Skip to content

Commit 8d27337

Browse files
committed
Release eumw-3.1.0
1 parent 4324701 commit 8d27337

File tree

202 files changed

+3909
-4305
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

202 files changed

+3909
-4305
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ target/
22
packer/
33
*Jenkinsfile*
44
.hg/
5+
/helm/
56

67
# IntelliJ project files
78
*.iml

.hgtags

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,3 +88,11 @@ d81108e3cb7cf619e4231a71d84317e319fb21d1 eumw-3.0.0-RC6
8888
02253d61abbe8013d216f4fcdd13dc6fa88c48a1 eumw-3.0.1-RC1
8989
9e38e2d47e711f0ca27a851302112e8a1703b659 eumw-3.0.1-RC2
9090
e47ad279d13621f2b75f0d21ff991f89c2dc47af eumw-3.0.1-RC3
91+
78451b6ef42eafefc8a59f64d96280b0fd25b7f9 eumw-3.0.1
92+
cf90c08204b82e67f44df5b4a2a2b05d0ebb1e2f eumw-3.1.0-RC1
93+
cb306bc9c833171c91c68c53af88889159e251bc eumw-3.1.0-RC2
94+
3a7ef86fd6e3d06189a19f3d4e3699ac16c71b2f eumw-3.1.0-RC3
95+
00ab59b980e1898b6c7b917302018430482a857b eumw-3.1.0-RC4
96+
2a5a673eec7f98bb6c01d06ead7dea24afa921fc eumw-3.1.0-RC5
97+
37226259f9f45fb2dfd85e010b4dffe8875e52fc eumw-3.1.0-RC6
98+
147895b9dbe033030c2f31e52e6f8ff265e3a8a0 eumw-3.1.0-RC7

README.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ The signed release artifacts will be released on github as well.
1111
We are using maven to build and test the software.
1212

1313
To build the software, execute the following command:
14-
```
15-
maven clean install
14+
```console
15+
$ mvn clean install
1616
```
1717
You can find the compiled JARs in the `target/` directory of each module.
1818

@@ -24,11 +24,11 @@ on how to install sphinx on your system.
2424

2525
To create the pdf file, issue the following commands:
2626

27-
```
28-
cd doc && make clean latexpdf
27+
```console
28+
$ (cd doc && make clean latexpdf)
2929
```
3030

31-
The created pdf document can be found at `_build/latex/eIDASMiddleware.pdf`.
31+
The created pdf document can be found at `doc/_build/latex/eIDASMiddleware.pdf`.
3232

3333
## Documentation
3434
The user documentation for each release is available in the release artifacts.

configuration-migration/pom.xml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
<parent>
44
<artifactId>eumw</artifactId>
55
<groupId>de.governikus.eumw</groupId>
6-
<version>3.0.1</version>
6+
<version>3.1.0</version>
77
</parent>
88
<modelVersion>4.0.0</modelVersion>
99

@@ -19,6 +19,10 @@
1919
<groupId>de.governikus.eumw</groupId>
2020
<artifactId>poseidas</artifactId>
2121
</dependency>
22+
<dependency>
23+
<groupId>de.governikus.eumw</groupId>
24+
<artifactId>eidas-base-container</artifactId>
25+
</dependency>
2226

2327
<dependency>
2428
<groupId>commons-io</groupId>
@@ -56,6 +60,9 @@
5660
<name>governikus/eidas-middleware-configuration-migration:${project.version}
5761
</name>
5862
<build>
63+
<tags>
64+
<tag>latest</tag>
65+
</tags>
5966
<contextDir>.</contextDir>
6067
<assembly>
6168
<descriptorRef>artifact</descriptorRef>

configuration-migration/src/main/java/de/governikus/eumw/configuration/migration/models/eidas/ConfigHolder.java

Lines changed: 0 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -46,16 +46,6 @@ public class ConfigHolder
4646
*/
4747
public static final String KEY_APP_SIGN_ALIAS = "MIDDLEWARE_SIGN_ALIAS";
4848

49-
/**
50-
* Pin of the decryption key for the SAML interface
51-
*/
52-
public static final String KEY_APP_CRYPT_PIN = "MIDDLEWARE_CRYPT_PIN";
53-
54-
/**
55-
* Alias of the decryption key for the SAML interface
56-
*/
57-
public static final String KEY_APP_CRYPT_ALIAS = "MIDDLEWARE_CRYPT_ALIAS";
58-
5949
/**
6050
* Contact Person Details for the idp metadata.xml
6151
*/
@@ -116,20 +106,13 @@ public class ConfigHolder
116106
*/
117107
private static final String KEY_APP_SIGN_KEY = "MIDDLEWARE_SIGN_KEY";
118108

119-
/**
120-
* Path to the decryption keystore for the SAML interface
121-
*/
122-
private static final String KEY_APP_CRYPT_KEY = "MIDDLEWARE_CRYPT_KEY";
123-
124109
@Getter
125110
private Properties properties;
126111

127112
private X509Certificate metadataSigner;
128113

129114
private X509KeyPair signKey;
130115

131-
private X509KeyPair cryptKey;
132-
133116
private EidasContactPerson contactPerson;
134117

135118
private String entityIdInt;
@@ -245,46 +228,6 @@ public String getAppSignatureKeyStoreType()
245228
return keyStoreFileName.toLowerCase(Locale.GERMAN).endsWith("jks") ? "JKS" : "PKCS12";
246229
}
247230

248-
/**
249-
* Get the type of the encryption key store
250-
*
251-
* @return the type of the keystore
252-
*/
253-
public String getAppCryptionKeyStoreType()
254-
{
255-
String keyStoreFileName = properties.getProperty(KEY_APP_CRYPT_KEY);
256-
return keyStoreFileName.toLowerCase(Locale.GERMAN).endsWith("jks") ? "JKS" : "PKCS12";
257-
}
258-
259-
/**
260-
* Get the depryption key pair
261-
*
262-
* @return the decryption key pair
263-
* @throws IOException when the key pair cannot be read
264-
* @throws GeneralSecurityException when the key pair cannot be loaded
265-
*/
266-
public X509KeyPair getAppDecryptionKeyPair() throws IOException, GeneralSecurityException
267-
{
268-
if (cryptKey == null)
269-
{
270-
String keystoreFileName = getCanonicalPath(properties.getProperty(KEY_APP_CRYPT_KEY));
271-
try (FileInputStream fis = new FileInputStream(keystoreFileName))
272-
{
273-
cryptKey = Utils.readKeyAndCert(fis,
274-
getAppCryptionKeyStoreType(),
275-
properties.getProperty(KEY_APP_CRYPT_PIN).toCharArray(),
276-
properties.getProperty(KEY_APP_CRYPT_ALIAS),
277-
properties.getProperty(KEY_APP_CRYPT_PIN).toCharArray(),
278-
true);
279-
return cryptKey;
280-
}
281-
}
282-
else
283-
{
284-
return cryptKey;
285-
}
286-
}
287-
288231
/**
289232
* Get the contact person from the eidasmiddleware.properties
290233
*

configuration-migration/src/main/java/de/governikus/eumw/configuration/migration/service/ConfigurationMigrationService.java

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -185,20 +185,6 @@ private EidasMiddlewareConfig.EidasConfiguration migrateEidasProperties(ConfigHo
185185
log.error("Cannot migrate eidas middleware signature keystore", e);
186186
}
187187
try
188-
{
189-
String decryption = createAndGetKeyStoreName(configHolder,
190-
configHolder.getAppCryptionKeyStoreType(),
191-
ConfigHolder.KEY_APP_CRYPT_ALIAS,
192-
ConfigHolder.KEY_APP_CRYPT_PIN,
193-
"Decryption",
194-
configHolder.getAppDecryptionKeyPair());
195-
eidasConfiguration.setDecryptionKeyPairName(decryption);
196-
}
197-
catch (Exception e)
198-
{
199-
log.error("Cannot migrate eidas middleware decryption keystore", e);
200-
}
201-
try
202188
{
203189
CertificateType metadataSignatureVerifyCertificate = new CertificateType(METADATA_SIGNATURE_VERIFICATION_CERTIFICATE,
204190
configHolder.getMetadataSignatureCert()

configuration-migration/src/test/java/de/governikus/eumw/configuration/migration/service/ConfigurationMigrationServiceTest.java

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,6 @@ class ConfigurationMigrationServiceTest
4646

4747
private static final String MIDDLEWARE_SIGNING_KEY_PAIR = "middlewareSigningKeyPair";
4848

49-
private static final String MIDDLEWARE_DECRYPTION_KEY_PAIR = "middlewareDecryptionKeyPair";
50-
5149
private static final String BLACK_LIST_TRUST_ANCHOR = "BlackListTrustAnchor";
5250

5351
private static final String MASTER_LIST_TRUST_ANCHOR = "MasterListTrustAnchor";
@@ -96,9 +94,9 @@ void testMigrateOldConfigWithOutHsm() throws Exception
9694
List<CertificateType> certificates = eidasMiddlewareConfig.getKeyData().getCertificate();
9795
Assertions.assertEquals(10, certificates.size());
9896
List<KeyStoreType> keyStores = eidasMiddlewareConfig.getKeyData().getKeyStore();
99-
Assertions.assertEquals(13, keyStores.size());
97+
Assertions.assertEquals(12, keyStores.size());
10098
List<KeyPairType> keyPairs = eidasMiddlewareConfig.getKeyData().getKeyPair();
101-
Assertions.assertEquals(13, keyPairs.size());
99+
Assertions.assertEquals(12, keyPairs.size());
102100
Assertions.assertEquals(1, eidasMiddlewareConfig.getEidasConfiguration().getConnectorMetadata().size());
103101
Assertions.assertEquals("https://localhost:8443", eidasMiddlewareConfig.getServerUrl());
104102
TimerConfigurationType timerConfiguration = eidasMiddlewareConfig.getEidConfiguration().getTimerConfiguration();
@@ -155,8 +153,7 @@ void testMigrateOldConfigWithOutHsm() throws Exception
155153
Assertions.assertEquals(30, eidasMiddlewareConfig.getEidasConfiguration().getMetadataValidity());
156154
Assertions.assertNotNull(eidasMiddlewareConfig.getEidasConfiguration().getContactPerson());
157155
Assertions.assertNotNull(eidasMiddlewareConfig.getEidasConfiguration().getOrganization());
158-
Assertions.assertEquals(MIDDLEWARE_DECRYPTION_KEY_PAIR,
159-
eidasMiddlewareConfig.getEidasConfiguration().getDecryptionKeyPairName());
156+
Assertions.assertNull(eidasMiddlewareConfig.getEidasConfiguration().getDecryptionKeyPairName());
160157
Assertions.assertEquals(MIDDLEWARE_SIGNING_KEY_PAIR,
161158
eidasMiddlewareConfig.getEidasConfiguration().getSignatureKeyPairName());
162159
Assertions.assertEquals(METADATA_SIGNATURE_VERIFICATION_CERTIFICATE,
@@ -180,7 +177,6 @@ void testMigrateOldConfigWithOutHsm() throws Exception
180177
assertKeyPairAndKeyStore(keyPairs, keyStores, "TestbedERSADvcaClientKeyPair", "TestbedERSADvcaKeyStore");
181178
assertKeyPairAndKeyStore(keyPairs, keyStores, "TestbedFDvcaClientKeyPair", "TestbedFDvcaKeyStore");
182179
assertKeyPairAndKeyStore(keyPairs, keyStores, "TestbedGDvcaClientKeyPair", "TestbedGDvcaKeyStore");
183-
assertKeyPairAndKeyStore(keyPairs, keyStores, MIDDLEWARE_DECRYPTION_KEY_PAIR, "middlewareDecryption", MIDDLEWARE);
184180
assertKeyPairAndKeyStore(keyPairs, keyStores, MIDDLEWARE_SIGNING_KEY_PAIR, "middlewareSigning", MIDDLEWARE);
185181
}
186182

@@ -217,9 +213,9 @@ void testMigrateOldConfigWithHsm() throws Exception
217213
List<CertificateType> certificates = eidasMiddlewareConfig.getKeyData().getCertificate();
218214
Assertions.assertEquals(4, certificates.size());
219215
List<KeyStoreType> keyStores = eidasMiddlewareConfig.getKeyData().getKeyStore();
220-
Assertions.assertEquals(1, keyStores.size());
216+
Assertions.assertTrue(keyStores.isEmpty());
221217
List<KeyPairType> keyPairs = eidasMiddlewareConfig.getKeyData().getKeyPair();
222-
Assertions.assertEquals(1, keyPairs.size());
218+
Assertions.assertTrue(keyPairs.isEmpty());
223219
Assertions.assertNull(serviceProviderList.get(0).getClientKeyPairName());
224220
Assertions.assertNull(eidasMiddlewareConfig.getEidasConfiguration().getSignatureKeyPairName());
225221
}

databasemigration/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
<parent>
1515
<artifactId>eumw</artifactId>
1616
<groupId>de.governikus.eumw</groupId>
17-
<version>3.0.1</version>
17+
<version>3.1.0</version>
1818
</parent>
1919
<artifactId>database-migration</artifactId>
2020

distribution/pom.xml

Lines changed: 75 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,22 +15,51 @@
1515
<parent>
1616
<groupId>de.governikus.eumw</groupId>
1717
<artifactId>eumw</artifactId>
18-
<version>3.0.1</version>
18+
<version>3.1.0</version>
1919
</parent>
2020

2121
<artifactId>distribution</artifactId>
22-
<version>3.0.1</version>
22+
<version>3.1.0</version>
2323
<packaging>pom</packaging>
2424

2525
<dependencies>
26+
<!-- add all eumw modules to create an aggregated jacoco coverage report of all modules -->
2627
<dependency>
2728
<groupId>de.governikus.eumw</groupId>
28-
<artifactId>eidas-middleware</artifactId>
29+
<artifactId>configuration-migration</artifactId>
30+
</dependency>
31+
<dependency>
32+
<groupId>de.governikus.eumw</groupId>
33+
<artifactId>database-migration</artifactId>
34+
</dependency>
35+
<dependency>
36+
<groupId>de.governikus.eumw</groupId>
37+
<artifactId>eidas-common</artifactId>
38+
</dependency>
39+
<dependency>
40+
<groupId>de.governikus.eumw</groupId>
41+
<artifactId>eidas-demo</artifactId>
2942
</dependency>
3043
<dependency>
3144
<groupId>de.governikus.eumw</groupId>
3245
<artifactId>eidas-demo</artifactId>
3346
</dependency>
47+
<dependency>
48+
<groupId>de.governikus.eumw</groupId>
49+
<artifactId>eidas-middleware</artifactId>
50+
</dependency>
51+
<dependency>
52+
<groupId>de.governikus.eumw</groupId>
53+
<artifactId>eidas-starterkit</artifactId>
54+
</dependency>
55+
<dependency>
56+
<groupId>de.governikus.eumw</groupId>
57+
<artifactId>poseidas</artifactId>
58+
</dependency>
59+
<dependency>
60+
<groupId>de.governikus.eumw</groupId>
61+
<artifactId>utils</artifactId>
62+
</dependency>
3463
</dependencies>
3564

3665
<profiles>
@@ -61,6 +90,49 @@
6190
</plugins>
6291
</build>
6392
</profile>
93+
<profile>
94+
<id>coverage</id>
95+
<activation>
96+
<!-- activate automatically when built on Jenkins build server -->
97+
<property>
98+
<name>env.JENKINS_URL</name>
99+
</property>
100+
</activation>
101+
<build>
102+
<plugins>
103+
<plugin>
104+
<groupId>org.jacoco</groupId>
105+
<artifactId>jacoco-maven-plugin</artifactId>
106+
<configuration>
107+
<excludes>
108+
<!-- exclude javassist classes (leads to
109+
runtime exception in coverage) -->
110+
<exclude>*_javassist_*</exclude>
111+
<exclude>org.springframework.*</exclude>
112+
<exclude>com.gargoylesoftware.*</exclude>
113+
</excludes>
114+
</configuration>
115+
<executions>
116+
<!-- aggregate the reports of the other modules for sonarqube -->
117+
<execution>
118+
<id>report-aggregate</id>
119+
<phase>verify</phase>
120+
<goals>
121+
<goal>report-aggregate</goal>
122+
</goals>
123+
<configuration>
124+
<dataFileIncludes>
125+
<dataFileInclude>**/jacoco.exec</dataFileInclude>
126+
</dataFileIncludes>
127+
<outputDirectory>${project.reporting.outputDirectory}/jacoco-aggregate
128+
</outputDirectory>
129+
</configuration>
130+
</execution>
131+
</executions>
132+
</plugin>
133+
</plugins>
134+
</build>
135+
</profile>
64136
</profiles>
65137

66138
</project>

distribution/src/main/assembly/distribution.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,10 @@
2525
</files>
2626
<dependencySets>
2727
<dependencySet>
28+
<includes>
29+
<include>de.governikus.eumw:eidas-middleware</include>
30+
<include>de.governikus.eumw:eidas-demo</include>
31+
</includes>
2832
<useTransitiveDependencies>false</useTransitiveDependencies>
2933
</dependencySet>
3034
</dependencySets>

doc/source/chapter/Changelog.rst

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -212,3 +212,22 @@ Changelog
212212
- eIDAS Middleware: Update DVCA server certificate in eIDAS_Middleware_configuration_test.xml
213213
- Configuration Migration: Fix a bug that migrated the wrong URL for communication with the DVCA for production
214214
systems.
215+
216+
217+
* 3.1.0
218+
219+
- All components: Code cleanups.
220+
- eIDAS Middleware: Using identglue to check the availability of the AusweisApp2.
221+
- eIDAS Middleware: Added a timer to renew an expired CVC with a
222+
:term:`Request Signer Certificate<Request Signer Certificate>` when the current CVC is expired less than two days.
223+
- Added a notification in the Admin-UI to indicate that the renewal will be tried.
224+
- eIDAS Middleware: Fix unsuccessful indication of a public service provider on certain conditions.
225+
- eIDAS Middleware: Obsolete decryption key pair for SAML has been removed in the Admin-UI.
226+
- eIDAS Middleware: The used holder reference will be logged if an CVC request is unsuccessful.
227+
- eIDAS Middleware: A sequence number is never reused for CVC requests of a service provider.
228+
- eIDAS Demo: Improved design and added decrypted assertion on result page.
229+
- eIDAS Middleware: Added support for Brainpool elliptic curves on TLS connections.
230+
- eIDAS Middleware: Static resources have been moved from the base path to module specific paths.
231+
- eIDAS Middleware: SAML redirect binding has been added.
232+
- eIDAS Middleware: Added support for the natural person attribute 'Nationality'.
233+

doc/source/chapter/Configuration.rst

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -222,8 +222,9 @@ eIDAS SP it is imperative that the name matches the ``providerName`` used in eID
222222

223223
The client authentication key pair is used for the communication to the :term:`Authorization CA`.
224224
The associated certificate must be given to the :term:`Authorization CA`.
225-
In case you use a PKCS11 HSM, this key must be stored in the HSM using label and ID identical to
226-
the ``CVCRefID`` of the :term:`eID Service Provider` (usually the same value as the name).
225+
In case you use a PKCS11 HSM, this key must be stored in the HSM. It is required that the the label and the ID for the
226+
certificate and key entry in the HSM are identical. As the ID is a hexadecimal value, use the hex-value of the ASCII
227+
string.
227228

228229

229230
eIDAS

0 commit comments

Comments
 (0)