Skip to content

Migrating

Jump to bottom
Luís Gonçalves edited this page Feb 19, 2022 · 1 revision

Migration Guide

Migrating from 1.X to 2.0

Version 2.0 requires Java 11. In addition, it includes the following breaking changes:

  • FileSystemKeyStoreKeyingDataProvider is now created using a builder. The FileSystemKeyStoreKeyingDataProvider#builder() method is used to get a new builder. 
    KeyingDataProvider kp = FileSystemKeyStoreKeyingDataProvider
    .builder("pkcs12", "my/LG.pfx", SigningCertificateSelector.single())
    .storePassword(new DirectPasswordProvider("storepwd"))
    // ... other builder options ...
    .build();
  • PKCS11KeyStoreKeyingDataProvider is now created using a builder. The PKCS11KeyStoreKeyingDataProvider#builder() method is used to get a new builder.
  • SigningCertSelector was renamed to SigningCertificateSelector and it now takes both the entries' alias and certificate.
  • PKIXCertificateValidationProvider is now created using a builder. The PKIXCertificateValidationProvider#builder() method is used to get a new builder.
  • The AlgorithmsProviderEx provider was removed and replaced by SignatureAlgorithms to configure the different algorithms that are used in signature production. The corresponding methods in the signing profiles (e.g. withAlgorithmsProviderEx) were also removed. SignatureAlgorithms can be configured in the signing profiles. 
    XadesSigningProfile profile = new XadesCSigningProfile(...)
    .withSignatureAlgorithms(new SignatureAlgorithms()
        .withSignatureAlgorithm("RSA", ALGO_ID_SIGNATURE_RSA_SHA512));
  • No TSA is configured by default. However, an HTTP-based time-stamp token provider is available by default. Use HttpTsaConfiguration to configure the TSA or override the time-stamp token provider altogether in the signing profiles.
  • The following deprecated classes were removed:
    • BasicSignatureOptionsProvider - use BasicSignatureOptions
    • DefaultTimeStampTokenProvider and AuthenticatedTimeStampTokenProvider - an HTTP-based time-stamp token provider is configured by default. Use HttpTsaConfiguration to configure the TSA.
    • DataObjectTransform - use GenericAlgorithm or specific Algorithm-derived classes.

Clone this wiki locally