Skip to content
Permalink
Browse files

Prepare for release 4.0.0-RC.1

  • Loading branch information
rsarendus committed Dec 18, 2019
1 parent 408dfe9 commit 563cff344907ef69325726226794e455c7c20a73
Showing with 76 additions and 27 deletions.
  1. +1 −0 AUTHORS
  2. +27 −20 README.md
  3. +35 −0 RELEASE-NOTES.txt
  4. +2 −2 ddoc4j/pom.xml
  5. +3 −3 digidoc4j/pom.xml
  6. +7 −1 pom.xml
  7. +1 −1 publish.sh
@@ -12,3 +12,4 @@ Developers:
Janar Rahumeel <janar.rahumeel@cgi.com>
Andres Voll <andres.voll@nortal.com>
Jorgen Heinsoo <jorgen.heinsoo@nortal.com>
Risto Seene <risto.seene@nortal.com>
@@ -5,9 +5,10 @@
DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers of signed documents.

# Features
* Creating BDOC, ASiC-E and DDOC containers
* Digitally signing containers in XAdES format
* Creating BDOC, ASiC-E containers
* Validating BDOC, ASiC-E and DDOC containers
* Creating, signing, timestamping and validating ASiC-S containers
* Creating and validating detached XadES

# How to use it
* Take a look at the [examples](https://github.com/open-eid/digidoc4j/wiki/Examples-of-using-it)
@@ -16,23 +17,31 @@ DigiDoc4j is a Java library for digitally signing documents and creating digital
* Download the latest [release](https://github.com/open-eid/digidoc4j/releases)
* See the [library development guide](https://github.com/open-eid/digidoc4j/wiki/Development). Your contribution and pull requests are more than welcome

# BDOC (ASiC-E) container format
* Has **.bdoc** or **.asice** extension
* BDOC is a new digital signature format developed in 2014 to replace the old, DDOC (DigiDoc) digital signature format.
# BDOC (ASiC-E - Associated Signature Container Extended) container format
* Has **.bdoc**, **.asice** or **.sce** extension
* BDOC is a new digital signature format developed in 2014 to replace the old, DDOC (DigiDoc) digital signature format.
* The benefits of the new format include the higher security level, the long-term integrity of the signed documents, as well as the better compliance with international standards.
* BDOC container is based on **ASiC-E** standard.
* Signatures are stored in **XAdES** format.
* Supports two signature formats: **BDOC-TM** and **BDOC-TS**
* **BDOC-TM** signature format has **time-mark** ensuring long-term provability of the authenticity of the signature.
* This format has been used as a default digital signature format in Estonia since 2015.
* It is based on **XAdES baseline LT** signature format.
* Recommended extension is **.bdoc**
* **BDOC-TS** signature format has **time-stamp**.
* In contrast to the BDOC-TM format, long-term provability of the authenticity of the signature is ensured by time-stamps.
* It is based on **XAdES baseline LT** signature format and uses RFC3161 based time-stamps which makes it highly compliant in international context.
* To ensure better compliance with international standards, it's recommended to sign documents with the **BDOC-TS time-stamp** signature profile.
* Recommended extension is **.asice**
* **BDOC-TM** signature format has **time-mark** ensuring long-term provability of the authenticity of the signature.
* This format has been used as a default digital signature format in Estonia since 2015.
* It is based on **XAdES baseline LT** signature format.
* Recommended extension is **.bdoc**
* **BDOC-TS** signature format has **time-stamp**.
* In contrast to the BDOC-TM format, long-term provability of the authenticity of the signature is ensured by time-stamps.
* It is based on **XAdES baseline LT** signature format and uses RFC3161 based time-stamps which makes it highly compliant in international context.
* To ensure better compliance with international standards, it's recommended to sign documents with the **BDOC-TS time-stamp** signature profile.
* Recommended extension is **.asice**
* **.bdoc** or **.asice** file is in fact a ZIP container with the signed files, the signatures and the protocol control information and can basically be opened by any program that recognizes the ZIP format.
* It is recommended not to use special characters in the data file’s name, i.e. it is suggested to use only the characters that are categorized as “unreserved” according to RFC3986 (http://tools.ietf.org/html/rfc3986).

# ASiC-S (ASiC-E - Associated Signature Container Simple) container format
* Has **.asics** or **.scs** extension
* Container associates one data file with either:
- one signature file containing one or more detached digital signature(s) that apply to it; or
- one time assertion file containing a time assertion that apply to it.
* This format is used for timestamping the old DDOC containers in order to prove the inviolability of documents.

# DDOC container format
* Has **.ddoc** extension
@@ -46,16 +55,17 @@ DigiDoc4j is a Java library for digitally signing documents and creating digital
* [DigiDoc4j API](http://open-eid.github.io/digidoc4j/)
* [Examples](https://github.com/open-eid/digidoc4j/wiki/Examples-of-using-it)
* [Wiki](https://github.com/open-eid/digidoc4j/wiki)
* [Pivotal Tracker](https://www.pivotaltracker.com/n/projects/1110130) contains user stories and issues
* [Architecture of ID-software](http://open-eid.github.io/)
* [Digital signature formats](http://www.id.ee/index.php?id=36108)
* [BDOC 2.1.2 specification](http://id.ee/public/bdoc-spec212-eng.pdf)
* [DDOC specification](http://www.id.ee/public/DigiDoc_format_1.3.pdf)

# Requirements
* Java 1.7
* Java **8** (since version 4.0.0-RC.1)
* Internet access to external verification services
* OCSP (Online Certificate Status Protocol) - http://ocsp.sk.ee
* EU TSL (European Commission's Trusted Status List) - https://ec.europa.eu/tools/lotl/eu-lotl.xml
* EU TSL (European Commission's Trusted Status List) - https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
* All the EU member states' TL servers referred in the EU TSL. Note that this list may change. (e.g. https://sr.riik.ee/tsl/estonian-tsl.xml, https://sede.minetur.gob.es/Prestadores/TSL/TSL.xml, https://www.viestintavirasto.fi/attachments/TSL-Ficora.xml etc.)
* TSA (Time Stamping Authority) - http://tsa.sk.ee

@@ -66,13 +76,10 @@ You can use the library as a Maven dependency from the Maven Central (http://mvn
<dependency>
<groupId>org.digidoc4j</groupId>
<artifactId>digidoc4j</artifactId>
<version>3.x.x</version>
<version>4.x.x</version>
</dependency>
```

# Known issues
The list of issues are tracked in [GitHub](https://github.com/open-eid/digidoc4j/issues)

# Licence
* LGPL (GNU Library General Public License, see LICENSE.LGPL)
* © Estonian Information System Authority
@@ -1,6 +1,41 @@
DigiDoc4J Java library release notes
------------------------------------

Release 4.0.0-RC.1
------------------
Summary of the major changes since 3.3.0
------------------------------------------
* Required minimum Java version increased to 8
* Started to use DSS version 5.5 (sd-dss.5.5.d4j.1)
* Enabled SSL certificate validation enforcement + added default TSL truststore for PROD mode
* Improved configurability of SSL settings, added possibility to configure SSL and proxy settings separately for TSL, OCSP and TSP
* Additional checks for XAdES signature validation:
- if present, timestamp must be taken during the validity period of the signing certificate
- if present, timestamp must be taken before or at the same time as OCSP
* API improvements:
- possibility to add custom data loaders for TSL loading, OCSP and TSP requests
- possibility to listen to OCSP and TSP events when using default data loaders
* Reduced logging of personal information at INFO level
* Dependencies update

Bug fixes (inconclusive list):
------------------------------
* Ensure that signature creation fails if making an OCSP request is not possible
* Allow signatures with different signature digest algorithm and data files digest algorithm to correctly validate
* Always re-validate a container when asked for a container validation result in order to avoid returning stale results in case the container has been updated
* Removed creation of temporary TSL keystore files that were never deleted

Known issues
------------
* We have noticed a decrease in performance with new DSS 5.5 version
* Opening a container that contains signatures, triggers TSL loading (TSL lazy loading does not work as expected)
* BouncyCastle versions 1.64 and up are not supported when validating signatures containing encapsulated CRL data
* While upgrading from version older than 2.1.1 be sure that your integration :
- doesn't use Xalan or XercesImpl dependencies
- uses a patched Java version (JDK7u40+, JDK8 or higher)
Xalan and XercesImpl were used to patch XML vulnerabilities in older java versions. They should be discarded with higher versions because they override default Java XML security.
If it is not possible to remove Xalan, then you can set your system property to override TransformerFactory : System.setProperty("javax.xml.transform.TransformerFactory","com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl");

Release 3.3.0
------------------
Summary of the major changes since 3.2.0
@@ -6,7 +6,7 @@
<groupId>org.digidoc4j</groupId>
<artifactId>ddoc4j</artifactId>
<packaging>jar</packaging>
<version>4.0.0-SNAPSHOT</version>
<version>4.0.0-RC.1</version>

<name>DDoc4J</name>
<description>DDoc4J is Java Library for validating DDOC documents. It's not recommended to use it directly but rather through DigiDoc4J's API.</description>
@@ -15,7 +15,7 @@
<parent>
<artifactId>digidoc4j-parent</artifactId>
<groupId>org.digidoc4j</groupId>
<version>4.0.0-SNAPSHOT</version>
<version>4.0.0-RC.1</version>
</parent>

<dependencies>
@@ -7,7 +7,7 @@
<groupId>org.digidoc4j</groupId>
<artifactId>digidoc4j</artifactId>
<packaging>jar</packaging>
<version>4.0.0-SNAPSHOT</version>
<version>4.0.0-RC.1</version>

<name>DigiDoc4j</name>
<description>DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers
@@ -18,7 +18,7 @@
<parent>
<artifactId>digidoc4j-parent</artifactId>
<groupId>org.digidoc4j</groupId>
<version>4.0.0-SNAPSHOT</version>
<version>4.0.0-RC.1</version>
</parent>

<properties>
@@ -43,7 +43,7 @@
<dependency>
<artifactId>ddoc4j</artifactId>
<groupId>org.digidoc4j</groupId>
<version>4.0.0-SNAPSHOT</version>
<version>4.0.0-RC.1</version>
</dependency>

<dependency>
@@ -6,7 +6,7 @@

<groupId>org.digidoc4j</groupId>
<artifactId>digidoc4j-parent</artifactId>
<version>4.0.0-SNAPSHOT</version>
<version>4.0.0-RC.1</version>
<packaging>pom</packaging>

<name>DigiDoc4J parent</name>
@@ -121,6 +121,12 @@
<organization>Nortal</organization>
<organizationUrl>https://www.nortal.com</organizationUrl>
</developer>
<developer>
<name>Risto Seene</name>
<email>Risto.Seene at Nortal.com</email>
<organization>Nortal</organization>
<organizationUrl>https://www.nortal.com</organizationUrl>
</developer>
</developers>

<properties>
@@ -1,6 +1,6 @@
#!/bin/bash

version="4.0.0-SNAPSHOT"
version="4.0.0-RC.1"
staging_url="https://oss.sonatype.org/service/local/staging/deploy/maven2/"
repositoryId="ossrh"

0 comments on commit 563cff3

Please sign in to comment.
You can’t perform that action at this time.