Release 2.1.0

 * Corrected validation of ASiC-E with implicit signature policy and TimeStamp
 * Corrected error messages for integration tests
 * Corrected support for trusted lists eIDAS parameters (TLWellSigned etc)
 * Ensured that signature will not contain empty SignerRole tag

Signed-off-by: Indrek Jentson <[email protected]>

RELEASE-NOTES.txt

@@ -1,5 +1,14 @@
 DigiDoc4J Java library release notes
 ------------------------------------
+Release 2.1.0
+------------------
+Summary of the major changes since 2.0.1.RC.1
+------------------------------------------
+* Corrected validation of ASiC-E with implicit signature policy and TimeStamp
+* Corrected error messages for integration tests
+* Corrected support for trusted lists eIDAS parameters (TLWellSigned etc)
+* Ensured that signature will not contain empty SignerRole tag
+
 Release 2.1.0.RC.1
 ------------------
 Summary of the major changes since 2.0.1

pom.xml

@@ -6,7 +6,7 @@
     <groupId>org.digidoc4j</groupId>
     <artifactId>digidoc4j</artifactId>
     <packaging>jar</packaging>
-    <version>2.1.0-RC.1</version>
+    <version>2.1.0</version>
     <name>DigiDoc4j</name>
     <description>DigiDoc4j is a Java library for digitally signing documents and creating digital signature containers
         of signed documents
@@ -698,7 +698,7 @@
                             <overWriteIfNewer>true</overWriteIfNewer>
                             <excludeTransitive>true</excludeTransitive>
                             <excludeArtifactIds>
-                                contiperf, log4j-over-slf4j
+                                contiperf
                             </excludeArtifactIds>
                         </configuration>
                     </execution>

src/main/java/org/digidoc4j/Configuration.java

@@ -1000,7 +1000,6 @@ public String getSslTruststorePassword() {
     return this.getConfigurationParameter(ConfigurationParameter.SslTruststorePassword);
   }
 
-
   /**
    * Set flag if full report needed.
    *
@@ -1019,6 +1018,25 @@ public boolean isFullReportNeeded() {
     return Boolean.parseBoolean(this.getConfigurationParameter(ConfigurationParameter.IsFullSimpleReportNeeded));
   }
 
+  /**
+   * Set flag if ASN1 Unsafe Integer is Allowed.
+   *
+   * @param isAllowed - True when ASN1 Unsafe Integer is Allowed.
+   */
+  public void setAllowASN1UnsafeInteger(boolean isAllowed) {
+    this.setConfigurationParameter(ConfigurationParameter.AllowASN1UnsafeInteger, String.valueOf(isAllowed));
+    this.postLoad();
+  }
+
+  /**
+   * Get flag if ASN1 Unsafe Integer is Allowed.
+   *
+   * @return isASN1UnsafeIntegerAllowed boolean value.
+   */
+  public boolean isASN1UnsafeIntegerAllowed() {
+    return Boolean.parseBoolean(this.getConfigurationParameter(ConfigurationParameter.AllowASN1UnsafeInteger));
+  }
+
   /**
    * Set thread executor service.
    *

src/main/java/org/digidoc4j/exceptions/InvalidTimestampException.java

@@ -12,7 +12,7 @@
 
 public class InvalidTimestampException extends DigiDoc4JException {
 
-  public static final String MESSAGE = "Invalid timestamp";
+  public static final String MESSAGE = "Signature has an invalid timestamp";
 
   public InvalidTimestampException() {
     super(MESSAGE);

src/main/java/org/digidoc4j/impl/asic/SKCommonCertificateVerifier.java

@@ -34,116 +34,110 @@
  * Delegate class for SD-DSS CommonCertificateVerifier. Needed for making serialization possible
  */
 public class SKCommonCertificateVerifier implements Serializable, CertificateVerifier {
-  private static final Logger logger = LoggerFactory.getLogger(SKCommonCertificateVerifier.class);
+
+  private final Logger log = LoggerFactory.getLogger(SKCommonCertificateVerifier.class);
   private transient CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
   private transient CertificateSource trustedCertSource;
 
-  private void readObject(ObjectInputStream stream) throws IOException, ClassNotFoundException {
-    stream.defaultReadObject();
-    commonCertificateVerifier = new CommonCertificateVerifier();
-  }
-
   @Override
   public CertificateSource getTrustedCertSource() {
-    if (trustedCertSource instanceof ClonedTslCertificateSource){
-      if (((ClonedTslCertificateSource)trustedCertSource).getTrustedListsCertificateSource() != null){
-        logger.debug("get TrustedListCertificateSource from ClonedTslCertificateSource");
-        return ((ClonedTslCertificateSource)trustedCertSource).getTrustedListsCertificateSource();
+    if (this.trustedCertSource instanceof ClonedTslCertificateSource) {
+      if (((ClonedTslCertificateSource) this.trustedCertSource).getTrustedListsCertificateSource() != null) {
+        this.log.debug("get TrustedListCertificateSource from ClonedTslCertificateSource");
+        return ((ClonedTslCertificateSource) this.trustedCertSource).getTrustedListsCertificateSource();
       }
     }
-    return commonCertificateVerifier.getTrustedCertSource();
+    return this.commonCertificateVerifier.getTrustedCertSource();
+  }
+
+  @Override
+  public void setTrustedCertSource(final CertificateSource trustedCertSource) {
+    ClonedTslCertificateSource clonedTslCertificateSource = new ClonedTslCertificateSource(trustedCertSource);
+    this.trustedCertSource = clonedTslCertificateSource;
+    if (trustedCertSource instanceof LazyTslCertificateSource) {
+      this.log.debug("get TrustedCertSource from LazyTslCertificateSource");
+      this.commonCertificateVerifier.setTrustedCertSource(
+          ((LazyTslCertificateSource) trustedCertSource).getTslLoader().getTslCertificateSource());
+    } else {
+      this.commonCertificateVerifier.setTrustedCertSource(clonedTslCertificateSource);
+    }
   }
 
   @Override
   public OCSPSource getOcspSource() {
-    logger.debug("");
-    return commonCertificateVerifier.getOcspSource();
+    return this.commonCertificateVerifier.getOcspSource();
   }
 
   @Override
   public CRLSource getCrlSource() {
-    logger.debug("");
-    return commonCertificateVerifier.getCrlSource();
+    return this.commonCertificateVerifier.getCrlSource();
   }
 
   @Override
   public void setCrlSource(final CRLSource crlSource) {
-    logger.debug("");
     commonCertificateVerifier.setCrlSource(crlSource);
   }
 
   @Override
   public void setOcspSource(final OCSPSource ocspSource) {
-    logger.debug("");
-    commonCertificateVerifier.setOcspSource(ocspSource);
-  }
-
-  @Override
-  public void setTrustedCertSource(final CertificateSource trustedCertSource) {
-    ClonedTslCertificateSource clonedTslCertificateSource = new ClonedTslCertificateSource(trustedCertSource);
-    this.trustedCertSource = clonedTslCertificateSource;
-    if (trustedCertSource instanceof LazyTslCertificateSource){
-      logger.debug("get TrustedCertSource from LazyTslCertificateSource");
-      commonCertificateVerifier.setTrustedCertSource(((LazyTslCertificateSource)trustedCertSource).getTslLoader().getTslCertificateSource());
-    } else{
-      commonCertificateVerifier.setTrustedCertSource(clonedTslCertificateSource);
-    }
+    this.commonCertificateVerifier.setOcspSource(ocspSource);
   }
 
   @Override
   public CertificateSource getAdjunctCertSource() {
-    logger.debug("");
-    return commonCertificateVerifier.getAdjunctCertSource();
+    return this.commonCertificateVerifier.getAdjunctCertSource();
   }
 
   @Override
   public void setAdjunctCertSource(final CertificateSource adjunctCertSource) {
-    logger.debug("");
-    commonCertificateVerifier.setAdjunctCertSource(adjunctCertSource);
+    this.commonCertificateVerifier.setAdjunctCertSource(adjunctCertSource);
   }
 
   @Override
   public DataLoader getDataLoader() {
-    logger.debug("");
-    return commonCertificateVerifier.getDataLoader();
+    return this.commonCertificateVerifier.getDataLoader();
   }
 
   @Override
   public void setDataLoader(final DataLoader dataLoader) {
-    logger.debug("");
-    commonCertificateVerifier.setDataLoader(dataLoader);
+    this.commonCertificateVerifier.setDataLoader(dataLoader);
   }
 
   @Override
   public ListCRLSource getSignatureCRLSource() {
-    logger.debug("");
-    return commonCertificateVerifier.getSignatureCRLSource();
+    return this.commonCertificateVerifier.getSignatureCRLSource();
   }
 
   @Override
   public void setSignatureCRLSource(final ListCRLSource signatureCRLSource) {
-    logger.debug("");
-    commonCertificateVerifier.setSignatureCRLSource(signatureCRLSource);
+    this.commonCertificateVerifier.setSignatureCRLSource(signatureCRLSource);
   }
 
   @Override
   public ListOCSPSource getSignatureOCSPSource() {
-    logger.debug("");
-    return commonCertificateVerifier.getSignatureOCSPSource();
+    return this.commonCertificateVerifier.getSignatureOCSPSource();
   }
 
   @Override
   public void setSignatureOCSPSource(final ListOCSPSource signatureOCSPSource) {
-    logger.debug("");
-    commonCertificateVerifier.setSignatureOCSPSource(signatureOCSPSource);
+    this.commonCertificateVerifier.setSignatureOCSPSource(signatureOCSPSource);
   }
 
   @Override
   public CertificatePool createValidationPool() {
-    logger.debug("");
-    if (trustedCertSource == null) {
-      return commonCertificateVerifier.createValidationPool();
+    if (this.trustedCertSource == null) {
+      return this.commonCertificateVerifier.createValidationPool();
     }
-    return new LazyCertificatePool(trustedCertSource);
+    return new LazyCertificatePool(this.trustedCertSource);
+  }
+
+  /*
+   * RESTRICTED METHODS
+   */
+
+  private void readObject(ObjectInputStream stream) throws IOException, ClassNotFoundException {
+    stream.defaultReadObject();
+    this.commonCertificateVerifier = new CommonCertificateVerifier();
   }
+
 }

src/main/java/org/digidoc4j/impl/asic/manifest/ManifestValidator.java

@@ -80,26 +80,26 @@ public static List<ManifestErrorMessage> validateEntries(Map<String, ManifestEnt
         String fileName = manifestEntry.getFileName();
         ManifestEntry signatureEntry = signatureEntryForFile(fileName, signatureEntries);
         if (signatureEntry != null) {
-          errorMessages.add(new ManifestErrorMessage("Manifest file has an entry for file "
-              + fileName + " with mimetype " +
-              manifestEntry.getMimeType() + " but the signature file for signature " + signatureId +
-              " indicates the mimetype is " + signatureEntry.getMimeType(), signatureId));
+          errorMessages.add(new ManifestErrorMessage("Manifest file has an entry for file <"
+              + fileName + "> with mimetype <"
+              + manifestEntry.getMimeType() + "> but the signature file for signature " + signatureId
+              + " indicates the mimetype is <" + signatureEntry.getMimeType() + ">", signatureId));
           two.remove(signatureEntry);
         } else {
-          errorMessages.add(new ManifestErrorMessage("Manifest file has an entry for file "
-              + fileName + " with mimetype "
-              + manifestEntry.getMimeType() + " but the signature file for signature " + signatureId +
-              " does not have an entry for this file", signatureId));
+          errorMessages.add(new ManifestErrorMessage("Manifest file has an entry for file <"
+              + fileName + "> with mimetype <"
+              + manifestEntry.getMimeType() + "> but the signature file for signature " + signatureId
+              + " does not have an entry for this file", signatureId));
         }
       }
     }
 
     if (two.size() > 0 && twoPrim.size() > 0) {
       for (ManifestEntry manifestEntry : two) {
         errorMessages.add(new ManifestErrorMessage("The signature file for signature "
-            + signatureId + " has an entry for file "
-            + manifestEntry.getFileName() + " with mimetype " + manifestEntry.getMimeType()
-            + " but the manifest file does not have an entry for this file", signatureId));
+            + signatureId + " has an entry for file <"
+            + manifestEntry.getFileName() + "> with mimetype <" + manifestEntry.getMimeType()
+            + "> but the manifest file does not have an entry for this file", signatureId));
       }
     }
 
@@ -155,8 +155,8 @@ private List<ManifestErrorMessage> validateFilesInContainer(Set<ManifestEntry> s
     for (String fileInContainer : filesInContainer) {
       String alterName = fileInContainer.replaceAll("\\ ", "+");
       if (!signatureEntriesFileNames.contains(fileInContainer) && !signatureEntriesFileNames.contains(alterName)) {
-        errorMessages.add(new ManifestErrorMessage(String.format("Container contains a file named <%s> which is not " +
-            "found in the signature file", fileInContainer)));
+        errorMessages.add(new ManifestErrorMessage(String.format("Container contains a file named <%s> which is not "
+            + "found in the signature file", fileInContainer)));
       }
     }
     return errorMessages;
@@ -191,9 +191,9 @@ private Set<ManifestEntry> getSignatureEntries(Signature signature) {
         if (node != null) {
           String referenceId = node.getAttributes().getNamedItem("Id").getNodeValue();
           mimeTypeString = DomUtils.getValue(signatureNode,
-              "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/" +
-                  "xades:SignedDataObjectProperties/xades:DataObjectFormat" +
-                  "[@ObjectReference=\"#" + referenceId + "\"]/xades:MimeType");
+              "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/"
+                  + "xades:SignedDataObjectProperties/xades:DataObjectFormat"
+                  + "[@ObjectReference=\"#" + referenceId + "\"]/xades:MimeType");
         }
 
         // TODO: mimeTypeString == null ? node == null?

src/main/java/org/digidoc4j/impl/asic/xades/XadesSigningDssFacade.java

@@ -168,9 +168,10 @@ public void setSignerLocation(SignerLocation signerLocation) {
   }
 
   public void setSignerRoles(Collection<String> signerRoles) {
-    BLevelParameters bLevelParameters = xAdESSignatureParameters.bLevel();
-    bLevelParameters.setClaimedSignerRoles(new ArrayList<String>(signerRoles));
-
+    if (signerRoles != null && !signerRoles.isEmpty()) {
+      BLevelParameters bLevelParameters = xAdESSignatureParameters.bLevel();
+      bLevelParameters.setClaimedSignerRoles(new ArrayList<String>(signerRoles));
+    }
   }
 
   public void setSignaturePolicy(Policy signaturePolicy) {