Releases: arhs/sd-dss
SD-DSS 4.3.0
This version includes :
Task
[DSS-272] - CRL: more than one urls can be used
[DSS-274] - Lower log level in library modules
[DSS-275] - Dependency optimization
[DSS-276] - Handling of NextUpdate for TSL & CRL (cache system)
[DSS-277] - Signature creation: inclusion/exclusion of the trust anchor
[DSS-278] - XAdES: Schema validation
Bug
[DSS-381] - Signing a PDF document with SD-DSS changes the ID string
[DSS-447] - XAdES: Certificate's ds:X509SerialNumber can contain whitespace
[DSS-449] - PastCertificateValidation: Signing certificate can be the trust anchor
[DSS-454] - XAdES: SignedProperties: Canonicalization Method
[DSS-456] - TSL: Handling of lower exceptions (Throwable)
[DSS-458] - SignatureParameters: missing parameter in copy constructor
[DSS-460] - NullPointerException for unreachable TSLs
[DSS-462] - ASiC: NOT_ETSI warning to be added in the case of non-conformant container
[DSS-463] - SimpleDateFormat is not thread safe
[DSS-465] - XAdES extension -LT to -LTA
[DSS-467] - CAdES_BASELINE_LT: determining the level
Improvement
[DSS-439] - Serializable interface implemented in some classes
[DSS-448] - ASiC-S: limit files in the case of non-conformant container
[DSS-451] - XAdESSignature#getArchiveTimestampData: ETSI TS 101 903 V1.3.2 (2006-03)
New Feature
[DSS-445] - XAdES: creation: use of schema v1.1.1 (beginning)
[DSS-466] - TSPNonceSource added
The updated Demo Applet is in the public access, at the URL below:
http://dgmarkt-dss.arhs-developments.com/dss-demo-webapp/home (WARNING: first installation of the Applet will take long time)
4.3.0-RC
This version includes:
Task
[DSS-272] - CRL: more than one urls can be used
[DSS-274] - Lower log level in library modules
[DSS-275] - Dependency optimization
[DSS-276] - Handling of NextUpdate for TSL & CRL (cache system)
[DSS-277] - Signature creation: inclusion/exclusion of the trust anchor
[DSS-278] - XAdES: Schema validation
New Feature
[DSS-373] - Add the full chain related to the signing certificate...
[DSS-386] - Validation policy: KeyUsage rule
[DSS-388] - KeyUsage constraint added
[DSS-437] - RemoteSignatureToken added
Bug
[DSS-347] - Streams: to be checked that they are all closed
[DSS-378] - XAdES 3 times signature: Invalid signature
[DSS-408] - CMS: decoding AtsHashIndex DigestAlgorithm
[DSS-409] - OfflineCRLSource the validity of the certificate and the thisUpdate of the CRL must be checked
[DSS-411] - Retrieving OCSP response using PROXY fails
[DSS-412] - AdESTValidation: Addition sub-indications must be taken into account
[DSS-413] - OCSPToken: no OCSP response signing certificate within
[DSS-415] - XAdES-LTA: canonicalization of the TimeStampValidationData
[DSS-418] - CRLSource: check of critical extensions
[DSS-424] - ADMIN: Edited proxy settings not taken into account
[DSS-436] - CommonsDataLoader: SSLSocketFactory deprecated
[DSS-443] - Applet Demo: TSL signing
Improvement
[DSS-310] - Update of the deprecated code
[DSS-326] - Add Cookbook class to the cookbook
[DSS-416] - Corrupted SigningCertificateV2 attribute throws exception
[DSS-417] - ASiCS: mimetype file must be excluded from detached documents
[DSS-420] - XAdES signature creation: XPath support
[DSS-421] - ASiC: exclusion of folders from detached document list
[DSS-426] - Taking into account of BasicOcspResp from id_ri_ocsp_response
[DSS-429] - XAdES: canonicalization algorithm to be used when dealing with SignedInfo
[DSS-430] - XAdES: References and Canonicalisation
[DSS-438] - SSL: DefaultTrustManager added to accept any server certificate
[DSS-441] - PDFBox upgrade: 1.8.3--> 1.8.7
[DSS-442] - Simple signature format renamed to NOT_ETSI
The updated Demo Applet is in the public access, at the URL below:
http://dgmarkt-dss.arhs-developments.com/dss-demo-webapp/home (WARNING: first installation of the Applet will take long time)
4.2.0
This version includes:
Bug
[DSS-291] - PAdES signature creation issue...
[DSS-330] - JOINUP: Commitment Type Implementation for PAdES EPES signature looks wrong
[DSS-340] - PAdES B-Level Signature must not contain signingTime as a signed attribute
[DSS-344] - CAdES DSSException: Error when dealing with CommitmentTypeIndication!
[DSS-346] - JOINUP: Java Applet IE11 Java 7
[DSS-376] - Xml Encoding changes before and after the signature process
[DSS-379] - XAdES-BASELINE-LTA Signature RevocationValues sequence
[DSS-380] - XAdES-BASELINE-LTA Signature IDs not unique
[DSS-382] - ASiC-E: signing with multiple files and LT level
[DSS-384] - COOKBOOK: 8 ASIC SIGNATURE AND VALIDATION
[DSS-390] - id-pkix-ocsp-nocheck null value check error
[DSS-391] - Missing revocation data
[DSS-396] - DSSReference: error in copy constructor
[DSS-399] - Closing DSSDocument streams
[DSS-405] - CommonCRLSource#isValidCRL concurrent access
[DSS-406] - OfflineResolver: taking into account files defined as: "./toto.txt"
[DSS-212] - Make signing parameters more dynamic
[DSS-218] - Support of the content-timestamps
Improvement
[DSS-294] - eu.europa.ec.markt.dss.signature.pades.PAdESServiceV2
[DSS-313] - ALL_DATA_OBJECTS_TIMESTAMP issue
[DSS-398] - Migration of MimeType from enum to class
[DSS-400] - Detection of detached signatures improved
[DSS-401] - Provide Static Validation Policy (perf improvement)
[DSS-402] - Validation constraint simplification
[DSS-403] - ASiC: taking into account all files as detached
[DSS-404] - New signature levels added: CMS, PDF
4.2.0-RC
This version includes:
TASKS
-- Make signing parameters more dynamic
-- Support of the content-timestamps
-- Support of the counter-signatures
-- ASiC-E support
-- Validation: ordering of time stamps
-- From ASIC Plugtest: mimetype file: to be define within the signing parameters
-- XAdES: Add the location of the enveloped signature (XPath)
IMPROVEMENT
-- SignedDocumentValidator#validateDocument() now returns Reports
-- POM: some libraries version upgrade
-- Add Cookbook class to the cookbook
-- Migration from SVN to Git/GitHub
-- Certificate qualification: 1.3.6.1.5.5.7.1.3 - id-pe-qcStatements
-- CB: 1.51 migration
BUG
-- PAdES validation - Exception thrown in applet
-- MockTSPSource timestamps are NDETERMINATE.NO_SIGNER_CERTIFICATE_FOUND
-- JOINUP: Commitment Type Implementation for PAdES EPES signature looks wrong
-- PAdES B-Level Signature must not contain signingTime as a signed attribute
-- CAdES DSSException: Error when dealing with CommitmentTypeIndication!
-- JOINUP: Java Applet IE11 Java 7
-- JOINUP:Documents with DSS (Document Security Store) cause DSSNullException
-- PDF: Impossible to sign
-- JOINUP: ASiC-S: bad URI: http://uri.etsi.org/02918/v1.2.1#
-- TimestampToken: bad signature algorithm
4.1.0
The dss-package version 4.1.0.
This version includes :
- Validation with warnings:
- To give more flexibility to the process of validating a signature a new constraint level "WARN" was introduced. Now every constraint within the validation policy may not be blocking but considered as a simple warning.
- Make ASiC-S signature handling multiple signatures:
- This type of signature can contain a timestamp as a separate signature which must also be validated.
- Make ASiC-S containers compatible with CAdES signature:
- This type of container can contain a XAdES or CAdES kind of signature. The inclusion of this last one has been added.
- Java 1.7 compatibility
- Parallelise the information search to improve performance:
- To accelerate the process of the signature validation, the issuer certificate and the revocation data are retrieved in parallel manner.
- Manage the scope of signatures:
- The validation report must include the indication of the scope of signature (if the whole document(s) is covered by signature)
- Support plain signature:
- The validation process must support the validation of non AdES signature.
- Fix the validation of the signatures with the archive timestamp using the link to the TSL:
- When validating a signature the validity of the associated service must be taken into account.