Skip to content

Commit

Permalink
Merge branch 'develop'
Browse files Browse the repository at this point in the history
  • Loading branch information
@rsarendus
rsarendus committed May 25, 2021
2 parents 52a0244 + 8269b91 commit 3579393
Show file tree
Hide file tree
Showing 130 changed files with 3,249 additions and 978 deletions.
10 changes: 7 additions & 3 deletions .github/workflows/digidoc4j-verify.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,19 @@ name: Digidoc4j CI with Maven
on:
push:
branches:
- main
- master
- develop
pull_request:
branches:
- master
- develop

jobs:
digidoc4j_build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-18.04]
os: [ ubuntu-20.04 ]
java: [ 8, 11, 15 ]
steps:
- uses: actions/checkout@v2
Expand All @@ -25,4 +29,4 @@ jobs:
- name: Build with Maven
env:
TZ: Europe/Helsinki
run: mvn clean verify -q -"Dgpg.skip"
run: mvn clean verify -q -"Dgpg.skip"
21 changes: 0 additions & 21 deletions .travis.yml
View file

This file was deleted.

26 changes: 26 additions & 0 deletions RELEASE-NOTES.txt
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,32 @@
DigiDoc4J Java library release notes
------------------------------------

Release 4.2.0
------------------
Summary of the major changes since 4.1.1
------------------------------------------
* ZIP-bomb attack protection
* If not specified, create ASiC-E (instead of BDOC) containers by default
* Search BDOC TM signature OCSP certificate from OCSP token first and then from the unsigned properties of the signature
* Limitations for empty (0-byte) datafiles:
- Adding empty datafiles to containers is not permitted; signing containers containing empty datafiles is not permitted
- Validating containers containing empty datafiles adds additional container warnings
* Changes in validation policies
* Upgrade of TSL TLS truststore
* Dependencies update
* Bug fixes

Known issues
------------
* We have noticed a decrease in performance with the introduction of properly accessing AIA certificate resources
* Opening a container that contains signatures, triggers TSL loading (TSL lazy loading does not work as expected)
* While upgrading from versions older than 2.1.1 be sure that your integration :
- doesn't use Xalan or XercesImpl dependencies
- uses a patched Java version (JDK8 or higher)
Xalan and XercesImpl were used to patch XML vulnerabilities in older java versions. They should be discarded with higher versions because they override default Java XML security.
If it is not possible to remove Xalan, then you can set your system property to override TransformerFactory : System.setProperty("javax.xml.transform.TransformerFactory","com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl");


Release 4.1.1
------------------
Signer certificate for the EU List of eIDAS Trusted Lists (LOTL) was changed on 25.03.2021. This resulted in failure to sign or validate signatures with DD4J version 4.1.0.
Expand Down
4 changes: 2 additions & 2 deletions ddoc4j/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<groupId>org.digidoc4j</groupId>
<artifactId>ddoc4j</artifactId>
<packaging>jar</packaging>
<version>4.1.1</version>
<version>4.2.0</version>

<name>DDoc4J</name>
<description>DDoc4J is Java Library for validating DDOC documents. It's not recommended to use it directly but rather through DigiDoc4J's API.</description>
Expand All @@ -15,7 +15,7 @@
<parent>
<artifactId>digidoc4j-parent</artifactId>
<groupId>org.digidoc4j</groupId>
<version>4.1.1</version>
<version>4.2.0</version>
</parent>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions ddoc4j/src/main/java/org/digidoc4j/ddoc/factory/BouncyCastleNotaryFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,7 @@ public Notary parseAndVerifyResponse(Signature sig, Notary not)
private String responderIDtoString(BasicOCSPResp basResp) {
if(basResp != null) {
ResponderID respid = basResp.getResponderId().toASN1Primitive();
Object o = ((DERTaggedObject)respid.toASN1Object()).getObject();
Object o = ((DERTaggedObject)respid.toASN1Primitive()).getObject();
if(o instanceof org.bouncycastle.asn1.DEROctetString) {
org.bouncycastle.asn1.DEROctetString oc = (org.bouncycastle.asn1.DEROctetString)o;
return "byKey: " + SignedDoc.bin2hex(oc.getOctets());
Expand Down Expand Up @@ -387,4 +387,4 @@ public void init()
}
}

}
}
7 changes: 6 additions & 1 deletion ddoc4j/src/main/java/org/digidoc4j/ddoc/factory/SAXDigiDocFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -984,7 +984,12 @@ public void startElement(String namespaceURI, String lName, String qName, Attrib
String Id = attrs.getValue("Id");
if(Id != null)
ref.setId(Id);
ref.setUri(ConvertUtils.unescapeXmlSymbols(ConvertUtils.uriDecode(URI)));
if (URI==null) {
DigiDocException ex = new DigiDocException(DigiDocException.ERR_DATA_FILE_ATTR_VALUE,"URI Attribute value is required", null);
handleSAXError(ex);
} else {
ref.setUri(ConvertUtils.unescapeXmlSymbols(ConvertUtils.uriDecode(URI)));
}
String sType = attrs.getValue("Type");
if(sType != null)
ref.setType(sType);
Expand Down
48 changes: 31 additions & 17 deletions digidoc4j/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<groupId>org.digidoc4j</groupId>
<artifactId>digidoc4j</artifactId>
<packaging>jar</packaging>
<version>4.1.1</version>
<version>4.2.0</version>

<name>DigiDoc4j</name>
<description>DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers
Expand All @@ -18,12 +18,14 @@
<parent>
<artifactId>digidoc4j-parent</artifactId>
<groupId>org.digidoc4j</groupId>
<version>4.1.1</version>
<version>4.2.0</version>
</parent>

<properties>
<hamcrest.version>2.2</hamcrest.version>
<logback-classic.version>1.2.3</logback-classic.version>
<junit.version>4.13.1</junit.version>
<jackson.version>2.12.3</jackson.version>
<junit.version>4.13.2</junit.version>
<dss.groupId>org.digidoc4j.dss</dss.groupId>
<dss.version>5.7.d4j.2</dss.version>
<dss.util.build>${project.build.directory}/build/util</dss.util.build>
Expand All @@ -43,7 +45,7 @@
<dependency>
<artifactId>ddoc4j</artifactId>
<groupId>org.digidoc4j</groupId>
<version>4.1.1</version>
<version>4.2.0</version>
</dependency>

<dependency>
Expand Down Expand Up @@ -72,7 +74,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.11</version>
<version>3.12.0</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
Expand All @@ -92,7 +94,7 @@
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>2.1.5</version>
<version>2.1.6</version>
<exclusions>
<exclusion>
<groupId>org.codehaus.woodstox</groupId>
Expand All @@ -103,7 +105,7 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>1.27</version>
<version>1.28</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
Expand Down Expand Up @@ -199,6 +201,18 @@
<groupId>${dss.groupId}</groupId>
<artifactId>dss-pades-pdfbox</artifactId>
<version>${dss.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.pdfbox</groupId>
<artifactId>pdfbox</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- TODO: this overrides vulnerable pdfbox version in DSS; remove this after pdfbox version in DSS has been updated above 2.0.22! -->
<dependency>
<groupId>org.apache.pdfbox</groupId>
<artifactId>pdfbox</artifactId>
<version>2.0.23</version>
</dependency>
<dependency>
<groupId>${dss.groupId}</groupId>
Expand Down Expand Up @@ -229,7 +243,7 @@
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>2.3.3</version>
<version>2.3.4</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
Expand All @@ -239,7 +253,7 @@
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>2.3.3</version>
<version>2.3.4</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
Expand All @@ -261,19 +275,19 @@
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
<version>2.2</version>
<version>${hamcrest.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.jcabi</groupId>
<artifactId>jcabi-matchers</artifactId>
<version>1.4</version>
<version>1.5.3</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>3.6.0</version>
<version>3.10.0</version>
<scope>test</scope>
</dependency>
<dependency>
Expand All @@ -297,7 +311,7 @@
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-library</artifactId>
<version>2.2</version>
<version>${hamcrest.version}</version>
<scope>test</scope>
</dependency>
<dependency>
Expand All @@ -315,19 +329,19 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.11.3</version>
<version>${jackson.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.11.3</version>
<version>${jackson.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.11.3</version>
<version>${jackson.version}</version>
<scope>test</scope>
</dependency>
<dependency>
Expand All @@ -345,7 +359,7 @@
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20200518</version>
<version>20210307</version>
<scope>test</scope>
<exclusions>
<exclusion>
Expand Down
Loading

0 comments on commit 3579393

Please sign in to comment.