Release Notes - eSignature DSS - Version 5.10.2

This is the first release published on Maven Central: https://mvnrepository.com/artifact/eu.europa.ec.joinup.sd-dss

When upgrading to the version 5.10.2, you no longer need to specify "cefdigital" repository within pom.xml file of your project. For more information about integrating DSS to your project, please see the readme.

Bugs / Issues

• [DSS-2729] - Exception when a not supported encryption algorithm is provided
• [DSS-2885] - Fix OID extraction from XML Trusted List

Improvements / Tasks

• [DSS-2895] - DSS Version 5.10.2 Maven Central release

Release Notes - eSignature DSS - Version 5.11

Bugs / Issues

• [DSS-2839] - DSS WebApp : excluded hosts from properties file are not converted to a List
• [DSS-2859] - Simple Report - Signatures with indication INDETERMINATE/TRY_LATER are counted as valid

Improvements / Tasks

• [DSS-2834] - MRA : add unit tests for KeyUsage and PolicySet within CriteriaList
• [DSS-2837] - Use Maven Central repository for everit-json-schema dependency
• [DSS-2869] - Dependencies update

+ All the changes included in DSS 5.11.RC1.

Release Notes - eSignature DSS - Version 5.11.RC1

New features

• [DSS-2659] - ASiC : introduce ZipEntryDocument
• [DSS-2687], [DSS-2713] - ASiC : add merge capability
• [DSS-2692] - PAdES: signing app name for pades signatures
• [DSS-2716] - Demo WebApp : Add a webpage with ASiC merger possibility
• [DSS-2717] - Add a possibility to customize naming of documents within ASiC container
• [DSS-2725] - PAdESService : add new method allowing to define a custom factory to create OutputStream and DSSDocument
• [DSS-2726] - PAdES : introduce temporary document/digest caching
• [DSS-2745] - Demo : Add TL-Signing feature in the standalone
• [DSS-2767] - Demo : Add XAdES manifest feature in the standalone
• [DSS-2779] - Add manifestSignature and embedXML parameters to web-services
• [DSS-2803], [DSS-2819] - Mutual Recognition Agreement
• [DSS-2808] - Add custom qualifier for a CommitmentType

Improvements

• [DSS-2419] - memory heap error on pades signature
• [DSS-2619] - SignaturePolicyStore : add support of sigPol local URI attribute
• [DSS-2674] - CAdES : improve extension naming on signature creation
• [DSS-2732] - Cookbook 5.11 improvements
• [DSS-2748] - PAdES : improve Pdf Modification Detection
• [DSS-2754] - Simple Report - Add SignatureScope ID to SignatureScopes
• [DSS-2769] - SVC : store unsuccessful result of issuer finding
• [DSS-2787] - ETSI VR : add AdditionalValidationReportData to BBB
• [DSS-2824] - Detailed validation report - seemingly inconsistent result when thisUpdate is not in validity range

Bug fixes / Issues

• [DSS-2472] - Excess memory usage by XMLSignatureInput created in DetachedSignatureResolver::createFromCommonDocument
• [DSS-2570] - Signature not found error on PDF with XRef streams
• [DSS-2691] - addNewSignatureField adds a Default Appearance using Helvetica but doesn't embed it into the PDF
• [DSS-2697] - SVC : register POE only from valid timestamps
• [DSS-2761] - LTA signature is indeterminate because no revocations lists found
• [DSS-2712] - DSS PADES library: Secured PDF Signature
• [DSS-2729] - Exception when a not supported encryption algorithm is provided
• [DSS-2731] - JAdES : signature can be created with ECDSA algorithm using a wrong elliptic curve
• [DSS-2752] - Signature Ids in the signature scopes don't use the IdentifierBuilder
• [DSS-2772] - Only the first Qualifier is captured from a TSPService element
• [DSS-2777] - Certificate/Signature qualification determination adjustments
• [DSS-2778] - Validation for ASiC without mimetype returns FORMAT_FAILURE
• [DSS-2780] - Forbid manifest signature for an XML document with Id in the root level
• [DSS-2785] - Skipped AcceptableRevocationDataFound constraint may lead to false positive validation result

Tasks / Other

• [DSS-2393] - Demos : JUnit tests for eSignature validation test cases
• [DSS-2736] - Update cryptographic constraints according to TS 119 132 v1.4.2
• [DSS-2744] , [DSS-2822] - Upgrade OpenPdf 1.3.29
• [DSS-2756] - Upgrade PdfBox 2.0.26

Pull requests

• [#160] - PAdES: signing app name for pades signatures
• [#162] - Fix spelling issue

Release Notes - eSignature DSS - Version 5.10.1

Bugs / Issues

• [DSS-2722] - DSS-demos : NPE on PAdES sign
• [DSS-2723] - JAdESCertificateSource.getKeyIdentifierCertificates() returns complete certificate references
• [DSS-2733] - asic:XAdESSignatures element is missing in 2nd (and probably any subsequent) signature in ASiC container
• [DSS-2740] - OpenDocument does not sign mimetype and manifest.xml
• [DSS-2747] - PdfBox : avoid float conversion from COSNumber class

Tasks

• [DSS-2734] - Upgrade Spring framework
• [DSS-2746] - Jackson update to new version

Release Notes - eSignature DSS - Version 5.10

Bugs / Issues

• [DSS-2704] - Add a content timestamp checkbox ignored when signing a digest
• [DSS-2705] - DSS demo : improve exception escalating on content timestamp creation

Task

• [DSS-2709] - Review CEF links in demonstrations / cookbook

+ All the changes included in DSS 5.10.RC1.

Release Notes - eSignature DSS - Version 5.10.RC1

New features

• [DSS-2430] - Add an Apple signature token
• [DSS-2461] - Add 'user notice' to signature policy
• [DSS-2474] - PAdES : detect prohibited changes
• [DSS-2483] - SimpleReport : add timestamp signature scopes
• [DSS-2494] - Invalid signatures can be made with Revoked and Suspended certificates on level B and T
• [DSS-2532] - SAV : verify if used digest algorithm for signing-certificate reference is reliable at validation time
• [DSS-2541] - PAdES : check if a visual signature field is within page size
• [DSS-2554] - PAdES : alert on restricted signature creation
• [DSS-2645] - SVC : return possible extension time on failed signature augmentation
• [DSS-2652] - Add support for SHA-3 with PLAIN-ECDSA and ED448 signature algorithms
• [DSS-2677] - PAdES : visual signature pre-visualization

Improvements

• [DSS-2493] - PAdES : incorporate validation data with PAdESService.timestamp(...) method
• [DSS-2495] - Alignment with EN 319 412-1 v1.4.4
• [DSS-2516] - DSS XmlDefinerUtils Support factory definition
• [DSS-2521] - Validation process : move revocation processing to a separate block
• [DSS-2548] - Signature extension : ensure extension is not possible with a lower level
• [DSS-2632] - PAdES : reduce number of token builds extracted from /DSS and /VRI dictionaries
• [DSS-2501] - CAdES : include archive-tst hash algorithm to SignedData.digestAlgorithms set
• [DSS-2505] - CAdES : mime-type attribute should be present
• [DSS-2525] - Expose WebServices for TL signing
• [DSS-2529] - Enforce subFilter specific requirements for PKCS7 on SignatureLevel detection
• [DSS-2531] - ASiC : newly created manifests do not contain MimeType for signed data
• [DSS-2542] - ETSI VR : enforce validation of AttributeBaseType elements
• [DSS-2546] - Refactor ASiC Services
• [DSS-2566] - PAdES : ensure message-digest validation against byte range binaries
• [DSS-2620] - JAdESBaselineRequirementsChecker : enforce 'crit' dictionary check
• [DSS-2626] - JAdES : improve 'kid' dictionary handling
• [DSS-2628] - PDF Detailed Report : add final validation conclusion status
• [DSS-2630] - JAdES : add support for signatures containing adjacent line breaks
• [DSS-2634] - ETSI VR : define namespace prefixes according to xsd schema
• [DSS-2655] - PAdES OpenPDF Visible Signature : add support of documents with rotation
• [DSS-2661] - Improve getIssuer method
• [DSS-2670] - SVC : separate revocation freshness check between signatures and timestamps
• [DSS-2671] - Refactor RevocationFreshness constraint

Bug fixes / Issues

• [DSS-2533] - PDF/A compliance issue when a non-stroking color is used
• [DSS-2547] - WebApp : unable to sign when the used encryption algorithm is different from the one used to sign the certificate
• [DSS-2556] - XAdES : avoid NPE when XPath doesn't exists
• [DSS-2560] - Custom TokenIdentifierProvider duplicates SignerData objects in DiagnosticData
• [DSS-2568] - ASiC with XAdES : identical signatures in two different files produce the same unique id
• [DSS-2569] - Error in log when signing PDF in an ASiC-E+XAdES ([Fatal Error] :1:1: Content is not allowed in prolog.)
• [DSS-2571] - Make NativePdfBoxVisibleSignatureDrawer PDFA compabible
• [DSS-2574] - Validator warns on visual difference after adding a 2nd visible signature on a single page document
• [DSS-2575] - CMSCertificateSource nullpointer exception in extractCandidatesForSigningCertificate()
• [DSS-2577] - DSS-demonstrations : run_prettify.js transformed into relative path instead of absolute
• [DSS-2586] - Mimetype of documents always set to application/octet-stream when re-signing ASiC container
• [DSS-2587] - Signature verification report is unreliable if having multiple TrustedListsCertificateSources
• [DSS-2589] - XAdES Enveloping Signature cannot include another Envelopding XAdES when embedXML option is enabled
• [DSS-2595] - Check if best-signature-time is not before for passed basic signature validation
• [DSS-2596] - Validation de signature invalide à travers le site 'https://dss.nowina.lu/validation'
• [DSS-2598] - Past Signature Validation's result shall not be overwritten by Past Certificate Validation
• [DSS-2601] - RevocationFreshnessChecker : enforce check against thisUpdate value
• [DSS-2604] - NPE in CertificateWrapper when timestamp incluce SigningCertificateV2 calculated over another certificate
• [DSS-2605] - Set security provider to Santuario JCEMapper
• [DSS-2608] - Unhandled exception in QcStatementsUtils
• [DSS-2610] - Signature Validation of LT augmented signature doesn't use embedded revocation token
• [DSS-2612] - Visual signature text is not PDF/A compliant. It shouldn't default to DeviceRGB colorspace
• [DSS-2614] - JAdES : NullPointerException on a certificate ref when using a UserFriendlyIdentifier
• [DSS-2615] - PDFDocumentValidator.getOriginalDocuments() does not work for '\r%%EOF' ending
• [DSS-2616] - DSS-Demonstrations : wrongly encodes characters extracted from a document filename
• [DSS-2618] - PAdESUtils::retrieveLastPDFRevision don't returns with content when only CR used after %%EOF
• [DSS-2624] - DSSUtils : fix Date formatting method
• [

Release Notes - eSignature DSS - Version 5.9

Bug

• [DSS-2513] - Certificates embedded into an OCSP response are not timestamped
• [DSS-2515] - JAdES : avoid exception on a detached LTA signature validation without original file
• [DSS-2522] - Unable to augment ASiC-E with CAdES LTA with expired signing certificate
• [DSS-2524] - JAdES : tstVD certificates are not reported within FoundCertificates
• [DSS-2526] - TL-Summary webPage : rows recalculated on a collapse
• [DSS-2530] - JAdES ValidationReport with multiple tstVD
• [DSS-2534] - SVC : check revocation data is known to contain information about certificate
• [DSS-2539] - JAdES : a new added signature with a higher level extends other signatures
• [DSS-2540] - PdfBox : cast exception when signing non-signature field
• [DSS-2545] - Wrong minimal key size for DSA in default validation policy
• [DSS-2547] - WebApp : unable to sign when the used encryption algorithm is different from the one used to sign the certificate
• [DSS-2551] - Revocation data is not acceptable warning is reported on LTV process when a valid revocation is available
• [DSS-2560] - Custom TokenIdentifierProvider duplicates SignerData objects in DiagnosticData

Improvement

• [DSS-2479] - SVG timeline : add support for independent timestamps validation
• [DSS-2518] - Deadlocks on TLAnalysis if analysis throws exception
• [DSS-2535] - WebApp : add dataLoader timeout configuration to properties file
• [DSS-2549] - WebApp : log exception stacktrace

Release Notes - eSignature DSS - Version 5.9.RC1

Bug / Issues

• [DSS-1985] - ASIC-E containers with multiple files - Schema issue in validation report
• [DSS-2246] - Revoked QSCD signed PDF report show as TOTAL_PASSED, but shold be FAILED
• [DSS-2275] - Built in OCSP Revocation considered invalid if Certificate expires
• [DSS-2338] - Validating signature with expired OCSP certificate at OCSP token producedAt time
• [DSS-2340] - NPE when algorithm expiration date is missing in XML policy
• [DSS-2344] - Issue in qualification conflict detection
• [DSS-2351] - JAdES tstVD unsigned header parameter misspelled
• [DSS-2352] - JAdES sigTst input of the message imprint computation
• [DSS-2354] - JAdES LTA augmentation removes previous tstVD
• [DSS-2357] - ASiC-S with CAdES packaging attached
• [DSS-2358] - LTA augmented countersigned signature - Schema issue in validation report
• [DSS-2367] - PDF generation produces "#" instead of special characters
• [DSS-2373] - ETSI VR reports a wrong MimeType in case of a JAdES signature
• [DSS-2377] - ASiC-S with CAdES signature and detached timestamp creation issues
• [DSS-2387] - ASiC-E with CAdES augmentation is not coherent
• [DSS-2389] - WebApp TL Summary : resolve variable name issue for pivot loading
• [DSS-2398] - TL-loading page - null NextUpdate issue
• [DSS-2400] - Validator fails format on PDF page count wrongly(?)
• [DSS-2411] - XAdES : issue on resolving URIs to detached files containing '+' character
• [DSS-2416] - Suspended Certificates end up in PASSED conclusion in Long-Term Validation
• [DSS-2422] - PDF hashes are not repeatable, varying with the default timezone
• [DSS-2433] - DocumentValidatorFactory implementations different semantics for isSupported
• [DSS-2436] - XAdES : IndividualDataObjectsTimeStamp message-imprint computation order
• [DSS-2438] - SignatureFieldDimensionAndPositionBuilder returns values in different scales
• [DSS-2440] - OpenAPI descriptor missing the API version element
• [DSS-2448] - Best way to avoid "not all files are signed!" warning on OpenDocument files
• [DSS-2451] - PAdES : avoid to rise an exception in case of byterange overlaps
• [DSS-2457] - PAdES : Validator reports -T level for -LTA signature with overwritten DSS dictionary
• [DSS-2464] - CAdES : allow validation with a digest algorithm defined within SignerInformation
• [DSS-2471] - PAdES : minimal LT requirement check fails because of another signature within PDF
• [DSS-2473] - WebApp : no signature levels is available after a post form submit failure
• [DSS-2477] - Fix non-AdES signature extension with expired certificates
• [DSS-2478] - Allow non-AdES signature validation with provided signing certificate
• [DSS-2480] - PDF : abde revocation info archival values are not timestamped
• [DSS-2482] - DSS Demo : expired session and report generations
• [DSS-2500] - Make ExternalResourcesCRLSource/ExternalResourcesOCSPSource usable in CertificateVerifier
• [DSS-2506] - Inappropriate "signed by" values for NO_SIGNING_CERTIFICATE_FOUND situations

Improvement / New Feature

• [DSS-2155] - Missing validation of TSTInfo tsa field
• [DSS-2300] - Create a bom with all dss version
• [DSS-2314] - Improve readability of the Simple Report
• [DSS-2318] - Incorrect warning for eSeals
• [DSS-2321] - Improve handling of SignatureAttribute
• [DSS-2324] - Review info/warning/error escalation between the detailed and simple reports
• [DSS-2325] - Detailed validation report: make details usable - get rid of tooltips
• [DSS-2326] - Support QcCClegislation QCStatement
• [DSS-2328] - Allow to create an XML Manifest with custom Transforms
• [DSS-2329] - Improve ManifestValidator
• [DSS-2330] - SVC : check certificate revocation based on POE
• [DSS-2331] - Determine final Signature Qualification based on both times
• [DSS-2334] - Refactor QCStatement
• [DSS-2336] - XAdES : allow parallel signature creation for INTERNALLY_DETACHED packaging
• [DSS-2339] - XAdES : add a possibility to add custom ds:Object elements to a signature
• [DSS-2341] - Validation : add optional checks for Certificate QCStatement
• [DSS-2345] - Validation Policy : treat algorithm as infinite if there is no expiration date
• [DSS-2347] - User-friendly IDs in validation reports
• [DSS-2363] - XAdES : SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2 message-imprint computation
• [DSS-2368] - Improve behavior on signing with expired/not yet valid certificate
• [DSS-2369] - Restrict signature extension for an expired certificate/expired POE
• [DSS-2370] - Vulnerability Assessment Report 5.8.RC1 review
• [DSS-2372] - ETSI Validation Report builds elements with empty data
• [

Release Notes - eSignature DSS - Version 5.8

Bug

• [DSS-2338] - Validating signature with expired OCSP certificate at OCSP token producedAt time
• [DSS-2340] - NPE when algorithm expiration date is missing in XML policy
• [DSS-2344] - Issue in qualification conflict detection
• [DSS-2351] - JAdES tstVD unsigned header parameter misspelled
• [DSS-2352] - JAdES sigTst input of the message imprint computation
• [DSS-2354] - JAdES LTA augmentation removes previous tstVD
• [DSS-2357] - ASiC-S with CAdES packaging attached
• [DSS-2366] - Unexpected result signing w/ CAdES T Enveloping a file already signed w/ CAdES B Enveloping
• [DSS-2367] - PDF generation produces "#" instead of special characters
• [DSS-2373] - ETSI VR reports a wrong MimeType in case of a JAdES signature

Task

• [DSS-2332] - Upgrade PDFBox
• [DSS-2335] - Upgrade BouncyCastle
• [DSS-2362] - JAdES : align the code with draft 0.0.7a

Improvement

• [DSS-2318] - Incorrect warning for eSeals
• [DSS-2321] - Improve handling of SignatureAttribute
• [DSS-2331] - Determine final Signature Qualification based on both times
• [DSS-2363] - XAdES : SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2 message-imprint computation
• [DSS-2372] - ETSI Validation Report builds elements with empty data

Release Notes - eSignature DSS - Version 5.8.RC1

Bug

• [DSS-1900] - Unable to init SunPKCS11 with Java 9+ since DSS 5.5
• [DSS-2055] - XAdES Enveloping - Content timestamp not working with Embed XML option
• [DSS-2090] - PAdES visual signature always has whitespace above text
• [DSS-2112] - JAdES : Support of Content Tst with Detached Signature
• [DSS-2116] - ETSI VR: DTBSR in Signature Identification Element
• [DSS-2145] - MessageTag shouldn't contain arguments
• [DSS-2148] - OfflineRevocationSource : use RevocationTokenRefMatcher for references and identifiers comparision
• [DSS-2149] - Extending LTA signatures adds unnecessary revacation info objects
• [DSS-2150] - Incorrect ats-hash-index-v3 creation extending a signature with two archive time-stamps
• [DSS-2156] - X.509 Validation Constraints shall return INDETERMINATE/CHAIN_CONSTRAINTS_FAILURE
• [DSS-2160] - DSS includes manifest entries in the scope when detached documents are not provided
• [DSS-2162] - Extract LevelContraints based on a Context
• [DSS-2186] - XAdES Enveloped Second Signature with LT or LTA and Content Timestamp fails
• [DSS-2190] - XAdES : ArchiveTimeStamp inclusive canonicalization does not include parent namespaces
• [DSS-2199] - Error validating Docusign document on LONG_TERM_DATA level after extending to PAdES_BASELINE_LT
• [DSS-2214] - NPE in the ValidationProcessUtils.getLatestAcceptableRevocationData
• [DSS-2216] - DigestMatcher does not find data for an EnvelopingCountersignature
• [DSS-2227] - Native PDFBox drawer : wrong text position with a custom SignerTextPosition
• [DSS-2228] - The font color is not being applied correctly in the OpenPDF implementation
• [DSS-2239] - PAdES : conflict between signature parameters
• [DSS-2251] - CaDES-LTA signature cannot be applied to document previously signed with CAdES baseline B
• [DSS-2256] - Fails XAdESLevelTIndividualDataObjectTimeStampTest
• [DSS-2257] - The revocation data is not updated for signatures with no timestamps
• [DSS-2279] - XAdES : counter signature serialization issue with JDK 8
• [DSS-2293] - Extraction of signed data fails for xades enveloping signature
• [DSS-2294] - PAdES : level detection issue
• [DSS-2301] - Incorrect warning when both ESSCertID and ESSCertIDv2 are present in QTSA

New Feature

• [DSS-1964] - Implementation of JAdES (part 1)
• [DSS-2075] - JAdES : creation with Complete JWS Serialization format
• [DSS-2076] - JAdES : parallel signature support with JWS JSON Serialization
• [DSS-2077] - JAdES : implementation of unsigned properties (Baseline-T)
• [DSS-2078] - JAdES : Detached signature implementation ('sigD' element)
• [DSS-2079] - DSS-2075 JAdES : creation with Flattened JWS Serialization format
• [DSS-2102] - Introduce JAdES in the webapp
• [DSS-2107] - JAdES : implementation of unsigned properties (Baseline-LT)
• [DSS-2108] - JAdES : implementation of unsigned properties (Baseline-LTA)
• [DSS-2109] - Introduce JAdES in the dss-standalone (JavaFX)
• [DSS-2110] - JAdES : provide converter from JWS Compact Serialization to JSON (Flattened) Serialization format
• [DSS-2111] - Introduce JAdES in the Webservices (REST/SOAP)
• [DSS-2114] - XAdES : support of SignaturePolicyStore
• [DSS-2125] - JAdES : introduce a KidCertificateSource
• [DSS-2137] - Demonstration : add the possibility to provide signing/adjunct certificate(s) to the validation
• [DSS-2164] - JAdES : support of SignaturePolicyStore
• [DSS-2165] - JAdES : add unit tests for requirements
• [DSS-2167] - JAdES : support counter-signature
• [DSS-2172] - CAdES : support of SignaturePolicyStore
• [DSS-2173] - SignaturePolicyStore validation
• [DSS-2174] - Validate a SignatureValue against a ToBeSigned object and a certificate
• [DSS-2177] - XAdES : counter signature creation
• [DSS-2178] - CAdES : counter signature creation
• [DSS-2187] - Demonstration : add webpage to produce counter-signatures
• [DSS-2188] - Webservices : add methods to produce counter-signatures
• [DSS-2204] - ASiC : add counter-signature creation
• [DSS-2205] - ASiC : support of SignaturePolicyStore (creation)
• [DSS-2266] - Add a check for OCSP Responder recursion into the validation process

Improvement

• [DSS-1966] - Include a JSON validator
• [DSS-2095] - Transformations on signature policy files
• [DSS-2101] - DSS-Demo - TL flags vs country codes
• [DSS-2113] - JAdES : expand DigestMatcher type check
• [DSS-2115] - SAV : add a check of signing certificate reference constraint
• [DSS-2120] - Use JVM's standard system properties for proxy configuration in CommonsDataLoader
• [