DigiDoc C++ library - libdigidocpp (ver 126.96.36.1999)
From ID-software version 3.8 there is a new multiplatform libdigidocpp library available for the integrators and developers.
This library is intented to replace the libdigidoc C and Windows COM libraries distributed since 2003. Independent usage support for these libraries will end on 2015. Libdigidocpp library has been used in ID-software since 2010 but it was not meant to be used for integration with third-party applications and information systems.
Libdigidocpp library supports:
- ASiC-E XAdES - BDOC 2.1 signature format (BDOC with time-stamps and with time-marks)
- DDOC (wrapper used with libdigidoc library)
Libdigidocpp library documentation .HTML
|Version ||Released ||Release notes || Download |
|188.8.131.529 ||07.07.2016 ||Release notes ||Download |
|184.108.40.2062 ||03.05.2016 ||Release notes ||Download |
|220.127.116.117 ||29.02.2016 ||Release notes ||Download |
|18.104.22.1686 ||09.09.2015 ||Release notes ||Download |
|22.214.171.1246 ||13.08.2015 ||Release notes ||Download |
|126.96.36.1999 ||09.02.2015 ||Release notes ||Download |
|188.8.131.528 ||01.07.14 || |
- Added support for creating and validating BDOC signatures with time-stamps (BDOC-TS profile).
- By default, there is no time-stamping service support configured.
- Added new parameter "ts.url" to digidocpp.conf configuration file that specifies the time-stamping service used during signature creation.
- Added support for BDoc::ASIC_TS_PROFILE profile value for Container::sign(Signer *signer, const string &profile) method when creating BDCO-TS signature via API.
- Added time-stamp (TS) profile support for digidoc-tool utility program's "open" and "create" commands. TS profile can be set with "--profile=TS" parameter.
- The signature creation time of BDOC-TS signature is the time-stamp's creation time (in case of a signature with time-stamp, the OCSP validity confirmation's creation time is the signing time).
- Added validation check for difference between OCSP validity confirmation's production time and time-stamp's production time. An exception is thrown if the OCSP confirmation's time is earlier than time-stamp's time. If the OCSP confirmation's time is later than time-stamp's time by more than 15 minutes then a warning is returned. If the difference is more than 24 hours then exception is thrown.
- Added support for using TSL (Trusted Service List) list as trust anchor when checking certificates' trustworthiness during signature creation and validation.
- By default, European Commission TSL list is used (https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml) as source for finding country-specific TSL lists. Finnish, Estonian, Latvian and Lithuanian country-specific TSL lists are used by default.
- Added TSL usage configuration possibilities to digidocpp.conf file. Use "tsl.autoupdate", "tsl.cache", "tsl.cert" and "tsl.url" configuration parameters to change the default TSL settings.
- Added command "tsl" to digidoc-tool utility program, the command prints out TSL diagnostics and validates the list.
- Added possibility to disable all TSL functionality in the library by setting CMake USE_TSL parameter to "false" when building the library.
- Added class XmlConfV2 that should be used instead of XmlConf class if it is needed to configure time-stamp and TSL related configuration properties.
- Added support for adding OCSP confirmation to signature if the signer's certificate is issued by "VRK CA for Qualified Certificates - G2" or "VRK Gov. CA for Citizen Qualified Certificates - G2".
- Improved BDOC document's validation, it is now checked that the data file mime-type value in manifest.xml file and the respective value in signatures*.xml file in <DataObjectFormat><MimeType> element are the same.
- Added "--mime=" parameter to digidoc-tool utility program's "create" command. The parameter can be used along with "--file=" parameter to set the mime-type value of a data file. If not set then the default value "application/octet-stream" is used.
- Improved BDOC document's validation, added check for weak hash algorithm (SHA-1) usage in case of ECDSA signatures.
- Improved BDOC signatures*.xml file's XML structure validation. It is now additionally checked that unsupported elements CounterSignature, CompleteCertificateRefs, CompleteRevocationRefs, AttributeCertificateRefs, AttributeRevocationRefs, SigAndRefsTimeStamp, RefsOnlyTimeStamp, AttrAuthoritiesCertValues, AttributeRevocationValues, CommitmentTypeIndicationType, AllDataObjectsTimeStamp, IndividualDataObjectsTimeStampType would not exist in the file.
- Improved processing of special characters in URI attribute values according to RFC3986. Special characters in URI are percent-encoded, except of unreserved characters and delimiters. Both percent-encoded and non-percent-encoded characters are supported during signature's validation. Note that as a result, the files that contain special characters in URI values and have been created with v3.9 might not be compatible with v3.8 of the library.
- Fixed problem that caused erroneous signatures if the data file's name contained colon character.
- Fixed digidoc-tool utility program "extract" command's "--extractAll" parameter functionality. Now, if the parameter is present but there is no extraction directory specified then the files are extracted to the working directory.
- Fixed digidoc-tool utility program's error that caused the program to exit unexpectedly when trying to create or sign a DDOC file.
- Changed Libdigidoc wrapper to fix error which occurred when parsing DDOC document's data file name that contains some specific special characters. Previously, the special characters were erroneously displayed in escaped form.
- Fixed problem in Libdigidoc wrapper when calculating data file's size in the course of parsing a DDOC file. Previously, a wrong data file size was returned occasionally.
- Added XAdESv141.xsd schema support for implementing BDOC archive time-stamp profile in the future.
- Started using libc++ library instead of libstdc++ on OSX platform. The libc++ provides full c++11 support.
- All Libdigidocpp documentation is now available in HTML format (see /documentation/html/index.html in the base directory). Updated the existing HTML-based API documentation, transformed the contents of "Libdigidocpp Programmer's Guide" PDF/Word document to HTML format. Removed the previously used PDF/Word documents.
- Used coverity.com static analysis tool to find source code defects and vulnerabilities.
|184.108.40.2069 ||18.12.13 ||3.8 is first public release of libdigidocpp as library. API is changed and not compatible compared to 3.7.1 version when libdigidocpp was not yet public library but internal component used by Digidoc3 client. |
- If a data file with a colon character in its name is added to a BDOC container then the created signature will be erroneous. Thus, colon characters must not be used in data file names.