Skip to content

Commit

Permalink
Merge branch 'develop'
Browse files Browse the repository at this point in the history
  • Loading branch information
rsarendus committed Mar 19, 2024
2 parents fb68686 + d706bdf commit c8c65c1
Show file tree
Hide file tree
Showing 117 changed files with 3,939 additions and 1,966 deletions.
2 changes: 1 addition & 1 deletion .mvn/wrapper/maven-wrapper.properties
Original file line number Diff line number Diff line change
@@ -1 +1 @@
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.4/apache-maven-3.9.4-bin.zip
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
18 changes: 13 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,11 +68,19 @@ The support for creating BDOC-specific **time-mark** signatures was removed sinc

# Requirements
* Java **8** or higher (since version 4.0.0-RC.1)
* Internet access to external verification services
* OCSP (Online Certificate Status Protocol) - http://ocsp.sk.ee
* EU TSL (European Commission's Trusted Status List) - https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
* All the EU member states' TL servers referred in the EU TSL. Note that this list may change. (e.g. https://sr.riik.ee/tsl/estonian-tsl.xml, https://sede.minetur.gob.es/Prestadores/TSL/TSL.xml, https://www.viestintavirasto.fi/attachments/TSL-Ficora.xml etc.)
* TSA (Time Stamping Authority) - http://tsa.sk.ee
* Internet access to external services
* OCSP (Online Certificate Status Protocol) - AIA OCSP URL from signer's certificate or default fallback value
http://ocsp.sk.ee (for more information, see
[here](https://github.com/open-eid/digidoc4j/wiki/Questions-&-Answers#usage-of-aia-ocsp-for-timestamp-based-asic-e-containers-since-release-310))
* EU TSL (European Commission's Trusted Status List) - default value https://ec.europa.eu/tools/lotl/eu-lotl.xml (for
more information, see [here](https://github.com/open-eid/digidoc4j/wiki/Examples-of-using-it#using-configuration))
* All the EU member states' TL servers referred in the EU TSL. Note that this list may change.
(e.g. https://sr.riik.ee/tsl/estonian-tsl.xml, https://sedediatid.mineco.gob.es/Prestadores/TSL/TSL.xml, https://dp.trustedlist.fi/fi-tl.xml etc.)
* TSA (Time Stamping Authority) - default value http://tsa.sk.ee (for more information, see
[here](https://github.com/open-eid/digidoc4j/wiki/Examples-of-using-it#using-configuration))
* AIA (Authority Information Access) CA issuers - missing certificates of certificate chains downloaded from the URLs
referred to in existing certificates
* Signature Policy documents, if applicable (e.g. https://www.sk.ee/repository/bdoc-spec21.pdf)

## Maven
You can use the library as a Maven dependency from the Maven Central (http://mvnrepository.com/artifact/org.digidoc4j/digidoc4j)
Expand Down
25 changes: 25 additions & 0 deletions RELEASE-NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,31 @@
DigiDoc4J Java library release notes
------------------------------------

Release 5.3.0
------------------
Summary of the major changes since 5.2.0
------------------------------------------
* DSS version update to 6.0 (sd-dss.6.0.d4j.1), previously used DSS 5.11.1. Check changes in DSS here: https://github.com/esig/dss/releases
DSS update has caused the following notable changes to dependencies:
- Migration from Javax to Jakarta namespace
- JAXB dependencies updated from 2.3.X to 3.0.X
- Apache Santuario xmlsec updated from 2.3.X to 3.0.X
- Bouncy Castle updated from jdk15on:1.70 to jdk18on:1.76
- SLF4J updated from 1.7.X to 2.0.X
* Prefer to use AIA OCSP by default on signature creation
- In DigiDoc4J command line utility, deprecated -aiaocsp parameter and added new -noaiaocsp parameter
* TEST mode default timestamp URL updated to http://tsa.demo.sk.ee/tsa
* Changes in validation policies
* Updated dependencies

Known issues
------------
* At the time of release, the newest supported Bouncy Castle version is 1.76
Bouncy Castle version 1.77 causes OCSP response parsing to fail
* We have noticed a slight increase in TSL loading times due to pivot LOTL support
* We have noticed a decrease in performance with the introduction of properly accessing AIA certificate resources
* Opening a container that contains signatures, triggers TSL loading (TSL lazy loading does not work as expected)

Release 5.2.0
------------------
Summary of the major changes since 5.1.0
Expand Down
8 changes: 4 additions & 4 deletions ddoc4j/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

<artifactId>ddoc4j</artifactId>
<packaging>jar</packaging>
<version>5.2.0</version>
<version>5.3.0</version>

<name>DDoc4J</name>
<description>DDoc4J is Java Library for validating DDOC documents. It's not recommended to use it directly but rather through DigiDoc4J's API.</description>
Expand All @@ -14,7 +14,7 @@
<parent>
<artifactId>digidoc4j-parent</artifactId>
<groupId>org.digidoc4j</groupId>
<version>5.2.0</version>
<version>5.3.0</version>
</parent>

<dependencies>
Expand All @@ -24,11 +24,11 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,27 +1,39 @@
package org.digidoc4j.ddoc.factory;

import org.digidoc4j.ddoc.*;
import org.digidoc4j.ddoc.utils.BouncyCastleNotaryUtil;
import org.digidoc4j.ddoc.utils.ConfigManager;
import org.digidoc4j.ddoc.utils.ConvertUtils;
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.*;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.cert.ocsp.UnknownStatus;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.digidoc4j.ddoc.Base64Util;
import org.digidoc4j.ddoc.CertID;
import org.digidoc4j.ddoc.CertValue;
import org.digidoc4j.ddoc.DigiDocException;
import org.digidoc4j.ddoc.Notary;
import org.digidoc4j.ddoc.Signature;
import org.digidoc4j.ddoc.SignedDoc;
import org.digidoc4j.ddoc.utils.BouncyCastleNotaryUtil;
import org.digidoc4j.ddoc.utils.ConfigManager;
import org.digidoc4j.ddoc.utils.ConvertUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.FileInputStream;
import java.io.OutputStream;
import java.security.*;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.List;
Expand Down Expand Up @@ -321,16 +333,13 @@ public Notary parseAndVerifyResponse(Signature sig, Notary not)
* @param basResp
* @return stringified responder ID
*/
private String responderIDtoString(BasicOCSPResp basResp) {
static String responderIDtoString(BasicOCSPResp basResp) {
if(basResp != null) {
ResponderID respid = basResp.getResponderId().toASN1Primitive();
Object o = ((DERTaggedObject)respid.toASN1Primitive()).getObject();
if(o instanceof org.bouncycastle.asn1.DEROctetString) {
org.bouncycastle.asn1.DEROctetString oc = (org.bouncycastle.asn1.DEROctetString)o;
return "byKey: " + SignedDoc.bin2hex(oc.getOctets());
if(respid.getKeyHash() != null) {
return "byKey: " + SignedDoc.bin2hex(respid.getKeyHash());
} else {
X509Name name = new X509Name((ASN1Sequence)o);
return "byName: " + name.toString();
return "byName: " + respid.getName().toString();
}
}
else
Expand Down
106 changes: 33 additions & 73 deletions digidoc4j/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<artifactId>digidoc4j</artifactId>
<packaging>jar</packaging>
<version>5.2.0</version>
<version>5.3.0</version>

<name>DigiDoc4j</name>
<description>DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers
Expand All @@ -17,35 +17,30 @@
<parent>
<artifactId>digidoc4j-parent</artifactId>
<groupId>org.digidoc4j</groupId>
<version>5.2.0</version>
<version>5.3.0</version>
</parent>

<properties>
<dss.groupId>org.digidoc4j.dss</dss.groupId>

<activation.version>1.1.1</activation.version>
<commons-cli.version>1.5.0</commons-cli.version>
<commons-cli.version>1.6.0</commons-cli.version>
<commons-collections4.version>4.4</commons-collections4.version>
<commons-io.version>2.13.0</commons-io.version>
<commons-lang3.version>3.13.0</commons-lang3.version>
<commons-io.version>2.15.1</commons-io.version>
<commons-lang3.version>3.14.0</commons-lang3.version>
<contiperf.version>2.4.3</contiperf.version>
<dss.version>5.11.1.d4j.1</dss.version>
<dss.version>6.0.d4j.1</dss.version>
<hamcrest.version>2.2</hamcrest.version>
<httpclient5.version>5.2.1</httpclient5.version>
<jackson.version>2.15.2</jackson.version>
<jaxb.version>2.3.8</jaxb.version><!-- DSS depends on jaxb-runtime 2.3.X -->
<jaxb-core.version>2.3.0.1</jaxb-core.version>
<jcabi-matchers.version>1.6.0</jcabi-matchers.version>
<json.version>20230618</json.version>
<jsonassert.version>1.5.1</jsonassert.version>
<httpclient5.version>5.3.1</httpclient5.version>
<jackson.version>2.16.1</jackson.version>
<jaxb.version>3.0.2</jaxb.version><!-- DSS depends on jaxb-runtime 3.0.X -->
<junit.version>4.13.2</junit.version>
<junit-toolbox.version>2.4</junit-toolbox.version>
<logback-classic.version>1.2.12</logback-classic.version><!-- logback versions 1.3.X cause problems in DD4J command line utility -->
<logback-classic.version>1.3.14</logback-classic.version>
<mockito.version>4.11.0</mockito.version><!-- Java 8 is not supported since version 5.X.X -->
<snakeyaml.version>2.1</snakeyaml.version>
<snakeyaml.version>2.2</snakeyaml.version>
<system-rules.version>1.19.0</system-rules.version>
<wiremock.version>2.35.0</wiremock.version>
<xmlsec.version>2.3.3</xmlsec.version><!-- DSS depends on xmlsec 2.3.X -->
<wiremock.version>2.35.2</wiremock.version><!-- Java 8 is not supported since version 3.X.X -->
<xmlsec.version>3.0.4</xmlsec.version><!-- DSS depends on xmlsec 3.0.X -->
<xmlunit.version>1.6</xmlunit.version>

<buildnumber-maven-plugin.version>1.4</buildnumber-maven-plugin.version>
Expand All @@ -58,7 +53,7 @@
<maven-jaxb2-plugin.version>0.15.3</maven-jaxb2-plugin.version>
<maven-release-plugin.version>3.0.1</maven-release-plugin.version>
<maven-resources-plugin.version>3.3.1</maven-resources-plugin.version>
<maven-shade-plugin.version>3.5.0</maven-shade-plugin.version>
<maven-shade-plugin.version>3.5.2</maven-shade-plugin.version>
<nexus-staging-maven-plugin.version>1.6.13</nexus-staging-maven-plugin.version>

<dss.util.build>${project.build.directory}/build/util</dss.util.build>
Expand All @@ -79,16 +74,16 @@
<dependency>
<artifactId>ddoc4j</artifactId>
<groupId>org.digidoc4j</groupId>
<version>5.2.0</version>
<version>5.3.0</version>
</dependency>

<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
Expand Down Expand Up @@ -260,27 +255,18 @@
<artifactId>dss-crl-parser-stream</artifactId>
<version>${dss.version}</version>
</dependency>
<!-- To build successfully with >= Java 9 -->

<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>${jaxb.version}</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
<version>${activation.version}</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>${jaxb.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-core</artifactId>
<version>${jaxb-core.version}</version>
<version>${jaxb.version}</version>
</dependency>

<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
Expand All @@ -299,12 +285,6 @@
<version>${hamcrest.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.jcabi</groupId>
<artifactId>jcabi-matchers</artifactId>
<version>${jcabi-matchers.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
Expand Down Expand Up @@ -347,6 +327,10 @@
<version>${wiremock.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
</exclusion>
<exclusion>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
Expand All @@ -371,34 +355,6 @@
<version>${jackson.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.skyscreamer</groupId>
<artifactId>jsonassert</artifactId>
<version>${jsonassert.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>com.vaadin.external.google</groupId>
<artifactId>android-json</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>${json.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
</exclusion>
<exclusion>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.googlecode.junit-toolbox</groupId>
<artifactId>junit-toolbox</artifactId>
Expand Down Expand Up @@ -561,8 +517,6 @@
<zipgroupfileset dir="${dss.util.lib}" includes="**/*.jar" excludes="bcprov-*.jar"/>
<zipgroupfileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar"
excludes="*-javadoc.jar *-sources.jar"/>
<zipgroupfileset dir="${project.build.directory}"
includes="**/logback-*.jar"/>
</jar>
<jar destfile="${dss.util.build}/digidoc4j-util.jar">
<zipfileset src="${dss.util.build}/temp.jar"
Expand All @@ -574,13 +528,19 @@
<attribute name="Implementation-Title" value="Java BDoc/DigiDoc utility"/>
<attribute name="Implementation-Version" value="${project.version}"/>
<attribute name="Main-Class" value="org.digidoc4j.main.DigiDoc4J"/>
<attribute name="Class-Path" value=". ./bcprov-jdk15on.jar"/>
<attribute name="Class-Path" value=". ./bcprov-jdk18on.jar ./logback-classic.jar ./logback-core.jar"/>
<attribute name="Multi-Release" value="true"/>
</manifest>
</jar>
<delete file="${dss.util.build}/temp.jar"/>
<copy tofile="${dss.util.build}/bcprov-jdk15on.jar">
<fileset dir="${dss.util.lib}" includes="**/bcprov-jdk15on*.jar"/>
<copy tofile="${dss.util.build}/bcprov-jdk18on.jar">
<fileset dir="${dss.util.lib}" includes="**/bcprov-jdk18on*.jar"/>
</copy>
<copy tofile="${dss.util.build}/logback-classic.jar">
<fileset dir="${project.build.directory}" includes="**/logback-classic*.jar"/>
</copy>
<copy tofile="${dss.util.build}/logback-core.jar">
<fileset dir="${project.build.directory}" includes="**/logback-core*.jar"/>
</copy>
<copy todir="${dss.util.build}/">
<fileset dir="${project.basedir}/src/main/etc" includes="*.xml"/>
Expand Down
4 changes: 2 additions & 2 deletions digidoc4j/src/main/java/org/digidoc4j/Configuration.java
Original file line number Diff line number Diff line change
Expand Up @@ -2167,7 +2167,7 @@ private void initDefaultValues() {
this.setDDoc4JParameter("SIGN_OCSP_REQUESTS", "false");
setDDoc4JParameter("ALLOWED_OCSP_RESPONDERS_FOR_TM", StringUtils.join(Constant.Test.DEFAULT_OCSP_RESPONDERS, ","));
this.setConfigurationParameter(ConfigurationParameter.AllowedOcspRespondersForTM, Constant.Test.DEFAULT_OCSP_RESPONDERS);
this.setConfigurationParameter(ConfigurationParameter.preferAiaOcsp, "false");
this.setConfigurationParameter(ConfigurationParameter.preferAiaOcsp, "true");
this.loadYamlAiaOCSPs(loadYamlFromResource("defaults/demo_aia_ocsp.yaml"), true);
} else {
this.setConfigurationParameter(ConfigurationParameter.TspSource, Constant.Production.TSP_SOURCE);
Expand All @@ -2183,7 +2183,7 @@ private void initDefaultValues() {
this.setDDoc4JParameter("SIGN_OCSP_REQUESTS", "false");
setDDoc4JParameter("ALLOWED_OCSP_RESPONDERS_FOR_TM", StringUtils.join(Constant.Production.DEFAULT_OCSP_RESPONDERS, ","));
this.setConfigurationParameter(ConfigurationParameter.AllowedOcspRespondersForTM, Constant.Production.DEFAULT_OCSP_RESPONDERS);
this.setConfigurationParameter(ConfigurationParameter.preferAiaOcsp, "false");
this.setConfigurationParameter(ConfigurationParameter.preferAiaOcsp, "true");
this.loadYamlAiaOCSPs(loadYamlFromResource("defaults/live_aia_ocsp.yaml"), true);
}
LOGGER.debug("{} configuration: {}", this.mode, this.registry);
Expand Down
Loading

0 comments on commit c8c65c1

Please sign in to comment.