Merge pull request #18 from RegioneER/226725_old-cryptolibrary-1.17.0

release 1.17.0
RegioneER · Dec 13, 2024 · d1dbbbc · d1dbbbc
2 parents d3bed17 + 2def609
commit d1dbbbc
Show file tree

Hide file tree

Showing 8 changed files with 67 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,12 @@
 
+## 1.17.0 (10-12-2024)
+
+### Bugfix: 1
+- [#34779](https://parermine.regione.emilia-romagna.it/issues/34779) Correzione mancanta libreria "xalan serializer" 
+
+### Novità: 1
+- [#34785](https://parermine.regione.emilia-romagna.it/issues/34785) Aggiornamento messaggio di errore CATENA_TRUSTED
+
 ## 1.16.0 (14-11-2024)
 
 ### Novità: 1

diff --git a/CONTAINER-SCAN-REPORT.md b/CONTAINER-SCAN-REPORT.md
@@ -1,7 +1,7 @@
 ## Container scan evidence CVE
 <strong>Image name:</strong> registry.ente.regione.emr.it/parer/okd/crypto:sast
-<br/><strong>Run date:</strong> Thu Nov 14 12:11:03 CET 2024
-<br/><strong>Produced by:</strong> <a href="https://gitlab.ente.regione.emr.it/parer/okd/crypto/-/jobs/413330">Job</a>
+<br/><strong>Run date:</strong> Tue Dec 10 11:24:22 CET 2024
+<br/><strong>Produced by:</strong> <a href="https://gitlab.ente.regione.emr.it/parer/okd/crypto/-/jobs/439866">Job</a>
 <br/><strong>CVE founded:</strong> 0
 | CVE | Description | Severity | Solution | 
 |:---:|:---|:---:|:---|
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,4 +1,7 @@
-## 1.16.0 (14-11-2024)
+## 1.17.0 (10-12-2024)
+
+### Bugfix: 1
+- [#34779](https://parermine.regione.emilia-romagna.it/issues/34779) Correzione mancanta libreria "xalan serializer" 
 
 ### Novità: 1
-- [#34481](https://parermine.regione.emilia-romagna.it/issues/34481) Creazione endpoint per restituzione documento originale a partire formato p7m
+- [#34785](https://parermine.regione.emilia-romagna.it/issues/34785) Aggiornamento messaggio di errore CATENA_TRUSTED
diff --git a/pom.xml b/pom.xml
@@ -2,7 +2,7 @@
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>old-cryptolibrary</artifactId>
-    <version>1.16.1-SNAPSHOT</version>
+    <version>1.17.1-SNAPSHOT</version>
     <packaging>${packaging.type}</packaging>
     <name>Verifica Firma CRYPTO</name>
     <description>Progetto per effettuare firme e validazioni con librerie cryptolibrary (CRYPTO)</description>
@@ -41,7 +41,7 @@
         <logstash-logback-encoder.version>7.4</logstash-logback-encoder.version>
         <org-json.version>20240303</org-json.version>
         <!-- custom libs -->
-        <eng-cryptolibrary.version>1.13.0</eng-cryptolibrary.version>
+        <eng-cryptolibrary.version>1.14.0</eng-cryptolibrary.version>
         <verificafirma-crypto-beans.version>1.6.0</verificafirma-crypto-beans.version>
         <!-- -->
         <start-class>it.eng.parer.crypto.web.CryptoApplication</start-class>
@@ -125,6 +125,11 @@
                 <artifactId>xalan</artifactId>
                 <version>${xalan.version}</version>
             </dependency>
+			<dependency>
+				<groupId>xalan</groupId>
+				<artifactId>serializer</artifactId>
+				<version>${xalan.version}</version>
+			</dependency>            
             <dependency>
                 <groupId>it.eng.parer</groupId>
                 <artifactId>cryptolibrary</artifactId>
@@ -147,7 +152,7 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
-            <!-- Swagger UI -->
+			<!-- Swagger UI -->
            <dependency>
 				<groupId>org.springdoc</groupId>
 				<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
@@ -274,13 +279,19 @@
         <dependency>
             <groupId>xalan</groupId>
             <artifactId>xalan</artifactId>
+            <scope>runtime</scope>
             <exclusions>
                 <exclusion>
                     <groupId>xml-apis</groupId>
                     <artifactId>xml-apis</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
+		<dependency>
+			<groupId>xalan</groupId>
+			<artifactId>serializer</artifactId>
+			<scope>runtime</scope>
+		</dependency>  
         <dependency>
             <groupId>it.eng.parer</groupId>
             <artifactId>cryptolibrary</artifactId>
@@ -336,7 +347,6 @@
 		    <artifactId>json</artifactId>
 		    <version>${org-json.version}</version>
 		</dependency>
-
     </dependencies>
 
     <build>
@@ -359,14 +369,14 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                	<!-- JDK 21 -->
+					<!-- JDK 21 -->
 					<source>21</source>
 					<target>21</target>
 					<!-- disable release option --> 
                 	<release combine.self="override" />
-                	<!-- export legay module -->
-                    <!-- @see java.lang.IllegalAccessError: class es.mityc.firmaJava.libreria.utilidades.URIEncoder (in unnamed module @0x3b2c72c2) -->
-                    <!-- cannot access class sun.security.action.GetPropertyAction (in module java.base) because module java.base does not export sun.security.action to unnamed module @0x3b2c72c2 -->
+					<!-- export legay module -->
+					<!-- @see java.lang.IllegalAccessError: class es.mityc.firmaJava.libreria.utilidades.URIEncoder (in unnamed module @0x3b2c72c2) -->
+					<!-- cannot access class sun.security.action.GetPropertyAction (in module java.base) because module java.base does not export sun.security.action to unnamed module @0x3b2c72c2 -->
                  	<compilerArgs>
 						 <compilerArg>--add-exports</compilerArg>
 						 <compilerArg>java.base/sun.security.action=ALL-UNNAMED</compilerArg>
@@ -471,9 +481,9 @@
                             <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
                             <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
                         </manifest>
-                        <!-- export legacy module -->
-        				<!-- @see java.lang.IllegalAccessError: class es.mityc.firmaJava.libreria.utilidades.URIEncoder (in unnamed module @0x3b2c72c2) -->
-        				<!-- cannot access class sun.security.action.GetPropertyAction (in module java.base) because module java.base does not export sun.security.action to unnamed module @0x3b2c72c2 -->
+						<!-- export legacy module -->
+						<!-- @see java.lang.IllegalAccessError: class es.mityc.firmaJava.libreria.utilidades.URIEncoder (in unnamed module @0x3b2c72c2) -->
+						<!-- cannot access class sun.security.action.GetPropertyAction (in module java.base) because module java.base does not export sun.security.action to unnamed module @0x3b2c72c2 -->
                         <manifestEntries>
 							<Add-Exports>java.base/sun.security.action</Add-Exports>
 						</manifestEntries>

diff --git a/src/main/java/it/eng/parer/crypto/service/VerificaFirmaService.java b/src/main/java/it/eng/parer/crypto/service/VerificaFirmaService.java
@@ -46,6 +46,7 @@
 
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.mutable.MutableInt;
+import org.apache.commons.lang3.StringUtils;
 import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x500.style.BCStyle;
@@ -979,9 +980,9 @@ protected CryptoAroFirmaComp buildFirma(ISignature s, int pgBusta,
             } else {
                 esitoVerifiche = false;
                 controlliCatenaTrusted.setTiEsitoContrFirma(VerificheEnums.EsitoControllo.NEGATIVO.name());
-                controlliCatenaTrusted.setDsMsgEsitoContrFirma(VerificheEnums.EsitoControllo.NEGATIVO.message() + ": "
+                controlliCatenaTrusted.setDsMsgEsitoContrFirma(StringUtils.trim(VerificheEnums.EsitoControllo.NEGATIVO.message() + ": "
                         + unqualifiedSignature.getErrorsString() + " " + certificateAssociationInfo.getErrorsString()
-                        + " " + unqualifiedSignature.getWarningsString() + " ");
+                        + " " + unqualifiedSignature.getWarningsString() + " "));
             }
         }
 

diff --git a/src/main/java/it/eng/parer/crypto/service/job/CAUpdateJob.java b/src/main/java/it/eng/parer/crypto/service/job/CAUpdateJob.java
@@ -83,12 +83,12 @@ public void doJob() {
     private void loadingCa() {
         try {
             // TASK UPDATE CERTIFICATI CA e CRL - Scarico tutti i
-            // certificati dal CNIPA, le CRL e creo le configurazioni nel DB.
+            // certificati dal eIDAS, le CRL e creo le configurazioni nel DB.
             // Siccome non utilizzo mai la chiave ottengo solamente i valori.
             Collection<X509Certificate> qualifiedCertificate = signerUtil.getQualifiedPrincipalsAndX509Certificates()
                     .values();
             final int size = qualifiedCertificate.size();
-            log.atInfo().log("Trovati {} certificati dal CNIPA", size);
+            log.atInfo().log("Trovati {} certificati da eIDAS", size);
             // Utilizzo l'iteratore e rimovo l'elemento per rendere eleggibile al GC il record già processato
             Iterator<X509Certificate> iterator = qualifiedCertificate.iterator();
             int caProcessate = 0;
@@ -99,7 +99,7 @@ private void loadingCa() {
             }
 
         } catch (CryptoSignerException e) {
-            log.atError().log("Errore nello scarico dei certificati CA dal CNIPA", e);
+            log.atError().log("Errore nello scarico dei certificati CA da eIDAS", e);
         }
     }
 

diff --git a/src/main/java/it/eng/parer/crypto/service/model/CryptoP7mUnsigned.java b/src/main/java/it/eng/parer/crypto/service/model/CryptoP7mUnsigned.java
@@ -1,3 +1,20 @@
+/*
+ * Engineering Ingegneria Informatica S.p.A.
+ *
+ * Copyright (C) 2023 Regione Emilia-Romagna
+ * <p/>
+ * This program is free software: you can redistribute it and/or modify it under the terms of
+ * the GNU Affero General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ * <p/>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Affero General Public License for more details.
+ * <p/>
+ * You should have received a copy of the GNU Affero General Public License along with this program.
+ * If not, see <https://www.gnu.org/licenses/>.
+ */
+
 package it.eng.parer.crypto.service.model;
 
 import java.io.InputStream;

diff --git a/src/main/openshift/verifica-firma-crypto-template.yml b/src/main/openshift/verifica-firma-crypto-template.yml
@@ -182,8 +182,8 @@ objects:
       name: verificafirma-crypto
       weight: 100
     wildcardPolicy: None
-- apiVersion: v1
-  kind: DeploymentConfig
+- apiVersion: apps/v1
+  kind: Deployment
   metadata:
     labels:
       app: verificafirma-crypto
@@ -195,7 +195,8 @@ objects:
     replicas: 1
     revisionHistoryLimit: 2
     selector:
-      app: verificafirma-crypto
+      matchLabels:
+        app: verificafirma-crypto
     strategy:
       activeDeadlineSeconds: 21600
       resources: {}
@@ -209,7 +210,7 @@ objects:
         maxUnavailable: 25%
         timeoutSeconds: 3600
         updatePeriodSeconds: 1
-      type: Rolling    
+      type: RollingUpdate    
     template:
       metadata:
         labels:
@@ -322,6 +323,9 @@ objects:
         schedulerName: default-scheduler
         securityContext: {}
         terminationGracePeriodSeconds: 50
+        securityContext:
+          runAsUser: 1000660000
+          fsGroup: 1000660000        
         volumes:
         - configMap:
             defaultMode: 420