diff --git a/docs/documentation_deployment_instructions.txt b/docs/documentation_deployment_instructions.txt index be1bface2..e35faaf59 100644 --- a/docs/documentation_deployment_instructions.txt +++ b/docs/documentation_deployment_instructions.txt @@ -1,44 +1,29 @@ -Our documentation is written using [MkDocs](http://www.mkdocs.org/) static documentation site generator and -language that we use to write documentation is [Markdown](https://daringfireball.net/projects/markdown/). +Our documentation is written using [MkDocs](http://www.mkdocs.org/) static documentation site generator with [Material theme](https://squidfunk.github.io/mkdocs-material/) and [Markdown](https://daringfireball.net/projects/markdown/). System requirements ------------------- -* **Python 2** - All version above 2.6 should work +* **Python 3** - currently used version is 3.10 * **pip** - Python package manager -* **MkDocs CLI** - to generate and deploy new version of documentation * **Text Editor** - to edit Markdown documents (i.e [Haroopad](http://pad.haroopress.com/#)) -Installing MkDocs +Installing required software ----------------- ### Ubuntu and Mac OS X -Both Ubuntu and Mac OS X come `python` version 2 already installed You only need to install `pip` +Both Ubuntu and Mac OS X come `python` already installed (the version depends on OS) -1. Install `pip` on Ubuntu 15.04 `sudo apt-get install python-pip` on Mac OS X `sudo easy_install pip` -2. Next up install `mkdocs` using [pip](https://pip.pypa.io/en/stable/): `pip install mkdocs` +1. Install `pip` on Ubuntu 18.04 `sudo apt-get install python-pip` on Mac OS X `sudo easy_install pip` +2. Install `mkdocs` using [pip](https://pip.pypa.io/en/stable/): `pip install mkdocs` +3. Install material theme `pip install mkdocs-material` ### Windows -Installing Python: - -1. Download the installer from the official `python` homepage: -> **NOTE:** Starting with version 2.7.9 and onwards `pip` ships along with python,
-so there shouldn't be any need to install `pip` separately. -2. Execute the python installer - -Installing Pip: - -1. Download [get-pip.py](https://bootstrap.pypa.io/get-pip.py) -2. Then run the following command (which may require administrator access): `python get-pip.py` -3. Add C:\Python27\Scripts to the system path (PATH environment variable) - -Installing Mkdocs: - -Install `mkdocs` using [pip](https://pip.pypa.io/en/stable/): `pip install mkdocs` - -Now You're done and can start editing the PDF Validator documentation. +1. Install python. Download the installer from the official `python` homepage: and install +> **NOTE:** Starting with version 2.7.9 and onwards `pip` ships along with python, so there shouldn't be any need to install `pip` separately. +2. Install `mkdocs` using [pip](https://pip.pypa.io/en/stable/): `pip install mkdocs` +3. Install material theme `pip install mkdocs-material` Editing content --------------- diff --git a/docs/img/siva/qa_strategy/siva2/taskWorkFlow.PNG b/docs/img/siva/qa_strategy/siva2/taskWorkFlow.png similarity index 100% rename from docs/img/siva/qa_strategy/siva2/taskWorkFlow.PNG rename to docs/img/siva/qa_strategy/siva2/taskWorkFlow.png diff --git a/docs/index.md b/docs/index.md index 17fdb23a1..fa6bdab2a 100755 --- a/docs/index.md +++ b/docs/index.md @@ -34,4 +34,5 @@ SiVa architecture document will cover: servers required when deploying SiVa validation web service into production * [**Quality Assurance**](siva3/qa_strategy) - overview of quality assurance strategy and testing +* [**Roadmap**](siva3/roadmap) - info about planned releases diff --git a/docs/siva3/appendix/validation_policy.md b/docs/siva3/appendix/validation_policy.md index 0b6aa2916..2f27ff2fd 100644 --- a/docs/siva3/appendix/validation_policy.md +++ b/docs/siva3/appendix/validation_policy.md @@ -98,7 +98,7 @@ http://open-eid.github.io/SiVa/siva3/appendix/validation_policy/#POLv4 1. SiVa implicitly implements constraints that are specified in the specification documents of the signature formats supported by the Service: - * [BDOC 2.1](http://id.ee/wp-content/uploads/2020/06/bdoc-spec212-eng.pdf) ASiC-E/XAdES signatures + * [BDOC 2.1](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf) ASiC-E/XAdES signatures * [X-Road](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf) ASiC-E/XAdES signatures * [PAdES](http://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf) signatures * [XAdES](http://www.etsi.org/deliver/etsi_en/319100_319199/31913201/01.01.01_60/en_31913201v010101p.pdf) signatures @@ -184,7 +184,7 @@ Legend: ### BDOC container spceific requirements -The BDOC container must conform with [BDOC 2.1](http://id.ee/wp-content/uploads/2020/06/bdoc-spec212-eng.pdf) standard. +The BDOC container must conform with [BDOC 2.1](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf) standard. 1. File extension * ".bdoc" file extension is supported during signature validation. 2. Only one signature shall be stored in one signatures.xml file. diff --git a/docs/siva3/interfaces.md b/docs/siva3/interfaces.md index 386b299c0..86d043bb4 100644 --- a/docs/siva3/interfaces.md +++ b/docs/siva3/interfaces.md @@ -275,7 +275,7 @@ Structure of validationConclusion block | validatedDocument. filename | ValidatedDocument. Filename | - | String | Digitally signed document's file name. Not present for hashcode validation. | | validatedDocument. fileHash | ValidatedDocument. FileHash | - | String | Calculated hash for validated document in Base64. Present when report signing is enabled. | | validatedDocument. hashAlgo | ValidatedDocument. HashAlgo | - | String | Hash algorithm used. Present when report signing is enabled. | -| signatureForm | SignatureForm | - | String | Format (and optionally version) of the digitally signed document container.
In case of documents in [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) format, the "hashcode" suffix is used to denote that the container was validated in [hashcode mode](http://sertkeskus.github.io/dds-documentation/api/api_docs/#ddoc-format-and-hashcode), i.e. without original data files.
**Possible values:**
DIGIDOC_XML_1.0
DIGIDOC_XML_1.0_hashcode
DIGIDOC_XML_1.1
DIGIDOC_XML_1.1_hashcode
DIGIDOC_XML_1.2
DIGIDOC_XML_1.2_hashcode
DIGIDOC_XML_1.3
DIGIDOC_XML_1.3_hashcode
ASiC_E - used in case of all ASIC-E ([BDOC](http://id.ee/wp-content/uploads/2020/06/bdoc-spec212-eng.pdf)) documents and X-Road simple containers that don't use batch time-stamping (see [specification document](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf))
ASiC_E_batchsignature - used in case of X-Road containers with batch signature (see [specification document](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf))
ASiC_S - used in case of all ASIC-S documents | +| signatureForm | SignatureForm | - | String | Format (and optionally version) of the digitally signed document container.
In case of documents in [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) format, the "hashcode" suffix is used to denote that the container was validated in [hashcode mode](http://sertkeskus.github.io/dds-documentation/api/api_docs/#ddoc-format-and-hashcode), i.e. without original data files.
**Possible values:**
DIGIDOC_XML_1.0
DIGIDOC_XML_1.0_hashcode
DIGIDOC_XML_1.1
DIGIDOC_XML_1.1_hashcode
DIGIDOC_XML_1.2
DIGIDOC_XML_1.2_hashcode
DIGIDOC_XML_1.3
DIGIDOC_XML_1.3_hashcode
ASiC_E - used in case of all ASIC-E ([BDOC](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf)) documents and X-Road simple containers that don't use batch time-stamping (see [specification document](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf))
ASiC_E_batchsignature - used in case of X-Road containers with batch signature (see [specification document](https://cyber.ee/research/reports/T-4-23-Profile-for-High-Performance-Digital-Signatures.pdf))
ASiC_S - used in case of all ASIC-S documents | | signatures | Signatures | - | Array | Collection of signatures found in digitally signed document | | signatures[0] | Signature | + | Object | Signature information object | | signatures[0]. claimedSigningTime | Signature. ClaimedSigningTime | + | Date | Claimed signing time, i.e. signer's computer time during signature creation | @@ -299,10 +299,10 @@ Structure of validationConclusion block | signatures[0].info. signatureProductionPlace.city | Signature.Info. SignatureProductionPlace.City | - | String | Stated city. | | signatures[0].info. signatureProductionPlace.postalCode | Signature.Info. SignatureProductionPlace.PostalCode | - | String | Stated postal code. | | signatures[0].info. signingReason | Signature.Info SigningReason | - | String | Free text field for PAdES type signatures for stating the signing reason | -| signatures[0]. signatureFormat | Signature. SignatureFormat | + | String | Format and profile (according to Baseline Profile) of the signature. See [XAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103171/02.01.01_60/ts_103171v020101p.pdf), [CAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103173/02.02.01_60/ts_103173v020201p.pdf) and [PAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103172/02.02.02_60/ts_103172v020202p.pdf) for detailed description of the Baseline Profile levels. Levels that are accepted in SiVa validation policy are described in [SiVa signature validation policy](/siva3/appendix/validation_policy)
**Possible values:**
XAdES_BASELINE_B
XAdES_BASELINE_B_BES
XAdES_BASELINE_B_EPES
XAdES_BASELINE_T
XAdES_BASELINE_LT - long-term level XAdES signature where time-stamp is used as a assertion of trusted signing time
XAdES_BASELINE_LT_TM - long-term level XAdES signature where time-mark is used as a assertion of trusted signing time. Used in case of [BDOC](http://id.ee/wp-content/uploads/2020/06/bdoc-spec212-eng.pdf) signatures with time-mark profile and [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) signatures.
XAdES_BASELINE_LTA
CAdES_BASELINE_B
CAdES_BASELINE_T
CAdES_BASELINE_LT
CAdES_BASELINE_LTA
PAdES_BASELINE_B
PAdES_BASELINE_T
PAdES_BASELINE_LT
PAdES_BASELINE_LTA | +| signatures[0]. signatureFormat | Signature. SignatureFormat | + | String | Format and profile (according to Baseline Profile) of the signature. See [XAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103171/02.01.01_60/ts_103171v020101p.pdf), [CAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103173/02.02.01_60/ts_103173v020201p.pdf) and [PAdES Baseline Profile](http://www.etsi.org/deliver/etsi_ts/103100_103199/103172/02.02.02_60/ts_103172v020202p.pdf) for detailed description of the Baseline Profile levels. Levels that are accepted in SiVa validation policy are described in [SiVa signature validation policy](/siva3/appendix/validation_policy)
**Possible values:**
XAdES_BASELINE_B
XAdES_BASELINE_B_BES
XAdES_BASELINE_B_EPES
XAdES_BASELINE_T
XAdES_BASELINE_LT - long-term level XAdES signature where time-stamp is used as a assertion of trusted signing time
XAdES_BASELINE_LT_TM - long-term level XAdES signature where time-mark is used as a assertion of trusted signing time. Used in case of [BDOC](https://www.id.ee/wp-content/uploads/2021/06/bdoc-spec212-eng.pdf) signatures with time-mark profile and [DIGIDOC-XML](https://www.id.ee/wp-content/uploads/2020/08/digidoc_format_1.3.pdf) (DDOC) signatures.
XAdES_BASELINE_LTA
CAdES_BASELINE_B
CAdES_BASELINE_T
CAdES_BASELINE_LT
CAdES_BASELINE_LTA
PAdES_BASELINE_B
PAdES_BASELINE_T
PAdES_BASELINE_LT
PAdES_BASELINE_LTA | | signatures[0]. signatureMethod | Signature. SignatureMethod | + | String | Signature method specification URI used in signature creation. | | signatures[0]. signatureLevel | Signature. SignatureLevel | - |String | Legal level of the signature, according to Regulation (EU) No 910/2014.
- **Possible values on positive validation result:**
QESIG
QESEAL
QES
ADESIG_QC
ADESEAL_QC
ADES_QC
ADESIG
ADESEAL
ADES
- **Possible values on indeterminate validation result:**
prefix INDETERMINATE is added to the level described in positive result. For example INDETERMINATE_QESIG
- **Possible values on negative validation result:**
In addition to abovementioned
NOT_ADES_QC_QSCD
NOT_ADES_QC
NOT_ADES
NA
- In case of DIGIDOC-XML 1.0..1.3 formats, value is missing as the signature level is not checked by the JDigiDoc base library that is used for validation. However, the signatures can be indirectly regarded as QES level signatures, see also [SiVa Validation Policy](/siva3/appendix/validation_policy)
- In case of XROAD ASICE containers the value is missing as the asicverifier base library do not check the signature level.| -| signatures[0].signedBy | Signature.SignedBy | + | String | Signers name and identification number, i.e. value of the CN field of the signer's certificate | +| signatures[0].signedBy | Signature.SignedBy | + | String | In format of "surname, givenName, serialNumber" if these fields are present in subject distinguished name field. In other cases, value of common name field. | | signatures[0].subjectDistinguishedName.serialNumber | Signature.SubjectDistinguishedName.SerialNumber | - | String | SERIALNUMBER value portion in signer's certificate's subject distinguished name | | signatures[0].subjectDistinguishedName.commonName | Signature.SubjectDistinguishedName.CommonName | - | String | CN (common name) value portion in signer's certificate's subject distinguished name | | signatures[0]. signatureScopes | Signature. SignatureScopes | - | Array | Contains information of the original data that is covered by the signature. | diff --git a/docs/siva3/references.md b/docs/siva3/references.md index 938b6d453..3e3e8f0d2 100644 --- a/docs/siva3/references.md +++ b/docs/siva3/references.md @@ -1,4 +1,4 @@ -# References + * (1) Lisa_6_Osa_I_SiVa_Testimise_korraldus.pdf * (2) Lisa_4_Osa_I_SiVa_Valideerimisteenuse_analuus MUUDETUD.pdf diff --git a/docs/siva3/roadmap.md b/docs/siva3/roadmap.md new file mode 100644 index 000000000..7a59c5810 --- /dev/null +++ b/docs/siva3/roadmap.md @@ -0,0 +1,15 @@ + + +This roadmap is for information purposes and can change without prior notice. + +## Planned releases +### 3.6.0 - June 2022 +- LOTL/TSL loading improvements +- Dependency updates +- Digidoc4j 5.0.0 +- Bug fixes + +### 3.7.0 - October 2022 +- CRL information improvements in validation report +- Dependency updates +- Bug fixes \ No newline at end of file diff --git a/docs/version_info.md b/docs/version_info.md index ed2f78581..77eba9bca 100644 --- a/docs/version_info.md +++ b/docs/version_info.md @@ -1,16 +1,18 @@ -| **Version number** | **Change date** | **Author** | **Description** | -|--------------------|-----------------|------------|-----------------| -| 0.1 | 06.05.2016 | Mihkel Selgal | Initial SiVa architecture | -| 1.0 | 26.10.2016 | Priit Reiser, Aare Nurm | Documentation updates | -| 1.1 | 04.05.2017 | Vadim Pudov, Allan Juhanson, Julia Solovei, Aare Nurm | Documentation updates | -| 1.2 | 01.11.2017 | Aare Nurm | Update to new version of mkdocs. Addition of SIVA 2.0 documentation structure | -| 1.3 | 20.12.2017 | Aare Nurm, Siim Suu, Madis Piigli | Documentation updates | -| 1.4 | 29.01.2019 | Aare Nurm | Addition of SIVA 3.0 document structure | -| 1.5 | 21.03.2019 | Jorgen Heinsoo | SIVA 3.2 documentation additions with diagnostic data report description | -| 1.6 | 04.04.2019 | Aare Nurm | Finalizing the documentation for release | -| 1.7 | 12.06.2020 | Aare Nurm, Priit Üksküla | SIVA 3.3 documentation additions | -| 1.8 | 01.03.2021 | Markus Kivisalu | SIVA 3.4 documentation additions | -| 1.9 | 12.04.2021 | Markus Kivisalu | Updated URL-s and reference links | -| 1.10 | 16.06.2021 | Risto Seene, Markus Kivisalu | SIVA 3.5 documentation additions | +| **Version number** | **Change date** | **Author** | **Description** | +|--------------------|-----------------|-------------------------------------------------------|-------------------------------------------------------------------------------| +| 0.1 | 06.05.2016 | Mihkel Selgal | Initial SiVa architecture | +| 1.0 | 26.10.2016 | Priit Reiser, Aare Nurm | Documentation updates | +| 1.1 | 04.05.2017 | Vadim Pudov, Allan Juhanson, Julia Solovei, Aare Nurm | Documentation updates | +| 1.2 | 01.11.2017 | Aare Nurm | Update to new version of mkdocs. Addition of SIVA 2.0 documentation structure | +| 1.3 | 20.12.2017 | Aare Nurm, Siim Suu, Madis Piigli | Documentation updates | +| 1.4 | 29.01.2019 | Aare Nurm | Addition of SIVA 3.0 document structure | +| 1.5 | 21.03.2019 | Jorgen Heinsoo | SIVA 3.2 documentation additions with diagnostic data report description | +| 1.6 | 04.04.2019 | Aare Nurm | Finalizing the documentation for release | +| 1.7 | 12.06.2020 | Aare Nurm, Priit Üksküla | SIVA 3.3 documentation additions | +| 1.8 | 01.03.2021 | Markus Kivisalu | SIVA 3.4 documentation additions | +| 1.9 | 12.04.2021 | Markus Kivisalu | Updated URL-s and reference links | +| 1.10 | 16.06.2021 | Risto Seene, Markus Kivisalu | SIVA 3.5 documentation additions | +| 1.11 | 20.04.2022 | Aare Nurm | Roadmap added | +| 1.12 | 20.05.2022 | Aare Nurm | SignedBy field description update | diff --git a/mkdocs.yml b/mkdocs.yml index b800cb489..548e7755f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,4 +1,4 @@ -site_name: SiVa 3.4 - Signature Validation Service Documentation +site_name: SiVa 3.5 - Signature Validation Service Documentation theme: name: material include_sidebar: false @@ -31,46 +31,47 @@ nav: - 6. QUALITY ASSURANCE: - 6.1 QA Strategy: siva3/qa_strategy.md - 6.2 Test Plan: siva3/test_plan.md -- 7. REFERENCES: siva3/references.md -- 8. APPENDICES: +- 7. ROADMAP: siva3/roadmap.md +- 8. REFERENCES: siva3/references.md +- 9. APPENDICES: - Appendix 1 - Validation Policy: siva3/appendix/validation_policy.md - Appendix 2 - Test Case Descriptions: siva3/appendix/test_cases.md - Appendix 3 - WSDL/XSD of SOAP Interface : siva3/appendix/wsdl.md - Appendix 4 - Known Issues : siva3/appendix/known_issues.md -- 9. SIVA 2.0 (Deprecated): - - 9.1. DEFINITIONS: siva2/definitions.md - - 9.2. BACKGROUND: siva2/overview.md - - 9.3. STRUCTURE & ACTIVITIES: - - 9.3.1 Component model: siva2/structure_and_activities.md - - 9.3.2 Use cases: siva2/use_cases.md - - 9.4. INTERFACES: siva2/interfaces.md - - 9.5. DEPLOYMENT: - - 9.5.1 Deployment model: siva2/deployment.md - - 9.5.2 System integrator's guide: siva2/systemintegrators_guide.md - - 9.6. QUALITY ASSURANCE: - - 9.6.1 QA Strategy: siva2/qa_strategy.md - - 9.6.2 Test Plan: siva2/test_plan.md - - 9.7. REFERENCES: siva2/references.md - - 9.8. APPENDICES: +- 10. SIVA 2.0 (Deprecated): + - 10.1. DEFINITIONS: siva2/definitions.md + - 10.2. BACKGROUND: siva2/overview.md + - 10.3. STRUCTURE & ACTIVITIES: + - 10.3.1 Component model: siva2/structure_and_activities.md + - 10.3.2 Use cases: siva2/use_cases.md + - 10.4. INTERFACES: siva2/interfaces.md + - 10.5. DEPLOYMENT: + - 10.5.1 Deployment model: siva2/deployment.md + - 10.5.2 System integrator's guide: siva2/systemintegrators_guide.md + - 10.6. QUALITY ASSURANCE: + - 10.6.1 QA Strategy: siva2/qa_strategy.md + - 10.6.2 Test Plan: siva2/test_plan.md + - 10.7. REFERENCES: siva2/references.md + - 10.8. APPENDICES: - Appendix 1 - Validation Policy: siva2/appendix/validation_policy.md - Appendix 2 - Test Case Descriptions: siva2/appendix/test_cases.md - Appendix 3 - WSDL/XSD of SOAP Interface : siva2/appendix/wsdl.md - Appendix 4 - Known Issues : siva2/appendix/known_issues.md -- 10. SIVA 1.1 (Deprecated): - - 10.1. DEFINITIONS: siva/definitions.md - - 10.2. BACKGROUND: siva/overview.md - - 10.3. STRUCTURE & ACTIVITIES: - - 10.3.1 Component model: siva/v2/structure_and_activities.md - - 10.3.2 Use cases: siva/v2/use_cases.md - - 10.4. INTERFACES: siva/v2/interfaces.md - - 10.5. DEPLOYMENT: - - 10.5.1 Deployment model: siva/v2/deployment.md - - 10.5.2 System integrator's guide: siva/v2/systemintegrators_guide.md - - 10.6. QUALITY ASSURANCE: - - 10.6.1 QA Strategy: siva/qa_strategy.md - - 10.6.2 Test Plan: siva/test_plan.md - - 10.7. REFERENCES: siva/references.md - - 10.8. APPENDICES: +- 11. SIVA 1.1 (Deprecated): + - 11.1. DEFINITIONS: siva/definitions.md + - 11.2. BACKGROUND: siva/overview.md + - 11.3. STRUCTURE & ACTIVITIES: + - 11.3.1 Component model: siva/v2/structure_and_activities.md + - 11.3.2 Use cases: siva/v2/use_cases.md + - 11.4. INTERFACES: siva/v2/interfaces.md + - 11.5. DEPLOYMENT: + - 11.5.1 Deployment model: siva/v2/deployment.md + - 11.5.2 System integrator's guide: siva/v2/systemintegrators_guide.md + - 11.6. QUALITY ASSURANCE: + - 11.6.1 QA Strategy: siva/qa_strategy.md + - 11.6.2 Test Plan: siva/test_plan.md + - 11.7. REFERENCES: siva/references.md + - 11.8. APPENDICES: - Appendix 1 - Validation Policy: siva/appendix/validation_policy.md - Appendix 2 - Test Case Descriptions: siva/appendix/test_cases.md - Appendix 3 - WSDL of SOAP Interface : siva/appendix/wsdl.md diff --git a/pom.xml b/pom.xml index f5d6202a3..d5bfad875 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ ee.openid.siva siva - 3.5.2 + 3.5.3 pom SiVa Digitally signed documents validation service https://github.com/open-eid/SiVa @@ -112,13 +112,13 @@ 1.15 4.4 2.11.0 - 2.13.2 + 2.13.3 20220320 1.2.11 - 1.18.22 + 1.18.24 1.30 - 2.6.6 - 2.1.7 + 2.6.7 + 2.1.8 jacoco reuseReports @@ -131,7 +131,7 @@ org.apache.maven.plugins maven-project-info-reports-plugin - 3.1.2 + 3.3.0 org.codehaus.mojo @@ -146,7 +146,7 @@ maven-pmd-plugin - 3.15.0 + 3.16.0 @@ -156,7 +156,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.9.0 + 3.10.1 true ${language.level} @@ -225,7 +225,7 @@ org.owasp dependency-check-maven - 6.2.2 + 7.1.0 false false diff --git a/siva-parent/pom.xml b/siva-parent/pom.xml index 809e30a1e..9de668f22 100644 --- a/siva-parent/pom.xml +++ b/siva-parent/pom.xml @@ -19,14 +19,14 @@ siva ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 siva-parent pom SiVa webapp and other core modules - 3.5.2 + 3.5.3 siva-validation-proxy @@ -40,7 +40,7 @@ - 3.5.0 + 3.5.2 diff --git a/siva-parent/siva-distribution/pom.xml b/siva-parent/siva-distribution/pom.xml index 7c9eed12a..0cefd2e68 100644 --- a/siva-parent/siva-distribution/pom.xml +++ b/siva-parent/siva-distribution/pom.xml @@ -20,7 +20,7 @@ siva-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/siva-parent/siva-monitoring/pom.xml b/siva-parent/siva-monitoring/pom.xml index 96b0d15cb..2a98fd5b6 100644 --- a/siva-parent/siva-monitoring/pom.xml +++ b/siva-parent/siva-monitoring/pom.xml @@ -19,7 +19,7 @@ siva-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/siva-parent/siva-sample-application/pom.xml b/siva-parent/siva-sample-application/pom.xml index a601833b4..f29eb7228 100644 --- a/siva-parent/siva-sample-application/pom.xml +++ b/siva-parent/siva-sample-application/pom.xml @@ -18,7 +18,7 @@ siva-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 @@ -88,14 +88,14 @@ eu.michael-simons wro4j-spring-boot-starter - 0.10.1 + 0.10.4 com.github.ben-manes.caffeine caffeine - 3.0.5 + 3.0.6 @@ -106,7 +106,7 @@ org.zeroturnaround zt-zip - 1.14 + 1.15 jar @@ -170,7 +170,7 @@ com.jayway.jsonpath json-path - 2.6.0 + 2.7.0 com.fasterxml.jackson.dataformat @@ -203,7 +203,7 @@ net.sourceforge.htmlunit htmlunit - 2.56.0 + 2.61.0 test diff --git a/siva-parent/siva-signature-service/pom.xml b/siva-parent/siva-signature-service/pom.xml index f8144ebf7..7e73813b1 100644 --- a/siva-parent/siva-signature-service/pom.xml +++ b/siva-parent/siva-signature-service/pom.xml @@ -19,7 +19,7 @@ siva-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/siva-parent/siva-statistics/pom.xml b/siva-parent/siva-statistics/pom.xml index 5938df939..cade9cc33 100644 --- a/siva-parent/siva-statistics/pom.xml +++ b/siva-parent/siva-statistics/pom.xml @@ -19,7 +19,7 @@ siva-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/siva-parent/siva-test/pom.xml b/siva-parent/siva-test/pom.xml index e6bc0a975..bb389a601 100644 --- a/siva-parent/siva-test/pom.xml +++ b/siva-parent/siva-test/pom.xml @@ -19,7 +19,7 @@ siva-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationFailIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationFailIT.java index 37f9a528c..b3ff37b05 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationFailIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationFailIT.java @@ -62,6 +62,7 @@ public void asiceInvalidSingleSignature() { .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE)) .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT)) .body("signatures[0].indication", Matchers.is(TOTAL_FAILED)) + .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("38211015222")) .body("signatures[0].subIndication", Matchers.is(SUB_INDICATION_HASH_FAILURE)) @@ -256,6 +257,7 @@ public void asiceNotTrustedOcspCert() { .body("signatures[0].indication", Matchers.is(TOTAL_FAILED)) .body("signatures[0].subIndication", Matchers.is(SUB_INDICATION_FORMAT_FAILURE)) .body("signatures[0].errors.content", Matchers.hasItems(LTV_PROCESS_NOT_ACCEPTABLE)) + .body("signatures[0].signedBy", Matchers.is("SINIVEE,VEIKO,36706020210")) .body("signatures[0].certificates.size()", Matchers.is(1)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("SINIVEE,VEIKO,36706020210")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEPzCCAyegAwIBAgIQH0FobucEcidPGVN0HUUgATANBgkqhk")) @@ -420,6 +422,7 @@ public void asiceBaselineBesSignatureLevel() { .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_B)) .body("signatures[0].indication", Matchers.is(TOTAL_FAILED)) .body("signatures[0].errors.content", Matchers.hasItems(LTV_PROCESS_NOT_ACCEPTABLE)) + .body("signatures[0].signedBy", Matchers.is("UUKKIVI,KRISTI,48505280278")) .body("signatures[0].certificates.size()", Matchers.is(1)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("UUKKIVI,KRISTI,48505280278")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEojCCA4qgAwIBAgIQPKphkF8jscxRrFRhBsxlhjANBgkqhk")) @@ -452,6 +455,7 @@ public void asiceBaselineEpesSignatureLevel() { .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_B)) .body("signatures[0].indication", Matchers.is(TOTAL_FAILED)) .body("signatures[0].errors.content", Matchers.hasItems(LTV_PROCESS_NOT_ACCEPTABLE)) + .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].certificates.size()", Matchers.is(1)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIE/TCCA+WgAwIBAgIQJw9uhQnKff9RdnVKwzk1OzANBgkqhk")) @@ -483,6 +487,7 @@ public void asiceSignersCertNotTrusted() { .body("signatures[0].indication", Matchers.is(TOTAL_FAILED)) .body("signatures[0].errors[0].content", Matchers.is(CERT_PATH_NOT_TRUSTED)) .body("signatures[0].errors[1].content", Matchers.is(LTV_PROCESS_NOT_ACCEPTABLE)) + .body("signatures[0].signedBy", Matchers.is("signer1")) .body("signatures[0].certificates.size()", Matchers.is(2)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("signer1")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIICHDCCAYWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMQswCQ")) @@ -641,6 +646,7 @@ public void asiceBaselineTSignature() { .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_T)) .body("signatures[0].indication", Matchers.is(TOTAL_FAILED)) .body("signatures[0].errors.content", Matchers.hasItem(LTV_PROCESS_NOT_ACCEPTABLE)) + .body("signatures[0].signedBy", Matchers.is("ŽAIKOVSKI,IGOR,37101010021")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("ŽAIKOVSKI,IGOR,37101010021")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEjzCCA3egAwIBAgIQZTNeodpzkAxPgpfyQEp1dTANBgkqhk")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].issuer.commonName", Matchers.startsWith("TEST of ESTEID-SK 2011")) diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationPassIT.java index 95167d76b..60ced81d8 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationPassIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsiceValidationPassIT.java @@ -57,6 +57,7 @@ public void validAsiceSingleSignature() { .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) .body("signatures[0].info.bestSignatureTime", Matchers.is("2016-10-11T09:36:10Z")) .body("validationLevel", Matchers.is(VALIDATION_LEVEL_ARCHIVAL_DATA)) + .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].certificates.size()", Matchers.is(3)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIE3DCCAsSgAwIBAgIQSsqdjzAQgvpX80krgJy83DANBgkqhk")) @@ -77,7 +78,7 @@ public void validAsiceSingleSignature() { * * Requirement: http://open-eid.github.io/SiVa/siva3/appendix/validation_policy/#POLv4 * - * Title: Asice TM with multiple valid signatures + * Title: Asice with multiple valid signatures * * Expected Result: The document should pass the validation * @@ -116,6 +117,9 @@ public void asiceDifferentCertificateCountries() { .then().rootPath(VALIDATION_CONCLUSION_PREFIX) .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("PELANIS,MINDAUGAS,37412260478")) + .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MINDAUGAS PELANIS")) + .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("37412260478")) .body("signatures[0].certificates.size()", Matchers.is(3)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("MINDAUGAS PELANIS")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIGJzCCBQ+gAwIBAgIObV8h37aTlaYAAQAEAckwDQYJKoZIhv")) @@ -151,6 +155,7 @@ public void asiceBaselineLtProfileValidSignature() { .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) .body("signatures[0].info.bestSignatureTime", Matchers.is("2016-05-23T10:06:23Z")) + .body("signatures[0].signedBy", Matchers.is("UUKKIVI,KRISTI,48505280278")) .body("signatures[0].certificates.size()", Matchers.is(3)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("UUKKIVI,KRISTI,48505280278")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEojCCA4qgAwIBAgIQPKphkF8jscxRrFRhBsxlhjANBgkqhk")) @@ -186,6 +191,7 @@ public void asiceBaselineLtaProfileValidSignature() { .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LTA)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) .body("signatures[0].info.bestSignatureTime", Matchers.is("2014-10-30T18:50:35Z")) + .body("signatures[0].signedBy", Matchers.is("METSMA,RAUL,38207162766")) .body("signatures[0].certificates.size()", Matchers.is(4)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("METSMA,RAUL,38207162766")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEmzCCA4OgAwIBAgIQFQe7NKtE06tRSY1vHfPijjANBgkqhk")) @@ -250,6 +256,7 @@ public void asiceSk2015CertificateChainValidSignature() { .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT)) .body("signatures[0].signatureLevel", Matchers.is(SIGNATURE_LEVEL_QESIG)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("LUKIN,LIISA,47710110274")) .body("signatures[0].certificates.size()", Matchers.is(3)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("LUKIN,LIISA,47710110274")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIFfzCCA2egAwIBAgIQL+hzDhb7R0xWi+03fxcZKDANBgkqhk")) @@ -284,6 +291,7 @@ public void asiceKlass3Sk2010CertificateChainValidSignature() { .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT)) .body("signatures[0].signatureLevel", Matchers.is(SIGNATURE_LEVEL_QESIG)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("Wilson OÜ digital stamp")) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("Wilson OÜ digital stamp")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("12508548")) .body("signatures[0].certificates.size()", Matchers.is(3)) @@ -381,6 +389,7 @@ public void asiceEccSignatureShouldPass() { .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) .body("signatures[0].warnings", Matchers.emptyOrNullString()) + .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("47101010033")) .body("validationLevel", Matchers.is(VALIDATION_LEVEL_ARCHIVAL_DATA)) @@ -410,6 +419,7 @@ public void asicePssSignatureShouldPass() { .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) .body("signatures[0].warnings", Matchers.emptyOrNullString()) .body("signatures[0].signatureMethod", Matchers.is("http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1")) + .body("signatures[0].signedBy", Matchers.is("ŽÕRINÜWŠKY,MÄRÜ-LÖÖZ,11404176865")) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("ŽÕRINÜWŠKY,MÄRÜ-LÖÖZ,11404176865")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("11404176865")) .body("validationLevel", Matchers.is(VALIDATION_LEVEL_ARCHIVAL_DATA)) @@ -452,6 +462,46 @@ public void asiceWithEmptyDataFilesShouldPass() { .body("validSignaturesCount", Matchers.is(1)); } + /** + * TestCaseID: Asice-ValidationPass-15 + *

+ * TestType: Automated + *

+ * Requirement: http://open-eid.github.io/SiVa/siva3/appendix/validation_policy/#common_POLv3_POLv4 + *

+ * Title: ASICE with new Smart-ID certificate profile without personal number in CommonName + *

+ * Expected Result: The document should pass + *

+ * File: validSidSignatureWithCertWithoutPnoInCn.asice + */ + + @Test + public void validSignatureSignerCertDoNotHavePersonalNumberInCnShouldPass() { + setTestFilesDirectory("bdoc/test/timestamp/"); + post(validationRequestFor("validSidSignatureWithCertWithoutPnoInCn.asice")) + .then().rootPath(VALIDATION_CONCLUSION_PREFIX) + .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE)) + .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT)) + .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("TESTNUMBER,QUALIFIED OK1,30303039914")) + .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("TESTNUMBER,QUALIFIED OK1")) + .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("PNOEE-30303039914")) + .body("signatures[1].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT)) + .body("signatures[1].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[1].signedBy", Matchers.is("TESTNUMBER,BOD,39912319997")) + .body("signatures[1].subjectDistinguishedName.commonName", Matchers.is("TESTNUMBER,BOD")) + .body("signatures[1].subjectDistinguishedName.serialNumber", Matchers.is("PNOEE-39912319997")) + .body("signatures[1].certificates.size()", Matchers.is(3)) + .body("signatures[1].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("TESTNUMBER,BOD")) + .body("signatures[1].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIIojCCBoqgAwIBAgIQJ5zu8nauSO5hSFPXGPNAtzANBgkqhk")) + .body("signatures[1].certificates.findAll{it.type == 'SIGNATURE_TIMESTAMP'}[0].commonName", Matchers.is("DEMO SK TIMESTAMPING AUTHORITY 2020")) + .body("signatures[1].certificates.findAll{it.type == 'SIGNATURE_TIMESTAMP'}[0].content", Matchers.startsWith("MIIEgzCCA2ugAwIBAgIQcGzJsYR4QLlft+S73s/WfTANBgkqhk")) + .body("signatures[1].certificates.findAll{it.type == 'REVOCATION'}[0].commonName", Matchers.is("DEMO of EID-SK 2016 AIA OCSP RESPONDER 2018")) + .body("signatures[1].certificates.findAll{it.type == 'REVOCATION'}[0].content", Matchers.startsWith("MIIFQDCCAyigAwIBAgIQSKlAnTgs72Ra5xCvMScb/jANBgkqhk")) + .body("signaturesCount", Matchers.is(2)) + .body("validSignaturesCount", Matchers.is(2)); + } @Override protected String getTestFilesDirectory() { diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsicsValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsicsValidationPassIT.java index 708d40682..8289aea4b 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsicsValidationPassIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/AsicsValidationPassIT.java @@ -69,6 +69,7 @@ public void validDdocInsideValidAsics() { .body("signatures[0].info.signatureProductionPlace.stateOrProvince", Matchers.is("ei tea")) .body("signatures[0].info.signatureProductionPlace.city", Matchers.is("tõrva")) .body("signatures[0].info.signatureProductionPlace.postalCode", Matchers.is(" ")) + .body("signatures[0].signedBy", Matchers.is("SOONSEIN,SIMMO,38508134916")) .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName", Matchers.is("ESTEID-SK 2007 OCSP RESPONDER")) .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].content", Matchers.startsWith("MIIDnDCCAoSgAwIBAgIERZ0acjANBgkqhkiG9w0BAQUFADBbMQ")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("SOONSEIN,SIMMO,38508134916")) @@ -108,6 +109,7 @@ public void validDdocInsideValidAsicsScsExtension() { .body("signatures[0].indication", Matchers.is("TOTAL-PASSED")) .body("signatures[0].claimedSigningTime", Matchers.is("2012-10-03T07:46:31Z")) .body("signatures[0].info.bestSignatureTime", Matchers.is("2012-10-03T07:46:51Z")) + .body("signatures[0].signedBy", Matchers.is("LUKIN,LIISA,47710110274")) .body("timeStampTokens[0].indication", Matchers.is("TOTAL-PASSED")) .body("timeStampTokens[0].signedBy", Matchers.is("SK TIMESTAMPING AUTHORITY")) .body("timeStampTokens[0].signedTime", Matchers.is("2017-08-10T12:40:40Z")) @@ -143,6 +145,7 @@ public void validBdocInsideValidAsics() { .body("signatures[0].info.signatureProductionPlace.stateOrProvince", Matchers.is("Harju")) .body("signatures[0].info.signatureProductionPlace.city", Matchers.is("Tallinn")) .body("signatures[0].info.signatureProductionPlace.postalCode", Matchers.is("22333")) + .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("38211015222")) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("NURM,AARE,38211015222")) .body("signatures[1].signatureFormat", Matchers.is("XAdES_BASELINE_LT_TM")) diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationFailIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationFailIT.java index 2fae050e6..80d5f8315 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationFailIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationFailIT.java @@ -62,6 +62,7 @@ public void bdocInvalidSingleSignature() { .then().rootPath(VALIDATION_CONCLUSION_PREFIX) .body("signatureForm", Matchers.is("ASiC-E")) .body("signatures[0].indication", Matchers.is("TOTAL-FAILED")) + .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].certificates.size()", Matchers.is(3)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIFHTCCBAWgAwIBAgIQDq1SanUB71xO+wbqIO72rDANBgkqhk")) @@ -262,6 +263,7 @@ public void bdocNotTrustedOcspCert() { .body("signatures[0].indication", Matchers.is("TOTAL-FAILED")) .body("signatures[0].subIndication", Matchers.is("FORMAT_FAILURE")) .body("signatures[0].errors.content", Matchers.hasItems("The result of the LTV validation process is not acceptable to continue the process!")) + .body("signatures[0].signedBy", Matchers.is("SINIVEE,VEIKO,36706020210")) .body("signatures[0].certificates.size()", Matchers.is(2)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("SINIVEE,VEIKO,36706020210")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEPzCCAyegAwIBAgIQH0FobucEcidPGVN0HUUgATANBgkqhk")) @@ -292,6 +294,7 @@ public void bdocNotTrustedTsaCert() { .body("signatures[0].indication", Matchers.is("TOTAL-FAILED")) .body("signatures[0].info.bestSignatureTime", Matchers.is("2014-05-19T10:45:19Z")) .body("signatures[0].errors.content", Matchers.hasItems("Signature has an invalid timestamp")) + .body("signatures[0].signedBy", Matchers.is("ŽAIKOVSKI,IGOR,37101010021")) .body("signatures[0].certificates.size()", Matchers.is(3)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("ŽAIKOVSKI,IGOR,37101010021")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEjzCCA3egAwIBAgIQZTNeodpzkAxPgpfyQEp1dTANBgkqhk")) @@ -424,6 +427,7 @@ public void bdocBaselineBesSignatureLevel() { .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.notNullValue()) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.notNullValue()) .body("signatures[0].errors.content", Matchers.hasItems("The result of the LTV validation process is not acceptable to continue the process!")) + .body("signatures[0].signedBy", Matchers.is("UUKKIVI,KRISTI,48505280278")) .body("signatures[0].certificates.size()", Matchers.is(1)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("UUKKIVI,KRISTI,48505280278")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEojCCA4qgAwIBAgIQPKphkF8jscxRrFRhBsxlhjANBgkqhk")) @@ -453,6 +457,7 @@ public void bdocBaselineEpesSignatureLevel() { .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_B_EPES")) .body("signatures[0].indication", Matchers.is("TOTAL-FAILED")) .body("signatures[0].errors.content", Matchers.hasItems("The result of the LTV validation process is not acceptable to continue the process!")) + .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].certificates.size()", Matchers.is(1)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIE/TCCA+WgAwIBAgIQJw9uhQnKff9RdnVKwzk1OzANBgkqhk")) @@ -482,6 +487,7 @@ public void bdocSignersCertNotTrusted() { .body("signatures[0].info.bestSignatureTime", Matchers.is("2013-10-11T08:15:47Z")) .body("signatures[0].errors[0].content", Matchers.is("Unable to build a certificate chain until a trusted list!")) .body("signatures[0].errors[1].content", Matchers.is("The result of the LTV validation process is not acceptable to continue the process!")) + .body("signatures[0].signedBy", Matchers.is("signer1")) .body("signatures[0].certificates.size()", Matchers.is(2)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("signer1")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIICHDCCAYWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMQswCQ")) @@ -709,7 +715,6 @@ public void bdocCertificateValidityOutOfOcspRange() { .then().rootPath(VALIDATION_CONCLUSION_PREFIX) .body("signatureForm", Matchers.is("ASiC-E")) .body("signatures[0].indication", Matchers.is("INDETERMINATE")) - .body("signatures[0].errors.content", Matchers.hasItem("Signature has been created with expired certificate")) .body("validSignaturesCount", Matchers.is(0)); } diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationPassIT.java index d3eb5df35..7ee8e7f8c 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationPassIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/BdocValidationPassIT.java @@ -56,6 +56,7 @@ public void validSignature() { .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE)) .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT_TM)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].certificates.size()", Matchers.is(2)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEmDCCA4CgAwIBAgIQP0r+1SmYLpVSgfYqBWYcBzANBgkqhk")) @@ -138,6 +139,9 @@ public void bdocDifferentCertificateCountries() { .then().rootPath(VALIDATION_CONCLUSION_PREFIX) .body("signatureForm", Matchers.is("ASiC-E")) .body("signatures[0].indication", Matchers.is("TOTAL-PASSED")) + .body("signatures[0].signedBy", Matchers.is("PELANIS,MINDAUGAS,37412260478")) + .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MINDAUGAS PELANIS")) + .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("37412260478")) .body("signatures[0].certificates.size()", Matchers.is(3)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("MINDAUGAS PELANIS")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIGJzCCBQ+gAwIBAgIObV8h37aTlaYAAQAEAckwDQYJKoZIhv")) @@ -244,6 +248,7 @@ public void bdocBaselineLtaProfileValidSignature() { .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LTA")) .body("signatures[0].indication", Matchers.is("TOTAL-PASSED")) .body("signatures[0].info.bestSignatureTime", Matchers.is("2014-10-30T18:50:35Z")) + .body("signatures[0].signedBy", Matchers.is("METSMA,RAUL,38207162766")) .body("signatures[0].certificates.size()", Matchers.is(3)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("METSMA,RAUL,38207162766")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIEmzCCA4OgAwIBAgIQFQe7NKtE06tRSY1vHfPijjANBgkqhk")) @@ -325,6 +330,7 @@ public void bdocKlass3Sk2010CertificateChainValidSignature() { .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LT")) .body("signatures[0].signatureLevel", Matchers.is("QESIG")) .body("signatures[0].indication", Matchers.is("TOTAL-PASSED")) + .body("signatures[0].signedBy", Matchers.is("Wilson OÜ digital stamp")) .body("validSignaturesCount", Matchers.is(1)); } @@ -483,6 +489,7 @@ public void bdocWithEccTimeMarkShouldPass() { .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LT_TM")) .body("signatures[0].signatureLevel", Matchers.is("QESIG")) .body("signatures[0].indication", Matchers.is("TOTAL-PASSED")) + .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("47101010033")) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("validSignaturesCount", Matchers.is(1)) @@ -581,13 +588,14 @@ public void bdocMalformedBdocWithInvalidMimetypeInManifestShouldPass() { */ @Test - public void validSignatureTestOfOCSPResponder2020ForTimeMarkShoulPass() { + public void validSignatureTestOfOCSPResponder2020ForTimeMarkShouldPass() { setTestFilesDirectory("bdoc/test/timemark/"); post(validationRequestFor("test_of_OCSP_responder_2020.bdoc")) .then().rootPath(VALIDATION_CONCLUSION_PREFIX) .body("signatureForm", Matchers.is(SIGNATURE_FORM_ASICE)) .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_XADES_LT_TM)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("ŽAIKOVSKI,IGOR,37101010021")) .body("signatures[0].certificates.size()", Matchers.is(2)) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("ŽAIKOVSKI,IGOR,37101010021")) .body("signatures[0].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIIFvjCCA6agAwIBAgIQN7pWa1fk0oJaAwZD/BO7MjANBgkqhk")) diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationFailIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationFailIT.java index 5047da3b2..f8b5a17fc 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationFailIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationFailIT.java @@ -269,6 +269,9 @@ public void ddocSignersCertNotTrusted() { .body("signatures[1].errors.content", Matchers.hasItems("Signers cert not trusted, missing CA cert!", "Signing certificate issuer information does not match")) .body("signatures[1].errors.size()", Matchers.is(3)) .body("signatures[1].indication", Matchers.is(TOTAL_FAILED)) + .body("signatures[1].signedBy", Matchers.is("Ramlot,Guy Marc,65030202936")) + .body("signatures[1].subjectDistinguishedName.commonName", Matchers.is("Guy Ramlot (Signature)")) + .body("signatures[1].subjectDistinguishedName.serialNumber", Matchers.is("65030202936")) .body("signatures[1].certificates.findAll{it.type == 'SIGNING'}[0].commonName", Matchers.is("Guy Ramlot (Signature)")) .body("signatures[1].certificates.findAll{it.type == 'SIGNING'}[0].content", Matchers.startsWith("MIID5DCCAsygAwIBAgIQEAAAAAAA6b6vobxT/DKUOzANBgkqhk")) .body("validSignaturesCount", Matchers.is(1)) diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationPassIT.java index c7b2f309b..5aace2dfc 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationPassIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/DdocValidationPassIT.java @@ -185,6 +185,7 @@ public void ddocKlass3SkCertificateChainValidSignature() { .body("signatureForm", Matchers.is(SIGNATURE_FORM_DDOC_13)) .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_DIGIDOC_XML_13)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("SK: dokumendi kinnitus")) .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName", Matchers.is("KLASS3-SK OCSP RESPONDER")) .body("signaturesCount", Matchers.is(1)) .body("validSignaturesCount", Matchers.is(1)); @@ -210,6 +211,7 @@ public void ddocKlass3Sk2010CertificateChainValidSignature() { .body("signatureForm", Matchers.is(SIGNATURE_FORM_DDOC_13)) .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_DIGIDOC_XML_13)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("Sertifitseerimiskeskus AS Klienditoe osakond")) .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName", Matchers.is("KLASS3-SK 2010 OCSP RESPONDER")) .body("signaturesCount", Matchers.is(1)) .body("validSignaturesCount", Matchers.is(1)); @@ -237,6 +239,7 @@ public void ddocEsteidSk2007CertificateChainValidSignature() { .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) .body("signatures[0].warnings[0].content", Matchers.is("Old and unsupported format: DIGIDOC-XML version: 1.1")) .body("signatures[0].warnings.size()", Matchers.is(1)) + .body("signatures[0].signedBy", Matchers.is("SOONSEIN,SIMMO,38508134916")) .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName", Matchers.is("ESTEID-SK 2007 OCSP RESPONDER")) .body("signaturesCount", Matchers.is(1)) .body("validSignaturesCount", Matchers.is(1)); @@ -249,7 +252,7 @@ public void ddocEsteidSk2007CertificateChainValidSignature() { * * Requirement: http://open-eid.github.io/SiVa/siva3/appendix/validation_policy/#POLv4 * - * Title: Ddoc v1.1 ESTEID-SK 2007 certificate chain with valid signature + * Title: Ddoc v1.1 ESTEID-SK 2015 certificate chain with valid signature * * Expected Result: The document should pass the validation * @@ -262,6 +265,7 @@ public void ddocEsteidSk2015CertificateChainValidSignature() { .body("signatureForm", Matchers.is(SIGNATURE_FORM_DDOC_13)) .body("signatures[0].signatureFormat", Matchers.is(SIGNATURE_FORMAT_DIGIDOC_XML_13)) .body("signatures[0].indication", Matchers.is(TOTAL_PASSED)) + .body("signatures[0].signedBy", Matchers.is("LUKIN,LIISA,47710110274")) .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName", Matchers.is("SK OCSP RESPONDER 2011")) .body("signaturesCount", Matchers.is(1)) .body("validSignaturesCount", Matchers.is(1)); @@ -369,6 +373,7 @@ public void ddocEsteidSk2011Ocsp2011CertificateChainValidSignature() { .body("signatures[0].warnings[0].content", Matchers.is("X509IssuerName has none or invalid namespace: null")) .body("signatures[0].warnings[1].content", Matchers.is("X509SerialNumber has none or invalid namespace: null")) .body("signatures[0].warnings.size()", Matchers.is(2)) + .body("signatures[0].signedBy", Matchers.is("PELANIS,MINDAUGAS,37412260478")) .body("signatures[0].certificates.findAll{it.type == 'REVOCATION'}[0].commonName", Matchers.is("SK OCSP RESPONDER 2011")) .body("signaturesCount", Matchers.is(1)) .body("validSignaturesCount", Matchers.is(1)); diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/PdfValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/PdfValidationPassIT.java index 191f635c6..f54613eca 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/PdfValidationPassIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/PdfValidationPassIT.java @@ -57,6 +57,7 @@ public void validSignaturesRemainValidAfterSigningCertificateExpires() { .body("signatures[0].signatureFormat", Matchers.is("PAdES_BASELINE_LT")) .body("signatures[0].signatureLevel", Matchers.is("QESIG")) .body("signatures[0].indication", Matchers.is("TOTAL-PASSED")) + .body("signatures[0].signedBy", Matchers.is("Veiko Sinivee")) .body("validSignaturesCount", Matchers.is(1)) .body("signaturesCount", Matchers.is(1)); @@ -111,6 +112,7 @@ public void validSignature() { .body("signatures[0].signatureLevel", Matchers.is("QESIG")) .body("signatures[0].indication", Matchers.is("TOTAL-PASSED")) .body("signatures[0].warnings", Matchers.emptyOrNullString()) + .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.notNullValue()) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.notNullValue()) .body("validSignaturesCount", Matchers.is(1)) diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationFailIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationFailIT.java index 292ea181f..fc6e494c7 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationFailIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationFailIT.java @@ -56,6 +56,7 @@ public void dataFileHashAlgorithmDoesNotMatchWithSignatureDataFileHashAlgorithm( .body("signatures[0].subIndication", Matchers.is("SIGNED_DATA_NOT_FOUND")) .body("signatures[0].errors.content", Matchers.hasItems("The result of the LTV validation process is not acceptable to continue the process!")) .body("signatures[0].info.bestSignatureTime", Matchers.is("2019-02-05T13:36:23Z")) + .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("47101010033")) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("validationLevel", Matchers.is("ARCHIVAL_DATA")) diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationPassIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationPassIT.java index 9d9d0015e..194641085 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationPassIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/integrationtest/XadesHashcodeValidationPassIT.java @@ -57,6 +57,7 @@ public void validXadesWithHashcodeFromAsice() throws IOException, SAXException, .then().rootPath(VALIDATION_CONCLUSION_PREFIX) .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LT")) .body("signatures[0].indication", Matchers.is("TOTAL-PASSED")) + .body("signatures[0].signedBy", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("signatures[0].subjectDistinguishedName.serialNumber", Matchers.is("47101010033")) .body("signatures[0].subjectDistinguishedName.commonName", Matchers.is("MÄNNIK,MARI-LIIS,47101010033")) .body("validationLevel", Matchers.is("ARCHIVAL_DATA")) diff --git a/siva-parent/siva-test/src/test/java/ee/openeid/siva/resttest/ValidationReportValueVerificationIT.java b/siva-parent/siva-test/src/test/java/ee/openeid/siva/resttest/ValidationReportValueVerificationIT.java index c400d4803..ae1b315bc 100644 --- a/siva-parent/siva-test/src/test/java/ee/openeid/siva/resttest/ValidationReportValueVerificationIT.java +++ b/siva-parent/siva-test/src/test/java/ee/openeid/siva/resttest/ValidationReportValueVerificationIT.java @@ -215,7 +215,7 @@ public void bdocCorrectValuesArePresentInvalidLtSignatureAdesqc() { .body("signatures[0].id", Matchers.is("S1510667783001")) .body("signatures[0].signatureFormat", Matchers.is("XAdES_BASELINE_LT")) .body("signatures[0].signatureLevel", Matchers.is("NOT_ADES_QC")) - .body("signatures[0].signedBy", Matchers.is("NURM,AARE,PNOEE-38211015222")) + .body("signatures[0].signedBy", Matchers.is("NURM,AARE,38211015222")) .body("signatures[0].indication", Matchers.is("TOTAL-FAILED")) .body("signatures[0].subIndication", Matchers.is("HASH_FAILURE")) .body("signatures[0].errors[0].content", Matchers.is("The result of the LTV validation process is not acceptable to continue the process!")) diff --git a/siva-parent/siva-test/src/test/resources/bdoc/test/timestamp/validSidSignatureWithCertWithoutPnoInCn.asice b/siva-parent/siva-test/src/test/resources/bdoc/test/timestamp/validSidSignatureWithCertWithoutPnoInCn.asice new file mode 100644 index 000000000..d2444b150 Binary files /dev/null and b/siva-parent/siva-test/src/test/resources/bdoc/test/timestamp/validSidSignatureWithCertWithoutPnoInCn.asice differ diff --git a/siva-parent/siva-validation-proxy/pom.xml b/siva-parent/siva-validation-proxy/pom.xml index 1d5735d72..83c49a0a9 100644 --- a/siva-parent/siva-validation-proxy/pom.xml +++ b/siva-parent/siva-validation-proxy/pom.xml @@ -18,7 +18,7 @@ siva-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/siva-parent/siva-webapp/pom.xml b/siva-parent/siva-webapp/pom.xml index d7698418c..4db34555a 100644 --- a/siva-parent/siva-webapp/pom.xml +++ b/siva-parent/siva-webapp/pom.xml @@ -19,7 +19,7 @@ siva-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 @@ -96,13 +96,13 @@ org.springframework.cloud spring-cloud-starter-sleuth - 3.1.1 + 3.1.2 co.elastic.logging logback-ecs-encoder - 1.3.2 + 1.4.0 diff --git a/validation-services-parent/generic-validation-service/pom.xml b/validation-services-parent/generic-validation-service/pom.xml index 7b6411974..500f89c69 100644 --- a/validation-services-parent/generic-validation-service/pom.xml +++ b/validation-services-parent/generic-validation-service/pom.xml @@ -19,7 +19,7 @@ validation-services-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 @@ -58,11 +58,10 @@ - org.apache.pdfbox pdfbox - 2.0.24 + 2.0.26 org.digidoc4j.dss @@ -76,7 +75,7 @@ com.google.guava guava - 31.0.1-jre + 31.1-jre diff --git a/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/validator/report/GenericValidationReportBuilder.java b/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/validator/report/GenericValidationReportBuilder.java index 6eaf254a8..07e0dcb03 100644 --- a/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/validator/report/GenericValidationReportBuilder.java +++ b/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/validator/report/GenericValidationReportBuilder.java @@ -36,8 +36,10 @@ import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils; import ee.openeid.siva.validation.service.signature.policy.properties.ConstraintDefinedPolicy; import ee.openeid.siva.validation.util.CertUtil; +import ee.openeid.siva.validation.util.DistinguishedNameUtil; import ee.openeid.siva.validation.util.SubjectDNParser; import ee.openeid.validation.service.generic.validator.TokenUtils; +import eu.europa.esig.dss.diagnostic.AbstractTokenProxy; import eu.europa.esig.dss.diagnostic.CertificateRevocationWrapper; import eu.europa.esig.dss.diagnostic.CertificateWrapper; import eu.europa.esig.dss.diagnostic.RelatedRevocationWrapper; @@ -60,6 +62,7 @@ import eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource; import eu.europa.esig.dss.validation.AdvancedSignature; import eu.europa.esig.dss.validation.executor.ValidationLevel; +import eu.europa.esig.dss.validation.reports.AbstractReports; import eu.europa.esig.dss.validation.timestamp.TimestampToken; import org.apache.commons.codec.binary.Base64; import org.apache.commons.collections4.CollectionUtils; @@ -197,7 +200,7 @@ private SignatureValidationData buildSignatureValidationData(String signatureId) signatureValidationData.setSignatureFormat(changeAndValidateSignatureFormat(dssReports.getSimpleReport().getSignatureFormat(signatureId).toString(), signatureId)); signatureValidationData.setSignatureMethod(parseSignatureMethod(signatureId)); signatureValidationData.setSignatureLevel(dssReports.getSimpleReport().getSignatureQualification(signatureId).name()); - signatureValidationData.setSignedBy(parseSubjectDistinguishedName(signatureId).getCommonName()); + signatureValidationData.setSignedBy(parseSignedBy(signatureId)); signatureValidationData.setSubjectDistinguishedName(parseSubjectDistinguishedName(signatureId)); signatureValidationData.setClaimedSigningTime(parseClaimedSigningTime(signatureId)); signatureValidationData.setSignatureScopes(parseSignatureScopes(signatureId)); @@ -356,6 +359,22 @@ private String getSignatureId(String signatureId) { return signatureId; } + private String parseSignedBy(String signatureId) { + return Optional.ofNullable(dssReports) + .map(AbstractReports::getDiagnosticData) + .map(diagnosticData -> diagnosticData.getSignatureById(signatureId)) + .map(AbstractTokenProxy::getSigningCertificate) + .map(signingCertificate -> Optional + .ofNullable(DistinguishedNameUtil.getSurnameAndGivenNameAndSerialNumber( + signingCertificate.getSurname(), + signingCertificate.getGivenName(), + signingCertificate.getSubjectSerialNumber() + )) + .orElseGet(signingCertificate::getCommonName) + ) + .orElseGet(ReportBuilderUtils::valueNotPresent); + } + private SubjectDistinguishedName parseSubjectDistinguishedName(String signatureId) { CertificateWrapper signingCertificate = dssReports.getDiagnosticData().getSignatureById(signatureId).getSigningCertificate(); diff --git a/validation-services-parent/pom.xml b/validation-services-parent/pom.xml index 2b39288b9..1500b8950 100644 --- a/validation-services-parent/pom.xml +++ b/validation-services-parent/pom.xml @@ -19,7 +19,7 @@ siva ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 pom @@ -97,7 +97,7 @@ org.cryptacular cryptacular - 1.2.4 + 1.2.5 com.fasterxml.jackson.core diff --git a/validation-services-parent/timemark-container-validation-service/pom.xml b/validation-services-parent/timemark-container-validation-service/pom.xml index 8d94fd703..9145bb6a4 100644 --- a/validation-services-parent/timemark-container-validation-service/pom.xml +++ b/validation-services-parent/timemark-container-validation-service/pom.xml @@ -18,7 +18,7 @@ validation-services-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 @@ -51,7 +51,7 @@ org.apache.pdfbox pdfbox - 2.0.24 + 2.0.26 org.apache.santuario diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java index b8c9e6f2e..fc786b3b9 100644 --- a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java @@ -22,6 +22,7 @@ import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils; import ee.openeid.siva.validation.service.signature.policy.properties.ValidationPolicy; import ee.openeid.siva.validation.util.CertUtil; +import ee.openeid.siva.validation.util.DistinguishedNameUtil; import eu.europa.esig.dss.diagnostic.DiagnosticData; import eu.europa.esig.dss.diagnostic.SignatureWrapper; import eu.europa.esig.dss.diagnostic.TimestampWrapper; @@ -48,6 +49,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -171,7 +173,7 @@ private SignatureValidationData createSignatureValidationData(Signature signatur signatureValidationData.setSignatureFormat(getSignatureFormat(signature.getProfile())); signatureValidationData.setSignatureMethod(signature.getSignatureMethod()); signatureValidationData.setSignatureLevel(getSignatureLevel(signature)); - signatureValidationData.setSignedBy(removeQuotes(signature.getSigningCertificate().getSubjectName(CN))); + signatureValidationData.setSignedBy(parseSignedBy(signature.getSigningCertificate())); signatureValidationData.setSubjectDistinguishedName(parseSubjectDistinguishedName(signature.getSigningCertificate())); signatureValidationData.setErrors(getErrors(signature)); signatureValidationData.setSignatureScopes(getSignatureScopes(signature, dataFilenames)); @@ -186,6 +188,18 @@ private SignatureValidationData createSignatureValidationData(Signature signatur return signatureValidationData; } + private String parseSignedBy(X509Cert signingCertificate) { + return Optional.ofNullable(signingCertificate) + .flatMap(certificate -> Optional + .ofNullable(certificate.getX509Certificate()) + .map(DistinguishedNameUtil::getSubjectSurnameAndGivenNameAndSerialNumber) + .or(() -> Optional + .ofNullable(certificate.getSubjectName(CN)) + .map(this::removeQuotes)) + ) + .orElseGet(ReportBuilderUtils::valueNotPresent); + } + private SubjectDistinguishedName parseSubjectDistinguishedName(X509Cert signingCertificate) { String serialNumber = signingCertificate.getSubjectName(X509Cert.SubjectName.SERIALNUMBER); String commonName = signingCertificate.getSubjectName(CN); diff --git a/validation-services-parent/timestamptoken-validation-service/pom.xml b/validation-services-parent/timestamptoken-validation-service/pom.xml index 28ccdcb29..f51d00c15 100644 --- a/validation-services-parent/timestamptoken-validation-service/pom.xml +++ b/validation-services-parent/timestamptoken-validation-service/pom.xml @@ -19,7 +19,7 @@ validation-services-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/validation-services-parent/tsl-loader/pom.xml b/validation-services-parent/tsl-loader/pom.xml index 9504fd82e..657f8b78c 100644 --- a/validation-services-parent/tsl-loader/pom.xml +++ b/validation-services-parent/tsl-loader/pom.xml @@ -19,7 +19,7 @@ validation-services-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/validation-services-parent/validation-commons/pom.xml b/validation-services-parent/validation-commons/pom.xml index 7060d65c2..cbf24c445 100644 --- a/validation-services-parent/validation-commons/pom.xml +++ b/validation-services-parent/validation-commons/pom.xml @@ -19,7 +19,7 @@ validation-services-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 diff --git a/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/DistinguishedNameUtil.java b/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/DistinguishedNameUtil.java new file mode 100644 index 000000000..a40aa429a --- /dev/null +++ b/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/DistinguishedNameUtil.java @@ -0,0 +1,181 @@ +/* + * Copyright 2022 Riigi Infosüsteemide Amet + * + * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * + * https://joinup.ec.europa.eu/software/page/eupl + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence is + * distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and limitations under the Licence. + */ + +package ee.openeid.siva.validation.util; + +import lombok.AccessLevel; +import lombok.NoArgsConstructor; +import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.x500.AttributeTypeAndValue; +import org.bouncycastle.asn1.x500.RDN; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.style.BCStyle; +import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.List; +import java.util.Objects; + +@NoArgsConstructor(access = AccessLevel.PRIVATE) +public final class DistinguishedNameUtil { + + /** + * Extracts subject distinguished name from X-509 certificate. + * + * @param certificate the certificate to extract subject distinguished name from + * + * @return subject distinguished name + * + * @throws IllegalArgumentException if parsing the certificate fails + */ + public static X500Name getSubjectDistinguishedName(X509Certificate certificate) { + try { + return new JcaX509CertificateHolder(certificate).getSubject(); + } catch (CertificateEncodingException e) { + throw new IllegalArgumentException("Certificate encoding error", e); + } + } + + /** + * Extracts the value of the first field from the certificate's subject distinguished name + * that matches the specified object identifier, or {@code null} if no such field is found. + * + * @param certificate the certificate to extract the subject distinguished name field from + * @param oid the object identifier of the field to extract + * + * @return the specified subject distinguished name field or {@code null} + * + * @see #getSubjectDistinguishedName(X509Certificate) + * @see #getDistinguishedNameValueByOid(X500Name, ASN1ObjectIdentifier) + */ + public static String getSubjectDistinguishedNameValueByOid(X509Certificate certificate, ASN1ObjectIdentifier oid) { + return getDistinguishedNameValueByOid(getSubjectDistinguishedName(certificate), oid); + } + + /** + * Extracts the value of the first field from the specified distinguished name + * that matches the specified object identifier, or {@code null} if no such field is found. + * + * @param distinguishedName the distinguished name to extract the field from + * @param oid the object identifier of the field to extract + * + * @return the specified distinguished name field or {@code null} + */ + public static String getDistinguishedNameValueByOid(X500Name distinguishedName, ASN1ObjectIdentifier oid) { + for (RDN rdn : distinguishedName.getRDNs(oid)) { + for (AttributeTypeAndValue typeAndValue : rdn.getTypesAndValues()) { + if (oid.equals(typeAndValue.getType()) && Objects.nonNull(typeAndValue.getValue())) { + return typeAndValue.getValue().toString(); + } + } + } + + return null; + } + + /** + * Returns a comma-separated list of subject distinguished name fields surName, givenName and serialNumber + * without natural person semantics identifier, in the form of "{@code JÕEORG,JAAK-KRISTJAN,38001085718}", + * or {@code null} if any of the fields is missing. + * + * @param certificate the certificate to extract subject's surName, givenName and serialNumber from + * + * @return a comma-separated list of subject's surName, givenName and serialNumber or {@code null} + * + * @see #getSubjectDistinguishedName(X509Certificate) + * @see #getSurnameAndGivenNameAndSerialNumber(X500Name) + */ + public static String getSubjectSurnameAndGivenNameAndSerialNumber(X509Certificate certificate) { + return getSurnameAndGivenNameAndSerialNumber(getSubjectDistinguishedName(certificate)); + } + + /** + * Returns a comma-separated list of distinguished name fields surName, givenName and serialNumber + * without natural person semantics identifier, in the form of "{@code JÕEORG,JAAK-KRISTJAN,38001085718}", + * or {@code null} if any of the fields is missing. + * + * @param distinguishedName the distinguished name to extract surName, givenName and serialNumber from + * + * @return a comma-separated list of surName, givenName and serialNumber or {@code null} + * + * @see #withoutNaturalPersonSemanticsIdentifier(String) + */ + public static String getSurnameAndGivenNameAndSerialNumber(X500Name distinguishedName) { + String surname = getDistinguishedNameValueByOid(distinguishedName, BCStyle.SURNAME); + if (surname == null) { + return null; + } + + String givenName = getDistinguishedNameValueByOid(distinguishedName, BCStyle.GIVENNAME); + if (givenName == null) { + return null; + } + + String serialNumber = getDistinguishedNameValueByOid(distinguishedName, BCStyle.SERIALNUMBER); + if (serialNumber == null) { + return null; + } + + return getSurnameAndGivenNameAndSerialNumber(surname, givenName, serialNumber); + } + + /** + * Returns a comma-separated list of surName, givenName and serialNumber + * without natural person semantics identifier, in the form of "{@code JÕEORG,JAAK-KRISTJAN,38001085718}", + * or {@code null} if any of the fields is missing. + * + * @param surname the surName field + * @param givenName the givenName field + * @param serialNumber the serialNumber field, either with or without natural person semantics identifier + * + * @return a comma-separated list of surName, givenName and serialNumber or {@code null} + * + * @see #withoutNaturalPersonSemanticsIdentifier(String) + */ + public static String getSurnameAndGivenNameAndSerialNumber(String surname, String givenName, String serialNumber) { + if (surname != null && givenName != null && serialNumber != null) { + return surname + ',' + givenName + ',' + withoutNaturalPersonSemanticsIdentifier(serialNumber); + } else { + return null; + } + } + + private static final List NATURAL_IDENTITY_TYPE_REFERENCES = List.of( + "PAS", "IDC", "PNO", "TAX", "TIN" + ); + + /** + * Strips natural person semantics identifier from the serialNumber, if present. + * More information about the natural person semantics identifier can be found + * here. + * + * @param serialNumber the serialNumber to strip from natural person semantics identifier + * + * @return the serialNumber without natural person semantics identifier + */ + public static String withoutNaturalPersonSemanticsIdentifier(String serialNumber) { + if (StringUtils.length(serialNumber) > 6 && serialNumber.charAt(5) == '-') { + if (serialNumber.charAt(2) == ':' || NATURAL_IDENTITY_TYPE_REFERENCES.contains(serialNumber.substring(0, 3))) { + return serialNumber.substring(6); + } + } + + return serialNumber; + } + +} diff --git a/validation-services-parent/validation-commons/src/test/java/ee/openeid/siva/validation/util/DistinguishedNameUtilTest.java b/validation-services-parent/validation-commons/src/test/java/ee/openeid/siva/validation/util/DistinguishedNameUtilTest.java new file mode 100644 index 000000000..6b90ed1ee --- /dev/null +++ b/validation-services-parent/validation-commons/src/test/java/ee/openeid/siva/validation/util/DistinguishedNameUtilTest.java @@ -0,0 +1,154 @@ +/* + * Copyright 2022 Riigi Infosüsteemide Amet + * + * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * + * https://joinup.ec.europa.eu/software/page/eupl + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence is + * distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and limitations under the Licence. + */ + +package ee.openeid.siva.validation.util; + +import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.asn1.x500.X500Name; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; + +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.stream.Stream; + +class DistinguishedNameUtilTest { + + @ParameterizedTest(name = "[{index}] \"{0}\" -> \"{1}\"") + @MethodSource("prefixedSerialNumberAndExpectedResultPairs") + void testWithoutNaturalPersonSemanticsIdentifier(String serialNumber, String expectedResult) { + String result = DistinguishedNameUtil.withoutNaturalPersonSemanticsIdentifier(serialNumber); + Assertions.assertEquals(expectedResult, result); + } + + static Stream prefixedSerialNumberAndExpectedResultPairs() { + return Stream.of( + Arguments.arguments("PASSK-P3000180", "P3000180"), + Arguments.arguments("IDCBE-590082394654", "590082394654"), + Arguments.arguments("PNOEE-38001085718", "38001085718"), + Arguments.arguments("TAXSW-18492018423", "18492018423"), + Arguments.arguments("TINSB-3849282371", "3849282371"), + Arguments.arguments("EI:SE-200007292386", "200007292386"), + Arguments.arguments("38001085718", "38001085718"), + Arguments.arguments("12345-6789", "12345-6789"), + Arguments.arguments(StringUtils.SPACE, StringUtils.SPACE), + Arguments.arguments(StringUtils.EMPTY, StringUtils.EMPTY) + ); + } + + @ParameterizedTest(name = "[{index}] \"{0}\" -> \"{1}\"") + @MethodSource("surnameAndGivenNameAndSerialNumberInX500NameAndExpectedResultPairs") + void testGetSurnameAndGivenNameAndSerialNumberFromX500NameSucceeds(X500Name x500Name, String expectedResult) { + String result = DistinguishedNameUtil.getSurnameAndGivenNameAndSerialNumber(x500Name); + Assertions.assertEquals(expectedResult, result); + } + + static Stream surnameAndGivenNameAndSerialNumberInX500NameAndExpectedResultPairs() { + return Stream.of( + Arguments.arguments( + new X500Name("SERIALNUMBER=38001085718,GIVENNAME=JAAK-KRISTJAN,SN=JÕEORG"), + "JÕEORG,JAAK-KRISTJAN,38001085718" + ), + Arguments.arguments( + new X500Name("SERIALNUMBER=PNOEE-38001085718,GIVENNAME=JAAK-KRISTJAN,SN=JÕEORG"), + "JÕEORG,JAAK-KRISTJAN,38001085718" + ), + Arguments.arguments( + new X500Name("CN=\"JÕEORG,JAAK-KRISTJAN,38001085718\",SN=JÕEORG,GIVENNAME=JAAK-KRISTJAN,SERIALNUMBER=38001085718"), + "JÕEORG,JAAK-KRISTJAN,38001085718" + ) + ); + } + + @ParameterizedTest(name = "[{index}] \"{0}\" -> null") + @MethodSource("incompleteX500NameAndExpectedResultPairs") + void testGetSurnameAndGivenNameAndSerialNumberFromX500NameFails(X500Name x500Name) { + String result = DistinguishedNameUtil.getSurnameAndGivenNameAndSerialNumber(x500Name); + Assertions.assertNull(result); + } + + static Stream incompleteX500NameAndExpectedResultPairs() { + return Stream.of( + new X500Name("SN=JÕEORG"), + new X500Name("GIVENNAME=JAAK-KRISTJAN"), + new X500Name("SERIALNUMBER=38001085718"), + new X500Name("SERIALNUMBER=PNOEE-38001085718"), + new X500Name("SN=JÕEORG,GIVENNAME=JAAK-KRISTJAN"), + new X500Name("SN=JÕEORG,SERIALNUMBER=38001085718"), + new X500Name("SN=JÕEORG,SERIALNUMBER=PNOEE-38001085718"), + new X500Name("GIVENNAME=JAAK-KRISTJAN,SERIALNUMBER=38001085718"), + new X500Name("GIVENNAME=JAAK-KRISTJAN,SERIALNUMBER=PNOEE-38001085718"), + new X500Name("CN=\"JÕEORG,JAAK-KRISTJAN,38001085718\"") + ); + } + + @ParameterizedTest(name = "[{index}] {0} -> \"{1}\"") + @MethodSource("certificateAndExpectedSurnameGivenNameSerialNumberResultPairs") + void testGetSurnameAndGivenNameAndSerialNumberFromCertificateSucceeds(X509Certificate certificate, String expectedResult) { + String result = DistinguishedNameUtil.getSubjectSurnameAndGivenNameAndSerialNumber(certificate); + Assertions.assertEquals(expectedResult, result); + } + + static Stream certificateAndExpectedSurnameGivenNameSerialNumberResultPairs() { + return Stream.of( + Arguments.arguments( + loadCertificate("src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer"), + "JÕEORG,JAAK-KRISTJAN,38001085718" + ), + Arguments.arguments( + loadCertificate("src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer"), + "O’CONNEŽ-ŠUSLIK TESTNUMBER,MARY ÄNN,60001013739" + ), + Arguments.arguments( + loadCertificate("src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer"), + "O’CONNEŽ-ŠUSLIK TESTNUMBER,MARY ÄNN,60001016970" + ), + Arguments.arguments( + loadCertificate("src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer"), + "ŽÕRINÜWŠKY,MÄRÜ-LÖÖZ,11404176865" + ) + ); + } + + @ParameterizedTest(name = "[{index}] {0} -> null") + @MethodSource("certificatesNotSupportingSurnameAndGivenNameAndSerialNumberLists") + void testGetSurnameAndGivenNameAndSerialNumberFromCertificateFails(X509Certificate certificate) { + String result = DistinguishedNameUtil.getSubjectSurnameAndGivenNameAndSerialNumber(certificate); + Assertions.assertNull(result); + } + + static Stream certificatesNotSupportingSurnameAndGivenNameAndSerialNumberLists() { + return Stream.of( + loadCertificate("src/test/resources/certificates/innovaatik_b4b.cer") + ); + } + + static X509Certificate loadCertificate(String path) { + try (InputStream in = new FileInputStream(path)) { + CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + return (X509Certificate) certificateFactory.generateCertificate(in); + } catch (CertificateException | IOException e) { + throw new IllegalStateException("Failed to load certificate: " + path, e); + } + } + +} \ No newline at end of file diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer new file mode 100644 index 000000000..8420642ac --- /dev/null +++ b/validation-services-parent/validation-commons/src/test/resources/certificates/J_EORG_JAAK_KRISTJAN_38001085718.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID6jCCA02gAwIBAgIQR+qcVFxYF1pcSy/QGEnMVjAKBggqhkjOPQQDBDBgMQsw +CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh +DA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4X +DTE5MDEyNTE1NDgzMVoXDTI0MDEyNTIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAo +BgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UE +BAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5P +RUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATbyCq95SWCQTr+ +b5MXxRLTHYHJHCgaLornlrF9j+q6aFCDFLgoNv70yw/sHYp2FQ0yRywG2vFwDCLA +5vACPLSVPGyOvYx7fiX84uSpPo6fcNlwQ25coNfpUIIuh+T6MwujggGrMIIBpzAJ +BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGQDBIBgNVHSAEQTA/MDIGCysGAQQBg5Eh +AQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAJBgcEAIvs +QAECMB0GA1UdDgQWBBTIgEaf0wSPZSWihjLuyTNmzm4DWzCBigYIKwYBBQUHAQME +fjB8MAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwUQYG +BACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRpdGlv +bnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAfBgNVHSMEGDAWgBTAhJkp +xE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0 +dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRw +Oi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQD +BAOBigAwgYYCQSPBHYO2O/aLmr+vqMlESJrIY3gdtWni8hd4phIl5fR3uiQaQvtN +eGBIzrGvdqgRJmYg+HvskQb/Laq7Xjp+cgqkAkEX9+x/S3H/S/+n/nogfgRSP5JC +wYAw02zTRL3MKLpZ1AOf8i1iGvpHI9S6iyXcDhh6hM8slDg7EK3KyNwfkMLh5A== +-----END CERTIFICATE----- diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer new file mode 100644 index 000000000..bbce0b991 --- /dev/null +++ b/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001013739.cer @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGuDCCBKCgAwIBAgIQbsALi4xUxPdggr2EPjoVJjANBgkqhkiG9w0BAQsFADBr +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNU +RUlELVNLIDIwMTUwIBcNMjEwNDIzMTIyODUyWhgPMjAzMDEyMTcyMzU5NTlaMIGf +MQswCQYDVQQGEwJFRTE9MDsGA1UEAww0T+KAmUNPTk5Fxb0txaBVU0xJSyBURVNU +TlVNQkVSLE1BUlkgw4ROTiw2MDAwMTAxMzczOTEnMCUGA1UEBAweT+KAmUNPTk5F +xb0txaBVU0xJSyBURVNUTlVNQkVSMRIwEAYDVQQqDAlNQVJZIMOETk4xFDASBgNV +BAUTCzYwMDAxMDEzNzM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +r8Gtz4AS8HoY2UpUvD9/OxJzymnvSTR5LKcG7+rLdXszEgdyRCy0sHg1yRseZgXu +XQsAG/IGKQFUOBND6LAD2Puv+wk4HenB7EZmeiDQzdKGE3CoRz+UU+zz8EqQTzZi +l85R7kK1oDi3b1RtB4flELSQ38ufeOFAli97K2hhYGVtPDOcJIbz4jej4UqQnY80 +Ma+5niQxsN9pf2W/Fe2r7TMtqmo+aKbaWMr3uLESbPGpiffetcWnllmLQR2lcx2w +aHXp3XeUQXHBbtO0oypaxpgDTcRBLH3ZGuElj0KGfXqRaO6dwOjjHG5G8+Tzvy/2 +pvGuqbr9RvcH3QMmG1mEswIDAQABo4ICHzCCAhswCQYDVR0TBAIwADAOBgNVHQ8B +Af8EBAMCBkAwdQYDVR0gBG4wbDBfBgorBgEEAc4fAwEDMFEwHgYIKwYBBQUHAgIw +EgwQT25seSBmb3IgVEVTVElORzAvBggrBgEFBQcCARYjaHR0cHM6Ly93d3cuc2su +ZWUvcmVwb3NpdG9vcml1bS9DUFMwCQYHBACL7EABAjAdBgNVHQ4EFgQUNGA6HJQi +W4kukHbhN6CmD0Js1McwgYoGCCsGAQUFBwEDBH4wfDAIBgYEAI5GAQEwCAYGBACO +RgEEMFEGBgQAjkYBBTBHMEUWP2h0dHBzOi8vc2suZWUvZW4vcmVwb3NpdG9yeS9j +b25kaXRpb25zLWZvci11c2Utb2YtY2VydGlmaWNhdGVzLxMCRU4wEwYGBACORgEG +MAkGBwQAjkYBBgEwHwYDVR0jBBgwFoAUScDyRDll1ZtGOw04YIOx1i0ohqYwgYMG +CCsGAQUFBwEBBHcwdTAsBggrBgEFBQcwAYYgaHR0cDovL2FpYS5kZW1vLnNrLmVl +L2VzdGVpZDIwMTUwRQYIKwYBBQUHMAKGOWh0dHBzOi8vc2suZWUvdXBsb2FkL2Zp +bGVzL1RFU1Rfb2ZfRVNURUlELVNLXzIwMTUuZGVyLmNydDA0BgNVHR8ELTArMCmg +J6AlhiNodHRwczovL2Muc2suZWUvdGVzdF9lc3RlaWQyMDE1LmNybDANBgkqhkiG +9w0BAQsFAAOCAgEAn5yOThHC3o+qywote9HYZz6TgGUin606KONrUcbsP9UMZwKF +HhQBAZE9ycJ3iOIKtEk0VlH5vwL0MvyY26VyHgkprozEcX5OCQKBCTn/ZKR+IIXQ +wNT0ZadQHTAuCLidHH9bI4/CofTWtr6udYezmQs7FIXbcazQ6cgkb937HulVHt4x +IDZ8kp9oUaqbpUfCSu5zOspQRM2ih0MshPmZvkS9qeFgbkTD0D+RPccxV7jjHCbH +xjHzYNFrq2JJuKacxx/OR12KGKOtcGlYjFxWl18MJ/n3tvoEcWaXKtPZ+BmStbPH +RFb29fkSIWtEzFRSbbLYeHkC53m8lWQ4kXhMJ10aZs9nXRVJ0I4/wMjZTpO6lMkq +Exm77nyycxPv3glJWssFp5LEKgJKxWt2aT9ihHypqEPVjBZGfppFOJT81gxLLF0k +MVxnRqpNbi/1thY5IIxFgGzxIHJlIMuw/HECMJ+/n19dF+Z8tqCoxhNxEQm409jR +v6/RsRhtQ5IIY0PR8eL5xzwgET5BWy5AjUtzGeQsEiywY9+kNfLgv0GQsdfiyhyG +z5oX/8t9AlntTTLpUdWRs4IU3M1yLV2qxc/zAyXRZYJ5nbkwg1oR3wttTYcQ+uFk +0qCoYsLHPmNmFGYZrt00lbulpieIS/YGdFmdtQn7vip/y7LOGEU02m84Lpo= +-----END CERTIFICATE----- diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer new file mode 100644 index 000000000..d72f07471 --- /dev/null +++ b/validation-services-parent/validation-commons/src/test/resources/certificates/O_CONNE_USLIK_TESTNUMBER_MARY_NN_60001016970.cer @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF7TCCA9WgAwIBAgIQWzVMMHSNjKlgLOaOHI80yzANBgkqhkiG9w0BAQsFADBr +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNU +RUlELVNLIDIwMTUwIBcNMjEwMjE3MDk0OTAyWhgPMjAzMDEyMTcyMzU5NTlaMIGf +MQswCQYDVQQGEwJFRTE9MDsGA1UEAww0T+KAmUNPTk5Fxb0txaBVU0xJSyBURVNU +TlVNQkVSLE1BUlkgw4ROTiw2MDAwMTAxNjk3MDEnMCUGA1UEBAweT+KAmUNPTk5F +xb0txaBVU0xJSyBURVNUTlVNQkVSMRIwEAYDVQQqDAlNQVJZIMOETk4xFDASBgNV +BAUTCzYwMDAxMDE2OTcwMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOwJrrlh5 +ZbsvpgMJNJxpTuCkponBjBIhOu8z8OBTQOI2iIWbj3UibfIzXq74vtac040JsPmK +zVYwYMG+dpv50KOCAh8wggIbMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgZAMHUG +A1UdIARuMGwwXwYKKwYBBAHOHwMBAzBRMB4GCCsGAQUFBwICMBIMEE9ubHkgZm9y +IFRFU1RJTkcwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRv +b3JpdW0vQ1BTMAkGBwQAi+xAAQIwHQYDVR0OBBYEFHOLcRMj+jKDO0FbHgwVTsKl +BOwFMIGKBggrBgEFBQcBAwR+MHwwCAYGBACORgEBMAgGBgQAjkYBBDBRBgYEAI5G +AQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1m +b3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMBMGBgQAjkYBBjAJBgcEAI5GAQYB +MB8GA1UdIwQYMBaAFEnA8kQ5ZdWbRjsNOGCDsdYtKIamMIGDBggrBgEFBQcBAQR3 +MHUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE1 +MEUGCCsGAQUFBzAChjlodHRwczovL3NrLmVlL3VwbG9hZC9maWxlcy9URVNUX29m +X0VTVEVJRC1TS18yMDE1LmRlci5jcnQwNAYDVR0fBC0wKzApoCegJYYjaHR0cHM6 +Ly9jLnNrLmVlL3Rlc3RfZXN0ZWlkMjAxNS5jcmwwDQYJKoZIhvcNAQELBQADggIB +AJqY/7FokQfuqmAZlPD1uVkfr31HEREtP+vIx6D+LvnmWkT0yneiNdgU5Wf9YqB7 +jsWd8LYsmPx/jEMOfm+vRJLEVZERsNGdKa/23lRSLHwfzWDy2MYaggfsODoDNnsC ++/uEy9h+1nIXYytpDha5vHdx4j6cEiKTj/HChVy/ezp6qCyEWOKnnDaTjL79xXrG +LooURRi3VPGZKSHj3wEBtYBn/kJGjPFuN88TTByal5L5ZR5R4b07Z5YDr3gdAY5+ +yJYGiOBKx9Erj3PraHZ8kAvTiZsUUnCbaa9VwlKt2wO1Y84IcoQlNFbQFFMqIXP7 +ffXW6vkGwNKm1PcV2STyGakSV7ukHY/VeWaInLuEaRwQ2gulmIbwllQmOysmid7O +iH+GHxBEq2dgj0CaP9l2Bjmro/JOsuQxBRvq4AdVW1TbLNFnC3cwZk+ZbfQMtZ4W +YPoOZRGvmTM2ylKT1WnoSZ1HZ7aS5yS3RB+ATVVOkTF1xp55ItbPlo9Gk+4+w3zT +4VoA91HWp7mN2Lo1zqeICrL+6xUUeHLaGnq6757T/RNaWuXWvNG0uXzKZ8NWuTPy +zrCFWZFNhUsXiTNOaXJ2nftMtFcv5+5YE5YqvMNp1SIPuPHLpsjllT5jRFYsGbmT +dRPh89fObKh8MwWrSV45TxokwbD0t88oJ7pIOMFvv+dp +-----END CERTIFICATE----- diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer new file mode 100644 index 000000000..5ed563bce --- /dev/null +++ b/validation-services-parent/validation-commons/src/test/resources/certificates/_RIN_W_KY_M_R_L_Z_11404176865.cer @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFrjCCA5agAwIBAgIQUwvkG7xZfERXDit8E7z6DDANBgkqhkiG9w0BAQsFADBr +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNU +RUlELVNLIDIwMTUwHhcNMTYwNDEzMTEyMDI4WhcNMjEwNDEyMjA1OTU5WjCBtDEL +MAkGA1UEBhMCRUUxDzANBgNVBAoMBkVTVEVJRDEaMBgGA1UECwwRZGlnaXRhbCBz +aWduYXR1cmUxMTAvBgNVBAMMKMW9w5VSSU7DnFfFoEtZLE3DhFLDnC1Mw5bDllos +MTE0MDQxNzY4NjUxFzAVBgNVBAQMDsW9w5VSSU7DnFfFoEtZMRYwFAYDVQQqDA1N +w4RSw5wtTMOWw5ZaMRQwEgYDVQQFEwsxMTQwNDE3Njg2NTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAJrWrja4BY6nlDXf/46So37NcJoDAB8d6pZr2XxM +4cCv3MqAKAuf8oew38jc+/20oBiMo9bSWfTrjCtunuyJxBi6/xX1SwXqXpCIcAeA +tL8SA4NRuWQGEFxGRJtPUNpzVkiIBI5u+yENpxvGFOW7777u0E7E3p/Jx6Y6HflI +CQPm48zjzeBytJ+m6v6EdObnOpeJtusaZ+Yg/hmrCRRgJeRtnjJIw5LmLrjqm185 +BFtgwFH0J8iAr18FSua5yLP343s4vZx8np1NqmdJrlHt5IjX2D3+QAObJmh/U+id +oNdThlJlst/cj5/y496vR+PhSWIWzqv//xYH41qIkXDjD+UCAwEAAaOCAQIwgf8w +CQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwOwYDVR0gBDQwMjAwBgkrBgEEAc4f +AwEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvY3BzMB0GA1UdDgQW +BBQ27kyYhup5RKLxTM1gxY+BDz/N0jAiBggrBgEFBQcBAwQWMBQwCAYGBACORgEB +MAgGBgQAjkYBBDAfBgNVHSMEGDAWgBRJwPJEOWXVm0Y7DThgg7HWLSiGpjBBBgNV +HR8EOjA4MDagNKAyhjBodHRwOi8vd3d3LnNrLmVlL2NybHMvZXN0ZWlkL3Rlc3Rf +ZXN0ZWlkMjAxNS5jcmwwDQYJKoZIhvcNAQELBQADggIBAHUUiGcIgXB3INd78mGF +yIz+u8+TLPON0va0mRuugy1TEH0eWZqNhv2+7vvzd8CLoOp4aHrUwvx7zGaND/bO +w4dC1dO5zsXh1EziNAfaNqzYP2QQ4BckqZeGl0+d7OVyP5/HgZOYI90qYLvkjWSn +eSFXZ2BN8Jku6l0dUnhsQqCoLKl0j4F+1u+GwC9pjzm2aVoYRs3CcNgkAa1O3SKK +9PXpz/chFE1dfvT8xPagroVkzDCZ4o6Rp+8OPBPYacQhdIH6DyagPcbdKz1S0EC8 +q+7qm1C8bM05oyYfkoBLU6afgRGHcpRMFQRBnsu7o1LQIMsRF5dWWTqL4FLLw6iF +exZA6z3HMilu+yolLxURaD3oWMcWzLKi0Ic88T8LNyz5ksWDDZXAoso0ZDTAh/Da +FEdeQs9MnOkGzrvswrEG2MUs33XHhp988TWgRQGAJU/JZQR057I/UxfikYRhZ5oM +7qPBy4oDh3VlhMsY5yHuK400Xi202xoXVS+VG33xB7KCvbwuemZSlVewxTX0ZJg5 +qTcwIXRMlsWffqyVWpnxjnvWmqO01nrbgjlpBAbDDT2R/JXPOjVpgjhQGEmNmVj3 +OvfjvLlXXP7CZ4Vxwxy0aBPPvVHoyWjFycsqm4EFGSGkcB17NcP3dlj7ZwloBobg +ittrqXcLf8qik7sGgHnaa7Cc +-----END CERTIFICATE----- diff --git a/validation-services-parent/validation-commons/src/test/resources/certificates/innovaatik_b4b.cer b/validation-services-parent/validation-commons/src/test/resources/certificates/innovaatik_b4b.cer new file mode 100644 index 000000000..c77ea210b --- /dev/null +++ b/validation-services-parent/validation-commons/src/test/resources/certificates/innovaatik_b4b.cer @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIQfwGW2oazzwRRG2TKZu8AdjANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxMTEYMBYGCSqGSIb3DQEJ +ARYJcGtpQHNrLmVlMB4XDTEzMDIxMzEwMDI1MFoXDTE4MDIxMjEwMDI1MFowgZ4x +ITAfBgkqhkiG9w0BCQEWEmluZm9AaW5ub3ZhYXRpay5lZTERMA8GA1UEBRMIMTE0 +Mzk5NjMxCzAJBgNVBAYTAkVFMREwDwYDVQQIEwhUYXJ0dW1hYTEOMAwGA1UEBxMF +VGFydHUxHTAbBgNVBAoUFElubm92YWF0aWsgR3J1cHAgT8OcMRcwFQYDVQQDEw5p +bm5vdmFhdGlrLWI0YjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL+cSVDC2hvi +MH5MU+weip56pQCj4d4ga1X29y2b83StoC8nxMGSTLogEDgXCJJHvA4u/BwMUsyO +1Qyb5tO+ckKjggFcMIIBWDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGQDCBmQYD +VR0gBIGRMIGOMIGLBgorBgEEAc4fAwIBMH0wWAYIKwYBBQUHAgIwTB5KAEEAaQBu +AHUAbAB0ACAAdABlAHMAdABpAG0AaQBzAGUAawBzAC4AIABPAG4AbAB5ACAAZgBv +AHIAIAB0AGUAcwB0AGkAbgBnAC4wIQYIKwYBBQUHAgEWFWh0dHA6Ly93d3cuc2su +ZWUvY3BzLzAdBgNVHQ4EFgQU69eHyJ8FdiT19pNl7PRz6W9lXL4wGAYIKwYBBQUH +AQMEDDAKMAgGBgQAjkYBATAfBgNVHSMEGDAWgBRBtv7FsbG0UxOM+vpi0DRtbSI0 +CjBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkv +Y3Jscy90ZXN0X2VzdGVpZDIwMTEuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAf03Jr +AfrBqZNaozt++8g2qAR2dJWvCBgVZtGbuK80y3As0UFzVEndZsyhF79N4epRR70M +WWt2MhNWUh2zy0nDFsIe7bSfcltxbtMeKccr6ItsJcEOPqMCQ5O0qaOs89+e8wIi +y/Q5n+NMYw4lMpoVkpLWM8G4XxwRB1K88YEadwjmhVqCJ44m8DD4+YhRjdTFIdNV +cJD/cEBI+HGkI+5+g8irCSxzC5MWRQLrS0+8noac3XJfGSC4l4xGDnMI8t454vbt +Pud5c+vpen8iyfyvPd/d8W1k+43xdfgK+lBytxcd1E4V7iUEuYhRdkAFqesKoC7R +xgn6DbdnEruWw4Vn +-----END CERTIFICATE----- diff --git a/validation-services-parent/xroad-validation-service/pom.xml b/validation-services-parent/xroad-validation-service/pom.xml index aced3438d..bb553f00a 100644 --- a/validation-services-parent/xroad-validation-service/pom.xml +++ b/validation-services-parent/xroad-validation-service/pom.xml @@ -20,7 +20,7 @@ validation-services-parent ee.openid.siva - 3.5.2 + 3.5.3 4.0.0 @@ -79,7 +79,7 @@ org.zeroturnaround zt-zip - 1.14 + 1.15 jar @@ -99,7 +99,7 @@ co.elastic.logging logback-ecs-encoder - 1.3.2 + 1.4.0 @@ -157,7 +157,7 @@ org.apache.maven.plugins maven-antrun-plugin - 3.0.0 + 3.1.0 repack