Releases: luisgoncalves/xades4j
Releases · luisgoncalves/xades4j
v2.3.0
v2.2.2
- Upgrade different dependencies:
- Apache Santuario to 4.0.0
- Guice to 7.0.0
- JAXB to 4.0.X
- Upgrade tests to JUnit 5
- Multiple code cleanups
v2.2.1
v2.2.0
v2.1.0
#256 - Replace javax.xml.bind
with jakarta.xml.bind
#261 - Upgrade Apache Santuario (xmlsec) to version 2.3.0
- This version of xmlsec removes the local file-system and HTTP resolvers by default: https://issues.apache.org/jira/browse/SANTUARIO-573.
- If you're using using data object references that require such resolvers, use one of the following options:
- Add the resolvers to
SignedDataObjects
/SignatureSpecificVerificationOptions
(see this commit) - Register the resolvers directly with xmlsec using
ResourceResolver.register()
.
- Add the resolvers to
v2.0.0
This major release requires Java 11 and includes breaking changes and removal of deprecated classes/APIs.
For details refer to the upgrade guide.
- #242 - Refactor
PKCS11KeyStoreKeyingDataProvider
for Java 11 - #243 - Replace
AlgorithmsProviderEx
withSignatureAlgorithms
- #244 - Remove deprecated
BasicSignatureOptionsProvider
- #245 - Improvements to
SigningCertSelector
- #246 - Add a builder for
PKCS11KeyStoreKeyingDataProvider
- #247 - Add a builder for
FileSystemKeyStoreKeyingDataProvider
- #248 - Remove deprecated TS providers
- #249 - Improvements to the API of
PropertiesDataGenerationContext
- #250 - Add a builder for
PKIXCertificateValidationProvider
- #255 - Remove default TSA configuration
- #252 - Improve test assertions
v1.7.0
- #230 - Check key usage of the signer certificate during validation
- Can be disabled via
SignatureSpecificVerificationOptions.checkKeyUsage()
- Can be disabled via
- #226 - Support for
ds:Manifest
- Use the newly added
EnvelopedManifest
class
- Use the newly added
- #225 - Add support for EC keys to the default algorithms provider
- By default ECDSA_SHA256 is used when an EC key is supplied
- #222 - Update Guice to version 5
v1.6.0
- #175 - Support validation of signatures without
KeyInfo
. In this case, if theSigningCertificate
property contains a single reference, it will be used to select the signing certificate during validation. - #207 - Update Apache Santuario (xmlsec) to version 2.2.0.
- This version of xmlsec includes some important bugfixes and a couple of new features that xades4j should be able to leverage, namely support for RSASSA-PSS with parameters and support for embedding elliptic curve public keys in the
KeyValue
element (allows usingBasicSignatureOptions.includePublicKey()
with EC keys). For more information see Apache Santuario release notes. - Unfortunately, this version of xmlsec introduces a breaking change on the API (not behavior) due to a refactoring of
ResourceResolvers
. For that reason, the following two methods of xades4j have changed in this release to acceptResourceResolverSpi
instead ofResourceResolver
. Changes for consumers are minimal; just useSpi
classes directly instead of wrapping them in aResourceResolver
.SignedDataObjects.withResourceResolver
SignatureSpecificVerificationOptions.useResourceResolver
- This version of xmlsec includes some important bugfixes and a couple of new features that xades4j should be able to leverage, namely support for RSASSA-PSS with parameters and support for embedding elliptic curve public keys in the
- #212 - Add JAXB dependencies.
v1.5.1
v1.5.0
- #163 - New
BasicSignatureOptions
class that replacesBasicSignatureOptionsProvider
, which becomes deprecated. - #72 - Support including the full certificate chain in
KeyInfo
. Controlled viaBasicSignatureOptions
. - #157 - Fix issuer DN comparison failure due to different keys on name components (e.g. "E" vs. OID). Allow registration of custom symbols for DNs (experimental).
- #74 - Support presence of C14N transforms on the
SignatureValue
reference when validating theCounterSignature
property: