From 9ae9334ed4eb64246523caef0582f832ed7fa4e4 Mon Sep 17 00:00:00 2001
From: "Johanna.Rasu" <johanna.rasu@nortal.com>
Date: Thu, 19 Feb 2026 17:23:43 +0200
Subject: [PATCH 1/4] feat: DDS-3046 - reduce logging level when validating
 user certificates

---
 pom.xml                                       |  2 +-
 .../MidAuthenticationResponseValidator.java   |  2 +-
 .../AuthenticationResponseValidatorTest.java  | 37 +++++++++++++++++++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 57e64d6..398c0a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,7 +129,7 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.3.12</version>
+            <version>1.2.13</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java b/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
index d2f2b2b..61b226f 100644
--- a/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
+++ b/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
@@ -193,7 +193,7 @@ private boolean isCertificateTrusted(X509Certificate certificate) {
                 certificate.verify(trustedCACertificate.getPublicKey());
                 return true;
             } catch (GeneralSecurityException e) {
-                logger.warn("Error verifying signer's certificate: " + certificate.getSubjectDN() + " against CA certificate: " + trustedCACertificate.getSubjectDN(), e);
+                logger.debug("Error verifying signer's certificate: " + certificate.getSubjectDN() + " against CA certificate: " + trustedCACertificate.getSubjectDN(), e);
             }
         }
         return false;
diff --git a/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java b/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
index 8c0d537..0e13cb0 100644
--- a/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
+++ b/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
@@ -43,11 +43,17 @@
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 
+import java.util.Arrays;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.Logger;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.core.read.ListAppender;
 import ee.sk.mid.exception.MidInternalErrorException;
 import org.junit.Test;
+import org.slf4j.LoggerFactory;
 
 public class AuthenticationResponseValidatorTest {
 
@@ -95,6 +101,37 @@ public void validate_whenCertificateNotTrusted_shouldReturnCertificateNotTrusted
         assertThat(authenticationResult.getErrors(), hasItem(equalTo("Certificate that was returned is not signed by CA that is configured as trusted in mid-rest-java-client")));
     }
 
+    @Test
+    public void validate_whenTrustedCaIterationFailsInitially_shouldLogAtDebugLevel() {
+        X509Certificate wrongCaCertificate = fileToX509Certificate("/trusted_certificates/TEST_of_ESTEID-SK_2011.pem.crt");
+        X509Certificate correctCaCertificate = fileToX509Certificate("/trusted_certificates/TEST_of_ESTEID-SK_2015.pem.crt");
+        MidAuthenticationResponseValidator validator = new MidAuthenticationResponseValidator(Arrays.asList(wrongCaCertificate, correctCaCertificate));
+
+        Logger validatorLogger = (Logger) LoggerFactory.getLogger(MidAuthenticationResponseValidator.class);
+        Level previousLevel = validatorLogger.getLevel();
+        validatorLogger.setLevel(Level.DEBUG);
+        ListAppender<ILoggingEvent> listAppender = new ListAppender<>();
+        listAppender.start();
+        validatorLogger.addAppender(listAppender);
+        try {
+            MidAuthenticationResult authenticationResult = validator.validate(createValidMobileIdAuthentication());
+            assertThat(authenticationResult.isValid(), is(true));
+        } finally {
+            validatorLogger.detachAppender(listAppender);
+            validatorLogger.setLevel(previousLevel);
+        }
+
+        boolean hasDebugLog = listAppender.list.stream()
+                .anyMatch(event -> event.getLevel().equals(Level.DEBUG)
+                        && event.getFormattedMessage().contains("Error verifying signer's certificate"));
+        boolean hasWarnLog = listAppender.list.stream()
+                .anyMatch(event -> event.getLevel().equals(Level.WARN)
+                        && event.getFormattedMessage().contains("Error verifying signer's certificate"));
+
+        assertThat(hasDebugLog, is(true));
+        assertThat(hasWarnLog, is(false));
+    }
+
     @Test
     public void validate_whenResultLowerCase_shouldReturnValidAuthenticationResult() throws Exception {
         MidAuthentication authentication = MidAuthentication.newBuilder()

From 5579276d6f24e77f35201672a6a6704a59c3908c Mon Sep 17 00:00:00 2001
From: Kaido Hallik <Kaido.Hallik@nortal.com>
Date: Tue, 7 Apr 2026 14:57:01 +0300
Subject: [PATCH 2/4] Revert logback version downgrade and remove test - test
 will be added after migrating to slf4j-api 2.0

---
 pom.xml                                       |  4 +-
 .../MidAuthenticationResponseValidator.java   |  2 +-
 .../AuthenticationResponseValidatorTest.java  | 37 -------------------
 3 files changed, 3 insertions(+), 40 deletions(-)

diff --git a/pom.xml b/pom.xml
index 398c0a4..c3279a2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
     <groupId>ee.sk.mid</groupId>
     <artifactId>mid-rest-java-client</artifactId>
     <packaging>jar</packaging>
-    <version>1.3</version>
+    <version>1.7-SNAPSHOT</version>
 
     <name>Mobile-ID Java client</name>
     <description>Mobile-ID Java client is a Java library that can be used for easy integration with MID REST interface (https://github.com/SK-EID/MID) of the Mobile-ID</description>
@@ -129,7 +129,7 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.2.13</version>
+            <version>1.3.12</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java b/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
index 61b226f..de85470 100644
--- a/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
+++ b/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
@@ -4,7 +4,7 @@
  * #%L
  * Mobile ID sample Java client
  * %%
- * Copyright (C) 2018 - 2019 SK ID Solutions AS
+ * Copyright (C) 2018 - 2026 SK ID Solutions AS
  * %%
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
diff --git a/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java b/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
index 0e13cb0..8c0d537 100644
--- a/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
+++ b/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
@@ -43,17 +43,11 @@
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 
-import java.util.Arrays;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 
-import ch.qos.logback.classic.Level;
-import ch.qos.logback.classic.Logger;
-import ch.qos.logback.classic.spi.ILoggingEvent;
-import ch.qos.logback.core.read.ListAppender;
 import ee.sk.mid.exception.MidInternalErrorException;
 import org.junit.Test;
-import org.slf4j.LoggerFactory;
 
 public class AuthenticationResponseValidatorTest {
 
@@ -101,37 +95,6 @@ public void validate_whenCertificateNotTrusted_shouldReturnCertificateNotTrusted
         assertThat(authenticationResult.getErrors(), hasItem(equalTo("Certificate that was returned is not signed by CA that is configured as trusted in mid-rest-java-client")));
     }
 
-    @Test
-    public void validate_whenTrustedCaIterationFailsInitially_shouldLogAtDebugLevel() {
-        X509Certificate wrongCaCertificate = fileToX509Certificate("/trusted_certificates/TEST_of_ESTEID-SK_2011.pem.crt");
-        X509Certificate correctCaCertificate = fileToX509Certificate("/trusted_certificates/TEST_of_ESTEID-SK_2015.pem.crt");
-        MidAuthenticationResponseValidator validator = new MidAuthenticationResponseValidator(Arrays.asList(wrongCaCertificate, correctCaCertificate));
-
-        Logger validatorLogger = (Logger) LoggerFactory.getLogger(MidAuthenticationResponseValidator.class);
-        Level previousLevel = validatorLogger.getLevel();
-        validatorLogger.setLevel(Level.DEBUG);
-        ListAppender<ILoggingEvent> listAppender = new ListAppender<>();
-        listAppender.start();
-        validatorLogger.addAppender(listAppender);
-        try {
-            MidAuthenticationResult authenticationResult = validator.validate(createValidMobileIdAuthentication());
-            assertThat(authenticationResult.isValid(), is(true));
-        } finally {
-            validatorLogger.detachAppender(listAppender);
-            validatorLogger.setLevel(previousLevel);
-        }
-
-        boolean hasDebugLog = listAppender.list.stream()
-                .anyMatch(event -> event.getLevel().equals(Level.DEBUG)
-                        && event.getFormattedMessage().contains("Error verifying signer's certificate"));
-        boolean hasWarnLog = listAppender.list.stream()
-                .anyMatch(event -> event.getLevel().equals(Level.WARN)
-                        && event.getFormattedMessage().contains("Error verifying signer's certificate"));
-
-        assertThat(hasDebugLog, is(true));
-        assertThat(hasWarnLog, is(false));
-    }
-
     @Test
     public void validate_whenResultLowerCase_shouldReturnValidAuthenticationResult() throws Exception {
         MidAuthentication authentication = MidAuthentication.newBuilder()

From 7143063fdc5c884e46467b640491e5273286be8b Mon Sep 17 00:00:00 2001
From: Kaido Hallik <Kaido.Hallik@nortal.com>
Date: Fri, 10 Apr 2026 10:04:50 +0300
Subject: [PATCH 3/4] Update demo certificates

---
 .../ee/sk/mid/integration/MobileIdSsIT.java   |  76 +++++++++---------
 .../demo_server_trusted_ssl_certs.jks         | Bin 3426 -> 5196 bytes
 2 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/src/test/java/ee/sk/mid/integration/MobileIdSsIT.java b/src/test/java/ee/sk/mid/integration/MobileIdSsIT.java
index 4154588..75ccd0f 100644
--- a/src/test/java/ee/sk/mid/integration/MobileIdSsIT.java
+++ b/src/test/java/ee/sk/mid/integration/MobileIdSsIT.java
@@ -71,45 +71,45 @@ public class MobileIdSsIT {
             "s/OHdPfZDLVzkZJA4Vl/GqmJpFAUF+FtG/oFT5gmRw==\n" +
             "-----END CERTIFICATE-----\n";
 
-    public static final LocalDate DEMO_SERVER_CERT_EXPIRATION_DATE = LocalDate.of(2023, 3, 12);
+    public static final LocalDate DEMO_SERVER_CERT_EXPIRATION_DATE = LocalDate.of(2027, 2, 6);
     public static final String DEMO_SERVER_CERT = "-----BEGIN CERTIFICATE-----\n"
-            + "MIIGnzCCBYegAwIBAgIQBlOQJ8OKOh8bDPa6dZqdgjANBgkqhkiG9w0BAQsFADBP\n"
-            + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE\n"
-            + "aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjAyMDgwMDAwMDBa\n"
-            + "Fw0yMzAzMTEyMzU5NTlaMFUxCzAJBgNVBAYTAkVFMRAwDgYDVQQHEwdUYWxsaW5u\n"
-            + "MRswGQYDVQQKExJTSyBJRCBTb2x1dGlvbnMgQVMxFzAVBgNVBAMTDnRzcC5kZW1v\n"
-            + "LnNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9TYONK+Jm+m\n"
-            + "3AhmJ3YZqyeTYRVHS4vgo3GzKIn4yu/m4Erf819MVsC4KRzadewp1VXD13SYh9Ds\n"
-            + "xcVUWhMvM3Axp80EY+7YibbxxaWwuL7KIPvSeWVtI0mOI6fm/oU+MOgufUeGtpXY\n"
-            + "m08uJLppvUkbrbFOz2FUTNtQQsQozAVZPPIstQgjY+kylKejMnKECA5lnrGKDSfs\n"
-            + "VX6hJKRfYC3EIMujb5LpTIN86sio8Bm8tezEItRcX6IR/tWQ7t/FrA3j6yNKPBls\n"
-            + "pqnHXm5SyUdmiGBU7wnisxpaVHCxKBanGnxO/KP9f7ni/uj4GR7PgLOzktujIH4w\n"
-            + "Vc39FS4sqQIDAQABo4IDbzCCA2swHwYDVR0jBBgwFoAUt2ui6qiqhIx56rTaD5iy\n"
-            + "xZV2ufQwHQYDVR0OBBYEFCbBdIC0nlRYXaqIQzgPyYm6Wu73MBkGA1UdEQQSMBCC\n"
-            + "DnRzcC5kZW1vLnNrLmVlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\n"
-            + "BQcDAQYIKwYBBQUHAwIwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMu\n"
-            + "ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS0yLmNybDBA\n"
-            + "oD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hB\n"
-            + "MjU2MjAyMENBMS0yLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUF\n"
-            + "BwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfQYIKwYBBQUHAQEEcTBv\n"
-            + "MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRwYIKwYBBQUH\n"
-            + "MAKGO2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNI\n"
-            + "QTI1NjIwMjBDQTEuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIB\n"
-            + "bgSCAWoBaAB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABfthx\n"
-            + "ZTgAAAQDAEYwRAIgVQdSq5eZ1uMtcCKgl7VY3/+NsCbkpp3rggIVI90g9j8CIGnv\n"
-            + "uUSUACic9TRk9XDW7qicOzatz9Ws+t9u3HHSfJ+3AHcANc8ZG7+xbFe/D61MbULL\n"
-            + "u7YnICZR6j/hKu+oA8M71kwAAAF+2HFk+wAABAMASDBGAiEA/y27pjWRcwDJJTKi\n"
-            + "g3e+yFBlG5FCBHBtG4HYcJl1r9oCIQCbOcQAv8xkGj41wNvJ6nVEv/YokkPbrbsE\n"
-            + "41aoJba3IQB2ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWaAAABfthx\n"
-            + "ZRwAAAQDAEcwRQIgE1d1hWCbOolIK9TaF5UDgBQdWu8dDPyr/EyJqECsZ7wCIQDu\n"
-            + "UBZYdqlYEXGsJQPygSJqI0xrVUHi2hA04+c3J4mEyTANBgkqhkiG9w0BAQsFAAOC\n"
-            + "AQEAX0I3woJ1Z7ooQkX9SE11SohaDF6SuoPk8uY2ZZPhG+A31P7iCR026qCgwduG\n"
-            + "nmoNYnFG3Qx9P4hb1Sgf66zXd2z/qK/o7rJ43lUP1NPuRDDTvmXYBWgGQWNA9S5j\n"
-            + "LqO4LM5T7C4I/yrmb074G3hiJluUFuy+tPBOw/GyzzZndOCluoFBFvJXOQD+MCHC\n"
-            + "o0MEBhwlg4rX+Fw6cvvVXWe5bSmCmJlZk/lH/Fc6N796onhWdqMzPPj8mbCfbu6W\n"
-            + "2BNMilGZv6yIZ2mpYUfJ/x/L1dhE9YHNEUwjTwRjegMJkb/2/62huW5VzZl5gxb2\n"
-            + "MgWa5A2kruGgyzvgftx+fRb6tA==\n"
-         + "-----END CERTIFICATE-----\n";
+            + "MIIGujCCBaKgAwIBAgIQAvzLET/HKStz0GM6x/Dx9zANBgkqhkiG9w0BAQsFADBZ\n"
+            + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE\n"
+            + "aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjYw\n"
+            + "MTA2MDAwMDAwWhcNMjcwMjA2MjM1OTU5WjBVMQswCQYDVQQGEwJFRTEQMA4GA1UE\n"
+            + "BxMHVGFsbGlubjEbMBkGA1UEChMSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQQD\n"
+            + "Ew50c3AuZGVtby5zay5lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+            + "AL2uXO+8VCXz7P9c1E6SzbssRqMcTq3CFWgM2jTiJmN0271Y208GiPB2P6A/jOQu\n"
+            + "/pbky7Y494OpCbGKgH82Kiox/NILRyKQZoEqWIKSFr9BoCb5i45ZZfBIdC7EtwvV\n"
+            + "RtlILDFCetBOztc+XOBh8ZO8GBgrhZ0Osa55HHmdLQAetcfX9HvYe8XoH4doc6za\n"
+            + "YZ7ocP4VFvyKoKpj32uVSNborgkOE04HS20/IHjYl4QQ/tbjHymZW1ENA6n0URxw\n"
+            + "aHBev4GnF6BgoeNg1xbMf3l+Zan4jUT1xywr8Y3tCJd8TPWVA8s1+gY1PE+Wj3tC\n"
+            + "MrhmGoTJBNrtJdLq5MmrPsECAwEAAaOCA4AwggN8MB8GA1UdIwQYMBaAFHSFgMBm\n"
+            + "x9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBTaA9oJontGg5jKsb2uklqZzonBgTAZ\n"
+            + "BgNVHREEEjAQgg50c3AuZGVtby5zay5lZTA+BgNVHSAENzA1MDMGBmeBDAECAjAp\n"
+            + "MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0P\n"
+            + "AQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGfBgNVHR8EgZcwgZQwSKBG\n"
+            + "oESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExT\n"
+            + "UlNBU0hBMjU2MjAyMENBMS0xLmNybDBIoEagRIZCaHR0cDovL2NybDQuZGlnaWNl\n"
+            + "cnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3Js\n"
+            + "MIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj\n"
+            + "ZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t\n"
+            + "L0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1Ud\n"
+            + "EwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AExj3JjlnB2riPYe\n"
+            + "ij3ero+rRKM3e1+blMP7oZz8wb4mAAABm5OS2tQAAAQDAEcwRQIgRX1rOx5VdRnn\n"
+            + "xRaRhIAaMH6MT8Oz3a//HQaKFLd29+8CIQC65BZeeJ7ciGmNjuEdvqH6xWM3j0Rx\n"
+            + "+UwR32DQkzfY1AB2AByfaCzp+vBFaVD4G5aKh93bMhDYTObIsuOCUkrEz1mfAAAB\n"
+            + "m5OS2uwAAAQDAEcwRQIgF8Wy26uMM+m385qW7AL8OmkdjN7h8F1AM+IWaEy+EQEC\n"
+            + "IQCOaJ9LwiI6vI+wC0SGm/8OQwQ/ZMgTCXwYpc0QKe17lwB2AGBMmq96f3dfAdQG\n"
+            + "/JINyJnrCxx9+MlSG/r6F3c7l4vJAAABm5OS26UAAAQDAEcwRQIhAN1H0YZN65bC\n"
+            + "WArSxO3VtDSJ1ZgEr/6BoCbLYeB3DsxFAiAROHFeImcLvLeRNxhP4fXRKlrOLaqg\n"
+            + "tHlK9xhlVjX0cjANBgkqhkiG9w0BAQsFAAOCAQEAIWJFR5AmbX48i1AYltc0Misk\n"
+            + "g7NPwa7wbjm0yzELKZlHGaEZ+K9EzVQSVsCSIUwizrStD3NBfJ5nVABpErpBervu\n"
+            + "w0cfP+xyie/rHUPt/KnCvrUHCj+FJQYLJ0Vx0VPoE279qPpVETy03mtyUExLxABR\n"
+            + "ujN6+MHtH5rTIwcaWWaFvcUBBvP27il5dgr0/qBQlZO+JvbkQBUC2uNdCwAwv3As\n"
+            + "YjA5paaVAF6xAt5TtGeBR4KC+xfTbtL/FO09jSq7ivG7B8Dcz6ZJa+hmArOiFVp0\n"
+            + "MM6cni+f0eGON0L6r+XQF+jyUsghrb1XKb9T6t9TIeY4G6h+ubNU1af8KmZQMA==\n"
+            + "-----END CERTIFICATE-----\n";
 
     @Test(expected = MidSslException.class)
     public void makeRequestToGoogleApi_useDefaultSSLContext_sslHandshakeFailsAndThrowsException() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
diff --git a/src/test/resources/demo_server_trusted_ssl_certs.jks b/src/test/resources/demo_server_trusted_ssl_certs.jks
index aebfc980a28d7a0ffa88f86c30d99b227ee399eb..b83cacd23f34e7230a3c5e00c03b45ea57b32336 100644
GIT binary patch
delta 1357
zcmZ9Ldo+}J7{}kscr`PKFeVv>qBUfHModu&!`Mvjwb&9_x1)<BVr0w|m1|5!Qj9uX
zWMf5Z*EQl`<r=XRiCV=Jn~-MNQCoZ3=bYz{=lMS8`JD4yo~b|hMs88OD25;ikvdu;
zmxM9RAPBx3!MH<*WIT*a!Da};Y5*Ur0DPG%A{2oUL=lm+Dp@w^8yxNQGjE!jo&)k2
zo|a&rFeeYgL>UNprgL<6ngC-A-GxJyY0TijU>pCia4PG-;r+e`s4P0wo$W?-b+e+n
z*;~;~&8T!h2UHs?W1y)fPd5X`zzlpeFKNh-YG&!9TyAyIo;OwQx^E|!_VhSrv{f3~
zUDa^BU9TD>H?Z-Uo?rN2wa1_nc4jKVQe>GtX0#|AYyD-@+{prbNn#w=j7Bq-bQ4)R
z=K^>%4}J!z)=H%JJ}K4Hf66}GsG*$LYxjq}p|N#zr(=8HwmnaMrv+7HvO)Z1g_5Eu
zji}2TAg<=!roI_YKc{hA>vYi3p9Xw$$3quYNs>g-Ex+NAO#4UUMR)~eM_Gr1mek|@
zS*H{iAB}41XaC?Lj~2|hXoLoZde`!9sEK^?M}7K854cgW{sr?X%y&(O2Gc3x6<IOt
zcbRCb=>lfD#YvdPv8MkTpnj?aHz3ySel^xo=(Md4L175K%17e>AB_Q8((zK(;>ds$
zrxG3?cQ2r6m@(8*t<SiHQfkC)YJjp_pnxOcR0hxi{1uMf$qT=iR2OA<Ww)QL;|Yop
z4Z$RSySc)0*-98*!r@RvMg)|XV_lpaAYdyDFjz)L7KH&XZ#k=l<7ENfd0;QH6EPF4
z1uIeQ6`z*Mq6^O9RpgD0{K5`=kxTGj%cM^-@AT)!FpT4XD1ilGy}Zlk96%Cm1&0ai
zzG^IR#E}G*1Tr@QV*5S5@ca^`@XV}c;?|*}v_j@p24`Q+`THO8FG=cZ^rYvTBgh!&
zfgl_Tv4AZ?wLKAHp}FhW>OUJv>8Ik<L2R<q{n97JOB5_or95Kp4WbQIjFG&L=RQ6Y
zoRT_1smWhx^kbwkkGy9q4f}Ko82vp^1f-D{WcZT1Fl8I;JikVmc>2j8U9q42qWR7!
z-*rbrhiBfu;K~2MYK?aW3zJP=mcP9yoJ1t%!Ib2ok*U4gO`eg0*fmP96r38A=TNU>
zUX}JUk(rRQq+o-y{IOXXA49&@rl>FGWJ$q3?2E<G+{k@!4<_Me$Tw$C5H(KBx45oZ
zSWt_!$VzJY1RlKh1*{D{VRa?!oDkM~5V{-0y=5EE_FljhFY-ist-enq6&^^3qO|FV
zw@x6jsyv-Rb{cutMe}Oka7$DcwPTL#zuR;s?0-Lv@?jX#-p{pVozpuQyCun)EbQAz
zH&}PF)Typ$>d@x0R%4=mHfweM>iJ@3oBOKW_cFBEI_+h*S01&B$qjUef>%{oMOVJQ
z&(gA-3_JT~f?^|<6x7$;l_gll>te+9wnw_$#+48KeRE-#(w4HJkT7SqLj&YeVG=!G
zC)T?7aILJmXFxo+x)H|S&c4=<iXhA^ikveAHF~pS+f|W)(Y-_n)P@@F2b-^5&xE{7
zkRi9SKpu<F|Dg8pQ1_CGcxwu+GI6?6_TJ-;>)(Zp2Oy<aRK3DM`=#7(^SVY-8P*HM
z&pXw||8i~CzFqyjey!W9VK?m;o7UWn{jJo!_lATP;0#K+SO=!UwV1e@GfO_^#4y#0
MbYKY$lMfsG1Hqgq4gdfE

delta 47
zcmX@3@kom2-`jt085kItKzJihH{0e$-tBB6PnM_ZtrPjuzWx7egG|Sp>V}Q$Yyibt
B6R7|I


From f00170cb0986d9645e716e4cdbeac4108ecd7d93 Mon Sep 17 00:00:00 2001
From: Kaido Hallik <Kaido.Hallik@nortal.com>
Date: Fri, 10 Apr 2026 15:53:01 +0300
Subject: [PATCH 4/4] Update changelog

---
 CHANGELOG.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f60a91d..3dde430 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 
 
-## [1.6] - upcoming
+## [1.7] - upcoming
+
+### Changed
+- Reduce logging level when validating user certificates
+- Update demo certificates
+
+## [1.6] - 2025-04-07
 
 ### Changed
 - Added two examples (and unit tests) that show how to use a proxy to acces the server