Release version 6.0

README.md

@@ -48,22 +48,23 @@ See https://ebourg.github.io/jsign for more information.
 
 ## Changes
 
-#### Version 5.1 (in development)
+#### Version 6.0 (2024-01-17)
+
 * Signing of APPX/MSIX packages has been implemented (thanks to Maciej Panek for the help)
 * Signing of Microsoft Dynamics 365 extension packages has been implemented
 * PIV cards are now supported with the new `PIV` storetype
 * SafeNet eToken support has been improved with automatic PKCS#11 configuration using the new `ETOKEN` storetype
 * The certificate chain in the file specified by the `certfile` parameter can now be in any order
 * VBScript, JScript and PowerShell XML files without byte order marks are now parsed as Windows-1252 instead of ISO-8859-1
-* The 'keystore' parameter can now be specified with the 'OPENPGP' storetype to distinguish between multiple connected devices
+* The `keystore` parameter can now be specified with the `OPENPGP` storetype to distinguish between multiple connected devices
 * The format detection based on the file extension is now case insensitive (contributed by Mathieu Delrocq)
 * Only one call to the Google Cloud API is performed when the version of the key is specified in the alias parameter
 * JVM arguments can now be passed using the `JSIGN_OPTS` environment variable
 * API changes:
   * New `net.jsign.jca.JsignJcaProvider` JCA security provider to be used with other signing tools such as jarsigner
   * The signature can be removed by setting a null signature on the `Signable` object
   * `Signable.computeDigest(MessageDigest)` has been replaced by `Signable.computeDigest(DigestAlgorithm)`
-  * The value of the `http.agent` system property is now appended to the user agent string set when calling REST services
+  * The value of the `http.agent` system property is now appended to the User-Agent header when calling REST services
   * `AuthenticodeSigner` sets the security provider automatically if the keystore used is backed by a PKCS#11 token or a cloud service
   * `AmazonSigningService` now supports dynamic credentials
 * Upgraded BouncyCastle to 1.77

docs/index.html

@@ -91,7 +91,7 @@ <h3 id="ant">Ant Task</h3>
 <p>Here is an example showing how the signing works with Ant, using a Java keystore:</p>
 
 <pre class="prettyprint lang-xml">
- &lt;taskdef name="jsign" classname="net.jsign.JsignTask" classpath="jsign-5.0.jar"/>
+ &lt;taskdef name="jsign" classname="net.jsign.JsignTask" classpath="jsign-6.0.jar"/>
 
  &lt;jsign file="application.exe"
         name="My Application"
@@ -298,7 +298,7 @@ <h3 id="maven">Maven plugin</h3>
         &lt;plugin>
           &lt;groupId>net.jsign&lt;/groupId>
           &lt;artifactId>jsign-maven-plugin&lt;/artifactId>
-          &lt;version>5.0&lt;/version>
+          &lt;version>6.0&lt;/version>
           &lt;executions>
             &lt;execution>
               &lt;goals>
@@ -385,7 +385,7 @@ <h3 id="gradle">Gradle plugin</h3>
 
 <pre class="prettyprint lang-groovy">
     plugins {
-        id 'net.jsign' version '5.0'
+        id 'net.jsign' version '6.0'
     }
 
     task sign {
@@ -405,7 +405,7 @@ <h3 id="gradle">Gradle plugin</h3>
 
 <pre class="prettyprint lang-kotlin">
     plugins {
-        id("net.jsign") version "5.0"
+        id("net.jsign") version "6.0"
     }
 
     task("sign") {
@@ -427,8 +427,8 @@ <h3 id="cli">Command Line Tool</h3>
 <p>Jsign can also be used as a command line tool, packages are available for various systems:</p>
 
 <ul>
-  <li><a href="https://github.com/ebourg/jsign/releases/download/5.0/jsign_5.0_all.deb">DEB package</a> (Debian/Ubuntu)</li>
-  <li><a href="https://github.com/ebourg/jsign/releases/download/5.0/jsign-5.0-1.noarch.rpm">RPM package</a> (RedHat/Fedora)</li>
+  <li><a href="https://github.com/ebourg/jsign/releases/download/6.0/jsign_6.0_all.deb">DEB package</a> (Debian/Ubuntu)</li>
+  <li><a href="https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0-1.noarch.rpm">RPM package</a> (RedHat/Fedora)</li>
   <li><a href="https://community.chocolatey.org/packages/jsign/">Chocolatey package</a> (Windows)</li>
   <li><a href="https://formulae.brew.sh/formula/jsign">Homebrew package</a> (macOS/Linux)</li>
 </ul>
@@ -439,7 +439,7 @@ <h3 id="cli">Command Line Tool</h3>
 
 <p>On other systems the command line is invoked by running the jar with:</p>
 
-<pre> java -jar jsign-5.0.jar [OPTIONS] [FILE]...</pre>
+<pre> java -jar jsign-6.0.jar [OPTIONS] [FILE]...</pre>
 
 <p>The parameters expected are the same as those used by the Ant task:</p>
 
@@ -717,7 +717,7 @@ <h3 id="api">API</h3>
     &lt;dependency>
       &lt;groupId>net.jsign&lt;/groupId>
       &lt;artifactId>jsign-core&lt;/artifactId>
-      &lt;version>5.0&lt;/version>
+      &lt;version>6.0&lt;/version>
     &lt;/dependency>
 </pre>
 
@@ -747,7 +747,7 @@ <h3 id="jca-provider">JCA security provider</h3>
 <p>With Java 11 or later the syntax looks like this:</p>
 
 <pre>
- jarsigner -J-cp -Jjsign-5.1.jar -J--add-modules -Jjava.sql \
+ jarsigner -J-cp -Jjsign-6.0.jar -J--add-modules -Jjava.sql \
            -providerClass net.jsign.jca.JsignJcaProvider \
            -providerArg &lt;keystore&gt; \
            -keystore NONE \
@@ -762,7 +762,7 @@ <h3 id="jca-provider">JCA security provider</h3>
 parameter is removed:</p>
 
 <pre>
- jarsigner -J-cp -Jjsign-5.1.jar:$JAVA_HOME/lib/tools.jar \
+ jarsigner -J-cp -Jjsign-6.0.jar:$JAVA_HOME/lib/tools.jar \
            ...
 </pre>
 
@@ -773,9 +773,9 @@ <h3 id="jca-provider">JCA security provider</h3>
 <h3 id="files">Downloads</h3>
 
 <ul>
-  <li><a href="https://github.com/ebourg/jsign/releases/download/5.0/jsign_5.0_all.deb">jsign_5.0_all.deb</a> - Jsign command line tool for Debian/Ubuntu</li>
-  <li><a href="https://github.com/ebourg/jsign/releases/download/5.0/jsign-5.0-1.noarch.rpm">jsign-5.0-1.noarch.rpm</a> - Jsign command line tool for RedHat/Fedora</li>
-  <li><a href="https://github.com/ebourg/jsign/releases/download/5.0/jsign-5.0.jar">jsign-5.0.jar</a> - Jsign Ant Task</li>
+  <li><a href="https://github.com/ebourg/jsign/releases/download/6.0/jsign_6.0_all.deb">jsign_6.0_all.deb</a> - Jsign command line tool for Debian/Ubuntu</li>
+  <li><a href="https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0-1.noarch.rpm">jsign-6.0-1.noarch.rpm</a> - Jsign command line tool for RedHat/Fedora</li>
+  <li><a href="https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar">jsign-6.0.jar</a> - Jsign Ant Task</li>
 </ul>
 
 

jsign-ant/pom.xml

@@ -6,11 +6,11 @@
   <parent>
     <groupId>net.jsign</groupId>
     <artifactId>jsign-parent</artifactId>
-    <version>5.1-SNAPSHOT</version>
+    <version>6.0</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   <name>Jsign - Authenticode signing in Java (Ant Task)</name>
-  <version>5.1-SNAPSHOT</version>
+  <version>6.0</version>
   <packaging>jar</packaging>
 
   <dependencies>

jsign-cli/pom.xml

@@ -6,11 +6,11 @@
   <parent>
     <groupId>net.jsign</groupId>
     <artifactId>jsign-parent</artifactId>
-    <version>5.1-SNAPSHOT</version>
+    <version>6.0</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   <name>Jsign - Authenticode signing in Java (Command Line Tool)</name>
-  <version>5.1-SNAPSHOT</version>
+  <version>6.0</version>
   <packaging>jar</packaging>
 
   <dependencies>

jsign-core/pom.xml

@@ -6,11 +6,11 @@
   <parent>
     <groupId>net.jsign</groupId>
     <artifactId>jsign-parent</artifactId>
-    <version>5.1-SNAPSHOT</version>
+    <version>6.0</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   <name>Jsign - Authenticode signing in Java (Core)</name>
-  <version>5.1-SNAPSHOT</version>
+  <version>6.0</version>
   <packaging>jar</packaging>
 
   <dependencies>

jsign-core/src/main/java/net/jsign/SafeNetEToken.java

@@ -29,7 +29,7 @@
 /**
  * Helper class for working with SafeNet eTokens.
  *
- * @since 5.1
+ * @since 6.0
  */
 class SafeNetEToken {
 

jsign-core/src/main/java/net/jsign/Signable.java

@@ -77,7 +77,7 @@ default byte[] computeDigest(MessageDigest digest) throws IOException {
      * @param digestAlgorithm the digest algorithm to use
      * @return the digest of the file
      * @throws IOException if an I/O error occurs
-     * @since 5.1
+     * @since 6.0
      */
     default byte[] computeDigest(DigestAlgorithm digestAlgorithm) throws IOException {
         return computeDigest(digestAlgorithm.getMessageDigest());

jsign-core/src/main/java/net/jsign/appx/APPXFile.java

@@ -58,7 +58,7 @@
  * APPX/MSIX package.
  *
  * @author Emmanuel Bourg
- * @since 5.1
+ * @since 6.0
  */
 public class APPXFile extends ZipFile implements Signable {
 

jsign-core/src/main/java/net/jsign/appx/CentralDirectory.java

@@ -28,7 +28,7 @@
 /**
  * Central directory of a ZIP file.
  *
- * @since 5.1
+ * @since 6.0
  */
 class CentralDirectory {
 

jsign-core/src/main/java/net/jsign/appx/CentralDirectoryFileHeader.java

@@ -51,7 +51,7 @@
  * file comment (variable size)
  * </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 class CentralDirectoryFileHeader extends ZipRecord {
 

jsign-core/src/main/java/net/jsign/appx/EndOfCentralDirectoryRecord.java

@@ -38,7 +38,7 @@
  * .ZIP file comment                                                             (variable size)
  * </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 class EndOfCentralDirectoryRecord extends ZipRecord {
 

jsign-core/src/main/java/net/jsign/appx/ExtraField.java

@@ -24,7 +24,7 @@
 /**
  * Extra field of a ZIP entry.
  *
- * @since 5.1
+ * @since 6.0
  */
 class ExtraField {
 

jsign-core/src/main/java/net/jsign/appx/LocalFileHeader.java

@@ -39,7 +39,7 @@
  * extra field length              2 bytes
  * </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 class LocalFileHeader extends ZipRecord {
 

jsign-core/src/main/java/net/jsign/appx/Zip64EndOfCentralDirectoryLocator.java

@@ -32,7 +32,7 @@
  * total number of disks                                                    4 bytes
  * </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 class Zip64EndOfCentralDirectoryLocator extends ZipRecord {
 

jsign-core/src/main/java/net/jsign/appx/Zip64EndOfCentralDirectoryRecord.java

@@ -39,7 +39,7 @@
  * zip64 extensible data sector                                                   (variable size)
  * </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 class Zip64EndOfCentralDirectoryRecord extends ZipRecord {
 

jsign-core/src/main/java/net/jsign/appx/Zip64ExtendedInfoExtraField.java

@@ -34,7 +34,7 @@
  * Number of the disk on which this file starts  4 bytes  (optional)
  * </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 class Zip64ExtendedInfoExtraField extends ExtraField {
 

jsign-core/src/main/java/net/jsign/appx/ZipFile.java

@@ -40,7 +40,7 @@
 /**
  * Simplified implementation of the ZIP file format, just good enough to add an entry to an existing file.
  *
- * @since 5.1
+ * @since 6.0
  */
 class ZipFile implements Closeable {
 

jsign-core/src/main/java/net/jsign/appx/ZipRecord.java

@@ -25,7 +25,7 @@
 /**
  * ZIP record.
  *
- * @since 5.1
+ * @since 6.0
  */
 abstract class ZipRecord {
 

jsign-core/src/main/java/net/jsign/jca/AbstractKeyStoreSpi.java

@@ -28,7 +28,7 @@
 /**
  * Base class for JCA keystore implementations.
  *
- * @since 5.1
+ * @since 6.0
  */
 abstract class AbstractKeyStoreSpi extends KeyStoreSpi {
 

jsign-core/src/main/java/net/jsign/jca/AbstractSignatureSpi.java

@@ -24,7 +24,7 @@
 /**
  * Base class for JCA signature implementations.
  *
- * @since 5.1
+ * @since 6.0
  */
 abstract class AbstractSignatureSpi extends SignatureSpi {
 

jsign-core/src/main/java/net/jsign/jca/AmazonSigningService.java

@@ -88,7 +88,7 @@ public class AmazonSigningService implements SigningService {
      * @param region           the AWS region holding the keys (for example <tt>eu-west-3</tt>)
      * @param credentials      the AWS credentials provider
      * @param certificateStore provides the certificate chain for the keys
-     * @since 5.1
+     * @since 6.0
      */
     public AmazonSigningService(String region, Supplier<AmazonCredentials> credentials, Function<String, Certificate[]> certificateStore) {
         this.certificateStore = certificateStore;

jsign-core/src/main/java/net/jsign/jca/JsignJcaProvider.java

@@ -58,7 +58,7 @@
  * signature.sign();
  * </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 public class JsignJcaProvider extends Provider {
 

jsign-core/src/main/java/net/jsign/jca/PIVCard.java

@@ -42,7 +42,7 @@
  * @see <a href="https://csrc.nist.gov/pubs/sp/800/73/4/upd1/final">NIST SP 800-73-4 Interfaces for Personal Identity Verification</a>
  * @see <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-78-5.ipd.pdf">NIST SP 800-78-5 Cryptographic Algorithms and Key Sizes for Personal Identity Verification</a>
  * @see <a href="https://docs.yubico.com/yesdk/users-manual/application-piv/commands.html">Yubikey User's Manual - PIV commands</a>
- * @since 5.1
+ * @since 6.0
  */
 class PIVCard extends SmartCard {
 

jsign-core/src/main/java/net/jsign/jca/PIVCardSigningService.java

@@ -42,7 +42,7 @@
  * Signing service using an PIV smart card. PIV cards contain up to 24 keys usable to signing,
  * along with the X.509 certificates.
  *
- * @since 5.1
+ * @since 6.0
  */
 public class PIVCardSigningService implements SigningService {
 

jsign-core/src/main/java/net/jsign/jca/ProviderService.java

@@ -23,7 +23,7 @@
 /**
  * Provider.Service implementation using a lambda expression to create the service instances.
  *
- * @since 5.1
+ * @since 6.0
  */
 class ProviderService extends Provider.Service {
 

jsign-core/src/main/java/net/jsign/jca/SmartCard.java

@@ -33,7 +33,7 @@
 /**
  * Base class for the smart card implementations.
  *
- * @since 5.1
+ * @since 6.0
  */
 abstract class SmartCard {
 

jsign-core/src/main/java/net/jsign/navx/NAVXFile.java

@@ -53,7 +53,7 @@
  * Microsoft Dynamics 365 extension package (NAVX)
  *
  * @author Emmanuel Bourg
- * @since 5.1
+ * @since 6.0
  */
 public class NAVXFile implements Signable {
 

jsign-core/src/main/java/net/jsign/navx/NAVXHeader.java

@@ -33,7 +33,7 @@
  *  signature                       4 bytes  (NAVX)
  *  </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 class NAVXHeader {
 

jsign-core/src/main/java/net/jsign/navx/NAVXSignatureBlock.java

@@ -38,7 +38,7 @@
  *  signature                       4 bytes  (NXSB)
  *  </pre>
  *
- * @since 5.1
+ * @since 6.0
  */
 class NAVXSignatureBlock {
 

jsign-core/src/main/java/net/jsign/script/Windows1252Extended.java

@@ -30,7 +30,7 @@
  * instead of turning them into a replacement character. This mimics the behavior of the Windows
  * MultiByteToWideChar function used by signtool to decode .vbs and .js files. 
  *
- * @since 5.1
+ * @since 6.0
  */
 class Windows1252Extended extends Charset {
 

jsign-gradle-plugin/example.gradle.kts

@@ -4,7 +4,7 @@ buildscript {
     }
 
     dependencies {
-        classpath("net.jsign:jsign-gradle-plugin:5.0")
+        classpath("net.jsign:jsign-gradle-plugin:6.0")
     }
 }