From 775cf41deeecbfb616fccc97f60a326e0e5af688 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 20 Jan 2023 19:32:08 +0200 Subject: [PATCH 01/57] docs(index.html): Belgian cards are supported now --- example/src/main/resources/templates/index.html | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/example/src/main/resources/templates/index.html b/example/src/main/resources/templates/index.html index e24d4c74..2f45906c 100644 --- a/example/src/main/resources/templates/index.html +++ b/example/src/main/resources/templates/index.html @@ -27,9 +27,8 @@

Web eID: electronic ID smart cards on the Web

secure authentication and digital signing of documents on the web using public-key cryptography.

- Estonian, Finnish, Latvian, Lithuanian and Croatian eID cards are supported in the first phase, but only - Estonian eID card support is currently enabled in the test application below. Belgian eID support is - upcoming. + Estonian, Finnish, Latvian, Lithuanian, Belgian and Croatian eID cards are supported in the first phase, + but only Estonian eID card support is currently enabled in the test application below.

Please get in touch by email at help@ria.ee in case you need support with adding Web eID to your project From e21c1a28bc96c49b2ddb08c7125f8d519a8cea38 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 20 Jan 2023 19:52:30 +0200 Subject: [PATCH 02/57] chore: update copyright year Signed-off-by: Mart Somermaa --- .../WebEidSpringbootExampleApplication.java | 2 +- .../config/ApplicationConfiguration.java | 2 +- .../config/SameSiteCookieConfiguration.java | 2 +- .../SessionBackedChallengeNonceStore.java | 22 +++++++++++++++++++ .../config/ValidationConfiguration.java | 2 +- .../eu/webeid/example/config/YAMLConfig.java | 2 +- .../AuthTokenDTOAuthenticationProvider.java | 2 +- .../WebEidAjaxLoginProcessingFilter.java | 2 +- .../security/WebEidAuthentication.java | 2 +- .../AjaxAuthenticationFailureHandler.java | 2 +- .../AjaxAuthenticationSuccessHandler.java | 2 +- .../example/security/dto/AuthTokenDTO.java | 2 +- .../example/service/SigningService.java | 2 +- .../example/service/dto/CertificateDTO.java | 2 +- .../example/service/dto/ChallengeDTO.java | 2 +- .../webeid/example/service/dto/DigestDTO.java | 2 +- .../webeid/example/service/dto/FileDTO.java | 2 +- .../service/dto/SignatureAlgorithmDTO.java | 2 +- .../example/service/dto/SignatureDTO.java | 2 +- .../webeid/example/web/WelcomeController.java | 2 +- .../example/web/rest/ChallengeController.java | 2 +- .../example/web/rest/SigningController.java | 2 +- .../src/main/resources/static/js/errors.js | 2 +- .../src/main/resources/static/js/web-eid.js | 2 +- .../AuthenticationRestControllerTest.java | 2 +- .../eu/webeid/example/DateMockingTest.java | 2 +- .../eu/webeid/example/WebApplicationTest.java | 2 +- .../eu/webeid/example/testutil/Dates.java | 2 +- .../webeid/example/testutil/HttpHelper.java | 2 +- .../webeid/example/testutil/ObjectMother.java | 2 +- 30 files changed, 51 insertions(+), 29 deletions(-) diff --git a/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java b/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java index 8336b75f..2af43ab4 100644 --- a/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java +++ b/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java index d29add33..0b5c2dc2 100644 --- a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java b/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java index 4803cf99..1b873297 100644 --- a/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java index c9021caf..054c93c8 100644 --- a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java +++ b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java @@ -1,3 +1,25 @@ +/* + * Copyright (c) 2020-2023 Estonian Information System Authority + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + package eu.webeid.example.config; import org.jetbrains.annotations.NotNull; diff --git a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java index 4fcc5056..26c6e0e9 100644 --- a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2021 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java index 5c874ef5..e8fecd3d 100644 --- a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java +++ b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java b/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java index 8cc05ac4..95ea1eea 100644 --- a/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java +++ b/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2021 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java index 0d8ed013..de319eb2 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java index c9966980..1726ff13 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java index a21e7e9d..d7c308e7 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java index 4567db7a..e1e0db09 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java b/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java index a2f4b01f..c0f4cd29 100644 --- a/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java +++ b/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index 80e7fc62..a219e4ec 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2021 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java b/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java index 4d80ddec..cc0c1032 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java b/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java index 872a2604..a882db29 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java b/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java index 1b05dba7..483a71b3 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java b/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java index 47a2bcf8..af2e24ee 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java index 142e3930..4ee0a5a6 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java index c3df7023..5a416cc3 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/WelcomeController.java b/example/src/main/java/eu/webeid/example/web/WelcomeController.java index 22befa97..dcd09daa 100644 --- a/example/src/main/java/eu/webeid/example/web/WelcomeController.java +++ b/example/src/main/java/eu/webeid/example/web/WelcomeController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java b/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java index 01eec9df..a81aa687 100644 --- a/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java +++ b/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/rest/SigningController.java b/example/src/main/java/eu/webeid/example/web/rest/SigningController.java index 840cde8e..abdda221 100644 --- a/example/src/main/java/eu/webeid/example/web/rest/SigningController.java +++ b/example/src/main/java/eu/webeid/example/web/rest/SigningController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2021 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/resources/static/js/errors.js b/example/src/main/resources/static/js/errors.js index 7bc8c92c..1665e6d4 100644 --- a/example/src/main/resources/static/js/errors.js +++ b/example/src/main/resources/static/js/errors.js @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/resources/static/js/web-eid.js b/example/src/main/resources/static/js/web-eid.js index ee9b770c..0fd4f07a 100644 --- a/example/src/main/resources/static/js/web-eid.js +++ b/example/src/main/resources/static/js/web-eid.js @@ -1,7 +1,7 @@ /** * MIT License * - * Copyright (c) 2020-2022 Estonian Information System Authority + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java b/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java index 74bf6b52..fcd42140 100644 --- a/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java +++ b/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/DateMockingTest.java b/example/src/test/java/eu/webeid/example/DateMockingTest.java index 75513a93..6d96ba6c 100644 --- a/example/src/test/java/eu/webeid/example/DateMockingTest.java +++ b/example/src/test/java/eu/webeid/example/DateMockingTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/WebApplicationTest.java b/example/src/test/java/eu/webeid/example/WebApplicationTest.java index f4e51acf..4295915d 100644 --- a/example/src/test/java/eu/webeid/example/WebApplicationTest.java +++ b/example/src/test/java/eu/webeid/example/WebApplicationTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2021 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/testutil/Dates.java b/example/src/test/java/eu/webeid/example/testutil/Dates.java index 152a9ff6..23e367c1 100644 --- a/example/src/test/java/eu/webeid/example/testutil/Dates.java +++ b/example/src/test/java/eu/webeid/example/testutil/Dates.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java b/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java index a45c74c1..2a548df4 100644 --- a/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java +++ b/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java index 5d4b0810..2b075765 100644 --- a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java +++ b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 The Web eID Project + * Copyright (c) 2020-2023 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal From 9b4e8e5444e99c6f90d24623c147413899522c1d Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Wed, 1 Mar 2023 11:39:46 +0200 Subject: [PATCH 03/57] Remove bionic support (#22) IB-7398 Signed-off-by: Kristel Merilain --- .../scripts/download-install-web-eid.sh | 30 +++++++------------ 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index 9eb11483..32e23dea 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -59,7 +59,6 @@ test_root test_sudo # version name LTS supported until -# 18.04 bionic LTS 2023-04 # 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 # 22.10 kinetic - 2023-07 @@ -75,11 +74,6 @@ case $distro in debian) make_warn "Debian is not officially supported" case "$codename" in - buster) - make_warn "Debian $codename is not officially supported" - make_warn "Installing from ubuntu-bionic repository" - make_install '18.04' - ;; bullseye) make_warn "Debian $codename is not officially supported" make_warn "Installing from ubuntu-focal repository" @@ -96,10 +90,10 @@ case $distro in *) ;; esac case $codename in - utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish) + utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic) make_fail "Ubuntu $codename is not officially supported" ;; - bionic|focal|jammy|kinetic) + focal|jammy|kinetic) make_install $release ;; *) @@ -112,27 +106,23 @@ case $distro in linuxmint) case $release in 21*) - make_warn "Linuxmint 21 is not officially supported" + make_warn "Linux Mint 21 is not officially supported" make_install '22.04' ;; 20*) - make_warn "Linuxmint 20 is not officially supported" + make_warn "Linux Mint 20 is not officially supported" make_install '20.04' ;; - 19*) - make_warn "LinuxMint 19 is not officially supported" - make_install '18.04' - ;; *) - make_fail "LinuxMint $release is not officially supported" + make_fail "Linux Mint $release is not officially supported" ;; esac ;; elementary*os|elementary) case $release in - 5.*) - make_warn "Elementary OS 5 is not officially supported" - make_install '18.04' + 7*) + make_warn "Elementary OS 7 is not officially supported" + make_install '22.04' ;; *) make_fail "Elementary OS $release is not officially supported" @@ -141,10 +131,10 @@ case $distro in ;; pop) case $codename in - artful|cosmic|disco|eoan) + artful|cosmic|disco|eoan|bionic) make_fail "Pop!_OS $codename is not officially supported" ;; - bionic|focal) + focal) make_warn "Pop!_OS $codename is not officially supported" make_install $release ;; From 6837a640939e992d0da09d3576c28acf15f6a123 Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Wed, 19 Apr 2023 13:47:33 +0300 Subject: [PATCH 04/57] Update Ubuntu package version and add bookworm support --- .../static/scripts/download-install-web-eid.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index 32e23dea..3598b9c2 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -34,9 +34,9 @@ make_install() { echo "Installing Web eID packages for Ubuntu $1" TMPDIR=`mktemp -d` cd $TMPDIR - VERSION='2.2.0' + VERSION='2.3.0' # BUILD=`[[ $1 == *0 ]] && echo 555 || echo 552` - BUILD='572' + BUILD='619' UBUNTU_VERSION=${1//./} wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid-chrome_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" @@ -79,6 +79,11 @@ case $distro in make_warn "Installing from ubuntu-focal repository" make_install '20.04' ;; + bookworm) + make_warn "Debian $codename is not officially supported" + make_warn "Installing from ubuntu-kinetic repository" + make_install '22.10' + ;; *) make_fail "Debian $codename is not officially supported" ;; @@ -134,7 +139,7 @@ case $distro in artful|cosmic|disco|eoan|bionic) make_fail "Pop!_OS $codename is not officially supported" ;; - focal) + focal|jammy) make_warn "Pop!_OS $codename is not officially supported" make_install $release ;; From d10286b511f15e28ce056f471c38ed1f4efa62fd Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Thu, 27 Apr 2023 06:43:28 +0300 Subject: [PATCH 05/57] Update copyright year (#24) --- example/LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/LICENSE b/example/LICENSE index 1d8f1fda..326ac324 100644 --- a/example/LICENSE +++ b/example/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2020-2022 Estonian Information System Authority +Copyright (c) 2020-2023 Estonian Information System Authority Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 742d2fdcc183a90f6f0c40b776c98421ab9e2b4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 22:51:18 +0000 Subject: [PATCH 06/57] build(deps): bump guava from 31.1-jre to 32.0.0-jre Bumps [guava](https://github.com/google/guava) from 31.1-jre to 32.0.0-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- example/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/pom.xml b/example/pom.xml index f16f38cd..72ad4484 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -22,7 +22,7 @@ 2.8.5 2.1.1 4.3.0 - 31.1-jre + 32.0.0-jre 4.10.0 1.44 From 7273a6a143db51f3c06d80d8d8054559763d2549 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Tue, 11 Jul 2023 20:09:30 +0300 Subject: [PATCH 07/57] release: Web eID release v2.3.0/1 Signed-off-by: Mart Somermaa --- example/pom.xml | 14 ++++---------- example/src/main/resources/templates/index.html | 8 ++++---- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/example/pom.xml b/example/pom.xml index 72ad4484..bfc80932 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.7.7 + 2.7.13 org.webeid.example @@ -20,9 +20,9 @@ 1.8 2.22.1 2.8.5 - 2.1.1 + 2.1.2 4.3.0 - 32.0.0-jre + 32.0.1-jre 4.10.0 1.44 @@ -143,14 +143,8 @@ gitlab https://gitlab.com/api/v4/projects/19948337/packages/maven - - true - - - true - diff --git a/example/src/main/resources/templates/index.html b/example/src/main/resources/templates/index.html index 2f45906c..e1265081 100644 --- a/example/src/main/resources/templates/index.html +++ b/example/src/main/resources/templates/index.html @@ -66,16 +66,16 @@

Usage

Firefox in Ubuntu 22.04+. Instructions how to do that are available here. -
  • on macOS 10.15 or later, for Firefox and Chrome from here, +
  • on macOS 11 or later, for Firefox and Chrome from here,
    • -
  • on macOS 10.15 or later, for Safari, install the extension from on macOS 11 or later, for Safari, install the extension from App Store,
  • on Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, for Firefox, Chrome and Edge from here. + href="https://installer.id.ee/media/web-eid/web-eid_2.3.1.634.x64.exe">here.
    • From 2c2e9776712f82cba63e7cc35fbd5fd2a17ee882 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Fri, 28 Jul 2023 22:29:35 +0300 Subject: [PATCH 08/57] Update download-install-web-eid.sh Add lunar to supported list --- .../resources/static/scripts/download-install-web-eid.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index 3598b9c2..d7dc1a7b 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -62,8 +62,9 @@ test_sudo # 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 # 22.10 kinetic - 2023-07 -LATEST_SUPPORTED_UBUNTU_CODENAME='kinetic' -LATEST_SUPPORTED_UBUNTU_VERSION='22.10' +# 23.04 lunar - 2024-01 +LATEST_SUPPORTED_UBUNTU_CODENAME='lunar' +LATEST_SUPPORTED_UBUNTU_VERSION='23.04' # Check the distro and release. distro=$(lsb_release -is | tr '[:upper:]' '[:lower:]') @@ -98,7 +99,7 @@ case $distro in utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic) make_fail "Ubuntu $codename is not officially supported" ;; - focal|jammy|kinetic) + focal|jammy|kinetic|lunar) make_install $release ;; *) From e582617419e4c20d146101b182ee824e6f950b2a Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Fri, 4 Aug 2023 13:54:38 +0300 Subject: [PATCH 09/57] Update Ubuntu package version (#28) WE2-809 Signed-off-by: Kristel Merilain --- .../main/resources/static/scripts/download-install-web-eid.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index d7dc1a7b..efbfd0ae 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -34,9 +34,9 @@ make_install() { echo "Installing Web eID packages for Ubuntu $1" TMPDIR=`mktemp -d` cd $TMPDIR - VERSION='2.3.0' + VERSION='2.4.0' # BUILD=`[[ $1 == *0 ]] && echo 555 || echo 552` - BUILD='619' + BUILD='639' UBUNTU_VERSION=${1//./} wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid-chrome_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" From 360ed8158393e29e995881d97af63b81337c460d Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Mon, 7 Aug 2023 17:36:22 +0300 Subject: [PATCH 10/57] deps: update to Java 11 and web-eid-authtoken-validation v3, get rid of Guava and OkHttp --- example/.github/workflows/maven-build.yml | 13 ++++++----- example/docker-compose.yml | 2 +- example/pom.xml | 22 ++++--------------- .../SessionBackedChallengeNonceStore.java | 2 -- .../example/service/SigningService.java | 20 ++++++++++++----- .../src/main/resources/static/js/web-eid.js | 4 ++-- .../src/main/resources/templates/index.html | 4 ++-- 7 files changed, 30 insertions(+), 37 deletions(-) diff --git a/example/.github/workflows/maven-build.yml b/example/.github/workflows/maven-build.yml index be61680c..7b3120c7 100644 --- a/example/.github/workflows/maven-build.yml +++ b/example/.github/workflows/maven-build.yml @@ -7,18 +7,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - uses: actions/setup-java@v1 + - uses: actions/setup-java@v3 with: - java-version: 1.8 + distribution: zulu + java-version: 11 - name: Cache Maven packages - uses: actions/cache@v1 + uses: actions/cache@v3 with: path: ~/.m2 - key: ${{ runner.os }}-m2-v8-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2-v8-${{ secrets.CACHE_VERSION }} + key: ${{ runner.os }}-m2-v11-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2-v11-${{ secrets.CACHE_VERSION }} - name: Build run: mvn --batch-mode compile diff --git a/example/docker-compose.yml b/example/docker-compose.yml index c7231bf7..bae7f83d 100644 --- a/example/docker-compose.yml +++ b/example/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: web-eid-springboot-example: - image: web-eid-springboot-example:2.0.0-SNAPSHOT + image: web-eid-springboot-example:3.0.0-SNAPSHOT restart: always environment: JAVA_TOOL_OPTIONS: '-Dspring.profiles.active=prod' diff --git a/example/pom.xml b/example/pom.xml index bfc80932..635e01cc 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -5,25 +5,22 @@ org.springframework.boot spring-boot-starter-parent - 2.7.13 + 2.7.14 org.webeid.example web-eid-springboot-example - 2.0.0-SNAPSHOT + 3.0.0-SNAPSHOT web-eid-springboot-example Example Spring Boot project that demonstrates how to use Web eID for authentication and digital signing - 1.8 + 11 2.22.1 - 2.8.5 - 2.1.2 + 3.0.0 4.3.0 - 32.0.1-jre - 4.10.0 1.44 @@ -49,17 +46,6 @@ spring-security-config - - com.google.guava - guava - ${guava.version} - - - com.squareup.okhttp3 - okhttp - ${okhttp.version} - - org.digidoc4j digidoc4j diff --git a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java index 054c93c8..00e0b9f1 100644 --- a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java +++ b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java @@ -22,7 +22,6 @@ package eu.webeid.example.config; -import org.jetbrains.annotations.NotNull; import org.springframework.beans.factory.ObjectFactory; import eu.webeid.security.challenge.ChallengeNonce; import eu.webeid.security.challenge.ChallengeNonceStore; @@ -51,7 +50,6 @@ public ChallengeNonce getAndRemoveImpl() { return challengeNonce; } - @NotNull private HttpSession currentSession() { return httpSessionFactory.getObject(); } diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index a219e4ec..aa5fba8f 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -22,27 +22,33 @@ package eu.webeid.example.service; -import com.google.common.io.ByteStreams; import eu.webeid.example.config.YAMLConfig; import eu.webeid.example.security.WebEidAuthentication; import eu.webeid.example.service.dto.CertificateDTO; import eu.webeid.example.service.dto.DigestDTO; import eu.webeid.example.service.dto.FileDTO; import eu.webeid.example.service.dto.SignatureDTO; +import eu.webeid.security.certificate.CertificateData; import org.apache.commons.io.FilenameUtils; -import org.digidoc4j.*; +import org.digidoc4j.Configuration; +import org.digidoc4j.Container; +import org.digidoc4j.ContainerBuilder; +import org.digidoc4j.DataFile; +import org.digidoc4j.DataToSign; +import org.digidoc4j.Signature; +import org.digidoc4j.SignatureBuilder; +import org.digidoc4j.SignatureProfile; import org.digidoc4j.utils.TokenAlgorithmSupport; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.ObjectFactory; import org.springframework.core.io.ByteArrayResource; import org.springframework.stereotype.Service; -import eu.webeid.example.web.rest.SigningController; -import eu.webeid.security.certificate.CertificateData; import javax.servlet.http.HttpSession; import javax.xml.bind.DatatypeConverter; import java.io.IOException; +import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; @@ -55,7 +61,7 @@ public class SigningService { private static final String SESSION_ATTR_FILE = "file-to-sign"; private static final String SESSION_ATTR_CONTAINER = "container-to-sign"; private static final String SESSION_ATTR_DATA = "data-to-sign"; - private static final Logger LOG = LoggerFactory.getLogger(SigningController.class); + private static final Logger LOG = LoggerFactory.getLogger(SigningService.class); private final Configuration signingConfiguration; ObjectFactory httpSessionFactory; @@ -145,7 +151,9 @@ public String getContainerName() { public ByteArrayResource getSignedContainerAsResource() throws IOException { Container signedContainer = (Container) Objects.requireNonNull(currentSession().getAttribute(SESSION_ATTR_CONTAINER)); - return new ByteArrayResource(ByteStreams.toByteArray(signedContainer.saveAsStream())); + try (final InputStream stream = signedContainer.saveAsStream()) { + return new ByteArrayResource(stream.readAllBytes()); + } } private Container getContainerToSign(FileDTO fileDTO) { diff --git a/example/src/main/resources/static/js/web-eid.js b/example/src/main/resources/static/js/web-eid.js index 0fd4f07a..520fa88f 100644 --- a/example/src/main/resources/static/js/web-eid.js +++ b/example/src/main/resources/static/js/web-eid.js @@ -104,7 +104,7 @@ class ExtensionUnavailableError extends Error { } var config = Object.freeze({ - VERSION: "2.0.1", + VERSION: "2.0.2", EXTENSION_HANDSHAKE_TIMEOUT: 1000, NATIVE_APP_HANDSHAKE_TIMEOUT: 5 * 1000, DEFAULT_USER_INTERACTION_TIMEOUT: 2 * 60 * 1000, @@ -243,7 +243,7 @@ class WebExtensionService { (_d = message.warnings) === null || _d === void 0 ? void 0 : _d.forEach((warning) => { if (!this.loggedWarnings.includes(warning)) { this.loggedWarnings.push(warning); - console.warn(warning); + console.warn(warning.replace(/\n|\r/g, "")); } }); } diff --git a/example/src/main/resources/templates/index.html b/example/src/main/resources/templates/index.html index e1265081..429b6b35 100644 --- a/example/src/main/resources/templates/index.html +++ b/example/src/main/resources/templates/index.html @@ -67,7 +67,7 @@

    Usage

    href="https://www.omgubuntu.co.uk/2022/04/how-to-install-firefox-deb-apt-ubuntu-22-04">here.
  • on macOS 11 or later, for Firefox and Chrome from here, + href="https://installer.id.ee/media/web-eid/web-eid_2.4.0.639.dmg">here,
  • on macOS 11 or later, for Safari, install the extension from App Store, @@ -75,7 +75,7 @@

    Usage

  • on Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, for Firefox, Chrome and Edge from here. + href="https://installer.id.ee/media/web-eid/web-eid_2.4.0.639.x64.exe">here.
    • From e5a629b1fd7f591b1dcb1d94fe2726a47093ff9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=20S=C3=B5mermaa?= Date: Thu, 24 Aug 2023 23:57:59 +0300 Subject: [PATCH 11/57] deps: update DigiDoc4j to v5.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mart Sõmermaa --- example/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/example/pom.xml b/example/pom.xml index 635e01cc..20477397 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -20,7 +20,7 @@ 11 2.22.1 3.0.0 - 4.3.0 + 5.1.0 1.44 @@ -129,7 +129,7 @@ gitlab https://gitlab.com/api/v4/projects/19948337/packages/maven - org.webeid.example @@ -20,7 +20,7 @@ 11 2.22.1 3.0.0 - 5.1.0 + 5.2.0 1.44 From 478dc3081f25c4a7a28fc1bce157a35dd3b6edf2 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Tue, 5 Sep 2023 21:30:48 +0300 Subject: [PATCH 16/57] fix: use correct JSON property names in SignatureAlgorithmDTO, add dash to digestAlgorithmName already during construction Signed-off-by: Mart Somermaa --- .../example/service/SigningService.java | 10 ++++---- .../example/service/dto/CertificateDTO.java | 6 ++--- .../service/dto/SignatureAlgorithmDTO.java | 25 ++++++++----------- .../webeid/example/testutil/ObjectMother.java | 2 +- 4 files changed, 18 insertions(+), 25 deletions(-) diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index 410c9211..1307bd05 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -50,7 +50,6 @@ import javax.xml.bind.DatatypeConverter; import java.io.IOException; import java.io.InputStream; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -103,10 +102,11 @@ public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentic LOG.info("Preparing container for signing for file '{}'", containerName); final DigestAlgorithm signatureDigestAlgorithm = TokenAlgorithmSupport.determineSignatureDigestAlgorithm(certificate); - final String digestAlgorithmName = signatureDigestAlgorithm.uri().getRef().toUpperCase(); - if (!certificateDTO.getSupportedAlgorithmNames().contains(digestAlgorithmName)) { + final String digestAlgorithmName = signatureDigestAlgorithm.uri().getRef() + .toUpperCase().replace("SHA", "SHA-"); // SHA256 -> SHA-256 + if (!certificateDTO.getSupportedHashFunctionNames().contains(digestAlgorithmName)) { throw new IllegalArgumentException("Determined signature digest algorithm '" + digestAlgorithmName + - "' is not supported. Supported algorithms are: " + String.join(", ", certificateDTO.getSupportedAlgorithmNames())); + "' is not supported. Supported algorithms are: " + String.join(", ", certificateDTO.getSupportedHashFunctionNames())); } DataToSign dataToSign = SignatureBuilder @@ -125,7 +125,7 @@ public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentic DigestDTO digestDTO = new DigestDTO(); digestDTO.setHash(DatatypeConverter.printBase64Binary(digest)); - digestDTO.setHashFunction(digestAlgorithmName.replace("SHA", "SHA-")); // SHA256 -> SHA-256 + digestDTO.setHashFunction(digestAlgorithmName); return digestDTO; } diff --git a/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java b/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java index cc0c1032..41481652 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java @@ -22,8 +22,6 @@ package eu.webeid.example.service.dto; -import com.fasterxml.jackson.annotation.JsonProperty; - import java.io.ByteArrayInputStream; import java.io.InputStream; import java.security.cert.CertificateException; @@ -62,10 +60,10 @@ public X509Certificate toX509Certificate() throws CertificateException { return (X509Certificate) cf.generateCertificate(inStream); } - public List getSupportedAlgorithmNames() { + public List getSupportedHashFunctionNames() { return supportedSignatureAlgorithms == null ? new ArrayList<>() : supportedSignatureAlgorithms .stream() - .map(SignatureAlgorithmDTO::getHashAlgorithm) + .map(SignatureAlgorithmDTO::getHashFunction) .distinct() .collect(Collectors.toList()); } diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java index 4ee0a5a6..e578d270 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java @@ -22,18 +22,13 @@ package eu.webeid.example.service.dto; -import com.fasterxml.jackson.annotation.JsonProperty; - public class SignatureAlgorithmDTO { - @JsonProperty("crypto-algo") private String cryptoAlgorithm; - @JsonProperty("hash-algo") - private String hashAlgorithm; + private String hashFunction; - @JsonProperty("padding-algo") - private String paddingAlgorithm; + private String paddingScheme; public String getCryptoAlgorithm() { return cryptoAlgorithm; @@ -43,19 +38,19 @@ public void setCryptoAlgorithm(String cryptoAlgorithm) { this.cryptoAlgorithm = cryptoAlgorithm; } - public String getHashAlgorithm() { - return hashAlgorithm; + public String getHashFunction() { + return hashFunction; } - public void setHashAlgorithm(String hashAlgorithm) { - this.hashAlgorithm = hashAlgorithm; + public void setHashFunction(String hashFunction) { + this.hashFunction = hashFunction; } - public String getPaddingAlgorithm() { - return paddingAlgorithm; + public String getPaddingScheme() { + return paddingScheme; } - public void setPaddingAlgorithm(String paddingAlgorithm) { - this.paddingAlgorithm = paddingAlgorithm; + public void setPaddingScheme(String paddingScheme) { + this.paddingScheme = paddingScheme; } } diff --git a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java index 0c4b87bc..f053f727 100644 --- a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java +++ b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java @@ -97,7 +97,7 @@ public static CertificateDTO mockPrepareRequest() { CertificateDTO certificateDTO = new CertificateDTO(); certificateDTO.setCertificate(mockCertificateInBase64()); final SignatureAlgorithmDTO signatureAlgorithmDTO = new SignatureAlgorithmDTO(); - signatureAlgorithmDTO.setHashAlgorithm("SHA256"); + signatureAlgorithmDTO.setHashFunction("SHA-256"); certificateDTO.setSupportedSignatureAlgorithms(List.of(signatureAlgorithmDTO)); return certificateDTO; } From 1b5760fb14a7e14c8e3559fa7e766e6cd3f72929 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Thu, 7 Sep 2023 14:55:38 +0300 Subject: [PATCH 17/57] feat: validate signature algorithm values WE2-817 Signed-off-by: Mart Somermaa --- .../service/dto/SignatureAlgorithmDTO.java | 26 +++++++++++++++++++ .../webeid/example/testutil/ObjectMother.java | 2 ++ 2 files changed, 28 insertions(+) diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java index e578d270..94d1b8c1 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java @@ -22,8 +22,25 @@ package eu.webeid.example.service.dto; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + public class SignatureAlgorithmDTO { + // See https://github.com/web-eid/web-eid-app/blob/main/src/controller/command-handlers/signauthutils.cpp#L121-L127 + private static final Set SUPPORTED_CRYPTO_ALGOS = new HashSet<>(Arrays.asList( + "ECC", "RSA" + )); + private static final Set SUPPORTED_PADDING_SCHEMES = new HashSet<>(Arrays.asList( + "NONE", "PKCS1.5", "PSS" + )); + // See https://github.com/web-eid/libelectronic-id/tree/main/src/electronic-id.cpp#L131 + private static final Set SUPPORTED_HASH_FUNCTIONS = new HashSet<>(Arrays.asList( + "SHA-224", "SHA-256", "SHA-384", "SHA-512", + "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512" + )); + private String cryptoAlgorithm; private String hashFunction; @@ -35,6 +52,9 @@ public String getCryptoAlgorithm() { } public void setCryptoAlgorithm(String cryptoAlgorithm) { + if (!SUPPORTED_CRYPTO_ALGOS.contains(cryptoAlgorithm)) { + throw new IllegalArgumentException("The provided crypto algorithm is not supported"); + } this.cryptoAlgorithm = cryptoAlgorithm; } @@ -43,6 +63,9 @@ public String getHashFunction() { } public void setHashFunction(String hashFunction) { + if (!SUPPORTED_HASH_FUNCTIONS.contains(hashFunction)) { + throw new IllegalArgumentException("The provided hash function is not supported"); + } this.hashFunction = hashFunction; } @@ -51,6 +74,9 @@ public String getPaddingScheme() { } public void setPaddingScheme(String paddingScheme) { + if (!SUPPORTED_PADDING_SCHEMES.contains(paddingScheme)) { + throw new IllegalArgumentException("The provided padding scheme is not supported"); + } this.paddingScheme = paddingScheme; } } diff --git a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java index f053f727..72189339 100644 --- a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java +++ b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java @@ -97,7 +97,9 @@ public static CertificateDTO mockPrepareRequest() { CertificateDTO certificateDTO = new CertificateDTO(); certificateDTO.setCertificate(mockCertificateInBase64()); final SignatureAlgorithmDTO signatureAlgorithmDTO = new SignatureAlgorithmDTO(); + signatureAlgorithmDTO.setCryptoAlgorithm("RSA"); signatureAlgorithmDTO.setHashFunction("SHA-256"); + signatureAlgorithmDTO.setPaddingScheme("PKCS1.5"); certificateDTO.setSupportedSignatureAlgorithms(List.of(signatureAlgorithmDTO)); return certificateDTO; } From 6184e4bf09932bacb162616b2667e4505e0a3953 Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Mon, 2 Oct 2023 09:13:01 +0300 Subject: [PATCH 18/57] Remove kinetic support (#33) Signed-off-by: Kristel Merilain --- .../resources/static/scripts/download-install-web-eid.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index efbfd0ae..2e3b38a2 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -61,7 +61,6 @@ test_sudo # version name LTS supported until # 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 -# 22.10 kinetic - 2023-07 # 23.04 lunar - 2024-01 LATEST_SUPPORTED_UBUNTU_CODENAME='lunar' LATEST_SUPPORTED_UBUNTU_VERSION='23.04' @@ -83,7 +82,7 @@ case $distro in bookworm) make_warn "Debian $codename is not officially supported" make_warn "Installing from ubuntu-kinetic repository" - make_install '22.10' + make_install '22.04' ;; *) make_fail "Debian $codename is not officially supported" @@ -96,10 +95,10 @@ case $distro in *) ;; esac case $codename in - utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic) + utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|kinetic) make_fail "Ubuntu $codename is not officially supported" ;; - focal|jammy|kinetic|lunar) + focal|jammy|lunar) make_install $release ;; *) From 5857ebaa4db53216816980e19becaac0a1f6b7b0 Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Mon, 9 Oct 2023 10:13:09 +0300 Subject: [PATCH 19/57] Update download-install-web-eid.sh (#34) Signed-off-by: Kristel Merilain --- .../main/resources/static/scripts/download-install-web-eid.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index 2e3b38a2..43003823 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -81,7 +81,7 @@ case $distro in ;; bookworm) make_warn "Debian $codename is not officially supported" - make_warn "Installing from ubuntu-kinetic repository" + make_warn "Installing from ubuntu-jammy repository" make_install '22.04' ;; *) From 21f06e6ef89a8f4dd98d8b752acc094c46c4f0fc Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Fri, 3 Nov 2023 08:04:47 +0200 Subject: [PATCH 20/57] Add mantic support (#35) Signed-off-by: Kristel Merilain --- .../resources/static/scripts/download-install-web-eid.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index 43003823..f866c64c 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -62,8 +62,9 @@ test_sudo # 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 # 23.04 lunar - 2024-01 -LATEST_SUPPORTED_UBUNTU_CODENAME='lunar' -LATEST_SUPPORTED_UBUNTU_VERSION='23.04' +# 23.10 mantic - 2024-07 +LATEST_SUPPORTED_UBUNTU_CODENAME='mantic' +LATEST_SUPPORTED_UBUNTU_VERSION='23.10' # Check the distro and release. distro=$(lsb_release -is | tr '[:upper:]' '[:lower:]') @@ -98,7 +99,7 @@ case $distro in utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|kinetic) make_fail "Ubuntu $codename is not officially supported" ;; - focal|jammy|lunar) + focal|jammy|lunar|mantic) make_install $release ;; *) From f9bd2da9dcd98701d31f8e7d893da4509ecae1e0 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Tue, 7 Nov 2023 12:49:29 +0200 Subject: [PATCH 21/57] Update tests WE2-834 Signed-off-by: Raul Metsma --- .../java/eu/webeid/example/testutil/ObjectMother.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java index 72189339..e6de8024 100644 --- a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java +++ b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java @@ -53,10 +53,10 @@ public class ObjectMother { try { VALID_AUTH_TOKEN = MAPPER.readValue( "{\"algorithm\":\"ES384\"," + - "\"unverifiedCertificate\":\"MIIEAzCCA2WgAwIBAgIQHWbVWxCkcYxbzz9nBzGrDzAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE4MTAyMzE1MzM1OVoXDTIzMTAyMjIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ/u+9IncarVpgrACN6aRgUiT9lWC9H7llnxoEXe8xoCI982Md8YuJsVfRdeG5jwVfXe0N6KkHLFRARspst8qnACULkqFNat/Kj+XRwJ2UANeJ3Gl5XBr+tnLNuDf/UiR6jggHDMIIBvzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96AQIwHwYDVR0RBBgwFoEUMzgwMDEwODU3MThAZWVzdGkuZWUwHQYDVR0OBBYEFOTddHnA9rJtbLwhBNyn0xZTQGCMMGEGCCsGAQUFBwEDBFUwUzBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBiwAwgYcCQgHYElkX4vn821JR41akI/lpexCnJFUf4GiOMbTfzAxpZma333R8LNrmI4zbzDp03hvMTzH49g1jcbGnaCcbboS8DAJBObenUp++L5VqldHwKAps61nM4V+TiLqD0jILnTzl+pV+LexNL3uGzUfvvDNLHnF9t6ygi8+Bsjsu3iHHyM1haKM=\"," + - "\"appVersion\":\"https://web-eid.eu/web-eid-app/releases/2.0.0+0\"," + - "\"signature\":\"tbMTrZD4CKUj6atjNCHZruIeyPFAEJk2htziQ1t08BSTyA5wKKqmNmzsJ7562hWQ6+tJd6nlidHGE5jVVJRKmPtNv3f9gbT2b7RXcD4t5Pjn8eUCBCA4IX99Af32Z5ln\"," + - "\"format\":\"web-eid:1\"}", + "\"unverifiedCertificate\":\"MIIEBDCCA2WgAwIBAgIQY5OGshxoPMFg+Wfc0gFEaTAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTIxMDcyMjEyNDMwOFoXDTI2MDcwOTIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQmwEKsJTjaMHSaZj19hb9EJaJlwbKc5VFzmlGMFSJVk4dDy+eUxa5KOA7tWXqzcmhh5SYdv+MxcaQKlKWLMa36pfgv20FpEDb03GCtLqjLTRZ7649PugAQ5EmAqIic29CjggHDMIIBvzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96AQIwHwYDVR0RBBgwFoEUMzgwMDEwODU3MThAZWVzdGkuZWUwHQYDVR0OBBYEFPlp/ceABC52itoqppEmbf71TJz6MGEGCCsGAQUFBwEDBFUwUzBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBjAAwgYgCQgDCAgybz0u3W+tGI+AX+PiI5CrE9ptEHO5eezR1Jo4j7iGaO0i39xTGUB+NSC7P6AQbyE/ywqJjA1a62jTLcS9GHAJCARxN4NO4eVdWU3zVohCXm8WN3DWA7XUcn9TZiLGQ29P4xfQZOXJi/z4PNRRsR4plvSNB3dfyBvZn31HhC7my8woi\"," + + "\"appVersion\":\"https://web-eid.eu/web-eid-app/releases/2.5.0+0\"," + + "\"signature\":\"0Ov7ME6pTY1K2GXMj8Wxov/o2fGIMEds8OMY5dKdkB0nrqQX7fG1E5mnsbvyHpMDecMUH6Yg+p1HXdgB/lLqOcFZjt/OVXPjAAApC5d1YgRYATDcxsR1zqQwiNcHdmWn\"," + + "\"format\":\"web-eid:1.0\"}", WebEidAuthToken.class); } catch (JsonProcessingException e) { throw new RuntimeException("Token parsing failed"); From ff5489f38c141b6ef77e0b052ff0b6471877906b Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Wed, 29 Nov 2023 13:51:12 +0200 Subject: [PATCH 22/57] Update Ubuntu package version (#37) Signed-off-by: Kristel Merilain --- .../main/resources/static/scripts/download-install-web-eid.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index f866c64c..cba4fc14 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -34,9 +34,9 @@ make_install() { echo "Installing Web eID packages for Ubuntu $1" TMPDIR=`mktemp -d` cd $TMPDIR - VERSION='2.4.0' + VERSION='2.5.0' # BUILD=`[[ $1 == *0 ]] && echo 555 || echo 552` - BUILD='639' + BUILD='642' UBUNTU_VERSION=${1//./} wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid-chrome_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" From 1938c02e52d5824c1bc579ba71ad3370627fbe82 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Fri, 5 Jan 2024 09:18:27 +0200 Subject: [PATCH 23/57] Logout accpets POST requests WE2-850 Signed-off-by: Raul Metsma --- example/src/main/resources/templates/welcome.html | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/example/src/main/resources/templates/welcome.html b/example/src/main/resources/templates/welcome.html index ab0a0938..67b31311 100644 --- a/example/src/main/resources/templates/welcome.html +++ b/example/src/main/resources/templates/welcome.html @@ -59,8 +59,17 @@

    Digital signing

    const fileNameText = document.querySelector("#file-name"); const exampleDocument = document.querySelector("#example-document"); + const csrfToken = document.querySelector('#csrftoken').content; + const csrfHeaderName = document.querySelector('#csrfheadername').content; + document.querySelector("#webeid-logout-button").addEventListener("click", async () => { - await fetch("/logout"); + await fetch("/logout", { + method: "POST", + headers: { + "Content-Type": "application/json", + [csrfHeaderName]: csrfToken + } + }); window.location.href = "/"; }); @@ -68,9 +77,6 @@

    Digital signing

    window.location.href = "/sign/download"; }); - const csrfToken = document.querySelector('#csrftoken').content; - const csrfHeaderName = document.querySelector('#csrfheadername').content; - const lang = new URLSearchParams(window.location.search).get("lang") || "en"; signButton.addEventListener("click", async () => { From 9998db70f879cebfb1511363d2058742ded1ee3a Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Fri, 5 Jan 2024 21:07:47 +0200 Subject: [PATCH 24/57] Use session fixation protection strategy WE2-849 Signed-off-by: Raul Metsma --- .../example/security/WebEidAjaxLoginProcessingFilter.java | 2 ++ .../test/java/eu/webeid/example/WebApplicationTest.java | 7 +++++-- .../test/java/eu/webeid/example/testutil/HttpHelper.java | 6 +++--- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java index de319eb2..16bf0c41 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java @@ -39,6 +39,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; +import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy; public class WebEidAjaxLoginProcessingFilter extends AbstractAuthenticationProcessingFilter { private static final Logger LOG = LoggerFactory.getLogger(WebEidAjaxLoginProcessingFilter.class); @@ -51,6 +52,7 @@ public WebEidAjaxLoginProcessingFilter( this.setAuthenticationManager(authenticationManager); this.setAuthenticationSuccessHandler(new AjaxAuthenticationSuccessHandler()); this.setAuthenticationFailureHandler(new AjaxAuthenticationFailureHandler()); + setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy()); } @Override diff --git a/example/src/test/java/eu/webeid/example/WebApplicationTest.java b/example/src/test/java/eu/webeid/example/WebApplicationTest.java index 1de96c6b..643734e5 100644 --- a/example/src/test/java/eu/webeid/example/WebApplicationTest.java +++ b/example/src/test/java/eu/webeid/example/WebApplicationTest.java @@ -37,6 +37,7 @@ import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpSession; import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; @@ -98,7 +99,7 @@ public void validateOcspResponse(XadesSignature xadesSignature) { } }; - final MockHttpSession session = new MockHttpSession(); + MockHttpSession session = new MockHttpSession(); session.setAttribute("challenge-nonce", new ChallengeNonce(ObjectMother.VALID_CHALLENGE_NONCE, DateAndTime.utcNow().plusMinutes(1))); Dates.setMockedSignatureDate(Dates.getSigningDateTime()); @@ -106,7 +107,9 @@ public void validateOcspResponse(XadesSignature xadesSignature) { // Act and assert mvcBuilder.build().perform(get("/auth/challenge")); - MockHttpServletResponse response = HttpHelper.login(mvcBuilder, session, ObjectMother.mockAuthToken()); + MvcResult result = HttpHelper.login(mvcBuilder, session, ObjectMother.mockAuthToken()); + session = (MockHttpSession) result.getRequest().getSession(); + MockHttpServletResponse response = result.getResponse(); assertEquals("{\"sub\":\"JAAK-KRISTJAN JÕEORG\",\"auth\":[\"ROLE_USER\"]}", response.getContentAsString()); /* Example how to test file upload. diff --git a/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java b/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java index 2a548df4..03ae1208 100644 --- a/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java +++ b/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java @@ -26,6 +26,7 @@ import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpSession; import org.springframework.mock.web.MockMultipartFile; +import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder; import eu.webeid.example.security.dto.AuthTokenDTO; @@ -38,7 +39,7 @@ public class HttpHelper { - public static MockHttpServletResponse login(DefaultMockMvcBuilder mvcBuilder, MockHttpSession session, AuthTokenDTO authTokenDTO) throws Exception { + public static MvcResult login(DefaultMockMvcBuilder mvcBuilder, MockHttpSession session, AuthTokenDTO authTokenDTO) throws Exception { // @formatter:off return mvcBuilder .build() @@ -47,8 +48,7 @@ public static MockHttpServletResponse login(DefaultMockMvcBuilder mvcBuilder, Mo .with(csrf()) .contentType(MediaType.APPLICATION_JSON) .content(ObjectMother.toJson(authTokenDTO))) - .andReturn() - .getResponse(); + .andReturn(); // @formatter:on } From 7e5df44dcd7ceda86cdf3c294fbce41c411167af Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Fri, 5 Jan 2024 09:24:36 +0200 Subject: [PATCH 25/57] All ID-Card certificates are expired in EstEID 2015 WE2-839 Signed-off-by: Raul Metsma --- .../example/config/ValidationConfiguration.java | 10 +++------- .../certs/dev/TEST_of_ESTEID-SK_2015.cer | Bin 1671 -> 0 bytes .../main/resources/certs/prod/ESTEID-SK_2015.cer | Bin 1652 -> 0 bytes 3 files changed, 3 insertions(+), 7 deletions(-) delete mode 100644 example/src/main/resources/certs/dev/TEST_of_ESTEID-SK_2015.cer delete mode 100644 example/src/main/resources/certs/prod/ESTEID-SK_2015.cer diff --git a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java index 26c6e0e9..f1f78f7d 100644 --- a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java @@ -126,15 +126,11 @@ public X509Certificate[] loadTrustedCACertificatesFromTrustStore() { @Bean public AuthTokenValidator validator() { try { - AuthTokenValidatorBuilder validatorBuilder = new AuthTokenValidatorBuilder() + return new AuthTokenValidatorBuilder() .withSiteOrigin(URI.create(yamlConfig().getLocalOrigin())) .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromCerFiles()) - .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromTrustStore()); - if (activeProfile.equals("dev")) { - // Enable support for ESTEID 2015 test certificates in development profile. - validatorBuilder = validatorBuilder.withNonceDisabledOcspUrls(URI.create("http://aia.demo.sk.ee/esteid2015")); - } - return validatorBuilder.build(); + .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromTrustStore()) + .build(); } catch (JceException e) { throw new RuntimeException("Error building the Web eID auth token validator.", e); } diff --git a/example/src/main/resources/certs/dev/TEST_of_ESTEID-SK_2015.cer b/example/src/main/resources/certs/dev/TEST_of_ESTEID-SK_2015.cer deleted file mode 100644 index 7749286c895084bf2d7bacb98b742a01cd684122..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1671 zcmb7EX;4#F6wZ5ji4YT@LXe$^l>i-*`vL)3WD$Z;z=c%QO6{Uz|Nti5Ys|*EzrHLU@nPI%pFormh!Q(M}UdIaK zh5^P>8p=gE=t|&>IygG=jdVG{ z0pJd2jsw?)>%s>~|DWJeK-UnAqw1^;3*qtXQQ++83{VHu5}3bcZn(faG>jMEYabfO z-~f~h6tLCX4T4Anq5{?>;C>3MfFXkFHX*9@YOKZPhws_e%qlnOxqQNRwIF&n`~1KE|CGi>^}+HLlswpy~$=6&4-s8xoQu zPWZNaI-1?K_1m)=i%?y>INNxazUcC3=NFXg{Lh`Ad45@PS*LrIYTEetNUfHrv#Vuz z!^?qN&#WMG!<^jJDzbBy1YKXU#6!Pztk|T2UvZ`;T2i5xe=9g>AlSFJ&0{qDxBce} zGxzCtI8=KbySVY7swKF3L{S$NR�?itslb-bPA?nh!_1G3$MPD2FPu$I{g%r!&R2 z7Wd~~5Wl%Zb&m2WF~aUx^f0H!IT=uI@RRV8ox@z?+~Vy|8D@qT+J=qy&-q8w#2zEW z2o9}C(Yo!lu)kE2_u_8K=yLn6HRI5`n zsa6&tfKJg0aY#En=1H<22%?{K4E76 z{^(l5NYEX2cK46HW>pDOFcBg^RSKAfPlPtG#D~dzIf763E`#%ql=4$-y(^>3bedFk z*cwyfw%J$HX0C%6A_f7?lfEw4%`!hX+RE7Mx;}dwWi`;zyw`=GIRwF%l?)O!n1Kku zM*t;LJ|IH~)L}`4Ag~-PBWvN9L|OzxhV;#HxkTp5W~Zg4v0kka+h=_!puY74eg_fX zK?qo)$)m5ys|CpTg%39H*7z(CSFrN96F~4iumY4^Ey9}vta2Ii_J7@gsrh0B!T=WY zWQp1f7QA2~VE5j606|D5*a=q5V*n|QHPzw8C15GyH`NK_1Y)5~0zwwTV5Q%iuzz|W z#1%-!)-1L_oG9S&1n)=^jx>@a&`6TN$D5UaNm)Xv9QbHRTO#fNue{Q!(oxCzcXy?j zL@X1@#nN=PP?{`b%Q2Z;fMG(RR2YYUlKi%0;F?NQKoFtDWzSej1FN!l*U`=!Cn?sn zJBhYMN6%(Y5V8znN<+$f>|Emwh@a_k>IXiqZaCYfpj)CtH)li_+}E{7H<1W@=XS#^ zk5pEZ4tXR;>CsZo?QFTW^+PAsUsa#xxl6cvJp#_n^fag0JjuBf6Th2TRy19ex5>-q zfckldT}3N)JvnlfKYgd2=Q$TXbg#>X!ff?V+wV{=G&xpz=_SnV;64Ak!`EPhIYw8ESfeZIIag&l~psrr8d>b^~V diff --git a/example/src/main/resources/certs/prod/ESTEID-SK_2015.cer b/example/src/main/resources/certs/prod/ESTEID-SK_2015.cer deleted file mode 100644 index b16695560fd7f7498f20dedd8ac67098f6eeee57..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1652 zcmXqLVk7~D2aMlsHU>`aH^Y`xS}0|jwj zLsLT|LvuqTV+#}GC<%Te17ib_fRVAOrKx3# zz|hzbD#6Ud=NcU1>gl2z?5$vAU}$R4#H55AAdIXG%uP)E3_x)%rY0svhD(jVu3Y$- zdv)*Rlc$-Z+A{VrzWXzG;oX))^Dp^`Io@Z~RhZCS=H;?cUo-Y&lG_^QuoG;OyZ1TY z&s`VxQ>X7!_pTEYrSzX%f6IEM*H+bX4M&76M}F!Q1#6Zl*>x_bA4KU)e5SWd!23qP zUT&sj9i88z`6i*7+Fow_>y%EOnrrkR^xyWPr3-vOBNkXD#Lh-*2P4$x$Xx&sBFWoh{-1IZgvIBe5mKc1o zY3y7Ttz-CNoqCgT7GrdSOPh(Q>?3uxOCrJ_G$&MgZk60RkF{HF#Sb6H`f7&&@0dwf zPp34UYA}8ywRHub`R|7^otx`Uh?~ykHcRW;Q{?ZX?RMyhv0RXg$oZvl4p~)SI{Tb< z8$4b$`Ml@aQm!+eJDy&$6xg_)+!b zO7ANoGYw=x3iw#WSVT6j?$|T)YSNNcEsnEWWQ(kui`)YZ_(0P9jEw(TSb&+6&7d5_ zS70eH$TQ$zV`E|HuVQ2ZW=3`vhVC~GK&Am3r#2fS3*$L?Mn(f=14T9tAeWVuorzIQ zG^3=Xpx8=Zzr4I$51gg+odbdmxDh&-kU7lA92Ns1kj26vhj19M0V!ZgH*f@r$+1`& zSS&O%U;$L4RjSriQ9U@m3mgtM67EEa8CVDv>$|$fqm)KK9;h^m2bD(g&W?I1 zsYQCpMI{EdAZN<6m>HND7%ebZpx35@VPH{eL4I*&Nq$kKesWPxv3_c5a&l2}B2aq{ za(MwPK$)8u85v5#c#_QReYI~LUOw&9aV`Hi;jMq~KKb|XU2x?R9jl3!XIVo0ZYv(S z&p2Op@V?mgOcP?e^&Swgg`8Lk9Lwc8aMT*f_WD$n`_=Ts!uy z^C+wf{uaFH+$!mv8#xO1CVihh;a)`luN!XPYX3c|U8ml7TE^l~-|g$S%5Hpp!sL4X zx$eIe>(5o)ubH-n Date: Fri, 5 Jan 2024 09:22:20 +0200 Subject: [PATCH 26/57] Set __Host- prefix to session cookie WE2-853 Signed-off-by: Raul Metsma --- .../java/eu/webeid/example/config/ApplicationConfiguration.java | 2 -- example/src/main/resources/application.properties | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java index 0b5c2dc2..96430c15 100644 --- a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java @@ -64,8 +64,6 @@ protected void configure(HttpSecurity http) throws Exception { .authenticated() .and() .logout() - .logoutUrl("/logout") - .deleteCookies("JSESSIONID") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()) .and() .headers() diff --git a/example/src/main/resources/application.properties b/example/src/main/resources/application.properties index cbb42d2a..7d70ac4e 100644 --- a/example/src/main/resources/application.properties +++ b/example/src/main/resources/application.properties @@ -1 +1,2 @@ spring.profiles.active=dev +server.servlet.session.cookie.name=__Host-JSESSIONID \ No newline at end of file From 13153469a14d8bc5c726f5bbbdbbb777fba91ea8 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Tue, 19 Mar 2024 22:04:09 +0200 Subject: [PATCH 27/57] Update copyright year WE2-887 Signed-off-by: Raul Metsma --- .../eu/webeid/example/WebEidSpringbootExampleApplication.java | 2 +- .../java/eu/webeid/example/config/ApplicationConfiguration.java | 2 +- .../eu/webeid/example/config/SameSiteCookieConfiguration.java | 2 +- .../webeid/example/config/SessionBackedChallengeNonceStore.java | 2 +- .../java/eu/webeid/example/config/ValidationConfiguration.java | 2 +- example/src/main/java/eu/webeid/example/config/YAMLConfig.java | 2 +- .../example/security/AuthTokenDTOAuthenticationProvider.java | 2 +- .../example/security/WebEidAjaxLoginProcessingFilter.java | 2 +- .../java/eu/webeid/example/security/WebEidAuthentication.java | 2 +- .../example/security/ajax/AjaxAuthenticationFailureHandler.java | 2 +- .../example/security/ajax/AjaxAuthenticationSuccessHandler.java | 2 +- .../main/java/eu/webeid/example/security/dto/AuthTokenDTO.java | 2 +- .../src/main/java/eu/webeid/example/service/SigningService.java | 2 +- .../main/java/eu/webeid/example/service/dto/CertificateDTO.java | 2 +- .../main/java/eu/webeid/example/service/dto/ChallengeDTO.java | 2 +- .../src/main/java/eu/webeid/example/service/dto/DigestDTO.java | 2 +- .../src/main/java/eu/webeid/example/service/dto/FileDTO.java | 2 +- .../eu/webeid/example/service/dto/SignatureAlgorithmDTO.java | 2 +- .../main/java/eu/webeid/example/service/dto/SignatureDTO.java | 2 +- .../src/main/java/eu/webeid/example/web/WelcomeController.java | 2 +- .../java/eu/webeid/example/web/rest/ChallengeController.java | 2 +- .../main/java/eu/webeid/example/web/rest/SigningController.java | 2 +- example/src/main/resources/static/js/errors.js | 2 +- .../eu/webeid/example/AuthenticationRestControllerTest.java | 2 +- example/src/test/java/eu/webeid/example/WebApplicationTest.java | 2 +- example/src/test/java/eu/webeid/example/testutil/Dates.java | 2 +- .../src/test/java/eu/webeid/example/testutil/HttpHelper.java | 2 +- .../src/test/java/eu/webeid/example/testutil/ObjectMother.java | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) diff --git a/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java b/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java index 2af43ab4..f82bac09 100644 --- a/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java +++ b/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java index 96430c15..9fba3150 100644 --- a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java b/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java index 1b873297..79401654 100644 --- a/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java index 00e0b9f1..c94a3243 100644 --- a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java +++ b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java index f1f78f7d..83f0f475 100644 --- a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java index e8fecd3d..35905f0c 100644 --- a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java +++ b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java b/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java index 95ea1eea..03e535fc 100644 --- a/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java +++ b/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java index 16bf0c41..ac432058 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java index 1726ff13..4a67020e 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java index d7c308e7..8580bca2 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java index e1e0db09..19d04100 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java b/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java index c0f4cd29..9321c4c0 100644 --- a/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java +++ b/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index 1307bd05..a7d71b40 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java b/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java index 41481652..6050c855 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java b/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java index a882db29..dd95d423 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java b/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java index 483a71b3..4e56d36f 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java b/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java index af2e24ee..dca653bc 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java index 94d1b8c1..bef5ba42 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java index 5a416cc3..68742fc4 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/WelcomeController.java b/example/src/main/java/eu/webeid/example/web/WelcomeController.java index dcd09daa..deb7ab86 100644 --- a/example/src/main/java/eu/webeid/example/web/WelcomeController.java +++ b/example/src/main/java/eu/webeid/example/web/WelcomeController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java b/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java index a81aa687..9640fe61 100644 --- a/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java +++ b/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/rest/SigningController.java b/example/src/main/java/eu/webeid/example/web/rest/SigningController.java index abdda221..14ecfae2 100644 --- a/example/src/main/java/eu/webeid/example/web/rest/SigningController.java +++ b/example/src/main/java/eu/webeid/example/web/rest/SigningController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/resources/static/js/errors.js b/example/src/main/resources/static/js/errors.js index 1665e6d4..95220bb9 100644 --- a/example/src/main/resources/static/js/errors.js +++ b/example/src/main/resources/static/js/errors.js @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java b/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java index fcd42140..aa6f5dff 100644 --- a/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java +++ b/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/WebApplicationTest.java b/example/src/test/java/eu/webeid/example/WebApplicationTest.java index 643734e5..4d95f439 100644 --- a/example/src/test/java/eu/webeid/example/WebApplicationTest.java +++ b/example/src/test/java/eu/webeid/example/WebApplicationTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/testutil/Dates.java b/example/src/test/java/eu/webeid/example/testutil/Dates.java index 9ab1260e..c44118d4 100644 --- a/example/src/test/java/eu/webeid/example/testutil/Dates.java +++ b/example/src/test/java/eu/webeid/example/testutil/Dates.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java b/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java index 03ae1208..fec26213 100644 --- a/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java +++ b/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java index e6de8024..ad048fdb 100644 --- a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java +++ b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023 Estonian Information System Authority + * Copyright (c) 2020-2024 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal From 254a02fa4baa3fdf87724a590a6730bf57f92ed4 Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Thu, 11 Apr 2024 09:23:36 +0300 Subject: [PATCH 28/57] Remove lunar support (#46) --- .../resources/static/scripts/download-install-web-eid.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index cba4fc14..c9b3fe9a 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -61,7 +61,6 @@ test_sudo # version name LTS supported until # 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 -# 23.04 lunar - 2024-01 # 23.10 mantic - 2024-07 LATEST_SUPPORTED_UBUNTU_CODENAME='mantic' LATEST_SUPPORTED_UBUNTU_VERSION='23.10' @@ -96,10 +95,10 @@ case $distro in *) ;; esac case $codename in - utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|kinetic) + utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|kinetic|lunar) make_fail "Ubuntu $codename is not officially supported" ;; - focal|jammy|lunar|mantic) + focal|jammy|mantic) make_install $release ;; *) From afd2535575317993718ac27085e472587d72fe6e Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 26 Apr 2024 20:40:52 +0300 Subject: [PATCH 29/57] Add v2.5.0 release Signed-off-by: Mart Somermaa --- example/src/main/resources/templates/index.html | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/example/src/main/resources/templates/index.html b/example/src/main/resources/templates/index.html index 429b6b35..6a86740b 100644 --- a/example/src/main/resources/templates/index.html +++ b/example/src/main/resources/templates/index.html @@ -59,23 +59,18 @@

    Usage

    script from the console with
    wget -O - https:///scripts/download-install-web-eid.sh | bash
    - Note that Firefox is installed with Snap in Ubuntu 22.04 or later by default and as the - Snap sandbox does not allow communication with the external native messaging host, Web - eID will not work. - Install Firefox via the Debian package instead of Snap if you want to use Web eID with - Firefox in Ubuntu 22.04+. Instructions how to do that are available here. + Note: as of the 2.5 version, Web eID supports Firefox installed via Snap. -
  • on macOS 11 or later, for Firefox and Chrome from here, +
  • on macOS 12 or later, for Firefox and Chrome from here,
    • -
  • on macOS 11 or later, for Safari, install the extension from on macOS 12 or later, for Safari, install the extension from App Store,
  • on Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, for Firefox, Chrome and Edge from here. + href="https://installer.id.ee/media/web-eid/web-eid_2.5.0.646.x64.exe">here.
    • From 69959fd208995ff87176f1dbed28f94088aefb98 Mon Sep 17 00:00:00 2001 From: Lauris Kaplinski Date: Wed, 3 Apr 2024 19:17:37 +0300 Subject: [PATCH 30/57] Upgrade to Spring Boot 3/Spring Security 6 Signed-off-by: Lauris Kaplinski --- example/.github/workflows/maven-build.yml | 12 ++--- example/README.md | 2 +- example/pom.xml | 6 +-- .../config/ApplicationConfiguration.java | 53 +++++++++---------- .../SessionBackedChallengeNonceStore.java | 2 +- .../config/ValidationConfiguration.java | 2 +- .../WebEidAjaxLoginProcessingFilter.java | 19 +++++-- .../AjaxAuthenticationFailureHandler.java | 6 +-- .../AjaxAuthenticationSuccessHandler.java | 4 +- .../example/service/SigningService.java | 4 +- .../webeid/example/web/IndexController.java | 37 +++++++++++++ .../webeid/example/web/WelcomeController.java | 2 +- .../src/main/resources/templates/index.html | 2 +- .../eu/webeid/example/WebApplicationTest.java | 2 +- .../WebEidAjaxLoginProcessingFilterTest.java | 8 +-- .../webeid/example/testutil/ObjectMother.java | 2 +- 16 files changed, 107 insertions(+), 56 deletions(-) create mode 100644 example/src/main/java/eu/webeid/example/web/IndexController.java diff --git a/example/.github/workflows/maven-build.yml b/example/.github/workflows/maven-build.yml index 7b3120c7..14becab9 100644 --- a/example/.github/workflows/maven-build.yml +++ b/example/.github/workflows/maven-build.yml @@ -7,19 +7,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-java@v3 + - uses: actions/setup-java@v4 with: distribution: zulu - java-version: 11 + java-version: 17 - name: Cache Maven packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2 - key: ${{ runner.os }}-m2-v11-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2-v11-${{ secrets.CACHE_VERSION }} + key: ${{ runner.os }}-m2-v17-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2-v17-${{ secrets.CACHE_VERSION }} - name: Build run: mvn --batch-mode compile diff --git a/example/README.md b/example/README.md index 55049e77..008357de 100644 --- a/example/README.md +++ b/example/README.md @@ -49,7 +49,7 @@ You can specify the profile as a command-line argument to the Maven wrapper comm ### 5. Run the application -Spring Boot web applications can be run from the command-line. You need to have the Java Development Kit 8 installed for building the application package and running the application. +Spring Boot web applications can be run from the command-line. You need to have the Java Development Kit 17 installed for building the application package and running the application. Build and run the application with the following command in a terminal window: diff --git a/example/pom.xml b/example/pom.xml index 3568a9c9..49761fe1 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.7.15 + 3.1.9 org.webeid.example @@ -17,10 +17,10 @@ - 11 + 17 2.22.1 3.0.0 - 5.2.0 + 5.3.0 1.44 diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java index 9fba3150..5e974e43 100644 --- a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java @@ -24,53 +24,52 @@ import eu.webeid.example.security.AuthTokenDTOAuthenticationProvider; import eu.webeid.example.security.WebEidAjaxLoginProcessingFilter; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler; +import org.springframework.security.web.context.HttpSessionSecurityContextRepository; +import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration @EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) -public class ApplicationConfiguration extends WebSecurityConfigurerAdapter implements WebMvcConfigurer { +@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true) +public class ApplicationConfiguration implements WebMvcConfigurer { final AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider; + final SecurityContextRepository securityContextRepository; public ApplicationConfiguration(AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider) { this.authTokenDTOAuthenticationProvider = authTokenDTOAuthenticationProvider; + this.securityContextRepository = new HttpSessionSecurityContextRepository(); } - @Override - protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) { - authenticationManagerBuilder.authenticationProvider(authTokenDTOAuthenticationProvider); + @Bean + public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception { + return authenticationConfiguration.getAuthenticationManager(); } - @Override - protected void configure(HttpSecurity http) throws Exception { - // @formatter:off - http - .addFilterBefore( - new WebEidAjaxLoginProcessingFilter("/auth/login", authenticationManager()), - UsernamePasswordAuthenticationFilter.class) - .authorizeRequests() - .antMatchers("/auth/challenge", "/auth/login", "/") - .permitAll() - .antMatchers("/welcome") - .authenticated() - .and() - .logout() - .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()) - .and() - .headers() - .frameOptions().sameOrigin(); - // @formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + AuthenticationManager manager = authenticationManager(http.getSharedObject(AuthenticationConfiguration.class)); + + return http + .authenticationProvider(authTokenDTOAuthenticationProvider) + .addFilterBefore(new WebEidAjaxLoginProcessingFilter("/auth/login", manager, securityContextRepository), + UsernamePasswordAuthenticationFilter.class) + .logout(logout -> logout.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())) + .headers(headers -> headers.frameOptions(options -> options.sameOrigin())) + .build(); } + @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/").setViewName("index"); registry.addViewController("/welcome").setViewName("welcome"); diff --git a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java index c94a3243..cb4654d2 100644 --- a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java +++ b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java @@ -26,7 +26,7 @@ import eu.webeid.security.challenge.ChallengeNonce; import eu.webeid.security.challenge.ChallengeNonceStore; -import javax.servlet.http.HttpSession; +import jakarta.servlet.http.HttpSession; public class SessionBackedChallengeNonceStore implements ChallengeNonceStore { diff --git a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java index 83f0f475..dbe21ee5 100644 --- a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java @@ -37,7 +37,7 @@ import eu.webeid.security.validator.AuthTokenValidator; import eu.webeid.security.validator.AuthTokenValidatorBuilder; -import javax.servlet.http.HttpSession; +import jakarta.servlet.http.HttpSession; import java.io.IOException; import java.io.InputStream; import java.net.URI; diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java index ac432058..eb690d87 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java @@ -24,12 +24,14 @@ import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import eu.webeid.example.security.ajax.AjaxAuthenticationFailureHandler; import eu.webeid.example.security.ajax.AjaxAuthenticationSuccessHandler; import eu.webeid.example.security.dto.AuthTokenDTO; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpMethod; @@ -37,22 +39,27 @@ import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy; +import org.springframework.security.web.context.SecurityContextRepository; public class WebEidAjaxLoginProcessingFilter extends AbstractAuthenticationProcessingFilter { private static final Logger LOG = LoggerFactory.getLogger(WebEidAjaxLoginProcessingFilter.class); + private final SecurityContextRepository securityContextRepository; public WebEidAjaxLoginProcessingFilter( String defaultFilterProcessesUrl, - AuthenticationManager authenticationManager + AuthenticationManager authenticationManager, + SecurityContextRepository securityContextRepository ) { super(defaultFilterProcessesUrl); this.setAuthenticationManager(authenticationManager); this.setAuthenticationSuccessHandler(new AjaxAuthenticationSuccessHandler()); this.setAuthenticationFailureHandler(new AjaxAuthenticationFailureHandler()); setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy()); + this.securityContextRepository = securityContextRepository; } @Override @@ -76,4 +83,10 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ LOG.info("attemptAuthentication(): Calling authentication manager"); return getAuthenticationManager().authenticate(token); } + + @Override + protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException { + super.successfulAuthentication(request, response, chain, authResult); // Generated from nbfs://nbhost/SystemFileSystem/Templates/Classes/Code/OverriddenMethodBody + securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response); + } } diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java index 8580bca2..647698f7 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java @@ -27,9 +27,9 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpSession; import java.io.IOException; public class AjaxAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler { diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java index 19d04100..b7b70b9a 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java @@ -29,8 +29,8 @@ import java.util.Collection; import java.util.List; import java.util.stream.Collectors; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index a7d71b40..69adc1c3 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -46,8 +46,8 @@ import org.springframework.core.io.ByteArrayResource; import org.springframework.stereotype.Service; -import javax.servlet.http.HttpSession; -import javax.xml.bind.DatatypeConverter; +import jakarta.servlet.http.HttpSession; +import jakarta.xml.bind.DatatypeConverter; import java.io.IOException; import java.io.InputStream; import java.security.NoSuchAlgorithmException; diff --git a/example/src/main/java/eu/webeid/example/web/IndexController.java b/example/src/main/java/eu/webeid/example/web/IndexController.java new file mode 100644 index 00000000..e464a506 --- /dev/null +++ b/example/src/main/java/eu/webeid/example/web/IndexController.java @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2020-2024 Estonian Information System Authority + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package eu.webeid.example.web; + +import jakarta.servlet.http.HttpServletRequest; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.GetMapping; + +@Controller +public class IndexController { + @GetMapping("/") + public String welcome(Model model, HttpServletRequest request) { + model.addAttribute("serverName", request.getServerName()); + return "index"; + } +} diff --git a/example/src/main/java/eu/webeid/example/web/WelcomeController.java b/example/src/main/java/eu/webeid/example/web/WelcomeController.java index deb7ab86..e61fcc2c 100644 --- a/example/src/main/java/eu/webeid/example/web/WelcomeController.java +++ b/example/src/main/java/eu/webeid/example/web/WelcomeController.java @@ -29,7 +29,7 @@ import org.springframework.ui.Model; import org.springframework.web.bind.annotation.GetMapping; -import javax.validation.constraints.NotNull; +import jakarta.validation.constraints.NotNull; import java.security.Principal; import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER; diff --git a/example/src/main/resources/templates/index.html b/example/src/main/resources/templates/index.html index 6a86740b..5836d2ea 100644 --- a/example/src/main/resources/templates/index.html +++ b/example/src/main/resources/templates/index.html @@ -57,7 +57,7 @@

    Usage

  • on Ubuntu Linux, for Firefox and Chrome, download and execute the
    download-install-web-eid.sh script from the console with
    - wget -O - https:///scripts/download-install-web-eid.sh + wget -O - https:///scripts/download-install-web-eid.sh | bash
    Note: as of the 2.5 version, Web eID supports Firefox installed via Snap.
    • diff --git a/example/src/test/java/eu/webeid/example/WebApplicationTest.java b/example/src/test/java/eu/webeid/example/WebApplicationTest.java index 4d95f439..d6e343be 100644 --- a/example/src/test/java/eu/webeid/example/WebApplicationTest.java +++ b/example/src/test/java/eu/webeid/example/WebApplicationTest.java @@ -59,7 +59,7 @@ public class WebApplicationTest { private WebApplicationContext context; @Autowired - private javax.servlet.Filter[] springSecurityFilterChain; + private jakarta.servlet.Filter[] springSecurityFilterChain; private static DefaultMockMvcBuilder mvcBuilder; diff --git a/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java b/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java index 0640a4d6..adbaff52 100644 --- a/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java +++ b/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java @@ -4,14 +4,15 @@ import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.BufferedReader; import java.io.StringReader; import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import org.springframework.security.web.context.SecurityContextRepository; class WebEidAjaxLoginProcessingFilterTest { @@ -31,9 +32,10 @@ void testAttemptAuthentication() throws Exception { when(request.getReader()).thenReturn(new BufferedReader(new StringReader(AUTH_TOKEN))); final AuthenticationManager authenticationManager = mock(AuthenticationManager.class); + final SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class); assertDoesNotThrow(() -> - new WebEidAjaxLoginProcessingFilter("/auth/login", authenticationManager) + new WebEidAjaxLoginProcessingFilter("/auth/login", authenticationManager, securityContextRepository) .attemptAuthentication(request, response)); } } \ No newline at end of file diff --git a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java index ad048fdb..f6103d5b 100644 --- a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java +++ b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java @@ -33,7 +33,7 @@ import eu.webeid.example.service.dto.CertificateDTO; import eu.webeid.example.service.dto.SignatureDTO; -import javax.xml.bind.DatatypeConverter; +import jakarta.xml.bind.DatatypeConverter; import java.io.FileInputStream; import java.security.GeneralSecurityException; import java.security.KeyStore; From 7ef2e40b49402914680b993c03ed65032baab656 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 5 Apr 2024 17:37:10 +0300 Subject: [PATCH 31/57] Clean up pom.xml WE2-860 Signed-off-by: Mart Somermaa --- example/pom.xml | 32 ++++--------------- .../webeid/example/web/WelcomeController.java | 5 +-- 2 files changed, 9 insertions(+), 28 deletions(-) diff --git a/example/pom.xml b/example/pom.xml index 49761fe1..e35b0761 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -5,21 +5,21 @@ org.springframework.boot spring-boot-starter-parent - 3.1.9 + 3.2.4 - org.webeid.example + eu.webeid.example web-eid-springboot-example 3.0.0-SNAPSHOT web-eid-springboot-example - Example Spring Boot project that demonstrates how to use Web eID for authentication and digital + Example Spring Boot application that demonstrates how to use Web eID for authentication and digital signing 17 - 2.22.1 - 3.0.0 + 3.2.5 + 3.0.1 5.3.0 1.44 @@ -31,20 +31,12 @@     org.springframework.boot - spring-boot-starter-validation + spring-boot-starter-security org.springframework.boot spring-boot-starter-thymeleaf - - org.springframework.boot - spring-boot-starter-security - - - org.springframework.security - spring-security-config - org.digidoc4j @@ -57,22 +49,10 @@ ${webeid.version} - - org.springframework.boot - spring-boot-devtools - true - - org.springframework.boot spring-boot-starter-test test - - - org.junit.vintage - junit-vintage-engine - - org.springframework.security diff --git a/example/src/main/java/eu/webeid/example/web/WelcomeController.java b/example/src/main/java/eu/webeid/example/web/WelcomeController.java index e61fcc2c..2ebb763b 100644 --- a/example/src/main/java/eu/webeid/example/web/WelcomeController.java +++ b/example/src/main/java/eu/webeid/example/web/WelcomeController.java @@ -29,8 +29,8 @@ import org.springframework.ui.Model; import org.springframework.web.bind.annotation.GetMapping; -import jakarta.validation.constraints.NotNull; import java.security.Principal; +import java.util.Objects; import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER; @@ -40,7 +40,8 @@ public class WelcomeController { @PreAuthorize("hasAuthority('" + ROLE_USER + "')") @GetMapping("welcome") - public String welcome(Model model, @NotNull Principal principal) { + public String welcome(Model model, Principal principal) { + Objects.requireNonNull(principal); LOG.info("Showing welcome page, logged in as principal={}", principal.getName()); model.addAttribute("principalName", principal.getName()); return "welcome"; From 4d96fdb0f5bd355a32470cfc8aa64c86219bda2d Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 5 Apr 2024 21:12:45 +0300 Subject: [PATCH 32/57] Make FileDTO Serializable, enable Thymeleaf cache in production, use Jackson ObjectWriter and other minor cleanup WE2-860 Signed-off-by: Mart Somermaa --- .../config/ApplicationConfiguration.java | 3 +- .../AuthTokenDTOAuthenticationProvider.java | 22 +++++++-------- .../WebEidAjaxLoginProcessingFilter.java | 23 +++++++-------- .../AjaxAuthenticationSuccessHandler.java | 28 ++++++++----------- .../example/service/SigningService.java | 2 +- .../webeid/example/service/dto/FileDTO.java | 3 +- .../example/web/rest/ChallengeController.java | 2 +- .../src/main/resources/application-prod.yaml | 3 ++ .../eu/webeid/example/WebApplicationTest.java | 2 +- 9 files changed, 44 insertions(+), 44 deletions(-) diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java index 5e974e43..cdbe016b 100644 --- a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java @@ -31,6 +31,7 @@ import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler; @@ -65,7 +66,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .addFilterBefore(new WebEidAjaxLoginProcessingFilter("/auth/login", manager, securityContextRepository), UsernamePasswordAuthenticationFilter.class) .logout(logout -> logout.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())) - .headers(headers -> headers.frameOptions(options -> options.sameOrigin())) + .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)) .build(); } diff --git a/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java b/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java index 03e535fc..9965ff37 100644 --- a/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java +++ b/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java @@ -23,9 +23,12 @@ package eu.webeid.example.security; import eu.webeid.example.security.dto.AuthTokenDTO; +import eu.webeid.security.authtoken.WebEidAuthToken; +import eu.webeid.security.challenge.ChallengeNonceStore; +import eu.webeid.security.exceptions.AuthTokenException; +import eu.webeid.security.validator.AuthTokenValidator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; @@ -34,15 +37,9 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.stereotype.Component; -import eu.webeid.security.authtoken.WebEidAuthToken; -import eu.webeid.security.challenge.ChallengeNonceStore; -import eu.webeid.security.exceptions.AuthTokenException; -import eu.webeid.security.validator.AuthTokenValidator; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -56,10 +53,13 @@ public class AuthTokenDTOAuthenticationProvider implements AuthenticationProvide private static final Logger LOG = LoggerFactory.getLogger(AuthTokenDTOAuthenticationProvider.class); - @Autowired - private AuthTokenValidator tokenValidator; - @Autowired - private ChallengeNonceStore challengeNonceStore; + private final AuthTokenValidator tokenValidator; + private final ChallengeNonceStore challengeNonceStore; + + public AuthTokenDTOAuthenticationProvider(AuthTokenValidator tokenValidator, ChallengeNonceStore challengeNonceStore) { + this.tokenValidator = tokenValidator; + this.challengeNonceStore = challengeNonceStore; + } @Override public Authentication authenticate(Authentication auth) throws AuthenticationException { diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java index eb690d87..2b4f0cfa 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java @@ -23,15 +23,14 @@ package eu.webeid.example.security; import com.fasterxml.jackson.databind.ObjectMapper; -import java.io.IOException; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; - +import com.fasterxml.jackson.databind.ObjectReader; import eu.webeid.example.security.ajax.AjaxAuthenticationFailureHandler; import eu.webeid.example.security.ajax.AjaxAuthenticationSuccessHandler; import eu.webeid.example.security.dto.AuthTokenDTO; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpMethod; @@ -45,14 +44,17 @@ import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy; import org.springframework.security.web.context.SecurityContextRepository; +import java.io.IOException; + public class WebEidAjaxLoginProcessingFilter extends AbstractAuthenticationProcessingFilter { private static final Logger LOG = LoggerFactory.getLogger(WebEidAjaxLoginProcessingFilter.class); + private final ObjectReader OBJECT_READER = new ObjectMapper().readerFor(AuthTokenDTO.class); private final SecurityContextRepository securityContextRepository; public WebEidAjaxLoginProcessingFilter( - String defaultFilterProcessesUrl, - AuthenticationManager authenticationManager, - SecurityContextRepository securityContextRepository + String defaultFilterProcessesUrl, + AuthenticationManager authenticationManager, + SecurityContextRepository securityContextRepository ) { super(defaultFilterProcessesUrl); this.setAuthenticationManager(authenticationManager); @@ -64,7 +66,7 @@ public WebEidAjaxLoginProcessingFilter( @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) - throws AuthenticationException, IOException { + throws AuthenticationException, IOException { if (!HttpMethod.POST.name().equals(request.getMethod())) { LOG.warn("HttpMethod not supported: {}", request.getMethod()); throw new AuthenticationServiceException("HttpMethod not supported: " + request.getMethod()); @@ -76,8 +78,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ } LOG.info("attemptAuthentication(): Reading request body"); - final ObjectMapper objectMapper = new ObjectMapper(); - final AuthTokenDTO authTokenDTO = objectMapper.readValue(request.getReader(), AuthTokenDTO.class); + final AuthTokenDTO authTokenDTO = OBJECT_READER.readValue(request.getReader()); LOG.info("attemptAuthentication(): Creating token"); final PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(null, authTokenDTO); LOG.info("attemptAuthentication(): Calling authentication manager"); @@ -86,7 +87,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ @Override protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException { - super.successfulAuthentication(request, response, chain, authResult); // Generated from nbfs://nbhost/SystemFileSystem/Templates/Classes/Code/OverriddenMethodBody + super.successfulAuthentication(request, response, chain, authResult); securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response); } } diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java index b7b70b9a..b545422d 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java @@ -25,19 +25,17 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; -import java.io.IOException; -import java.util.Collection; -import java.util.List; -import java.util.stream.Collectors; +import com.fasterxml.jackson.databind.ObjectWriter; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; import org.springframework.stereotype.Component; +import java.io.IOException; + /** * Write custom response on having user successfully authenticated. *

    @@ -50,11 +48,11 @@ public class AjaxAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc @Override public void onAuthenticationSuccess( - HttpServletRequest request, - HttpServletResponse response, - Authentication authentication + HttpServletRequest request, + HttpServletResponse response, + Authentication authentication ) - throws IOException { + throws IOException { LOG.info("onAuthenticationSuccess(): {}", authentication); response.setStatus(HttpServletResponse.SC_OK); @@ -64,23 +62,19 @@ public void onAuthenticationSuccess( } public static class AuthSuccessDTO { - private final ObjectMapper objectMapper = new ObjectMapper(); + private static final ObjectWriter OBJECT_WRITER = new ObjectMapper().writerFor(AuthSuccessDTO.class); @JsonProperty("sub") private String sub; @JsonProperty("auth") - private List auth; + private String auth; public static String asJson(Authentication authentication) throws JsonProcessingException { final AuthSuccessDTO dto = new AuthSuccessDTO(); dto.sub = authentication.getName(); - dto.auth = convertAuthorities(authentication.getAuthorities()); - return dto.objectMapper.writeValueAsString(dto); - } - - private static List convertAuthorities(Collection authorities) { - return authorities.stream().map(GrantedAuthority::toString).collect(Collectors.toList()); + dto.auth = authentication.getAuthorities().toString(); + return OBJECT_WRITER.writeValueAsString(dto); } } } diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index 69adc1c3..b89835fd 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -64,7 +64,7 @@ public class SigningService { private static final Logger LOG = LoggerFactory.getLogger(SigningService.class); private final Configuration signingConfiguration; - ObjectFactory httpSessionFactory; + private final ObjectFactory httpSessionFactory; public SigningService(ObjectFactory httpSessionFactory, YAMLConfig yamlConfig) { this.httpSessionFactory = httpSessionFactory; diff --git a/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java b/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java index dca653bc..3a65edc2 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java @@ -27,12 +27,13 @@ import org.springframework.web.multipart.MultipartFile; import java.io.IOException; +import java.io.Serializable; import java.net.URI; import java.nio.file.Files; import java.nio.file.Paths; import java.util.Objects; -public class FileDTO { +public class FileDTO implements Serializable { private static final String EXAMPLE_FILENAME = "example-for-signing.txt"; private final String name; diff --git a/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java b/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java index 9640fe61..ecc3ee4c 100644 --- a/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java +++ b/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java @@ -23,10 +23,10 @@ package eu.webeid.example.web.rest; import eu.webeid.example.service.dto.ChallengeDTO; +import eu.webeid.security.challenge.ChallengeNonceGenerator; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import eu.webeid.security.challenge.ChallengeNonceGenerator; @RestController @RequestMapping("auth") diff --git a/example/src/main/resources/application-prod.yaml b/example/src/main/resources/application-prod.yaml index 709d314b..3868f350 100644 --- a/example/src/main/resources/application-prod.yaml +++ b/example/src/main/resources/application-prod.yaml @@ -3,3 +3,6 @@ web-eid-auth-token: use-digidoc4j-prod-configuration: true local-origin: "https://web-eid.eu" truststore-password: "changeit" +spring: + thymeleaf: + cache: true diff --git a/example/src/test/java/eu/webeid/example/WebApplicationTest.java b/example/src/test/java/eu/webeid/example/WebApplicationTest.java index d6e343be..e28e8fa7 100644 --- a/example/src/test/java/eu/webeid/example/WebApplicationTest.java +++ b/example/src/test/java/eu/webeid/example/WebApplicationTest.java @@ -110,7 +110,7 @@ public void validateOcspResponse(XadesSignature xadesSignature) { MvcResult result = HttpHelper.login(mvcBuilder, session, ObjectMother.mockAuthToken()); session = (MockHttpSession) result.getRequest().getSession(); MockHttpServletResponse response = result.getResponse(); - assertEquals("{\"sub\":\"JAAK-KRISTJAN JÕEORG\",\"auth\":[\"ROLE_USER\"]}", response.getContentAsString()); + assertEquals("{\"sub\":\"JAAK-KRISTJAN JÕEORG\",\"auth\":\"[ROLE_USER]\"}", response.getContentAsString()); /* Example how to test file upload. response = HttpHelper.upload(mvcBuilder, session, mockMultipartFile()); From 777df3ff3c3375d8b19b827e62e6ef6bd06585d4 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 5 Apr 2024 21:13:55 +0300 Subject: [PATCH 33/57] Secure endpoints and services that require authentication WE2-860 Signed-off-by: Mart Somermaa --- .../example/config/ApplicationConfiguration.java | 2 +- .../java/eu/webeid/example/service/SigningService.java | 8 ++++++-- .../java/eu/webeid/example/web/WelcomeController.java | 4 ++-- .../eu/webeid/example/web/rest/SigningController.java | 10 +++++++++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java index cdbe016b..343933fa 100644 --- a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java @@ -42,7 +42,7 @@ @Configuration @EnableWebSecurity -@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true) +@EnableMethodSecurity(securedEnabled = true) public class ApplicationConfiguration implements WebMvcConfigurer { final AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider; final SecurityContextRepository securityContextRepository; diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index b89835fd..e96af33a 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -29,6 +29,8 @@ import eu.webeid.example.service.dto.FileDTO; import eu.webeid.example.service.dto.SignatureDTO; import eu.webeid.security.certificate.CertificateData; +import jakarta.servlet.http.HttpSession; +import jakarta.xml.bind.DatatypeConverter; import org.apache.commons.io.FilenameUtils; import org.digidoc4j.Configuration; import org.digidoc4j.Container; @@ -44,10 +46,9 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.ObjectFactory; import org.springframework.core.io.ByteArrayResource; +import org.springframework.security.access.annotation.Secured; import org.springframework.stereotype.Service; -import jakarta.servlet.http.HttpSession; -import jakarta.xml.bind.DatatypeConverter; import java.io.IOException; import java.io.InputStream; import java.security.NoSuchAlgorithmException; @@ -55,7 +56,10 @@ import java.security.cert.X509Certificate; import java.util.Objects; +import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER; + @Service +@Secured(ROLE_USER) public class SigningService { private static final String SESSION_ATTR_FILE = "file-to-sign"; diff --git a/example/src/main/java/eu/webeid/example/web/WelcomeController.java b/example/src/main/java/eu/webeid/example/web/WelcomeController.java index 2ebb763b..0db6fc73 100644 --- a/example/src/main/java/eu/webeid/example/web/WelcomeController.java +++ b/example/src/main/java/eu/webeid/example/web/WelcomeController.java @@ -24,7 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.access.annotation.Secured; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.GetMapping; @@ -35,10 +35,10 @@ import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER; @Controller +@Secured(ROLE_USER) public class WelcomeController { private static final Logger LOG = LoggerFactory.getLogger(WelcomeController.class); - @PreAuthorize("hasAuthority('" + ROLE_USER + "')") @GetMapping("welcome") public String welcome(Model model, Principal principal) { Objects.requireNonNull(principal); diff --git a/example/src/main/java/eu/webeid/example/web/rest/SigningController.java b/example/src/main/java/eu/webeid/example/web/rest/SigningController.java index 14ecfae2..4f935beb 100644 --- a/example/src/main/java/eu/webeid/example/web/rest/SigningController.java +++ b/example/src/main/java/eu/webeid/example/web/rest/SigningController.java @@ -32,14 +32,22 @@ import org.springframework.core.io.Resource; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; +import org.springframework.security.access.annotation.Secured; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; +import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER; + @RestController @RequestMapping("sign") +@Secured(ROLE_USER) public class SigningController { private final SigningService signingService; From 2d3214b28dfecdcf96d670f34bde6abbd96f5380 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 5 Apr 2024 21:19:24 +0300 Subject: [PATCH 34/57] Override equals() and hashCode() in WebEidAuthentication WE2-860 Signed-off-by: Mart Somermaa --- .../webeid/example/security/WebEidAuthentication.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java index 4a67020e..59ab2a73 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java @@ -61,4 +61,15 @@ private static String getPrincipalNameFromCertificate(X509Certificate userCertif } } + @Override + public boolean equals(Object o) { + if (!super.equals(o)) return false; + WebEidAuthentication that = (WebEidAuthentication) o; + return Objects.equals(idCode, that.idCode); + } + + @Override + public int hashCode() { + return Objects.hash(super.hashCode(), idCode); + } } From 7fb83fd79fdcdb1e82358202992e711f88557c5e Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 5 Apr 2024 22:02:53 +0300 Subject: [PATCH 35/57] Use method injection to provide AuthTokenDTOAuthenticationProvider and AuthenticationConfiguration to filterChain(), move HttpSessionSecurityContextRepository creation into WebEidAjaxLoginProcessingFilter constructor, update README WE2-860 Signed-off-by: Mart Somermaa --- example/README.md | 4 ++-- .../config/ApplicationConfiguration.java | 21 ++----------------- .../WebEidAjaxLoginProcessingFilter.java | 6 +++--- .../WebEidAjaxLoginProcessingFilterTest.java | 8 +++---- 4 files changed, 10 insertions(+), 29 deletions(-) diff --git a/example/README.md b/example/README.md index 008357de..5ab2297b 100644 --- a/example/README.md +++ b/example/README.md @@ -17,7 +17,7 @@ Web eID only works over a HTTPS connection with a trusted HTTPS certificate. You can either setup a reverse HTTPS proxy during development or, alternatively, configure HTTPS support directly in the bundled web server. HTTPS configuration is described in more detail in section _[HTTPS support](#https-support)_ below. -You can use, for example, [_ngrok_](https://ngrok.com/) to get a reverse HTTPS proxy. Download _ngrok_ and run it in a terminal window by providing the protocol and Spring Boot application port arguments as follows: +You can use, for example, [_ngrok_](https://ngrok.com/) or [_localtunnel_](https://theboroer.github.io/localtunnel-www/) to get a reverse HTTPS proxy. Download _ngrok_ and run it in a terminal window by providing the protocol and Spring Boot application port arguments as follows: ngrok http 8080 @@ -35,7 +35,7 @@ web-eid-auth-token: ### 3. Configure the trusted certificate authority certificates -The algorithm, which performs the validation of the Web eID authentication token, needs to know which intermediate certificate authorities (CA) are trusted to issue the eID authentication certificates. CA certificates are loaded either from `.cer` files in the profile-specific subdirectory of the [`certs`resource directory](src/main/resources/certs) or the [truststore file](src/main/resources/certs/prod/trusted_certificates.jks). By default, Estonian eID test CA certificates are included in the `dev` profile and production CA certificates in the `prod` profile. +The algorithm, which performs the validation of the Web eID authentication token, needs to know which intermediate certificate authorities (CA) are trusted to issue the eID authentication certificates. CA certificates are loaded either from `.cer` files in the profile-specific subdirectory of the [`certs` resource directory](src/main/resources/certs) or the [truststore file](src/main/resources/certs/prod/trusted_certificates.jks). By default, Estonian eID test CA certificates are included in the `dev` profile and production CA certificates in the `prod` profile. In case you need to provide your own CA certificates, either add the `.cer` files to the `src/main/resources/certs/{dev,prod}` profile-specific directory or add the certificates to the truststore file. diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java index 343933fa..d93c942e 100644 --- a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java @@ -26,7 +26,6 @@ import eu.webeid.example.security.WebEidAjaxLoginProcessingFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -35,8 +34,6 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler; -import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @@ -44,26 +41,12 @@ @EnableWebSecurity @EnableMethodSecurity(securedEnabled = true) public class ApplicationConfiguration implements WebMvcConfigurer { - final AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider; - final SecurityContextRepository securityContextRepository; - - public ApplicationConfiguration(AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider) { - this.authTokenDTOAuthenticationProvider = authTokenDTOAuthenticationProvider; - this.securityContextRepository = new HttpSessionSecurityContextRepository(); - } - - @Bean - public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception { - return authenticationConfiguration.getAuthenticationManager(); - } @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - AuthenticationManager manager = authenticationManager(http.getSharedObject(AuthenticationConfiguration.class)); - + public SecurityFilterChain filterChain(HttpSecurity http, AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider, AuthenticationConfiguration authConfig) throws Exception { return http .authenticationProvider(authTokenDTOAuthenticationProvider) - .addFilterBefore(new WebEidAjaxLoginProcessingFilter("/auth/login", manager, securityContextRepository), + .addFilterBefore(new WebEidAjaxLoginProcessingFilter("/auth/login", authConfig.getAuthenticationManager()), UsernamePasswordAuthenticationFilter.class) .logout(logout -> logout.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())) .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)) diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java index 2b4f0cfa..cc47f86a 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java @@ -42,6 +42,7 @@ import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy; +import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; import java.io.IOException; @@ -53,15 +54,14 @@ public class WebEidAjaxLoginProcessingFilter extends AbstractAuthenticationProce public WebEidAjaxLoginProcessingFilter( String defaultFilterProcessesUrl, - AuthenticationManager authenticationManager, - SecurityContextRepository securityContextRepository + AuthenticationManager authenticationManager ) { super(defaultFilterProcessesUrl); this.setAuthenticationManager(authenticationManager); this.setAuthenticationSuccessHandler(new AjaxAuthenticationSuccessHandler()); this.setAuthenticationFailureHandler(new AjaxAuthenticationFailureHandler()); setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy()); - this.securityContextRepository = securityContextRepository; + this.securityContextRepository = new HttpSessionSecurityContextRepository(); } @Override diff --git a/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java b/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java index adbaff52..cb950730 100644 --- a/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java +++ b/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java @@ -1,18 +1,17 @@ package eu.webeid.example.security; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.junit.jupiter.api.Test; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; import java.io.BufferedReader; import java.io.StringReader; import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import org.springframework.security.web.context.SecurityContextRepository; class WebEidAjaxLoginProcessingFilterTest { @@ -32,10 +31,9 @@ void testAttemptAuthentication() throws Exception { when(request.getReader()).thenReturn(new BufferedReader(new StringReader(AUTH_TOKEN))); final AuthenticationManager authenticationManager = mock(AuthenticationManager.class); - final SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class); assertDoesNotThrow(() -> - new WebEidAjaxLoginProcessingFilter("/auth/login", authenticationManager, securityContextRepository) + new WebEidAjaxLoginProcessingFilter("/auth/login", authenticationManager) .attemptAuthentication(request, response)); } } \ No newline at end of file From 10b540617bfa086f864a458dc04f99f99bb84ead Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Tue, 30 Apr 2024 16:41:16 +0300 Subject: [PATCH 36/57] Use Java 17 base image in Jib WE2-860 Signed-off-by: Mart Somermaa --- example/pom.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/example/pom.xml b/example/pom.xml index e35b0761..97390351 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -22,6 +22,7 @@ 3.0.1 5.3.0 1.44 + 3.4.2 @@ -84,6 +85,16 @@ true + + com.google.cloud.tools + jib-maven-plugin + ${jib.version} + + + eclipse-temurin:${java.version}-jre-jammy + + + From 3ed17e5a0f9ff7c08b9b1db52d66a66d6125e8c5 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Tue, 7 May 2024 14:46:43 +0300 Subject: [PATCH 37/57] Use Optional in CertificateData WE2-931 Signed-off-by: Mart Somermaa --- example/pom.xml | 2 +- .../security/WebEidAuthentication.java | 19 ++++++++++++------- .../example/service/SigningService.java | 16 +++++++++------- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/example/pom.xml b/example/pom.xml index 97390351..ff4bc685 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -19,7 +19,7 @@ 17 3.2.5 - 3.0.1 + 3.0.2-SNAPSHOT 5.3.0 1.44 3.4.2 diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java index 59ab2a73..c039007e 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java @@ -22,15 +22,16 @@ package eu.webeid.example.security; +import eu.webeid.security.certificate.CertificateData; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; -import eu.webeid.security.certificate.CertificateData; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.List; import java.util.Objects; +import java.util.Optional; public class WebEidAuthentication extends PreAuthenticatedAuthenticationToken implements Authentication { @@ -38,7 +39,8 @@ public class WebEidAuthentication extends PreAuthenticatedAuthenticationToken im public static Authentication fromCertificate(X509Certificate userCertificate, List authorities) throws CertificateEncodingException { final String principalName = getPrincipalNameFromCertificate(userCertificate); - final String idCode = Objects.requireNonNull(CertificateData.getSubjectIdCode(userCertificate)); + final String idCode = CertificateData.getSubjectIdCode(userCertificate) + .orElseThrow(() -> new CertificateEncodingException("Certificate does not contain subject ID code")); return new WebEidAuthentication(principalName, idCode, authorities); } @@ -52,12 +54,15 @@ private WebEidAuthentication(String principalName, String idCode, List givenName = CertificateData.getSubjectGivenName(userCertificate); + final Optional surname = CertificateData.getSubjectSurname(userCertificate); + + if (givenName.isPresent() && surname.isPresent()) { + return givenName.get() + ' ' + surname.get(); + } else { // Organization certificates do not have given name and surname fields. - return Objects.requireNonNull(CertificateData.getSubjectCN(userCertificate)); + return CertificateData.getSubjectCN(userCertificate) + .orElseThrow(() -> new CertificateEncodingException("Certificate does not contain subject CN")); } } diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index e96af33a..507b4b39 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -90,15 +90,17 @@ private HttpSession currentSession() { * @return data to be signed */ public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentication authentication) throws CertificateException, NoSuchAlgorithmException, IOException { - X509Certificate certificate = certificateDTO.toX509Certificate(); - if (!authentication.getIdCode().equals(CertificateData.getSubjectIdCode(certificate))) { + final X509Certificate certificate = certificateDTO.toX509Certificate(); + final String signingIdCode = CertificateData.getSubjectIdCode(certificate) + .orElseThrow(() -> new RuntimeException("Certificate does not contain subject ID code")); + if (!signingIdCode.equals(authentication.getIdCode())) { throw new IllegalArgumentException("Authenticated subject ID code differs from " + "signing certificate subject ID code"); } - FileDTO fileDTO = FileDTO.getExampleForSigningFromResources(); - Container containerToSign = getContainerToSign(fileDTO); - String containerName = generateContainerName(fileDTO.getName()); + final FileDTO fileDTO = FileDTO.getExampleForSigningFromResources(); + final Container containerToSign = getContainerToSign(fileDTO); + final String containerName = generateContainerName(fileDTO.getName()); currentSession().setAttribute(SESSION_ATTR_CONTAINER, containerToSign); currentSession().setAttribute(SESSION_ATTR_FILE, fileDTO); @@ -113,7 +115,7 @@ public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentic "' is not supported. Supported algorithms are: " + String.join(", ", certificateDTO.getSupportedHashFunctionNames())); } - DataToSign dataToSign = SignatureBuilder + final DataToSign dataToSign = SignatureBuilder .aSignature(containerToSign) .withSignatureProfile(SignatureProfile.LT) // AIA OCSP is supported for signatures with LT or LTA profile. .withSigningCertificate(certificate) @@ -127,7 +129,7 @@ public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentic final byte[] digest = signatureDigestAlgorithm.getDssDigestAlgorithm().getMessageDigest() .digest(dataToSign.getDataToSign()); - DigestDTO digestDTO = new DigestDTO(); + final DigestDTO digestDTO = new DigestDTO(); digestDTO.setHash(DatatypeConverter.printBase64Binary(digest)); digestDTO.setHashFunction(digestAlgorithmName); From eaa6fedeb608e63d19a28e5c868c527a88a8bae1 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Wed, 1 May 2024 15:29:44 +0300 Subject: [PATCH 38/57] Add new TEST ORG certificate issuers WE2-924 Signed-off-by: Raul Metsma --- .../resources/certs/dev/TEST_ORG_2021E.cer | 22 +++++++++++ .../resources/certs/dev/TEST_ORG_2021R.cer | 39 +++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 example/src/main/resources/certs/dev/TEST_ORG_2021E.cer create mode 100644 example/src/main/resources/certs/dev/TEST_ORG_2021R.cer diff --git a/example/src/main/resources/certs/dev/TEST_ORG_2021E.cer b/example/src/main/resources/certs/dev/TEST_ORG_2021E.cer new file mode 100644 index 00000000..bf399a95 --- /dev/null +++ b/example/src/main/resources/certs/dev/TEST_ORG_2021E.cer @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDoDCCAwOgAwIBAgIQcyqWqJYuHMpg+S/gNJArMTAKBggqhkjOPQQDAzBuMQsw +CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh +DA5OVFJFRS0xMDc0NzAxMzEpMCcGA1UEAwwgVEVTVCBvZiBTSyBJRCBTb2x1dGlv +bnMgUk9PVCBHMUUwHhcNMjEwNzIyMDg0NDE2WhcNMzYwNzIyMDg0NDE2WjBvMQsw +CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh +DA5OVFJFRS0xMDc0NzAxMzEqMCgGA1UEAwwhVEVTVCBvZiBTSyBJRCBTb2x1dGlv +bnMgT1JHIDIwMjFFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPN17jh+wlx7U0fND +5Vd+xix//r/XXBrK2JPgzXPT3ApkHQwBuMMcRAT3xTZ0UtiRbfo6mClvtZdyEcyf +qw8xUd7rZ/jJHkHE+Ea/5x8sZtgBRRBdga932N40gkRuTfdEo4IBYzCCAV8wHwYD +VR0jBBgwFoAU4hzeY9y++IR+ATsuS4Cx4X/V8eYwHQYDVR0OBBYEFEmnHNBblRgz +FcEe8pie53tLDoZpMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEA +MGwGCCsGAQUFBwEBBGAwXjAiBggrBgEFBQcwAYYWaHR0cDovL2RlbW8uc2suZWUv +b2NzcDA4BggrBgEFBQcwAoYsaHR0cDovL2Muc2suZWUvVEVTVF9TS19ST09UX0cx +XzIwMjFFLmRlci5jcnQwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2Muc2suZWUv +VEVTVF9TS19ST09UX0cxXzIwMjFFLmNybDBQBgNVHSAESTBHMEUGBFUdIAAwPTA7 +BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuc2tpZHNvbHV0aW9ucy5ldS9lbi9yZXBv +c2l0b3J5L0NQUy8wCgYIKoZIzj0EAwMDgYoAMIGGAkFeLgoCd2OgKM/9YM2eizwD +Mdb8DIE2aX9a5czWUXypSa+fA5HXry4oAFqY3ed7TWrgaX+RgD4ejuHDJUN3fVmb +zwJBHI1S8XxeM2+c0YUJQMU1SY2VVcVax6110r1aBDr90RAF2a9H8sKRVYtz21lC +bM/wb9Lg61nkctY91DVjvWMj138= +-----END CERTIFICATE----- diff --git a/example/src/main/resources/certs/dev/TEST_ORG_2021R.cer b/example/src/main/resources/certs/dev/TEST_ORG_2021R.cer new file mode 100644 index 00000000..6eb80913 --- /dev/null +++ b/example/src/main/resources/certs/dev/TEST_ORG_2021R.cer @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIGzDCCBLSgAwIBAgIQPadGvT+ZiMRhHPzivWSWBDANBgkqhkiG9w0BAQwFADBu +MQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYD +VQRhDA5OVFJFRS0xMDc0NzAxMzEpMCcGA1UEAwwgVEVTVCBvZiBTSyBJRCBTb2x1 +dGlvbnMgUk9PVCBHMVIwHhcNMjEwODE4MTIyODE4WhcNMzYwODE4MTIyODE4WjBv +MQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYD +VQRhDA5OVFJFRS0xMDc0NzAxMzEqMCgGA1UEAwwhVEVTVCBvZiBTSyBJRCBTb2x1 +dGlvbnMgT1JHIDIwMjFSMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +vRcXPfY+T3pZl0ou0HQ76GEcOSqa8LmktDjFlWRlessGR+A70AiNw1k6s98Ic6wv +u+KUnRSdXCu+QANnkJVr75+W4heWAgJL0aOwDsBRIqn/aFiaW49+7Vw8zdlH6LnU +8YFDTvjy7tgX1ZyqFI9s31MJ84p9YH+DOwEYB8VMdkwa9wVBIu3oDh9hCTVUZtZF +G/yOI0/Tu9eKRbLSK6Je/op2IvEXqZwZVnWpR/yAAfyYOsY6/t9iieCknvQtWXnu +pxMm9HybUoOqHQ6QKz0nTY4As0sDuNom0aVmHeNR7W+ebJtiU8H/zqr+yR46qauD +QSrVqBlKfR7ZGLGPxvW38qfQpoQ2okaR+bUrrAcscJidwT3+0n1+2t4jSX6OTXu2 +HsPjk7dmcrGhTtQh2BcjbhHit+nOS3BuB1QOJ8tXsdj1nsaHPae6ZeH/KbMetBeh +BCwpXcNP3aR+AfVJWzgLObZSrqeCzGsfSfBQvracTjZzJp9NGXTZBe9MzcYomr2d +I7mqt/wa5N6i7eDa75cv+FncGrRKJkQ1JRRPynGcQK/dOVrmjjdeJGf6vgqWP/WI +KTuXYdovCnvXhO+PuOifRiP0scnWN+YXR7R3EXT50rk79lNrOOzcqmft3B2EVsVI +BPJTwjnSiNXZRHSoedOPJEInLQ7sP9uDWbqMd04/yYUCAwEAAaOCAWMwggFfMB8G +A1UdIwQYMBaAFMaIk1tHkln1YUO+2L6I5FaPti5RMB0GA1UdDgQWBBSJNpEi++WV +9vJUbwBlF9+7AA6VxTAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIB +ADBsBggrBgEFBQcBAQRgMF4wIgYIKwYBBQUHMAGGFmh0dHA6Ly9kZW1vLnNrLmVl +L29jc3AwOAYIKwYBBQUHMAKGLGh0dHA6Ly9jLnNrLmVlL1RFU1RfU0tfUk9PVF9H +MV8yMDIxUi5kZXIuY3J0MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jLnNrLmVl +L1RFU1RfU0tfUk9PVF9HMV8yMDIxUi5jcmwwUAYDVR0gBEkwRzBFBgRVHSAAMD0w +OwYIKwYBBQUHAgEWL2h0dHBzOi8vd3d3LnNraWRzb2x1dGlvbnMuZXUvZW4vcmVw +b3NpdG9yeS9DUFMvMA0GCSqGSIb3DQEBDAUAA4ICAQCInhE2mlWOwF5ZgXEgBP4G +rVAp7SLyqOoeeIB1PkTX9zZTN7zm+G1T9jYBYAbskIKsIQYz8Rg/HaXkg1MDl1lf +7M9CYbWTZanOPzSfAUS1u49pnyKr74DIRCo2bdD4e2ofS5y/uMu3qE1wClzO6TJo +oJtX1PGTptqKclZywxAVeoCisT1f48PW6dq0b5i6LTtDTDSSKGUgvdm18af0TSMn +kozsxIWzY06TmDfJvlPB12h8vIlzBZXHoVH89wBtffV1uVpc8btyZqqYnqPivXSM +clQMuTmJSZjZoOQ695JqN92kSy8aDc9Bxqb+XsBmmjr26nvvW54y68TUZSz1D29n +eBPy0DB60ZAFRgtyfanlPZL8KymBan45u88rE5S3GOl0kbkYOmsIoCv4BHILxlQl +ddFY+BGkDwM8bEQ480AERTXcp+4rXUj80kXIsa5NR5z2+LaDvy2j3tVcY7iRkdIU +nVWYwxEEgU0dbzxl+LlSx/ad9dGzbhvhsEiq93jz2qJdpsC6EiBlBGCRyfwEgv8a +CqDTAJNqnY3+UzTzYds1HlMfxSyzoi01zyfN4DtWl2RTCslBZ0/XLnn4HaTSU5Bq +wESseW9CPJRaO+W3ERsSRAW9tjDuEuBxWAN91OWlkk6GpLJkr3/4UcO85pVgNJf3 +Q4sZkdHlzV6yY/Cq1S+b9Q== +-----END CERTIFICATE----- From 566c7acd3d987d584dc84fc8c4df267321c7c4a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=20S=C3=B5mermaa?= Date: Fri, 31 May 2024 14:42:55 +0300 Subject: [PATCH 39/57] Update Web eID group ID to eu.webeid.security, amend REAME (#51) WE2-899 Signed-off-by: Mart Somermaa Co-authored-by: Mart Somermaa --- example/README.md | 4 +++- example/pom.xml | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/example/README.md b/example/README.md index 5ab2297b..a9d34d26 100644 --- a/example/README.md +++ b/example/README.md @@ -17,7 +17,7 @@ Web eID only works over a HTTPS connection with a trusted HTTPS certificate. You can either setup a reverse HTTPS proxy during development or, alternatively, configure HTTPS support directly in the bundled web server. HTTPS configuration is described in more detail in section _[HTTPS support](#https-support)_ below. -You can use, for example, [_ngrok_](https://ngrok.com/) or [_localtunnel_](https://theboroer.github.io/localtunnel-www/) to get a reverse HTTPS proxy. Download _ngrok_ and run it in a terminal window by providing the protocol and Spring Boot application port arguments as follows: +You can use solutions like [_ngrok_](https://ngrok.com/), [_localtunnel_](https://theboroer.github.io/localtunnel-www/), or any other reverse HTTPS proxy tool. For example, with _ngrok_, download and run it in a terminal window by providing the protocol and the Spring Boot application port arguments as follows: ngrok http 8080 @@ -33,6 +33,8 @@ web-eid-auth-token: local-origin: "https://<>" ``` +**Note that the origin URL must not end with a slash `/`**. + ### 3. Configure the trusted certificate authority certificates The algorithm, which performs the validation of the Web eID authentication token, needs to know which intermediate certificate authorities (CA) are trusted to issue the eID authentication certificates. CA certificates are loaded either from `.cer` files in the profile-specific subdirectory of the [`certs` resource directory](src/main/resources/certs) or the [truststore file](src/main/resources/certs/prod/trusted_certificates.jks). By default, Estonian eID test CA certificates are included in the `dev` profile and production CA certificates in the `prod` profile. diff --git a/example/pom.xml b/example/pom.xml index ff4bc685..8cc91356 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -5,12 +5,12 @@ org.springframework.boot spring-boot-starter-parent - 3.2.4 + 3.3.0 eu.webeid.example web-eid-springboot-example - 3.0.0-SNAPSHOT + 3.1.0 web-eid-springboot-example Example Spring Boot application that demonstrates how to use Web eID for authentication and digital signing @@ -19,7 +19,7 @@ 17 3.2.5 - 3.0.2-SNAPSHOT + 3.1.0 5.3.0 1.44 3.4.2 @@ -45,7 +45,7 @@ ${digidoc4j.version} - org.webeid.security + eu.webeid.security authtoken-validation ${webeid.version} From 4b08fc871b533fe63a23c3053c527b95aa2044e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=20S=C3=B5mermaa?= Date: Mon, 3 Jun 2024 08:25:28 +0300 Subject: [PATCH 40/57] Add Belgian test CA certs, bump Docker image to 3.1.0 and update paths in README.md (#52) WE2-886, WE2-808 Signed-off-by: Mart Somermaa Co-authored-by: Mart Somermaa --- example/README.md | 6 +++--- example/docker-compose.yml | 2 +- .../certs/dev/eID-TEST-EC-Citizen-CA.cer | 19 +++++++++++++++++++ .../certs/dev/eID-TEST-EC-Root-CA.cer | 14 ++++++++++++++ 4 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 example/src/main/resources/certs/dev/eID-TEST-EC-Citizen-CA.cer create mode 100644 example/src/main/resources/certs/dev/eID-TEST-EC-Root-CA.cer diff --git a/example/README.md b/example/README.md index a9d34d26..f0e66519 100644 --- a/example/README.md +++ b/example/README.md @@ -110,7 +110,7 @@ There is also a Docker Compose configuration file `docker-compose.yml` in the ro The source code folder `src` contains the application source code and resources in the `main` subdirectory and tests in the `test` subdirectory. -The `src/main/java/org/webeid/example` directory contains the Spring Boot application Java class and the following subdirectories: +The `src/main/java/eu/webeid/example` directory contains the Spring Boot application Java class and the following subdirectories: - `config`: Spring and HTTP security configuration, Web eID authentication token validation library configuration, trusted CA certificates loading etc, - `security`: Web eID authentication token validation library integration with Spring Security via an `AuthenticationProvider` and `AuthenticationProcessingFilter`, @@ -144,13 +144,13 @@ Spring Security has CSRF protection enabled by default. Web eID requires CSRF pr ### Integration with Web eID components -Detailed overview of Java code changes required for integrating Web eID authentication token validation is available in the [_web-eid-authtoken-validation-java_ library README](https://github.com/web-eid/web-eid-authtoken-validation-java/blob/main/README.md). There are instructions for configuring the nonce generator, trusted certificate authority certificates, authentication token validator, Spring Security authentication integration and REST endpoints. The corresponding Java code is in the `src/main/java/org/webeid/example/{config,security,web/rest}` directories. +Detailed overview of Java code changes required for integrating Web eID authentication token validation is available in the [_web-eid-authtoken-validation-java_ library README](https://github.com/web-eid/web-eid-authtoken-validation-java/blob/main/README.md). There are instructions for configuring the nonce generator, trusted certificate authority certificates, authentication token validator, Spring Security authentication integration and REST endpoints. The corresponding Java code is in the `src/main/java/eu/webeid/example/{config,security,web/rest}` directories. A similar overview of JavaScript and HTML code changes required for authentication and digital signing with Web eID is available in the [web-eid.js library README](https://github.com/web-eid/web-eid.js/blob/main/README.md). The corresponding JavaScript and HTML code is in the `src/resources/{static,templates}` directories. ### Integration with DigiDoc4j components -Java code examples that show how to create and sign data containers that hold signed file objects and digital signatures is available in the [DigiDoc4j wiki](https://github.com/open-eid/digidoc4j/wiki/Examples-of-using-it). Further information and links to the API documentation is available in the project [README](https://github.com/open-eid/digidoc4j/blob/master/README.md). The corresponding Java code is in the `src/main/java/org/webeid/example/{service,web/rest}` directories. +Java code examples that show how to create and sign data containers that hold signed file objects and digital signatures is available in the [DigiDoc4j wiki](https://github.com/open-eid/digidoc4j/wiki/Examples-of-using-it). Further information and links to the API documentation is available in the project [README](https://github.com/open-eid/digidoc4j/blob/master/README.md). The corresponding Java code is in the `src/main/java/eu/webeid/example/{service,web/rest}` directories. #### Using the Certificates' _Authority Information Access_ (AIA) extension in DigiDoc4j diff --git a/example/docker-compose.yml b/example/docker-compose.yml index bae7f83d..239d19a0 100644 --- a/example/docker-compose.yml +++ b/example/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: web-eid-springboot-example: - image: web-eid-springboot-example:3.0.0-SNAPSHOT + image: web-eid-springboot-example:3.1.0 restart: always environment: JAVA_TOOL_OPTIONS: '-Dspring.profiles.active=prod' diff --git a/example/src/main/resources/certs/dev/eID-TEST-EC-Citizen-CA.cer b/example/src/main/resources/certs/dev/eID-TEST-EC-Citizen-CA.cer new file mode 100644 index 00000000..06456b7a --- /dev/null +++ b/example/src/main/resources/certs/dev/eID-TEST-EC-Citizen-CA.cer @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDKTCCAq+gAwIBAgIIcND8I1qptLUwCgYIKoZIzj0EAwMwKzELMAkGA1UEBhMC +QkUxHDAaBgNVBAMME2VJRCBURVNUIEVDIFJvb3QgQ0EwIBcNMDcwNDMwMjIwMDIw +WhgPMjA4NzA0MTAyMjAwMjBaMC4xCzAJBgNVBAYTAkJFMR8wHQYDVQQDDBZlSUQg +VEVTVCBFQyBDaXRpemVuIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJAiNoOQf +Y0r8N6JVPMLedXyRZ7MwppGwQ9ZxFzLjVsbeKuUvqEFR0yKKyEidXc875m4UF5lR +pf/FSWagg2IXGWrypnRZkgnNVP6s5W2LzKdV09hd6v7O8j/8knfHOj+No4IBmTCC +AZUwHQYDVR0OBBYEFN2zf+OaGY5ZyRFWAi31+p1v3oRLMB8GA1UdIwQYMBaAFCHA +clfKHAQEGR3ZjH4+tYPrrBwCMA4GA1UdDwEB/wQEAwIBBjBIBgNVHSAEQTA/MD0G +BmA4DAEBAjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNj +YXJkcy5iZS9jZXJ0MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBCBgNV +HR8EOzA5MDegNaAzhjFodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZS9j +cmwvcm9vdGNhRUMuY3JsMIGBBggrBgEFBQcBAQR1MHMwPgYIKwYBBQUHMAKGMmh0 +dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlL2NlcnQvcm9vdGNhRUMuY3J0 +MDEGCCsGAQUFBzABhiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZTo4 +ODg4MBIGA1UdEwEB/wQIMAYBAf8CAQAwCgYIKoZIzj0EAwMDaAAwZQIxAOMiiByF +0aLEA6zUrobMw7aSH5o2u1hGVMe0AL4ezYztRdfxvXVU+m1JosBVBDDjeAIwYJJN +7bLWw8BVi/lkxRjKL/+zAJP6djGywXI1pVh4HKb0D+tipq5StO+QnM8cnPmg +-----END CERTIFICATE----- diff --git a/example/src/main/resources/certs/dev/eID-TEST-EC-Root-CA.cer b/example/src/main/resources/certs/dev/eID-TEST-EC-Root-CA.cer new file mode 100644 index 00000000..3908e4c7 --- /dev/null +++ b/example/src/main/resources/certs/dev/eID-TEST-EC-Root-CA.cer @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICNDCCAbugAwIBAgIBATAKBggqhkjOPQQDAzArMQswCQYDVQQGEwJCRTEcMBoG +A1UEAwwTZUlEIFRFU1QgRUMgUm9vdCBDQTAgFw0wNzA0MzAyMjAwMTBaGA8yMDg4 +MDQwOTIyMDAxMFowKzELMAkGA1UEBhMCQkUxHDAaBgNVBAMME2VJRCBURVNUIEVD +IFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASYqtYIKayPGXFNDaGkPdCa +dQCSC8D2W8aKE7xh850ykG0bJXMV7IaKZWo0ZXUb55g9S95gjDNeZ0iNo75dY/mW +oozI6I2l106OdPL+yAcHI6id4uR7Fd0nQxeBICdmjnCjgbAwga0wHQYDVR0OBBYE +FCHAclfKHAQEGR3ZjH4+tYPrrBwCMB8GA1UdIwQYMBaAFCHAclfKHAQEGR3ZjH4+ +tYPrrBwCMA4GA1UdDwEB/wQEAwIBBjBHBgNVHSAEQDA+MDwGBWA4DAEBMDMwMQYI +KwYBBQUHAgEWJWh0dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlL2NlcnQw +EgYDVR0TAQH/BAgwBgEB/wIBATAKBggqhkjOPQQDAwNnADBkAjBM2P48H8f2FY0N +Hm1uAdgXwYoBRkUFOq8Kccd7l6Y8RavzAkMQmLgVF3s5euuv6fcCMCW4UGWpnOTO +A+t4V9/+kPMjGqgC9Uw4nOKkwkwQs3IeWfc7Na6l+U8r4M7VH49/cw== +-----END CERTIFICATE----- From e5a99b02fb00f67af43d5e1a0df5c10537161a54 Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Fri, 14 Jun 2024 07:13:49 +0300 Subject: [PATCH 41/57] Add noble support IB-7869 Signed-off-by: Kristel Merilain --- .../resources/static/scripts/download-install-web-eid.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index c9b3fe9a..7842c55a 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -62,8 +62,9 @@ test_sudo # 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 # 23.10 mantic - 2024-07 -LATEST_SUPPORTED_UBUNTU_CODENAME='mantic' -LATEST_SUPPORTED_UBUNTU_VERSION='23.10' +# 24.04 noble - 2029-04 +LATEST_SUPPORTED_UBUNTU_CODENAME='noble' +LATEST_SUPPORTED_UBUNTU_VERSION='24.04' # Check the distro and release. distro=$(lsb_release -is | tr '[:upper:]' '[:lower:]') @@ -98,7 +99,7 @@ case $distro in utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|kinetic|lunar) make_fail "Ubuntu $codename is not officially supported" ;; - focal|jammy|mantic) + focal|jammy|mantic|noble) make_install $release ;; *) From 1b6b995c1f1581200a2d47ff9572857689383952 Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Thu, 1 Aug 2024 13:03:18 +0300 Subject: [PATCH 42/57] Remove mantic support (#54) Signed-off-by: Kristel Merilain --- .../resources/static/scripts/download-install-web-eid.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh index 7842c55a..56b60f86 100755 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ b/example/src/main/resources/static/scripts/download-install-web-eid.sh @@ -61,7 +61,6 @@ test_sudo # version name LTS supported until # 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 -# 23.10 mantic - 2024-07 # 24.04 noble - 2029-04 LATEST_SUPPORTED_UBUNTU_CODENAME='noble' LATEST_SUPPORTED_UBUNTU_VERSION='24.04' @@ -96,10 +95,10 @@ case $distro in *) ;; esac case $codename in - utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|kinetic|lunar) + utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|kinetic|lunar|mantic) make_fail "Ubuntu $codename is not officially supported" ;; - focal|jammy|mantic|noble) + focal|jammy|noble) make_install $release ;; *) From 8947ab3f6d29074a5ad05e1586d2780021b49a2d Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Thu, 3 Oct 2024 08:50:16 +0300 Subject: [PATCH 43/57] Update and rename download-install-web-eid.sh to install-web-eid.sh (#55) Signed-off-by: Kristel Merilain --- .../scripts/download-install-web-eid.sh | 156 ------------ .../static/scripts/install-web-eid.sh | 231 ++++++++++++++++++ 2 files changed, 231 insertions(+), 156 deletions(-) delete mode 100755 example/src/main/resources/static/scripts/download-install-web-eid.sh create mode 100755 example/src/main/resources/static/scripts/install-web-eid.sh diff --git a/example/src/main/resources/static/scripts/download-install-web-eid.sh b/example/src/main/resources/static/scripts/download-install-web-eid.sh deleted file mode 100755 index 56b60f86..00000000 --- a/example/src/main/resources/static/scripts/download-install-web-eid.sh +++ /dev/null @@ -1,156 +0,0 @@ -#!/bin/bash -# -# This script downloads and installs Web eID in .deb based Linux distributions. -# License: public domain. -# Based on https://github.com/open-eid/linux-installer/blob/master/install-open-eid.sh - -set -eu - -test_sudo() { - if ! command -v sudo>/dev/null; then - make_fail "You must have sudo and be in sudo group\nAs root do: apt-get install sudo && adduser $USER sudo" - fi -} - -test_root() { - if test $(id -u) -eq 0; then - echo "You run this script as root. DO NOT RUN RANDOM SCRIPTS AS ROOT." - exit 2 - fi -} - -make_fail() { - echo -e "$1" - exit 3 -} - -make_warn() { - echo "### $1" - echo "Press ENTER to continue, CTRL-C to cancel" - read -r dummy -} - -make_install() { - echo "Installing Web eID packages for Ubuntu $1" - TMPDIR=`mktemp -d` - cd $TMPDIR - VERSION='2.5.0' - # BUILD=`[[ $1 == *0 ]] && echo 555 || echo 552` - BUILD='642' - UBUNTU_VERSION=${1//./} - wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" - wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid-chrome_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" - wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid-firefox_${VERSION}.${BUILD}-${UBUNTU_VERSION}_all.deb" - wget "https://installer.id.ee/media/web-eid/Ubuntu/web-eid-native_${VERSION}.${BUILD}-${UBUNTU_VERSION}_amd64.deb" - sudo apt install -y ./web-eid*.deb - cd /tmp - rm -r $TMPDIR -} - -### main - -# Check for Debian derivative. -if ! command -v lsb_release>/dev/null; then - make_fail "# Not a Debian Linux derivative, cannot continue." -fi - -# We use sudo. -test_root -test_sudo - -# version name LTS supported until -# 20.04 focal LTS 2025-04 -# 22.04 jammy LTS 2027-04 -# 24.04 noble - 2029-04 -LATEST_SUPPORTED_UBUNTU_CODENAME='noble' -LATEST_SUPPORTED_UBUNTU_VERSION='24.04' - -# Check the distro and release. -distro=$(lsb_release -is | tr '[:upper:]' '[:lower:]') -release=$(lsb_release -rs) -codename=$(lsb_release -cs) - -case $distro in - debian) - make_warn "Debian is not officially supported" - case "$codename" in - bullseye) - make_warn "Debian $codename is not officially supported" - make_warn "Installing from ubuntu-focal repository" - make_install '20.04' - ;; - bookworm) - make_warn "Debian $codename is not officially supported" - make_warn "Installing from ubuntu-jammy repository" - make_install '22.04' - ;; - *) - make_fail "Debian $codename is not officially supported" - ;; - esac - ;; - ubuntu|neon) - case $distro in - neon) make_warn "Neon is not officially supported; assuming that it is equivalent to Ubuntu" ;; - *) ;; - esac - case $codename in - utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|kinetic|lunar|mantic) - make_fail "Ubuntu $codename is not officially supported" - ;; - focal|jammy|noble) - make_install $release - ;; - *) - make_warn "Ubuntu $codename is not officially supported" - make_warn "Trying to install package for Ubuntu ${LATEST_SUPPORTED_UBUNTU_CODENAME}" - make_install ${LATEST_SUPPORTED_UBUNTU_VERSION} - ;; - esac - ;; - linuxmint) - case $release in - 21*) - make_warn "Linux Mint 21 is not officially supported" - make_install '22.04' - ;; - 20*) - make_warn "Linux Mint 20 is not officially supported" - make_install '20.04' - ;; - *) - make_fail "Linux Mint $release is not officially supported" - ;; - esac - ;; - elementary*os|elementary) - case $release in - 7*) - make_warn "Elementary OS 7 is not officially supported" - make_install '22.04' - ;; - *) - make_fail "Elementary OS $release is not officially supported" - ;; - esac - ;; - pop) - case $codename in - artful|cosmic|disco|eoan|bionic) - make_fail "Pop!_OS $codename is not officially supported" - ;; - focal|jammy) - make_warn "Pop!_OS $codename is not officially supported" - make_install $release - ;; - *) - make_warn "Pop!_OS $codename is not officially supported" - make_warn "Trying to install package for Pop!_OS ${LATEST_SUPPORTED_UBUNTU_CODENAME}" - make_install ${LATEST_SUPPORTED_UBUNTU_VERSION} - ;; - esac - ;; - *) - make_fail "$distro is not supported :(" - ;; -esac diff --git a/example/src/main/resources/static/scripts/install-web-eid.sh b/example/src/main/resources/static/scripts/install-web-eid.sh new file mode 100755 index 00000000..83d9a390 --- /dev/null +++ b/example/src/main/resources/static/scripts/install-web-eid.sh @@ -0,0 +1,231 @@ +#!/bin/sh +# This script configures .deb based Linux repositories +# License: public domain +# Script https://github.com/open-eid/linux-installer +# See wiki https://github.com/open-eid/linux-installer/wiki/Linux-Packages +set -e + +# Key used for signing releases +RIA_KEY="""-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: GPGTools - https://gpgtools.org + +mQINBFcrMk4BEADCimHCTTCsBbUL+MtrRGNKEo/ccdjv0hArPqn1yt/7w9BFH17f +kY+w6IFdfD0o1Uc7MOofsF3ROVIsw/mul6k1YUh2HxtKmsVOMLE0eWHShvMlXKDV +1H1dCAk3A2c7nmzTedJaMMu+cLCRpt9zpmF1kG4i07UuyBxpRmolq/+hYa2JHPw4 +CFDW0s1T/rF1KUTbGHQKhT9Qek2tTsHQn4C33QUnCMkb3HCbDQksW69FoLiwa3am +fAgGSOI8iZ3uofh3LU9kEy6dL6ZFKUevOETlDidHaNNDhC8g0seMkMLTuSmWc64X +DTobStcuZcHtakzeWZ/V2kXouhUsgXOMxhPGHFkfd+qqk3LGqZ29wTK2bYyTjCsD +gYPO2YHGmCzLzH9DgHNfjDWzeAWClg5PO/oB5sg5fYMwmHJtLeqGJarFKl22p9/K +odRruGQiGqkHptxwdoNjgvgluiSb6C+dCU5pGU8t+9/+IfqxChltUkI02O6jfPO4 +mweflYBQ8zkXOLPlVIfJnO5xw4wwrh3rV/fXxlNMI+Ni7/zPF61OQ50r/oya6zRR +rSLEAig2lZY+vhbv9WDgJKIPwb8oe13d1UCRDdtkj70MBQFh1m6RFzDXy4821U9w +TRtRy+92UN5jRRkeMb0yaO/EboTRjOy7BToJSVeYGRQy73M2vhxhWXSXrwARAQAB +tClSSUEgU29mdHdhcmUgU2lnbmluZyBLZXkgPHNpZ25pbmdAcmlhLmVlPokCNwQT +AQoAIQUCVysyTgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDpqyFNxsg9 +aJJ9D/sGXNgFsEvbGEYlKtrhY9ungOBk7B5iH/Nxy+yMjIZY9mLdp9RMEO6oZFam +3vC+3o01veRUkf0KRDjtDAK2c358aHsNAVcFXfJk950OuqUzywZvuNwlCOMCYZ41 +KBUfcwebhqiqMDzOLnx2mwUvV0OQGKgpqQes1+LE0pI2ySsgUyTp50mvLt8e9yXq +1uO82WzmAYcR8VGOViavjtV8ZF4X09d1ugZAWeOsZHdjl7Yb/aUy4WW35wQsHmo8 +Tro6KuG9KgvrNM798gdhwA6kt29B2YGGTQGODwIt8jydN2o0P3UhpVW+C+60Axqw +jSnPOJFPNVsRJ5se9PvhJS0xmUVOttRJFU74FmsK4dArG4pqMjBzXReEk9Pz03FW +9EbD8PY+n/hrp2zp7kEa5umzLJePi3117r06OkiQoI0Wfmi3bISBe0oN2lS7QUBo +DUursJNSMKpEhQBc3lPsyKoZwb73fl86iOm5/GpdMkKBXOQzGbgJV96I+s6ZemQ4 +psbxQCWStcwLnenkKEU2eezP9codmtRivRftx9+/xt9DxIfbtvZMPsrG6+EI+Ovo +onO6lMgnQJmxhjJ5FUwyBn27b41LDUnQhdMHtSwr7HCyU/ufnte1dQQy+xxYH4fG +oafemhM54Tx0fi47HruFu+DjSLECP57TVAVFJTyn6wr4U2Lya7kCDQRXKzJOARAA +q1I36MBmlWenlq9ZqwAvA0kT1l4uyrkj7EIpPXNmkkMYtW3jHWe/4M4k6b0NmNnj +FoaPmK86b037AoODd40xQYWV3Y5arwSfcZPYx35/+uiim4vykNI7u9MMujHDvMvV +AE2RXK/s1Lj+7B37H9AkcpAdj+YngYEKrVjzUbiPJXisbEc/g94F56YqbnGB1g6Y +pMXSGC1SvaYCBnUyWzLlmHYlib36R3dWXmpuQuTTn65QQU1jIKm5na7c37AP6k7G +RBthPmDveXV+UFlWBl3ybqhVcf7svGcSLf/n7ekF9PlUEDoQ+4rA+mQARS138R3I +WbZAB7KOTBrLPpPvKXvbq5r1/wfArBbKxOiB7c4xlejqeRbXFig4acQHK7vDfrIG +yA6hyR1H73kp3uFl0SEa/RKsPcYUagkFn3tlUBrX+6/ZuOcowaN9FuShJlMrgk1K +DiPprE7+gwA1fnGo6X/Jto6M6xkeGf0Lj2YZ6B0u2x8BIwSJUDqISd2TJoireMBb +0GQRUyfBDGB9ZDvMvC0SIezw3aEPW68uLadJa98QUGyYWQunIfiKfGzKHhpc4ser +V28WIJ/QJf2oJ3Cp3Ot2DI4qgJbSPkQYcizK/dNXJ6KoUv95i5SEQ82tw0vsytmI +3jZseGWLOnz9+LS41O55JjylDUAgJchroNF7bJZ2DocAEQEAAYkCHwQYAQoACQUC +VysyTgIbDAAKCRDpqyFNxsg9aKrtD/wM9pDDvLeeA6fg5mmAb6dmfhr2hAecbI/n +sGD5qslu0oE11Zj9gwYD5ixhieLbudEWk+YaGsg1/s1vMIEZsAXQYY0kihOBYGtr +heFA7YPzJSac1uwlF+unb7wvW8zYbyjkDpBmuyA08fHOFisHp1A4v4zsaLKZbCy7 +qQJWk8JU7eJnGecAuKnF8Zqpxur2k17QlsaoA3DIUDiSJyQVsFgTAgSkzjdQYVH2 +LVsb3XZeJnOoV1fs0E6kCCDUXtVx2yVzRgLKNnZvbufTKRAjr+mggUH+JOBbrDf/ +zf9Ud8PHBaLJh9+OA3AO310FwiJX0SnZjcCg29C7N0SkuDWowDLjwT8XAikdAsRC +xPZcOJSQjnSrd/X6ZjvDEBNlnY0dBOnuWt3CmwEdIreEJGomGMBE2/mw5ieFhlpN +6pp4Oe8kLl3mpd11RxfY2wW2r1BkxihtV/4pts7kCgSyRb8DwSZVYDHai5OtfeMZ +OTbaIP5/7aWoxd3R4JoKX5zHqY6slzi+MERJmDcIR5v1Np8HGJIHR/10uG3WvQ43 +CBVNV1KxDSWiO99+50ajU2humchuZKucVQUirUGd5ZPijAuZzrQeE9yboEMSB5nj +WxoE6tFHd17wOg+ImAMerVY53I4h0EkmbzPfeszZYR0geGvu4sngt69wJmmTINUC +K2czbpReKw== +=aSyh +-----END PGP PUBLIC KEY BLOCK----- +""" + +add_key() { + # keystring=`echo "$RIA_KEY" | gpg` # XXX: can't be automated, gpg always creates files on disk + keystring="0xC6C83D68 'RIA Software Signing Key '" + echo "Adding key to trusted key set" + echo "$keystring" + echo "$RIA_KEY" | gpg --dearmor | sudo tee /usr/share/keyrings/ria-repository.gpg > /dev/null +} + +test_sudo() { + if ! command -v sudo>/dev/null; then + make_fail "You must have sudo and be in sudo group\nAs root do: apt install sudo && adduser $USER sudo" + fi +} + +test_root() { + if test $(id -u) -eq 0; then + echo "You run this script as root. DO NOT RUN RANDOM SCRIPTS AS ROOT." + exit 2 + fi +} + +# add the given repository into /etc/apt/sources.list.d +add_repository() { + umask 0022 + echo "Adding RIA repository to APT sources list (/etc/apt/sources.list.d/ria-repository.list)" + echo "deb [signed-by=/usr/share/keyrings/ria-repository.gpg] https://installer.id.ee/media/ubuntu/ $1 main" | sudo tee /etc/apt/sources.list.d/ria-repository.list +} + +make_install() { + echo "Installing software (apt update && apt install web-eid)" + sudo apt update + sudo apt install "$@" +} + +make_fail() { + echo "$1" + exit 3 +} + +make_warn() { + echo "### $1" + echo "Press ENTER to continue, CTRL-C to cancel" + read -r dummy +} + +### Install Estonian ID card software + +# check for Debian derivative. +if ! command -v lsb_release>/dev/null; then + make_fail "# Not a Debian Linux :(" +fi + +# we use sudo +test_root +test_sudo + +# version name LTS supported until +# 20.04 focal LTS 2025-04 +# 22.04 jammy LTS 2027-04 +# 24.04 noble - 2029-04 +LATEST_SUPPORTED_UBUNTU_CODENAME='noble' + +# check if Debian or Ubuntu +distro=$(lsb_release -is | tr '[:upper:]' '[:lower:]') +release=$(lsb_release -rs) +codename=$(lsb_release -cs) + +case $distro in + debian) + make_warn "Debian is not officially supported" + echo "### Installing possibly missing https support for APT (apt install apt-transport-https)" + # Debian lacks https support for apt, by default + sudo apt install apt-transport-https + case "$codename" in + bullseye) + make_warn "Debian $codename is not officially supported" + make_warn "Installing from ubuntu-focal repository" + add_repository focal + ;; + bookworm) + make_warn "Debian $codename is not officially supported" + make_warn "Installing from ubuntu-jammy repository" + add_repository jammy + ;; + *) + make_fail "Debian $codename is not officially supported" + ;; + esac + ;; + ubuntu|neon|zorin) + case $distro in + neon) make_warn "Neon is not officially supported; assuming that it is equivalent to Ubuntu" ;; + *) ;; + esac + case $codename in + utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|zorin|kinetic|lunar|mantic) + make_fail "Ubuntu $codename is not officially supported" + ;; + focal|jammy|noble) + add_repository $codename + ;; + *) + make_warn "Ubuntu $codename is not officially supported" + make_warn "Trying to install package for Ubuntu ${LATEST_SUPPORTED_UBUNTU_CODENAME}" + add_repository ${LATEST_SUPPORTED_UBUNTU_CODENAME} + ;; + esac + ;; + linuxmint) + case $release in + 22*) + make_warn "Linux Mint 22 is not officially supported" + add_repository noble + ;; + 21*) + make_warn "Linux Mint 21 is not officially supported" + add_repository jammy + ;; + 20*) + make_warn "Linux Mint 20 is not officially supported" + add_repository focal + ;; + *) + make_fail "Linux Mint $release is not officially supported" + ;; + esac + ;; + elementary*os|elementary) + case $release in + 7*) + make_warn "Elementary OS 7 is not officially supported" + add_repository jammy + ;; + *) + make_fail "Elementary OS $release is not officially supported" + ;; + esac + ;; + pop) + case $codename in + artful|cosmic|disco|eoan|bionic) + make_fail "Pop!_OS $codename is not officially supported" + ;; + focal|jammy) + make_warn "Pop!_OS $codename is not officially supported" + add_repository $codename + ;; + *) + make_warn "Pop!_OS $codename is not officially supported" + make_warn "Trying to install package for Pop!_OS ${LATEST_SUPPORTED_UBUNTU_CODENAME}" + add_repository ${LATEST_SUPPORTED_UBUNTU_CODENAME} + ;; + esac + ;; + *) + make_fail "$distro is not supported :(" + ;; +esac + +add_key +make_install web-eid + +echo +echo "Thank you for using Estonian ID card!" +read -p "Would you like to read instructions on how to configure browsers for using ID-card? (Y/n): " instructions +case $instructions in + [Yy]*|"" ) xdg-open "https://www.id.ee/en/article/ubuntu-id-software-installation-updating-and-removal/#removing-mozilla-firefox";; + * ) ;; +esac From df07380727dda6ed37d7f72fdaee43304a7284f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=20S=C3=B5mermaa?= Date: Tue, 22 Oct 2024 15:54:28 +0300 Subject: [PATCH 44/57] Add v2.6.0 release (#56) Signed-off-by: Mart Somermaa Co-authored-by: Mart Somermaa --- example/pom.xml | 4 ++-- example/src/main/resources/templates/index.html | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/example/pom.xml b/example/pom.xml index 8cc91356..10264a72 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 3.3.0 + 3.3.4 eu.webeid.example @@ -20,7 +20,7 @@ 17 3.2.5 3.1.0 - 5.3.0 + 5.3.1 1.44 3.4.2 diff --git a/example/src/main/resources/templates/index.html b/example/src/main/resources/templates/index.html index 5836d2ea..b13f2cb3 100644 --- a/example/src/main/resources/templates/index.html +++ b/example/src/main/resources/templates/index.html @@ -55,14 +55,14 @@

    Usage

    Download and run the Web eID native app and browser extension installer:
    • on Ubuntu Linux, for Firefox and Chrome, download and execute the
      - download-install-web-eid.sh + install-web-eid.sh script from the console with
      - wget -O - https:///scripts/download-install-web-eid.sh + wget -O - https:///scripts/install-web-eid.sh | bash
      Note: as of the 2.5 version, Web eID supports Firefox installed via Snap.
    • on macOS 12 or later, for Firefox and Chrome from here, + href="https://installer.id.ee/media/web-eid/web-eid_2.6.0.654.dmg">here,
    • on macOS 12 or later, for Safari, install the extension from App Store, @@ -70,7 +70,7 @@

      Usage

    • on Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, for Firefox, Chrome and Edge from here. + href="https://installer.id.ee/media/web-eid/web-eid_2.6.0.900.x64.exe">here.
    From 23b3d00d74ab04684a41397ae9c44db2e28e03b0 Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Tue, 19 Nov 2024 20:21:06 +0200 Subject: [PATCH 45/57] Add oracular support (#57) * Add oracular support Signed-off-by: Kristel Merilain * Noble is LTS --------- Signed-off-by: Kristel Merilain Co-authored-by: Raul Metsma --- .../src/main/resources/static/scripts/install-web-eid.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/example/src/main/resources/static/scripts/install-web-eid.sh b/example/src/main/resources/static/scripts/install-web-eid.sh index 83d9a390..c8c5ea73 100755 --- a/example/src/main/resources/static/scripts/install-web-eid.sh +++ b/example/src/main/resources/static/scripts/install-web-eid.sh @@ -119,8 +119,9 @@ test_sudo # version name LTS supported until # 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 -# 24.04 noble - 2029-04 -LATEST_SUPPORTED_UBUNTU_CODENAME='noble' +# 24.04 noble LTS 2029-04 +# 24.10 oracular - 2025-07 +LATEST_SUPPORTED_UBUNTU_CODENAME='oracular' # check if Debian or Ubuntu distro=$(lsb_release -is | tr '[:upper:]' '[:lower:]') @@ -158,7 +159,7 @@ case $distro in utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|zorin|kinetic|lunar|mantic) make_fail "Ubuntu $codename is not officially supported" ;; - focal|jammy|noble) + focal|jammy|noble|oracular) add_repository $codename ;; *) From 9f5935ee26feadd0c71d46e27cf478a0431a0711 Mon Sep 17 00:00:00 2001 From: Kristel Merilain Date: Mon, 27 Jan 2025 10:23:45 +0200 Subject: [PATCH 46/57] Remove focal support --- .../static/scripts/install-web-eid.sh | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/example/src/main/resources/static/scripts/install-web-eid.sh b/example/src/main/resources/static/scripts/install-web-eid.sh index c8c5ea73..8a2828ce 100755 --- a/example/src/main/resources/static/scripts/install-web-eid.sh +++ b/example/src/main/resources/static/scripts/install-web-eid.sh @@ -117,7 +117,6 @@ test_root test_sudo # version name LTS supported until -# 20.04 focal LTS 2025-04 # 22.04 jammy LTS 2027-04 # 24.04 noble LTS 2029-04 # 24.10 oracular - 2025-07 @@ -135,11 +134,6 @@ case $distro in # Debian lacks https support for apt, by default sudo apt install apt-transport-https case "$codename" in - bullseye) - make_warn "Debian $codename is not officially supported" - make_warn "Installing from ubuntu-focal repository" - add_repository focal - ;; bookworm) make_warn "Debian $codename is not officially supported" make_warn "Installing from ubuntu-jammy repository" @@ -156,10 +150,10 @@ case $distro in *) ;; esac case $codename in - utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|zorin|kinetic|lunar|mantic) + utopic|vivid|wily|trusty|artful|cosmic|disco|xenial|eoan|groovy|hirsute|impish|bionic|zorin|kinetic|lunar|mantic|focal) make_fail "Ubuntu $codename is not officially supported" ;; - focal|jammy|noble|oracular) + jammy|noble|oracular) add_repository $codename ;; *) @@ -179,10 +173,6 @@ case $distro in make_warn "Linux Mint 21 is not officially supported" add_repository jammy ;; - 20*) - make_warn "Linux Mint 20 is not officially supported" - add_repository focal - ;; *) make_fail "Linux Mint $release is not officially supported" ;; @@ -201,10 +191,10 @@ case $distro in ;; pop) case $codename in - artful|cosmic|disco|eoan|bionic) + artful|cosmic|disco|eoan|bionic|focal) make_fail "Pop!_OS $codename is not officially supported" ;; - focal|jammy) + jammy) make_warn "Pop!_OS $codename is not officially supported" add_repository $codename ;; From 7dee5834cb11bda97e8c656901c01f83f5c72de1 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Thu, 20 Mar 2025 21:52:40 +0200 Subject: [PATCH 47/57] Add Thales test ID card intermediate CA to trusted certificates in dev profile WE2-1063 Signed-off-by: Mart Somermaa --- .../resources/certs/dev/TestESTEID2025.cer | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 example/src/main/resources/certs/dev/TestESTEID2025.cer diff --git a/example/src/main/resources/certs/dev/TestESTEID2025.cer b/example/src/main/resources/certs/dev/TestESTEID2025.cer new file mode 100644 index 00000000..ca8933f1 --- /dev/null +++ b/example/src/main/resources/certs/dev/TestESTEID2025.cer @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAregAwIBAgIUNtXxgsJYFy9r5Opm2j2LcsnZYtkwCgYIKoZIzj0EAwMw +XTEZMBcGA1UEAwwQVGVzdCBFRUdvdkNBMjAyNTEXMBUGA1UEYQwOTlRSRUUtMTcw +NjYwNDkxGjAYBgNVBAoMEVpldGVzIEVzdG9uaWEgT8OcMQswCQYDVQQGEwJFRTAe +Fw0yNDExMDQxMjU5NTVaFw0zOTExMDMxMjU5NTRaMFwxGDAWBgNVBAMMD1Rlc3Qg +RVNURUlEMjAyNTEXMBUGA1UEYQwOTlRSRUUtMTcwNjYwNDkxGjAYBgNVBAoMEVpl +dGVzIEVzdG9uaWEgT8OcMQswCQYDVQQGEwJFRTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABC8Uc5s70j1iWMZNbQyVYpDmwp4Ad5HlQmFB9noY2yBeDKL2KHKQG31SDTbo +KlBz7JUWsmaxF1Vj6ZkKAwcltO2cBnEU1B5H8hWgk5Un61GZxhX2wPkwJLm7vjyi +dKmftqOCATcwggEzMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAU4Vbf +rsSXORfv3goMbOVys4vVchAwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzAChi1o +dHRwOi8vY3J0LXRlc3QuZWlkcGtpLmVlL3Rlc3RFRUdvdkNBMjAyNS5jcnQwQgYD +VR0gBDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0dHBzOi8vcmVwb3NpdG9y +eS10ZXN0LmVpZHBraS5lZTA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY3JsLXRl +c3QuZWlkcGtpLmVlL3Rlc3RFRUdvdkNBMjAyNS5jcmwwHQYDVR0OBBYEFO7ylT+M +svxRnoTm5l6EEX5CuiA2MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBl +AjEA3qECw4GIfbeoC5cFhtiPJRfFlzsjRGVBtQTH6DNbZsm+EF6Gc28/iZFX1H6n +UTRlAjAiwooqEyVbxA1KqT6PwVl1BXNbF59j6MaiNR43dYeJxrdOnxleR50EVdIC +DJFEm2E= +-----END CERTIFICATE----- \ No newline at end of file From 2f2684d6573224ec66b60789552d3a4c2aadd21b Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 21 Mar 2025 15:29:31 +0200 Subject: [PATCH 48/57] Update copyright year to 2025 WE2-1072 Signed-off-by: Mart Somermaa --- .../WebEidSpringbootExampleApplication.java | 2 +- .../config/ApplicationConfiguration.java | 2 +- .../config/SameSiteCookieConfiguration.java | 2 +- .../SessionBackedChallengeNonceStore.java | 2 +- .../config/ValidationConfiguration.java | 2 +- .../eu/webeid/example/config/YAMLConfig.java | 2 +- .../AuthTokenDTOAuthenticationProvider.java | 2 +- .../WebEidAjaxLoginProcessingFilter.java | 2 +- .../security/WebEidAuthentication.java | 2 +- .../AjaxAuthenticationFailureHandler.java | 2 +- .../AjaxAuthenticationSuccessHandler.java | 2 +- .../example/security/dto/AuthTokenDTO.java | 2 +- .../example/service/SigningService.java | 2 +- .../example/service/dto/CertificateDTO.java | 2 +- .../example/service/dto/ChallengeDTO.java | 2 +- .../webeid/example/service/dto/DigestDTO.java | 2 +- .../webeid/example/service/dto/FileDTO.java | 2 +- .../service/dto/SignatureAlgorithmDTO.java | 2 +- .../example/service/dto/SignatureDTO.java | 2 +- .../webeid/example/web/IndexController.java | 2 +- .../webeid/example/web/WelcomeController.java | 2 +- .../example/web/rest/ChallengeController.java | 2 +- .../example/web/rest/SigningController.java | 2 +- .../src/main/resources/static/js/errors.js | 2 +- .../AuthenticationRestControllerTest.java | 2 +- .../eu/webeid/example/WebApplicationTest.java | 2 +- .../WebEidAjaxLoginProcessingFilterTest.java | 22 +++++++++++++++++++ .../security/WebEidAuthenticationTest.java | 22 +++++++++++++++++++ .../eu/webeid/example/testutil/Dates.java | 2 +- .../webeid/example/testutil/HttpHelper.java | 2 +- .../webeid/example/testutil/ObjectMother.java | 2 +- 31 files changed, 73 insertions(+), 29 deletions(-) diff --git a/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java b/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java index f82bac09..5fe5195a 100644 --- a/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java +++ b/example/src/main/java/eu/webeid/example/WebEidSpringbootExampleApplication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java index d93c942e..1728628b 100644 --- a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java b/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java index 79401654..74602523 100644 --- a/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/SameSiteCookieConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java index cb4654d2..2d57e1f5 100644 --- a/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java +++ b/example/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java index dbe21ee5..3e36793d 100644 --- a/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java +++ b/example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java index 35905f0c..234a8569 100644 --- a/example/src/main/java/eu/webeid/example/config/YAMLConfig.java +++ b/example/src/main/java/eu/webeid/example/config/YAMLConfig.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java b/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java index 9965ff37..274a47bf 100644 --- a/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java +++ b/example/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java index cc47f86a..4782ee93 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java index c039007e..5ba3ebf7 100644 --- a/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java +++ b/example/src/main/java/eu/webeid/example/security/WebEidAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java index 647698f7..1bec05fd 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java index b545422d..a5ea20d0 100644 --- a/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java +++ b/example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java b/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java index 9321c4c0..73a70a4e 100644 --- a/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java +++ b/example/src/main/java/eu/webeid/example/security/dto/AuthTokenDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/SigningService.java b/example/src/main/java/eu/webeid/example/service/SigningService.java index 507b4b39..ddb3bd2a 100644 --- a/example/src/main/java/eu/webeid/example/service/SigningService.java +++ b/example/src/main/java/eu/webeid/example/service/SigningService.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java b/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java index 6050c855..7704d015 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/CertificateDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java b/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java index dd95d423..4a6b9c93 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java b/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java index 4e56d36f..c567d708 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/DigestDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java b/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java index 3a65edc2..949b358a 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/FileDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java index bef5ba42..287682fb 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java index 68742fc4..68ffd3b8 100644 --- a/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java +++ b/example/src/main/java/eu/webeid/example/service/dto/SignatureDTO.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/IndexController.java b/example/src/main/java/eu/webeid/example/web/IndexController.java index e464a506..6da1b71a 100644 --- a/example/src/main/java/eu/webeid/example/web/IndexController.java +++ b/example/src/main/java/eu/webeid/example/web/IndexController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/WelcomeController.java b/example/src/main/java/eu/webeid/example/web/WelcomeController.java index 0db6fc73..bba34c23 100644 --- a/example/src/main/java/eu/webeid/example/web/WelcomeController.java +++ b/example/src/main/java/eu/webeid/example/web/WelcomeController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java b/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java index ecc3ee4c..df54366a 100644 --- a/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java +++ b/example/src/main/java/eu/webeid/example/web/rest/ChallengeController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/java/eu/webeid/example/web/rest/SigningController.java b/example/src/main/java/eu/webeid/example/web/rest/SigningController.java index 4f935beb..2a1c6529 100644 --- a/example/src/main/java/eu/webeid/example/web/rest/SigningController.java +++ b/example/src/main/java/eu/webeid/example/web/rest/SigningController.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/main/resources/static/js/errors.js b/example/src/main/resources/static/js/errors.js index 95220bb9..7f42d5ff 100644 --- a/example/src/main/resources/static/js/errors.js +++ b/example/src/main/resources/static/js/errors.js @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java b/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java index aa6f5dff..ec5345a5 100644 --- a/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java +++ b/example/src/test/java/eu/webeid/example/AuthenticationRestControllerTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/WebApplicationTest.java b/example/src/test/java/eu/webeid/example/WebApplicationTest.java index e28e8fa7..f7f5a3de 100644 --- a/example/src/test/java/eu/webeid/example/WebApplicationTest.java +++ b/example/src/test/java/eu/webeid/example/WebApplicationTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java b/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java index cb950730..828399b1 100644 --- a/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java +++ b/example/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java @@ -1,3 +1,25 @@ +/* + * Copyright (c) 2020-2025 Estonian Information System Authority + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + package eu.webeid.example.security; import jakarta.servlet.http.HttpServletRequest; diff --git a/example/src/test/java/eu/webeid/example/security/WebEidAuthenticationTest.java b/example/src/test/java/eu/webeid/example/security/WebEidAuthenticationTest.java index 630cf499..1da776b6 100644 --- a/example/src/test/java/eu/webeid/example/security/WebEidAuthenticationTest.java +++ b/example/src/test/java/eu/webeid/example/security/WebEidAuthenticationTest.java @@ -1,3 +1,25 @@ +/* + * Copyright (c) 2020-2025 Estonian Information System Authority + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + package eu.webeid.example.security; import eu.webeid.security.certificate.CertificateLoader; diff --git a/example/src/test/java/eu/webeid/example/testutil/Dates.java b/example/src/test/java/eu/webeid/example/testutil/Dates.java index c44118d4..3f5f76ae 100644 --- a/example/src/test/java/eu/webeid/example/testutil/Dates.java +++ b/example/src/test/java/eu/webeid/example/testutil/Dates.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java b/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java index fec26213..9c8b0dc9 100644 --- a/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java +++ b/example/src/test/java/eu/webeid/example/testutil/HttpHelper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java index f6103d5b..288b1368 100644 --- a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java +++ b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2024 Estonian Information System Authority + * Copyright (c) 2020-2025 Estonian Information System Authority * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal From f70c0ee2cd703dd913ea7858d6cf7905b9fa72cf Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 21 Mar 2025 15:38:26 +0200 Subject: [PATCH 49/57] Bump version to 3.1.1, update dependencies WE2-1072 Signed-off-by: Mart Somermaa --- example/docker-compose.yml | 2 +- example/pom.xml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/example/docker-compose.yml b/example/docker-compose.yml index 239d19a0..2303e15a 100644 --- a/example/docker-compose.yml +++ b/example/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: web-eid-springboot-example: - image: web-eid-springboot-example:3.1.0 + image: web-eid-springboot-example:3.1.1 restart: always environment: JAVA_TOOL_OPTIONS: '-Dspring.profiles.active=prod' diff --git a/example/pom.xml b/example/pom.xml index 10264a72..3d8f5f73 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -5,12 +5,12 @@ org.springframework.boot spring-boot-starter-parent - 3.3.4 + 3.4.4 eu.webeid.example web-eid-springboot-example - 3.1.0 + 3.1.1 web-eid-springboot-example Example Spring Boot application that demonstrates how to use Web eID for authentication and digital signing @@ -18,11 +18,11 @@ 17 - 3.2.5 - 3.1.0 - 5.3.1 + 3.5.2 + 3.1.1 + 6.0.0 1.44 - 3.4.2 + 3.4.5 From 996dbe14d14ae76349a23f57d842a3b8255ec487 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Tue, 6 May 2025 14:05:43 +0300 Subject: [PATCH 50/57] Update README.md WE2-932 Signed-off-by: Sven Mitt --- README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 1d470f2a..fa6b102a 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,8 @@ A Java web application that uses Maven or Gradle to manage packages is needed fo In the following example we are using the [Spring Framework](https://spring.io/), but the examples can be easily ported to other Java web application frameworks. -See the full example [here](https://github.com/web-eid/web-eid-spring-boot-example). +## Full example project using the validation library in spring-boot +[example/README.md](example/README.md) ## 1. Add the library to your project @@ -98,7 +99,7 @@ import eu.webeid.security.challenge.ChallengeNonceStore; ## 4. Add trusted certificate authority certificates -You must explicitly specify which **intermediate** certificate authorities (CAs) are trusted to issue the eID authentication and OCSP responder certificates. CA certificates can be loaded from either the truststore file, resources or any stream source. We use the [`CertificateLoader`](https://github.com/web-eid/web-eid-authtoken-validation-java/blob/main/src/main/java/eu/webeid/security/certificate/CertificateLoader.java) helper class to load CA certificates from resources here, but consider using [the truststore file](https://github.com/web-eid/web-eid-spring-boot-example/blob/main/src/main/java/eu/webeid/example/config/ValidationConfiguration.java#L104-L123) instead. +You must explicitly specify which **intermediate** certificate authorities (CAs) are trusted to issue the eID authentication and OCSP responder certificates. CA certificates can be loaded from either the truststore file, resources or any stream source. We use the [`CertificateLoader`](https://github.com/web-eid/web-eid-authtoken-validation-java/blob/main/src/main/java/eu/webeid/security/certificate/CertificateLoader.java) helper class to load CA certificates from resources here, but consider using [the truststore file](./blob/example/main/src/main/java/eu/webeid/example/config/ValidationConfiguration.java#L104-L123) instead. First, copy the trusted certificates, for example `ESTEID2018.cer`, to `resources/cacerts/`, then load the certificates as follows: @@ -171,11 +172,11 @@ Authentication consists of calling the `validate()` method of the authentication When using [Spring Security](https://spring.io/guides/topicals/spring-security-architecture) with standard cookie-based authentication, -- implement a custom authentication provider that uses the authentication token validator for authentication as shown [here](https://github.com/web-eid/web-eid-spring-boot-example/blob/main/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java), -- implement an AJAX authentication processing filter that extracts the authentication token and passes it to the authentication manager as shown [here](https://github.com/web-eid/web-eid-spring-boot-example/blob/main/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java), +- implement a custom authentication provider that uses the authentication token validator for authentication as shown [here](example/blob/main/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java), +- implement an AJAX authentication processing filter that extracts the authentication token and passes it to the authentication manager as shown [here](example/blob/main/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java), - configure the authentication provider and authentication processing filter in the application configuration as shown [here](https://github.com/web-eid/web-eid-spring-boot-example/blob/main/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java). -The gist of the validation is [in the `authenticate()` method](https://github.com/web-eid/web-eid-spring-boot-example/blob/main/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java#L74-L76) of the authentication provider: +The gist of the validation is [in the `authenticate()` method](example/blob/main/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java#L74-L76) of the authentication provider: ```java try { From 214e907c48325ed9fa1211ff2eafa797aaf7a73a Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Tue, 6 May 2025 14:06:44 +0300 Subject: [PATCH 51/57] Move example project workflow to parent, add build scripts and sonar WE2-932 Signed-off-by: Sven Mitt --- .../workflows/maven-build-example.yml | 17 +++++++++++++++-- .github/workflows/maven-build.yml | 10 +++++++++- .github/workflows/sonarcloud-analysis.yml | 10 +++++++++- 3 files changed, 33 insertions(+), 4 deletions(-) rename example/.github/workflows/maven-build.yml => .github/workflows/maven-build-example.yml (71%) diff --git a/example/.github/workflows/maven-build.yml b/.github/workflows/maven-build-example.yml similarity index 71% rename from example/.github/workflows/maven-build.yml rename to .github/workflows/maven-build-example.yml index 14becab9..3893cbd4 100644 --- a/example/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build-example.yml @@ -1,6 +1,18 @@ -name: Maven build +name: Maven build example -on: [ push, pull_request ] +on: + push: + paths: + - 'example/**' + - '.github/workflows/*example*' + pull_request: + paths: + - 'example/**' + - '.github/workflows/*example*' + +defaults: + run: + working-directory: ./example jobs: build: @@ -26,3 +38,4 @@ jobs: - name: Test and package run: mvn --batch-mode package + diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 7d17deac..7b13b8f2 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -1,6 +1,14 @@ name: Maven build -on: [ push, pull_request ] +on: + push: + paths-ignore: + - 'example/**' + - '.github/workflows/*example*' + pull_request: + paths-ignore: + - 'example/**' + - '.github/workflows/*example*' jobs: build: diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml index 2ed0c3a2..0755bccc 100644 --- a/.github/workflows/sonarcloud-analysis.yml +++ b/.github/workflows/sonarcloud-analysis.yml @@ -1,6 +1,14 @@ name: SonarCloud code analysis -on: [push, pull_request] +on: + push: + paths-ignore: + - 'example/**' + - '.github/workflows/*example*' + pull_request: + paths-ignore: + - 'example/**' + - '.github/workflows/*example*' jobs: analyze: From 5463ec3ed2d8ba5901f8838b26b7470baa2cf3c5 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Wed, 21 May 2025 10:29:51 +0300 Subject: [PATCH 52/57] Update links in readme WE2-932 Signed-off-by: Sven Mitt --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fa6b102a..dd94fe3e 100644 --- a/README.md +++ b/README.md @@ -138,7 +138,7 @@ import eu.webeid.security.validator.AuthTokenValidatorBuilder; A REST endpoint that issues challenge nonces is required for authentication. The endpoint must support `GET` requests. -In the following example, we are using the [Spring RESTful Web Services framework](https://spring.io/guides/gs/rest-service/) to implement the endpoint, see also the full implementation [here](https://github.com/web-eid/web-eid-spring-boot-example/blob/main/src/main/java/eu/webeid/example/web/rest/ChallengeController.java). +In the following example, we are using the [Spring RESTful Web Services framework](https://spring.io/guides/gs/rest-service/) to implement the endpoint, see also the full implementation [here](example/blob/main/src/main/java/eu/webeid/example/web/rest/ChallengeController.java). ```java import org.springframework.web.bind.annotation.GetMapping; @@ -174,7 +174,7 @@ When using [Spring Security](https://spring.io/guides/topicals/spring-security-a - implement a custom authentication provider that uses the authentication token validator for authentication as shown [here](example/blob/main/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java), - implement an AJAX authentication processing filter that extracts the authentication token and passes it to the authentication manager as shown [here](example/blob/main/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java), -- configure the authentication provider and authentication processing filter in the application configuration as shown [here](https://github.com/web-eid/web-eid-spring-boot-example/blob/main/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java). +- configure the authentication provider and authentication processing filter in the application configuration as shown [here](example/blob/main/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java). The gist of the validation is [in the `authenticate()` method](example/blob/main/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java#L74-L76) of the authentication provider: From 28581699a7ce9f959b9301a6fd5d327ad38c8b11 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Wed, 21 May 2025 10:32:05 +0300 Subject: [PATCH 53/57] Fix web-eid.eu page links to reference the new example repository location WE2-932 Signed-off-by: Sven Mitt --- example/src/main/resources/templates/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/example/src/main/resources/templates/index.html b/example/src/main/resources/templates/index.html index b13f2cb3..326a8da8 100644 --- a/example/src/main/resources/templates/index.html +++ b/example/src/main/resources/templates/index.html @@ -220,7 +220,7 @@

    For developers

    • in Java use the digidoc4j library in the back end of the web application according to the instructions - here, + here,
    • in .NET/C# use the libdigidocpp library in the back end of the web application according to the instructions @@ -232,7 +232,7 @@

      For developers

      The full source code of an example Spring Boot web application that uses Web eID for authentication and digital signing is available - here. + here. The .NET/C# version of the example is available here. The PHP version of the example is available From 90e2c5ce7625bbd0c5c38a17837b8817fa077f21 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Wed, 21 May 2025 17:28:06 +0300 Subject: [PATCH 54/57] Fix web-eid.eu page link for PHP example WE2-932 Signed-off-by: Sven Mitt --- example/src/main/resources/templates/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/src/main/resources/templates/index.html b/example/src/main/resources/templates/index.html index 326a8da8..051ab855 100644 --- a/example/src/main/resources/templates/index.html +++ b/example/src/main/resources/templates/index.html @@ -236,7 +236,7 @@

      For developers

      The .NET/C# version of the example is available here. The PHP version of the example is available - here. + here.

      From ceb083e1cc4a72f6d248586bde90f870245bd42d Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Mon, 26 May 2025 08:57:21 +0300 Subject: [PATCH 55/57] Add instructions to use latest build from authtoken-validation WE2-932 Signed-off-by: Sven Mitt --- example/pom.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/example/pom.xml b/example/pom.xml index 3d8f5f73..55bb5092 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -44,6 +44,15 @@ digidoc4j ${digidoc4j.version} + eu.webeid.security authtoken-validation From 5962d96f71b8571f1483bf848c01b3b8de02dfee Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Mon, 26 May 2025 11:15:23 +0300 Subject: [PATCH 56/57] Fix error CodeQL Action major versions v1 and v2 have been deprecated WE2-932 Signed-off-by: Sven Mitt --- .github/workflows/codeql-analysis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1f856f93..c27e2520 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -16,16 +16,16 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: java queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From 09540878cdbfda7832c99d4d53ab9fcedb82e9f9 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Mon, 26 May 2025 11:24:37 +0300 Subject: [PATCH 57/57] Upgrade all actions to latest WE2-932 Signed-off-by: Sven Mitt --- .github/workflows/coverity-analysis.yml | 8 ++++---- .github/workflows/maven-build.yml | 6 +++--- .github/workflows/maven-deploy.yml | 6 +++--- .github/workflows/sonarcloud-analysis.yml | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/coverity-analysis.yml b/.github/workflows/coverity-analysis.yml index 13008097..f8035d46 100644 --- a/.github/workflows/coverity-analysis.yml +++ b/.github/workflows/coverity-analysis.yml @@ -15,15 +15,15 @@ jobs: PROJECTNAME: 'web-eid/web-eid-authtoken-validation-java' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-java@v3 + - uses: actions/setup-java@v4 with: distribution: zulu java-version: 11 - name: Cache Maven packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-v8-${{ hashFiles('**/pom.xml') }} @@ -50,4 +50,4 @@ jobs: --form file=@upload.tgz \ --form version=master \ --form description="Github Actions CI build" \ - https://scan.coverity.com/builds?project=$PROJECTNAME \ No newline at end of file + https://scan.coverity.com/builds?project=$PROJECTNAME diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 7b13b8f2..6528af68 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -15,15 +15,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-java@v3 + - uses: actions/setup-java@v4 with: distribution: zulu java-version: 11 - name: Cache Maven packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-v8-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/maven-deploy.yml b/.github/workflows/maven-deploy.yml index b37492e8..29a316f5 100644 --- a/.github/workflows/maven-deploy.yml +++ b/.github/workflows/maven-deploy.yml @@ -9,15 +9,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-java@v3 + - uses: actions/setup-java@v4 with: distribution: zulu java-version: 11 - name: Cache Maven packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-v8-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml index 0755bccc..ea78e973 100644 --- a/.github/workflows/sonarcloud-analysis.yml +++ b/.github/workflows/sonarcloud-analysis.yml @@ -21,18 +21,18 @@ jobs: with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: zulu java-version: 17 - name: Cache SonarCloud packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Maven packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-v11-${{ hashFiles('**/pom.xml') }}