diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8500cff..66081a0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,14 @@
+## 1.22.1 (24-06-2024)
+
+### Bugfix: 1
+- [#32811](https://parermine.regione.emilia-romagna.it/issues/32811) Correzione gestione "log level error" nei casi di errori "non previsti" da "gestiti in verifica firma digitale"
+
+## 1.22.0 (12-06-2024)
+
+### Novità: 1
+- [#32708](https://parermine.regione.emilia-romagna.it/issues/32708) Disattivazione PDF/PADES validation security checks (DSS)
+
## 1.21.0 (10-06-2024)
### Novità: 1
diff --git a/CONTAINER-SCAN-REPORT.md b/CONTAINER-SCAN-REPORT.md
index be87776..3926ec3 100644
--- a/CONTAINER-SCAN-REPORT.md
+++ b/CONTAINER-SCAN-REPORT.md
@@ -1,15 +1,15 @@
## Container scan evidence CVE
Image name: registry.ente.regione.emr.it/parer/okd/verifica-firma-eidas:sast
-
Run date: Mon Jun 10 17:26:01 CEST 2024
-
Produced by: Job
+
Run date: Mon Jun 24 11:42:47 CEST 2024
+
Produced by: Job
CVE founded: 8
| CVE | Description | Severity | Solution |
|:---:|:---|:---:|:---|
| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc to 2.28-251.el8_10.1|
-| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3339)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc to 2.28-251.el8_10.2|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3344)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc to 2.28-251.el8_10.2|
| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc-common to 2.28-251.el8_10.1|
-| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3339)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc-common to 2.28-251.el8_10.2|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3344)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc-common to 2.28-251.el8_10.2|
| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc-minimal-langpack to 2.28-251.el8_10.1|
-| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3339)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc-minimal-langpack to 2.28-251.el8_10.2|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3344)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc-minimal-langpack to 2.28-251.el8_10.2|
| [CVE-2023-6597](http://www.openwall.com/lists/oss-security/2024/03/20/5)|An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.|High|Upgrade platform-python to 3.6.8-62.el8_10|
| [CVE-2023-6597](http://www.openwall.com/lists/oss-security/2024/03/20/5)|An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.|High|Upgrade python3-libs to 3.6.8-62.el8_10|
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 6690ff9..f02bf7a 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,4 +1,4 @@
-## 1.21.0 (10-06-2024)
+## 1.22.1 (24-06-2024)
-### Novità: 1
-- [#32690](https://parermine.regione.emilia-romagna.it/issues/32690) Introduzione di logica centralizzata per invocazione revocation URL via "single client instance" (DSS)
+### Bugfix: 1
+- [#32811](https://parermine.regione.emilia-romagna.it/issues/32811) Correzione gestione "log level error" nei casi di errori "non previsti" da "gestiti in verifica firma digitale"
diff --git a/docker_build/certs/rer_ca.crt b/docker_build/certs/rer_ca.crt
deleted file mode 100644
index f7a6d76..0000000
--- a/docker_build/certs/rer_ca.crt
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFjTCCBHWgAwIBAgIKcbpkygAAAAAABTANBgkqhkiG9w0BAQUFADCBgTESMBAG
-CgmSJomT8ixkARkWAklUMRMwEQYKCZImiZPyLGQBGRYDRU1SMRcwFQYKCZImiZPy
-LGQBGRYHUkVHSU9ORTEUMBIGCgmSJomT8ixkARkWBEVOVEUxJzAlBgNVBAMTHlJl
-Z2lvbmUgRW1pbGlhLVJvbWFnbmEgUk9PVCBDQTAeFw0xNTAyMDUwOTIxNDJaFw0y
-NTAyMDUwOTMxNDJaMHwxEjAQBgoJkiaJk/IsZAEZFgJpdDETMBEGCgmSJomT8ixk
-ARkWA2VtcjEXMBUGCgmSJomT8ixkARkWB3JlZ2lvbmUxFDASBgoJkiaJk/IsZAEZ
-FgRlbnRlMSIwIAYDVQQDExlSZWdpb25lIEVtaWxpYS1Sb21hZ25hIENBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQdFPINsDDNr55JNSy8tCIOMBUOfdnzyEA
-0RD7ydR/ihcehIaV1JCyiRw2g49HIk+06hcU4sXW6O5sztWUcZnSGHutnCxlMoOV
-JjCtY0YL++1IZT7ov0q9HLafcFmTFLNVUtBGmXDFQD2ygzd/xTLvhEKSj+AJ7gQf
-hgL1yPMagQIDAQABo4ICjTCCAokwEAYJKwYBBAGCNxUBBAMCAQEwIwYJKwYBBAGC
-NxUCBBYEFJNy7NS5rDkZHjFOhRkJw4Cx9akuMB0GA1UdDgQWBBQonMbqQS1rvym7
-yXzQ8Ngt0ScB2zAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC
-AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSBKCoY+RIG79+a5asQGWAJ
-8yu1AjCB7wYDVR0fBIHnMIHkMIHhoIHeoIHbhoHYbGRhcDovLy9DTj1SZWdpb25l
-JTIwRW1pbGlhLVJvbWFnbmElMjBST09UJTIwQ0EsQ049Q0FST09ULENOPUNEUCxD
-Tj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1
-cmF0aW9uLERDPUVOVEUsREM9UkVHSU9ORSxEQz1FTVIsREM9SVQ/Y2VydGlmaWNh
-dGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlv
-blBvaW50MIHkBggrBgEFBQcBAQSB1zCB1DCB0QYIKwYBBQUHMAKGgcRsZGFwOi8v
-L0NOPVJlZ2lvbmUlMjBFbWlsaWEtUm9tYWduYSUyMFJPT1QlMjBDQSxDTj1BSUEs
-Q049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmln
-dXJhdGlvbixEQz1FTlRFLERDPVJFR0lPTkUsREM9RU1SLERDPUlUP2NBQ2VydGlm
-aWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0G
-CSqGSIb3DQEBBQUAA4IBAQCGqa+fPZUFeaDKLHBe/An/3U0v7nAfF6pbg9N0PpoN
-L1DwDFw+FoZADZx/NCjc0Lb6uu7SGMe0qgKOwqvMDqxSs5NMC15U6lWocQi3okgV
-5p+aWV727sqiYmra40eu8oHLVmWlszUKyf/P0iTjNgvHORVcve9clIfHrfdhfsnL
-DlT7+YMkZC0PRFN6Owh61bUfxRROpudBxYbmc51txbqUs/hPjP3Phek+KP3pBhW5
-o+Z4mh7eF1mHsvfgtYXb3vvXRRJi9vdpSR14brMEuwAaOO7N7u6559fWJsV5v6Ad
-FqP7cS4KfxSh3Ce33uEjg83HAM0xq1WCYTcRYMrmUTm9
------END CERTIFICATE-----
diff --git a/docker_build/certs/rer_ca01.crt b/docker_build/certs/rer_ca01.crt
deleted file mode 100644
index de8639a..0000000
--- a/docker_build/certs/rer_ca01.crt
+++ /dev/null
@@ -1,41 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHSjCCBTKgAwIBAgITIAAAAAQjnDHJc/zNMgAAAAAABDANBgkqhkiG9w0BAQsF
-ADArMSkwJwYDVQQDEyBSZWdpb25lIEVtaWxpYS1Sb21hZ25hIFJPT1QgQ0EwMTAe
-Fw0xNzA1MDgxNTIxMjdaFw0yNzA1MDgxNTMxMjdaMH4xEjAQBgoJkiaJk/IsZAEZ
-FgJpdDETMBEGCgmSJomT8ixkARkWA2VtcjEXMBUGCgmSJomT8ixkARkWB3JlZ2lv
-bmUxFDASBgoJkiaJk/IsZAEZFgRlbnRlMSQwIgYDVQQDExtSZWdpb25lIEVtaWxp
-YS1Sb21hZ25hIENBMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo
-eIjHFymX4IXGLtSCnIYfRFV3ok0q+oq/nLi7R9QngOOsqXiWTLX83N73uha3szzE
-k9ytn1W7+wab4zOP3DKD2Bx5DvMP+voK8QljahWpnOOgLPzD0bi0030cgJKGHtkZ
-I/2fF25cuZ09hT4UZHb4RAjtgrpHGmhOIz+UIyP7Z+6aXiKDheSnS/YLxLu3c6GG
-nBxCdJdTaXtw1jLDKmPHtgQ6ekeUhW2CDSEFB2zf6IlRSzy7o3DTXsEllMSIKhXj
-X1I1NmwlHg9sqkZC9rDvmavEW007DSWSD0+XPOBx+SzWceKglrwe9jb17ZX8cTKW
-w0Zrv8VenGvDwzEioOKFAgMBAAGjggMSMIIDDjAQBgkrBgEEAYI3FQEEAwIBATAj
-BgkrBgEEAYI3FQIEFgQUTo2NUoDIXySFh91x8pshEISFbcUwHQYDVR0OBBYEFIpr
-Wqcndg9DultgkfHAMgmtfshzMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsG
-A1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFF3O4loUC2Lg
-OBPDJAvjU2YUyjbbMIIBLQYDVR0fBIIBJDCCASAwggEcoIIBGKCCARSGgdxsZGFw
-Oi8vL0NOPVJlZ2lvbmUlMjBFbWlsaWEtUm9tYWduYSUyMFJPT1QlMjBDQTAxLENO
-PXZtNDU5c3J2LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1T
-ZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPUVOVEUsREM9UkVHSU9ORSxEQz1F
-TVIsREM9SVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENs
-YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hjNodHRwOi8vY2VydGF1dGguZW50ZS5y
-ZWdpb25lLmVtci5pdC9SRVJSb290Q0EwMS5jcmwwggEpBggrBgEFBQcBAQSCARsw
-ggEXMIHTBggrBgEFBQcwAoaBxmxkYXA6Ly8vQ049UmVnaW9uZSUyMEVtaWxpYS1S
-b21hZ25hJTIwUk9PVCUyMENBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNl
-cnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9RU5URSxEQz1S
-RUdJT05FLERDPUVNUixEQz1JVD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xh
-c3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA/BggrBgEFBQcwAoYzaHR0cDovL2Nl
-cnRhdXRoLmVudGUucmVnaW9uZS5lbXIuaXQvUkVSUm9vdENBMDEuY2VyMA0GCSqG
-SIb3DQEBCwUAA4ICAQC6Q9Q8iQpRAOZuoMkRkNXnxwvlB3i0QJXPxOUwate5vFPM
-uWlLXepINKBj2sF70hSbnCvXbPAyNBfG/8TMrNHC8WmeUZtNKE0I0p8lQBQMu6x7
-aFLFLoqzkLC++6DgwBxlFSB8/5Q03C09gEJSLJmRB7zRAmFD3GjxMcPEL+SILsfK
-BRV/RtnGONRlFp/f7p6a9+A7U5srJwhJ6oWKI3KdzDvi8HtEo/6Plm1dfQSSkM5z
-Z5b63ODjARmwvGwLgDJp3jrWkd9ctDQNJFXNuGWxxiyXkvT+06W6li+NRAucgMec
-AiNziw5DGS0Bakow2ZC1Rw8PwIvlXSgx5zjzHlRGOWGyFtG59zaCOzvAp1a0vIhW
-gvQH6LgeD0w2A5sn1POlnMibEezVuL+kLViU5bmC54L2+hzO6YSr+R5Sv52iw5bZ
-Csbfn7c/2yj+Nw7i+vfEMWQ064RJR5PFGL/pZ8dmbql19mDnGu6HRgLy76TtzO5R
-drTotwwsXnFQ6e8frz3FSVhWhwjMyVy/VtQNoFlSpyqIr8sa4ahcwPiGLreMxZon
-UofmfknG15Y9CwJSsZvIPg0XPkDKPoJO2pENLIqm7bUCK6iWbWTl3CoChk40aj5U
-NzLgLcXeJe9zqiKmPHFKVvVyp1p+I/XT06A50htVk31ylGBCVmYLpjbz5PB2eA==
------END CERTIFICATE-----
diff --git a/docker_build/certs/rer_rootca.crt b/docker_build/certs/rer_rootca.crt
deleted file mode 100644
index 6eb8710..0000000
--- a/docker_build/certs/rer_rootca.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3zCCAsegAwIBAgIQbH6Su1Vgr7pJAFxdtREKnjANBgkqhkiG9w0BAQUFADCB
-gTESMBAGCgmSJomT8ixkARkWAklUMRMwEQYKCZImiZPyLGQBGRYDRU1SMRcwFQYK
-CZImiZPyLGQBGRYHUkVHSU9ORTEUMBIGCgmSJomT8ixkARkWBEVOVEUxJzAlBgNV
-BAMTHlJlZ2lvbmUgRW1pbGlhLVJvbWFnbmEgUk9PVCBDQTAeFw0wNjAxMjAxMDQ3
-MjhaFw0yNjAxMjAxMDU2MDFaMIGBMRIwEAYKCZImiZPyLGQBGRYCSVQxEzARBgoJ
-kiaJk/IsZAEZFgNFTVIxFzAVBgoJkiaJk/IsZAEZFgdSRUdJT05FMRQwEgYKCZIm
-iZPyLGQBGRYERU5URTEnMCUGA1UEAxMeUmVnaW9uZSBFbWlsaWEtUm9tYWduYSBS
-T09UIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiRjGV2siCpH
-SVLc3+/fZAs/ke7Zqn8Pwwx+NeoQwySXmotCOk5DXvh5HOMhZ10xZYH57Iij/jgP
-kN7E0IeBv0VvPxF6inpIBl7EINWzHu10F1vkxnz3W0Qd74pUOmdiWA98/ZFS4Nc0
-cTQZLpMFzzo5KIgVhkxXS9pbgj1TjWt1/BSRRNHwv4j8jxgxz7tPnaAWarlV96Fx
-7X9xirrCIiSX/ZhI1OPblaaldXqybevexeQ7G9BGLH6dVk0H1fBMjZGT3mj04Nqe
-29HUoAESKEepROSpqMiPC/d6aP726KFAf5Z8QkEJzmYJuiTrdwOyfghscd1qYDIq
-FkI3yMrpgwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAd
-BgNVHQ4EFgQUgSgqGPkSBu/fmuWrEBlgCfMrtQIwEAYJKwYBBAGCNxUBBAMCAQAw
-DQYJKoZIhvcNAQEFBQADggEBAHVqSoKEYHirW3+purLYKTC/lrGw0eJ4wMsVtaWd
-yCeNhu2e3EgsEMVcCSIP5mK65xhFkS3zIaZX5XqnjyINgzjs51l9CX29xQoR7MTK
-bzLm/fqwweJHM/s9ZLqRoffHuKsZyGe/f832ogGNsfpmYDBr6GjBHQfiCxTjd+WR
-Xbj/lQ1dG/qV3+m8MqAWm+apetrLicTwCtO1m+2xETE4hxm8KtqcVFrsHlJo5U1O
-DG6F8yXDUgtIuauIo0neXtbwEUGNTRH9d6Ki0rNpWgdgGDPJn3dBJy+6lSckZv7C
-+q5JAsr90RxhOLzzBfaUXh0zmsqVmWGVRs3xs4NmqyVEqGA=
------END CERTIFICATE-----
diff --git a/docker_build/certs/rer_rootcat01.crt b/docker_build/certs/rer_rootcat01.crt
deleted file mode 100644
index 06ac05a..0000000
--- a/docker_build/certs/rer_rootcat01.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFyjCCA7KgAwIBAgIQbYmupMHd/rRI3jvXBQnGaDANBgkqhkiG9w0BAQsFADAr
-MSkwJwYDVQQDEyBSZWdpb25lIEVtaWxpYS1Sb21hZ25hIFJPT1QgQ0EwMTAeFw0x
-NzA1MDMxMDMxMzhaFw00MjA1MDMxMDQxMzdaMCsxKTAnBgNVBAMTIFJlZ2lvbmUg
-RW1pbGlhLVJvbWFnbmEgUk9PVCBDQTAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
-MIICCgKCAgEAvk9am77weaKgg42NzOhgz50ghK50msb4cZzRjZD1mLIkeGn/tb2K
-14ouYZoVhLIdOC3omCU5mLzTURsYV15N2AiXwxFcDf42GJr19CVBihvNYkrt9KLe
-tZt/55wBeVcUlOKO+VY0PwbBPOEqebTEJgUkDBi9ibpMCMBZIq7bc1FYhMaEE45u
-4KYzYWOsrQkLMDcOvgTgs7lcDV6NAjCnAX6ELY8IZsISVnF37fI6uQHKgehtpAiR
-6iXQwJCuXBpg3omADbL+QDAunZ3tW01AQGDG6JnHm1fZfr8E6tT4e4ISXNPHqaRy
-Ll/UiZQXaL2YG+7miinYveHav5OUgysx5r8Z9a/P2LbLpa/NLTmmN0ZZUYYN4BP8
-D4qk3wh3yDgesPvCD/k2LGwOJMfQbtlpLe7O4oqMrV5SwHXtw2vO3OeLBgiGEqaC
-dYYv3Po/8DJrzeqHvf0iL1MKGvzfX1swLIuWCf0W71a0KGKh3dO5rmYfxxnfl7k3
-Vl/HEfKO6e4aeEo7i9iKAoqsUtDOLMh9BLtobcfSxxFFh+/WyNaxIcnKaEt9+18R
-XYVlcjVLZB6RmnqTG2OQ1p7Ybkgcg+LA9QuD2x4BWjkIc9CeeaUJ/HIJ/qGSt74E
-iLmlKU5ouvhMUa7OqCGbbuVUgbp02pKXOyanb+g7h4ckwGu5NV3c7GMCAwEAAaOB
-6TCB5jALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUXc7i
-WhQLYuA4E8MkC+NTZhTKNtswRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NlcnRh
-dXRoLmVudGUucmVnaW9uZS5lbXIuaXQvUkVSUm9vdENBMDEuY3JsMBAGCSsGAQQB
-gjcVAQQDAgEAME8GCCsGAQUFBwEBBEMwQTA/BggrBgEFBQcwAoYzaHR0cDovL2Nl
-cnRhdXRoLmVudGUucmVnaW9uZS5lbXIuaXQvUkVSUm9vdENBMDEuY2VyMA0GCSqG
-SIb3DQEBCwUAA4ICAQCgJx95fgRaLtofYXI7KI3IGxTLdkHUP9RA22zy27oUzYDM
-cLCgq4njqbPv2akadMV/kdScTsIrpGVDJrYyTYMafR2hFpHIX0NBaqf0QUu7nn6v
-bNjtG2XQd/6t8MdL8O/p7ThiSdmgEToX5lMDGGTbDPFiV0Uh8kbUvmxY3kOI1BDJ
-+k6Rp1lzYZnGIIxFB0dp7GqfhY/wNkjuU3XSloBmAC357mrpUiu1hDDXddzF2wYa
-QvBbRpie7ApINL4UB8803bPrxGwYmH9YNAgV+XspZaFoGi7UkJSwFN4LZl2OQQ8U
-El2KGehnkXEonn3aE5dz7aORWZa1VkSOAzYKptO7LsaeJ95xNco3QrTDmijL+UU7
-GplqojjVZOYO+6SIJwSCUNDD+YTwEf4z9YL3pbMD/U0qKGY+62jU/tK9cIWyXPAE
-WS568FGaHqbT67Pyy1mvvl583DtoQ9pSw3P5QY6aYfR7dRHfcySMi4VVoJ/iaZ+S
-LX+LWkiatCFoIt7H9KXQWXmjmq0V0eijXvLitZfvJ389sSRvUAM5cbVvdre/+KT5
-3qyG0Ms0gwq9hFSli6irN6mYVTho5cNyYb3NhU3Bhg88Hk3p028pAvTu5xoqpRmD
-btvOyBxXvaBh8nT5vrXEKUWu9PpD7Qgwi7Uj4MCOOZQS9SgVstgRVy7Hq7eT4A==
------END CERTIFICATE-----
diff --git a/pom.xml b/pom.xml
index f3cc814..0baac84 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
4.0.0
verifica-firma-eidas
- 1.21.1-SNAPSHOT
+ 1.22.2-SNAPSHOT
${packaging.type}
Verifica Firma EIDAS
Progetto per effettuare firme e validazioni con librerie DSS (EIDAS)
diff --git a/src/main/java/it/eng/parer/eidas/core/bean/CommonsDataHttpClient.java b/src/main/java/it/eng/parer/eidas/core/bean/CommonsDataHttpClient.java
index c0e55d2..62e52a1 100644
--- a/src/main/java/it/eng/parer/eidas/core/bean/CommonsDataHttpClient.java
+++ b/src/main/java/it/eng/parer/eidas/core/bean/CommonsDataHttpClient.java
@@ -1,3 +1,19 @@
+/*
+ * Engineering Ingegneria Informatica S.p.A.
+ *
+ * Copyright (C) 2023 Regione Emilia-Romagna
+ *
+ * This program is free software: you can redistribute it and/or modify it under the terms of
+ * the GNU Affero General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License along with this program.
+ * If not, see .
+ */
package it.eng.parer.eidas.core.bean;
@@ -763,8 +779,9 @@ private HttpClientConnectionManager getConnectionManager() {
final PoolingHttpClientConnectionManager connectionManager = builder.build();
connectionManager.setDefaultConnectionConfig(connectionConfigBuilder.build());
- LOG.debug("PoolingHttpClientConnectionManager: max total: {}", connectionManager.getMaxTotal());
- LOG.debug("PoolingHttpClientConnectionManager: max per route: {}", connectionManager.getDefaultMaxPerRoute());
+ LOG.atDebug().log("PoolingHttpClientConnectionManager: max total: {}", connectionManager.getMaxTotal());
+ LOG.atDebug().log("PoolingHttpClientConnectionManager: max per route: {}",
+ connectionManager.getDefaultMaxPerRoute());
return connectionManager;
}
@@ -782,22 +799,22 @@ private SSLConnectionSocketFactory getConnectionSocketFactoryHttps() {
final TrustStrategy trustStrategy = getTrustStrategy();
if (trustStrategy != null) {
- LOG.debug("Set the TrustStrategy");
+ LOG.atDebug().log("Set the TrustStrategy");
sslContextBuilder.loadTrustMaterial(null, trustStrategy);
}
final KeyStore sslTrustStore = getSSLTrustStore();
if (sslTrustStore != null) {
- LOG.debug("Set the SSL trust store as trust materials");
+ LOG.atDebug().log("Set the SSL trust store as trust materials");
sslContextBuilder.loadTrustMaterial(sslTrustStore, trustStrategy);
}
final KeyStore sslKeystore = getSSLKeyStore();
if (sslKeystore != null) {
- LOG.debug("Set the SSL keystore as key materials");
+ LOG.atDebug().log("Set the SSL keystore as key materials");
sslContextBuilder.loadKeyMaterial(sslKeystore, sslKeystorePassword);
if (loadKeyStoreAsTrustMaterial) {
- LOG.debug("Set the SSL keystore as trust materials");
+ LOG.atDebug().log("Set the SSL keystore as trust materials");
sslContextBuilder.loadTrustMaterial(sslKeystore, trustStrategy);
}
}
diff --git a/src/main/java/it/eng/parer/eidas/core/bean/CustomDataLoaderExt.java b/src/main/java/it/eng/parer/eidas/core/bean/CustomDataLoaderExt.java
index d2d90cd..e34cc51 100644
--- a/src/main/java/it/eng/parer/eidas/core/bean/CustomDataLoaderExt.java
+++ b/src/main/java/it/eng/parer/eidas/core/bean/CustomDataLoaderExt.java
@@ -120,7 +120,7 @@ default byte[] customLdapGet(String urlString) {
/* apache dataHttpClient management */
default byte[] customPost(String url, byte[] content) {
- logger().debug("Fetching data via POST from url {}", url);
+ logger().atDebug().log("Fetching data via POST from url {}", url);
HttpPost httpRequest = null;
// The length for the InputStreamEntity is needed, because some receivers (on
@@ -156,6 +156,8 @@ default byte[] customPost(String url, byte[] content) {
}
default byte[] customHttpGet(String url) {
+ logger().atDebug().log("Fetching data via GET from url {}", url);
+
HttpGet httpRequest = null;
try {
@@ -189,7 +191,7 @@ default ContentType toContentTypeExt(String contentTypeString) {
public Logger logger();
/*
- * define standard getter & setter (inherint from {@link CommonsDataLoader})
+ * define standard getter & setter (inherit from {@link CommonsDataLoader})
*/
public byte[] execute(final CloseableHttpClient client, final HttpUriRequest httpRequest) throws IOException;
diff --git a/src/main/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationImpl.java b/src/main/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationImpl.java
index 857a359..be1f4b9 100644
--- a/src/main/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationImpl.java
+++ b/src/main/java/it/eng/parer/eidas/core/service/CustomRemoteDocumentValidationImpl.java
@@ -45,6 +45,11 @@
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.FileDocument;
import eu.europa.esig.dss.model.InMemoryDocument;
+import eu.europa.esig.dss.pades.validation.PDFDocumentValidator;
+import eu.europa.esig.dss.pdf.IPdfObjFactory;
+import eu.europa.esig.dss.pdf.ServiceLoaderPdfObjFactory;
+import eu.europa.esig.dss.pdf.modifications.DefaultPdfDifferencesFinder;
+import eu.europa.esig.dss.pdf.modifications.DefaultPdfObjectModificationsFinder;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.policy.ValidationPolicyFacade;
import eu.europa.esig.dss.policy.jaxb.Level;
@@ -636,6 +641,10 @@ private SignedDocumentValidator buildValidator(DSSDocument signedDocument,
signedDocValidator.setIncludeSemantics(dataToValidateMetadata.isIncludeSemanticTokenValues());
//
signedDocValidator.setCertificateVerifier(verifier);
+
+ //
+ disablePDFComparisonsCheck(signedDocValidator);
+
log.atDebug().log("Signed Document Validator created class name: {}",
signedDocValidator.getClass().getName());
return signedDocValidator;
@@ -646,4 +655,32 @@ private SignedDocumentValidator buildValidator(DSSDocument signedDocument,
}
+ /*
+ * PdfObjectModificationsFinder customization
+ *
+ * check :
+ * https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html#DisablingPdfComparison
+ */
+ private void disablePDFComparisonsCheck(SignedDocumentValidator signedDocValidator) {
+ if (signedDocValidator instanceof PDFDocumentValidator pdfDocumentValidator) {
+ // Create a IPdfObjFactory
+ IPdfObjFactory pdfObjFactory = new ServiceLoaderPdfObjFactory();
+
+ // Configure DefaultPdfDifferencesFinder responsible for visual document comparison
+ DefaultPdfDifferencesFinder pdfDifferencesFinder = new DefaultPdfDifferencesFinder();
+ // NOTE: To skip the visual comparison '0' value should be set
+ pdfDifferencesFinder.setMaximalPagesAmountForVisualComparison(0);
+ pdfObjFactory.setPdfDifferencesFinder(pdfDifferencesFinder);
+
+ // Configure DefaultPdfObjectModificationsFinder responsible for object comparison between PDF revisions
+ DefaultPdfObjectModificationsFinder pdfObjectModificationsFinder = new DefaultPdfObjectModificationsFinder();
+ // NOTE: To skip the visual comparison '0' value should be set
+ pdfObjectModificationsFinder.setMaximumObjectVerificationDeepness(0);
+ pdfObjFactory.setPdfObjectModificationsFinder(pdfObjectModificationsFinder);
+
+ // Set the factory to the DocumentValidator
+ pdfDocumentValidator.setPdfObjFactory(pdfObjFactory);
+ }
+ }
+
}
diff --git a/src/main/java/it/eng/parer/eidas/core/util/Constants.java b/src/main/java/it/eng/parer/eidas/core/util/Constants.java
index 91e7d0a..3e1106f 100644
--- a/src/main/java/it/eng/parer/eidas/core/util/Constants.java
+++ b/src/main/java/it/eng/parer/eidas/core/util/Constants.java
@@ -41,6 +41,7 @@ private Constants() {
/* default error message on advice handler */
public static final String STD_MSG_APP_ERROR = "Errore applicativo";
+ public static final String STD_MSG_APP_WARN = "Avviso errore";
public static final String STD_MSG_GENERIC_ERROR = "Errore generico";
public static final String STD_MSG_VALIDATION_ERROR = "Chiamata non valida";
diff --git a/src/main/java/it/eng/parer/eidas/web/config/AdviceHandler.java b/src/main/java/it/eng/parer/eidas/web/config/AdviceHandler.java
index 035c9bf..a5436d3 100644
--- a/src/main/java/it/eng/parer/eidas/web/config/AdviceHandler.java
+++ b/src/main/java/it/eng/parer/eidas/web/config/AdviceHandler.java
@@ -18,8 +18,10 @@
package it.eng.parer.eidas.web.config;
import static it.eng.parer.eidas.core.util.Constants.STD_MSG_APP_ERROR;
+import static it.eng.parer.eidas.core.util.Constants.STD_MSG_APP_WARN;
import static it.eng.parer.eidas.core.util.Constants.STD_MSG_GENERIC_ERROR;
import static it.eng.parer.eidas.core.util.Constants.STD_MSG_VALIDATION_ERROR;
+import static it.eng.parer.eidas.model.exception.ParerError.ErrorCode.EIDAS_ERROR;
import java.util.Arrays;
@@ -62,8 +64,14 @@ public class AdviceHandler {
@ExceptionHandler(EidasParerException.class)
public final ResponseEntity handleEidasParerException(EidasParerException ex,
WebRequest request) {
- // log error
- log.atError().log(STD_MSG_APP_ERROR, ex);
+ // log code based
+ if (ex.getCode().equals(EIDAS_ERROR)) {
+ // log warn
+ log.atWarn().log(STD_MSG_APP_WARN, ex);
+ } else {
+ // log error
+ log.atError().log(STD_MSG_APP_ERROR, ex);
+ }
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
return new ResponseEntity<>(RestUtil.buildParerResponseEntity(ex, request), headers,
diff --git a/test b/test
deleted file mode 100644
index 180cf83..0000000
--- a/test
+++ /dev/null
@@ -1 +0,0 @@
-test2