - com.oracle.database.jdbc - ojdbc11 - - - - org.apache.taglibs - taglibs-standard-jstlel - ${taglibs-standard-jstlel.version} - - - org.apache.tika - tika-core - - - org.apache.tika - tika-parsers-standard-package - - - xerces - xercesImpl - - - xml-apis - xml-apis - - - org.bouncycastle - bcmail-jdk15on - - - org.bouncycastle - bcprov-jdk15on - - - org.apache.pdfbox - pdfbox - - - commons-logging - commons-logging - - - - - javax.xml.bind - jaxb-api - ${jaxb-api.version} - - - - - - - com.google.code.findbugs - annotations - 3.0.1 - provided - - - - org.webjars - bootstrap - ${bootstrap.version} - - - - org.webjars.npm - popper.js - ${popper.js.version} - - - org.webjars - jquery - ${jquery.version} - - - org.webjars - jquery-ui - ${jquery-ui.version} - - - - org.webjars - highlightjs - ${highlightjs.version} - - - org.webjars.npm - highlightjs-badgejs - ${highlightjs-badgejs.version} - - - org.webjars - font-awesome - ${font-awesome.version} - - - org.apache.xmlgraphics - fop - ${fop.version} - - - commons-logging - commons-logging - - - xalan - xalan - - - org.apache.pdfbox - fontbox - - - xml-apis - xml-apis - - - - - - org.springframework.boot - spring-boot-starter-test - test - - - org.junit.vintage - junit-vintage-engine - - - com.vaadin.external.google - android-json - - - - - - org.junit.platform - junit-platform-suite - test - - - org.junit.platform - junit-platform-suite-api - test - - - org.junit.platform - junit-platform-engine - test - - - org.junit.platform - junit-platform-commons - test - - - org.junit.platform - junit-platform-launcher - test - - - - - - - - - - org.springframework.boot - spring-boot-maven-plugin - ${springboot.version} - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - 17 - - - - org.jacoco - jacoco-maven-plugin - - - - prepare-agent - - - - - report - test - - report - - - - - - - pl.project13.maven - git-commit-id-plugin - - true - false - false - - - - get-the-git-infos - - revision - - - - validate-the-git-infos - - validateRevision - - - - - - org.springframework.boot - spring-boot-maven-plugin - - - - repackage - build-info - - - - ${start-class} - - - ${java.version} - UTF-8 - UTF-8 - Verifica Firma EIDAS - ${dss.version} - - - - - - - org.apache.maven.plugins - maven-jar-plugin - - - - true - true - - - - - - org.apache.maven.plugins - maven-surefire-plugin - - false - - - - - org.apache.maven.plugins - maven-javadoc-plugin - - none - - - - - - - - jar - - true - - - jar - - - - fatjar - - jar - - - ${project.artifactId} - - - src/main/resources - - application-oracle.yaml - - - - - - - org.apache.maven.plugins - maven-assembly-plugin - 3.3.0 - - - package - - single - - - false - eidas - - src/standalone/assembly.xml - - - - - - - - - - - war - - war - - - - - ${basedir}/../profiles/war - - **/*.yaml - - - - src/main/resources - - application-oracle.yaml - - - - - - - - - suite - - false - - - - - org.apache.maven.plugins - maven-surefire-plugin - - it.eng.parer.eidas.client.IntegrationTestSuite - - - - - - - - - From 3c13a49c4897cbc258a1600f695355fa0937f0f7 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 9 Apr 2024 09:50:26 +0000 Subject: [PATCH 3/4] [maven-release-plugin] prepare release verifica-firma-eidas-1.15.0 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index bc732bb..c5c58c1 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 verifica-firma-eidas - 1.15.0-SNAPSHOT + 1.15.0 ${packaging.type} Verifica Firma EIDAS Progetto per effettuare firme e validazioni con librerie DSS (EIDAS) @@ -44,7 +44,7 @@ scm:git:https://github.com/RegioneER/parer-verifica-firma-eidas.git - HEAD + verifica-firma-eidas-1.15.0 From 469a5880d3ac1bf48684c224be8c475e8f441398 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 9 Apr 2024 09:50:28 +0000 Subject: [PATCH 4/4] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index c5c58c1..0bf5f16 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 verifica-firma-eidas - 1.15.0 + 1.15.1-SNAPSHOT ${packaging.type} Verifica Firma EIDAS Progetto per effettuare firme e validazioni con librerie DSS (EIDAS) @@ -44,7 +44,7 @@ scm:git:https://github.com/RegioneER/parer-verifica-firma-eidas.git - verifica-firma-eidas-1.15.0 + HEAD