From aec35f9ed73a6e8bcb450bc419ffd03126187989 Mon Sep 17 00:00:00 2001 From: parerworker Date: Fri, 13 Dec 2024 11:50:34 +0100 Subject: [PATCH 1/4] Update project to latest tag old-cryptolibrary-1.17.0 --- CHANGELOG.md | 8 +++++ CONTAINER-SCAN-REPORT.md | 4 +-- RELEASE-NOTES.md | 7 ++-- pom.xml | 32 ++++++++++++------- .../crypto/service/VerificaFirmaService.java | 5 +-- .../parer/crypto/service/job/CAUpdateJob.java | 6 ++-- .../service/model/CryptoP7mUnsigned.java | 17 ++++++++++ .../verifica-firma-crypto-template.yml | 12 ++++--- 8 files changed, 67 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 16870d8..fb202a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,12 @@ +## 1.17.0 (10-12-2024) + +### Bugfix: 1 +- [#34779](https://parermine.regione.emilia-romagna.it/issues/34779) Correzione mancanta libreria "xalan serializer" + +### Novità: 1 +- [#34785](https://parermine.regione.emilia-romagna.it/issues/34785) Aggiornamento messaggio di errore CATENA_TRUSTED + ## 1.16.0 (14-11-2024) ### Novità: 1 diff --git a/CONTAINER-SCAN-REPORT.md b/CONTAINER-SCAN-REPORT.md index 4042c49..6ac6890 100644 --- a/CONTAINER-SCAN-REPORT.md +++ b/CONTAINER-SCAN-REPORT.md @@ -1,7 +1,7 @@ ## Container scan evidence CVE Image name: registry.ente.regione.emr.it/parer/okd/crypto:sast -
Run date: Thu Nov 14 12:11:03 CET 2024 -
Produced by: Job +
Run date: Tue Dec 10 11:24:22 CET 2024 +
Produced by: Job
CVE founded: 0 | CVE | Description | Severity | Solution | |:---:|:---|:---:|:---| diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index fb81f14..155b75b 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,4 +1,7 @@ -## 1.16.0 (14-11-2024) +## 1.17.0 (10-12-2024) + +### Bugfix: 1 +- [#34779](https://parermine.regione.emilia-romagna.it/issues/34779) Correzione mancanta libreria "xalan serializer" ### Novità: 1 -- [#34481](https://parermine.regione.emilia-romagna.it/issues/34481) Creazione endpoint per restituzione documento originale a partire formato p7m +- [#34785](https://parermine.regione.emilia-romagna.it/issues/34785) Aggiornamento messaggio di errore CATENA_TRUSTED diff --git a/pom.xml b/pom.xml index 94814bb..45be79f 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 old-cryptolibrary - 1.16.1-SNAPSHOT + 1.17.0 ${packaging.type} Verifica Firma CRYPTO Progetto per effettuare firme e validazioni con librerie cryptolibrary (CRYPTO) @@ -41,7 +41,7 @@ 7.4 20240303 - 1.13.0 + 1.14.0 1.6.0 it.eng.parer.crypto.web.CryptoApplication @@ -125,6 +125,11 @@ xalan ${xalan.version} + + xalan + serializer + ${xalan.version} + it.eng.parer cryptolibrary @@ -147,7 +152,7 @@ pom import - + org.springdoc springdoc-openapi-starter-webmvc-ui @@ -274,6 +279,7 @@ xalan xalan + runtime xml-apis @@ -281,6 +287,11 @@ + + xalan + serializer + runtime + it.eng.parer cryptolibrary @@ -336,7 +347,6 @@ json ${org-json.version} - @@ -359,14 +369,14 @@ org.apache.maven.plugins maven-compiler-plugin - + 21 21 - - - + + + --add-exports java.base/sun.security.action=ALL-UNNAMED @@ -471,9 +481,9 @@ true true - - - + + + java.base/sun.security.action diff --git a/src/main/java/it/eng/parer/crypto/service/VerificaFirmaService.java b/src/main/java/it/eng/parer/crypto/service/VerificaFirmaService.java index 16f8717..1669fdc 100644 --- a/src/main/java/it/eng/parer/crypto/service/VerificaFirmaService.java +++ b/src/main/java/it/eng/parer/crypto/service/VerificaFirmaService.java @@ -46,6 +46,7 @@ import org.apache.commons.io.FileUtils; import org.apache.commons.lang.mutable.MutableInt; +import org.apache.commons.lang3.StringUtils; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x500.style.BCStyle; @@ -979,9 +980,9 @@ protected CryptoAroFirmaComp buildFirma(ISignature s, int pgBusta, } else { esitoVerifiche = false; controlliCatenaTrusted.setTiEsitoContrFirma(VerificheEnums.EsitoControllo.NEGATIVO.name()); - controlliCatenaTrusted.setDsMsgEsitoContrFirma(VerificheEnums.EsitoControllo.NEGATIVO.message() + ": " + controlliCatenaTrusted.setDsMsgEsitoContrFirma(StringUtils.trim(VerificheEnums.EsitoControllo.NEGATIVO.message() + ": " + unqualifiedSignature.getErrorsString() + " " + certificateAssociationInfo.getErrorsString() - + " " + unqualifiedSignature.getWarningsString() + " "); + + " " + unqualifiedSignature.getWarningsString() + " ")); } } diff --git a/src/main/java/it/eng/parer/crypto/service/job/CAUpdateJob.java b/src/main/java/it/eng/parer/crypto/service/job/CAUpdateJob.java index 6a875db..032d8d2 100644 --- a/src/main/java/it/eng/parer/crypto/service/job/CAUpdateJob.java +++ b/src/main/java/it/eng/parer/crypto/service/job/CAUpdateJob.java @@ -83,12 +83,12 @@ public void doJob() { private void loadingCa() { try { // TASK UPDATE CERTIFICATI CA e CRL - Scarico tutti i - // certificati dal CNIPA, le CRL e creo le configurazioni nel DB. + // certificati dal eIDAS, le CRL e creo le configurazioni nel DB. // Siccome non utilizzo mai la chiave ottengo solamente i valori. Collection qualifiedCertificate = signerUtil.getQualifiedPrincipalsAndX509Certificates() .values(); final int size = qualifiedCertificate.size(); - log.atInfo().log("Trovati {} certificati dal CNIPA", size); + log.atInfo().log("Trovati {} certificati da eIDAS", size); // Utilizzo l'iteratore e rimovo l'elemento per rendere eleggibile al GC il record già processato Iterator iterator = qualifiedCertificate.iterator(); int caProcessate = 0; @@ -99,7 +99,7 @@ private void loadingCa() { } } catch (CryptoSignerException e) { - log.atError().log("Errore nello scarico dei certificati CA dal CNIPA", e); + log.atError().log("Errore nello scarico dei certificati CA da eIDAS", e); } } diff --git a/src/main/java/it/eng/parer/crypto/service/model/CryptoP7mUnsigned.java b/src/main/java/it/eng/parer/crypto/service/model/CryptoP7mUnsigned.java index 8eac928..e5b197c 100644 --- a/src/main/java/it/eng/parer/crypto/service/model/CryptoP7mUnsigned.java +++ b/src/main/java/it/eng/parer/crypto/service/model/CryptoP7mUnsigned.java @@ -1,3 +1,20 @@ +/* + * Engineering Ingegneria Informatica S.p.A. + * + * Copyright (C) 2023 Regione Emilia-Romagna + *

+ * This program is free software: you can redistribute it and/or modify it under the terms of + * the GNU Affero General Public License as published by the Free Software Foundation, + * either version 3 of the License, or (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; + * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Affero General Public License for more details. + *

+ * You should have received a copy of the GNU Affero General Public License along with this program. + * If not, see . + */ + package it.eng.parer.crypto.service.model; import java.io.InputStream; diff --git a/src/main/openshift/verifica-firma-crypto-template.yml b/src/main/openshift/verifica-firma-crypto-template.yml index 9ea526c..507627e 100644 --- a/src/main/openshift/verifica-firma-crypto-template.yml +++ b/src/main/openshift/verifica-firma-crypto-template.yml @@ -182,8 +182,8 @@ objects: name: verificafirma-crypto weight: 100 wildcardPolicy: None -- apiVersion: v1 - kind: DeploymentConfig +- apiVersion: apps/v1 + kind: Deployment metadata: labels: app: verificafirma-crypto @@ -195,7 +195,8 @@ objects: replicas: 1 revisionHistoryLimit: 2 selector: - app: verificafirma-crypto + matchLabels: + app: verificafirma-crypto strategy: activeDeadlineSeconds: 21600 resources: {} @@ -209,7 +210,7 @@ objects: maxUnavailable: 25% timeoutSeconds: 3600 updatePeriodSeconds: 1 - type: Rolling + type: RollingUpdate template: metadata: labels: @@ -322,6 +323,9 @@ objects: schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 50 + securityContext: + runAsUser: 1000660000 + fsGroup: 1000660000 volumes: - configMap: defaultMode: 420 From f36a4cea4f46008ba5d12c0be19751b522457d4e Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 13 Dec 2024 15:03:07 +0000 Subject: [PATCH 2/4] Update SNAPSHOT version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 45be79f..56dd8a1 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 old-cryptolibrary - 1.17.0 + 1.17.0-SNAPSHOT ${packaging.type} Verifica Firma CRYPTO Progetto per effettuare firme e validazioni con librerie cryptolibrary (CRYPTO) From a273cc43bcbe841e9d955308ba88253425829077 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 13 Dec 2024 15:03:28 +0000 Subject: [PATCH 3/4] [maven-release-plugin] prepare release old-cryptolibrary-1.17.0 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 56dd8a1..c25789d 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 old-cryptolibrary - 1.17.0-SNAPSHOT + 1.17.0 ${packaging.type} Verifica Firma CRYPTO Progetto per effettuare firme e validazioni con librerie cryptolibrary (CRYPTO) @@ -49,7 +49,7 @@ scm:git:https://github.com/RegioneER/parer-verifica-firma-crypto.git - HEAD + old-cryptolibrary-1.17.0 From 2def609ce1c3c23df4cf37517f0d482adfee1d65 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 13 Dec 2024 15:03:30 +0000 Subject: [PATCH 4/4] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index c25789d..b656b1f 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 old-cryptolibrary - 1.17.0 + 1.17.1-SNAPSHOT ${packaging.type} Verifica Firma CRYPTO Progetto per effettuare firme e validazioni con librerie cryptolibrary (CRYPTO) @@ -49,7 +49,7 @@ scm:git:https://github.com/RegioneER/parer-verifica-firma-crypto.git - old-cryptolibrary-1.17.0 + HEAD