Permalink
Browse files

Release 2.1.0

 * Corrected validation of ASiC-E with implicit signature policy and TimeStamp
 * Corrected error messages for integration tests
 * Corrected support for trusted lists eIDAS parameters (TLWellSigned etc)
 * Ensured that signature will not contain empty SignerRole tag

Signed-off-by: Indrek Jentson <indrek.jentson@cgi.com>
  • Loading branch information...
Indrek Jentson
Indrek Jentson committed Apr 4, 2018
1 parent f742834 commit a7c2a81459453afe15981f0bc6a2e77388bcf129
Showing with 2,047 additions and 267 deletions.
  1. +9 −0 RELEASE-NOTES.txt
  2. 0 git
  3. +2 −2 pom.xml
  4. +19 −1 src/main/java/org/digidoc4j/Configuration.java
  5. +1 −1 src/main/java/org/digidoc4j/exceptions/InvalidTimestampException.java
  6. +44 −50 src/main/java/org/digidoc4j/impl/asic/SKCommonCertificateVerifier.java
  7. +16 −16 src/main/java/org/digidoc4j/impl/asic/manifest/ManifestValidator.java
  8. +4 −3 src/main/java/org/digidoc4j/impl/asic/xades/XadesSigningDssFacade.java
  9. +41 −36 src/main/java/org/digidoc4j/impl/asic/xades/XadesValidationReportGenerator.java
  10. +9 −47 src/main/java/org/digidoc4j/impl/asic/xades/validation/TimemarkSignatureValidator.java
  11. +44 −5 src/main/java/org/digidoc4j/impl/asic/xades/validation/TimestampSignatureValidator.java
  12. +9 −1 src/main/java/org/digidoc4j/impl/asic/xades/validation/XadesSignatureValidator.java
  13. +50 −8 src/test/java/org/digidoc4j/ContainerTest.java
  14. +1 −1 src/test/java/org/digidoc4j/SignatureTest.java
  15. +16 −3 src/test/java/org/digidoc4j/impl/bdoc/BDocContainerTest.java
  16. +275 −76 src/test/java/org/digidoc4j/impl/bdoc/ValidationTests.java
  17. +14 −12 src/test/java/org/digidoc4j/impl/bdoc/manifest/ManifestValidatorTest.java
  18. +7 −3 src/test/java/org/digidoc4j/impl/bdoc/report/ValidationReportTest.java
  19. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/23608-bdoc21-no-ocsp.bdoc
  20. BIN ...ces/{testFiles → prodFiles}/invalid-containers/23608_bdoc21-invalid-nonce-policy-and-implied.bdoc
  21. BIN ...t/resources/{testFiles → prodFiles}/invalid-containers/23608_bdoc21-invalid-nonce-policy-oid.bdoc
  22. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/REF-03_bdoc21-TM-no-signedpropref.bdoc
  23. BIN ...test/resources/{testFiles → prodFiles}/invalid-containers/REF-03_bdoc21-TS-no-signedpropref.asice
  24. BIN .../resources/{testFiles → prodFiles}/invalid-containers/SP-03_bdoc21-bad-nonce-policy-oidasuri.bdoc
  25. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/asic-with-crl-and-without-ocsp.asice
  26. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/bdoc21-bad-nonce-content.bdoc
  27. BIN src/test/resources/prodFiles/invalid-containers/bdoc21-ts-ok.bdoc
  28. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/extra_file_in_container.asice
  29. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/filename_mismatch_manifest.asice
  30. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/filename_mismatch_signature.asice
  31. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/mimetype_mismatch.asice
  32. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/missing_manifest.asice
  33. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/nonce-vale-sisu.bdoc
  34. BIN src/test/resources/{testFiles → prodFiles}/invalid-containers/revocation_timestamp_delta_26h.asice
  35. BIN .../resources/{testFiles → prodFiles}/invalid-containers/signed_properties_reference_not_found.asice
  36. BIN src/test/resources/prodFiles/keystore/keystore_old_signer.jks
  37. BIN src/test/resources/prodFiles/valid-containers/IB-4183_3.4kaart_RSA2047.bdoc
  38. BIN src/test/resources/prodFiles/valid-containers/IB-4183_3.4kaart_RSA2047_TS.asice
  39. +2 −2 ...rces/testFiles/constraints/{eIDAS_test_constraint.xml → eIDAS_test_constraint_all_fail_level.xml}
  40. +371 −0 src/test/resources/testFiles/constraints/eIDAS_test_constraint_all_inform_level.xml
  41. +371 −0 src/test/resources/testFiles/constraints/eIDAS_test_constraint_all_warn_level.xml
  42. +371 −0 src/test/resources/testFiles/constraints/eIDAS_test_constraint_version_fail.xml
  43. +371 −0 src/test/resources/testFiles/constraints/eIDAS_test_constraint_well_signed_fail.xml
  44. BIN src/test/resources/testFiles/invalid-containers/23200_weakdigest-unknown-ca.asice
  45. BIN src/test/resources/testFiles/invalid-containers/KS-18_lisatudfail.4.asice
  46. BIN src/test/resources/testFiles/invalid-containers/KS-18_lisatudfilemanifest.4.asice
  47. BIN src/test/resources/testFiles/invalid-containers/SS-4_teadmataCA.4.asice
  48. BIN src/test/resources/testFiles/valid-containers/validTSwImplicitPolicy.asice
@@ -1,5 +1,14 @@
DigiDoc4J Java library release notes
------------------------------------
Release 2.1.0
------------------
Summary of the major changes since 2.0.1.RC.1
------------------------------------------
* Corrected validation of ASiC-E with implicit signature policy and TimeStamp
* Corrected error messages for integration tests
* Corrected support for trusted lists eIDAS parameters (TLWellSigned etc)
* Ensured that signature will not contain empty SignerRole tag
Release 2.1.0.RC.1
------------------
Summary of the major changes since 2.0.1
0 git
No changes.
@@ -6,7 +6,7 @@
<groupId>org.digidoc4j</groupId>
<artifactId>digidoc4j</artifactId>
<packaging>jar</packaging>
<version>2.1.0-RC.1</version>
<version>2.1.0</version>
<name>DigiDoc4j</name>
<description>DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers
of signed documents
@@ -698,7 +698,7 @@
<overWriteIfNewer>true</overWriteIfNewer>
<excludeTransitive>true</excludeTransitive>
<excludeArtifactIds>
contiperf, log4j-over-slf4j
contiperf
</excludeArtifactIds>
</configuration>
</execution>
@@ -1000,7 +1000,6 @@ public String getSslTruststorePassword() {
return this.getConfigurationParameter(ConfigurationParameter.SslTruststorePassword);
}
/**
* Set flag if full report needed.
*
@@ -1019,6 +1018,25 @@ public boolean isFullReportNeeded() {
return Boolean.parseBoolean(this.getConfigurationParameter(ConfigurationParameter.IsFullSimpleReportNeeded));
}
/**
* Set flag if ASN1 Unsafe Integer is Allowed.
*
* @param isAllowed - True when ASN1 Unsafe Integer is Allowed.
*/
public void setAllowASN1UnsafeInteger(boolean isAllowed) {
this.setConfigurationParameter(ConfigurationParameter.AllowASN1UnsafeInteger, String.valueOf(isAllowed));
this.postLoad();
}
/**
* Get flag if ASN1 Unsafe Integer is Allowed.
*
* @return isASN1UnsafeIntegerAllowed boolean value.
*/
public boolean isASN1UnsafeIntegerAllowed() {
return Boolean.parseBoolean(this.getConfigurationParameter(ConfigurationParameter.AllowASN1UnsafeInteger));
}
/**
* Set thread executor service.
*
@@ -12,7 +12,7 @@
public class InvalidTimestampException extends DigiDoc4JException {
public static final String MESSAGE = "Invalid timestamp";
public static final String MESSAGE = "Signature has an invalid timestamp";
public InvalidTimestampException() {
super(MESSAGE);
@@ -34,116 +34,110 @@
* Delegate class for SD-DSS CommonCertificateVerifier. Needed for making serialization possible
*/
public class SKCommonCertificateVerifier implements Serializable, CertificateVerifier {
private static final Logger logger = LoggerFactory.getLogger(SKCommonCertificateVerifier.class);
private final Logger log = LoggerFactory.getLogger(SKCommonCertificateVerifier.class);
private transient CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
private transient CertificateSource trustedCertSource;
private void readObject(ObjectInputStream stream) throws IOException, ClassNotFoundException {
stream.defaultReadObject();
commonCertificateVerifier = new CommonCertificateVerifier();
}
@Override
public CertificateSource getTrustedCertSource() {
if (trustedCertSource instanceof ClonedTslCertificateSource){
if (((ClonedTslCertificateSource)trustedCertSource).getTrustedListsCertificateSource() != null){
logger.debug("get TrustedListCertificateSource from ClonedTslCertificateSource");
return ((ClonedTslCertificateSource)trustedCertSource).getTrustedListsCertificateSource();
if (this.trustedCertSource instanceof ClonedTslCertificateSource) {
if (((ClonedTslCertificateSource) this.trustedCertSource).getTrustedListsCertificateSource() != null) {
this.log.debug("get TrustedListCertificateSource from ClonedTslCertificateSource");
return ((ClonedTslCertificateSource) this.trustedCertSource).getTrustedListsCertificateSource();
}
}
return commonCertificateVerifier.getTrustedCertSource();
return this.commonCertificateVerifier.getTrustedCertSource();
}
@Override
public void setTrustedCertSource(final CertificateSource trustedCertSource) {
ClonedTslCertificateSource clonedTslCertificateSource = new ClonedTslCertificateSource(trustedCertSource);
this.trustedCertSource = clonedTslCertificateSource;
if (trustedCertSource instanceof LazyTslCertificateSource) {
this.log.debug("get TrustedCertSource from LazyTslCertificateSource");
this.commonCertificateVerifier.setTrustedCertSource(
((LazyTslCertificateSource) trustedCertSource).getTslLoader().getTslCertificateSource());
} else {
this.commonCertificateVerifier.setTrustedCertSource(clonedTslCertificateSource);
}
}
@Override
public OCSPSource getOcspSource() {
logger.debug("");
return commonCertificateVerifier.getOcspSource();
return this.commonCertificateVerifier.getOcspSource();
}
@Override
public CRLSource getCrlSource() {
logger.debug("");
return commonCertificateVerifier.getCrlSource();
return this.commonCertificateVerifier.getCrlSource();
}
@Override
public void setCrlSource(final CRLSource crlSource) {
logger.debug("");
commonCertificateVerifier.setCrlSource(crlSource);
}
@Override
public void setOcspSource(final OCSPSource ocspSource) {
logger.debug("");
commonCertificateVerifier.setOcspSource(ocspSource);
}
@Override
public void setTrustedCertSource(final CertificateSource trustedCertSource) {
ClonedTslCertificateSource clonedTslCertificateSource = new ClonedTslCertificateSource(trustedCertSource);
this.trustedCertSource = clonedTslCertificateSource;
if (trustedCertSource instanceof LazyTslCertificateSource){
logger.debug("get TrustedCertSource from LazyTslCertificateSource");
commonCertificateVerifier.setTrustedCertSource(((LazyTslCertificateSource)trustedCertSource).getTslLoader().getTslCertificateSource());
} else{
commonCertificateVerifier.setTrustedCertSource(clonedTslCertificateSource);
}
this.commonCertificateVerifier.setOcspSource(ocspSource);
}
@Override
public CertificateSource getAdjunctCertSource() {
logger.debug("");
return commonCertificateVerifier.getAdjunctCertSource();
return this.commonCertificateVerifier.getAdjunctCertSource();
}
@Override
public void setAdjunctCertSource(final CertificateSource adjunctCertSource) {
logger.debug("");
commonCertificateVerifier.setAdjunctCertSource(adjunctCertSource);
this.commonCertificateVerifier.setAdjunctCertSource(adjunctCertSource);
}
@Override
public DataLoader getDataLoader() {
logger.debug("");
return commonCertificateVerifier.getDataLoader();
return this.commonCertificateVerifier.getDataLoader();
}
@Override
public void setDataLoader(final DataLoader dataLoader) {
logger.debug("");
commonCertificateVerifier.setDataLoader(dataLoader);
this.commonCertificateVerifier.setDataLoader(dataLoader);
}
@Override
public ListCRLSource getSignatureCRLSource() {
logger.debug("");
return commonCertificateVerifier.getSignatureCRLSource();
return this.commonCertificateVerifier.getSignatureCRLSource();
}
@Override
public void setSignatureCRLSource(final ListCRLSource signatureCRLSource) {
logger.debug("");
commonCertificateVerifier.setSignatureCRLSource(signatureCRLSource);
this.commonCertificateVerifier.setSignatureCRLSource(signatureCRLSource);
}
@Override
public ListOCSPSource getSignatureOCSPSource() {
logger.debug("");
return commonCertificateVerifier.getSignatureOCSPSource();
return this.commonCertificateVerifier.getSignatureOCSPSource();
}
@Override
public void setSignatureOCSPSource(final ListOCSPSource signatureOCSPSource) {
logger.debug("");
commonCertificateVerifier.setSignatureOCSPSource(signatureOCSPSource);
this.commonCertificateVerifier.setSignatureOCSPSource(signatureOCSPSource);
}
@Override
public CertificatePool createValidationPool() {
logger.debug("");
if (trustedCertSource == null) {
return commonCertificateVerifier.createValidationPool();
if (this.trustedCertSource == null) {
return this.commonCertificateVerifier.createValidationPool();
}
return new LazyCertificatePool(trustedCertSource);
return new LazyCertificatePool(this.trustedCertSource);
}
/*
* RESTRICTED METHODS
*/
private void readObject(ObjectInputStream stream) throws IOException, ClassNotFoundException {
stream.defaultReadObject();
this.commonCertificateVerifier = new CommonCertificateVerifier();
}
}
@@ -80,26 +80,26 @@ public ManifestValidator(ManifestParser manifestParser, List<DSSDocument> detach
String fileName = manifestEntry.getFileName();
ManifestEntry signatureEntry = signatureEntryForFile(fileName, signatureEntries);
if (signatureEntry != null) {
errorMessages.add(new ManifestErrorMessage("Manifest file has an entry for file "
+ fileName + " with mimetype " +
manifestEntry.getMimeType() + " but the signature file for signature " + signatureId +
" indicates the mimetype is " + signatureEntry.getMimeType(), signatureId));
errorMessages.add(new ManifestErrorMessage("Manifest file has an entry for file <"
+ fileName + "> with mimetype <"
+ manifestEntry.getMimeType() + "> but the signature file for signature " + signatureId
+ " indicates the mimetype is <" + signatureEntry.getMimeType() + ">", signatureId));
two.remove(signatureEntry);
} else {
errorMessages.add(new ManifestErrorMessage("Manifest file has an entry for file "
+ fileName + " with mimetype "
+ manifestEntry.getMimeType() + " but the signature file for signature " + signatureId +
" does not have an entry for this file", signatureId));
errorMessages.add(new ManifestErrorMessage("Manifest file has an entry for file <"
+ fileName + "> with mimetype <"
+ manifestEntry.getMimeType() + "> but the signature file for signature " + signatureId
+ " does not have an entry for this file", signatureId));
}
}
}
if (two.size() > 0 && twoPrim.size() > 0) {
for (ManifestEntry manifestEntry : two) {
errorMessages.add(new ManifestErrorMessage("The signature file for signature "
+ signatureId + " has an entry for file "
+ manifestEntry.getFileName() + " with mimetype " + manifestEntry.getMimeType()
+ " but the manifest file does not have an entry for this file", signatureId));
+ signatureId + " has an entry for file <"
+ manifestEntry.getFileName() + "> with mimetype <" + manifestEntry.getMimeType()
+ "> but the manifest file does not have an entry for this file", signatureId));
}
}
@@ -155,8 +155,8 @@ private static ManifestEntry signatureEntryForFile(String fileName, Set<Manifest
for (String fileInContainer : filesInContainer) {
String alterName = fileInContainer.replaceAll("\\ ", "+");
if (!signatureEntriesFileNames.contains(fileInContainer) && !signatureEntriesFileNames.contains(alterName)) {
errorMessages.add(new ManifestErrorMessage(String.format("Container contains a file named <%s> which is not " +
"found in the signature file", fileInContainer)));
errorMessages.add(new ManifestErrorMessage(String.format("Container contains a file named <%s> which is not "
+ "found in the signature file", fileInContainer)));
}
}
return errorMessages;
@@ -191,9 +191,9 @@ private static ManifestEntry signatureEntryForFile(String fileName, Set<Manifest
if (node != null) {
String referenceId = node.getAttributes().getNamedItem("Id").getNodeValue();
mimeTypeString = DomUtils.getValue(signatureNode,
"./ds:Object/xades:QualifyingProperties/xades:SignedProperties/" +
"xades:SignedDataObjectProperties/xades:DataObjectFormat" +
"[@ObjectReference=\"#" + referenceId + "\"]/xades:MimeType");
"./ds:Object/xades:QualifyingProperties/xades:SignedProperties/"
+ "xades:SignedDataObjectProperties/xades:DataObjectFormat"
+ "[@ObjectReference=\"#" + referenceId + "\"]/xades:MimeType");
}
// TODO: mimeTypeString == null ? node == null?
@@ -168,9 +168,10 @@ public void setSignerLocation(SignerLocation signerLocation) {
}
public void setSignerRoles(Collection<String> signerRoles) {
BLevelParameters bLevelParameters = xAdESSignatureParameters.bLevel();
bLevelParameters.setClaimedSignerRoles(new ArrayList<String>(signerRoles));
if (signerRoles != null && !signerRoles.isEmpty()) {
BLevelParameters bLevelParameters = xAdESSignatureParameters.bLevel();
bLevelParameters.setClaimedSignerRoles(new ArrayList<String>(signerRoles));
}
}
public void setSignaturePolicy(Policy signaturePolicy) {
Oops, something went wrong.

0 comments on commit a7c2a81

Please sign in to comment.