As of ID-software version 3.8, an additional multi-platform libdigidocpp library was added to the libraries designed for developers and integrators.
This library is to replace the libdigidoc C-library used since 2002 and the Windows COM library, the independent use support of which was discontinued in 2015. The Libdigidocpp library has been used in the ID-software since 2010, but to date, it could not be integrated with third-party applications and information systems.
Libdigidocpp library supports:
ASiC-E XAdES, i.e. BDOC 2.1 signature format, incl. a format with both a timestamp and time-mark
Support for creating and validating BDOC signatures with timestamps (BDOC-TS profile) added.
No timestamping service support has been configured by default.
A new variable “ts.url” was added to the digidocpp.conf file, which specifies the timestamping service used upon creating a signature.
Support for BDoc::ASIC_TS_PROFILE profile value for Container::sign(Signer *signer, const string &profile) method added when creating BDCO-TS signature via API.
Timestamp (TS) profile support for digidoc-tool utility program's “open” and “create” commands added. The TS profile can be specified with the “--profile=TS” variable.
The signature creation time of a BDOC-TS signature is the timestamp creation time (in the case of signatures with time-marks, the OCSP validity confirmation creation time is the signing time).
A check for difference between OCSP validity confirmation creation time and timestamp creation time added to the BDOC-TS signature validation process. If the OCSP validity confirmation time is earlier than the timestamp time, an exception is returned. If the OCSP validity confirmation time is more than 15 minutes later than the timestamp time, a warning is returned. If the difference is more than 24 hours, an exception is returned.
Support for using a TSL (Trusted Service List) as a trust anchor added when checking certificates' trustworthiness during signature creation and validation.
TSL usage configuration possibilities added to digidocpp.conf file. You can use “tsl.autoupdate”, “tsl.cache”, “tsl.cert” and “tsl.url” variables to change the default TSL settings.
The command “tsl” added to the digidoc-tool utility; the command displays TSL diagnostics and validates the TSL.
Possibility of disabling the TSL functionality in the library by setting CMake USE_TSL variable to “false” when building the library added.
The class XmlConfV2 added, which should be used instead of XmlConf class if there is a need to configure timestamp and TSL configuration parameters.
The possibility to add a OCSP confirmation to a signature if the signatory’s certificate is issued by “VRK CA for Qualified Certificates - G2” or “VRK Gov. CA for Citizen Qualified Certificates - G2” added.
Validation of BDOC documents improved. It is now checked that the data file mime-type value in manifest.xml file and the respective value in signatures*.xml file in element are the same.
“--mime=” variable added to digidoc-tool utility program's “create” command. The variable can be used together with the “--file=” variable to set the value of the data file’s mime-type. If the value is not set, the default value “application/octet-stream” is used.
BDOC document validation improved and a check for weak hash algorithm (SHA-1) use for ECDSA signatures added.
BDOC signatures*.xml file's XML structure validation improved. The file is now additionally checked for unsupported elements, such as CounterSignature, CompleteCertificateRefs, CompleteRevocationRefs, AttributeCertificateRefs, AttributeRevocationRefs, SigAndRefsTimeStamp, RefsOnlyTimeStamp, AttrAuthoritiesCertValues, AttributeRevocationValues, CommitmentTypeIndicationType, AllDataObjectsTimeStamp and IndividualDataObjectsTimeStampType.
Processing of special characters in URI attribute values according to RFC3986 improved. Special characters in URI are percent-encoded, except unreserved characters and delimiters. Both percent-encoded and non-percent-encoded characters are supported upon signature validation. It should be noted that files that include special characters in URI values and are created with a version 3.9 library may not be compatible with library version 3.8.
A problem that caused erroneous signatures if the data file's name contained a colon has been fixed.
The digidoc-tool utility program “extract” command's “--extractAll” parameter functionality has been fixed. If the variable is used in extraction but the catalogue is not specified, files are extracted in the working directory.
A digidoc-tool utility program error that caused the program to close unexpectedly when trying to create or sign a DDOC file has been fixed.
Libdigidoc wrapper changed to fix an error that occurred when parsing a DDOC document's data file name containing some specific special characters. Previously, the special characters were erroneously displayed in escaped form.
A problem in Libdigidoc wrapper when calculating a data file's size upon parsing a DDOC file has been fixed. Previously, a wrong data file size was occasionally returned.
XAdESv141.xsd schema support added for implementing BDOC archive timestamp profile in the future.
The libc++ library adopted instead of libstdc++ on OSX platform. Libc++ ensures full c++11 support.
All Libdigidocpp documentation is now available in HTML format (see /documentation/html/index.html in the base directory). The existing HTML-based API documentation was updated and the contents of “Libdigidocpp Programmer's Guide” PDF/Word document was transferred to HTML format. Previously used PDF/Word documents were removed.
The coverity.com static analysis tool was used to identify source code errors and vulnerabilities.
N/A
09.09.2015
3.8.0.1209
18.12.2013
The first release of the library as a separate package. The library’s API has been updated and is not compatible with version 3.7 if this library was only used by DigiDoc3 client software.
Known issues:
If a data file with a colon in its name is added to a BDOC container, the signature created will be erroneous.
N/A
13.08.2015
As of ID-software version 3.8, an additional multi-platform libdigidocpp library was added to the libraries designed for developers and integrators.
Aitäh tagasiside eest!
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
