Releases: luisgoncalves/xades4j
Releases · luisgoncalves/xades4j
v2.2.2
v2.2.1
v2.2.0
v2.1.0
#256 - Replace javax.xml.bind with jakarta.xml.bind
#261 - Upgrade Apache Santuario (xmlsec) to version 2.3.0
- This version of xmlsec removes the local file-system and HTTP resolvers by default: https://issues.apache.org/jira/browse/SANTUARIO-573.
- If you're using using data object references that require such resolvers, use one of the following options:
- Add the resolvers to
SignedDataObjects/SignatureSpecificVerificationOptions(see this commit) - Register the resolvers directly with xmlsec using
ResourceResolver.register().
- Add the resolvers to
v2.0.0
This major release requires Java 11 and includes breaking changes and removal of deprecated classes/APIs.
For details refer to the upgrade guide.
- #242 - Refactor
PKCS11KeyStoreKeyingDataProviderfor Java 11 - #243 - Replace
AlgorithmsProviderExwithSignatureAlgorithms - #244 - Remove deprecated
BasicSignatureOptionsProvider - #245 - Improvements to
SigningCertSelector - #246 - Add a builder for
PKCS11KeyStoreKeyingDataProvider - #247 - Add a builder for
FileSystemKeyStoreKeyingDataProvider - #248 - Remove deprecated TS providers
- #249 - Improvements to the API of
PropertiesDataGenerationContext - #250 - Add a builder for
PKIXCertificateValidationProvider - #255 - Remove default TSA configuration
- #252 - Improve test assertions
v1.7.0
- #230 - Check key usage of the signer certificate during validation
- Can be disabled via
SignatureSpecificVerificationOptions.checkKeyUsage()
- Can be disabled via
- #226 - Support for
ds:Manifest- Use the newly added
EnvelopedManifestclass
- Use the newly added
- #225 - Add support for EC keys to the default algorithms provider
- By default ECDSA_SHA256 is used when an EC key is supplied
- #222 - Update Guice to version 5
v1.6.0
- #175 - Support validation of signatures without
KeyInfo. In this case, if theSigningCertificateproperty contains a single reference, it will be used to select the signing certificate during validation. - #207 - Update Apache Santuario (xmlsec) to version 2.2.0.
- This version of xmlsec includes some important bugfixes and a couple of new features that xades4j should be able to leverage, namely support for RSASSA-PSS with parameters and support for embedding elliptic curve public keys in the
KeyValueelement (allows usingBasicSignatureOptions.includePublicKey()with EC keys). For more information see Apache Santuario release notes. - Unfortunately, this version of xmlsec introduces a breaking change on the API (not behavior) due to a refactoring of
ResourceResolvers. For that reason, the following two methods of xades4j have changed in this release to acceptResourceResolverSpiinstead ofResourceResolver. Changes for consumers are minimal; just useSpiclasses directly instead of wrapping them in aResourceResolver.SignedDataObjects.withResourceResolverSignatureSpecificVerificationOptions.useResourceResolver
- This version of xmlsec includes some important bugfixes and a couple of new features that xades4j should be able to leverage, namely support for RSASSA-PSS with parameters and support for embedding elliptic curve public keys in the
- #212 - Add JAXB dependencies.
v1.5.1
v1.5.0
- #163 - New
BasicSignatureOptionsclass that replacesBasicSignatureOptionsProvider, which becomes deprecated. - #72 - Support including the full certificate chain in
KeyInfo. Controlled viaBasicSignatureOptions. - #157 - Fix issuer DN comparison failure due to different keys on name components (e.g. "E" vs. OID). Allow registration of custom symbols for DNs (experimental).
- #74 - Support presence of C14N transforms on the
SignatureValuereference when validating theCounterSignatureproperty: