Skip to content
Permalink
Browse files

Merge branch 'develop'

  • Loading branch information
rsarendus committed Dec 20, 2019
2 parents d9241f8 + 6ec8701 commit 0bd64fe3d9ea86ee574158dd599516d6d2234d6b
Showing with 6,014 additions and 2,097 deletions.
  1. +1 −0 .gitignore
  2. +3 −3 .idea/compiler.xml
  3. +1 −0 AUTHORS
  4. +8 −11 README.md
  5. +38 −0 RELEASE-NOTES.txt
  6. +2 −2 ddoc4j/pom.xml
  7. +10 −25 digidoc4j/pom.xml
  8. +1 −1 digidoc4j/src/main/java/org/digidoc4j/CertificateValidator.java
  9. +3 −3 digidoc4j/src/main/java/org/digidoc4j/CertificateValidatorBuilder.java
  10. +625 −81 digidoc4j/src/main/java/org/digidoc4j/Configuration.java
  11. +74 −13 digidoc4j/src/main/java/org/digidoc4j/ConfigurationParameter.java
  12. +1 −1 digidoc4j/src/main/java/org/digidoc4j/Container.java
  13. +1 −1 digidoc4j/src/main/java/org/digidoc4j/ContainerBuilder.java
  14. +1 −1 digidoc4j/src/main/java/org/digidoc4j/ContainerOpener.java
  15. +8 −8 digidoc4j/src/main/java/org/digidoc4j/DataFile.java
  16. +30 −0 digidoc4j/src/main/java/org/digidoc4j/DataLoaderFactory.java
  17. +2 −2 digidoc4j/src/main/java/org/digidoc4j/DetachedXadesSignatureBuilder.java
  18. +2 −2 digidoc4j/src/main/java/org/digidoc4j/DigestAlgorithm.java
  19. +2 −2 digidoc4j/src/main/java/org/digidoc4j/DigestDataFile.java
  20. +1 −1 digidoc4j/src/main/java/org/digidoc4j/ExtendedCertificateSource.java
  21. +81 −0 digidoc4j/src/main/java/org/digidoc4j/ExternalConnectionType.java
  22. +1 −1 digidoc4j/src/main/java/org/digidoc4j/LargeDataFile.java
  23. +6 −6 digidoc4j/src/main/java/org/digidoc4j/OCSPSourceBuilder.java
  24. +7 −0 digidoc4j/src/main/java/org/digidoc4j/Signature.java
  25. +1 −1 digidoc4j/src/main/java/org/digidoc4j/SignatureBuilder.java
  26. +2 −2 digidoc4j/src/main/java/org/digidoc4j/SignatureParameters.java
  27. +4 −4 digidoc4j/src/main/java/org/digidoc4j/SignatureValidationResult.java
  28. +2 −2 digidoc4j/src/main/java/org/digidoc4j/SignedInfo.java
  29. +4 −4 digidoc4j/src/main/java/org/digidoc4j/TSLCertificateSource.java
  30. +10 −0 digidoc4j/src/main/java/org/digidoc4j/exceptions/ConfigurationException.java
  31. +1 −1 digidoc4j/src/main/java/org/digidoc4j/exceptions/SignatureVerificationException.java
  32. +20 −0 digidoc4j/src/main/java/org/digidoc4j/exceptions/TimestampAfterOCSPResponseTimeException.java
  33. +4 −4 digidoc4j/src/main/java/org/digidoc4j/impl/AbstractSignatureValidationResult.java
  34. +2 −2 digidoc4j/src/main/java/org/digidoc4j/impl/CommonOCSPCertificateSource.java
  35. +10 −6 digidoc4j/src/main/java/org/digidoc4j/impl/CommonOCSPSource.java
  36. +13 −16 digidoc4j/src/main/java/org/digidoc4j/impl/OCSPCertificateValidator.java
  37. +49 −0 digidoc4j/src/main/java/org/digidoc4j/impl/OcspDataLoaderFactory.java
  38. +13 −13 digidoc4j/src/main/java/org/digidoc4j/impl/SKOnlineOCSPSource.java
  39. +31 −0 digidoc4j/src/main/java/org/digidoc4j/impl/ServiceAccessEvent.java
  40. +7 −0 digidoc4j/src/main/java/org/digidoc4j/impl/ServiceAccessListener.java
  41. +62 −0 digidoc4j/src/main/java/org/digidoc4j/impl/ServiceAccessScope.java
  42. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/SignatureFinalizer.java
  43. +18 −4 digidoc4j/src/main/java/org/digidoc4j/impl/SkDataLoader.java
  44. +5 −2 digidoc4j/src/main/java/org/digidoc4j/impl/SkOCSPDataLoader.java
  45. +5 −2 digidoc4j/src/main/java/org/digidoc4j/impl/SkTimestampDataLoader.java
  46. +6 −6 digidoc4j/src/main/java/org/digidoc4j/impl/StreamDocument.java
  47. +49 −0 digidoc4j/src/main/java/org/digidoc4j/impl/TspDataLoaderFactory.java
  48. +5 −8 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicContainer.java
  49. +2 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicContainerCreator.java
  50. +3 −3 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicContainerParser.java
  51. +15 −4 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicContainerValidationResult.java
  52. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicDataFile.java
  53. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicEntry.java
  54. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicFileContainerParser.java
  55. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicParseResult.java
  56. +7 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicSignature.java
  57. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicSignatureBuilder.java
  58. +15 −14 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicSignatureFinalizer.java
  59. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicSignatureParser.java
  60. +2 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicStreamContainerParser.java
  61. +16 −6 digidoc4j/src/main/java/org/digidoc4j/impl/asic/AsicValidationReportBuilder.java
  62. +0 −30 digidoc4j/src/main/java/org/digidoc4j/impl/asic/CachingDataLoader.java
  63. +113 −42 digidoc4j/src/main/java/org/digidoc4j/impl/asic/DataLoaderDecorator.java
  64. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/DetachedContentCreator.java
  65. +13 −24 digidoc4j/src/main/java/org/digidoc4j/impl/asic/OcspNonceValidator.java
  66. +30 −9 digidoc4j/src/main/java/org/digidoc4j/impl/asic/SKCommonCertificateVerifier.java
  67. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/TimeStampContainerValidationResult.java
  68. +2 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/TimeStampTokenValidator.java
  69. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/asice/AsicEContainerValidator.java
  70. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/asice/bdoc/BDocSignatureFinalizer.java
  71. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/manifest/AsicManifest.java
  72. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/manifest/ManifestParser.java
  73. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/manifest/ManifestValidator.java
  74. +2 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/ocsp/BDocTMOcspSource.java
  75. +2 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/report/ContainerValidationReport.java
  76. +2 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/report/SignatureValidationReport.java
  77. +25 −6 digidoc4j/src/main/java/org/digidoc4j/impl/asic/report/SignatureValidationReportCreator.java
  78. +173 −0 digidoc4j/src/main/java/org/digidoc4j/impl/asic/tsl/CompoundCertificatePool.java
  79. +0 −115 digidoc4j/src/main/java/org/digidoc4j/impl/asic/tsl/LazyCertificatePool.java
  80. +13 −15 digidoc4j/src/main/java/org/digidoc4j/impl/asic/tsl/LazyTslCertificateSource.java
  81. +10 −4 digidoc4j/src/main/java/org/digidoc4j/impl/asic/tsl/TSLCertificateSourceImpl.java
  82. +66 −0 digidoc4j/src/main/java/org/digidoc4j/impl/asic/tsl/TslDataLoaderFactory.java
  83. +18 −44 digidoc4j/src/main/java/org/digidoc4j/impl/asic/tsl/TslLoader.java
  84. +16 −11 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/BesSignature.java
  85. +8 −9 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/SignatureExtender.java
  86. +8 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/TimemarkSignature.java
  87. +3 −3 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/TimestampSignature.java
  88. +9 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/XadesSignature.java
  89. +2 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/XadesSignatureParser.java
  90. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/XadesSignatureWrapper.java
  91. +21 −21 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/XadesSigningDssFacade.java
  92. +2 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/XadesValidationDssFacade.java
  93. +2 −2 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/XadesValidationReportGenerator.java
  94. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/XadesValidationReportProcessor.java
  95. +5 −5 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/validation/FullSimpleReportBuilder.java
  96. +9 −0 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/validation/SignatureValidationData.java
  97. +1 −0 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/validation/SignatureValidationTask.java
  98. +0 −8 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/validation/TimemarkSignatureValidator.java
  99. +46 −9 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/validation/TimestampSignatureValidator.java
  100. +20 −20 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/validation/XadesSignatureValidator.java
  101. +1 −1 digidoc4j/src/main/java/org/digidoc4j/impl/asic/xades/validation/XadesValidationResult.java
  102. +5 −0 digidoc4j/src/main/java/org/digidoc4j/impl/ddoc/DDocSignature.java
  103. +8 −8 digidoc4j/src/main/java/org/digidoc4j/impl/pades/PadesContainer.java
  104. +3 −3 digidoc4j/src/main/java/org/digidoc4j/impl/pades/PadesContainerValidationResult.java
  105. +2 −2 digidoc4j/src/main/java/org/digidoc4j/main/CommandLineExecutor.java
  106. +5 −5 digidoc4j/src/main/java/org/digidoc4j/main/ContainerVerifier.java
  107. +3 −3 digidoc4j/src/main/java/org/digidoc4j/main/KeystoreGenerator.java
  108. +1 −1 digidoc4j/src/main/java/org/digidoc4j/main/MultipleContainersExecutor.java
  109. +5 −5 digidoc4j/src/main/java/org/digidoc4j/signers/PKCS11SignatureToken.java
  110. +4 −4 digidoc4j/src/main/java/org/digidoc4j/signers/PKCS12SignatureToken.java
  111. +9 −10 digidoc4j/src/main/java/org/digidoc4j/signers/TimestampToken.java
  112. +30 −0 digidoc4j/src/main/java/org/digidoc4j/utils/DateUtils.java
  113. +4 −4 digidoc4j/src/main/java/org/digidoc4j/utils/Helper.java
  114. +1 −1 digidoc4j/src/main/java/org/digidoc4j/utils/MimeTypeUtil.java
  115. +2 −2 digidoc4j/src/main/java/org/digidoc4j/utils/PolicyUtils.java
  116. +35 −0 digidoc4j/src/main/java/org/digidoc4j/utils/ResourceUtils.java
  117. +64 −0 digidoc4j/src/main/java/org/digidoc4j/utils/ZipEntryInputStream.java
  118. +5 −4 digidoc4j/src/main/resources/conf/constraint.xml
  119. +0 −347 digidoc4j/src/main/resources/conf/eIDAS_test_constraint.xml
  120. +9 −7 digidoc4j/src/main/resources/conf/test_constraint.xml
  121. +25 −0 digidoc4j/src/main/resources/defaults/demo_aia_ocsp.yaml
  122. +25 −0 digidoc4j/src/main/resources/defaults/live_aia_ocsp.yaml
  123. +161 −0 digidoc4j/src/main/resources/digidoc4j-test.yaml
  124. +3 −51 digidoc4j/src/main/resources/digidoc4j.yaml
  125. BIN digidoc4j/src/main/resources/ssl/tsl_truststore.p12
  126. +10 −12 digidoc4j/src/test/java/org/digidoc4j/AbstractTest.java
  127. +2 −2 digidoc4j/src/test/java/org/digidoc4j/CertificateValidatorBuilderTest.java
  128. +348 −23 digidoc4j/src/test/java/org/digidoc4j/ConfigurationTest.java
  129. +14 −9 digidoc4j/src/test/java/org/digidoc4j/ContainerTest.java
  130. +1 −1 digidoc4j/src/test/java/org/digidoc4j/FileWritingOperationsTest.java
  131. +2 −2 digidoc4j/src/test/java/org/digidoc4j/SignatureBuilderTest.java
  132. +10 −10 digidoc4j/src/test/java/org/digidoc4j/SignatureTest.java
  133. +2 −2 digidoc4j/src/test/java/org/digidoc4j/impl/DataToSignSerializationTest.java
  134. +41 −0 digidoc4j/src/test/java/org/digidoc4j/impl/OcspDataLoaderFactoryTest.java
  135. +153 −0 digidoc4j/src/test/java/org/digidoc4j/impl/ServiceAccessScopeTest.java
  136. +3 −20 digidoc4j/src/test/java/org/digidoc4j/impl/SkDataLoaderTest.java
  137. +47 −3 digidoc4j/src/test/java/org/digidoc4j/impl/SkOCSPDataLoaderTest.java
  138. +48 −4 digidoc4j/src/test/java/org/digidoc4j/impl/SkTimestampDataLoaderTest.java
  139. +3 −3 digidoc4j/src/test/java/org/digidoc4j/impl/StreamDocumentTest.java
  140. +41 −0 digidoc4j/src/test/java/org/digidoc4j/impl/TspDataLoaderFactoryTest.java
  141. +520 −0 digidoc4j/src/test/java/org/digidoc4j/impl/asic/DataLoaderDecoratorTest.java
  142. +418 −0 digidoc4j/src/test/java/org/digidoc4j/impl/asic/tsl/CompoundCertificatePoolTest.java
  143. +110 −0 digidoc4j/src/test/java/org/digidoc4j/impl/asic/tsl/TslDataLoaderFactoryTest.java
  144. +12 −16 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/BDocContainerTest.java
  145. +4 −5 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/BDocSignatureOpenerTest.java
  146. +39 −7 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/ContainerParticlesRemovalTest.java
  147. +318 −0 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/IncompleteSigningTest.java
  148. +75 −49 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/ValidationTests.java
  149. +44 −0 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/asic/AsicSignatureFinalizerTest.java
  150. +9 −9 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/asic/TimeStampTokenTest.java
  151. +1 −1 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/manifest/ManifestParserTest.java
  152. +4 −4 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/manifest/ManifestValidatorTest.java
  153. +2 −2 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/ocsp/CommonOCSPSourceTest.java
  154. +39 −0 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/ocsp/OCSPSourceBuilderTest.java
  155. +9 −7 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/ocsp/SKOnlineOCSPSourceTest.java
  156. +9 −8 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/report/SignatureValidationReportTest.java
  157. +28 −6 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/report/ValidationReportTest.java
  158. +3 −3 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/tsl/LazyTslLoadingTest.java
  159. +109 −0 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/tsl/TslIntegrityTest.java
  160. +10 −11 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/tsl/TslLoaderTest.java
  161. +6 −4 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/xades/XadesSignatureParserTest.java
  162. +8 −8 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/xades/XadesSigningDssFacadeTest.java
  163. +5 −5 digidoc4j/src/test/java/org/digidoc4j/impl/bdoc/xades/XadesValidationReportProcessorTest.java
  164. +9 −3 digidoc4j/src/test/java/org/digidoc4j/impl/edoc/TimeStampValidationForEDocTest.java
  165. +2 −2 digidoc4j/src/test/java/org/digidoc4j/jvm/JvmParametersTest.java
  166. +12 −9 digidoc4j/src/test/java/org/digidoc4j/main/DigiDoc4JTest.java
  167. +1 −1 digidoc4j/src/test/java/org/digidoc4j/signers/ExternalSignerTest.java
  168. +1 −1 digidoc4j/src/test/java/org/digidoc4j/test/MockDataFile.java
  169. +7 −8 digidoc4j/src/test/java/org/digidoc4j/test/MockOCSPSource.java
  170. +5 −2 digidoc4j/src/test/java/org/digidoc4j/test/MockSignature.java
  171. +1 −1 digidoc4j/src/test/java/org/digidoc4j/test/MockSignatureBuilder.java
  172. +1 −1 digidoc4j/src/test/java/org/digidoc4j/test/MockStreamDocument.java
  173. +24 −15 digidoc4j/src/test/java/org/digidoc4j/test/TestAssert.java
  174. +2 −2 digidoc4j/src/test/java/org/digidoc4j/test/util/TestTSLUtil.java
  175. +4 −5 digidoc4j/src/test/java/org/digidoc4j/utils/CertificatesForTests.java
  176. +43 −0 digidoc4j/src/test/java/org/digidoc4j/utils/DateUtilsTest.java
  177. +1 −1 digidoc4j/src/test/java/org/digidoc4j/utils/HelperTest.java
  178. +2 −2 digidoc4j/src/test/java/org/digidoc4j/utils/PolicyUtilsTest.java
  179. +42 −0 digidoc4j/src/test/java/org/digidoc4j/utils/ResourceUtilsTest.java
  180. +242 −0 digidoc4j/src/test/java/org/digidoc4j/utils/ZipEntryInputStreamTest.java
  181. BIN ...s/{valid-containers/valid_edoc2_lv-eId_sha256.edoc → invalid-containers/edoc2_lv-eId_sha256.edoc}
  182. +37 −0 digidoc4j/src/test/resources/testFiles/certs/TEST_of_ESTEID-SK_2015.pem.crt
  183. +20 −23 digidoc4j/src/test/resources/testFiles/certs/exampleCA.cer
  184. +45 −8 digidoc4j/src/test/resources/testFiles/constraints/eIDAS_test_constraint_all_fail_level.xml
  185. +0 −347 digidoc4j/src/test/resources/testFiles/constraints/eIDAS_test_constraint_all_inform_level.xml
  186. +45 −8 digidoc4j/src/test/resources/testFiles/constraints/eIDAS_test_constraint_all_warn_level.xml
  187. +45 −8 digidoc4j/src/test/resources/testFiles/constraints/eIDAS_test_constraint_version_fail.xml
  188. +45 −8 digidoc4j/src/test/resources/testFiles/constraints/eIDAS_test_constraint_well_signed_fail.xml
  189. +380 −242 digidoc4j/src/test/resources/testFiles/constraints/moved_constraint.xml
  190. BIN ...rc/test/resources/testFiles/{valid-containers → invalid-containers}/latvian_signed_container.edoc
  191. BIN ...st/resources/testFiles/invalid-containers/signing_certificate_not_valid_during_timestamping.asice
  192. BIN digidoc4j/src/test/resources/testFiles/p12/user_one.p12
  193. BIN digidoc4j/src/test/resources/testFiles/truststores/empty-truststore.p12
  194. BIN digidoc4j/src/test/resources/testFiles/truststores/lotl-ssl-only-truststore.p12
  195. +54 −0 digidoc4j/src/test/resources/testFiles/yaml-configurations/digidoc_test_all_optional_settings.yaml
  196. +15 −0 ...est/resources/testFiles/yaml-configurations/digidoc_test_conf_generic_proxy_and_ssl_settings.yaml
  197. +47 −0 ...st/resources/testFiles/yaml-configurations/digidoc_test_conf_specific_proxy_and_ssl_settings.yaml
  198. +35 −24 pom.xml
  199. +1 −1 publish.sh
@@ -1,3 +1,4 @@
.idea/*
target/*
*.iml
**/.DS_Store
@@ -11,9 +11,9 @@
</profile>
</annotationProcessing>
<bytecodeTargetLevel>
<module name="ddoc4j" target="1.7" />
<module name="digidoc4j" target="1.7" />
<module name="digidoc4j-parent" target="1.7" />
<module name="ddoc4j" target="1.8" />
<module name="digidoc4j" target="1.8" />
<module name="digidoc4j-parent" target="1.8" />
</bytecodeTargetLevel>
</component>
</project>
@@ -12,3 +12,4 @@ Developers:
Janar Rahumeel <janar.rahumeel@cgi.com>
Andres Voll <andres.voll@nortal.com>
Jorgen Heinsoo <jorgen.heinsoo@nortal.com>
Risto Seene <risto.seene@nortal.com>
@@ -19,16 +19,16 @@ DigiDoc4j is a Java library for digitally signing documents and creating digital

# BDOC (ASiC-E - Associated Signature Container Extended) container format
* Has **.bdoc**, **.asice** or **.sce** extension
* BDOC is a new digital signature format developed in 2014 to replace the old, DDOC (DigiDoc) digital signature format.
* BDOC is a new digital signature format developed in 2014 to replace the old, DDOC (DigiDoc) digital signature format.
* The benefits of the new format include the higher security level, the long-term integrity of the signed documents, as well as the better compliance with international standards.
* BDOC container is based on **ASiC-E** standard.
* Signatures are stored in **XAdES** format.
* Supports two signature formats: **BDOC-TM** and **BDOC-TS**
* **BDOC-TM** signature format has **time-mark** ensuring long-term provability of the authenticity of the signature.
* **BDOC-TM** signature format has **time-mark** ensuring long-term provability of the authenticity of the signature.
* This format has been used as a default digital signature format in Estonia since 2015.
* It is based on **XAdES baseline LT** signature format.
* Recommended extension is **.bdoc**
* **BDOC-TS** signature format has **time-stamp**.
* **BDOC-TS** signature format has **time-stamp**.
* In contrast to the BDOC-TM format, long-term provability of the authenticity of the signature is ensured by time-stamps.
* It is based on **XAdES baseline LT** signature format and uses RFC3161 based time-stamps which makes it highly compliant in international context.
* To ensure better compliance with international standards, it's recommended to sign documents with the **BDOC-TS time-stamp** signature profile.
@@ -51,21 +51,21 @@ DigiDoc4j is a Java library for digitally signing documents and creating digital
* The DigiDoc container includes the source files (the files that were signed) as well as the signatures that are related to the signed file(s)
* Every signature contains the certificate, validity confirmation and the validity confirmation service certificate.


# Documentation
* [DigiDoc4j API](http://open-eid.github.io/digidoc4j/)
* [Examples](https://github.com/open-eid/digidoc4j/wiki/Examples-of-using-it)
* [Wiki](https://github.com/open-eid/digidoc4j/wiki)
* [Pivotal Tracker](https://www.pivotaltracker.com/n/projects/1110130) contains user stories and issues
* [Architecture of ID-software](http://open-eid.github.io/)
* [Digital signature formats](http://www.id.ee/index.php?id=36108)
* [BDOC 2.1.2 specification](http://id.ee/public/bdoc-spec212-eng.pdf)
* [DDOC specification](http://www.id.ee/public/DigiDoc_format_1.3.pdf)

# Requirements
* Java 1.7
* Java **8** (since version 4.0.0-RC.1)
* Internet access to external verification services
* OCSP (Online Certificate Status Protocol) - http://ocsp.sk.ee
* EU TSL (European Commission's Trusted Status List) - https://ec.europa.eu/tools/lotl/eu-lotl.xml
* EU TSL (European Commission's Trusted Status List) - https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
* All the EU member states' TL servers referred in the EU TSL. Note that this list may change. (e.g. https://sr.riik.ee/tsl/estonian-tsl.xml, https://sede.minetur.gob.es/Prestadores/TSL/TSL.xml, https://www.viestintavirasto.fi/attachments/TSL-Ficora.xml etc.)
* TSA (Time Stamping Authority) - http://tsa.sk.ee

@@ -76,18 +76,15 @@ You can use the library as a Maven dependency from the Maven Central (http://mvn
<dependency>
<groupId>org.digidoc4j</groupId>
<artifactId>digidoc4j</artifactId>
<version>3.x.x</version>
<version>4.x.x</version>
</dependency>
```

# Known issues
The list of issues are tracked in [GitHub](https://github.com/open-eid/digidoc4j/issues)

# Licence
* LGPL (GNU Library General Public License, see LICENSE.LGPL)
* © Estonian Information System Authority

## Support
Official builds are provided through [releases](https://github.com/open-eid/digidoc4j/releases). If you want support, you need to be using official builds. Contact for assistance by email [help@ria.ee](mailto:help@ria.ee).
Official builds are provided through official distribution point [installer.id.ee](https://installer.id.ee). If you want support, you need to be using official builds. Contact for assistance by email [abi@id.ee](mailto:abi@id.ee) or [www.id.ee](http://www.id.ee).

Source code is provided on "as is" terms with no warranty (see license for more information). Do not file Github issues with generic support requests.
@@ -1,6 +1,44 @@
DigiDoc4J Java library release notes
------------------------------------

Release 4.0.0-RC.1
------------------
NB! 4.0.0-RC.1 introduces breaking changes compared to 3.x.x version. Substantial changes may be further introduced before finalization of version 4.0.0.

Summary of the major changes since 3.3.0
------------------------------------------
* Required minimum Java version increased to 8
* Started to use DSS version 5.5 (sd-dss.5.5.d4j.1)
* Enabled SSL certificate validation enforcement + added default TSL truststore for PROD mode
- when using custom digidoc4j.yaml and default TSL in PROD mode, the usage of the default TSL truststore must be configured in digidoc4j.yaml
* Improved configurability of SSL settings, added possibility to configure SSL and proxy settings separately for TSL, OCSP and TSP
* Additional checks for XAdES signature validation:
- if present, timestamp must be taken during the validity period of the signing certificate
- if present, timestamp must be taken before or at the same time as OCSP
* API improvements:
- possibility to add custom data loaders for TSL loading, OCSP and TSP requests
- possibility to listen to OCSP and TSP events when using default data loaders
* Reduced logging of personal information at INFO level
* Dependencies update

Bug fixes (inconclusive list):
------------------------------
* Ensure that signature creation fails if making an OCSP request is not possible
* Allow signatures with different signature digest algorithm and data files digest algorithm to correctly validate
* Always re-validate a container when asked for a container validation result in order to avoid returning stale results in case the container has been updated since last validation
* Removed creation of temporary TSL keystore files that were never deleted

Known issues
------------
* We have noticed a decrease in performance with new DSS 5.5 version
* Opening a container that contains signatures, triggers TSL loading (TSL lazy loading does not work as expected)
* BouncyCastle versions 1.64 and up are not supported when validating signatures containing encapsulated CRL data
* While upgrading from version older than 2.1.1 be sure that your integration :
- doesn't use Xalan or XercesImpl dependencies
- uses a patched Java version (JDK7u40+, JDK8 or higher)
Xalan and XercesImpl were used to patch XML vulnerabilities in older java versions. They should be discarded with higher versions because they override default Java XML security.
If it is not possible to remove Xalan, then you can set your system property to override TransformerFactory : System.setProperty("javax.xml.transform.TransformerFactory","com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl");

Release 3.3.0
------------------
Summary of the major changes since 3.2.0
@@ -6,7 +6,7 @@
<groupId>org.digidoc4j</groupId>
<artifactId>ddoc4j</artifactId>
<packaging>jar</packaging>
<version>3.3.0</version>
<version>4.0.0-RC.1</version>

<name>DDoc4J</name>
<description>DDoc4J is Java Library for validating DDOC documents. It's not recommended to use it directly but rather through DigiDoc4J's API.</description>
@@ -15,7 +15,7 @@
<parent>
<artifactId>digidoc4j-parent</artifactId>
<groupId>org.digidoc4j</groupId>
<version>3.3.0</version>
<version>4.0.0-RC.1</version>
</parent>

<dependencies>
@@ -7,7 +7,7 @@
<groupId>org.digidoc4j</groupId>
<artifactId>digidoc4j</artifactId>
<packaging>jar</packaging>
<version>3.3.0</version>
<version>4.0.0-RC.1</version>

<name>DigiDoc4j</name>
<description>DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers
@@ -18,14 +18,14 @@
<parent>
<artifactId>digidoc4j-parent</artifactId>
<groupId>org.digidoc4j</groupId>
<version>3.3.0</version>
<version>4.0.0-RC.1</version>
</parent>

<properties>
<logback-classic.version>1.2.3</logback-classic.version>
<junit.version>4.12</junit.version>
<dss.groupId>org.digidoc4j.dss</dss.groupId>
<dss.version>5.4.d4j.1</dss.version>
<dss.version>5.5.d4j.1</dss.version>
<dss.util.build>${project.build.directory}/build/util</dss.util.build>
<dss.util.lib>${project.build.directory}/library/util</dss.util.lib>
<dss.zip.lib>${project.build.directory}/library/zip</dss.zip.lib>
@@ -43,7 +43,7 @@
<dependency>
<artifactId>ddoc4j</artifactId>
<groupId>org.digidoc4j</groupId>
<version>3.3.0</version>
<version>4.0.0-RC.1</version>
</dependency>

<dependency>
@@ -89,15 +89,10 @@
<artifactId>httpclient</artifactId>
<version>4.5.8</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.4.11</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>2.1.3</version>
<version>2.1.4</version>
<exclusions>
<exclusion>
<groupId>org.codehaus.woodstox</groupId>
@@ -120,11 +115,6 @@
<artifactId>log4j-over-slf4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>${dss.groupId}</groupId>
<artifactId>dss-common-validation-jaxb</artifactId>
<version>${dss.version}</version>
</dependency>
<dependency>
<groupId>${dss.groupId}</groupId>
<artifactId>dss-detailed-report-jaxb</artifactId>
@@ -150,11 +140,6 @@
<artifactId>dss-policy-jaxb</artifactId>
<version>${dss.version}</version>
</dependency>
<dependency>
<groupId>${dss.groupId}</groupId>
<artifactId>dss-reports</artifactId>
<version>${dss.version}</version>
</dependency>
<dependency>
<groupId>${dss.groupId}</groupId>
<artifactId>dss-service</artifactId>
@@ -175,11 +160,6 @@
<artifactId>dss-token</artifactId>
<version>${dss.version}</version>
</dependency>
<dependency>
<groupId>${dss.groupId}</groupId>
<artifactId>dss-tsl-jaxb</artifactId>
<version>${dss.version}</version>
</dependency>
<dependency>
<groupId>${dss.groupId}</groupId>
<artifactId>dss-tsl-validation</artifactId>
@@ -240,6 +220,11 @@
<artifactId>dss-utils-google-guava</artifactId>
<version>${dss.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>28.1-jre</version>
</dependency>
<dependency>
<groupId>${dss.groupId}</groupId>
<artifactId>dss-crl-parser</artifactId>
@@ -4,7 +4,7 @@

import org.digidoc4j.exceptions.CertificateValidationException;

import eu.europa.esig.dss.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.CertificateSource;

/**
* Created by Janar Rahumeel (CGI Estonia)
@@ -7,9 +7,9 @@
import org.digidoc4j.impl.CommonOCSPCertificateSource;
import org.digidoc4j.impl.OCSPCertificateValidator;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.x509.CertificateSource;
import eu.europa.esig.dss.x509.ocsp.OCSPSource;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPSource;

/**
* Builder for certificate validator. Currently only OCSP is supported

0 comments on commit 0bd64fe

Please sign in to comment.
You can’t perform that action at this time.