Release History
Some more log messages (e.g. encoding related issues).
Updating web application (in external invocation mode) enhancing support for being used within an iframe.
Two new (optional) parameters for external invocation mode:
locale: defines the locale being used for webapp (e.g. locale=de or locale=de_DE),
invoke-app-error-url: can be used to declare a callback url to the calling web application in order to transfer error messages from pdf-as.
In case of error pdf-as redirects the user to the error-page-url (if given) providing the error and the cause in url encoded parameters ("error", "cause").
Formatter for mocca signature params enhanced.
Added signatureKeyIdentifier to SignParameters in the API, which allows to override the one specified in the profile (MOA Connector only).
Added maven assembly and batch file for BRZ distribution.
Corrected faulty mime-type argument checking in SignResult constructor.
Switching to itext-2.1.5-rev3628. (itext-1.4.x is regarded as deprecated.)
itext library: minor adjustments for pdf-as
Adding new error code (103) for invalid pdfa/1b font configuration.
Minor updates for PDF/A support.
Support for local MOCCA CCS added.
Multi language for web application.
Encoding issue for web application fixed by implementing an EncodingFilter.
Dynamic sign upload form implemented.
Order of input fields for dynamic upload form changed.
MOCCA logo added to sign upload form.
lib-folder removed.
Maven2-repository updated.
Adding external patched itext (1.4.2 and 2.1.5) and pdfbox libraries.
Removing iText and pdfbox from sources.
Cleaning up certstore removing all certificates except MOA-certificates.
Removing deprecated templates.
Correcting default.bku.sign.detached.xml according to Security Layer spec.
Adding DejaVuFont.
Adding DejaVuFont license.
Adding test file for PDF/A. Removing issues.txt.
Preparation for multilingual support for web application.
Minor updates of configuration.
Sitemesh updates.
Minor support for TrueType fonts in preparation for PDF/A added.
Deprecated webapp-folder removed from svn repository.
New DefaultConfiguration.zip integrated in order to allow mocca signatures.
Minor bug concerning choice of cce within the web application fixed.
Signature with new online bku MOCCA integrated (new signature device "moc" created).
Configuration keys for mocca added.
New error codes (371 = signature verification not supported by this connector, 372 = invalid signing time) introduced.
Optional check of the signing time for the web application implemented. At signature creation time the signing time is checked for plausibility. This is a workaround for the ITS:mac-linux signing time bug. New configuration key ("signing_time_tolerance") added (applies to web application only) to overcome invalid signing times. A signature is only accepted if its signing time is within a time frame of [current time - signing_time_tolerance, current time + signing_time_tolerance] where signing_time_tolerance is interpreted as seconds.
Bugfix: Correct extraction of signatures with wrong signing times implemented. (The order of the signatures is still invalid in case of false signing times.)
Optional override of the dynamic creation of the signature retrieval url (locrefcontent) implemented in order to overcome ssl problems (retrieve_signature_data_url_override). Note: Assure that this URL is accessible from the citizen card environment.
Download of signed pdf-file for external application interface adjusted.
Verification of mocca signed documents implemented.
Retrieval of xml response via multipart implemented (mocca strictly follows security layer spec)
Parsing of PublicAuthority-Flag and PublicAuthority-Code from MOA-VerifyXMLSignatureResponses implemented.
APIDemo updated.
(default) configuration updated regarding new configuration keys.
Many printStackTraces replaces with logger-messages.
Update concerting exclusion of minimal layout profiles for verification.
Web-Application: New error code (251) introduced: Textual signature of files with no
extractable textual content (e.g. files that solely contain images) is prevented.
Configurable line break tolerance for binary signatures (line_break_tolerance).
The reserved space for a certificate withing the egiz dictionary can be configured (...phlength.certificate=xxxx).
imagescaletofit configuration parameter introduced.
Detection of incremental updates updated.
Bug fixed. There was an error concerning empty HashInputData parsing a MOA CreateXMLSignatureResponse.
Demo source for API usage created.
Issue resolved: Prevent signature of empty document which leads to a meaningless error message from the bku.
A new check for the existence of a configuration has been implemented. The extraction is skipped if any files or folders would be overwritten. Files like log- or temp-files may exist and do not prevent the deployment of the default configuration.
Serious bug solved. Method storeCertificate tried to fetch a certificate from store before storing it. If not found (within the store resp. via ldap) the certificate was not stored!!!
Manual deployment of pdf-as configuration (commandline parameter -ddc) considers the system property pdf-as.work-dir.
Internal default configuration updated.
log4.properties within the workdir is now being considered using the api.
Support of a minimal signature mark layout for binary signatures added.
Web-Application: Every hardcoded context "pdf-as" has been replaced.
Web-Application: Session is now being invalidated after download of the signed pdf file.
Web-Application: Configuration may be declared via system property "pdf-as.work-dir" or via Servlet-Init-Parameter "work-dir".
Bug fixed in RetrieveSignatureDataServlet: Response header didn't contain a content length attribute. The ITS Mac BKU rejects those requests.
Workaround for ITS Mac BKU integrated. A redirect via response does only work if the response contains a valid SL request (e.g. a NullOperationRequest).
API: The configuration folder may be omitted at instantiating the api. Configuration may be set via system property "pdf-as.work-dir". If no configuration is given at all, the current user's home directory is searched for a folder "PDF-AS". If not found a default configuration is created.
If the configuration is explicitely given than the temporary folder is located within the given directory otherwise within the user's temporary directory.
Declaring the configuration folder, replacements for system properties like "${catalina.base}/conf/pdfas" may be used.
Bug fixed: If we have a binary signature, the
certificate is embedded. So there should be no serial
number needed within the signature block. PDF-AS stores
the certificate in the certstore but tries to load the
certificate via serialnumber and issuername from
certstore, which fails because of the missing serial
number.
Bug fixed: For storage of the certificate in the
certstore the issuername is taken from the certificate,
normalized and hashed. The base64 value of the hash is
used as the directory name. Loading the certificate from
the certstore, the issuername is taken from the
signature block, normalized and hashed. Some issuernames
(with rdns that are not registered) lead to two
different hash values (one at storage, another at
retrieval), which leads to a certificate not found
exception.
PDF-AS library version is logged in order to lighten
bugfixing.